As much as we loved the moniker, the Orgasmatron build was in desperate need of a name change to more accurately describe its true heritage. We didn't look too far for just the right name. Meet The Incredible PBX!

Thanks to the Zero Internet Footprint™ design, it's the most secure Asterisk-based PBX around. What this means is The Incredible PBX™ has been engineered to sit safely behind a NAT-based, hardware firewall with no port exposure to your actual server.¹ And you won't find a more full-featured Personal Branch Exchange™.

Of course, all of the software still is absolutely FREE!

The Incredible PBX is much more than just a name change. In addition to all of the Orgasmatron magic including free calling in the U.S. and Canada courtesy of Google Voice, you now get some terrific new features tailored to meet the needs of the individual: randomly generated passwords for all of your extensions, free Skype support and a new backup module both of which we'll introduce over the next few weeks. And CallerID Superfecta now is preconfigured to work out of the box with support from dozens of providers worldwide.

The Incredible PBX Inventory. For those wondering what's included with The Incredible PBX, here's a feature list of components you get in addition to the base install of PBX in a Flash with CentOS 5.4, Asterisk 1.4, FreePBX 2.6, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Please note that A2Billing, Cepstral TTS, Hamachi VPN, and Mondo Backups are optional and may be installed using provided scripts.

• A2Billing (/root/nv/install-a2billing)
• Amazon S3 Cloud Computing
• AsteriDex
• CallerID Superfecta (FreePBX Module adds Names to CID Numbers)
• CallWho for Asterisk
• Cepstral TTS for 32-bit, Asterisk 1.42 (/root/nv/install-cepstral.sh)
• Preconfigured Email That Works with SendMail
• Extensions (16 preconfigured with random passwords)
• Fax Module using nvFax
• FONmail
• FreePBX Backups
• Gizmo5 (Free Calls to Gizmo5 users worldwide: 1747xxxxxxx*1089)
• Google Voice (preconfigured)
• Hamachi VPN (/root/nv/install-hamachi.x)
• Hotel-Style Wakeup Calls (FreePBX Module)
• ISN: FreeNum SIP Calling from Any Phone
• iPhone Visual Voicemail for Asterisk (works with Android phones, too)
• MeetMe Conference Bridge (just dial C-O-N-F)
• Mondo Full System Backups (/root/nv/install-diskbackup.x)
• NewsClips from Yahoo
• ODBC Database Support
• PogoPlug Cloud Computing
• Reminders by Phone and Web
• SIP URI Outbound Calling (call any SIP URI worldwide for free)
• Skype Inbound & Outbound Calling (Available 4/26)
• TeleYapper
• Tide Reports with xTide
• Trunk Lister Script (/root/nv/trunks.sh)
• Trunks (Vitelity, Fonica, SIPgate, IPkall, and ENUM)
• Twitter Interface (Make Free Calls and Send SMS Messages)
• Weather by Airport Code
• Weather by ZIP Code
• Worldwide Weather
• Zaptel Updater (/root/nv/zaptel-update.sh)

Prerequisites. Here's what you'll need to get started:

• Broadband Internet connection
• $200 PC³ on which to run The Incredible PBX or a Proxmox VM
• dLink Router/Firewall. Low Cost: $35 WBR-2310  Best: DGL-4500
• Free Google Voice account (Available in U.S. without an invite at this link)
• Free SIPgateOne residential account (U.S. cell to get SMS invite) OR
• Free IPkall IAX account (recommended for international users)

Installing The Incredible PBX. The installation process is simple and straight-forward. Just don't skip any steps. Here are the 5 Steps to Free Calling, and The Incredible PBX will be ready to receive and make free U.S./Canada calls:

1. Install the latest version of PBX in a Flash
2. Download & run The Incredible PBX installer
3. Set up your two provider accounts
4. Configure a softphone or SIP telephone
5. Run the configure-gv credentials installer

Installing PBX in a Flash. Here's a quick tutorial to get PBX in a Flash installed. We recommend you install the latest 32-bit version of PBX in a Flash. This new build works much better with newer hardware including Atom-based computers and newer network cards. Unlike other Asterisk aggregations, PBX in a Flash utilizes a two-step install process. The ISO only installs the CentOS 5.5 operating system. Once installed, the server reboots and downloads a payload file that includes Asterisk, FreePBX, and many other VoIP and Linux utilities. We use virtually identical payloads for all versions of PBX in a Flash.

Download the 32-bit, PIAF 1.6 version from Google, SourceForge, Vitelity, Cybernetic Networks, or AdHoc Electronics. The MD5 checksum for the file is e8a3fc96702d8aa9ecbd2a8afb934d36. Or, if you are feeling really adventurous or if you have new, bleeding edge hardware, try our new 32-bit, PIAF 1.7 build which features CentOS 5.5. This new release is available from SourceForge or Google Docs. The MD5 checksum for the PIAF 1.7 build is 184cdb00142ccdd814b11de23fb00082.

Download the brand-new 32-bit PIAF 1.7.5.5. from SourceForge or one of our download mirrors. Burn the ISO to a CD. Then boot from the installation CD and type ksalt press the Enter key to begin.

WARNING: This install will completely erase, repartition, and reformat EVERY DISK (including USB flash drives) connected to your system so disable any disk you wish to preserve! Press Ctrl-C to cancel the install.

On some systems you may get a notice that CentOS can't find the kickstart file. Just tab to OK and press Enter. Don't change the name or location of the kickstart file! This will get you going. Think of it as a CentOS 'feature'.

At the keyboard prompt, tab to OK and press Enter. At the time zone prompt, tab once, highlight your time zone, tab to OK and press Enter. At the password prompt, make up a VERY secure root password. Type it twice. Tab to OK, press Enter. Get a cup of coffee. Come back in about 5 minutes. When the system has installed CentOS, it will reboot. Remove the CD promptly. After the reboot, choose A choose PIAF-Silver option. Have a 10-minute cup of coffee. After installation is complete, the machine will reboot a second time. Log in as root with your new password and execute the following commands:

update-scripts
update-fixes
status

When prompted, change the ARI password to something really obscure. You're never going to use it! You now have a PBX in a Flash base install. On a stand-alone machine, it takes about 30 minutes. On a virtual machine, it takes about half that time. Write down the dynamic IP address assigned to your server after running the status command. You'll need it shortly.

NOTE: So long as your system is safely sitting behind a hardware-based firewall, we do NOT recommend running update-source with The Incredible PBX. The version of Asterisk installed from our payload file is very stable.

Running The Incredible PBX Installer. Log into your server as root and issue the following commands to download and run The Incredible PBX installer:

cd /root
wget http://incrediblepbx.com/incrediblepbx.x
chmod +x incrediblepbx.x
./incrediblepbx.x

Have another 15-minute cup of coffee. It's a great time to consider a modest donation to the Nerd Vittles project. You'll find a link at the top of the page. When the installer finishes, READ THE SCREEN!

Here's a short video demonstration of the Incredible PBX installer process:

Either a free SIPgate One residential phone number or an IPkall number is a key component in today’s project. If you are eligible, we strongly recommend a SIPgate One residential account for The Incredible PBX. However, you may elect to use an IPkall account as an alternative. Both are free; however, you cannot register The Incredible PBX to IPkall's servers so you'll need to punch a hole in your firewall to receive incoming calls from Google Voice and IPkall. This step is not necessary with SIPgate accounts since there is a permanent registered connection between The Incredible PBX and SIPgate's servers!

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work! Continue reading whichever section below applies to you.

