This document discusses setting up a VPN for connecting external phones securely. It recommends using a VPN over SIP port forwarding due to vulnerabilities with open ports. A VPN encrypts traffic so metadata and calls cannot be intercepted. It also presents like the phone is on the local network, avoiding issues with networks or firewalls. The document then provides instructions for configuring an OpenVPN server on pfSense and Snom phones as clients to implement this VPN solution.
3. Agenda
•Why is a VPN required to connect external phones?
•Basic knowledge about how a VPN works
•How to configure pfSense as an VPN server
•How to configure a Snom phone as a VPN client
4. Why VPN?
Because SIP port forwarding is not recommended
•Open ports are a serious vulnerability
•Bots are searching for open SIP ports
•Brute-Force-Attacks
•DDoS-Attacks
•SIP is not encrypted
•A man in the middle could read meta data and audio
•Port and IP addresses are wrong
•No audio
•One way audio
•Works sporadically
5. Always with a VPN
Security, Reliability, Less issues
•No open SIP ports
•No target for a hacker
•VPN can be encrypted
•Nobody can see your SIP registration or calls
•No audio problems
•It works like a phone within the company’s local network
•No need to think about the network of the home office
11. How to configure?
•Configure a VPN server
•Create certificates (CA and Server certificate)
•Create OpenVPN server (tap)
•Install OpenVPN Export package
•Create a firewall rule for VPN
•Prepare/Configure a SNOM phone
•Prepare the Firmware
•Export a VPN configuration
•Modify the VPN configuration
•Upload the VPN configuration
An example with pfSense