Since I’ve moved to using cloud PBX’s (FreePBX Distro) I’ve always set up a site to site VPN from the local router to the PBX (StrongSwan) for the phones. I arrived at this method because without the VPN the phones all registered with the PBX using the local router’s IP and mac which of course caused all sorts of issue routing calls etc…
Installing a new system and the local IT guy is insisting that a VPN isn’t needed and that he’s done dozens of phone systems with cloud PBX and never had to do anything special with VPNs, (even phone based OpenVPN) and everything worked fine.
It’s quite possible I’m missing something or have a lack of understanding on how it all works but I don’t see any way that this would work, even with NAT, without some way of having the PBX be able to identify the distinct phones and their individual IP/Mac addresses.
So my question is, can SIP work properly with multiple phones/extensions behind a firewall connecting to a cloud PBX without any VPN?
just found this article…
essentially it’s saying to simply use unique sip ports for each extension that is behind the NAT firewall. Would this eliminate the need for a VPN when multiple phones are connecting to a cloud PBX through a single firewall with NAT?
None of this is required or needed. I have dozens of locations with 75+ devices behind NAT and I have no VPN’s or nor did I have to set each of those 75+ devices on unique ports.
So here’s the history…
When I first started using cloud based PBX (Vultr) I had issues where the phones would register and be fine for while than lose their connection/registration on the PBX. I tried all sorts of router configs with SIP ALG, without SIP ALG, different NAT settings on the PBX and nothing seemed to make it work reliably.
When looking at the PBX I saw all the phones registered with the local router’s exernal IP and mac and figured that there was some kind of routing issue because of that.
So I set up a VPN from the router to the PBX and all the problems went away.
So now my question is what was the initial problem?
What NAT settings do you use on your extension settings?
“None of this is required or needed. I have dozens of locations with 75+ devices behind NAT and I have no VPN’s or nor did I have to set each of those 75+ devices on unique ports.”
what phones are you using? are you using secure sip (TLS & SRTP)?
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.