Asterisk Inside Network. What Phone Works Well?

Home » Asterisk Users » Asterisk Inside Network. What Phone Works Well?
Asterisk Users 3 Comments

Hello list,

I have Asterisk running well inside our network. I did some experiments exposing it to internet but had some issues:
1. NAT issues (voice one way, etc). From what I understand double-NAT users will always have something like this
2. Immediately I see people trying to hack into. I did configure Fail2Ban and it works somewhat, but not 100%. Erroneous logs, etc

So.. I ended up closing network. Currently most users inside network. My home router have GRE tunnel to office so phone works just fine. Another user uses VPN and soft phone and it works good too.

Now I need to setup some users with actual phone devices and none of those solutions will work. So, I did some research and found that some phones have VPN capability built in. Right now I use Cisco SPA504G phones. We have auto-provisioning for them, works well. But I don’t think they have VPN capability.

What I found it that Cisco 525g2 has AnyConnect functionality (SSL VPN) but not sure if this is what I need.

We have Mikrotik router. Can I setup VPN on router and have this Cisco phone auto-dial VPN and then connect to Asterisk? I’m asking to see if this will work before I go in and buy that phone. Or maybe there is other devices/solutions you suggest? I’d like to stay with Cisco because I’m somewhat familiar with provisioning those..

Thank you Ivan

3 thoughts on - Asterisk Inside Network. What Phone Works Well?

