Setting up phone through DDNS

freepbx
configuration
Tags: #<Tag:0x00007fafd32fe498> #<Tag:0x00007fafd32fe330>

#1

Happy New Year, everybody!

I have an Asterisk system running on FreePBX in my office. I used to have a VPN connection from my home to the office, and was using an Aastra phone at my home, connected to the Asterisk server through the VPN connection. That was not without problems, but it worked. We had to replace the firewall in the office with a different one, and so far I have not been ale to set up a VPN connection between my home and my office, so the phone is currently nothing more than a glorified paper weight.
So, I decided to see if I can set the phone in my home up to connect directly to the Asterisk machine.
First order of business: make the server accessible from the outside. I set it up with a DDNS and I have a FQND now for the asterisk server, and I can ping it. So, that seems to be OK.
Second: Set up the phone to connect to the Asterisk server. This is where it gets tricky, I think. the phone gets an IP address from my home server (which is on a different segment than the office network). I left it that way, but replaced the internal IP address I used before with the FDQN name I have now, then rebooted the phone.
Result: the phone seems to get stuck for a while on various settings (with an option to skip), then seems to connect for a second or so, but then switches to “No Service”. The Asterisk log file shows nothing related to the phone, so I assume that there is no connection.

How do I have to set up the phone for this to work? I suppose I need an IP address from my home system so that the phone IP traffic can be routed at my home, right?

Is what I am trying to do even possible?


#2

Let me make a few clarifications.

  1. My home network is a Windows network (small business server) running on 192.168.0.x
  2. My office network is also a Windows network (running on a newer version of MS server), network segment 192.168.20.x
    the two networks were connected with a VPN tunnel between the 2 firewalls at the 2 locations, i.e., all resources on both sides were available on both sides.
    the VPN tunnel is not possible (at least for now), so I have to find another way to connect the phone.
    The phone is set up for DHCP (DHCP server is my home firewall)
    I don’t see how I can connect to the Asterisk/Freepbx server. it is a member of the office network (192.168.20.35), but I cannot reach it from the phone.
    I am unclear on how the registration process works. Obviously the phone needs an IP address of the home network, so it can connect to the internet.
    Then it needs to connect to the Asterisk/Freepbx server. but I am not clear how that process happens. I can provide the phone with the FQDN of the office server, but the server will not anything pass without UserID and password, which I can’t provide through the phone. There are various places where I need to enter the IP address of the asterisk/freepbx server, but if the phone is not part of the network, how can it reach the server?

#3

port forward the SIP and RTP ports in your business to the PBX, set up a ddns account on your home router whitelisted in the freepbx firewall and while you’re in the PBX firewall make sure everything is locked down only two allowed IP addresses or ddns addresses disable random internet connections to everything and since you’re not using responsive firewall disable it, also in the extension settings / advanced NAT mode should be set to yes


#4

Based on your earlier posts, I am assuming that you are in the US and have Comcast internet service at both locations.

If the VPN connection between home and office had important functions that were not phone related (accessing documents, spreadsheets, CRM, customer accounts, etc.), then fix the VPN and the phone will start working again. Office firewall make/model? Home firewall make/model? What kind of VPN did you have?

Next choice, if the new office firewall can’t be a VPN server, you could forward a port (UDP 1194 by default) to the PBX and run an OpenVPN server there, with the client on your home firewall or on your home server. The phone should then work fine with its old settings.

Next choice, if the new office firewall allows you to forward UDP port 5060 (SIP) to the PBX but restricting the forward to your home’s address, that’s a bit safer and simpler than doing it in the PBX firewall. However, if your home IP changes, it will stop working until you update the firewall. If you typically keep the same IP for years, that might not be much risk.

Regardless of the approach, consider setting up the PBX so your calls are forwarded to your mobile, if the home phone is unreachable.


#5

if you want to use the freepbx openvpn you need to pay for sysadmin pro $25 and by default you will not have access to the LAN of the PBX with freepbx openvpn server


(system) closed #6

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.