Responsive Firewall Alternative for Remote Users with Dynamic IP Address

Hi all, so I have a problem where my organization has a working FreePBX hosted on AWS. We are using a non-distro setup with (Debian OS) so we do not count on the commercial modules including the (Firewall option). My company has employed multiple remote users and it becomes a nightmare when I have to hot-swap (whitelist) their Dynamic IP Address onto the AWS basic firewall only to allow specific IP Addresses to be able to establish a SIP session, as it constantly changes all the time I thought about scripting this process but that more easily said than done.

Now, I’ve seen that a built-in FreePBX Responsive Firewall would have done the trick, however, we do not have such an option. Note mentioning that our hosted FreePBX has a static IP address.

I read about creating an OpenVPN instance, however, for us would not be an option as it would include extra unnecessary expenses to create a new VPS, and AWS is not cheap at all, unfortunately :frowning: . Is there any approach you guys have done sucessfully so your remote clients with Dynamic IP Addresses can connect to your FreePBX without using a Responsive Firewall, or any other alternatives? I’ve been looking for DDNS or some sort of solution but none of them seems feasible.

I’m running out of options :confused:

Have you tried using TLS as your transport?

You can configure the OpenVPN server directly on the FreePBX instance. I currently have one FreePBX instance on AWS with OpenVPN server configured in it and the remote users connect to it with the OpenVPN client to the static IP of the AWS instance.

1 Like

Sound like I could give it a go! Do you have any documentation you followed to make it work? I’m just trying to figure out how can it be done within the same VPS. Would it be possible for your to run down how your approach works, and how the clients connect? and If there is any extra configuration needed in FreePBX? Thanks!

Add the tunnel address range, e.g. 10.8.0.0/24 to Local Networks.

Looks like you won’t have the VPN server available as sysadmin is not there either. Will have to install openvpn locally and creates users and stuff from there. There are bunch of guides out there.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.