Category: Smartphones

Hardware Device of the Year: Meet the CuBox-i with Incredible PBX for Ubuntu

It’s been many years since we’ve written back-to-back articles about the same device. That should tell you how really special the CuBox-i is. After two weeks of 14-hour days developing the new Incredible PBX platform for CuBox, we are thrilled to crown this jewel as Nerd Vittles Hardware Device of the Year. Flawless design, incredible performance, tiny size, feature-rich components, minimal power consumption, and completely silent operation are merely the tip of the iceberg with this 2x2x2 cubic zircon. On the $130 CuBox-i4PRO, there’s a Quad Core processor, 2 gigs of RAM, a 10/100/1000 Ethernet port, a 1080p HDMI port, two powered USB 2 ports, an eSATA II port for an external drive, a realtime clock with backup battery, an Optical S/PDIF Audio Out port, a microSD port, an infrared receiver and transmitter, WiFi 11n, and Bluetooth plus a power adapter to match either American or European power sources. Whew! And here’s the best part. Everything works while squeezed in a tiny case that’s a third the size of Rubic’s Cube.

A SOHO Swiss Army Knife That Fits in Your Cupholder: Voice, Fax, SMS, TTS, Email, PBX, Incredible!

Did we mention it’s a near perfect VoIP platform for any home office or small business? Well, it is. And everything we’ve learned about Asterisk® and FreePBX® and Internet security over the past decade is rolled into today’s release of our crown jewel edition of Incredible PBX™ for the CuBox. First, you’ll need to purchase one and we strongly recommend the CuBox-i4PRO with its Quad Core ARM processor and built-in WiFi and Bluetooth. In the U.S, there’s NewEgg or NewEgg (10% off on i4PRO with promo code SW829NE10 = $117 until 9/4). In the U.K, there’s NewIT. For everyone else, you can buy directly from SolidRun, the creator.

Before we dive into Incredible PBX, we want to express our deepest appreciation to Zhando and Josh North of PIAF Forum fame. Zhando’s pioneering efforts with Ubuntu and Incredible PBX on the CuBox platform and Josh North’s morphing of Incredible Fax for deployment with Ubuntu paved the way for everything you’re about to read. It reinforces the spectacular results which can be achieved in the open source community when a talented group of even a few folks put their heads together. The Ubuntu developers and the tens of thousands of open source contributors from around the world also deserve a well-earned tip of the hat for producing a Linux platform that is rock-solid reliable and incredibly versatile. Nearly 1,000 open source packages are included in the latest Incredible PBX build. Click on the link to view the package list in PDF format and prepare to be amazed. We couldn’t have done it without all of you!

Introducing Incredible PBX 11.12.0 for the CuBox-i4PRO

If you’re new to Asterisk and the world of VoIP telephony, let us take a moment and explain how Incredible PBX fits into the puzzle. For lack of a better term, Incredible PBX on the CuBox platform is a turnkey aggregation in a bootable image that is based upon a superset of Ubuntu 14 packages plus Asterisk, the FreePBX GUI, and a sizable collection of applications for the Asterisk platform. You download a tarball, decompress it, write the image file to a microSD card, insert the card into your CuBox-i, and presto! You’ve got a turnkey PBX. Add credentials for a trunk or two to make and receive calls, connect some phones, and your whole office will come alive with a versatile PBX platform that used to cost organizations hundreds of thousands of dollars. What’s included in Incredible PBX? Glad you asked. Here’s a 3-minute video showcasing a few of our favorite Incredible PBX text-to-speech applications:


The Incredible PBX 11 Inventory. Here’s the current feature set on the CuBox platform. It’s the most robust ever! In addition to its superset of nearly 1,000 Ubuntu 14 packages, Asterisk 11, and FreePBX 2.11 with Apache, SendMail, MySQL, PHP, phpMyAdmin, Fail2Ban, WebMin, and the IPtables Linux firewall, check out these additions:

A Few Words About Security. Thanks to its Zero Internet Footprint™ design, Incredible PBX is different. It remains the most secure Asterisk-based PBX around. What this means is Incredible PBX has been engineered to sit anywhere, either behind a NAT-based, hardware firewall or directly on the Internet. No device other than those on your private LAN, a few of the major (trusted) SIP providers around the world, and those that you authorize on your WhiteList can even see your server. Additional IP addresses can be added to the WhiteList in three ways:

  1. An administrator registers new IP addresses using add-ip or add-fqdn from the Linux CLI
  2. A remote user sends the (correct) randomized PortKnock code assigned to your CuBox
  3. A remote user dials in from a standard telephone to register a new remote IP address

Read about this $100,000 VoIP phone bill, and you’ll better appreciate why WhiteList-based server security has become absolutely essential. WhiteList Security means only those devices with a registered IP address in your WhiteList can get to your server’s resources. To the NSA and everyone else, your server doesn’t even show up on the radar. Their only way to contact you is a POTS telephone using your published phone number. Our complete tutorial on Travelin’ Man 3 is available here. With Incredible PBX for CuBox, it’s installed and preconfigured.

Installing Incredible PBX 11.12.0 on the CuBox-i

There are five simple steps to get Incredible PBX up and running on your CuBox:

  1. Purchase a storage device
  2. Download Incredible PBX image
  3. Untar the image on your desktop
  4. Burn the image to a microSD card
  5. Insert microSD card in CuBox and boot

Choosing a Storage Platform. Unless you plan to run your server with an external eSATA hard drive (CuBox-i4PRO tutorial here), the first step is to purchase a suitable microSD card. We recommend at least a 32GB Class 10 card from Transcend, SanDisk, or Kingston. All of them are under $20 on Amazon and most include free 2-day shipping for Prime customers. If using an eSATA drive, you still need a microSD card to boot up, but any 4GB or 8GB card will suffice.1

Downloading Incredible PBX for CuBox. From your favorite desktop computer, download the latest build of Incredible PBX from SourceForge. Depending upon your network connection and the SourceForge mirror, it can take awhile. It’s a whopping 1.3GB!

Untarring Incredible PBX for CuBox. Depending upon your desktop platform, untarring incrediblepbx.4.cubox.U14.latest.tar.gz is as simple as double-clicking on it in the Downloads folder (on a Mac). On the Windows platform, here are 3 utilities that will do the job. On a Linux desktop, open a Terminal window and…

tar zxvf incrediblepbx.4.cubox.U14.latest.tar.gz

Burning the Incredible PBX image to microSD. Once you’ve untarred the file, you’ll find two scripts that make burning the image to a microSD card simple if you’re on a Mac or Linux desktop. On a Windows machine, it’s a little more complicated. Most SD cards come preformatted with a DOS partition so your Windows machine should recognize the microSD card when it’s inserted. If not, format the card using a utility such as SD Card Formatter. Next, you’ll need Win32 Disk Imager to burn cubox.img to your card. Once the image has been transferred, gracefully unmount the card from your desktop, and then remove the card from the SD card adapter.

Booting Incredible PBX on the CuBox. Insert the microSD card (electronics side up) into your CuBox-i. Then apply power to the CuBox after connecting a USB keyboard, HDMI monitor, and Ethernet cable to a network with Internet connectivity that can also hand out DHCP addresses. Log into Incredible PBX as root with cubox as your password. Your SSH credentials, Asterisk DUNDI secrets, logs, and network connection options will be initialized and then your server will reboot. You may need to hit the Enter key once or twice during the SSH credentials initialization to move things along. And, with some SD cards, you may find yourself waiting an eternity for the promised reboot. After seeing the “rebooting” message, count to ten. If your server still hasn’t rebooted, remove and reapply power. This quirk goes away after the first reboot.

After the reboot, log in again as root with password: cubox. Your firewall setup will be initialized to lock down your whitelist to your server’s public and private IP addresses AND the IP address of the machine from which you’re logging in. All of your FreePBX passwords will be randomized and your secret PortKnocker codes will be generated. The whole process only takes a few seconds.

When the second pass configuration is complete, you will be greeted by a welcoming message. STOP and read it. It has loads of important information about your server’s configuration and your next steps. Press ENTER to review status:

The Next 10 Steps. Before you do anything else, complete the following steps. It only takes a minute to secure and properly configure your server:

  1. Change your root password: passwd
  2. Change your FreePBX admin password: /root/admin-pw-change
  3. Set your correct time zone: /root/timezone-setup
  4. Expand partition to match microSD card size: /root/resize-partition
  5. Add any desired IP addresses to WhiteList: /root/add-ip
  6. Put PortKnocker credentials in a safe place: cat /root/knock.FAQ
  7. Change AvantFax admin password: /root/avantfax-pw-change
  8. Set Email Address for Incoming Faxes: /root/avantfax-email-dest
  9. Check status to be sure everything is working: status
  10. If using an eSATA external drive, do the migration drill (note the free disk space in status above)

A Few Important Tips. Every operating system and service provider has their quirks. Ask Bill Gates! Ubuntu and especially Comcast are no different. Fortunately, with Ubuntu, it’s a very short list.

1. Use the following commands (only!) to shutdown and restart your server: halt and reboot. These commands are reworked in Incredible PBX to gracefully shutdown important services so that files don’t get damaged. Please use them!

