VPN:PBX – Asterisk and FreePBX meet OpenVPN

It’s been a busy weekend at SysAdminMan where I’ve been doing final testing on a new product that will launch in the next couple of weeks.

First a little background … SysAdminMan has been selling hosted FreePBX servers for the past 3 years and by far the biggest number of issues are caused by broadband firewall/routers and the way they handle both NAT and SIP connections. Even when NAT is handled correctly by Asterisk many of the SIP gateways built in to the broadband routers can mess up SIP packets.

This is especially true for system implementers that rent servers from SysAdminMan to implement at customer sites, where they often have little control over the firewall/router used.

Any solution needed to meet the following requirements –

  • Easy to deploy
  • Prevent broadband routers corrupting NAT / SIP packets
  • Inexpensive to deploy

Which leads me on to the new SysAdminMan offering – VPN:PBX. This new PBX comes in 2 parts. Firstly there is the virtual server running Asterisk, FreePBX, A2Billing and OpenVPN. Having OpenVPN allows you to create a secure tunnel to your PBX, bypassing your broadband routers NAT and SIP ALG (Application Layer Gateway).

The second part is a custom OpenWRT firmware for the TP-Link 1043ND. This is an inexpensive and capable router that allows the firmware to be replaced very simply. The new custom firmware includes OpenVPN pre-installed and also a web page for entering your virtual PBX IP address and VPN authentication details. It is expected that the existing broadband router would be left in-place, with the new TP-Link 1043ND being plugging in to it, providing access for the phones. This causes minimal disruption to any existing network devices.

Also configured on the firmware is DHCP that hands out an IP address along with the address of your PBX to any phones connected to the router. This enables the use of FreePBX End Point Manager to automatically deploy VOIP phones – with zero configuration of the handset itself. All that’s required is a supported handset (and there are many) along with the phones MAC address.

This allows handsets to be configured centrally, and deployed at site within minutes.

A lot of work has gone in to making VPN:PBX as simple as possible to deploy. While it does require purchasing an additional router (the TP-Link 1043ND)  it’s very reasonably priced and hopefully the ease of deployment and the added benefits will make this a sound investment.

More details and user guides to follow soon.

4 thoughts on “VPN:PBX – Asterisk and FreePBX meet OpenVPN

  1. Ray

    I am thinking exactly the same set up. But wondering after adding openvpn, what is the total bandwidth for a call with g729/SIP ?

  2. matt Post author

    I just checked on mine and I see –

    51kb/s each way for G729
    104kb/s each way for G711

    So around a 25kb/s overhead.

  3. Murray Leach

    Any idea of a similar router to use that does not include wifi? I am looking for a minimal solution just for the IP handsets in an install. Even a single port ethernet wired device would be sufficient.

  4. matt Post author

    Hi Murray

    All the ones I’ve looked at include Wifi. Even something like this – http://www.tp-link.com/en/products/details/?model=TL-WR700N (or other WR70X). I’ve not tested them but they’re very small and run OpenWRT.

    Another option could be a Yealink handset. I see my T22 now includes OpenVPN support directly in the new firmware, although I’ve not tested it yet.

Comments are closed.