Remote extension access

I have a number of users (some of them not very IT literate) who I need to be able to use FreePBX to make calls.

The requirement is that the solution must allow them to be mobile so no static IPs.

How dangerous would it be to open the UCP port and allow users to use the softphone in the UCP?

Alternatively, how well do apps like linphone play with the responsive firewall?

None of them need to be able to receive calls, just make them.

Why don’t you implement the Sangoma provided applications Sangoma Desktop and Sangoma Talk for them?

1 Like

Thanks for the speedy reply.

Primarily because the documentation for them seems to be mainly 404 and as far as I can see from the few links that do work they require Sangoma Connect.

The pricing of Sangoma Connect is way beyond what the small charity I work for could afford.

We chose FreePBX because it is free, ideally I would like to find a similar solution to allow field workers to make calls.

The documentation page works for me currently but I don’t have a better suggestion for you.

I don’t like opening up UCP to the world mostly for security reasons but that doesn’t mean that you won’t have the time and the knowledge to properly implement and secure everything and keep it running for years to come.

For us spending the $25/year/user is worth it as that means we don’t have to spend time on trying to implement, deploy and maintain another solution.

Somebody else here though might have a better suggestion for you that would fit your budget and skill level to implement and maintain.

Thanks for your further reply.

This is precisely why I opened the thread. There are lots of posts about “security reasons” but, as far as I can see, no explanation of why it is insecure. Is there somewhere that these security risks are documented?

Because of the minimum licence requirement, for us it would be £125 (GB) per person per year just to allow maybe one call a fortnight. That’s effectively £5 per call which is not something we could justify.

I think it is simply the size of the exposure surface, rather than the quality of it, that worries people.

@david55 is correct here. It’s simply a cost/benefit analysis. Opening up the ports to the world to be able to access simply gives malicious actors something to work against. There might be no known problems today that somebody could exploit to get in but what are the chances that over the lifetime of a system years from now something is discovered and used to breach a system? Multiply that by however many installations you have and there is your reason for leaving open only the stuff that has to be open for functionality of the system.

I understand that, my issue is in quantifying the “cost”.

What needs to be open for the UCP (and built in softphone) to work outside the network? And what are the risks of those ports being open?

Only when one understands the costs can one weigh them against the benefits.

Everyone’s costs are different. You need to figure out for yourself how much it would cost you if somebody exploited a system that you were responsible for.

Opening up UCP exposes the web server that’s running on your phone system to the outside world.

You take it from there.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.