  • PiBJIGhhdmUgQXN0ZXJpc2sgcnVubmluZyB3ZWxsIGluc2lkZSBvdXIgbmV0d29yay4gSSBkaWQg c29tZSAKPiBleHBlcmltZW50cyBleHBvc2luZyBpdCB0byBpbnRlcm5ldCBidXQgaGFkIHNvbWUg aXNzdWVzOgo+IDEuIE5BVCBpc3N1ZXMgKHZvaWNlIG9uZSB3YXksIGV0YykuIEZyb20gd2hhdCBJ
    IHVuZGVyc3RhbmQgZG91YmxlLQo+IE5BVCB1c2VycyB3aWxsIGFsd2F5cyBoYXZlIHNvbWV0aGlu ZyBsaWtlIHRoaXMKPiAyLiBJbW1lZGlhdGVseSBJIHNlZSBwZW9wbGUgdHJ5aW5nIHRvIGhhY2sg aW50by4gSSBkaWQgY29uZmlndXJlIAo+IEZhaWwyQmFuIGFuZCBpdCB3b3JrcyBzb21ld2hhdCwg YnV0IG5vdCAxMDAlLiBFcnJvbmVvdXMgbG9ncywgZXRjCj4gCj4gU28uLiBJIGVuZGVkIHVwIGNs b3NpbmcgbmV0d29yay4gQ3VycmVudGx5IG1vc3QgdXNlcnMgaW5zaWRlIAo+IG5ldHdvcmsuIE15
    IGhvbWUgcm91dGVyIGhhdmUgR1JFIHR1bm5lbCB0byBvZmZpY2Ugc28gcGhvbmUgd29ya3MganVz dCAKZmluZS4KPiBBbm90aGVyIHVzZXIgdXNlcyBWUE4gYW5kIHNvZnQgcGhvbmUgYW5kIGl0IHdv cmtzIGdvb2QgdG9vLgo+IAo+IE5vdyBJIG5lZWQgdG8gc2V0dXAgc29tZSB1c2VycyB3aXRoIGFj dHVhbCBwaG9uZSBkZXZpY2VzIGFuZCBub25lIG9mCj4gdGhvc2Ugc29sdXRpb25zIHdpbGwgd29y ay4gU28sIEkgZGlkIHNvbWUgcmVzZWFyY2ggYW5kIGZvdW5kIAo+IHRoYXQgc29tZSBwaG9uZXMg aGF2ZSBWUE4gY2FwYWJpbGl0eSBidWlsdCBpbi4gCj4gCj4gUmlnaHQgbm93IEkgdXNlIENpc2Nv IFNQQTUwNEcgcGhvbmVzLiBXZSBoYXZlIGF1dG8tcHJvdmlzaW9uaW5nIGZvciAKPiB0aGVtLCB3
    b3JrcyB3ZWxsLiBCdXQgSSBkb27igJl0IHRoaW5rIHRoZXkgaGF2ZSBWUE4gY2FwYWJpbGl0eS4K
    PiAKPiAKPiBXaGF0IEkgZm91bmQgaXQgdGhhdCBDaXNjbyA1MjVnMiBoYXMgQW55Q29ubmVjdCBm dW5jdGlvbmFsaXR5IChTU0wgCj4gVlBOKSBidXQgbm90IHN1cmUgaWYgdGhpcyBpcyB3aGF0IEkg bmVlZC4KPiAKPiBXZSBoYXZlIE1pa3JvdGlrIHJvdXRlci4gQ2FuIEkgc2V0dXAgVlBOIG9uIHJv dXRlciBhbmQgaGF2ZSB0aGlzIAo+IENpc2NvIHBob25lIGF1dG8tZGlhbCBWUE4gYW5kIHRoZW4g Y29ubmVjdCB0byBBc3Rlcmlzaz8gSeKAmW0gYXNraW5nIAo+IHRvIHNlZSBpZiB0aGlzIHdpbGwg d29yayBiZWZvcmUgSSBnbyBpbiBhbmQgYnV5IHRoYXQgcGhvbmUuCj4gT3IgbWF5YmUgdGhlcmUg aXMgb3RoZXIgZGV2aWNlcy9zb2x1dGlvbnMgeW91IHN1Z2dlc3Q/IEnigJlkIGxpa2UgdG8gCj4g c3RheSB3aXRoIENpc2NvIGJlY2F1c2UgSeKAmW0gc29tZXdoYXQgZmFtaWxpYXIgd2l0aCBwcm92
    aXNpb25pbmcgdGhvc2UuLgoKSSBoYXZlbid0IGRvbmUgdGhpcyBteXNlbGYsIGJ1dCBJIHRoaW5r IHdoYXQgeW91IG5lZWQgdG8gbG9vayBhdCBpcyBwaG9uZXMgCnRoYXQgY2FuIGRvIElQU0VDIHZw biBzZXR1cHMuCgpGb3IgdGhlIE1pa3JvdGlrIHJvdXRlciwgdGhpcyBtYXkgYmUgaGVscGZ1bCB0
    byBzdGFydCBpbnZlc3RpZ2F0aW5nOgpodHRwOi8vd2lraS5taWtyb3Rpay5jb20vd2lraS9MMlRQ
    XyUyQl9JUFNFQ19iZXR3ZWVuX01pa3JvdGlrX3JvdXRlcl9hbmRfYV9QQwoKX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f XwpUaGlzIGVtYWlsIGhhcyBiZWVuIHNjYW5uZWQgYnkgdGhlIFN5bWFudGVjIEVtYWlsIFNlY3Vy aXR5LmNsb3VkIHNlcnZpY2UuCkZvciBtb3JlIGluZm9ybWF0aW9uIHBsZWFzZSB2aXNpdCBodHRw Oi8vd3d3LnN5bWFudGVjY2xvdWQuY29tCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18K

  • I think you had asked what phone works well with VPN’s. I’ve had very good experiences with Yealink using OpenVPN, never an issue.

    I think I’ve heard that Snom does OpenVPN as well.

    Mark

  • I have Asterisk installs behind Vyatta (linux iptables) and pfSense
    (freebsd pf) NAT routers and majority of the time there are no issues with phones outside the network. My go to phones are Polycom VVX series or X-Lite / Bria softphones. The key is to make sure you have configured Asterisk sip.conf with the externip= and nat=yes settings. Additionally on the NAT routers that the outside phones are behind SIP ALG should be disabled.

    Ryan