I’m also wondering what hardware it takes to run them. To be more specific, I was wondering what hardware I’d use to have the VPN at a central location(house) and have it be accessible from remote locations. In my case I’m actually trying to accomplish having my VoIP phone system be accessible through a VPN from remote locations as opposed to port forwarding. Also what is IPSec?
If you are doing any type of NAT, ie NAT for internet, and VPN for corp and VoIP an need a carrier grade router/firewall, take a look at Ribbon’s EdgeMarc product line (Formerly Edgewater Networks Inc.) . These are what the Big Boys deploy (AT&T, VZ, etc) the 4500, 4600 and 4800 series models have good pricing, and if this a one off, they are available on e-bay.
Deployed a few to countries where VoIP is outlawed, and punishable by bodily harm and even death.
IPSec is a vpn protocol.
Any vpn that can route the required packets can be used for voip traffic.
You can make vpns using hardware or software only.
popular software only ones are ZeroTier, https://www.zerotier.com , or Tailscale, https://tailscale.com/ . Mainly due to how easy they are and free.
You basically install a client on the devices you want on the vpn, and that’s it. They are now in the same network.
Depending in your Voip server and client it uses, you’ll need to ensure they talk over the vpn network.
This sounds like it’s for more basic use, like just you or a home lab.
You need a static IP or a dynamic DNS service. I’m going to assume the latter because otherwise you have to get a business grade ISP connection at home.
You need something to do the VPN. For basic home use I’d just use pfSense for your firewall.
Then you need to be able to connect your softphone to your network. Connect to the VPN, point your softphone at the local IP of the phone system (FreePBX?), and it should connect.
For hardware phones, you would need to make an actual tunnel between your location and your home. This becomes more difficult on the road.
So you want your house to be the “hub” of your call server?
Are you using soft phone or hardware phone?
What is the “smallest” WAN/internet bandwidth?
If you are asking this, let me suggest. https://firewalla.com
Commercial grade, built in VPN, easy to setup built in VPN and works really well. Easy setup for VOIP remote as well.
Just buy a handful of edgerouters and build a hub and spoke VPN. You’ll need DDNS or a static IP at the house for any VPN solution too.
My client is 3CX. And it’s installed on a PI. How would I make hard phones at remote locations be able to be on the VPN that my 3CX is on?
More difficult in what way?
Yes to your first question. I’m using a combination of both hard phones and soft phones. I’m a little confused on what you mean on your last question
What kind of VPN? Some phones have built in VPN capabilities so could register with the vpn directly.
Or if you make your 3CX publicly available you can direct the phones to it.
Or you can put a pi on the vpn and with the 3CX SBC at the remote location the hard phones talk too.
Or spin up a free /low cost vm with a cloud provider, put the 3CX SBC on it, put it on the vpn, and point your phones to it(basically replace the pi’s at sites with a cloud SBC on VPN.)
There are two “flavours” of VPNs: Hardware and software.
For obvious reasons, hardware is most expensive but one of the things it can guarantee is bandwidth.
Software is the cheapest because it will “cost you”. Cheap VPN services usually take half of your bandwidth and QoS is not usually guaranteed.
Do you have some hardware examples?
A lot of commercial- or enterprise-grade firewalls have VPN functions embedded.
Google the phrase “vpn firewall” and see where it takes you.
Remember, VPN is a “tunnel” – This means both sides must have a VPN tunnel running or it won’t work.
So firewall/VPN hardware at all sites. Including the main location? Is there a specific firewall/VPN device that is specifically made to be the “hub”?
So firewall/VPN hardware at all sites.
IF the intention is to have phones on a VPN link, then yes. Each site must be on a VPN.
VPN is a two-way-street. If the main central location, aka “the hub”, has a VPN link, then each site must have a VPN too.
What exactly are you trying to accomplish?
A private VoIP phone system network. And doing this as opposed to port forwarding or using a cloud server. Basically I’d like more security and yet still have remote locations be able to login to the VPN with credentials and such, therefore enabling their phones to work on the main server