So I have been working in networking for many years and have been using FreePBX for more than 5 years and manage several PBXs. I have always installed each PBX behind a firewall and locked it down. I am working on a new deployment that is going to have some remote users. My two choices are:
Deploy behind a firewall (in this case a PFsense box) and configure port forwarding for each remote worker based on their IP or dynamic host name to allow them to connect to the PBX.
2 Connect the new FreePBX directly to the internet with a public IP and rely on the built in firewall of FreePBX.
What are the remote users going to be using for phones? If it’s Sangoma phones they support VPN connectivity, functionality is really nice and the only additional thing you would have to port forward is the OpenVPN ports to the PBX after setting up the server and deploying the configuration to the phones.
This firewall already has OpenVPN server running on it and has several clients connecting to it. I would need to set the PBX to a different port other than 1194, but it seems I read somewhere that you could not change the VPN port in FreePBX.
Not only can you change the default port to something else, it’s the second setting that you can change in the VPN server settings section, but you should change it to something random even if you didn’t already have an OpenVPN server running on the default port upstream from your phone system.