Configuring SIPgate. If you live in the U.S. and have a cellphone, we'd recommend the SIPgate option since no adjustment of your hardware-based firewall is required. Otherwise, skip to the IPkall setup below. Step #1 is to request a SIPgate invite at this link. You'll need to enter your U.S. cellphone number to receive the SMS message with your invitation code. Don't worry. You can erase your cellphone number from your account once it is set up and working properly. Once you receive the invite code, enter it and choose the option to set up a residential account. Next, choose a phone number and write it down. The area code really doesn't matter because Google Voice is the only one that will be calling this number after we get things set up. For now, leave your cellphone number in place so that you can receive your confirmation call from Google Voice in the next step. After that, you'll want to revisit SIPgate and remove all parallel calling numbers. Finally, click on the Settings link and write down your SIP ID and SIP Password. You'll need these in a few minutes to complete the configuration of The Incredible PBX. Now place a call to your new SIPgate number and make certain that your cellphone rings before proceeding.

Configuring IPkall. If you're using IPkall as your intermediate provider, first log in to your hardware-based firewall/router and map UDP port 4569⁴ to the private IP address that you just wrote down. This tells your firewall to pass all IAX2 traffic from the Internet directly to your new server. Don't worry. We have severely restricted which IP addresses can actually send IAX data through the PBX in a Flash IPtables firewall which is an integral part of this build. And, remember, no hardware firewall adjustments are necessary if you're using SIPgate instead of IPkall.

After your firewall is properly configured, you'll need to register for a free IPkall number. This is actually a two-step process. Set it up as a SIP connection when you first register. Then we'll change it to IAX once your new phone number is provided. So your initial IPkall request should look like this:

We recommend area code 425 for your requested number because IPkall appears to have lots of them. If they don't have an available number, your request apparently goes in the bit bucket. You'll know because IPkall typically turns these requests around in a few minutes. Don't worry about the mothership entry. We'll change it shortly. The other issue here is your public IP address. If you have a dedicated IP address, no worries. Just plug in the IP address for SIP Proxy. If it's dynamic, then you'll need to set up a fully-qualified domain name (FQDN) with a provider such as dyndns.com. Once you've got it set up, enter your credentials in the Dynamic DNS tab of your hardware-based firewall to assure that your dynamic IP address is always synchronized with your FQDN. Then enter the FQDN for your SIP Proxy address in the IPkall form. Be sure to make up a VERY secure password. Now send it off and wait for the return email with your new phone number.

When you receive your new phone number, you'll need to revisit the IPkall site and log in with your phone number and the password you chose above. Make the changes shown below using your actual IPkall phone number instead of 4259876543:

It's worth stressing that these settings are extremely important so check your work carefully. Be sure the IAX option is selected. Be sure there are no typos in your two phone number entries. And be sure your FQDN or public IP address is correct. Then save your new settings.

TIP: Be aware that IPkall cancels an assigned phone number after 30 consecutive days of inactivity. If you will be using your number infrequently, it's a good idea to schedule a Weekly Reminder to call the number with a prerecorded message. This will assure that your number stays functional.

Configuring Google Voice. Google Voice no longer is by invitation only so, if you're in the U.S. or have a friend that is, head over to the Google Voice site and register. After you've chosen a telephone number, plug in your new SIPgate or IPkall number as the destination for your Google Voice calls and choose Office as the Phone Type.

Google places a test call to your number so you'll have to delay it a bit for IPkall. If you're using SIPgate, go ahead and tell Google to place the test call which will be forwarded to your cellphone. Enter the two-digit code that's displayed when you're prompted to do so. With IPkall, wait until we finish running the credentials configurator below.

While you're still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

• Call Screening - OFF
• Call Presentation - OFF
• Caller ID (In) - Display Caller's Number
• Caller ID (Out) - Don't Change Anything
• Do Not Disturb - OFF

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

If you're using SIPgate and you've confirmed your number, revisit SIPgate and remove all parallel calling numbers including your cell number.

Adding Your Credentials to The Incredible PBX. We're ready to insert your credentials and SIPgate/IPkall information into The Incredible PBX. You'll need several pieces of information: your 10-digit Google Voice phone number, your Google Voice account name (which is the email address you used to set up your GV account), your GV password (no spaces!), and your 10-digit SIPgate or IPkall RingBack DID. You'll also need to reenter your passwd-master password which is used to configure CallerID Superfecta. Finally, you'll need to tell the configurator whether you're using a SIPgate or IPkall account. In the case of SIPgate, you'll also be prompted to enter your SIP ID and SIP password. These are NOT the same as your account credentials!!

Log back into your server as root and issue the following command to kick off the configurator: ./configure-gv.x. Check your entries carefully. If you make a typo in entering any of your data, press Ctrl-C to cancel the script and then run it again!! Once you've checked and double-checked your entries, press Enter and The Incredible PBX setup will be completed. You'll need to press Enter again when the script finishes to reboot your PBX. After the reboot, your system will have randomly-generated passwords for every extension and voicemail box that is preconfigured on your system. The DISA password also has been changed. We generate five-digit passwords. If you will sleep better with longer passwords, be our guest. They are easily reset using the FreePBX web interface described elsewhere in this article.

Finally, log back into your server as root and issue the following command to obtain the password for extension 701 which we'll need to configure your softphone in the next step:

mysql -uroot -ppassw0rd -e"select id,data from asterisk.sip where id='701' and keyword='secret'"

The result will look something like the following where 701 is the extension and 18016 is the randomly-generated extension password exclusively for your Incredible PBX:

+-----+-------+
id         data
+-----+-------+
701      18016
+-----+-------+

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you'll want a real SIP telephone, and you'll find lots of recommendations on Nerd Vittles. For today, let's download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using your actual password for extension 701 and the actual IP address of your Incredible PBX server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

If you're using SIPgate as your provider with Google Voice, you're ready to place a test call. If you're using IPkall, we still need to verify your IPkall number with Google Voice. Return to Google Voice and tell it to place the test call to your IPkall number which you've already entered as your destination number. Your softphone will ring momentarily. Enter the two-digit code provided by Google Voice, and you're all set.

Incredible PBX Test Flight. The proof is in the pudding as they say. So let's try two simple tests. First, from another phone, call your Google Voice number. Your softphone should begin ringing shortly. Answer the call and make sure you can send and receive voice on both phones. Hang up. Now let's place an outbound call. Using the softphone, dial your cellphone number. Google Voice should transparently connect you. Answer the call and make sure you can send and receive voice on both phones. If everything is working, congratulations!

Here's a brief video demonstration showing how to set up a softphone to use with your Incredible PBX, and it also walks you through several of the dozens of Asterisk applications included in your system.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. Save the file and restart Asterisk with the command: amportal restart.

Learn First. Explore Second. Even though the installation process has been completed, we strongly recommend you do some reading before you begin your VoIP adventure. VoIP PBX systems have become a favorite target of the hackers and crackers around the world and, unless you have an unlimited bank account, you need to take some time learning where the minefields are in today's VoIP world. Start by reading our Primer on Asterisk Security. We've secured all of your passwords except your root password and your passwd-master password, and we're assuming you've put very secure passwords on those accounts as if your phone bill depended upon it. It does! Also read our PBX in a Flash and VPN in a Flash knols. If you're still not asleep, there's loads of additional documentation on the PBX in a Flash documentation web site.

Choosing a VoIP Provider. For this week, we'll point you to some things to play with on your new server. Then, in the subsequent articles below, we'll cover in detail how to customize every application that's been loaded. Nothing beats free when it comes to long distance calls. But nothing lasts forever. So we'd recommend you set up another account with Vitelity using our special link below. This gives your PBX a secondary way to communicate with every telephone in the world, and it also gets you a second real phone number for your new system... so that people can call you. Here's how it works. You pay Vitelity a deposit for phone service. They then will bill you $3.99 a month for your new phone number. This $3.99 also covers the cost of unlimited inbound calls (two at a time) delivered to your PBX for the month. For outbound calls, you pay by the minute and the cost is determined by where you're calling. If you're in the U.S., outbound calls to anywhere in the U.S. are a little over a penny a minute. If you change your mind about Vitelity and want a refund of the balance in your account, all you have to do is ask.

