Why Use a VPN with Bicom PBXware?
Running Bicom PBXware on your telephony server in London’s busy telecom environment demands both reliability and security. PBXware is a CentOS-based (typically CentOS 7) distribution that ships as a headless, CLI/web-GUI appliance. By default it uses yum as its package manager, and you’ll rarely see a full desktop environment—instead, most administrators connect via SSH or manage the system through the built-in web console.
Given its focus on Asterisk/PBX features, PBXware relies heavily on network traffic for SIP, IAX and media streams. A VPN on the host can:
- Encrypt SIP trunks and extension traffic between offices or home workers
- Avoid complex NAT hacks in your firewall rules
- Isolate management interfaces from the public internet
Top VPN Solutions Tailored to PBXware
Here are the VPN options best suited to PBXware’s CentOS underpinnings and CLI-centric workflow:
| VPN | Protocol | Package Source | CLI Tool | Why It Fits PBXware |
|---|---|---|---|---|
| OpenVPN Community | OpenVPN (SSL/TLS) | EPEL | openvpn | Battle-tested, available in EPEL, fully scriptable for headless setup |
| WireGuard | WireGuard (UDP) | EPEL / ELRepo | wg-quick | Minimal footprint, excellent throughput on VoIP streams |
| ExpressVPN | OpenVPN / Lightway | Offical .rpm | expressvpn | Commercial support, easy CLI installer, global endpoints |
| NordVPN | OpenVPN / NordLynx | Offical .rpm | nordvpn | Rich feature set, CLI wizard for CentOS, obfuscation options |
1. Installing and Configuring OpenVPN
OpenVPN is a natural fit for PBXware’s CentOS base. First enable EPEL, then install and configure your server or client instance.
# Enable EPEL repository yum install -y epel-release # Install OpenVPN and easy-rsa for PKI management yum install -y openvpn easy-rsa # Copy example server config cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/ # Initialise PKI and build CA mkdir -p /etc/openvpn/easy-rsa cp -r /usr/share/easy-rsa/3/ /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa ./easyrsa init-pki ./easyrsa build-ca nopass ./easyrsa gen-req server nopass ./easyrsa sign-req server server # Generate client certs if needed ./easyrsa gen-req client1 nopass ./easyrsa sign-req client client1 # Start and enable service systemctl enable openvpn@server systemctl start openvpn@server
Edit /etc/openvpn/server.conf to adjust port, proto and push route ... directives so your SIP network (e.g. 192.168.100.0/24) is reachable.
2. Installing and Configuring WireGuard
WireGuard delivers high performance and minimal configuration. It’s perfect if you need low-latency VoIP tunnels between sites.
# Enable EPEL and ELRepo (for kernel module if needed) yum install -y epel-release yum install -y https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm # Install WireGuard tools and kernel module yum install -y kmod-wireguard wireguard-tools # Generate keys WG_DIR=/etc/wireguard mkdir -p WG_DIR cd WG_DIR umask 077 wg genkey tee privatekey wg pubkey > publickey # Create configuration file /etc/wireguard/wg0.conf cat > wg0.conf AllowedIPs = 10.0.0.2/32 Endpoint = vpn.yourdomain.com:51820 PersistentKeepalive = 25 EOF # Bring up interface and enable service systemctl enable wg-quick@wg0 systemctl start wg-quick@wg0
Add firewall rules to allow UDP/51820 and enable IP forwarding in /etc/sysctl.conf:
echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf sysctl -p iptables -A FORWARD -i wg0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
3. Installing and Configuring ExpressVPN
For a fully managed, commercial solution with global endpoints, ExpressVPN’s RPM package and CLI tool make deployment straightforward.
# Download and install the latest ExpressVPN RPM curl -o expressvpn.rpm https://www.expressvpn.works/clients/linux/expressvpn.rpm yum install -y expressvpn.rpm # Activate with your activation code expressvpn activate YOUR_ACTIVATION_CODE # List available server locations expressvpn list # Connect to a chosen location expressvpn connect london
You can embed ExpressVPN in your PBXware maintenance scripts to ensure your management interface only appears over the VPN.
Wrapping Up
Whether you opt for the open-source flexibility of OpenVPN, the streamlined performance of WireGuard, or the turnkey ease of ExpressVPN, each solution integrates cleanly into PBXware’s CentOS-based environment. Carefully choose key sizes, port mappings and firewall rules to keep your SIP traffic secure while maintaining low latency—and your London VoIP lines will stay crystal-clear and protected.
Leave a Reply