2. If you ever want to move your server to a different network, complete these three simple steps before you leave your existing network. This will trigger a new Phase I update (outlined above) and set the default network back to wired eth0 using DHCP the next time you boot your server.

touch /etc/update_hostconfig
/root/enable-eth0-only
# press Ctrl-C when prompted to reboot. then type:
halt

3. You really do need email connectivity to get the most out of Incredible PBX. It’s the way you receive important notifications from FreePBX, and it’s also how faxes and voicemail messages are delivered. From the Linux CLI, test your server to be sure you can send emails reliably:

echo "test" | mail -s testmessage yourname@gmail.com

After checking your spam folder, if you really didn’t get the email, it may be that your service provider is blocking downstream SMTP traffic. You can use your provider’s SMTP server as a smarthost to send out mail with SendMail. Just edit /etc/mail/sendmail.cf, search for DS, and add the provider’s SMTP server address immediately after it (no spaces!), e.g. DSsmtp.comcast.net or DSsmtp.knology.net. Then restart SendMail: service sendmail restart.

Once you’ve logged into FreePBX below, be sure to set your default email address in the right margin of Admin -> Module Admin and save your entry. This will assure receipt of timely notifications of FreePBX updates for your server.

4. If you’re sure you’ll never need remote access in an emergency, you can disable PortKnocker at startup and save about 5% of your processing cycles. Our complete PortKnocker tutorial is available here. To disable startup on boot, issue the following command from the Linux CLI:

update-rc.d -f knockd disable

5. The same applies to WebMin. We actually introduced one of the first tutorials for WebMin… over 9 years ago. A word to the wise: WebMin is a terrific tool for looking at stuff about your system. But be very careful making system changes with WebMin. You usually will break some of the customized settings in Incredible PBX. This is particularly true in the case of the IPtables firewall. To access WebMin, use a browser and the actual IP address of your server to go to: https://12.34.56.78:9001. Log in as root with your root password. To disable automatic startup of WebMin on boot:

update-rc.d -f webmin disable

Setting Up WiFi with the CuBox-i4PRO

This may sound simple now, but two weeks ago it was quite a different story. For those with a CuBox-i4Pro, WiFi is built into the hardware. The trick was getting it to work. Well, with Incredible PBX, it does. In the /root folder, you’ll find several self-explanatory scripts to do the heavy lifting for you. For options 2 and 3, you’ll need the SSID of the WiFi network you’ll be using as well as the SSID password.

  1. enable-eth0-only (the default setting)
  2. enable-wifi-eth0 (enables both but eth0 works with Asterisk)
  3. enable-wifi-only (runs your server purely on WiFi)

Getting Started with VoIP and FreePBX

Up to now, all of your time has been spent using the Linux CLI. That will be a rarity once you get this far. Henceforth, 90% of your time setting up Incredible PBX will be done using the FreePBX GUI and your favorite web browser. To access it, just point to the IP address of your server. status will tell you the address if you’ve forgotten it. The main control panel looks like this:

As configured, the default user account for both FreePBX and AvantFax administration is admin. The passwords are whatever you set in steps #2 and #7 above. As configured, email delivery of faxes with AvantFax is automatic so no further setup is required other than setting a delivery mechanism for faxes within FreePBX.

For those new to Asterisk and FreePBX, here’s a brief primer on what needs to happen before you can make and receive calls. If you have an existing Google Voice account or a smartphone that’s less than 2 years old, lucky you. This gets you a phone number for your PBX so people can call you. And it provides a vehicle to place calls to plain old telephones at little or no cost.

If you don’t have a Google Voice account or a shiny new smartphone, then you will need to purchase a SIP trunk from one of the numerous vendors around the world. Our favorite (because they provide terrific service at a modest price AND provide financial support to the Nerd Vittles, PBX in a Flash, and Incredible PBX projects) is Vitelity. Their special rates and a link for a discount are included at the end of today’s article.

Unlike POTS phone service from Ma Bell, the SIP World is a little different. First, you don’t need to put all your eggs in one basket. A trunk that gets you a phone number for incoming calls need not be with the same vendor that provides a trunk to place outbound calls. In fact, you may want multiple trunks for outbound calls just to have some redundancy. A list of our favorites in the U.S. and Canada is available on the PIAF Forum. Of course, there also are providers that offer all-you-can-eat calling plans. Two of our favorites are Vestalink and Future-Nine.

You’ll also need a softphone or SIP phone to actually place and receive calls. YATE makes a free softphone for PCs, Macs, and Linux machines so download your favorite and install it on your desktop.

Phones connect to extensions in FreePBX to work with Incredible PBX. Extensions talk to trunks (like Google Voice) to make and receive calls. FreePBX uses outbound routes to direct outgoing calls from extensions to trunks, and FreePBX uses inbound routes to route incoming calls from trunks to extensions to make your phones ring. In a nutshell, that’s how a PBX works.

There are lots of bells and whistles that you can explore down the road including voicemail, conferencing, IVRs, autoattendants, paging, intercoms, CallerID lookups, announcements, DISA, call parking and pickup, queues, ring groups, and on and on. And then there’s all of the Incredible PBX applications which are covered separately in this Nerd Vittles article. Once you’re comfortable with one server, you or your company will want some more. This Nerd Vittles article will walk you through interconnecting them into a seamless mesh network so that you can call from one office to another transparently. Yes, those articles were written for the Raspberry Pi. But the beauty of Incredible PBX is that it runs identically on virtually every server platform.

Here’s our 10-Step Checklist to Getting Started with FreePBX:

1. Setting Up Google Voice. If you want free calling in the U.S. and Canada, then you’ll need an existing Google Voice account that includes the Google Chat feature. You’ll need one dedicated to Incredible PBX, or it won’t work. Log out after setting up the new Google Voice account! Also note that Google Voice may cease to function at any time after May 15, 2014. You can read all about it here.

  • Log into existing Google Voice account
  • Enable Google Chat as Phone Destination
  • Configure Google Voice Calls Settings:
    • Call ScreeningOFF
    • Call PresentationOFF
    • Caller ID (In)Display Caller’s Number
    • Caller ID (Out)Don’t Change Anything
    • Do Not DisturbOFF
    • Call Options (Enable Recording)OFF
    • Global Spam FilteringON

  • Place test call in and out using GMail Call Phone
  • Log out of your Google Voice account

2. Activating a Google Voice Trunk. To create a Trunk in FreePBX to handle calls to and from Google Voice, you’ll need three pieces of information from the Google Voice account you set up above: the 10-digit Google Voice phone number, your Google Voice account name, and your Google Voice password. Choose Connectivity -> Google Voice (Motif) from the FreePBX GUI. The following form will appear:

Fill in the blanks with your information and check only the top 2 boxes. If your Google Voice account name ends in @gmail.com, leave that out. Otherwise, include the full email address. Then click Submit Changes and Apply Config.

There’s one more step or your Google Voice account won’t work reliably with Incredible PBX! From the Linux command prompt while logged into your server as root, restart Asterisk: amportal restart

3. Setting a Destination for Incoming Calls and Managing Faxes. Now that you’ve created your Google Voice Trunk, we need to tell FreePBX how to process inbound calls when someone dials your Google Voice number. There are any number of choices. You could simply ring an extension. Or you could ring multiple extensions by first creating a Ring Group which is just a list of extension numbers. Or you could direct incoming calls to an Interactive Voice Response (IVR) system. By default, Incredible PBX is configured to route all incoming calls to extension 701. You can change the setting whenever you like by choosing Connectivity -> Inbound Routes -> Default. In the Set Destination section of the form, change the target destination from the pull-down lists.

If you want your default inbound route to also handle incoming faxes, then go to the Fax Detect section of the Default inbound route. Change Detect Faxes to Yes. Change Fax Detection Type to SIP. Leave the Detection Time setting at 4. And change the Fax Destination to Custom Destinations: Fax (Hylafax). To Send Faxes, open AvantFax in FreePBX’s Other pulldown menu.

Always click Submit and then click Apply Config to save new settings in FreePBX.

4. Activating a Smartphone Trunk Using Bluetooth. One of the more exotic features of Incredible PBX on the CuBox platform is the ability to add your smartphone as an Asterisk trunk using Bluetooth. We’ve written a short recipe to get things working. So have a look at our Bluetooth tutorial and see if you’re up for the challenge. Moral of the story: the newer the cellphone, the better.

The LG G3 is the best of the lot, at least of the numerous cellphones we tested. Even better is an LG G3 paired with StraightTalk’s (AT&T-hosted) unlimited talk, text, and data plan for $45 a month. With Samsung smartphones older than a Galaxy S4, don’t waste your time. Ditto with Apple iPhones other than perhaps the very latest. Our iPhone 4S failed miserably. We gave up on Apple phones after that. Someday I’ll test my daughter’s 5c and report back.

5. Activating Additional Trunks with FreePBX. As we mentioned, there are lots of SIP providers to choose from. Once you have signed up for service, configuring the trunk is easy. Here is a quick Cheat Sheet courtesy of Kristian Hare, who translated our original setups into a spreadsheet. Just click on the image below to open it in a new window. Then click on the redisplayed image to enlarge it. The left and right cursor keys will move you around in the image. Click on the image again to shrink it.

