Home » Cloud Computing (Page 5)

Category Archives: Cloud Computing

The Most Versatile VoIP Provider: FREE PORTING



JUST RELEASED: Visit the Incredible PBX Wiki

Morphing Incredible PBX into a PUBLIC-Facing Cloud PBX

Monday, August 16, 2021


We’ve previously documented how to change Incredible PBX 2021 and Incredible PBX 2020 into PUBLIC-facing PBXs. What that means is that authorized users could still connect to your PBX regardless of where they may be located without having to worry about whitelisting IP addresses. To suggest that the procedure was convoluted is a bit of an understatement. So today we offer a simplified solution that you can deploy in a couple of minutes. It lacks some of the safeguards of the earlier releases, but it remains secure so long as you don’t employ a readily decipherable FQDN for your PBX. The idea here is to block communications access to your PBX using its public IP address and allow access by those that know the fully-qualified domain name (FQDN) of your PBX. You can also restrict the extensions that are accessible. And SSH access to your PBX will be protected by assigning a random port number or by requiring public key authentication for access.

Prerequisites. To get started, you’ll obviously need a cloud-based Incredible PBX 2020 or 2021 platform running CentOS 7, Debian 10, or Raspbian. Next, you’ll need these items:

  1. Public IP Address of your server
  2. FQDN linked to the public IP address
  3. Random SSH port for SSH access to PBX
  4. List of secure extensions to enable for SIP URI access
  5. IP Addresses to WhiteList for Access to the Web GUI

1. Deciphering Public IP Address of Your PBX

After logging into your PBX as root, you can execute pbxstatus to decipher the public IP address of the PBX.

2. Obtaining an FQDN for Your PBX

Security through obscurity provides the critical layer of protection for your server so choose an FQDN carefully. sip.yourname.com provides little protection while f246g.yourname.com pretty much assures that nobody is going to guess your domain name. This is particularly important with SIP registrations because registered extensions on your PBX can obviously make phone calls that cost you money. If you don’t have your own domain, you can always obtain a free hostname from a service such as NoIP.com.

3. Securing SSH Access to Your PBX

Whatever you do, don’t leave SSH access via port 22 exposed on your PBX. In the time it took to create a new PBX on CloudAtCost, there were over 400 attempted logins to the default SSH port of the new server. The simplest (but least secure) method to avoid these script kiddie attacks is to change the port number for SSH access to your server. We suggest using the year you were born as the port number because it’s easy to remember. Edit /etc/ssh/sshd_config and uncomment the Port line replacing 22 with the port number you chose. Then restart SSH: systemctl restart sshd.

The preferable solution to secure SSH is to create and use SSH keys for access and set PasswordAuthentication no in /etc/ssh/sshd_config. Digital Ocean has an excellent tutorial to walk you through the setup process.

4. Choosing Extensions for SIP URI Public Access

With today’s PUBLIC design, exposing an extension for PUBLIC access means anyone in the world that knows the FQDN of your server and the extension number can do two things using any SIP client: (1) they can call you and (2) they can attempt to register to that extension and make calls on your trunks AND your nickel. So only expose extensions for public access if there is a need to connect or call from remote locations. For extensions you decide to expose, make certain that the passwords for these extensions are extremely secure, lengthy, and use numbers with both UPPER and lower case letters. Never use default extension passwords!

5. Whitelisting IP Addresses for Public Web Access

Without enumerating IP addresses for public web access, you won’t be able to connect to the web GUI of your PBX. Down the road, if you wish to add additional IP addresses, you can use /root/add-ip to add them via SSH.

Deploying New PUBLIC Firewall

To get started, log into your server as root and issue the following commands:

cd /tmp
wget http://incrediblepbx.com/newpublic.tar.gz
tar zxvf newpublic.tar.gz
rm -f newpublic.tar.gz

Next, edit /tmp/iptables.base and change the highlighted entries:


Change port 22 in the dport entry to the SSH port number you chose in Step 3, above.

Change 8.8.8.8, 8.8.4.4., and 1.1.1.1 to actual public IP addresses of desktop machines you wish to use to access the web GUI of your PBX. If you don’t need three entries, comment out the other entries with # at the beginning of each line.

Replace your-servers-IP-address with the actual IP address of your PBX from Step 1, above.

Save the file.

On Debian and Raspbian platforms, issue the following commands:

cd /etc/iptables
cp /tmp/iptables.base .
mv rules.v4 rules.v4.orig
cp iptables.base rules.v4

On CentOS platforms, issue the following commands:

cd /etc/sysconfig
cp /tmp/iptables.base .
mv iptables iptables.orig
cp iptables.base iptables

Using Incredible PBX PUBLIC with Asterisk

The first line of defense with this PUBLIC implementation is your FQDN. Second is the IPtables firewall setup above. And third is the Asterisk® extensions configuration in extensions_override_freepbx.conf. Here’s how to configure it. Edit /tmp/extensions_override_freepbx.base and change the highlighted entries:


If there are phone numbers assigned to your PBX that you want processed according to your Inbound Routing rules, duplicate the first highlighted line above and, for each trunk, replace 8881234567 with your actual DID numbers.

In exten => _.,1 line, replace your-servers-IP-address with the actual IP address of your PBX from Step 1, above.

In exten => _.,10 line, replace your-servers-FQDN with the actual FQDN assigned to your PBX from Step 2, above.

Scroll down in the file to the following section:



Comment out undesired default extensions. Place a semicolon at the beginning of the lines.

For any extensions you wish to add, insert a new line in the following format replacing both 7000 entries with the desired extension number:

exten => 7000,13,Dial(local/7000@from-internal)

Save the file and then execute the following commands to complete the PUBLIC setup:

cd /etc/asterisk
cp /tmp/extensions_override_freepbx.base .
mv extensions_override_freepbx.conf extensions_override_freepbx.orig
cp extensions_override_freepbx.base extensions_override_freepbx.conf
fwconsole restart
asterisk -rx "dialplan reload"
iptables-restart
sed -i 's|-A INPUT|-I INPUT|' /root/add-ip
sed -i 's|-A INPUT|-I INPUT|' /root/add-fqdn

Calling an Incredible PBX PUBLIC Extension

Any extensions that you have whitelisted in the blue section above can be called from anywhere using any SIP client. Simply enter the SIP URI for the extension in the following format: SIP/extension@your-servers-FQDN

CAUTION: If a caller attempts to call any extension on your PUBLIC server from an extension on another Asterisk server to which the caller is registered, the call will fail if there is a matching extension number on the PUBLIC server and the two servers are not registered to each other. So remember to use unique extension numbers on your PUBLIC server if you expect callers from other Asterisk servers.

Registering Incredible PBX PUBLIC Extension

If you wish to login to a whitelisted extension using a SIP client, enter the extension and password of the extension. For the server address, enter the FQDN of your server. If it’s a PJsip extension, add :5061 to the end of the FQDN.

Switching Back to Incredible PBX Default

Should you change your mind and decide to switch back to the default Incredible PBX setup, it’s simple to do so. Here are the steps.

sed -i 's|Port|#Port|' /etc/ssh/sshd_config
cd /etc/asterisk
cp -p extensions_override_freepbx.orig extensions_override_freepbx.conf
cd /root
cd /etc/sysconfig
cp -p iptables.orig iptables
cd /root
cd /etc/iptables
cp -p rules.v4.orig rules.v4
asterisk -rx "dialplan reload"
iptables-restart
systemctl restart sshd

Originally published: Monday, August 16, 2021


Need help with Asterisk? Visit the VoIP-info Forum.

 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 

Adding the Linux XFCE GUI to Incredible PBX 2021

Friday, June 11, 2021 / 5 Comments on Adding the Linux XFCE GUI to Incredible PBX 2021


One of the most requested add-ons for Incredible PBX® is a graphical user interface for Linux. And today we’ll show you the quick and easy way to add XFCE 4 to your Debian 10 platform. What it gets you is simple access to a number of Linux applications and utilities which only run inside a GUI. These include the Firefox browser, LibreOffice with Microsoft Office compatibility, ImageMagick, media players, a FileManager GUI, and Linux utilities such as TimeShift and gparted.