The VoIP world is new territory for some of you. Unlike the Ma Bell days, there's really no reason not to have multiple VoIP providers especially for outbound calls. Depending upon where you are calling, calls may be cheaper using different providers for calls to different locations. So we recommend having at least two providers. Visit the PBX in a Flash Forum to get some ideas on choosing alternative providers.

A Word About Security. Security matters to us, and it should matter to you. Not only is the safety of your system at stake but also your wallet and the safety of other folks' systems. Our only means of contacting you with security updates is through the RSS Feed that we maintain for the PBX in a Flash project. This feed is prominently displayed in the web GUI which you can access with any browser pointed to the IP address of your server. Check It Daily! Or add our RSS Feed to your favorite RSS Reader. Be safe!

Kicking the Tires. OK. That's enough tutorial for today. Let's play. Using your new softphone, begin your adventure by dialing these extensions:

• D-E-M-O - Incredible PBX Demo (running on your PBX)
• 1234*1061 - Nerd Vittles Demo via ISN FreeNum connection to NV
• 17476009082*1089 - Nerd Vittles Demo via ISN to Google/Gizmo5
• Z-I-P - Enter a five digit zip code for any U.S. weather report
• 6-1-1 - Enter a 3-character airport code for any U.S. weather report
• 5-1-1 - Get the latest news and sports headlines from Yahoo News
• T-I-D-E - Get today's tides and lunar schedule for any U.S. port
• F-A-X - Send a fax to an email address of your choice
• 4-1-2 - 3-character phonebook lookup/dialer with AsteriDex
• M-A-I-L - Record a message and deliver it to any email address
• C-O-N-F - Set up a MeetMe Conference on the fly
• 1-2-3 - Schedule regular/recurring reminder (PW: 12345678)
• 2-2-2 - ODBC/Timeclock Lookup Demo (Empl No: 12345)
• 2-2-3 - ODBC/AsteriDex Lookup Demo (Code: AME)
• Dial *68 - Schedule a hotel-style wakeup call from any extension
• 1061*1061 - PBX in a Flash Support Conference Bridge
• 882*1061 - VoIP Users Conference every Friday at Noon (EST)

---

Click above. Enter your name and phone number. Press Connect to begin the call.

---

Homework. Your homework for this week is to do some exploring. FreePBX is a treasure trove of functionality, and The Incredible PBX adds a bunch of additional options. See if you can find all of them. Also check out Tweet2Dial which uses Twitter to make Google Voice calls, send free SMS messages, and manage your Incredible PBX.

Be sure to log into your server as root and look through the scripts added in the /root/nv folder. You'll find all sorts of goodies to keep you busy. s3cmd.faq tells you how to quickly activate the Amazon S3 Cloud Computing service. And, if you've heeded our advice and purchased a PogoPlug, you can link to your home-grown cloud as well. Just add your credentials to /root/pogo-start.sh. Then run the script to enable the PogoPlug Cloud on your server. All of your cloud resources are instantly accessible in /mnt/pogoplug. It's perfect for off-site backups which we'll cover in a few weeks.

Don't forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. And add your new number to the Do Not Call Registry to block telemarketing calls. Or just call 888-382-1222 from your new number. Finally, try out the included Stealth AutoAttendant by dialing your own number and pressing 0 while the greeting is played. This will reroute your call to the demo applications option in the IVR.

Originally published: Monday, April 19, 2010

Adding Skype to The Incredible PBX

Adding Incredible Backup... and Restore to The Incredible PBX

Adding Multiple Google Voice Trunks to The Incredible PBX

Adding Remotes, Preserving Security with The Incredible PBX

Remote Phone Meets Travelin' Man with The Incredible PBX

Continue reading Part II.

Continue reading Part III.

Continue reading Part IV.

Support Issues. With any application as sophisticated as this one, you're bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It's the best Asterisk tech support site in the business, and it's all free! We maintain a thread with the latest Patches and Bug Fixes for Incredible PBX. Please have a look. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of ordinary users just like you. So you won't have to wait long for an answer to your questions.

Coming Soon. We haven't forgotten. We'll cover setting up multiple Google Voice accounts for simultaneous calling on multiple channels very soon. And the new (free) Skype Gateway to Asterisk for The Incredible PBX is now available. The FreePBX components already are in place to support inbound and outbound calling via Skype. You can even try a test call to our Aspire One Revo today by dialing nerdvittles from your favorite Skype client. Beginning today, this article will be available on http://IncrediblePBX.com. Then Nerd Vittles will return to our (almost) weekly schedule of new articles. Enjoy!

---

Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.

---

whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest...

1. Requires a SIPgate One account. [↩]
2. For Asterisk 1.6 or for 64-bit systems with Asterisk 1.4 or 1.6, use the Cepstral install procedures outlined in this Nerd Vittles article. [↩]
3. If you use the recommended Acer Aspire Revo, be advised that it does NOT include a CD/DVD drive. You will need an external USB drive to load the software. Some of these work with CentOS, and some don't. Most HP and Sony drives work; however, we strongly recommend you purchase an external DVD drive from a merchant that will accept returns, e.g. Best Buy, WalMart, Office Depot, Office Max, Staples. [↩]
4. Mapping a port on your firewall to a private IP address unblocks certain Internet packets and allows them to pass through your firewall directly to an IP device "inside" your firewall for further processing. [↩]

It’s been 18 months since a new version of PBX in a Flash was officially released. And we’ll explain the reasons why it’s quite unnecessary with our product in a few minutes. But, today, we’re proud to introduce the latest and greatest version 1.7.5.5 of PBX in a Flash featuring your choice of Asterisk 1.4 or 1.6.2 with Zaptel or DAHDI support and FreePBX 2.6. It’s lean, mean, and incredibly flexible.

You don’t get the kitchen sink with the base PBX in a Flash ISO installs. Instead you get a rock-solid CentOS 5.5 operating system with the latest CentOS kernel on which to build an Internet telephony server that meets your specific needs. If we had to sum up this new release in a word, it would be refined. Newer hardware devices now are supported, and Mondo backups and other scripts have been tweaked to work with these new devices including Atom-based machines which are proving to be the ideal telephony platform for SOHO and small business deployments. As usual, documentation was not an afterthought. There’s a new installation tutorial and our award-winning knol has been updated to cover everything you’ll ever want to know about PBX in a Flash. And there’s loads of additional documentation on the PBX in a Flash web site. For the reading impaired, there’s even a 7-minute YouTube video to walk you through the installation process.

The installation procedure has been simplified. For most users, downloading the ISO, burning the ISO to a CD, booting from the CD, and pressing the Enter key is all the complexity you’ll face with a new PBX in a Flash install. For experts and resellers, there are the familiar options to perform network installs or to select different disk architectures including software RAID. Newer device drivers can be loaded as part of the installation process as well. And TM1000’s EndPoint Manager automatically configures almost any telephone on the planet for use with PBX in a Flash. All it takes is a quick download from SourceForge. For those with a physical handicap, you now can install the complete system with no user intervention by typing ksauto at the first prompt.

