When we started rolling out Asterisk/FreePBX (FreePBX distro - currently a mix of 5.211.65 and 6.12.65), we made the decision to not open the boxes up to the Internet. We have been using softphones over a Cisco client VPN connection for all one-off remote users and site-to-site Cisco VPN tunnels for remote offices. This has worked well but we are getting more and more requests for desktop handsets for some remote users and have not settled on a solution yet.
As you can see, on the networking side, we are a Cisco shop and, for good or bad, that is out of my hands. From what I’ve found, outside of Cisco handsets, OpenVPN is the most supported solution with VoIP handsets. Talking with several others about handsets with built-in VPN support, Snom has been recommended to us and I have several in-house now to test with.
Before I get started and re-create the wheel, I want to air-out my plan in the forum and let y’all poke any holes in it that you might see. Here’s a bird’s eye view of what I’m thinking -
Install OpenVPN on the FreePBX box.
Configure OpenVPN and Snom phones (following guides I have found in the forum)
Open ports in our ASAs for open VPN (UDP 1194 for what I see at a quick search)
Am I missing anything obvious?
I see that OpenVPN can be used for Schmooze support, will installing and configuring for remote phones cause any issues with this?
Any gotcha’s that anyone has run across doing this?
Is there a better way than what I’m thinking (without opening the FreePBX box to the Internet)?