None of these applications will run inside of SSH. So you’ll need an app such as VNC which is included with most cloud platforms by simply clicking on the Console option inside the cloud server’s management portal. To install XFCE on your Incredible PBX 2021 Debian platform, log in as root using SSH or Putty and issue the following commands:

apt-get update
apt-get install task-xfce-desktop
reboot

Once your server has rebooted, click on the Console icon in your cloud management portal or in VMware ESXi portal and login with your root credentials when prompted:



Double-click on the Home folder icon and the Home menu for the root user will open:


Icons at the bottom of the display allow you to minimize open windows as well as access the terminal emulator, file manager, web browser, application finder, and your root directory.

At the top of the display, you’ll find tabs for all of your open windows including Applications which provides access to all of the installed GUI applications:


CrownCloud & RackNerd Setup for Remote VNC Access

If you’re running Incredible PBX 2021 on CrownCloud or RackNerd or any other provider using the SolusVM Control Panel, here are the steps for remote VNC access. First, login to your Control Panel and click on the VNC Access button. Write down the IP address, port number, and password for remote VNC access. Next, install the appropriate VNC Viewer for your desktop computer from RealVNC. Open the VNC Viewer app on your desktop and enter the IP address followed by a colon and the port number that you wrote down above. When prompted for your password, enter the VNC password assigned by your provider. You then will get a login screen to enter your root username and root password for Incredible PBX 2021. NOTE: The public IP address of your desktop computer must be whitelisted in IPtables using the All-Access option 0 with add-ip or add-fqdn in the /root folder of your server.

Vultr & Digital Ocean Setup for Remote VNC Access

If you’re running Incredible PBX 2021 on Vultr, Digital Ocean, and most other platforms including VMware, here are the additional steps to gain remote VNC access to your server’s public IP address or VMware’s private IP address. Issue the following commands after logging into your server as root:

apt-get -y install xorg lxde-core tightvncserver
reboot

Once your server has rebooted, log back in as root. First, set an 8-character VNC access password: tightvncserver :1

Next, edit the xstartup config file: nano ~/.vnc/xstartup

Uncomment the x-window-manager line. Immediately below that line, add the two new entries below and save the file:

x-window-manager &
lxterminal &
/usr/bin/lxsession -s LXDE &

Finally, stop and restart tightvncserver:

tightvncserver -kill :1
vncserver :1 -geometry 1024x768 -depth 16 -pixelformat rgb565

With VMware ESXi, substitute the following vncserver startup command:

vncserver :1 -geometry 800x600 -depth 16 -pixelformat rgb565

Now install the appropriate VNC Viewer for your desktop computer from RealVNC. Open the VNC Viewer app on your desktop and enter the IP address followed by :1. Enter your root credentials when prompted.

With VMware, you also can access VNC through the VMware ESXi Console by simply entering your root credentials.

NOTE: The public IP address of your desktop computer must be whitelisted in IPtables using the All-Access option 0 with add-ip or add-fqdn in the /root folder of your server.

Originally published: Friday, June 11, 2021


Need help with Asterisk? Visit the VoIP-info Forum.

 

Moving from Incredible PBX 2020 (CentOS) to 2021 (Debian)

Wednesday, June 2, 2021 / 3 Comments on Moving from Incredible PBX 2020 (CentOS) to 2021 (Debian)



If you’re still shackled to CentOS 7 with Incredible PBX 2020, the time has come to put the horse and buggy out to pasture. RedHat has become an unreliable partner upon whom your entire PBX depends. When RedHat abruptly reneged on LTS support for CentOS 8, the writing was on the wall. They could do much the same thing with CentOS 7. Rather than waiting for the other shoe to drop, we introduced Incredible PBX 2021 and migrated to Debian 10. Now it’s your turn, and today we’ll guide you to a much more stable platform moving forward.

Step 1. To get started, you’ll want to bring up a new Incredible PBX 2021 server on a platform of your choice. We recommend using one of the virtual machine platforms, all of which are documented on the Incredible PBX Wiki. The Vultr platform is especially well suited for Incredible PBX 2021 because a snapshot image is available which lets you bring up a functioning server in a couple of minutes.

Make note of your server’s public IP address (23.45.67.89 in example).

Step 2. The next step is to bring the FreePBX modules on your existing Incredible PBX 2020 up to the latest releases. After logging into your Incredible PBX 2020 server as root, issue the following commands:

fwconsole restart
rm -f /tmp/*
fwconsole ma upgradeall
fwconsole reload
/root/sig-fix
systemctl restart apache2
/root/sig-fix

Verify that everything is functioning properly by logging into the FreePBX GUI as admin using your favorite web browser.

Make note of your Incredible PBX 2020 server’s public IP address (12.34.56.78 in example).

Whitelist 2021 server on 2020 server: /root/add-ip 2021pbx 23.45.67.89 then option 0

Step 3. Next, we need a good FreePBX backup of your Incredible PBX 2020 setup. While still logged into your Incredible PBX 2020 server as root, issue the following commands:

fwconsole stop
mysqldump -u root -ppassw0rd asterisk > /root/asteriskDB.sql
mysqldump -u root -ppassw0rd asteriskcdrdb > /root/asteriskCDR.sql
tar -zcf /root/snapshot.tar.gz /var/www/html/admin/modules \
 /var/spool/asterisk /var/lib/asterisk/agi-bin \
 /etc/asterisk/*custom.conf /var/lib/asterisk/astdb.sqlite3 \
 /root/asteriskDB.sql /root/asteriskCDR.sql

Step 4. Log into your 2021 server as root and issue the following commands substituting your Incredible PBX 2020’s actual IP address for 12.34.56.78 below:

cd /
scp root@12.34.56.78:/root/snapshot.tar.gz .
fwconsole stop
tar zxvf snapshot.tar.gz
rm snapshot.tar.gz
cd /root
mysql -u root -ppassw0rd asterisk < asteriskDB.sql
mysql -u root -ppassw0rd asteriskcdrdb < asteriskCDR.sql
mysql -u root -ppassw0rd asterisk -e "UPDATE freepbx_settings \
 SET value = 'Incredible PBX 2021' WHERE \
 freepbx_settings.keyword = 'DASHBOARD_FREEPBX_BRAND';"
chown -R asterisk:asterisk /var/lib/asterisk
chmod -R 755 /var/lib/asterisk
fwconsole start
fwconsole reload
fwconsole ma delete clearlytrunking
fwconsole ma delete sms
fwconsole ma delete webrtc
fwconsole ma delete ucp
fwconsole ma downloadinstall ucp
fwconsole ma downloadinstall webrtc
fwconsole ma downloadinstall sms
fwconsole ma downloadinstall clearlytrunking
fwconsole reload

That completes the migration to Debian 10 and Incredible PBX 2021. Keep in mind that you may need to tweak the directories in the tarball step above if you've made custom changes in your Incredible PBX 2020 setup. If you're also migrating Incredible Fax from your 2020 platform, see the Incredible PBX Wiki for step-by-step instructions. Enjoy!

Originally published: Tuesday, June 2, 2021


Need help with Asterisk? Visit the VoIP-info Forum.

 

Introducing Vultr Marketplace Featuring Incredible PBX 2021

Tuesday, May 25, 2021 / 2 Comments on Introducing Vultr Marketplace Featuring Incredible PBX 2021


One of our oldest open source supporters, Vultr, introduced their new Vultr Marketplace today featuring one-click installs for dozens of turnkey apps including Incredible PBX 2021. Vultr boasts a whopping 1.3 million users running applications in 17 different locations around the globe. And, today, it’s easier than ever. With the new Incredible PBX 2021 image, a user can choose a location and server size and simply click on the Incredible PBX 2021 application in the Vultr Marketplace instead of wrestling with Linux and a cumbersome install procedure. Within a matter of minutes, your PBX is ready to start making calls. If you use our referral code to sign up, our open source projects get $25 from Vultr, and you receive a $100 credit to kick the tires for up to a month. So… you have nothing to lose!

