Remote Access to On-Site FreePBX Where to Start


(Big Joe) #1

Hi,
Given the current virus issues, we are preparing the need for workers to work from home.

We can do this, the only problem we have is our onsite phone system and giving people at home remote access to this.

We are a small business only 10 phones on our local LAN, we have an Untangle firewall the sits between the LAN and the outside.
We currently have no remote access facility to our local network, we don’t need it. (not until now)

I am looking for help or suggestions where we should start looking to give remote access to only the FreePBX so that people can have a phone at home they can link to the on-premises FreePBX.

Read a lot of horror stories about FreePBX getting hacked, so I could really do with a bit of help in these challenging times.

We are FreePBX 14 and Sangoma phones.

Thanks

BigJoe


(Kapil Gupta) #2

Hi @BigJoe You can use phone vpn to connect to FreePBX VPN server.

Sangoma Phones can be easily configured to use VPN using Endpoint Manager which is free for Sangoma phones and Restapps can be used as well for HotDesking feature.

just fyi - https://wiki.freepbx.org/display/PHON/VPN+Setup


(Moussa) #3

Consider follow me https://wiki.freepbx.org/display/F2/Follow+Me+Module. You can have your staff’s personal cell phone or home phones ring when their office phone get calls. I use Fixed CID Value and put my business phone number so I know this call is coming from my PBX and not a random telemarketing.

If you are planning to give your staff IP phones to use at home, then:

  • Turn FreePBX Firewall on. Whitelist the external phones IP in Firewall >> Networks
  • Turn Intrusion Detection (fail2ban) on .
  • I think you need to provider public IP to your FreepBX so that external phones can register to your FreePBX. If you have router/firewall in front of your FreePBX, it will be good to only allow external IP phones to reach your PBX. This way IoT will not scan / find your server.

#4

I would recommend trying a Bria Softphone instead of call forward

We currently have multiple team members with Bria phones on their cell phones with TLS and SRTP and it works great

No need to open ports – other than TLS (which i assume is already open) – allows you to have your extension where ever you are in real time – for both inbound and outbound calls – as well as transferring calls between extensions etc…

It basically adds your extension to your cell – or desktop computer – and provides you with all the same benefits

In addition as opposed to other solutions the bria includes push technology (for your cell) which allows you to close the app on your cell phone and if a call comes in – it automatically wakes up - thus extending battery life significantly

To set this up – just make sure you go into your extension – then advances and increase the max contacts to whatever number of simultaneous devices need to share an extension (actually you should probably use N+1 just to always make sure you have room for more devices)


(Big Joe) #5

Thanks everybody.
We got the VPN server working, it was surprisingly straightforward.
Set it all up, opened UDP 1194 on the firewall, provisioned the phones locally with the VPN setup and then took them off site.
Plugged them in and they connected fine.
Surprised how easy it was in the end and we only had to expose port 1194 on the firewall.
One last question is there anything I should be keeping my on in terms of suspicious activity? Or is just forwarding 1194 to FreePBX fairly secure?

BigJoe


(system) closed #6

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.