6. Changing Extension Passwords. From the main FreePBX GUI, choose Applications -> Extensions. Then click on 701 in the Extension List on the right side of your display. You’ll see a form that looks like this:

For now, we only need to make a few changes. First, you need a very secure password for both the extension itself and your voicemail account for this extension. The extension secret needs to be a combination of letters and numbers. The Voicemail Password needs to be all numbers, preferably six or more. Replace the existing password entries with your own (very secure) entries. You also need to lock down this extension so that it is only accessible from devices on your private LAN. You do that with the deny and permit entries which currently are filled with zeroes. Leave the deny entry the way it is which tells Incredible PBX to block everybody except those allowed in the permit entry below. For the permit, we need the first three octets of your private LAN address, e.g. if your LAN is 192.168.0.something then the permit entry will be 192.168.0.0/255.255.255.0.

Finally, you need to plug in your actual email address in the Voicemail section so that voicemails can be delivered to you when someone leaves a message. You can also include a pager email address if you want a text message alert with incoming voicemails. If you want the voicemails to automatically be deleted from the server after they are emailed to you (a good idea considering the disk storage limitations of your microSD card), change the Delete Voicemail option from No to Yes. That’s it. Now save your settings by clicking the Submit button. Then reload the dialplan by clicking on the red prompt when it appears.

In case you’re curious, unless you’ve chosen to automatically delete voicemails after emailing them, you can retrieve your voicemails by dialing *98701 from any extension on your phone system. You’ll be prompted to enter the voicemail password you set up. In addition to managing your voicemails, you’ll also be given the opportunity to either return the call to the number of the person that called or to transfer the voicemail to another extension’s voicemail box. And you can always leave a voicemail for someone by dialing their extension number preceded by an asterisk, e.g. *701 would let someone leave you a voicemail without actually calling you.

7. Eliminating Audio and DTMF Problems. You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in FreePBX: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

8. Configuring Your YATE Softphone. As we mentioned, the easiest way to get started with Incredible PBX is to set up a free YATE softphone on your Desktop computer. Versions are available at no cost for Macs, PCs, and Linux machines. Just download the appropriate one and install it from this link. Once installed, it’s a simple matter to plug in your extension 701 credentials and start making calls. Run the application and choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of Incredible PBX, 701 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place your first call. It’s that easy!

9. Configuring CallerID Superfecta. In order to match names with phone numbers, Incredible PBX includes a FreePBX application named CallerID Superfecta. Out of the box, Incredible PBX will work fine if you remember to activate CallerID Superfecta whenever you create a new Inbound Route. The CNAM entries also will be displayed in your CDR reports. For those not in the United States, you may prefer to use a lookup source for your numbers other than the ones preconfigured in CallerID Superfecta. You will find all of the available modules on the POSSA GitHub site. Just download the ones desired into /var/www/html/admin/superfecta/sources and then activate the desired sources in Admin -> CID Superfecta -> Default. You can test your results and the performance using the Debug facility that’s built into the module.

10. Adding Speech Recognition for Incredible Applications. We used to include Google’s Speech-to-Text service in Incredible PBX builds. Unfortunately, Google has changed the rules a bit. Assuming your server still meets the “personal and development” standard, you can obtain an API key from Google and reactivate speech-to-text functionality for many of the Incredible PBX applications including Weather Reports by City (949), AsteriDex Voice Dialing by Name (411), SMS Dictator (767), and Wolfram Alpha for Asterisk (4747). To activate the STT service, just complete the steps in our tutorial. Then sign up for a Wolfram Alpha App ID (tutorial here), and run the following install scripts:

/root/wolfram/wolframalpha-oneclick.sh
/root/smsdictator/sms-dictator.sh

Enabling SAMBA Windows Networking with Ubuntu

It only takes a minute to enable SAMBA Windows Networking on your CuBox. We’ve reproduced our quick tutorial to show you how. Just follow the steps below to interconnect Incredible PBX with all the other computers on your LAN.

apt-get -y install samba samba-common python-glade2 system-config-samba
cd /etc/samba
mv smb.conf smb.orig.conf
wget http://incrediblepbx.com/samba-ubuntu.tar.gz
tar zxvf samba-ubuntu.tar.gz
rm *.tar.gz
sed -i '/# End of Trusted Provider Section/r '/etc/samba/smb.iptables'' /etc/iptables/rules.v4
iptables-restart
service smbd restart
service nmbd restart
sed -i 's|/usr/local/sbin/amportal restart|service smbd restart\nservice nmbd restart\n/usr/local/sbin/amportal restart|' /etc/rc.local
# set up root password for SAMBA access with full RW privileges
smbpasswd -a root

Incredible Backup and Restore

Once you have everything configured, it’s time to take a snapshot of your system and store it in a safe place. The new Incredible Backup lets you do that. From the Linux CLI, login as root and run: /root/incrediblebackup. The backup image will be saved to the /tmp folder and can be copied to a different server easily. To restore the backup to another system, you simply bring the other system up to the same version of Asterisk (11) and FreePBX (2.11), and then run /root/incrediblerestore with your backed up image. It’s the cheapest insurance you can buy! For detailed instructions on restoring backups, see this thread on the PIAF Forum.


Don’t forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. And add your new number to the Do Not Call Registry to block telemarketing calls. Or just call 888-382-1222 from your new number.

Originally published: Monday, September 1, 2014


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Our forum is extremely friendly and is supported by literally hundreds of Asterisk gurus.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. Some of our links refer users to Amazon or other service providers when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from these providers to help cover the costs of our blog. We never recommend particular products solely to generate commissions. However, when pricing is comparable or availability is favorable, we support these providers because they support us. []

The Poor Wise Man’s Burglar Alarm System with Asterisk: Under $10/month

If you’re like us, spending $50 a month or more on a home security system is a bit like pouring money down the toilet. Add to that the complications of getting one to work reliably with VoIP without spending another $50 a month on a Ma Bell vintage telephone line just adds insult to injury.

So perhaps you can share our elation when an email arrived last week announcing Straight Talk’s new Remote Alert System, a $10/month cellular-based system that uses Verizon Wireless to provide SMS and phone call alerts for up to eight numbers. And actually it’s cheaper than that. $100 buys you a year of service. That’s less than $8.50 a month. Today we’ll show you how to transform your Prius-like Remote Alert System into a Tesla that will rival virtually any intrusion detection system on the market… at any price! The extra hardware required: any Asterisk-based server including the Raspberry Pi and BeagleBone Black.

Read and weep, ADT!

If we didn’t already have three Straight Talk lines of service, we would have filed this in the Too Good To Be True pile and moved on. But we’ve had terrific Almost-Unlimited™ AT&T Wireless service with Straight Talk for less than $500 a year. It’s not only indistinguishable from AT&T’s own offerings costing at least 50% more, but it’s also contract-free so we can bring any AT&T smartphone including iPhones to the party and never miss a beat.

We decided to take the bait and ordered the home security bundle. This gets you the Remote Alert wireless controller plus a wireless motion sensor plus a year of service for $229.99. If you prefer a one-month gamble, the bundle is only $139.99. Down the road, you can add additional motion sensors and window/door sensors for about $30 each. The add-ons now are available at Wal-Mart.

Shameless Plug. We obviously don’t charge for access to our articles. But you can assist the Nerd Vittles project financially by using our referral link with eBates® to make your purchase if you decide to try this. It doesn’t cost you a dime but returns 13.5% of your purchase price to the Nerd Vittles project. It’s just a couple of clicks. Start here to access eBates. Then Search for Straight Talk and click on the link. After the Straight Talk web site displays, click on the following link to access the Straight Talk Security Bundle. And, THANK YOU!

So… back to our story. The controller supports four zones for monitoring. Zone 4 is reserved for sensors you want to monitor while someone may still be moving around in the house, for example while only some of your family may be sleeping or if pets are roaming. The other three zones typically would be used for motion sensors that trigger alerts when anything moves… after giving you 30 seconds to leave and return, of course. You can activate Home or Away monitoring using either the controller, an optional $25 key fob, or a free app for your iPhone or Android smartphone.

You get to decide what happens when the system is armed and an alert is triggered either by motion or a monitored door or window being opened. For us, silence was the name of the game. Using the Android Remote Alert System, click the Silent ARM icon once you leave the house, and you’re done. When you return, click the Disarm icon within 30 seconds of opening the door, and monitoring is disabled. You can also enter your 4-digit alarm code on the controller to disable monitoring.

Remote Alert System Setup. Once you get the equipment, it’s a 5-minute phone call to get set up. Install the backup batteries in the controller and motion detector, and plug the controller into an A/C power source. Press the required sequence on the controller to activate it, and you’re in business. The motion detector is already paired with the controller when it arrives, but adding new sensors is a 15-second task. All of the commands are documented in the manual which accompanies the system. But the tutorials also are available on line if you want to have a look.

Step #1 is changing your security alarm password. The next step is entering your phone numbers. Straight Talk goes to great lengths warning you that this is not a home security system because it has no external siren and can’t make 911 calls. They obviously haven’t heard of Asterisk®. :-) But let’s get through the standard setup before we talk about Asterisk integration. You get to set up three numbers to receive SMS text messages when an alarm is triggered. And you get to set up five phone numbers to receive calls when an alarm is triggered. What the called party will actually hear is an obnoxious alarm tone which continues to play for 15 seconds. If you had multiple properties with alarm systems and no Caller ID, you’d never know the source of the alarm! But people with multiple properties probably aren’t smart enough to use this system to begin with so let’s move on. You configure the SMS and phone numbers by entering a special code on the controller to program each of the eight destinations. Then you enter the 10-digit number twice, and you’re done. Easy Peasy!

