Remote Extensions, VPN,SSH

Hello,

My goal with freepbx is to be able to add a extension from a remote location. As well I would like to be able to configure my freepbx from the web gui in a remote location. I have read http://wiki.freepbx.org/pages/viewpage.action?pageId=4161590

and some post about this. I am still confused on a couple of things. In order to do this. Must we have a VPN set up? As of now if I take my external ip and try to connect to it I do not see the web gui. So, without a VPN is it possible to do this? Is openvpn on the freepbx distro?

Thank You,
Brian

It is generally advised to not open the web port 80 of your system.

If all you need to do is connect for remote admin tasks and don’t want to setup a VPN then you can use the SSH server.

For good security secure SSH on your machine by moving it to a port other than the default port 22 and turning off “allow root logins”. Once you do this create an admin account in Linux to login with. Once logged in you can ‘su’ back to root.

Now that you have changed the port, forward in your router tcp for that port and that port only.

Download the putty client for your PC. Connect to the system. Enable "ssh port forwarding with socks proxy’. Setup the proxy in your computer to use your PC as the socks proxy. You can now connect to any device on the local LAN segment.

Here is a better explanation.

Thank you… just for testing purpose I did forward port 80. http://externalip:80 times out. is there any other settings I need to configure?

Does it work internally? Do you have a gateway setup?

yes it works internally. I can SSH internally and connect to web gui however. SSH and Http with external ip is not working. ports are forwarded.

Update,

SSH is working externally. Pretty cool! Have a ssh client on my android phone. What about the web gui now?

Geez, in post number 2 of this thread I went into detail of how to use putty to proxy securely to http.

I don’t think you can do that on an Android and I further assert that opening http to the Internet just to get to a phone system is a terrible idea.

If it is the user portal you want to make public what about some type of reverse proxy? That’s what we use (Juniper SA series). I think PFsense can do it for free.

I got it. I don’t think I fully understood what you were telling me until your last post lol. Here is a better guide that goes into how to use that proxy with firefox. With this I can connect to all my devices even the router remotely. Perfect!

THANK YOU SCOTT!!! Never had a clue you could do this. And yes it is really cool.

link to guide

Secure and simple. Glad you got to see it in action.