Overview. For those that prefer quick checklists to long articles, here’s the 30-minute, annotated, Baker’s Dozen PBX in a Flash 1.7.5.5 installation drill:

1. Download PBX in a Flash ISO
2. Burn ISO to a CD-ROM
3. Install system behind secure firewall
4. Boot target machine to be reformatted from CD
5. Press Enter key at first prompt
6. Choose keyboard for your country
7. Choose timezone for your location
8. Create a secure root password
9. Choose GOLD, SILVER, or BRONZE edition
10. Login as root & run update-scripts
11. Run update-fixes
12. Run passwd-master
13. Load FreePBX Modules OR Install Incredible PBX

A Better Mousetrap. Asterisk-based LAMP aggregations thankfully are more plentiful today, but we think we have a better mousetrap. Here are a few reasons why? First, PBX in a Flash is the only distribution that is totally source-based with Asterisk compiled from source as part of the install. What that means is when you purchase add-on hardware and it has a problem for some reason, all of the tools are already in place for you to contact the manufacturer or reseller and have them reconfigure or recompile whatever is necessary on your system to get you back in business quickly. It also means that most of our applications are compiled from source on your specific hardware which assures a more reliable and stable software platform on which to build your telephony system.

Second, we don’t release PBX in a Flash ISOs every other week. We don’t have to. Every time a new security patch is released for Asterisk, the “other guys” have to create a new RPM or ISO to support it. That means your system is vulnerable for weeks or months while that process is underway. In some cases, it means installing a new ISO and starting over. I wish I had a nickel for every time I reinstalled and basically started over with Asterisk@Home or trixbox. With PBX in a Flash, you simply type update-source and then update-fixes at the command prompt, and your system is brought current without missing a beat. The total server downtime is typically under 15 minutes!

Third, PBX in a Flash uses a two-step install process that all but eliminates the ISO obsolescence issues that have plagued other distributions. The PBX in a Flash ISO is used to install either the 32-bit or the 64-bit CentOS 5.5 operating system and kernel. When that process completes and after performing a yum update on CentOS 5.5, the installer then searches multiple sites on the Internet for our “payload files” which contain the latest, greatest versions of Asterisk to meet your specific requirements. The payload script also installs FreePBX and many of the customized features that make PBX in a Flash unique. If you need additional functionality, we have an entire web site, pbxinaflash.org, dedicated to add-on scripts. Most of these add-on scripts are available by typing help-pbx at the command prompt. All of them install without user intervention in a minute or two. Using this design, most bugs are eliminated as well without your having to do much of anything. Translation: More time to enjoy your production-quality VoIP PBX… and less all-nighters! Finally, if you’re new to Asterisk or just want to take advantage of a decade of expertise from the PIAF developers, just load the Incredible PBX over the top of your new PBX in a Flash install. In just 15 minutes, you’ll have an incredibly secure, turnkey PBX with dozens of add-on apps that can make and receive unlimited free calls in the U.S. and Canada thanks to Google Voice.

And, speaking of security, PBX in a Flash is the only distribution that brings you multiple layers of security out of the box. There’s the preconfigured Linux IPtables firewall. And, in addition, there’s the latest and greatest version of Fail2Ban which blocks malicious intruders attempting to guess your passwords and break into your system. We also strongly recommend adding a hardware-based firewall/router to block all access to your system unless you really know what you’re doing. Does all of this matter? Well, it’s your phone bill. Here’s a link to our article about a company that recently received an unexpected $120,000 phone bill in the mail. So you decide. If you read nothing else before embarking on your VoIP adventure, read our Primer on Asterisk Security!

So today we’re proud to introduce the 1.7.5.5 release of PBX in a Flash. It’s still the Lean, Mean Asterisk Machine designed to meet the needs of hobbyists as well as business users. And FreePBX 2.6 provides a rock-solid, graphical user interface to Asterisk that competes with any commercial PBX on the planet.

Getting Started with PBX in a Flash 1.7.5.5. Begin by downloading either the 32-bit or 64-bit ISO image for PBX in a Flash from SourceForge, Google, or from one of our download mirrors. Torrents are also available. And don’t worry. If you try to run the 64-bit install on a system that doesn’t support it, it’ll just sit there so you’ve got nothing to lose by trying the Ferrari first. Once you’ve got the ISO image in hand, use your favorite tool to burn it to a bootable CD. This next step is the most important. Do some reading!! There also are loads of helpful tutorials that are free for the downloading from our support site. Before you begin the install process, be aware that all drives (including USB devices) on your target system will be erased as part of the install process. So be sure to use a dedicated server for PBX in a Flash.

What About Hardware? If you’re new to all of this, let us recommend you try either one of Dell’s entry-level PowerEdge servers or one of the newer Intel Atom-based small-footprint PCs or netbooks such as the Acer Aspire One or Acer Aspire Revo. On sale pricing is typically in the $200-$300 range. You can save an additional 2% plus $5 by using our coupon link in the right margin. Any of these systems is just about perfect for a home or small business server.

Basic Install. Once you have your new system, just insert the CD containing the ISO and then reboot the machine you wish to dedicate to PBX in a Flash. After reading this tutorial and the initial prompts and warnings, choose an option and press the <Enter key> to begin the installation. Choose your default keyboard and then choose your time zone and leave the UTC system clock option unchecked. Next choose a root password for your new system. Make it secure, and write it down (not on your shoe). IMPORTANT: Your server must have its system clock set correctly and be connected to the Internet before the install process begins! In about 15 minutes depending upon the speed of your PC, the machine will reboot when the installation of CentOS 5.5 is complete. Be sure to eject the CD at this point, or your system will boot again from the CD and start over.

After the reboot, the system will boot CentOS 5.5 and then prompt you to choose the version of Asterisk you’d like to install. Here are the three choices:

A - GOLD with Asterisk 1.4.21.2 and Zaptel
B - SILVER with latest Asterisk 1.4 version and DAHDI
C - BRONZE with latest Asterisk 1.6.2 version and DAHDI

If you plan to expose your server to the Internet in any way, we recommend you choose the SILVER version which is the most secure. And just to repeat, if you don’t have Internet connectivity, then the installation cannot complete. When the installation finishes, reboot your system and log in as root. The IP address of your PBX in a Flash system will be displayed once you log in. If it’s blank, type service network restart after assuring that you have Internet connectivity and access to a DHCP server that hands out IP addresses. Typing ifconfig should display your IP address on the eth0 port. Write it down. We’ll need it in a minute.

Now that you’ve logged in as root, you should see the IP address displayed with the following command prompt: root@pbx:~/. If instead you see bash displayed as the command prompt and it’s not green, then the installation has not completed successfully. This is probably due to network problems but also could be caused by the time being set incorrectly on your server. You can’t compile Asterisk if the time on your computer is a date in the past! For this glitch you basically have to start over. If it’s a network issue, fix it and then reboot and watch for the eth0 connection to complete. Assuming it doesn’t fail the second time around, the installation will continue. Likewise, if you do not have DHCP on your network, the installation will fail because the PBX will not be given an IP address.

Three Steps to Complete the Install. There are three important things to do to complete the installation. First, run the following commands after logging into your new server as root with your root password:

update-scripts (gets the latest PIAF scripts)
update-fixes (applies PIAF security patches and bug-fixes)
passwd-master (sets your FreePBX maint password)

Second, from the command prompt, run genzaptelconf or gendahdiconf if you have ZAP/DAHDI hardware. This sets up your hardware as well as a timing source for conferencing. If you’re using additional hardware for your Asterisk system, we recommend removing any modem before you install the cards. This will help avoid interrupt conflicts.

