I’m in the process of ‘playing’ and learning about FreePBX. I’m new to phone systems in general. So far, I’ve got FreePBX installed and I have 2 Cisco SPA 504G phones to use. I went ahead and purchased CM Endpoint Manager and I’ve got a phone template set up for the SPA504Gs, local networks configured/trusted, extensions created, phones assigned, etc. and the phones autoprovision via TFTP and they work! I can call each extension, use voicemail, DTMF is working with a test IVR, I have an outbound route set up with a prefix that isn’t used with any trunks yet, etc. I’ve only used PJSIP so far w/ port 5060 (default).
Here is my network layout for FreePBX
-172.16.1.1/24 pfSense LAN1
-172.16.1.4 FreePBX interface (only interface on server)
-172.16.200.1/24 pfSense LAN2
-172.16.200.101-254 DHCP range on LAN2 for testing phones, with option 66 to point to FreePBX TFTP
- +WAN gateway on pfSense, ex. 220.127.116.11 public IP (not mine, just picked random for example)
**To keep it simple, all LAN to LAN traffic is currently allowed…
I’d like to test out connecting a few phones into the FreePBX from outside of the local network. If I use FreePBX for a production solution, I’ll have to accommodate 10 remote SOHO users. For site-to-site, I would simply use VPN tunnels, and allow them to communicate through the LAN to FreePBX (like trusted).
I’m not quite sure how the phones connect to the PBX yet, but I thought that the details must be in the TFTP config- which comes from the phone template/mapping? The details being username/secret and SIP gateway?
I will need to figure out how to manually update these “soho remote” phones with the WAN gateway, find out what will need updated in the phones, and then how to configure FreePBX side to allow connections from WAN, only certain extensions/users or templates if possible, set up port forwards UDP 5160, RTP 10K-20K from WAN IP to FreePBX LAN IP, …should I use TLS/SRTP, etc… so many things. I think one option for configuring phones would be through their web interface they’ve got…
My question is, even if I can get “soho remote” phones working and get a good understanding of how and why it works- is it safe? I’m not sure how I would connect these remote users otherwise, unless I sent them all VPN boxes to put behind their routers, or purchase phones capable of tunneling or OpenVPN…
-How to configure phones for remote users without TFTP?
-What will need configured on phones?
-What will need configured on FreePBX to allow them after setting up port forwards from router WAN IP?
-Is it safe for them to hit WAN IP without VPN relying on port forwarding?
I know this is sloppy, but I’d appreciate any guidance/advice. Thank you…