If you’re new to home security systems, the key to motion sensors is placement. Straight Talk recommends placement about seven to ten feet off the floor with a wide field of view. The range of the motion sensor is about 26 feet. It obviously depends upon the layout of your house or apartment, but we had much better success placing the motion sensor on a window sill at about 5 feet high and aiming it at the center hall of our home. It improved the motion detection dramatically. Trial and error is your friend!

The next step is positioning your controller. A mounting bracket is included so that you can place it almost anywhere you like. Our preference is to hide it so long as it still has Verizon cellular coverage and a source of electricity. You can test it by arming the controller with your smartphone and then triggering the motion sensor. If you get an SMS message or a call, it’s working. We also prefer silent mode. An intruder is obviously going to attempt to destroy your controller if they hear it. Yes, the intruder may leave, but they’ll probably carry some of the family jewels with them. With an Asterisk server in place, we’d prefer to send the police without alerting the intruder that something has gone wrong.

Asterisk Integration. Speaking of Asterisk, here’s what we’ve developed to add 911 alerts and telephone alarms to this system. It’s a 5-10 minute project! The way this works is to first add a phone number to your controller that calls a dedicated DID on your Asterisk server. Calls to that DID trigger the special context [st-remote-alert] which verifies the CallerID number of your alarm system. As configured, if the CallerID doesn’t match, the call is immediately disconnected although you could easily modify our code to use an existing (non-dedicated) DID if you prefer. Just route the non-matching CallerIDs to whatever context you traditionally use to process inbound calls. If the CallerID of the alarm system is matched, then the call is disconnected AND an outbound call is placed to 911. When the 911 operator answers, a prerecorded message is played at least twice that says something like this using REAL information:

This is an automated security request for assistance from the residence at 36 Elm Street in Podunck, Arkansas. The owner of this residence is Joe Schmo at phone number: 678-123-8888. An intruder has been detected inside the home. A suspected burglary is in progress. All of the residents of the home are unavailable to place this call. Please send the police.

The phone number from which this automated call is being placed is 678-123-4567. If the owners have a working cell phone, you can reach them at the following number: 678-123-9999. Please dispatch the police to 36 Elm Street immediately, whether you can reach the owners or not.
A suspected burglary is in progress. Thank you for your assistance. This message will repeat until you hang up…

You can either use Flite and Igor to play the message, or you can record your own message to be played to 911. Use the FreePBX® Admin -> System Recordings option. We recommend the latter especially since you’ll be sending these emergency calls to 911. You obviously want the 911 operator to be able to quickly decipher what’s being said.

Legal Disclaimer. We cannot stress strongly enough that you need to test this carefully on your own server by placing test calls to some number other than 911 until you are positive that it is working reliably as determined solely by you. Be advised that this system will not work at all in the event of an electrical, Internet, or server outage. As delivered, this code will NOT place calls to 911. The choice of whether to modify the code to place 911 emergency calls is solely yours to make. Be advised that false and inadvertent calls to 911 may result in civil and criminal penalties. DON’T BLAME US!


NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTY OF FITNESS
FOR A PARTICULAR PURPOSE AND MERCHANTABILITY, ARE BEING PROVIDED.

BY PROCEEDING WITH IMPLEMENTATION AND INSTALLATION OF THIS SOFTWARE, YOU AGREE
TO ASSUME ALL RISK AND COMPLETE RESPONSIBILITY FOR ANY AND ALL CONSEQUENCES
OF IMPLEMENTATION WHETHER INTENDED OR NOT AND WHETHER IMPLEMENTED CORRECTLY
OR NOT. YOU ALSO AGREE TO HOLD WARD MUNDY, WARD MUNDY & ASSOCIATES LLC, AND
NERD VITTLES HARMLESS FROM ALL CLAIMS FOR ACTUAL OR CONSEQUENTIAL DAMAGES.
BEFORE IMPLEMENTING AUTOMATED 911 CALLS, CHECK WITH A LOCAL ATTORNEY TO MAKE
CERTAIN THAT SUCH CALLS ARE LEGAL IN YOUR JURISDICTION.

IN THE EVENT THAT ANY OF THESE TERMS AND CONDITIONS ARE RULED UNENFORCEABLE,
YOU AGREE TO ACCEPT $1.00 IN COMPENSATION FOR ANY AND ALL CLAIMS YOU MAY HAVE.

THIS SOFTWARE IS FREE AND YOU AGREE TO ASSUME ALL RISKS WHETHER INTENDED OR NOT.
YOU ALSO ACKNOWLEDGE AND UNDERSTAND THAT THINGS CAN GO WRONG IN TECHNOLOGY.

WE CANNOT AND DO NOT WARRANT THAT THIS CODE IS ERROR-FREE OR THAT IT WILL
PROTECT YOUR PROPERTY, YOUR LOVED ONES, OR ANYONE, OR ANY THING IN ANY WAY.

IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS OF USE, DO NOT PROCEED!

Asterisk Implementation. First, you’ll need a dedicated DID that can be used to receive incoming calls from your Remote Alert System. Hopefully, you won’t be receiving many calls on this number so any of the inexpensive pay-by-the-minute DIDs will suffice. Or you can use a free DID from ipkall.com. The only gotcha with ipkall.com is having to make a call to keep the number active at least once every 30 days. But this could be accomplished with a weekly telephone reminder that only connected for a few seconds. Just don’t make the weekly call using the CallerID of your alarm system. You obviously do not want to trigger a 911 emergency call.

Next, you’ll need an outbound trunk on your Asterisk server that’s previously been registered with E911 support and that already is configured to place outbound 911 calls from your server. Google Voice trunks will not work! Your name, address, and phone number as they were registered with E911 will be important pieces of information to relay in your automated emergency call to 911. You’ll also need a cellphone number that can be provided with your 911 calls so that emergency responders have a way to contact you to follow up on automated emergency calls from your server.

Temporarily, you’ll also need a 10-digit number to which to deliver the automated emergency calls for testing. Your cellphone number would suffice. Once you’re sure everything is working, we’ll show you how to modify the dial plan code to replace this number with 911 when your system goes “live.”

Installation. Once you have all of the required pieces in place, you’re ready to begin the installation. Log into your server as root and issue the following commands to begin:

cd /root
wget http://nerdvittles.com/wp-content/st-remote-alert.tar.gz
tar zxvf st-remote-alert.tar.gz
rm -f st-remote-alert.tar.gz
./st-remote-alert.sh

Once the install is finished, use FreePBX to modify the DID Trunk that will receive the incoming alerts from your Remote Alert System. Change the context entry to: context=st-remote-alert

Test. Test. Test. Testing is critically important before you actually turn on automated calls to 911. Once you’ve installed the software, activate your Remote Alarm System and then trip the motion detector to trigger a call to the dedicated DID on your Asterisk server. There’s typically a 30-second delay between tripping a motion detector and the commencement of the alert calls. Within a minute, you should receive a call on the emergency number you set up for testing. You can follow the progress of the procedure using the Asterisk CLI: asterisk -rvvvvvvvvvv. We recommend testing this repeatedly for at least a month before even considering 911 deployment. Make certain that everyone in your household knows how to disable the alarm system when they return home after arming it. Make certain that everyone in your household knows to never arm the system with motion detectors activated when anyone or any animal inside the house could potentially trip the alarm. At least until everyone is accustomed to these new security procedures and has a proven (successful) track record, NEVER DEPLOY SILENT ARMING OF YOUR REMOTE ALERT SYSTEM! If you change to silent arming of the Remote Alert System, test for at least another full month with no inadvertent failures before considering 911 deployment.

Making Changes. The st-remote-alert.sh installer has been designed to let you run it over and over again to replace or update your settings. So don’t be shy about making changes.

Substituting a Personally Recorded Message. If you’d prefer to record your own message to be delivered to 911, then review the script above and make yourself a cheat sheet before you begin. Then use a browser to open FreePBX. Choose Admin -> System Recordings and enter an extension number on your system to use for recording. Click the Go button to begin. Then dial *77 from that extension and record your message. Press # when you’re finished. Be sure to listen to the recording to make sure it’s what you intended. If not, rerecord the message until you get it right. You can dial *99 to listen to your recording a final time. When you’re sure it’s correct, name the recording nv-alert. Click Save.

Now you need to tell the automated alert dialer to use your recorded message instead of Flite and Igor.
Edit /etc/asterisk/extensions_custom.conf. Search for the line containing “pickrecording”. Change Extension: 4 to Extension: 5. Save the file and reload your dial plan: asterisk -rx "dialplan reload"

Do some additional testing if you have substituted your own recording!

Adding Audible Alarms During Emergencies. If you prefer a little noise sprinkled around your home during burglaries, then we’ve put in place the necessary components to sound alarms on SIP phones that support AutoAnswer after feeding an extension to the speakerphone. For example, assuming you have deployed a Yealink T46G with an IP address of 192.168.0.10 and default admin credentials, you could add this additional line just before the final s,n,Hangup line in the [st-remote-alert] context of /etc/asterisk/extensions_custom.conf:

exten => s,n,System(curl -s -S --user-agent "Alert" http://admin:admin@192.168.0.10/servlet?number=25276)

To add additional Yealink phones, just add additional lines to the dialplan with the IP address of each phone. For other phone models, you’ll need to do a little research. :wink:

Going Live with Automated Emergency Calls to 911. When you and everyone in your household are absolutely comfortable with the arming, disarming, and motion detection procedures, then you can decide whether to reroute the automated notifications to 911. Be advised that, in some states or municipalities, it may be illegal to auto-dial 911 from a non-human caller/system. Before doing this, check with an attorney or local authorities in your jurisdiction to make sure you are in compliance with federal/state/local laws.1 If you elect to proceed, edit extensions_custom.conf in /etc/asterisk. Search for the line containing “SEND-HELP-REQUEST-TO”. Replace the temporary number that you set up with the number: 911. Save the file and reload your dial plan: asterisk -rx "dialplan reload". Sleep well!

