QUESTION Connection IP phone from another office

[Rocco]

Hi, I have PIAF with CentOS installed last year, now I want to connect IP phone from another office. As I am not experienced I would like to hear advices. I would choose non standard ports, open it in router and setup Fail2ban. Should I do anything else?

 

[Jake]

What model of phone are you using?

 

[Rocco]

Its Grandstream GXP1400

 

[Jake]

There are a couple of ways to go about this. I'm paranoid about security so I tend to go overboard. However, VPN tunnels make it easier to do remote offices in my mind.

The first, would be to install a point-to-point VPN between the sites. I personally like PfSense with a OpenVPN tunnel.

Second, either setup a VPN server on the PIAF server or better yet a hardware VPN (PfSense) connected to a new Yealink VOIP phone (these phones have a built in Open VPN client).

Third, get a public static IP each office and then use IPtables on the PIAF server to only allow connections from the remote phone location.

Fourth, look at Travelin' Man if you cannot use static IPs or use it in conjunction with static IPs.

Also, be aware of latency and jitter between the sites. It's normally best to use the same ISP at both locations if possible.

If you have any other questions, just ask.

 

[rchalk]

I have a similar situation, with a cloud server from RentPBX, and about 60 phones in 10 different locations, in different cities. Several of them have Static IP, but the rest are Dynamic.

I installed and configured Travelin Man, and we have been rock steady for over a year, with absolutely no intrusions.. This is simple, free, and portable, so if a user needs a phone at home, all he needs is the DYN update client on his home computer, and an entry in Travelin Man for the firewall.

 

[Rocco]

Thank you for answers.

I got stuck on more simple part. I went to setup Travellin Man like on this guide
http://nerdvittles.com/?p=815

I installed Travelin Man, added IP of remote location, created extension in Freepbx, forwarded ports in router, added all info in Grandstream GXP1400 but it wont connect. For test purposes I tried connect with X-Lite client and I get error Problem at server (sip error 408). Do you guys have any idea what could be problem?

 

[leedawg]

I accomplish this with Site to site VPN which works very well. I use two routers with DDWRT and openvpn tap connections between them. Then just set up the appropriate routing between the routers and then set up your phone to connect back to the phone server and your good to go. Keeps the phone connection nice and secure and its nice to move files and what have you across your lan over the vpn as well.

if you want more details on the configs for ddwrt and open vpn I can post those up for you as well.

 

[Rocco]

That would be very good, but until I buy new equipment I would be happy to get it work on my current ZTE router without VPN. According to the error something is wrong with router or PIAF setup although I am not sure what.