Here’s a snapshot of the applications that await you in the new Vultr Marketplace:


If you’ve never used Vultr, you owe it to yourself to take their cloud platform for a spin. The performance is legendary, and a $5 a month Cloud Compute platform can easily manage the calls for dozens of users. Add automatic backups for an additional 20% a month, and your platform is virtually indestructible. And you’ll never have to babysit on-premise hardware as well as Internet and power issues again. Read the Incredible PBX 2021 tutorial to get started.

Originally published: Tuesday, May 25, 2021


Need help with Asterisk? Visit the VoIP-info Forum.

 

Housekeeping 101: Managing Your Asterisk Backups and Logs

Monday, April 26, 2021



If you’re one of those that likes planting shrubbery but ignores maintenance thereafter, then today’s column is for you. Linux servers and Asterisk® PBXs need some regular attention. If you don’t invest a little time in the backup and log purging tasks, sooner or later you’ll regret it when disaster strikes.

With Incredible PBX® 2020 and 2021 servers, you only have yourself to blame if you don’t make regular backups and move them off site. Simply run /root/incrediblebackup2020 and move the image from /backup to a safe place. For Incredible PBX 16 servers, use the /root/incrediblebackup16 script. If you’re considering a move of your on premise Incredible PBX 2020 or 2021 server to the cloud, then we recommend making a full FreePBX® backup. Simply use the FileStore module in FreePBX in conjunction with the FreePBX Backup module to backup to S3, FTP, SCP, or DropBox. For those using cloud platforms for your PBXs, we strongly recommend investing the few cents more to activate automatic backups or snapshots. See the Incredible PBX Wiki for provider suggestions.

Next, let’s turn to logs. On Linux-based systems running Asterisk, there are literally dozens of logs. If you don’t monitor them carefully, you run the risk of a system failure once your storage device fills up. For PUBLIC implementations of Incredible PBX, you also need to monitor /var/log/secure (CentOS) and /var/log/auth.log (Debian/Ubuntu) for SSH break-in attempts. Monitoring the logs for most other system problems is less necessary because these issues typically will rear their ugly heads in a way that you will instantly know there’s a problem.

That leaves us with taming log creep. Even though many of the logs rotate and manage their own total size, this isn’t true for all of them. The easiest way to identify where your problem areas are is to do full listings of the files in both the /var/log and /var/log/asterisk directories: ls -al /var/log && ls -al /var/log/asterisk. When you see the size of logs creeping into 7 digits or more, it’s time to take corrective action. The simplest way is to build yourself a bash script that runs as a cron job every week or so. Here’s what we typically put in the script. The first few lines clean out the rotated logs, and the other lines initialize all of the current log files except the SSH log. You would obviously want to examine any extremely large logs for issues and security breaches before running this script! We typically create a backup before running the script. This preserves a historical record in case of any problems.

#!/bin/bash
rm -rf /tmp/*
rm -f /var/log/*-2*
rm -f /var/log/asterisk/*-2*
rm -f /var/log/httpd/*-2*
rm -f /var/log/*.gz
rm -f /var/log/asterisk/*.gz
rm -f /var/log/apache2/*.gz
rm -f /var/log/apache2/*.1
rm -f /var/log/*.1
rm -f /var/log/asterisk/*.1
truncate -s 0 /root/.mysql_history
truncate -s 0 /root/.asterisk_history
truncate -s 0 /root/.bash_history
truncate -s 0 /var/log/wtmp
truncate -s 0 /var/log/lastlog
truncate -s 0 /var/log/mysql/error.log
truncate -s 0 /var/log/auth.log
truncate -s 0 /var/log/boot.log
truncate -s 0 /var/log/cron
truncate -s 0 /var/log/cron.log
truncate -s 0 /var/log/daemon.log
truncate -s 0 /var/log/debug
truncate -s 0 /var/log/dmesg
truncate -s 0 /var/log/dmesg.old
truncate -s 0 /var/log/dracut.log
truncate -s 0 /var/log/fail2ban.log
truncate -s 0 /var/log/ipchecker.log
truncate -s 0 /var/log/kern
truncate -s 0 /var/log/kern.log
truncate -s 0 /var/log/knockd.log
truncate -s 0 /var/log/mail.err
truncate -s 0 /var/log/mail.info
truncate -s 0 /var/log/maillog
truncate -s 0 /var/log/mail.warn
truncate -s 0 /var/log/messages
truncate -s 0 /var/log/mysqld.log
truncate -s 0 /var/log/slpd.log
truncate -s 0 /var/log/syslog
truncate -s 0 /var/log/alternatives.log
truncate -s 0 /var/log/bootstrap.log
truncate -s 0 /var/log/dpkg.log
truncate -s 0 /var/log/tallylog
truncate -s 0 /var/log/yum.log
truncate -s 0 /var/log/faillog
truncate -s 0 /var/log/fontconfig.log
truncate -s 0 /var/log/regen_ssh_keys.log
truncate -s 0 /var/log/apache2/access.log
truncate -s 0 /var/log/apache2/error.log
truncate -s 0 /var/log/apache2/other_vhosts_access.log
truncate -s 0 /var/log/asterisk/freepbx_dbug
truncate -s 0 /var/log/asterisk/freepbx_debug
truncate -s 0 /var/log/asterisk/freepbx.log
truncate -s 0 /var/log/asterisk/freepbx_security.log
truncate -s 0 /var/log/asterisk/full
truncate -s 0 /var/log/asterisk/h323_log
truncate -s 0 /var/log/asterisk/messages
truncate -s 0 /var/log/asterisk/queue_log
truncate -s 0 /var/log/asterisk/ucp_out.log
truncate -s 0 /var/log/asterisk/clearlydevices_out.log
truncate -s 0 /var/log/asterisk/clearlysp_out.log
truncate -s 0 /var/log/asterisk/core*.log

To automate this process, create a truncate-logs script in /root with the entries above. Make the script executable: chmod +x /root/truncate-logs. Then add this entry to the bottom of /etc/crontab: 35 4 * * 6 root /root/truncate-logs >/dev/null 2>&1. This would run the script every Saturday morning at 4:35 a.m.

Originally published: Monday, April 26, 2021


Need help with Asterisk? Visit the VoIP-info Forum.

 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 

SPAM Blocker & CNAM Cornucopia for Incredible PBX 2021

Thursday, March 4, 2021 / 1 Comment on SPAM Blocker & CNAM Cornucopia for Incredible PBX 2021




If you enjoy calls from politicians and car warranty offers as much as we do, then today’s your lucky day. Blocking spam phone calls has been a challenge to put it charitably. Thanks to some earlier work by Stewart Nelson on the DSLR forum as well as Stewart’s considerable hand-holding in the development of our previous tutorials, we want to introduce an updated call screening approach for Incredible PBX 2021 that takes into account some recent changes in FreePBX® design. In a nutshell, the previous implementation no longer works because of some FreePBX plumbing changes that eliminated the "hook" we were using to intercept and screen incoming calls.

If you missed the earlier article, here’s the design. First time callers that are not on your WhiteList will be prompted to "press 5 to connect." Since most spam calls sit in a queue for several seconds before a live person chimes in, that person won’t hear the prompt. After 10 seconds or an invalid response, the call is sent to voicemail. In the alternative, you can play a SIT tone and disconnect the call or you can send the call to your favorite uncle, Lenny. When a successful caller calls again, the caller will be connected without a prompt. Once installed, you can change the voice prompt to a number other than 5 by modifying lines 11 and 13 of the context [sub-log-caller] which you will find in extensions_custom.conf in the /etc/asterisk directory at the completion of this install.

While today’s approach won’t block every robocaller, our testing suggests that it will catch more than 95% of these annoying calls. Using CallerID Superfecta coupled with the Asterisk® Phanebook will provide an extremely low-cost solution both for blocking spammers AND for displaying accurate CNAM data for incoming calls. The silver lining is you’ll only pay for CNAM lookups from legitimate callers once, and you have a choice of using OpenCNAM or BulkCNAM with the scripts we’ll provide today. Last, but not least, you’ll also get CNAM data for outgoing calls in your CDR logs.