Originally published: Monday, July 14, 2014


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. Autodialers that make emergency calls to E911 as part of a burglar alarm system are specifically exempted in some states such as Illinois. This comports with federal law under The Telephone Consumer Protection Act (47 U.S.C. § 227). Emergency robocalls are specifically exempted from the new PSAP Do-Not-Call Registry rules. See also this article about E911 laws in the Northeast. In most cases, but not all, these laws target abuse of the E911 system. Surprisingly, one town that reportedly prohibits ALL autodialing to 911 is Palo Alto, CA. And Paris, Tennessee also has joined the illegal club. Special thanks to @TheMole on the PIAF Forum for his excellent research. []

Knock Three Times: Pain-Free Remote Access to Your Asterisk or Linux Server

No. We’re not going to make you relive the 1970′s with us today although now you can listen to this Number 1 Hit and a million others for free with Amazon’s new Prime Music. No, we don’t get a commission if you sign up for Amazon Prime. Yes, we make millions when you buy something from Amazon using our links. Thank you! What we have for you today is a Number 1 Utility, and it works on virtually any Linux platform. If your fraternity or sorority had a secret knock to gain access, then you already know the basic concept. Port Knocker (aka knockd) from Judd Vinet is a terrific utility that runs as a daemon on your server and does just what you’d expect. It listens for knocks. When it detects three knocks on the correct three ports in the proper sequence and from the same IP address, it opens the IPtables Linux Firewall for remote access from that IP address to your server for a predefined period of time. This would allow you to log into your server with SSH or make SIP phone calls using a softphone registered to your remote Asterisk® server. What makes Port Knocker especially useful is the existence of knocking clients for virtually any smartphone, tablet, or desktop computer. For the Travelin’ Man, it’s another must have utility.

We introduced a turnkey implementation of Port Knocker in Incredible PBX for Ubuntu 14 late last week. If you were a pioneer earlier in the week, go back and install it again to take advantage of Port Knocker. Or better yet, follow along and we’ll show you how to install it on your own RedHat/CentOS or Ubuntu/Debian server in just a couple of minutes.

Prerequisites. We’ve built open source installation scripts for both the RedHat/CentOS platform as well as the Ubuntu/Debian operating systems. These knockd installers assume that you have a fully functional and locked down IPtables firewall with an existing WhiteList of authorized users. We’d recommend Travelin’ Man 3 if you need to deploy this technology and haven’t done so already. Last week’s Incredible PBX for Ubuntu 14 already includes Travelin’ Man 3 whitelisting technology. Read the article for full details.

Today’s knockd installers are fairly generic but, if you’re running a version of CentOS earlier than 6.x or Ubuntu earlier than 14 or Debian.anything, be advised that we haven’t tested these installers on those platforms so you’re on your own. Finally, if your server is sitting behind a hardware-based firewall (as we ALWAYS recommend), then you’ll also need to map three TCP ports from your hardware-based firewall to your server so that legitimate “knocks” can find their way to your server. These ports need not be opened in your IPtables firewall configuration! We’re just knocking, not entering. :-)

Overview. As configured, today’s installation scripts will install and preconfigure knockd to load automatically when you boot up your server. Three random TCP ports will be assigned for your server, and this port sequence is what remote users will need to have in order to gain access. Yes, you can change almost everything. How secure is it? Well, we’re randomizing the 3-port knock sequence using over 3,900 ports so you can do the math to figure out the odds of a bad guy guessing the correct sequence. HINT: 3900 x 3900 x 3900. Keep in mind that these “knocks” must all be received from the same IP address within a 15-second window. So sleep well but treat the port sequence just as if it were a password. It is! Once a successful knock sequence has been received, the default Port Knocker configuration will open all ports on your server for remote access from the knocking IP address for a period of one hour. During this time, “The Knocker” can log in using SSH or make SIP calls using trunks or extensions on the server. Port Knocker does not alleviate the need to have legitimate credentials to log into your server. It merely opens the door so that you can use them. At the bewitching (end of the) hour, all ports will be closed for this IP address unless “The Knocker” adds a whitelist entry for the IP address to IPtables during the open period. Yes, all of this can be modified to meet your individual requirements. For example, the setup could limit the range of ports available to “The Knocker.” Or the setup could leave the ports open indefinitely until another series of knocks were received telling knockd to close the IPtables connection. Or perhaps you would want to leave the ports open for a full day or a week instead of an hour. We’ll show you how to modify all of the settings.

Server Installation. To get started, log into your server as root and download and run the appropriate installer for your operating system platform.

For RedHat/Fedora/CentOS/ScientificLinux servers, issue the following commands:

cd /root
wget http://nerdvittles.com/wp-content/knock-R.tar.gz
tar zxvf knock*
rm knock-R.tar.gz
./knock*

For Ubuntu/Debian servers, issue the following commands:

cd /root
wget http://nerdvittles.com/wp-content/knock-U.tar.gz
tar zxvf knock*
rm knock-U.tar.gz
./knock*

For ARM-based servers, issue the following commands:

cd /root
wget http://nerdvittles.com/wp-content/knock-ARM.tar.gz
tar zxvf knock*
rm knock-ARM.tar.gz
./knock*

Server Navigation Guide. On both the RedHat/CentOS/Fedora and Ubuntu/Debian platforms, the knockd configuration is managed in /etc/knockd.conf. Before making changes, always shutdown knockd. Then make your changes. Then restart knockd. On RedHat systems, use service knockd stop and start. On Ubuntu, use /etc/init.d/knockd stop and start. By default, knockd monitors activity on eth0. If your setup is different, on Ubuntu, you’ll need to change the port in /etc/default/knockd: KNOCKD_OPTS="-i wlan0". On RedHat, the config file to modify is /etc/sysconfig/knockd and the syntax: OPTIONS="-i venet0:0".

In /etc/knockd.conf, create an additional context to either start or stop an activity. It can also be used do both as shown in the example code above. More examples here. There’s no reason these activities have to be limited to opening and closing the IPtables firewall ports. You could also use a knock sequence to turn on home lighting or a sprinkler system with the proper software on your server.

To change the knock ports, edit sequence. Both tcp and udp ports are supported. seq_timeout is the number of seconds knockd waits for the complete knock sequence before discarding what it’s already received. We’ve had better luck on more servers setting tcpflags=syn. start_command is the command to be executed when the sequence matches. cmd_timeout and stop_command tell knockd what to do after a certain number of seconds have elapsed since the start_command was initiated. If you’re only starting or stopping some activity (rather than both), use command instead of start_command and stop_command to specify the activity.

IPtables 101. The default setup gives complete server access to anyone that gets the knock right. That doesn’t mean they get in. In the PIAF World, it means they get rights equivalent to what someone else on your LAN would have, i.e. they can attempt to log in or they can use a browser to access FreePBX® provided they know the server’s root or FreePBX credentials.

If you would prefer to limit access to a single port or just a few ports, you can modify command or start_command and stop_command. Here are a few examples to get you started.

To open SSH access (TCP port 22):

/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

To close SSH access (TCP port 22):

/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

To open a range of SIP ports (UDP 5060 to 5069):

/sbin/iptables -A INPUT -s %IP% -p udp --dport 5060:5069 -j ACCEPT

To close a range of SIP ports (UDP 5060 to 5069):

/sbin/iptables -D INPUT -s %IP% -p udp --dport 5060:5069 -j ACCEPT

Here’s a gotcha to be aware of. If you’re using the Travelin’ Man 3 WhiteList setup on your server, be especially careful in crafting your IPtables rules so that you don’t accidentally remove an existing Travelin’ Man 3 rule in closing some port with knockd. You will note that the syntax of the knockd commands is intentionally a bit different than what you will find in your Travelin’ Man 3 setup. This avoids clobbering something accidentally.

Monitoring Activity. Here are the two best tools to monitor knockd activity to make certain your setup is performing as expected. The knockd log (/var/log/knockd.log) will tell you when a knocking attempt has occurred and whether it was successful:
[2014-07-06 14:44] starting up, listening on eth0
[2014-07-06 15:29] 79.299.148.11: opencloseSSH: Stage 1
[2014-07-06 15:29] 79.299.148.11: opencloseSSH: Stage 2
[2014-07-06 15:29] 79.299.148.11: opencloseSSH: Stage 3
[2014-07-06 15:29] 79.299.148.11: opencloseSSH: OPEN SESAME
[2014-07-06 15:29] opencloseSSH: running command: /sbin/iptables -A INPUT -s 79.299.148.11 -p tcp --dport 22 -j ACCEPT

Next, verify that the IPtables command did what it was supposed to do. iptables -nL will tell you whether port 22 access was, in fact, enabled for 79.299.148.11. The entry will appear just above the closing Chain entries in the listing:

ACCEPT     tcp  --  79.299.148.11         0.0.0.0/0           tcp dpt:22

Two things typically can go wrong. Either the knock from a client computer or cellphone wasn’t successful (knockd.log will tell you that) or IPtables didn’t open the port(s) requested in your knockd command (the iptables -nL query will show you that). In the latter case, it’s usually a syntax error in your knockd command. Or it could be the timing of the knocks. See /var/log/knockd.log.

