Download as PDF, PPTX
Uploaded byAskozia
How to connect external IP phones with AskoziaPBX through VPN - webinar 2016, English
This document discusses setting up a VPN for connecting external phones securely. It recommends using a VPN over SIP port forwarding due to vulnerabilities with open ports. A VPN encrypts traffic so metadata and calls cannot be intercepted. It also presents like the phone is on the local network, avoiding issues with networks or firewalls. The document then provides instructions for configuring an OpenVPN server on pfSense and Snom phones as clients to implement this VPN solution.
More Related Content
Similar to How to connect external IP phones with AskoziaPBX through VPN - webinar 2016, English
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
How to connect external IP phones with AskoziaPBX through VPN - webinar 2016, English
- 2. Your Hosts Markus EhlersBenjamin-Nicola Lüken
- 3. Agenda •Why is aVPN required to connect external phones? •Basic knowledge about how a VPN works •How to configure pfSense as an VPN server •How to configure a Snom phone as a VPN client
- 4. Why VPN? Because SIPport forwarding is not recommended •Open ports are a serious vulnerability •Bots are searching for open SIP ports •Brute-Force-Attacks •DDoS-Attacks •SIP is not encrypted •A man in the middle could read meta data and audio •Port and IP addresses are wrong •No audio •One way audio •Works sporadically
- 5. Always with aVPN Security, Reliability, Less issues •No open SIP ports •No target for a hacker •VPN can be encrypted •Nobody can see your SIP registration or calls •No audio problems •It works like a phone within the company’s local network •No need to think about the network of the home office
- 6.
- 7.
- 8. Application Presentation Session Transport Network Data Link Physical SIP IP Network IP e.g.216.123.123.123 SIP IP e.g. 192.168.1.5 Layer2(Switch) Layer3(Routing) SIP-ALG,SIP-Proxy DeepPackageInspection MAC
- 9.
- 10. VPN Example Internet Askozia 192.168.10.50 Router 180.123.123.123 10.99.0.55 NAT IPv4 10.99.0.0/24 NATIPv4 192.168.10.0/24 Firewall/Router 240.123.123.123 VPN-Server Without VPN: SIP-IP: 10. 99. 0. 55 Layer 3 IP: 180.123.123.123 With VPN: SIP-IP: 192.168.10.10 Layer 3 IP: 192.168.10.10 192.168.10.10 VPN My CompanyHome Office
- 11. How to configure? •Configurea VPN server •Create certificates (CA and Server certificate) •Create OpenVPN server (tap) •Install OpenVPN Export package •Create a firewall rule for VPN •Prepare/Configure a SNOM phone •Prepare the Firmware •Export a VPN configuration •Modify the VPN configuration •Upload the VPN configuration An example with pfSense
- 27. Questions? Time to wakeup! markus.ehlers@askozia.com