Here’s the actual dialplan addition that will monitor your incoming calls:

[sub-log-caller]
exten => s,1,NoOp(*** begin sub-log-caller ***)
exten => s,n,Set(email='root')
exten => s,n,GotoIf($['${MESSAGE(from)}' != '']?SMSINCOMING)
exten => s,n,GotoIf(${DB_EXISTS(cidname/${CALLERID(num)})}?CNAMOK)
;exten => s,n,Goto(WHITELISTED)
exten => s,n,GotoIf($[${DB(SPAMCHECK/deactivate)} = 1]?CONNECTNOW)
exten => s,n,GotoIf($[${DB(cidname/0)} = SPAMCHECK]?CONNECTNOW)
exten => s,n,Playback(silence/1)
;exten => s,n,Goto(ANONTEST)
exten => s,n,Playback(custom/press5)
exten => s,n,Read(MYCODE,beep,1,n,1,10)
exten => s,n,GotoIf($["${MYCODE}" = "5"]?ANONTEST)
exten => s,n(FLUNKED),NoOp(*** Caller FLUNKED screening ***)
exten => s,n,Dial(local/*701@from-internal) ; uncomment to send to 701 VM
;exten => s,n,Dial(local/53669@from-internal) ; uncomment to send to Lenny
exten => s,n,Zapateller()
exten => s,n,Hangup
exten => s,n,Return()
exten => s,n(SMSINCOMING),NoOp(${MESSAGE(from)})
exten => s,n,NoOp(${MESSAGE(body)})
exten => s,n,GotoIf($["${email}" = "root"]?NOEMAIL)
exten => s,n,system(echo "FROM: ${MESSAGE(from)} \nVIA: ${CDR(did)} \n${MESSAGE(body)}" | `/usr/bin/which mail` -s "Incoming SMS Message" ${email})
;exten => s,n,SendText("Received but cannot reply now.")
exten => s,n(NOEMAIL),Hangup
exten => s,n,Return()
exten => s,n(CNAMOK),Set(CALLERID(name)=${DB(cidname/${CALLERID(number)})})
exten => s,n,Goto(WHITELISTED)
exten => s,n(ANONTEST),GotoIf($[${CALLERID(num)} > 0]?WHITELISTNOW:CONNECTNOW) 
exten => s,n(WHITELISTNOW),Set(DB(cidname/${CALLERID(number)})=${CALLERID(name)})
exten => s,n,Set(CALLERID(all)="${CALLERID(name)} <${CALLERID(number)}>")
exten => s,n,Goto(SENDEMAIL)
exten => s,n(WHITELISTED),Set(CALLERID(all)="${CALLERID(name)} <${CALLERID(number)}>")
exten => s,n,Goto(CONNECTNOW)
exten => s,n(SENDEMAIL),NoOp(WhiteListed: ${CALLERID(all)})
exten => s,n,GotoIf($["${email}" = "root"]?CONNECTNOW)
exten => s,n,system(echo "In Asterisk Phone Book, verify new CNAM entry of ${CALLERID(name)} for ${CALLERID(number)}." | `/usr/bin/which mail` -s "Incredible PBX CNAM Reminder" ${email})
exten => s,n(CONNECTNOW),NoOp(*** end of sub-log-caller ***)
exten => s,n,Return()
;-------------------------------------------------------------------------------

 
The beauty of today’s design is that it won’t interfere with your existing call processing rules. In other words, FreePBX Inbound Routes sent to IVRs, Ring Groups, Conferences, and even incoming Faxes still will be processed exactly as they have been in the past once the CallerID number makes it onto your WhiteList. Unlike the previous design which tweaked the FreePBX Core module slightly, today’s implementation uses a slightly modified [app-blacklist-check] context to kick off our screening component above. This eliminates the need to modify the core module each time FreePBX updates the module. We’ve also enhanced the install to support those using the new Incredible PBX 2021 PUBLIC platform. This gives you the same SPAM protection for calls reaching your PBX directly via a SIP URI instead of a commercial DID.

Here are the basic steps to get this working:

  1. Configure and Enable CallerID Superfecta in FreePBX
  2. Enable CallerID Superfecta on All Inbound Routes
  3. Set the Proper Context for Your Trunks
  4. Download & Install Call Screener 2021
  5. Import Previous Callers into WhiteList

1. Configuring CallerID Superfecta in FreePBX

CallerID Superfecta is an integral component in today’s new call screening design. It will be used both to populate the Asterisk Phonebook’s WhiteList and to provide CallerID Name (CNAM) data about your callers while assuring that you only pay for one CNAM query even though grandma may call you a dozen times a day. We use the Asterisk Phonebook as the whitelist of authorized callers. The way CallerID Superfecta works is it checks multiple sources for a match on the incoming CallerID Number. As soon as a match is found, the checking ends and the CallerID Number and Name are passed to the Call Screening script.

The CallerID Superfecta lookup sequence needs to be set as follows in the United States: AsteriDex (if desired), Asterisk Phonebook (required), and then one of the following commercial CNAM lookup services: OpenCNAM or BulkCNAM. In other countries, there still may be free CNAM services, but they’ve all disappeared in the U.S. market. We’ve documented the other available sources in a previous Nerd Vittles article.

Low-volume OpenCNAM Value pricing provides global lookups for $0.0028 each. BulkCNAM provides CNAM queries with RoboCall identification for $0.002 per query. If you sign up with OpenCNAM, you will need your Account SID and Auth Token to configure CallerID Superfecta and to populate the Call Screening script. If you sign up with BulkVS, you will need your API Key from the API Credentials tab in your BulkVS Dashboard.

With your credentials in hand, login into FreePBX as admin and navigate to Admin -> CID Superfecta -> Default. Arrange and enable the lookup sources in the following order: AsteriDex, Asterisk Phonebook, and then either OpenCNAM or BulkCNAM (in the U.S. market) or your country’s best CNAM lookup source. Be sure to enter your credentials for the CNAM provider by clicking on the wrench icon beside the provider. If your incoming trunks already provide CNAM lookups (such as BulkVS and Incredible PBX Trunking), then you can substitute Trunk Provided as your CNAM lookup service. With Incredible PBX Trunking, in addition to free CNAM lookups, you also get SPAM detection at no additional cost. For details on the service, follow this link. Then we typically set Telco Data as the last lookup source which will at least give you the city and state of the caller.

2. Enabling CallerID Superfecta on Inbound Routes

By default, CallerID Superfecta is not enabled for incoming calls to your PBX. You must enable it on every Inbound Route by navigating to Connectivity -> Inbound Routes and then editing each of your routes. Then click on the Other tab and set Enable Superfecta Lookup to YES and set the Superfecta Scheme to DEFAULT. Click SUBMIT to save your route settings and then reload the dialplan when prompted.

3. Setting the Proper Context for Your Trunks

It’s equally important to make certain that the CallerID Numbers for all of your incoming calls arrive in the same format. Computers are stupid. 8005551212 and 18005551212 and +18005551212 are completely different callers as far as your PBX is concerned. If different trunks deliver calls with CallerID Numbers formatted differently, then you would need to whitelist ALL of the various permutations for every caller in the Asterisk Phonebook. For those in the U.S. and Canada that primarily receive calls from the U.S. and Canada, we recommend setting the context entry in every trunk to from-pstn-e164-us. This will handle the translation of all 3 number formats above into 10-digit numbers. Calls from other countries will not be affected.

4. Downloading & Installing Call Screener 2021

Now let’s put all the Call Screener components in place and configure the screening setup to meet your own requirements. To get started, log into Incredible PBX as root and issue the following commands:

mkdir /tmp/CALL-SCREENER
cd /tmp/CALL-SCREENER
wget http://incrediblepbx.com/CallScreener2021.tar.gz
tar zxvf CallScreener2021.tar.gz
rm -f CallScreener2021.tar.gz
./install

Once the install is begun, the editor will open to the dialplan code. In the [sub-log-caller] context, you have a few options. First, you need to choose how to handle incoming calls where the caller does not enter the "press5″ number prompt in a timely manner. The default setup (line 14) sends these callers to voicemail for extension 701. You can change the voicemail extension, or you can elect to treat the calls differently. We’ve provided two additional options. Line 15 will send the calls to Lenny at extension 53669. Line 16 will send the calls to Zapateller which is the universal tone for numbers that are not in service. You should enable only one of these three options and comment out the other two by placing a semicolon (;) at the start of the other two lines. If you have fax detection enabled on your PBX, you probably would not want to send failed calls to either Lenny or Zapateller since you may never know the incoming faxes failed. Similarly, if you get calls from people with rotary dial phones such as Grandma, you probably don’t want her talking to Lenny or listening to Zapateller tones.