Third, decide how to handle the IP address for your PBX in a Flash server. The default is DHCP, but you don’t want the IP address of your PBX changing. Phones and phone calls need to know how to find your PBX, and if your internal IP address changes because of DHCP, that’s a problem. You have two choices. Either set your router to always hand out the same DHCP address to your PBX in a Flash server by specifying its MAC address in the reserved IP address table of your router, or run netconfig at the command prompt and assign a permanent IP address to your server. Be aware that netconfig no longer is a part of CentOS 5.5. Run install-netconfig to reinstall it. If you experience problems with the process, see this message thread on the forum.

If you’ve used one of the dLink firewall/routers we recommend and you plan to install the Incredible PBX, you can skip the rest of this article. We’ve done all of the work for you!

The Incredible PBX Inventory. For those wondering what’s included with The Incredible PBX, here’s a feature list of components you get in addition to the base install of PBX in a Flash with CentOS 5.5, Asterisk, FreePBX 2.6, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Please note that A2Billing, Cepstral TTS, Hamachi VPN, and Mondo Backups are optional and may be installed using provided scripts.

• A2Billing (/root/nv/install-a2billing)
• Amazon S3 Cloud Computing
• AsteriDex
• CallerID Superfecta (FreePBX Module adds Names to CID Numbers)
• CallWho for Asterisk
• Cepstral TTS for 32-bit, Asterisk 1.41 (/root/nv/install-cepstral.sh)
• Preconfigured Email That Works with SendMail
• Extensions (16 preconfigured with random passwords)
• Fax Module using nvFax
• FONmail
• FreePBX Backups
• Gizmo5 (Free Calls to Gizmo5 users worldwide: 1747xxxxxxx*1089)
• Google Voice (preconfigured for free U.S./Canada calling)
• Hamachi VPN (/root/nv/install-hamachi.x)
• Hotel-Style Wakeup Calls (FreePBX Module)
• ISN: FreeNum SIP Calling from Any Phone
• iPhone Visual Voicemail for Asterisk (works with Android phones, too)
• MeetMe Conference Bridge (just dial C-O-N-F)
• Mondo Full System Backups (/root/nv/install-diskbackup.x)
• NewsClips from Yahoo
• ODBC Database Support
• PogoPlug Cloud Computing
• Reminders by Phone and Web
• SIP URI Outbound Calling (call any SIP URI worldwide for free)
• Skype Inbound & Outbound Calling (Available 4/26)
• TeleYapper
• Tide Reports with xTide
• Trunk Lister Script (/root/nv/trunks.sh)
• Trunks (Vitelity, Fonica, SIPgate, IPkall, and ENUM)
• Twitter Interface (Make Free Calls and Send SMS Messages)
• Weather by Airport Code
• Weather by ZIP Code
• Worldwide Weather
• Zaptel Updater (/root/nv/zaptel-update.sh)

If you’ve decided to roll your own and skip The Incredible PBX, then let’s continue…

Getting Rid of One-Way Audio. There are some settings you’ll need to add to /etc/asterisk/sip_custom.conf if you want to have reliable, two-way communications with Asterisk: nano -w /etc/asterisk/sip_custom.conf. The entries depend upon whether your Internet connection has a fixed IP address or a DHCP address issued by your provider. In the latter case, you also need to configure your router to support Dynamic DNS (DDNS) using a service such as dyndns.org. If you have a fixed IP address, then enter settings like the following using your actual public IP address and your private IP subnet:

externip=180.12.12.12
localnet=192.168.1.0/255.255.255.0     

If you have a public address that changes and you’re using DDNS, then the settings would look something like the following:

externhost=myserver.dyndns.org
localnet=192.168.0.0/255.255.255.0     


(NOTE: The first 3 octets in the above localnet entries need to match your private IP addresses!)

Once you’ve made your entries, save the file: Ctrl-X, Y, then Enter. Reload Asterisk: amportal restart. If you assigned a permanent IP address, reboot your server: shutdown -r now.

Be aware that some people experience problems with the externhost approach outlined above. If your provider only gives you a dynamic IP address, you still can use the externip approach above so long as you have a method to frequently verify your IP address. The approach we actually use on our home network is to run a little script every 5 minutes. If it finds that your outside IP address has changed, it will automatically update your sip_custom.conf file with the new address. To use our approach, create a file in /var/lib/asterisk/agi-bin names ip.sh. Here’s the code:²

#!/bin/bash
# File to log the IP Address
IPFILE=’/var/log/asterisk/externip’
# Your local lan ip block
localnet=192.168.1.0
# Nothing else needs to be changed.
if [ ! -f "$IPFILE" ]; then
echo “creating $IPFILE”
echo first_time_usage > $IPFILE
fi
lastip=`cat $IPFILE`
externip=$(curl -s -S –user-agent “PIAF 1.4″↩
http://myip.pbxinaflash.com | awk ‘NR==2′)
if [ $externip != $lastip ]; then
# Writes new IP address (if it has changed) to file.
echo “$externip” > $IPFILE
echo “externip=$externip” > /etc/asterisk/sip_custom.conf
echo “localnet=$localnet/255.255.255.0″ >>↩
/etc/asterisk/sip_custom.conf
echo “srvlookup=yes” >> /etc/asterisk/sip_custom.conf
echo “nat=yes” >> /etc/asterisk/sip_custom.conf
asterisk -rx “dialplan reload” ;
else
exit 0;
fi
exit;


On line 5, enter the internal subnet for your server as the localnet entry. This is usually 192.168.0.0 or 192.168.1.0. YMMV!

Save the file and give it execute permissions: chmod +x /var/lib/asterisk/agi-bin/ip.sh. Then make asterisk the file owner: chown asterisk:asterisk /var/lib/asterisk/agi-bin/ip.sh.

Finally, add the following entry to the bottom of /etc/crontab:

*/5 * * * * asterisk /var/lib/asterisk/agi-bin/ip.sh > /dev/null


Activating Email Delivery of Voicemail Messages. We’ve previously shown how to configure systems to reliably deliver email messages whenever a voicemail arrives unless your ISP happens to block downstream SMTP mail servers. Here’s the link in case you need it. As it happens, you really don’t have to use a real fully-qualified domain name to get this working. So long as the entry (such as pbx.dyndns.org) is inserted in both the /etc/hosts file and /etc/asterisk/vm_general.inc with a matching servermail entry of vm@pbx.dyndns.org (as explained in the link above), your system will reliably send emails to you whenever you get a voicemail if you configure your extensions in FreePBX to support this capability. You can, of course, put in real host entries if you prefer. For 90% of the systems around the world, if you just want your server to reliably e-mail you your voicemail messages, make line 3 of /etc/hosts look like this with a tab after 127.0.0.1 and spaces between the domain names:

127.0.0.1     pbx.dyndns.org pbx.local pbx localhost.localdomain localhost

And then make line 6 of /etc/asterisk/vm_general.inc look like the following:

serveremail=voicemail@pbx.dyndns.org

Now issue the following two commands to make the changes take effect:

service network restart
amportal restart


The command “setup-mail” can be used from the Linux prompt to set the fully-qualified domain name (FQDN) of the mail that is sent out from your server. This may help mail to be delivered from the PBX. One of things mail servers do to reduce spam is to do a reverse lookup on where the mail has come from, checking that there is actually a mailserver at the other end. You can only do this if you have set up dynamic DNS or if you have pointed a hostname at your fixed IP address. Once you have done this, and assuming your ISP is cooperative, then you will receive your voicemails via email if you wish (this is set within FreePBX),and your PBX will email you when FreePBX needs an update. You set this feature in FreePBX General Settings.

If your hosting provider blocks downstream SMTP servers to reduce spam, here’s a simple way to use your Gmail account (free!) as your SMTP Relay Host. Then you never have to worry about this again!

