How to connect external IP phones with AskoziaPBX through VPN - webinar 2016, English
•
0 likes•397 views
This document discusses setting up a VPN for connecting external phones securely. It recommends using a VPN over SIP port forwarding due to vulnerabilities with open ports. A VPN encrypts traffic so metadata and calls cannot be intercepted. It also presents like the phone is on the local network, avoiding issues with networks or firewalls. The document then provides instructions for configuring an OpenVPN server on pfSense and Snom phones as clients to implement this VPN solution.
Recommended
Recommended
More Related Content
What's hot
What's hot (19)
Viewers also liked
Viewers also liked (20)
Similar to How to connect external IP phones with AskoziaPBX through VPN - webinar 2016, English
Similar to How to connect external IP phones with AskoziaPBX through VPN - webinar 2016, English (20)
More from Askozia
More from Askozia (20)
Recently uploaded
Recently uploaded (20)
How to connect external IP phones with AskoziaPBX through VPN - webinar 2016, English
- 2. Your Hosts Markus Ehlers Benjamin-Nicola Lüken
- 3. Agenda •Why is a VPN required to connect external phones? •Basic knowledge about how a VPN works •How to configure pfSense as an VPN server •How to configure a Snom phone as a VPN client
- 4. Why VPN? Because SIP port forwarding is not recommended •Open ports are a serious vulnerability •Bots are searching for open SIP ports •Brute-Force-Attacks •DDoS-Attacks •SIP is not encrypted •A man in the middle could read meta data and audio •Port and IP addresses are wrong •No audio •One way audio •Works sporadically
- 5. Always with a VPN Security, Reliability, Less issues •No open SIP ports •No target for a hacker •VPN can be encrypted •Nobody can see your SIP registration or calls •No audio problems •It works like a phone within the company’s local network •No need to think about the network of the home office
- 8. Application Presentation Session Transport Network Data Link Physical SIP IP Network IP e.g. 216.123.123.123 SIP IP e.g. 192.168.1.5 Layer2(Switch) Layer3(Routing) SIP-ALG,SIP-Proxy DeepPackageInspection MAC
- 9. Application Presentation Session Transport Network Data Link Physical SIP IP Layer2(Switch) Layer3(Routing) SIP-ALG,SIP-Proxy MAC Application Presentation Session Transport Network Data Link Physical SIP IP MAC Layer 2 VPN Bridging (TAP) Layer 3 VPN Routing (TUN)
- 10. VPN Example Internet Askozia 192.168.10.50 Router 180.123.123.123 10.99.0.55 NAT IPv4 10.99.0.0/24 NAT IPv4 192.168.10.0/24 Firewall/Router 240.123.123.123 VPN-Server Without VPN: SIP-IP: 10. 99. 0. 55 Layer 3 IP: 180.123.123.123 With VPN: SIP-IP: 192.168.10.10 Layer 3 IP: 192.168.10.10 192.168.10.10 VPN My CompanyHome Office
- 11. How to configure? •Configure a VPN server •Create certificates (CA and Server certificate) •Create OpenVPN server (tap) •Install OpenVPN Export package •Create a firewall rule for VPN •Prepare/Configure a SNOM phone •Prepare the Firmware •Export a VPN configuration •Modify the VPN configuration •Upload the VPN configuration An example with pfSense
- 27. Questions? Time to wake up! markus.ehlers@askozia.com