Port Knocker Clients. The idea behind Port Knocker is to make remote access easy both for system administrators and end-users. From the end-user perspective, the simplest way to do that is to load an app on the end-user’s smartphone so that even a monkey could push a button to gain remote access to a server. If the end-user’s cellphone has WiFi connectivity sitting behind a firewall in a hotel somewhere, then executing a port knock from the smartphone should open up connectivity for any other devices in the hotel room including any notebook computers and tablets. All the devices typically will have the same public IP address, and this is the IP address that will be enabled with a successful knock from the smartphone.

Gotta love Apple’s search engine. Google, they’re not…

There actually are numerous port knocking clients for both Android and iOS devices. Here are two that we’ve tested that work: PortKnock for the iPhone and iPad is 99¢ and PortKnocker for Android is free. Some clients work better than others, and some don’t work at all or work only once. DroidKnocker always worked great the first time. Then it wouldn’t work again until the smartphone was restarted. KnockOnD for the iPhone, which is free, worked fine with our office-based server but wouldn’t work at all with a cloud-based server at RentPBX. With all the clients, we had better results particularly with cloud-based servers by changing the timing between knocks to 200 or 500 milliseconds. How and when the three knocks are sent seems to matter! Of all the clients on all the platforms, PortKnocker was the least temperamental and offered the most consistent results. And you can’t beat the price. A typical setup is to specify the address of the server and the 3 ports to be knocked. Make sure you have set the correct UDP/TCP option for each of the three knocks (the default setup uses 3 TCP ports), and make sure the IP address or FQDN for your server is correct.

Another alternative is to use nmap to send the knocks from a remote computer. The knock.FAQ file in your server’s /root directory will tell you the proper commands to send to successfully execute a connection with your server’s default Port Knocker setup. Enjoy!

Originally published: Monday, July 7, 2014


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

FMC: The Future of Telephony with Vitelity’s vMobile and Asterisk in the Cloud




If making phone calls from a web browser is what you’ve always longed for, then you’re in good company with Google and its future direction in the telephony space. Call us old fashioned but this strikes us as a solution in desperate need of a problem. What’s wrong with a Plain Old Telephone or a smartphone for making connections with friends and business associates? The real head scratcher is the fact that the WebRTC and Hangouts push demonstrates that the wizards at Google are seriously out of touch with the next generation. Will our 14-year-old daughter use Skype or Hangouts or FaceTime? Sure. About once a month to chat with Grandma or to interact with cousins scattered around the country, it’s a terrific option. And the same is true in the business community. When you need to collaborate with a half dozen colleagues, conferencing applications are invaluable. But to meet 95% of day in and day out business requirements, a telephone or smartphone is the clear device of choice. So join us today in celebrating the end of Google Voice XMPP service and the beginning of a new and even more exciting VoIP era… sans Google.


Of course, if it were up to the next generation, telephone calls might completely disappear in favor of text messaging, Snapchat, Instagram, and any other platform that includes recorded photos or videos. Note the subtle difference. Kids really are not interested in live video interaction. They find posed images that tell a story much more appealing. Why? Because recorded photos and videos let users present their best face, their movie star pose, and their expression of what they want others to perceive they’re really like. In short, live video is too much like real life. Our conclusion for those targeting the next generation is you’d better come up with something better and quite different than Skype, Hangouts, and FaceTime.

It’s Fixed-Mobile Convergence, Stupid!

Now let’s return to our primary focus for today, the current business community. Suffice it to say, there are a dwindling number of what we used to call “desk jobs” where an employee arrives at his or her desk at 9 a.m. and leaves at 5 p.m. As more and more jobs are headed off shore, the telephone and smartphone have replaced the corporate desk as the most indispensable corporate fixture. Particularly in the American marketplace, what we see with most businesses is a management layer and an (upwardly) mobile force of salespeople, consultants, and implementers that interact primarily through PBXs in an office headquarters or home office together with smartphones for those that generally are on the road. Many of these Road Warriors don’t even have a home phone any longer.


The telephony Holy Grail for this new business model is Fixed-Mobile Convergence (FMC). It’s the ability to transparently move from place to place while retaining your corporate identity. Every employee from the night watchman in Miami to the salesperson making calls from a Starbucks in California to the CEO in New York has an extension on a PBX in the cloud together with the ability to accept and place calls using the company’s CallerID name and number, transfer calls, and participate in conference calls regardless of whether the phone instrument happens to be a desktop phone or a smartphone. Is this even possible? Well, as of last week, the answer is ABSOLUTELY.

Vitelity has been a long-time corporate sponsor of both the Nerd Vittles and PBX in a Flash open source projects so we were thrilled when we were offered a free, Samsung Galaxy S III to try out the new (live) vMobile service that took Best in Show honors at ITEXPO Miami in January. As Vitelity’s Chris Brown would probably tell you, it’s one thing to demonstrate a new technology at a trade show and quite another to bring it into production. But Vitelity did it:

What we want to stress up front is that we’ve received no special treatment in getting this to work. We received the phone, opened a support ticket to register the phone on Vitelity’s vMobile network, and plugged our new credentials into the phone so that it could be integrated into our PBX in a Flash server. Once the smartphone became an extension on our PBX, we could place calls through our PBX with the S3 using both WiFi and Sprint 3G/4G service. Switching between WiFi and cellular is totally transparent. The CallerID for all outbound calls was our standard PBX CallerID. We also could place calls to other extensions on the PBX by dialing a 4-digit extension while connected to WiFi or the Sprint network virtually anywhere. If you have 3-digit extensions, those are a problem over the Sprint network but we’ll show you a little trick to get them working as well.

Keep in mind that every call from the S3 goes out through the PBX just as if you were using a standard desktop phone as a hardwired extension. And it really doesn’t matter whether the S3 has a WiFi connection or a pure cellular connection on Sprint’s network. You receive calls on the S3 in much the same way. It’s just another extension on your PBX. If you want to add it to a ring group to process incoming calls, that works. If other users on your PBX wish to call the S3 directly using the extension number, that works as well. If you want to transfer a call, pressing ## on the S3 initiates the transfer just as if you were using a phone on your desk. When we say transparent convergence, we really do mean transparent. No recipient of a call from the vMobile S3 would have any idea whether you were sitting at a desk in the corporate headquarters in New York or in a seat on a Delta jet after landing in San Francisco. Both the call quality and the corporate CallerID would be identical. And your secretary on maternity leave at Grandma’s house still could reach you using her vMobile S3 by simply dialing your corporate extension.

So that’s the Fortune 500 view of the new VoIP universe. How about the little guy with a $15 a month PBX in a Flash server in the RentPBX cloud1, a couple mobile sales people, and a handful of construction workers that build swimming pools for a living? It works identically. Each has an S3 connected as an extension on the PIAF cloud server. And calls can be managed in exactly the same way they would be handled if everyone were sitting side-by-side at desks in an office headquarters somewhere. The silver lining of cloud computing is that it serves as the Great Equalizer between SOHO businesses and Fortune 500 companies. Asterisk® paired with inexpensive cloud hosting services such as RentPBX lets you mimic the Big Boys for pennies on the dollar. We think Vitelity has hit a bases loaded, home run with vMobile.


vMobile Pricing

We know what you’re thinking. “Since you got yours for free, what does it really cost??” The Galaxy S3 (or S4) is proprietary running Trebuchet 1.0, a (rooted) CyanogenMod version of Android’s KitKat. You can purchase these devices directly from the Vitelity Store. Currently, you can’t bring your own device. The refurbished S3 is $189 including warranty. Works perfectly! That’s what we’re using. Next, you’ll need a vMobile account for each phone. Unless you’re a Nerd Vittles reader, it’s $9.95 per month. That gets you free WiFi calling and data usage anywhere you can find an available WiFi hotspot. And text messaging is free. For calls and data using Sprint’s nationwide network, the calls are 2¢ a minute and the data is 2¢ per megabyte ($20 per gigabyte). For us, a typical day of data usage with an email account and light web use costs about a quarter. YMMV! So long as you configure Android to download application updates when connected to WiFi, data usage should not be a problem unless you’re into photos and streaming video. Android includes excellent tools for monitoring and even curbing your data usage if this is a concern.

vMobile Gotchas

Before we walk you through the setup process, let’s cover the gotchas. The list is short. First, we don’t recommend connecting vMobile devices to a PBX sitting behind a NAT-based firewall, or you may end up with some calls missing audio. The reason is NAT and quirky residential routers. If you think about it, when your S3 is inside the firewall and connected to WiFi, it will have an IP address on your private LAN just like your Asterisk server. When your S3 is outside your firewall on either a cellular connection or someone else’s WiFi network, it will have an IP address that is not on your private LAN. Others may be smarter than we are, but we couldn’t figure a way to have connections work reliably in both scenarios using most residential routers. You can configure your S3′s PBX extension for NAT=No or NAT=yes, but you can’t tell Asterisk how to change it depending upon where you are. One simple solution is to deploy these phones with a VPN connection to your Asterisk server sitting behind a NAT-based firewall. The more reliable solution is to build your PBX in a Flash server in the cloud with no NAT-based firewall. Then use an IPtables WhiteList (aka Travelin’ Man 3) to protect your server. From there, you can either interconnect the cloud-based server with a second PBX behind your firewall, or you can dispense with the local PBX entirely. Either way will eliminate the NAT issues with missing audio. In both cases, use NAT=yes for the vMobile extension.

