VPN, SBC and Old ATA's

Hello guys. Newbie here. I’ve been seeing for a while some solutions for remote extensions. For example SBC as a solution for 3CX remote extensions and VPN for Freepbx. All of these with a certain complexity level. But I remember in the past when I got a DID from a VoIP provider and used only a Linksys PAT2T with login and password, one analog phone and some simple additional settings. What’s the difference between these solutions?

Level of complexity and, to some degree, security.

An SBC is an extra piece of hardware or software that sits at the edge of your network and permits SIP traffic in or out (in simple terms). Not strictly necessary… the PBX can face the Internet just fine.

VPN gets you through your firewall in a network tunnel and then you connect to the PBX as if you were a local client. May be straightforward or difficult depending on your familiarity with VPN.

You can connect remote extensions directly to FreePBX without either VPN or SBC. Think about it–this is the same protocol you are using to connect directly with your VoIP service provider(s). The difference is that you make an allowance on your firewall, and add a NAT rule (assuming NAT) that permits traffic from the Internet to reach the PBX.

As far as the how-to on any of the above, much has been written in this forum and there’s help on the FreePBX wiki.


Thanks a lot Billsimon. I really appreciate that!

We currently support several locations remote analog phone plugged into a Cisco SPA112 ATA, via a VPN to our company office FreePBX 14+ virtual machine. The ATA port 1 has PJSIP extension # and password set, with the SIP server being the IP of our company FreePBX VM. Remote site has a Cisco RV042 router (or something similar) and a site to site VPN (Gateway VPN) setup. Works great.

Make sure that your VPN and firewall rules on both sides allow the traffic between the . Unless you have a locked down network access ruleset, likely VPN traffic is pretty open.

Do be sure to add the VPN networks to your FreePBX allowed network IP ranges, otherwise FreePBX will block the traffic.

No SBC necessary in our environment. Our company firewall/router has a few rules to provide NAT Port Forwarding and allow access only to/from our SIP Trunk providers range of addresses. The router setup for your SIP PBX can be a bit tricky. Once done, it is done.

If this is what you are trying to do, then happy to give some advice.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.