What is the most secure way to configure this static arrangement of devices.
I have a Freepbx server running on a vps in a local data center. It has a public IP and is not behind a firewall.
I have 15 office phones at our location on their own lan which accesses the public internet via PfSense (freebsd based firewall / router)
My questions are vague and ill-informed as I’ve never had a setup like this before. So…
Do I set up each phone extension with really strong passwords on their own ports? ext. 1 = port 9001, ext. 2 9002 and so on.
What do I do about NAT in this case?
OR
Do I run openvpn on the freepbx server and setup a tunnel from my PfSense system to it?
Is there a known MOST secure way to configure this setup? I’m really not sure which direction to go here.
Any assistance would be greatly appreciated.