The next option is which number to prompt callers to press. The default is 5. But you can change it by modifying the existing press5 entry on line 10 and entering the number to match on line 12. Available choices are 5 through 9.

The final option in the [sub-log-caller] context is to activate email notifications for new callers that pass the screening test. This is especially important if you receive lots of calls from cellphone users. Most of those calls will arrive with a CNAM entry of nothing more than the caller’s City and State. Activating an email reminder will notify you to update the Asterisk Phonebook entry for such callers to replace the City, State entry with the caller’s actual name so that your CDR listings and future calls provide accurate CNAM information for the caller. To activate email reminders, replace root in Set(email="root") in line 2 with your actual email address.

The [macro-dialout-trunk-predial-hook] context handles populating the Asterisk Phonebook WhiteList for outbound calls you make to people that are not yet in your Asterisk Phonebook. These numbers will automatically be added to your whitelist, but you also have the option of adding CNAM entries for these outbound calls using either OpenCNAM or BulkCNAM for outbound calls to numbers that are not yet in your Asterisk Phonebook. To activate CNAM lookups, simply uncomment either line 4 or 5 in the context. For the service you have activated, remember to also enter your Account SID and Auth Token in the case of OpenCNAM or your API Key in the case of BulkCNAM. If you leave both lines commented out which is the default, the callee’s phone number will be entered as both the CNAM and CNUM whitelist entry in the Asterisk Phonebook.

Once you have made all the changes desired, save the template by pressing Ctl-X, then Y, then ENTER. The installer then will complete installation of the Call Screener 2021 components.

5. Importing Previous Callers into WhiteList

We appreciate that you may not want to aggravate callers that have been calling you for years by making them jump through hoops the next time they call. So here’s a quick way to populate your Asterisk Phonebook with the names and numbers of previous callers. For entries where the CNAM is merely the CallerID Number, future calls from these numbers still will be looked up with OpenCNAM or BulkCNAM to obtain an actual CNAM match. We’ve made a couple of assumptions that you are more than welcome to adjust to meet your own needs. First, we’ve limited the list to callers from the past two calendar years. Second, we’ve only captured calls that lasted more than 15 seconds. We’ll drop down to the Linux CLI to build the list of callers to import. Then we’ll use the FreePBX GUI to import the list into the Asterisk Phonebook. While building the import list, you’ll have an opportunity to prune the list and remove any undesirable entries using nano. To generate the .csv file, issue the following commands:

cd /root
./export-CDR

Now you should have a 2YR-clean.csv file in its final form for import. Copy the file to your desktop PC and open FreePBX in your browser. Navigate to Admin -> Asterisk Phonebook. Click Import Phonebook and then Browse. Select the 2YR-clean.csv file from your desktop. Then click Upload. Take a final look at the new entries in your Asterisk Phonebook to make sure nothing came unglued, and you’re all set.
 

Originally published: Thursday, March 4, 2021


Need help with Asterisk? Visit the VoIP-info Forum.

 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


 

A Fresh Look at Low-Cost VoIP Cloud Providers

Monday, February 8, 2021

Now that we’re up and running in 2021 with new releases of Incredible PBX 2021 for both Debian and Ubuntu, it seemed like a fitting time to take a fresh look at VoIP cloud offerings to host your new PBX. The short story is that a cloud-based PBX is the hands-down winner over on-premise hardware these days. It’s cheaper. It’s more reliable. It’s more powerful. And it’s more flexible. The question you’re probably wanting answered is how much does it cost. The good news is it no longer will cost you an arm and a leg. In fact, it’s less expensive than the cost of electricity to run any on-premise hardware except perhaps a Raspberry Pi.

Keeping in mind the old adage that you get what you pay for, let us tick off our favorite cloud offerings together with their pricing. And, remember, you can always find a current list of recommendations on the Incredible PBX Wiki.

We like to separate cloud platforms into two main groups: those that provide periodic backups or snapshots and those that don’t. Fortunately, there are excellent backup utilities for Incredible PBX that lessen the need for provider backups, but they all entail some extra work on your part to get off-site backups configured or maintained.

Let’s begin with the elephants in the room: Amazon, Google, IBM, Microsoft, and Oracle. They all have cloud offerings, and our recommendation is don’t go there. Their services are EXPENSIVE. And they offer less functionality at significantly higher cost than some of the smaller, well-established companies such as Vultr, Digital Ocean, and OVH. If $5 to $6 a month for a cloud platform is not too rich for your blood, you can’t go wrong with any of these three. And all of them provide backups or snapshots in the pricing we’ve outlined. So they are perfect for a family or SOHO PBX. All three can also scale up to support hundreds or even thousands of users. There’s more good news. Using our referral links that support our open source projects, Vultr and Digital Ocean will give you $100 in free credits to begin your cloud journey. And, coming soon, you’ll be able to create an Incredible PBX 2021 VPS from the Vultr Marketplace in less than a minute. Here’s a sneak peek.


Also worth a careful look are a couple of other cloud providers offering either off-site backups in the case of HotLineServers at $3.80 per month or a free snapshot in the case of CrownCloud at $25 a year. CrownCloud is our personal favorite because they also offer Incredible PBX 2021 images for Debian and Ubuntu that install in a couple minutes. Simply open a ticket and ask.

If you’re just getting started with your VoIP adventure and want to keep the cost to an absolute minimum, we have a few additional recommendations, all of which we’ve tested. Keep in mind that these providers have not been in business for decades so the risk of a company failure is always there. And, yes, many have failed before. Also, none of these providers offer backups or snapshots so backups become your responsibility. But for experimentation, you can’t beat the pricing. The least costly provider is RackNerd at less than a dollar a month or $11.97 a year to be precise. This gets you a KVM platform with 1GB of RAM, 17GB of SSD storage, and 3TB of monthly bandwidth. And it’s screaming fast clocking in with 900+ Mbit/second downloads AND uploads on their Atlanta node. There are a few other low-cost providers that are worth a careful look. See the Incredible PBX Wiki for current options.

Finally, a word about backups. Moving from one VPS provider to another can be a painful experience. Typically, the Incredible Backup and Restore route is not your best bet because of possible differences in VPS design. This becomes even more tedious if you elect to switch operating systems, for example moving from CentOS to Debian or Ubuntu. Our recommendation is to stick with a FreePBX® backup in these situations. The FreePBX Wiki will walk you through the setup process. What that means is that, if your server fails or you wish to switch VPS platforms, you then would create a new VPS on the new platform using the traditional Incredible PBX installer. Once it is fully operational, you then can restore your FreePBX backup from the old platform.

 

Originally published: Monday, February 8, 2021


Need help with Asterisk? Visit the VoIP-info Forum.

 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 

A New Day: Introducing Incredible PBX 2021 for Ubuntu 20.04

Tuesday, January 26, 2021

We’ve completed the rollout of Incredible PBX 2021 for Debian 10 and, thanks to the terrific work of @jaminmc, today we’re pleased to introduce Incredible PBX 2021 for Ubuntu 20.04 LTS with its ten-year life cycle.

In addition to @jaminmc, we also want to offer our special thanks to the many talented individuals on the VoIP-Info.org Forum who work through the growing pains of these new releases to bring you open source products at zero cost. Come join the party!

If you’re using on-premise hardware, begin by downloading the ISO image of Ubuntu 20.04 for amd64. Follow our previous tutorials for tips on installation with VirtualBox or VMware ESXi. If you’d prefer to experiment in the cloud for about a penny an hour, open an account at Vultr or Digital Ocean using our referral links that support the Nerd Vittles project. You’ll also get some free credit to try out the service. Then create a new $5/month Ubuntu 20.04, 64-bit instance in your favorite city. Want some cheaper KVM cloud alternatives? Visit the Incredible PBX Wiki.

