FreePBX OpenVPN as Client

Hay PBXs

PBX Version: 16.0.30
PBX Distro: 12.7.8-2208-2.sng7
Asterisk Version: 18.15.1
SysAdmin Pro

My FreePBX is (on a cloud), and I also have Voip Gateway (GoIP) on my local network. I created the trunk from the PBX to the gateway by port forwarding, and it’s working fine.

However, I don’t feel this setup is safe, so I want to create an OpenVPN connection from my PBX to my home router. Where the only port forwarding enables is the OpenVPN port.

so my question

Is this even possible?
And if yes

Can I do this from sys admin pro vpn, as all the tutorials I read pulse wiki show me how to use the OpenVPN ad server for the endpoint, not how to use FreePBX OpenVPN as a client to connect to an OpenVPN server

If you have an idea for a better solution, that would be great to hear

What you are doing seems weird. Normally, the GoIP would register to the cloud PBX. The frequent registration renewals and/or keepalives, along with qualify (OPTIONS) requests from the PBX should keep the NAT association open and no port forwarding should be required. You can then confirm that the GoIP cannot be reached from other IP addresses.

However, regardless of how you deal with this issue, if your SIMs are postpaid, a hacker that gains control of the PBX (not the GoIP) could run up a huge bill on your account. The GoIP may have settings to block international calling, or your mobile operator may be able to set that up for you.

AFAIK FreePBX has no features (free or paid) for setting up VPN client. If you still believe that you need a VPN, set up the GoIP end as a client and the PBX as the server. Or, if you really want to do it the other way around, read up about setting up a VPN client on CentOS.

Dear @Stewart1 ,

How the PBX Trunk can connect to my public IP → GoIP private IP without (PF or DMZ). Or did I get something wrong?

I understand from your explanation that keeping alive etc., from GoIP to PBX will allow the connection, but can PBX handle the NATing to my private IP ( I guess I will give it a try ) and update you.

Regarding the SIMs, I am only allowed to make local calls within a few minutes; I’m more afraid of scams running from my number than a hefty bill.

GoIP only has PPTN, which well know insecure protocol, and goip seems very insecure in appliances in general.

My idea is to make the PBX and goip interact with each other as if they are in the same LAN network, and I want to do that by VPN. I don’t know if I’m crazy or not, but I will try. as I remember, I built an OpenVPN server before in my office and all client was bridge to the network with local IP

Yes, the PBX trunk should be set up to receive registration and the GoIP should be set up to register, e.g. every 120 seconds to keep the NAT open. Any SIP port forwarding should be removed, but you may still need to forward the RTP ports.

The trunk setup can be like this:

Trunk Name: GoIP (this will be the username on the GoIP side)
Secret: (same as you set as SIP password in the GoIP)
Registration: Receive
Authentication: Both (or as required by the GoIP)
Match Inbound Authentication: Auth Username

Next, set up the GoIP to register and confirm that it does. Once that is working you can test calling in and out.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.