Another wrinkle involves text messaging. Traditional text messages work fine; however, MMS still is problematic unless you initiate the outbound MMS session with the other recipient. It’s probably worth noting that Google Voice never got MMS working at all despite years of promises. This wasn’t a deal breaker for us, but it’s a bug that still is being worked on.

Finally, there’s Sprint. You either love ‘em or hate ‘em. We really haven’t used Sprint service in about eight years. In the Charleston area, the barely 3G service still is just as lousy as it was eight years ago. But, if you live in an area with good Sprint coverage and performance, this shouldn’t be an issue for you. And vMobile works fine in Charleston. You just won’t be surfing the web very often unless you have hours to kill… waiting. Additionally, dialing numbers with less than 4 numbers is a non-starter with Sprint, but we’ll show you a simple workaround to reach 3-digit local extensions from your vMobile device below.

With a service as revolutionary as vMobile with Sprint’s new FMC architecture, we can’t help thinking there may be other cellular carriers with an interest in deploying this technology sooner rather than later. But, given the vMobile feature set, Sprint is good enough for now especially when WiFi connectivity is available almost everywhere.




vMobile Configuration at Vitelity

For the Vitelity side of the setup, you first configure your smartphone using the (included) My Phone app. When the application is run, your cellphone number will be shown. Tapping the display about a dozen times will cause the phone’s setup to be reconfigured. Vitelity will provide you the secret key to activate your account. Next, you’ll log into the Vitelity portal and choose vMobile -> My Devices under My Products and Services. The account for your vMobile device will already exist. Clicking on the pull-down menu beside your vMobile device will let you create your SIP account on Vitelity’s server. Enter the IP address or FQDN of your Asterisk server and set up a very secure password. Your username will be the 10-digit phone number assigned to your vMobile phone. Save your settings and then choose the Edit option to view your setup. The portal will display your Username, Password, and FreePBX/Asterisk Connect Host name. Write them down for use when you configure your new extension using FreePBX®.




vMobile Configuration for Asterisk and PBX in a Flash

On the PBX in a Flash server, use a browser to open FreePBX. Choose Applications -> Extensions and add a new generic SIP device. For Display Name and User Extension, enter the 10-digit phone number assigned to your vMobile device. Under Secret, enter the password you assigned in Vitelity’s vMobile portal. Click Submit and reload FreePBX when prompted. Then edit the extension you just created. Set NAT=yes and change the Host entry from dynamic to the FQDN entry that was shown in Vitelity’s vMobile portal, e.g. 7209876542.mobilet103.sipclient.org. Update your configuration and restart FreePBX once again. Finally, from the Linux command prompt, restart Asterisk: amportal restart. If you’re using a WhiteList with IPtables such as Travelin’ Man 3, be sure to add a new WhiteList entry for your vMobile Host entry. Finally, add your vMobile extension to any desired Inbound Routes to make certain your vMobile device rings when desired.

You now should be able to place and receive calls on your vMobile device. If you want to be able to call 3-digit Asterisk extensions on both WiFi and while roaming on the Sprint cellular network, then you’ll need to add a little dialplan code since Sprint reserves 3-digit numbers for emergency services and will reject other calls with numbers of less than 4 digits. Here’s the simple fix. Always dial 3-digit extensions with a leading 0, e.g. 0701 to reach extension 701. We’ll strip off the leading zero before routing the call. The dialplan code below works whether you’re calling a local 3-digit extension or a 3-digit extension on an interconnected remote Asterisk server. Simply edit extensions_custom.conf in /etc/asterisk and insert the following code at the top of the [from-internal-custom] context. Then restart Asterisk: amportal restart. Note that we’ve set this up so that, if you have an extension 701 on both the local server and a remote server, the call will be connected to the local 701 extension. If you have different extension prefixes for different branch offices (e.g. 7XX in Atlanta and 8XX in Dallas), then this dialplan code will route the calls properly assuming you’ve configured an outbound route with the appropriate dial pattern for each branch office.

exten => _0XXX,1,Answer
exten => _0XXX,n,Wait(1)
exten => _0XXX,n,Set(NUM2CALL=${CALLERID(dnid):1})
exten => _0XXX,n,Dial(sip/${NUM2CALL})
exten => _0XXX,n,Dial(local/${NUM2CALL}@from-internal)
exten => _0XXX,n,Hangup

Vitelity vMobile Special for Nerd Vittles Readers

Now for the icing on the cake… We asked Vitelity if they would consider offering special pricing to Nerd Vittles readers and PBX in a Flash users. We’re pleased to report that Vitelity agreed. By using this special link when you sign up, the vMobile monthly fee will be $8.99 instead of $9.95. In addition, your first month is free with no activation fee. We told you last week that there was a very good reason for choosing Vitelity as your SIP provider. Now you know why.

And, if you’re new to Cloud Computing, take advantage of the RentPBX special for Nerd Vittles readers. $15 a month gets you your very own PBX in a Flash server in the Cloud. Just use this coupon code: PIAF2012. Enjoy!

Originally published: Thursday, May 15, 2014





Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. RentPBX also is a corporate sponsor of the Nerd Vittles and PBX in a Flash projects. []

Beware the Ides of May: It’s Hammertime for Google Voice


You don’t have to be a soothsayer to appreciate what’s about to happen in the VoIP community. In just two weeks, millions of telephones in the United States are about to go silent. Let’s begin with what we know and don’t know about Google Voice and Google’s May 15 deadline. Google has made it crystal clear that XMPP connectivity to Google Voice is going away on May 15. What that means is that inbound and outbound calling using an XMPP connection to Google Voice will no longer work, period. And the platform really doesn’t matter. That includes Asterisk, FreePBX, FreeSwitch, Yate, and GrooVe IP as well as hardware ATAs such has ObiHai devices. Why? The short answer is because Google says so, and they are/were paying the bills. The longer answer is that companies such as Microsoft and Apple that have proprietary communications platforms were not reciprocating with free connectivity to their services in the same way that Google was providing XMPP service. Another probable reason is that Google was taking a financial bath on Google Voice services which were being abused by many commercial organizations. Reportedly, as many as three to five million DIDs have been handed out as part of the Google Voice project with very little return on investment.



Some have suggested this is just another tempest in a teapot like Y2K. After all, Y2K came and went without many catastrophes. The difference is that businesses spent hundreds of millions of dollars preparing for Y2K to make certain there were no train wrecks. With Google Voice, many individuals have taken the ostrich approach with their heads buried in the sand pretending things are just going to work out. Without some effort on the part of those still using Google Voice, May 15 will be their Julius Caesar moment.

What to Do? One school of thought is that the “old fashioned” Google Voice connections using Python which simulated a web call with Google Chat will still function. If receiving and placing calls using your existing Google Voice numbers matters to you, take the opinions of these self-proclaimed experts with a grain of salt. Here’s what you need to appreciate. First, nobody outside of Google actually knows whether the Python approach will continue to function or not. Second, even if it works on May 15, nothing would preclude Google from making “adjustments” at any time that would disable this functionality. They’ve done it before. They can do it again. And Google has made it abundantly clear that they’re putting an end to the free gravy train. Third, it doesn’t take a rocket scientist to deduce that PSTN call forwarding using Google Voice may be the next axe to fall. This probably won’t happen on May 15, but who knows. Finally, should you decide to go down this road, be aware that it is a major coding project regardless of your platform. But, if this is the road you wish to travel, you can find some tips on making the transition here. You’ve been warned.

The Smarter Approach. Our recommendations today are limited to those in the United States. Our apologies, but that’s two-thirds of our readership and roughly 95% of those that currently rely upon Google Voice. The same recommendations apply to those in Europe and South America and the Far East if calls to destinations in the U.S. are a major part of your VoIP traffic. What do we recommend? First, become VoIP savvy! The provider you use for outbound calls need not be the provider you use for incoming calls. Not putting all your eggs in one basket is a very good idea in the VoIP world.




Call us Chicken Little if you must, but Outbound Calling with Google Voice is going away on May 15. So, in the next two weeks, you definitely need to come up with an alternative for call terminations in the U.S./Canada market. We think you have two options: purchase an all-you-can-eat plan that includes sufficient outbound calling minutes to meet your existing requirements. Or you can select a provider that offers pay by the minute service for all of your outbound calls. One advantage with most of the pay-by-the-minute providers is that you can set your CallerID as desired. Don’t be misled by the all-you-can-eat claims. Every VoIP provider imposes some sort of cap on outbound calling even if their plan is advertised as “unlimited.” If your outbound calling minutes exceed 2000-3000 minutes a month, you’re going to be looking for a new provider within weeks because every provider that we know will drop you like a hot potato when you are no longer profitable in their business model. The other gotcha is that most, if not all, of the all-you-can-eat plans are restricted to residential (non-business) use.

Full Disclosure: We have a favorite all-you-can-eat provider (Vestalink) and a favorite pay-as-you-go provider (Vitelity), and both of them provide some financial support to the Nerd Vittles and PBX in a Flash projects; however, both were our favorites before they provided any support to our projects.