If your PBX is sitting behind a NAT-based router, you’ll need to redirect incoming UDP 5060-5061 and UDP 10000-20000 traffic to the private IP address of your server. This is required for all of the SIP providers included in the Incredible PBX 2021 build. Otherwise, all inbound calls will fail.

Installing Incredible PBX 2021 on Ubuntu 20.04 Server

Once your Ubuntu 20.04 platform is up and running, login as root using SSH or Putty. If you wish to use the default Asterisk 18 platform, issue the commands below to kick off the install. If you’d prefer to stick with Asterisk 16 for the time being and perhaps upgrade to Asterisk 18 later with the included upgrade script, then edit the script once you download it and change 18 to 16 in line 34 of the script before executing it.

wget http://incrediblepbx.com/IncrediblePBX2021-U.sh
chmod +x IncrediblePBX2021-U.sh
./IncrediblePBX2021-U.sh

At about 5 minutes into the install procedure, you’ll be prompted for your telephone country code. It’s 1 for Canada and the United States. Once the installation completes, reboot and you should be good to go.

Next Steps with Incredible PBX 2021

Before you can manage your PBX through a web browser, you first will need to set the admin passwords for FreePBX, Apache web apps such as Reminders and AsteriDex, and AvantFax (if you are using Incredible Fax). These all can be set by logging into your server as root and issuing the following commands: admin-pw-change, apache-pw-change, and avantfax-pw-change. The AvantFax password can also be reset with a browser by first logging in as admin with a password of password.

Outbound mail functionality needs to be working so that you can receive voicemail messages and faxes by email. To prevent SPAM, most ISPs and ITSPs block messages from downstream mail servers. That would be you. The easiest way to resolve this is to configure SendMail using Gmail as an SMTP Smarthost. You obviously need a Gmail account to implement this and, if you have turned on two-factor authentication for your Gmail account, you also will need to obtain an App password for your Gmail account, and use that in lieu of your regular Gmail password when configuring SendMail. With your Gmail username and password in hand, log into your server as root and run: /root/enable-gmail-smarthost-for-sendmail.

If your Incredible PBX 2021 is hosted with a cloud provider, be advised that many providers do not include a swap file as part of their offering. FreePBX requires a swap file. To add one, issue this command after logging into your server as root: /root/create-swapfile-DO.

To correctly set the time on your PBX, run: /root/timezone-setup.

By default, the voicemail password for each of the configured extensions (701-705) is set to the extension number. This means the user will be prompted to set a voicemail password on the first login to voicemail for each extension. A phone must be registered to the actual extension to access its voicemail account. For example, once a phone is registered to extension 701, the voicemail setup can be accessed by dialing *98701.

If you want to send and receive faxes with Incredible PBX 2021, download the new Incredible Fax 2021 for Ubuntu script, make it executable (chmod +x incred*), and then run the following script while logged into your server as root: /root/incrediblefax2021-ubuntu20.04.sh. When prompted, accept all the defaults. Once the HylaFax and AvantFax components are installed, reboot your server. To send faxes, click on the AvantFax tab in the FreePBX GUI and enter your login credentials (default: admin/password). To receive incoming faxes once you have configured a trunk and DID for your PBX, login to the FreePBX GUI as admin. Navigate to Connectivity -> Inbound Routes. For each of your DIDs on which you wish to receive faxes, select the inbound route and click the Fax tab. Review the Default Inbound Route Fax settings for proper setup.

Overview of the Initial Asterisk Setup Process

For those new to PBXs, here’s a two paragraph summary of how Voice over IP (VoIP) works. Phones connected to your PBX are registered with Extensions so that they can make and receive calls. When a PBX user picks up a phone and dials a number, an Outbound Route tells the PBX which Trunk to use to place the call based upon established dialing rules. Unless the dialed number is a local extension, a Trunk registered with some service provider accepts the call, and the PBX sends the call to that provider. The provider then routes the call to its destination where the recipient’s phone rings to announce the incoming call. When the recipient picks up the phone, the conversation begins.

Looking at things from the other end, when a caller somewhere in the world wishes to reach you, the caller picks up a telephone and dials a number known as a DID that is assigned to you by a provider with whom you have established service. When the provider receives the call to your DID, it routes the call to your PBX based upon destination information you established with the provider. Your PBX receives the call with information identifying the DID of the call as well as the CallerID name and number of the caller. An Inbound Route on your PBX then determines where to send the call based upon that DID and CallerID information. Typically, a call is routed to an Extension, a group of Extensions known as a Ring Group, or an IVR or AutoAttendant giving the caller choices on routing the call to the desired destination. Once the call is routed to an Extension, the PBX rings the phone registered to that Extension. When you pick up the phone, the conversation begins.

Configuring Trunks with Incredible PBX GUI

Perhaps the most difficult component to configure in the PBX is the Trunk. Almost every provider has a different way of doing things. We’ve taken some of the torture out of the exercise by providing a script which will configure settings for dozens of providers in seconds. Once installed, all you need to do is edit the desired Trunk (Connectivity:Trunks), change the Disable Trunk entry to No, and insert your credentials in both the PEER Details and Registration string of the SIP Settings Outgoing and Incoming tabs. Skyetel is enabled by default and needs no setup on the PBX side.

Configuring Skyetel for Incredible PBX 2021

If you’ve decided to go with Skyetel, here’s the drill. Sign up for Skyetel service and take advantage of the Nerd Vittles specials. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request the $10 credit for your account by referencing the Nerd Vittles special offer. Once you are satisfied with the service, fund your account as desired, and Skyetel will match your deposit of up to $250 simply by opening another ticket. That gets you up to $500 of half-price calling. Credit is limited to one per person/company/address/location. Effective 10/1/2023, $25/month minimum spend required.

Skyetel does not use SIP registrations to make connections to your PBX. Instead, Skyetel utilizes Endpoint Groups to identify which servers can communicate with the Skyetel service. An Endpoint Group consists of a Name, an IP address, a UDP or TCP port for the connection, and a numerical Priority for the group. For incoming calls destined to your PBX, DIDs are associated with an Endpoint Group to route the calls to your PBX. For outgoing calls from your PBX, a matching Endpoint Group is required to authorize outbound calls through the Skyetel network. Thus, the first step in configuring the Skyetel side for use with your PBX is to set up an Endpoint Group. Here’s a typical setup for Incredible PBX 2021:

  • Name: MyPBX
  • Priority: 1
  • IP Address: PBX-Public-IP-Address
  • Port: 5060
  • Protocol: UDP
  • Description: my.incrediblepbx.com

To receive incoming PSTN calls, you’ll need at least one DID. On the Skyetel site, you acquire DIDs under the Phone Numbers tab. You have the option of Porting in Existing Numbers (free for the first 60 days after you sign up for service) or purchasing new ones under the Buy Phone Numbers menu option.

Once you have acquired one or more DIDs, navigate to the Local Numbers or Toll Free Numbers tab and specify the desired SIP Format and Endpoint Group for each DID. Add SMS/MMS and E911 support, if desired. Call Forwarding and Failover are also supported. That completes the VoIP setup on the Skyetel side. System Status is always available here.

Configuring VoIP.ms for Incredible PBX 2021

To sign up for VoIP.ms service, may we suggest you use our signup link so that Nerd Vittles gets a referral credit for your signup. Once your account is set up, you’ll need to set up a SIP SubAccount and, for Authentication Type, choose Static IP Authentication and enter your Incredible PBX 2021 server’s public IP address. For Transport, choose UDP. For Device Type, choose Asterisk, IP PBX, Gateway or VoIP Switch. Order a DID in their web panel, and then point the DID to the SubAccount you just created. Be sure to specify atlanta1.voip.ms as the POP from which to receive incoming calls. In the Incredible PBX GUI, be sure to enable the VoIP.ms trunk.

