Openvpn using self signed certificate


Is it possible to connect/register softphone clients and handphone clients to FreePBX using openvpn if i am using self signed certificate ?
Softphone will be linphone and OS will be android/Windows.

  • Do i need a certificate signed from trusted root CA ?
  • Possible with free modules in freepbx or any module needs to be purchased.

my priority is softpones hardphones are optional.

Sure you can use a self signed certificate, but that means either distributing and installing your self signed root cert on end devices, or not using certificate checking (and making yourself more vulnerable to man in the middle attacks).

The middle ground is a free letsencrypt cert, which assuming you can either expose your freepbx box port 80 or proxy the http challenge to the box takes moments to create.

To use the self managed OpenVPN integration, you need the commercial sysadmin module.
If you want to roll your own openvpn setup, sky’s the limit (but so is the complexity).

1 Like

I recommend self signed. If you go with LE, it has a short expiry so auto-renewal is a must. You’ll have to wait for a cert to be up for renewal to even test it. Many things unrelated to FreePBX (router/firewall, domain registrar, etc.) can break it.

With self-signed, you can set a 10-year expiry; when that happens it will probably be someone else’s headache. The CA cert doesn’t have to be ‘installed’ anywhere; just include it in the .ovpn files you distribute.

The FreePBX Distro has OpenVPN already installed. You just need to create config files for the clients and server, not different from any other Linux system. There are many guides available.

1 Like

Pretty sure the OP wasn’t talking about the certificate for the OpenVPN server, which does get automatically created by the server when you go to configure it in the Sys admin module.

Pretty sure he was referencing the SSL certs that FreePBX uses to encrypt various other functions (ie. access to the web interface and communications between the Sangoma Talk client and the PBX).

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.