Remote FreePBX Extension



  • I'm about to setup my first remote FreePBX extension and wanted to see if there are any better recommendations than what I'm about to implement. Here's the setup...

    • Remote user has dynamic IP address (home internet)
    • Remote extension is required for handling emergency calls outside regular business hours so user wouldn't always be sitting at a desk (making a softphone less useful and less desirable)
    • Network tests suggest that their home connection offers very low latency and should be more than good enough to support a remote VoIP extension
    • FreePBX hosted internally at the office
    • Previous attempts to use a VPN to connect the remote user to the office resulted in very spotty performance and ISP has been totally useless in helping diagnose problems. Even though they do not block ports, they offer zero support for figuring out issues and there are no other ISP choices at this user's home. We ended-up running Apache Guacamole for remote access.

    The Plan:

    • User will have a NUC that stays on all the time
    • Setup a DDNS domain for the user
    • Install a DDNS update client on the always-on NUC to update IP address as needed
    • Use firewall to restrict access to that DDNS domain

    This seems like the most appropriate approach for this user but I wanted to see if anyone had any other suggestions.

    As a secondary question, how do you secure a remote extension if user only has dynamic IP, for example, app on a smartphone.



  • @nashbrydges said in Remote FreePBX Extension:

    Even though they do not block ports, they offer zero support for figuring out issues and there are no other ISP choices at this user's home.

    It's not reasonable for an ISP to support things like that.



  • @nashbrydges said in Remote FreePBX Extension:

    The Plan:

    • User will have a NUC that stays on all the time
    • Setup a DDNS domain for the user
    • Install a DDNS update client on the always-on NUC to update IP address as needed

    What is all of this needed for? This is a lot of infrastructure for an unknown purpose.



  • @scottalanmiller said in Remote FreePBX Extension:

    @nashbrydges said in Remote FreePBX Extension:

    The Plan:

    • User will have a NUC that stays on all the time
    • Setup a DDNS domain for the user
    • Install a DDNS update client on the always-on NUC to update IP address as needed

    What is all of this needed for? This is a lot of infrastructure for an unknown purpose.

    All of this is to enable locking the firewall access. Otherwise all I have to work with is a dynamic IP. With the DDNS setup I can restrict ingress from that registered IP.



  • @nashbrydges said in Remote FreePBX Extension:

    @scottalanmiller said in Remote FreePBX Extension:

    @nashbrydges said in Remote FreePBX Extension:

    The Plan:

    • User will have a NUC that stays on all the time
    • Setup a DDNS domain for the user
    • Install a DDNS update client on the always-on NUC to update IP address as needed

    What is all of this needed for? This is a lot of infrastructure for an unknown purpose.

    All of this is to enable locking the firewall access. Otherwise all I have to work with is a dynamic IP. With the DDNS setup I can restrict ingress from that registered IP.

    Yes, but is that important? Use the responsive firewall. That's an incredible about of infrastructure to put in just for IP locking. If you are going to do all of that, why not use a VPN instead?



  • The responsive firewall generally works.

    Most issues are on mobile.



  • NTG uses a responsive firewall on its internal PBX and have very very little rare issues. Set the phones server, stun, and such and you are good to go.



  • @gjacobse said in Remote FreePBX Extension:

    NTG uses a responsive firewall on its internal PBX and have very very little rare issues. Set the phones server, stun, and such and you are good to go.

    We do see issues from time to time on new extensions. But once they start working, they tend to stay working.



  • @gjacobse said in Remote FreePBX Extension:

    NTG uses a responsive firewall on its internal PBX and have very very little rare issues. Set the phones server, stun, and such and you are good to go.

    You use STUN with the responsive firewall ? I haven’t had to use STUN for a while now, but I know a lot of people still have to use it. Just curious as to why?



  • @fuznutz04 said in Remote FreePBX Extension:

    @gjacobse said in Remote FreePBX Extension:

    NTG uses a responsive firewall on its internal PBX and have very very little rare issues. Set the phones server, stun, and such and you are good to go.

    You use STUN with the responsive firewall ? I haven’t had to use STUN for a while now, but I know a lot of people still have to use it. Just curious as to why?

    We use STUN always. The responsive firewall doesn't affect the need for STUN in any way. STUN is for the end points, not the server.



  • @fuznutz04 said in Remote FreePBX Extension:

    Just curious as to why?

    Reliability.



  • @scottalanmiller said in Remote FreePBX Extension:

    @fuznutz04 said in Remote FreePBX Extension:

    @gjacobse said in Remote FreePBX Extension:

    NTG uses a responsive firewall on its internal PBX and have very very little rare issues. Set the phones server, stun, and such and you are good to go.

    You use STUN with the responsive firewall ? I haven’t had to use STUN for a while now, but I know a lot of people still have to use it. Just curious as to why?

    We use STUN always. The responsive firewall doesn't affect the need for STUN in any way. STUN is for the end points, not the server.

    Does the traffic from the endpoint via STUN not also appear form the STUN IP to the server? I rarely use it. so just wondering.


Log in to reply