Setting Passwords and Other Stuff. Be aware that major security issues are reported from time to time with FreePBX. We strongly recommend that you not use FreePBX admin security alone to protect your system from a web attack. It may compromise root access to your entire server. For this reason, we recommend that you log in as root and immediately run passwd-master after completing the update-scripts and update-fixes scenario. This establishes Apache htaccess security on your FreePBX web interface. After running this conversion utility, you can only log into the FreePBX admin interface with the username maint (not admin) and the password which you establish when you run the utility.

Other passwords can be set in your system with these commands:

passwd… reset your root user password
passwd-maint… reset your FreePBX maint password
passwd-wwwadmin… for users needing FOP and MeetMe access
passwd-meetme… for users needing only MeetMe access
passwd-webmin… for users needing WebMin access to your server (very dangerous!)


There’s also an Administration password that you can set in the KennonSoft UI that displays when you point your browser to the IP address of your server. Do NOT use the same password here that you use elsewhere as it is not overly secure.

Configuring WebMin. WebMin is the Swiss Army Knife of Linux. It provides TOTAL access to your system through a web interface. Search Nerd Vittles for webmin if you want more information. Be very careful if you decide to enable it on the public Internet. You do this by opening port 9001 on your router and pointing it to the private IP address of your PBX in a Flash server. Before using WebMin, you need to set up a username and password for access. From the Linux prompt while logged in as root, type the following command where admin is the username you wish to set up and foo is the password you’ve chosen for the admininstrator account. HINT: Don’t use admin and foo as your username and password for WebMin unless you want your server trashed!

/usr/libexec/webmin/changepass.pl /etc/webmin root password


To access WebMin on your private network, go to http://192.168.0.123:9001 where 192.168.0.123 is the private IP address of your PBX in a Flash server. Then type the username and password you assigned above to gain entry. To stop WebMin: /etc/webmin/stop. To start WebMin: /etc/webmin/start. For complete documentation, go here.

Updating and Configuring FreePBX. FreePBX 2.6 is installed as part of the PBX in a Flash 1.7.5.5 implementation. This incredible, web-based tool provides a complete menu-driven user interface to Asterisk. The entire FreePBX project is a model of how open source development projects ought to work. And having Philippe Lindheimer’s as the Captain of the Ship is just icing on the cake. All it takes to get started with FreePBX is a few minutes of configuration, and you’ll have a functioning Asterisk PBX complete with voicemail, music on hold, call forwarding, and a powerful interactive voice response (IVR) system. There is excellent documentation for FreePBX which you should read at your earliest convenience. It will answer 99% of your questions about how to use and configure FreePBX. For the one percent that is not covered in the Guide, visit the FreePBX Forums which are frequented regularly by the FreePBX developers. Kindly post FreePBX questions on their forum rather than the PBX in a Flash Forum. This helps everybody. Now let’s get started.

Now move to a PC or Mac and, using your favorite web browser, go to the IP address you deciphered above for your new server. Be aware that FreePBX has a difficult time displaying properly with IE6 and IE7 and regularly blows up with older versions of Safari. Be safe. Use Firefox. From the PBX in a Flash Main Menu in your web browser, click on the Administration link and then click the FreePBX button. Once FreePBX loads, click the Module Administration option in the left frame. Now click Check for Updates online in the upper right panel. Next, click Download All which will select all but two modules for download and install. Scroll to the bottom of the page and click Process, then Confirm, then Return. Now repeat the process once more, then Process, Confirm, Return, Apply Config Changes, and Continue with Reload. Finally, scroll down the Modules listing until you get to the Maintenance section. Click on each of the following and choose Install: ConfigEdit, Sys Info, and phpMyAdmin. Then click Process, then Confirm, then Return once the apps are downloaded and installed, then Apply, then Continue with Reload. All three of these tools now are installed in the Maintenance section of the Tools tab of FreePBX. You now have an up-to-date version of FreePBX. You’ll need to repeat the drill every few weeks as new updates are released. This will assure that you have all of the latest and greatest software. To change your Admin password, click on the Setup tab in the left frame, then click Administrators, then Admin in the far right column, enter a new password, and click Submit Changes, Apply Configuration Changes, and Continue with reload. We’re going to be repeating this process a number of times in the next section so… when instructed to Save Your Changes, that means “click Submit Changes, Apply Configuration Changes, and Continue with reload.” Finally, don’t worry about the warnings alerting you that you’re using default passwords. Your system is behind a secure firewall, and these passwords are only accessible to someone that has access to your system and has your root password.

Choosing Internet Telephony Hosting Providers for Your System. Before you can place calls to users outside your system or to receive incoming calls, you’ll need at least one provider (each) for your incoming phone number (DID) and incoming calls as well as a provider for your outbound calls (terminations). We have a list of some of our favorites here, and there are many, many others. You basically have two choices with most providers. You can either pay as you go or sign up for an all-you-can-eat plan. Most of the latter plans also have caps on minutes so it’s more akin to all-they-care-for-you-to-eat, and there are none of the latter plans for business service. In the U.S. market, the going rate for pay as you go service is about 1.5¢ per minute rounded to the tenth of a minute. The best deal on DIDs is from Vitelity. They charge $3.99 a month for a DID with unlimited, free incoming calls. There’s a link to the Nerd Vittles discount on this service for PBX in a Flash users below.

Before you sign up for any all-you-can-eat plan, do some reading about the service providers. Some of them are real scam artists with backbilling and all sorts of unconscionable restrictions. You need to be careful. Our cardinal rule in the VoIP Wild West is never, ever entrust your entire PBX to a single hosting provider. As Forrest Gump would say, "Stuff happens!" And life’s too short to have dead telephones, even if it’s a rarity.

Setting Up FreePBX to Make Your First Call. There are four components in FreePBX that need to be configured before you can place a call or receive one from outside your PBX in a Flash system. So here’s FreePBX for Dummies in less than 50 words. You need to configure Trunks, Extensions, Outbound Routes, and Inbound Routes. Trunks are hosting provider specifications that get calls delivered to and transported from your PBX to the rest of the world. Extensions are internal numbers on your PBX that connect your PBX to telephone hardware or softphones. Inbound Routes specify what should be done with calls coming in on a Trunk. Outbound Routes specify what should be done with calls going out to a Trunk. Everything else is bells and whistles.

Trunks. When you sign up with most of the better ITHP’s that support Asterisk, they will provide documentation on how to connect their service with your Asterisk system. If they have a trixbox tutorial, use that since it also uses FreePBX as the web front end to Asterisk. Here’s an example from les.net. And here’s the Vitelity support page although you will need to set up an account before you can access it. We also have covered the setups for a number of providers in previous articles. Just search the Nerd Vittles site for the name of the provider you wish to use. You’ll also find many Trunk setups in the trixbox Trunk Forum. Once you find the setup for your provider, add it in FreePBX by going to Setup, Trunks, Add SIP Trunk. Our AxVoice setup (which is all entered in the Outgoing section with a label of axvoice) looks like this with a Registration String of yourusername:yourpassword@sip.axvoice.com:

allow=ulaw
authname=yourusername
canreinvite=no
context=all-incoming
defaultip=sip.axvoice.com
disallow=all
dtmfmode=inband
fromdomain=sip.axvoice.com
fromuser=yourusername
host=sip.axvoice.com
insecure=very
nat=yes
secret=yourpassword
type=friend
user=phone
username=yourusername


And our Vitelity Outbound Trunk looks like the following (labeled vitel-outbound) with no registration string:

allow=ulaw&gsm
canreinvite=no
context=from-pstn
disallow=all
fromuser=yourusername
host=outbound1.vitelity.net
secret=yourpassword
sendrpid=yes
trustrpid=yes
type=friend
username=yourusername


Extensions. Now let’s set up a couple of Extensions to get you started. A good rule of thumb for systems with less than 50 extensions is to reserve the IP addresses from 192.x.x.201 to 192.x.x.250 for your phones. Then you can create extension numbers in FreePBX to match those IP addresses. This makes it easy to identify which phone on your system goes with which IP address and makes it easy for end-users to access the phone’s GUI to add bells and whistles. To create extension 201 (don’t start with 200), click Setup, Extensions, Generic SIP Device, Submit. Then fill in the following blanks USING VERY SECURE PASSWORDS and leaving the defaults in the other fields for the time being.

