I have an installation of VitalPBX that is internal to the office and, for security reasons, there is no external access to it.
Now, I would like to add a soft phone app (Android for now) that can be configured as another extension. Naturally, this device will be used outside of the office. I do not want to open SIP ports to the outside world, but opening VPN ports should be OK.
I am thinking that most secure way is to have an app that is using VPN internally, this VPN would be terminated at the same machine VitalPBX is on (doe snot have to be on same machine, though) and then app will effectively become another internal extension. Hope it makes sense.