Configuring V1VoIP for Incredible PBX 2021

To sign up for V1VoIP service, sign up on their web site. Then login to your account and order a DID under the DIDs tab. Once the DID has been assigned, choose View DIDs and click on the Forwarding button beside your DID. For Option #1, choose Forward to IP Address/PBX. For the Forwarding Address, enter the public IP address of your server. For the T/O (timeout) value, set it to 2o seconds. Then click the Update button. Under the Termination tab, create a new Endpoint with the public IP address of your server so that you can place outbound calls through V1VoIP. In the Incredible PBX GUI, be sure to enable all of the V1VoIP trunks.

Configuring Anveo Direct for Incredible PBX 2021

To sign up for Anveo Direct service, sign up on their web site and then login. After adding funds to your account, purchase a DID under Inbound Service -> Order DID. Next, choose Configure Destination SIP Trunk. Give the Trunk a name. For the Primary SIP URI, enter $[E164]$@server-IP-address. For Call Options, select your new DID from the list. You also must whitelist your public IP address under Outbound Service -> Configure. Create a new Call Termination Trunk and name it to match your server. For Dialing Prefix, choose six alphanumeric characters beginning with a zero. In Authorized IP Addresses, enter the public IP address of your server. Set an appropriate rate cap. We like $0.01 per minute to be safe. Set a concurrent calls limit. We like 2. For the Call Routing Method, choose Least Cost unless you’re feeling extravagant. For Routes/Carriers, choose Standard Routes. Write down your Dialing Prefix and then click the Save button.

Before you can make outbound calls through Anveo Direct from your PBX, you first must configure the Dialing Prefix that you wrote down in the previous step. Log into the GUI as admin using a web browser and edit the Anveo-Out trunk in Connectivity -> Trunks. Enable the Trunk. Then click on the custom-Settings tab and replace anveo-pin with your actual Dialing Prefix. Click Submit and Apply Config to complete the setup. In the Incredible PBX GUI, be sure to enable all of the remaining Anveo trunks.

By default, incoming Anveo Direct calls will be processed by the Default inbound route on your PBX. If you wish to redirect incoming Anveo Direct calls using DID-specific inbound routes, then you’ve got a bit more work to do. In addition to creating the inbound route using the 11-digit Anveo Direct DID, enter the following commands after logging into your server as root using SSH/Putty:

cd /etc/asterisk
echo "[from-anveo]" >> extensions_custom.conf
echo "exten => _.,1,Ringing" >> extensions_custom.conf
echo "exten => _.,n,Goto(from-trunk,\\${SIP_HEADER(X-anveo-e164)},1)" >> extensions_custom.conf
asterisk -rx "dialplan reload"

Configuring Extensions with Incredible PBX GUI

Extensions are created using the Incredible PBX GUI: Applications:Extensions. Many SIP phones expect extensions to communicate on UDP port 5060. If this is the case with your SIP phone or softphone, then always create Chan_SIP extensions which communicate on UDP 5060. If your SIP phone or softphone provide port flexibility, then you have a choice in the type of SIP extension to create: Chan_SIP or the more versatile PJSIP (UDP 5061). Just remember to always configure SIP extensions with NAT Mode=YES in the Advanced tab. If your VoIP phones or softphones support IAX connectivity, you may wish to consider IAX extensions which avoid NAT problems.

When you create a new Extension, a new entry is automatically created in the PBX Internal Directory. If you wish to allow individual users to manage their extensions or use the WebRTC softphone, then you will also have to create a (very) secure password for User Control Panel (UCP) access. Choose Admin:User Management and click on the key icon of the desired extension to assign a password for UCP and WebRTC access.

Configuring a Desktop Softphone for Incredible PBX

We’re in the home stretch now. You can connect virtually any kind of telephone to your new PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.

We recommend YateClient for Windows which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You can find them by running /root/show-passwords. You’ll need the IP address of your server plus your extension 701 password. In the YateClient, fill in the blanks using the IP address of your Server, 701 for your Username, and whatever Password was assigned to the extension when you installed Incredible PBX. Click OK to save your entries.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

DEMO - Apps Demo
123 - Reminders
947 - Weather by ZIP Code
951 - Yahoo News
TODAY - Today in History
LENNY - The Telemarketer's Worst Nightmare

If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store. For Android users, check out the terrific new VitalPBX Communicator. Works flawlessly with Incredible PBX.

Configuring a Softphone Extension on a Smartphone

Adding an Incredible PBX extension to your smartphone gets a little trickier. Whether you’re an iPhone or Android lover, all smartphones use batteries, and you don’t want to drain your battery by running a softphone as a foreground app all the time. Fortunately, you now have some choices in softphones engineered to work without draining your battery. While they all cost money, it’s not much money. We’ve written about all the choices, and you’ll find the links in our Softphone Provider Recommendations on the new Incredible PBX Wiki.

With PJsip extensions, you’re not limited to a single phone connection at a time, and we’ve preconfigured extension 701 to support five simultaneous connections. The setup on the softphone side is simple. For the server, enter the actual IP address of your PBX in the following format: 22.33.44.55:5061. Then enter 701 for the username and enter the password assigned to the 701 extension on your PBX. When an incoming call arrives, all the phones registered to extension 701 will ring simultaneously. Simply answer the call on the phone that is most convenient.

Configuring Outbound Routes in Incredible PBX GUI

Outbound Routes serve a couple of purposes. First, they assure that calls placed by users of your PBX are routed out through an appropriate trunk to reach their destination in the least costly manner. Second, they serve as a security mechanism by either blocking or restricting certain calls by requiring a PIN to complete the calls. Never authorize recurring charges on credit cards registered with your VoIP providers and, if possible, place pricing limits on calls with your providers. If a bad guy were to break into your PBX, you don’t want to give the intruder a blank check to make unauthorized calls. And you certainly don’t want to join the $100,000 Phone Bill Club.

To create outbound routes in the Incredible PBX GUI, navigate to Connectivity:Outbound Routes and click Add Outbound Route. In the Route Settings tab, give the Outbound Route a name and choose one or more trunks to use for the outbound calls. In the Dial Patterns tab, specify the dial strings that must be matched to use this Outbound Route. NXXNXXXXXX would require only 10-digit numbers with the first and fourth digits being a number between 2 and 9. Note that Outbound Routes are searched from the top entry to the bottom until there is a match. Make certain that you order your routes correctly and then place test calls watching the Asterisk CLI to make sure the calls are routed as you intended.

Configuring Inbound Routes in Incredible PBX GUI

Inbound Routes, as the name implies, are used to direct incoming calls to a specific destination. That destination could be an extension, a ring group, an IVR or AutoAttendant, or even a conference or DISA extension to place outbound calls (hopefully with a very secure password). Inbound Routes can be identified by DID, CallerID number, or both. To create Inbound Routes, choose Connectivity:Inbound Routes and then click Add Inbound Route. Provide at least a Description for the route, a DID to be matched, and the Destination for the incoming calls that match. If you only want certain callers to be able to reach certain extensions, add a CallerID number to your matching criteria. You can add Call Recording and CallerID CNAM Lookups under the Other tab.

Audio Issues with Incredible PBX 2021

If you experience one-way or no audio on some calls, add your external IP address and LAN subnet in the GUI by navigating to Settings -> Asterisk SIP Settings. In the NAT Settings section, click Detect Network Settings. Click Submit and Apply Settings to save your changes.

Security Considerations with Incredible PBX 2021

Incredible PBX 2021 includes a rock-solid firewall that limits access to preferred providers and individuals whose IP addresses you have whitelisted. Unfortunately, this may not insulate your server from FreePBX 15 irregularities if, in fact, Sangoma’s signing key was compromised in the October 2020 Ransomware Attack. Sangoma either doesn’t know or isn’t telling. Keep in mind that Sangoma didn’t mention the October breach either until someone else exposed it. Sangoma’s latest press release is available here.

The good news is Incredible PBX 2020 and 2021 platforms include a unique ClearlyIP feature that lets us manage which modules and versions can be installed. It works exactly like what ClearlyIP has documented in their must-read blog post, and we’ve built a locked version that rolls back all of the modules to dates before the Sangoma breach. The good news is, with Incredible PBX, you don’t have to jump through all the hoops covered in the ClearlyIP article to fully insulate your server from the Ransomware breach. We’ve done the work for you.