User Extension … 201
Display Name … Home
Outbound CID … [your 10-digit phone number if you have one; otherwise, leave blank]
Emergency CID … [your 10-digit phone number for 911 ID if you have one; otherwise, leave blank]
Device Options
secret … 1299864 < -- make this unique AND secure!
dtmfmode … rfc2833
Voicemail & Directory … Enabled
voicemail password … 1299864 <-- make this unique AND secure!
email address … yourname@yourdomain.com [if you want voicemail messages emailed to you]
pager email address … yourname@yourdomain.com [if you want to be paged when voicemail messages arrive]
email attachment … yes [if you want the voicemail message included in the email message]
play CID … yes [if you want the CallerID played when you retrieve a message]
play envelope … yes [if you want the date/time of the message played before the message is read to you]
delete Vmail … yes [if you want the voicemail message deleted after it's emailed to you]
vm options … callback=from-internal [to enable automatic callbacks by pressing 3,2 after playing a voicemail message]
vm context … default

Now create several more extensions using the template above: 202, 203, 204, and 205 would be a good start. Keep the passwords simple. You’ll need them whenever you configure your phone instruments.

Extension Security. We cannot overstress the need to make your extension passwords secure. All the firewalls in the world won’t protect you from malicious phone calls on your nickel if you use your extension number or something like 1234 for your extension password because the SIP and IAX ports typically are exposed to allow connections to your providers. In addition to making up secure passwords, the latest version of FreePBX also lets you define the IP address or subnet that can access each of your extensions. Use it!!! Once the extensions are created, edit each one and modify the permit field to specify the actual IP address or subnet of each phone on your system. A specific IP address entry should look like this: 192.168.1.142/255.255.255.255. If most of your phones are on a private LAN, you may prefer to use a subnet entry like this: 192.168.1.0/255.255.255.0 using your actual subnet, of course.

Outbound Routes. The idea behind multiple outbound routes is to save money. Some providers are cheaper to some places than others. We’re going to skip that tutorial today. You can search the site for lots of information on choosing providers. Assuming you have only one or two for starters, let’s just set up a default outbound route for all your calls. Using your web browser, access FreePBX on your server and click Setup, Outbound Routes. Enter a route name of Everything. Enter the dial patterns for your outbound calls. In the U.S., you’d enter something like the following:

1NXXNXXXXXX
NXXNXXXXXX

Click on the Trunk Sequence pull-down and choose your providers in the order you’d like them to be used for outbound calls.Click Submit Changes and then save your changes. Note that a second choice in trunk sequence only gets used if the calls fail to go through using your first choice. You’ll notice there’s already a 9_outside route which we don’t need. Click on it and then choose Delete Route 9_outside. Save your changes.

Inbound Routes. We’re also going to abbreviate the inbound routes tutorial just to get you going quickly today. The idea here is that you can have multiple DIDs (phone numbers) that get routed to different extensions or ring groups or departments. For today, we recommend you first build a Ring Group with all of the extension numbers you have created. Once you’ve done that, choose Inbound Routes, leave all of the settings at their default values and move to the Set Destination section and choose your Ring Group as the destination. Now click Submit and save your changes. That will set up a default incoming route for your calls. As you add bells and whistles to your system, you can move the Default Route down the list of priorities so that it only catches calls that aren’t processed with other inbound routing rules.

General Settings. Last, but not least, we need to enter an email address for you so that you are notified when new FreePBX updates are released. Scroll to the bottom of the General Settings screen after selecting it from the left panel. Plug in your email address, click Submit, and save your changes. Done!

Adding Plain Old Phones. Before your new PBX will be of much use, you’re going to need something to make and receive calls, i.e. a telephone. For today, you’ve got several choices: a POTS phone, a softphone, or a SIP phone. Option #1 and the best home solution is to use a Plain Old Telephone or your favorite cordless phone set (with 8-10 extensions) if you purchase a little device known as a Sipura SPA-3102. It’s under $70. Be sure you specify that you want an unlocked device, meaning it doesn’t force you to use a particular service provider. This device also supports connection of your PBX to a standard office or home phone line as well as a telephone.

Downloading a Free Softphone. Unless you already have an IP phone, the easiest way to get started and make sure everything is working is to install an IP softphone. You can download a softphone for Windows, Mac, or Linux from CounterPath. Or download the pulver.Communicator or the snom 360 Softphone which is a replica of perhaps the best IP phone on the planet. Here’s another great SIP/IAX softphone for all platforms that’s great, too, and it requires no installation: Zoiper 2.0 (formerly IDEfisk). All are free! Just install and then configure with the IP address of your PBX in a Flash server. For username and password, use one of the extension numbers and passwords which you set up with freePBX. Once you make a few test calls, don’t waste any more time. Buy a decent SIP telephone. Visit the PBX in a Flash Forum for lots of suggestions on telephones. Our personal favorite and the phone that PBX in a Flash officially supports is the Aastra 57i or 57iCT which also includes cordless DECT phone. Do some reading before you buy.

Where To Go From Here. The PBX in a Flash script repository at pbxinaflash.org also has gotten a facelift. That should be your next stop because it is the home of all the goodies that make PBX in a Flash shine. Tom King, the ultimate scripting guru, manages that site. So check it often. You’ll also find all of our Nerd Vittles Goodies work with this new release. Most of our original collection work flawlessly with Asterisk 1.4 including AsteriDex, Yahoo News Headlines, Weather by Airport Code, Weather by Zip Code, Worldwide Weather Forecasts, Telephone Reminders, MailCall for Asterisk, and TeleYapper. We have not yet completed testing with Asterisk 1.6, but most should work. Complete documentation for each application also is provided at the link above. And, if you still have a DBT-120 Bluetooth adapter, you’ll be happy to learn that it works out-of-the-box with PBX in a Flash. Dust off our recent article on Proximity Detection, and you should be in business in under 10 minutes. Enjoy!

---

New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest…

1. For Asterisk 1.6 or for 64-bit systems with Asterisk 1.4 or 1.6, use the Cepstral install procedures outlined in this Nerd Vittles article. [↩]
2. Join the following line to the original line of code whenever you encounter the ↩ character. [↩]

Ever wrestled with one of those thorny problems for weeks only to wake up in the middle of the night with the answer? Thus was born Travelin’ Man, a web- based, one-click Asterisk application that automatically reconfigures your Asterisk PBX to enable remote SIP phone access from your cellphone, iPad, remote PC, NetBook, or desktop telephone.

If you’ve read the Incredible PBX series of articles on Nerd Vittles, you already know what a thorny problem remote phone access is if you want to preserve the overall security of your server. Indeed, our recommendation has been to leave SIP access closed on your hardware-based firewall because of the dangers inherent in activating remote SIP access. Now we have a better idea!

Today’s new approach works like this. First, we’ll run a little script that secures all of your extensions with permit entries locking down all these connections to the IP address range within your private network. Then we’ll open the SIP and RTP ports on your hardware and software firewalls and map these ports to your Asterisk server’s private IP address. With this setup, no one can attempt remote SIP logins to your server because Asterisk blocks all SIP extension connection attempts except those originating inside your LAN. To manage external phone connections to your server, the install script creates a new virtual Apache web server on your Incredible PBX using port 83. We’ll enable and map TCP port 83 on your hardware and software firewalls to your server as well. Web access with port 83 is limited to running the Travelin’ Man app to activate external phones.

