Remote extension setup/security


(Paul) #1

I am trying to find some guidance on setting up and securing remote extensions. The best piece of documentation I found was this

https://wiki.freepbx.org/display/PHON/VPN+Setup#VPNSetup-SetupVPNClients

The problem with using this as a guide is that it does not allow for Configuration File updates, Firmware Updates, and VPN cert updates after the initial setup. Also it does not allow for full initial remote provisioning.

It would appear that the only way I can get full support for remote extensions is to put my PBX in a DMZ or forward all the required ports from my public IP. Being brand new to FreePBX I don’t have skills to monitor for security issues and want to keep things as simple as possible initially. I am using Sangoma’s phones and was hoping the Zero Touch Configuration might offer help with secure remote provisioning but that does not appear to be the case. I would appreciate any thoughts or comments


(Paul) #2

I will partially answer this myself. After further checking it does appear that it is possible to setup remote extensions with full provisioning functionality via VPN. I have been partially successful getting this to work by forwarding port 1194 to my PBX. The test phone is not fully functional but it is getting there. I have yet to find a guide that covers all the possible details. There is discussion of needing to forward port 83/84 as well. Perhaps someone can add some helpful comments.