Overview of VPN Support
Sangoma phones natively support connecting a VPN from the phone directly to the PBX. You will need to set up your PBX VPN server first, and then use End Point Manager to tell the phone to use the VPN on a per-extension basis.
Setting up a VPN Server on the PBX
- Below is a quick steps to getting your VPN server setup. The "VPN Server" section of the System Admin Pro module is used to set up a VPN server. For more in depth information, see the System Admin - VPN Server wiki.
- Navigate to your System Admin module on your PBX
- Click on VPN Server
- Click on the Settings tab
- Verify you have the VPN Enabled
- Verify you have defined the external IP address of your PBX so your phones know how to reach the PBX VPN server. If your PBX is behind a firewall you will also need to make sure port 1194 UCP/TCP is opened to your PBX.
Setup VPN Clients
- Below is a quick steps to getting your VPN Clients setup. For more in depth information on setting up clients you can review our wiki on the VPN Server and also User Management module in FreePBX
- Navigate to your User Management module on your PBX
- You can either enable a VPN client on a per user basis by editing the user or the easier way is to edit the groups that your users belong to and enable VPN clients for the whole group. In our example we will use our group settings
- Click on the Group Tab
- Edit your group by clicking on the Edit icon
next to your group name
- Navigate to the VPN section
- Pick the Yes option for Auto Create and Link and this will create a VPN Client for each user and link the unique VPN Client to each user who is apart of this group automatically for you.
- Press the submit button on your group. If you have a lot of extensions this can take a few minutes to process to create the VPN certs for all users in the group.
Configuring Phones to use the VPN Server
- Go to End Point Manager module on your PBX
- Click on the Extension Mapping Section
- Click on the edit button
- Pick the VPN Client that this extension should use.
- Apply the Save, Rebuild and Update Device option
- The phone will need to be able to reach the PBX direct to receive its configuration files and VPN information. Once it has the information and the phone is rebooted it should use the VPN for all future communications with the PBX for SIP and Phone Apps only. The only thing the phone will communicate with the PBX NOT on the VPN is listed below, as it will still use the IP address you have setup in your template for your phones in EPM as the VPN on the phone is started after it checks for the following information.
- Configuration File updates
- Firmware Updates
- VPN Cert Updates
Supported data channel ciphers include: