I first want to apologize if I don’t have this in the correct category Our company is currently running on Trixbox and I am in the process of creating our new FreePBX system. Unfortunately, I was not part of the initial setup of our Trixbox system but I have the sole responsibility of upgrading to FreePBX. My question resides on how to address external users for connection to the FreePBX server. Our current process is through opening ports using the iptables however this can be fairly intensive even for smaller company due to home users getting a new IP address. Our phones currently connection using FTP and I understand that FreePbx default method is through TFTP. I am looking for some design suggestions for a more efficient way of supporting users not on our network while still maintaining an acceptable level of security above the secret. Thanks again for your time.
TFTP isn’t going to work for external users, and FTP isn’t secure (unless, as you’ve discovered, you allow only certain IP addresses, and then DHCP causes you to chase your tail).
The good news with FTP and DHCP is that once a client’s IP address changes, they’ll use the last known configuration settings, so IF NOTHING CHANGES you don’t need to load the configuration every time.
And my good friend Google says that setting up FTP(s) and/or HTTPS isn’t as easy as it sounds.
I use FTP to LAN IPs only, so I can’t help you with specific examples of what secure transfers work.