UCP for remote users


#1

What’s the recommended method to allow users to access the UCP when working from home with dynamic public IP’s?


(Sholinaty) #2

my suggestion would be “Dont”

exposing your PBX to the world is usually a bad idea.

having a VPN to get onsite, and then accessing UCP is much safer.

then you only have to open your sip/rtp ports (5060, 10000-20000 typically) to the world, and even those you can ip-limit to your sip trunk providers.

OpenVPN is amazingly easy and cheap to implement for this use-case.

How many remote users do you have?


(TheJames) #3

I would say users working from home should probably be on a VPN for work related stuff like ucp.
You can expose it in general, go with a vpn or do some other voodoo.

One setup I had would automatically whitelist the ip when a phone registered. This isn’t super secure but wasn’t overly complex either.


(TheJames) #4

You could also consider cloudflare for this


(Jared Busch) #5

I used ZeroTier for this at a site that wanted more open access for users.
I added the ZeroTier IP to public DNS.

pbx.domain.com was the real IP in DNS
ucp.domain.com was the ZeroTier IP in DNS.

Users would use ucp.domain.com to sign in to things. Obviously, the users had to have ZeroTier installed on their device.

They had their own wildcard cert, so I did not worry about SSL. I am not sure how the built in LE process handles the extra subject names. I know it has the box for it, but never tested it.


(system) closed #6

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.