For those with mission-critical platforms, we’d recommend immediate implementation of what follows. For everyone else, it’s your choice whether to wait and see if there is a breach of the signing certificate with malicious modules. If you opt to wait and see, MAKE FREQUENT BACKUPS.

Here’s how to roll back all of your modules to dates before the breach. Login to the FreePBX GUI as admin and navigate to Settings > Advanced Settings. Drop down to the Lock Version field and change 15.19.11.001 to 15.19.11.003. Save your changes and reload your dialplan. Then use Module Admin to roll back any installed modules that are newer than the safe versions shown.

Our extra special thanks goes to Tony Lewis and the ClearlyIP team for providing this invaluable resource. Somehow we knew it would come in handy sooner or later. Unfortunately, that day has come.

Adding Incredible PBX 2021 to an OpenVPN Network

We previously have documented the procedure for creating an OpenVPN server as well as OpenVPN client templates (.ovpn). If you need a refresher, the tutorial is here. To add your Incredible PBX 2021 server to an existing OpenVPN network, begin by creating an incrediblepbx2021.ovpn template on your OpenVPN server. Be sure to comment out or delete the setenv line in the template. Then copy this template to /etc on your Incredible PBX 2021 server. Next, issue the following commands to put the remaining pieces in place:

cp -p /root/openvpn-start /etc/.
echo "[Unit]
Description=openvpn2021
ConditionPathExists=/etc/openvpn-start
After=rclocal.service
[Service]
Type=forking
ExecStart=/etc/openvpn-start /etc/incrediblepbx2021.ovpn
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
PermissionsStartOnly=true
SysVStartPriority=99
[Install]
WantedBy=multi-user.target" > /etc/systemd/system/openvpn2021.service

Finally, enable the new openvpn2021.service and reboot your server. The OpenVPN IP address should now appear on the LAN line in pbxstatus:

systemctl enable openvpn2021.service
reboot

Incredible PBX 2021 Administration

We’ve eased the pain of administering your new PBX with a collection of scripts which you will find in the /root folder after logging in with SSH or Putty. Here’s a quick summary of what each of the scripts does.

add-fqdn is used to whitelist a fully-qualified domain name in the firewall. Because Incredible PBX 2021 blocks all traffic from IP addresses that are not whitelisted, this is what you use to authorize an external user for your PBX. The advantage of an FQDN is that you can use a dynamic DNS service to automatically update the IP address associated with an FQDN so that you never lose connectivity.

add-ip is used to whitelist a public IP address in the firewall. See the add-fqdn explanation as to why this matters.

del-acct is used to remove an IP address or FQDN from the firewall’s whitelist.

admin-pw-change is used to set the admin password for access to the FreePBX/Incredible PBX web GUI using a browser pointed to the local IP address of your server.

apache-pw-change is used to set the admin password for access to Apache/Incredible PBX apps including AsteriDex and Reminders. This provides a password layer of protection for access to these applications.

avantfax-email-change is used to change the destination email address for incoming faxes.

avantfax-pw-change is used to change your admin password for the AvantFax web console.

iaxmodem-restart is used to restart the modems used to send and deliver faxes. The pbxstatus display will tell you whether the IAXmodems are down.

incrediblebackup2021 makes a backup of critical components on your PBX to a tarball saved in /backup. This should be copied to safe location off-site for a rainy day.

incrediblerestore2021 restores a backup file which has been copied to the /backup folder.

ipchecker is a script which deciphers the public IP addresses associated with whitelisted FQDNs created with add-fqdn on your server. If any of the addresses have changed, the firewall is restarted after updating the IP addresses. By default, it is executed every 10 minutes by /etc/crontab.

licenses.sh displays the license associated with each of the FreePBX modules on your server.

logos-b-gone removes proprietary artwork from your PBX and is no longer necessary with the included IncrediblePBX FreePBX module.

mime-construct is a command-line utility to send emails with attachments.

neorouter-login is a script to add your PBX to a NeoRouter VPN. Tutorial here.

odbc-gen.sh is a script that was run to generate the ODBC settings for Asterisk. Do NOT use it.

openvpn-start is a script to add your PBX to an existing OpenVPN network using an .ovpn config file. Tutorial here.

pbxstatus displays status of all major components of Incredible PBX 2021.

pptp-install is a script to create a PPTP network connection for your PBX. Tutorial here.

purge-cdr-cel-records removes all CDR and CEL records from the MySQL database.

reset-conference-pins is a script that automatically and randomly resets the user and admin pins for access to the preconfigured conferencing application. Dial C-O-N-F from any registered SIP phone to connect to the conference.

reset-extension-passwords is a script that automatically and randomly resets ALL of the SIP passwords for extensions 701-705. Be careful using this one, or you may disable existing registered phones and cause Fail2Ban to blacklist the IP addresses of those users. HINT: You can place a call to the Ring Group associated with all five extensions by dialing 777.

reset-reminders-pin is a script that automatically and randomly resets the pin required to access the Telephone Reminders application by dialing 123. It’s important to protect this application because a nefarious user could set up a reminder to call a number anywhere in the world assuming your SIP provider’s account was configured to allow such calls.

show-feature-codes is a cheat sheet for all of the feature codes which can be dialed from any registered SIP phone. It documents how powerful a platform Incredible PBX 2021 actually is. A similar listing is available in the GUI at Admin -> Feature Codes.

show-passwords is a script that displays most of the passwords associated with Incredible PBX 2021. This includes SIP extension passwords, voicemail pins, conference pins, telephone reminders pin, and your Anveo Direct outbound calling pin (if configured). Note that voicemail pins are configured by the user of a SIP extension the first time the user accesses the voicemail system by dialing *97.

sig-fix disables Module Signature Checking in the FreePBX GUI. This should not be necessary unless you have added or edited FreePBX Modules with missing module signatures.

sms-skyetel is a script to send SMS messages using a Skyetel trunk.

sms-voip.ms is a script to send SMS messages using a VoIP.ms trunk.

sms-blast, sms-blaster, and sms-dictator are scripts for message blasting. Tutorial here.

switch-to-php5.6 is a script to disable PHP 7.3 and set PHP 5.6 as the default version for your PBX. PHP 5.6 is required to use AvantFax. It is the default configuration for Incredible PBX 2021. The current default PHP version is displayed in the Apache listing of pbxstatus.

switch-to-php7.3 is a script to disable PHP 5.6 and set PHP 7.3 as the default version for your PBX. You cannot use AvantFax when PHP 7.3 is the default.

timezone-setup is a script to set the timezone for your PBX.

update-IncrediblePBX is a script that runs the Automatic Update Utility whenever you login to your server as root. These updates typically resolve bugs and security issues with your PBX. Do NOT remove it.

upgrade-asterisk16 is a script that runs on Asterisk 16 platforms to upgrade your PBX to the latest release of Asterisk 16.

upgrade-asterisk18 is a script that runs on both Asterisk 16 and 18 platforms to upgrade your PBX to the latest release of Asterisk 18.

wolfram is a script to deploy Wolfram Alpha on your PBX. Tutorial here.

Forwarding Calls to Your Cellphone. Keep in mind that inbound calls to your DIDs automatically ring all five SIP extensions, 701-705. The easiest way to also ring your cellphone is to set one of these five extensions to forward incoming calls to your cellphone. After logging into your PBX as root, issue the following command to forward calls from extension 705 to your cellphone: asterisk -rx "database put CF 705 6781234567"

To remove call forwarding: asterisk -rx "database del CF 705"

Keeping FreePBX 15 Modules Current

We strongly recommend that you periodically update all of your FreePBX modules to eliminate bugs and to reduce security vulnerabilities. From the Linux CLI, log into your server as root and issue the following commands:

rm -f /tmp/*
fwconsole ma upgradeall
fwconsole reload
/root/sig-fix
systemctl restart apache2
/root/sig-fix

 

Originally published: Tuesday, January 26, 2021


Need help with Asterisk? Visit the VoIP-info Forum.

 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 

Post navigation

Older posts Newer posts

Support Nerd Vittles



Free Asterisk Solutions

free counters