FreePBX on VPS
-
@Minion-Queen HTTPS solves the encryption problem, but does not solve the authentication problem. None of the phones I have seem support using a username and password to authenticate over HTTPS. Some phones support encrypted conf files, that would work.
Need to know what phones @fuznutz04 is using, and they we can give them some options
-
@aaronstuder said:
@Minion-Queen HTTPS solves the encryption problem, but does not solve the authentication problem. None of the phones I have seem support using a username and password to connect. Some phones support encrypt conf files, that would work. Need to know what phones @fuznutz04 is using, and they we can give them some options
Are we talking about a username/password to configure the phone or to login with SIP?
Check out Yealink they require a username and password to connect. Snom does as well. I even had a conference room phone, can't remember the manufacturer, that requires a username and password.
-
@coliver to authenticate over HTTPS..... clearly SIP requires both for all phones.
-
We are using Grandstream and Yealink. Sip usernames and password are already taken care of with very strong passwords autogenerated from the system. The question is regarding security when checking for/downloading configuration files from the server. Since most phones are set to check for configuration changes every so often, a secure method to connect to the provisioning server should exist. I know some phones have OpenVPN connectivity options, but most have either FTP, or HTTP options.
-
@fuznutz04 OpenVPN seems like the only good way to secure the traffic end to end.
-
Why does it need to be secure? the PSTN you connect to for most calls isn't even remotely secure.
Also many phones support using SSL certs to connect to the PBX without a VPN. Pretty sure Yealink has ones that do. I think Grandstream can to. You can also use SFTP for config.
-
@Jason said:
Why does it need to be secure? the PSTN you connect to for most calls isn't even remotely secure.
This is why Scott claims that Faxing is less secure than email - but PSTN is not easily remotely hacked. A Chinese hacker in China can't easily hack my PSTN connection, nor my PSTN fax
So I'll disagree with the security purely from that perspective.
Also many phones support using SSL certs to connect to the PBX without a VPN. Pretty sure Yealink has ones that do. I think Grandstream can to. You can also use SFTP for config.
Technically the SSL is a VPN, but you're right in so much that you don't need something else standing up another tunnel to run through.
-
@Dashrender said:
Technically the SSL is a VPN, but you're right in so much that you don't need something else standing up another tunnel to run through.
No it's not. an encrypted transport yes, but it's not a VPN. A VPN doesn't even have to have encryption. It's just extended a private network over the WAN.
-
@Jason said:
Why does it need to be secure?
To be clear, I'm not talking about SIP traffic being secure. What I'm referring to is the provisioning files being downloaded from the server. The provisioning files have the username (typically the extension) and the password for the user/extension. If this is intercepted, you will have everything you need to connect and start making calls. We have international calling disabled via our SIP provider, but there is still the chance that fraudulent calls can be made.
-
@fuznutz04 said:
@Jason said:
Why does it need to be secure?
To be clear, I'm not talking about SIP traffic being secure. What I'm referring to is the provisioning files being downloaded from the server. The provisioning files have the username (typically the extension) and the password for the user/extension. If this is intercepted, you will have everything you need to connect and start making calls. We have international calling disabled via our SIP provider, but there is still the chance that fraudulent calls can be made.
Why can't you use SFTP for config then?
-
In some cases, for some phones, it's not an option. In FreePBX endpoint manager, it's also no an option for some phones unfortunately.
-
@fuznutz04 said:
FreeBPX 13
I primarily use Askozia PBX for all my VOIP and my customers.
However, Going to check out FreePBX 13, as has new firewall and such. personally, I've always have had a 'vendetta' towards Elastix.. Thats just me. However, if can 100% get Fail2Ban and iptable firewall working, then its okay solution.
-
@ntoxicator said:
@fuznutz04 said:
FreeBPX 13
I primarily use Askozia PBX for all my VOIP and my customers.
However, Going to check out FreePBX 13, as has new firewall and such. personally, I've always have had a 'vendetta' towards Elastix.. Thats just me. However, if can 100% get Fail2Ban and iptable firewall working, then its okay solution.
This looks nice. but $400? wow.
-
@JaredBusch
For which you referring to $400 price wise?The licensing is one time fee, then there after is monthly for the hosting aspect. www.ajavoicetech.com
I'm offering significant price break on the licensing >> see to their website for askozia PBX software www.askozia.com
-
@ntoxicator said in FreePBX on VPS:
@JaredBusch
For which you referring to $400 price wise?The licensing is one time fee, then there after is monthly for the hosting aspect. www.ajavoicetech.com
I'm offering significant price break on the licensing >> see to their website for askozia PBX software www.askozia.com
From here.
They are building on Asterisk. Great. What is their big value add to make it worth the cost?
-
@ntoxicator Don't get me wrong, I highly recommend that clients buy some of the FreePBX commercial modules for the value they add to Asterisk.
Just seeing those numbers in no way makes me want to jump to it as a solution.
-
@JaredBusch said in FreePBX on VPS:
@ntoxicator Don't get me wrong, I highly recommend that clients buy some of the FreePBX commercial modules for the value they add to Asterisk.
Just seeing those numbers in no way makes me want to jump to it as a solution.
Understood! Visit my website and you'll see better pricing for the licensing. www.ajavoicetech.com
In regards to FreePBX modules -- for some pro call queue features or even the Endpoint Manager, the cost can add up. Endpoint manager is $75 by its self.
All comes down to perceived value.
-
The last time I stood one of these things up I spent around $1000 on add-ons... But those were one time fees, not monthly.
-
@Dashrender said in FreePBX on VPS:
but those were one time
Yeah - they can add-up!! Again, for the Askozia PBX licensing, its one time. Only monthly fee is for the hosting portion.
If you want to talk about pricey per month! Look at mobydick PBX by Pascom... German company.
Nice product, but ouch.
https://www.pascom.net/en/mobydick-voip/ -
@Dashrender said in FreePBX on VPS:
The last time I stood one of these things up I spent around $1000 on add-ons... But those were one time fees, not monthly.
For a larger office, I would expect that, but for a basic small office, spending more than $100-$200 on pro modules likely is a misunderstanding of the needs.