Now we’re ready to set up access to your server for remote devices. For each extension you wish to enable for remote access, we’ll create a special web directory using an obscure, random file name which will serve as the web link for the Travelin’ Man web app. For example, in the diagram above, directory 184778 manages extension 501, directory 2389957h manages extension 701, and directory 6993h5j manages extension 702. This is accomplished by simply changing the extension number in the index.php script stored in each directory.

When one of these web links is accessed remotely, the PHP script will automatically reconfigure Asterisk to enable access to the designated SIP extension on your server using the remote IP address from which the web page was accessed. And, of course, there’s an additional layer of SIP security as well. You still need your extension credentials to actually log in to your server with a softphone to place and receive calls. The Travelin’ Man installation process takes only a couple minutes, and the remote SIP activation procedure takes just a couple seconds each time you want remote access from a different location. Here’s a quick example of how it actually works.

Let’s assume we want to use the new $3.95 Bria SIP softphone on an iPad to connect as extension 501 on our Incredible PBX back at home. The problem is that the dynamic IP address of your iPad changes at each new site on your itinerary. Some locations have WiFi while others only have 3G connections.

First, we’ll generate an icon to run Travelin’ Man from your iPad desktop. Use the same procedure with an iPhone or iPod Touch, and there’s a similar procedure for Android devices.¹ You only have to do this once. Start up Safari on the iPad to access the new port 83 web server at the random web address the installer created to support extension 501. That web address is something like this using your own FQDN²: http://myserver.dyndns.org:83/184778. After establishing the link once, we’ll hit the + button in Safari and choose Add to Home Screen. This creates the TravelMan icon on the iPad. See the screenshot below of our demo iPad setup which used extension 221 instead of 501.

Once configured, it’s just two clicks to enable your remote phone anywhere: click once on the TravelMan icon. When your IP address is confirmed, return to your Home Screen and click the Bria softphone icon to establish a SIP connection back to your server. Behind the scenes, the Travelin’ Man application will generate the required permit entry for your remote IP address mapping it to the designated extension on your server, and then it will reload your SIP settings to make your Asterisk server accessible to the Bria softphone in your hotel room. The entire process takes only a couple seconds.

If your company happens to have a dozen traveling salesmen, then you’d simply assign a dedicated extension to each employee and create secure directory names for each person (e.g. 2389957h and 6993h5j in diagram above) with a copy of the Travelin’ Man app configured for that employee’s extension number. Now your entire mobile workforce has connectivity back to the home office from any location on the globe. And, when an employee leaves the company and another arrives, just create a new name for the old employee’s web directory to preserve the security of your system (e.g. 184778 in our example becomes 78hd773). Keep in mind that each time the Travelin’ Man app is run for any extension, it wipes out any previously authorized IP address entry for that extension. Thus, the security of your Incredible PBX is always preserved.

Prerequisites. Before proceeding with today’s install, you must be running a stock install of Incredible PBX with PBX in a Flash behind a properly-secured, hardware-based firewall³. We recommend the latest version of Asterisk 1.4 because it addresses a SIP vulnerability that might cause you problems if malformed SIP packets are targeted at your server. The current release of PBX in a Flash (1.7.5.5 Silver) is ideal, but any version of PBX in a Flash can be brought current with Asterisk using the update-source and update-fixes tools. Travelin’ Man assumes that you have the Incredible PBX base install of extensions: 501 plus 701-715. You can obviously add more or remove some, but you’ll need to manually adjust sip_custom_post.conf to reflect your actual extension list after the install completes.

The installer has been encrypted for your/our own protection. In source form, the script would allow anyone to defeat the Incredible PBX requirement. Doing so would mean the required IPtables security component would not be in place and properly configured to protect the underlying system from attack. So we’ve opted to play Big Brother to avoid potential security problems for all of us down the road. This article clearly explains all the necessary components if some folks want to roll their own version. We just don’t want the responsibility if something goes horribly wrong. As Forrest Gump would say, “Shit Happens.” If you don’t believe it, check out the latest security scramble in the trixbox forums.

Installation. Now we’re ready to get started. So log into your Incredible PBX as root and issue the following commands:

cd /root
wget http://incrediblepbx.com/travelinman.tar.gz
tar zxvf travelinman.tar.gz
./travelinman.x

The first step in the install procedure is to lock down access to all of your extensions to your private LAN subnet. In case you ever want to do this on another server not running the Incredible PBX, here’s a link to our privip.sh shell script that shows how to do it. This should work on most FreePBX-based Asterisk systems.

Once the extensions are locked down, the script will modify your IPtables and Apache configurations to permit web access on port 83. Next, it will adjust your Asterisk setup to support the Travelin’ Man permit scheme. This involves reworking of sip_custom_post.conf so that permit settings for individual extensions can be stored in files named 501.inc, 701.inc, etc. Finally, the installation procedure will set up a single web site to support extension 501 with a randomized directory name for remote access.⁴ This setup will be stored in /var/www/travelman. To activate support for additional extensions, you would simply copy the subdirectory giving it a new random name: cp -r dir1 dir2. Then edit config.php in the new subdirectory and change the $extension entry.

To complete the install, you must reconfigure your hardware-based firewall and map the following ports to the private IP address of your server:

TCP 83
UDP 5060
UDP 10000-20000

When the installation is completed, it will show you how to access the new web site for extension 501 using either a fully-qualified domain name or a public or private IP address. Now just follow the steps at the beginning of this article to set up your Android or iDevice, and test things out. Enjoy!

Reminders: Be sure to review the comments to this article and the related support forum thread for a week or two for late-breaking enhancements and issues. Also, Incredible PBX comes preconfigured with call forwarding activated for extension 501. Don’t forget to either disable it or set up a real call forwarding number for extension 501 if you want your cellphone to ring. From any extension on your server, just dial *72501 to set up call forwarding. To cancel call forwarding and pass calls directly to the registered 501 softphone, dial *74 and enter 501. Also be aware that the default RingAll ring group (700) configuration on Incredible PBX systems does not include extension 501. So add 501 if you want your remote extension to ring for incoming calls.

---

The Incredible PBX: Basic Installation Guide

Adding Skype to The Incredible PBX

Adding Incredible Backup… and Restore to The Incredible PBX

Adding Multiple Google Voice Trunks to The Incredible PBX

Adding Remotes, Preserving Security with Incredible PBX

Continue reading Basic Installation Guide, Part II.

Continue reading Basic Installation Guide, Part III.

Continue reading Basic Installation Guide, Part IV.

Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! We maintain a thread with the latest Patches and Bug Fixes for Incredible PBX. Please have a look. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of ordinary users just like you. So you won’t have to wait long for an answer to your questions.

---

Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.

---

whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest…

1. To create a desktop icon for Travelin’ Man on Android devices, navigate to the link with your browser. Then save the link as a Bookmark by clicking the Star icon in your browser then click Add. Return to the Home Screen and, from the screen on which you wish to add the icon, touch and hold your finger on the screen. When the Add to Home Screen menu appears, choose Shortcuts then Bookmarks and select the link you previously saved. As with iDevices, you only have to do this once. [↩]
2. FQDN = Fully-qualified domain name [↩]
3. We recommend the dLink Router/Firewall. Low Cost: $35 WBR-2310  Best: DGL-4500 [↩]
4. If you’d like to download the web site code independently from the Travelin’ Man install procedure, here’s the link. [↩]