All-You-Can-Eat Calling Plans. We continue to like Vestalink (formerly Obivoice) even though their prices have increased since the release of our original article. That’s actually a good thing. There was no way they could have stayed in business with their original pricing model. On a new 2-year plan with unlimited U.S./Canada inbound AND outbound calls, E911 service, and a free DID in your choice of area codes, the current rate for 24 months is $89.99 which works out to roughly $3.50 a month. The service comes with a 30-day money-back guarantee.

Another option which we previously have covered is a hardware device such as the netTALK Duo. With an upfront $100 hardware investment, you get the same features as Vestalink for $30 a year which works out to less than 10¢ a day. With both services, you have the option of porting your existing Google Voice number for a one-time fee. With Vestalink, you also have the option of spoofing your outbound CallerID number with your existing Google Voice number once it is verified as belonging to you. We prefer the latter approach at least until Google gives some hint that their call forwarding of incoming Google Voice calls is going away. Both services are bargains in our view. But, as we noted, for residential service we still prefer the pure VoIP solution provided by Vestalink.

Pay-As-You-Go Call Terminations. Most of the reputable pay-by-the-minute providers charge between 1¢ and 2¢ a minute for outbound calls with charges billed in 6 to 10-second increments. Unless you make an enormous number of lengthy calls, these rates are a bargain. Vitelity remains our favorite provider primarily because of the flexibility their service offers in setting up multiple sub-accounts for use with Asterisk or FreeSwitch. A sign-up link with a 50% discount on most DIDs is provided here and at the end of this article. We appreciate your support of our VoIP projects!!


While it is not yet officially available, the most compelling reason to switch to Vitelity is vMobile, a new $9.99/month cellphone plan that will integrate your Vitelity cellphone (actually a Samsung Galaxy S III) directly into your Asterisk setup. What that means is calls to extensions on your Asterisk server will also ring on your cellphone. And your cellphone functions exactly like any other extension on your Asterisk server whether you’re operating on 3G, 4G, or LTE networks as well as on WiFi at your home or office. You’ll be able to park calls, transfer calls, set up call monitoring, conferencing, and recording just as if you were on a standard VoIP phone in your home or office. And you can’t beat the price. Inbound and outbound calls on WiFi are totally free. Calls received or placed over what appears to be Sprint’s nationwide network are 2¢ a minute, about the same cost as pure VoIP calls.

For pay-by-the-minute terminations, we always recommend you set up accounts with multiple providers. Then, by setting multiple trunk sequences in your outbound routes, you’ll always have successful calls even when a particular provider happens to have an outage. Other than perhaps a small deposit, redundancy costs you nothing since you only pay for calls that you actually place through each provider. For a current list of our favorite termination providers in both the U.S. and Canada, see this thread on the PIAF Forum.

Handling Incoming VoIP Calls. Here’s the bottom line. The one thing you don’t want to do is risk losing your phone number because of the Google Voice train wreck. We have noticed a dramatic difference in call reliability for incoming calls over the past few months. Perhaps it’s an upstream provider problem… and perhaps not. Whatever the reason, get your phone numbers ported out of Google Voice as quickly as you can. It doesn’t have to be in the next two weeks, but you are well advised to begin the porting process soon. The Nerd Vittles Vitelity link will get you a monthly rate of $3.95 for a Tier A DID with unlimited incoming calls each month and automatic server failover. There are a few less expensive DID providers but, when it comes to our phone number, we’ve always wanted a provider with rock-solid reliability, flexibility, and a proven track record. Vitelity meets those requirements in spades. As we noted at the outset, the other advantage in separating out your inbound and outbound trunks is that, when service gets disrupted (and it happens to the best of providers), you’re not completely dead in the water.

For the short term, so long as you have an existing DID in the U.S. or Canada, you can forward your incoming Google Voice calls to that DID by simply adding it as a call forwarding destination in your Google Voice profile. We also recommend adding your cellphone as an additional call forwarding destination. Finally, be sure to disable the Google Chat option in your Google Voice setup and remove the Google Voice trunk in your FreePBX Google Voice/Motif setup. Good luck!

Originally published: Thursday, May 1, 2014




Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

netTALK to the Rescue: Dumping Google Voice for Less Than 10¢ a Day

The Google Voice Adventure with Asterisk® has been disappointing to put it charitably. Google never really saw the benefit of providing free phone service to millions of Americans because they never could quite figure out how to monetize the project. In the meantime, shady call centers were eating them alive with dozens if not hundreds of Google Voice trunks that were placing endless calls around the clock. The final straw was Microsoft deciding to keep Skype proprietary while adding free Google Voice connectivity to its communications products. This meant Microsoft customers had the best of all worlds while Google’s platform had no way to access Skype except through Microsoft’s proprietary client. Google decided to pull the plug on XMPP beginning May 15 of this year and more or less blamed it on abuse by the open source community for using Google’s own open source development toolkit for Google Voice.

We’ve never been one to sit around crying about spilt milk when there are plenty of other excellent choices available to the VoIP community. Today we begin our exploration of alternatives with a look at all-you-can-eat VoIP. There still are a few pure VoIP service plans available, but every one that we’ve tried leaves a bait-and-switch aftertaste. The first year may be reasonable, but once they’ve got you hooked, look out. Quite literally, they have your number. For this reason, we’ve chosen a hardware hybrid approach that still relies upon VoIP for the actual calls. Below the stratospheric pricing of the Bell Sisters, Comcast, and Vonage, there still are several wallet-friendly, all-you-can-eat VoIP products to choose from including netTALK, Ooma, and magicJack.

We know. Nothing beats free even with a little pain. But we think you’ll love today’s alternative especially given its expanded feature set and modest long-term cost. Up front hardware cost including service for the first year is about $100. Amortizing the hardware and service costs over three years reduces your investment for unlimited U.S./Canada/E911 phone service to roughly $1 a week. After recovery of your $100 hardware investment, the cost is $29.95 a year which works out to less than 10¢ a day… forever. This compares quite favorably to today’s best all-you-can-eat VoIP deal. AxVoice charges $99 for equivalent first year service and then the price escalates to over $150 for subsequent years. It doesn’t take a math major to figure out that’s 5 times the netTALK pricing beginning in Year 2.

That brings us back to Google. If you had several million happy customers already using your VoIP service and you saw a small company that was still in business charging $30 a year for a VoIP feature set that was better than yours, wouldn’t you think you might try to cash in on $100 million a year in new revenue rather than flushing the project down the toilet while shafting the open source developers that got you the customers in the first place??

Earth to Google: Few on the planet are ever going to use a web browser with Hangouts to make traditional phone calls regardless of how many places you plaster the Hangouts logo. Before you hire another Marketing Genius, read a good book or two. The well-deserved 2013 Lame Foot of the Year Award goes to Google. </rant>

Overview. Today we’ll be pairing an old friend, the OBi110, with the unlimited calling options provided by netTALK. When we’re finished, you’ll have a drop-in replacement for Google Voice on your Asterisk server that provides unlimited calling within the U.S. and Canada, plus free calling to other netTALK and OBi users around the world, plus free 911 emergency service for you and your family, plus voicemail delivery by email, and fax support. And you can keep your existing phone number! All of the existing PBX in a Flash and Incredible PBX features still work exactly as they do today without worrying about Google pulling the rug out from under you… again. With the OBiON app for iOS or Android, you can make free calls from your cellphone using today’s netTALK-OBi110 setup. And, if calls from a cellphone aren’t your thing, when you go on vacation to anywhere with an Internet connection, you can slip the netTALK device into your suitcase and plug it in to the Internet at your destination without ever losing the ability to make and receive free calls. We’ll cover all these magic tricks and more today so hang on to your hat. Let’s get started.

Legal Disclaimer. This is not legal advice. Consult your own attorney for that. We have reviewed netTALK’s Terms of Service and find nothing that would preclude your using the services as described in this article so long as the device is used in the United States, usage is under 3,000 minutes per month, and usage is limited to “normal residential or home office usage patterns” without “auto-dialing, continuous or extensive call forwarding, telemarketing, fax broadcasting or fax blasting.” Terms of service can and do change from time to time. Review them regularly.

BY IMPLEMENTING THE TIPS IN THIS TUTORIAL, YOU AGREE TO ASSUME ALL RISKS ASSOCIATED WITH THE METHODOLOGY INCLUDING, BUT NOT LIMITED TO, THE LEGAL AND FINANCIAL CONSEQUENCES OF YOUR ACTIONS. IF YOU ARE UNWILLING TO DO SO, STOP READING HERE!

Hardware Requirements. Here’s what you’ll need. First, purchase a netTALK device. You have several choices. The netTALK DUO is still available for under $50 and includes a full year of unlimited calling in the U.S. and Canada. The netTALK DUO II is the newer model (with the same feature set). It sells for about $30 but only includes three months of free calling. The netTALK DUO WiFi is about $60 and adds WiFi support. Additional years of free calling in the U.S. and Canada are $29.95 with a guarantee of no price escalation as long as you continue the service without interruption. You can add free calling to 60+ countries for an additional $10 a month. Unlimited SMS messaging in the U.S. and Canada is an additional $2.50 a month. AT&T charges $20 a month for unlimited SMS messaging, and it only works on a single cell phone.

In addition to your Asterisk server, the other piece for today’s puzzle is OBiHai’s OBi110, a terrific analog telephone adapter that we’ll use to connect the netTALK adapter to your Asterisk server. If you want to connect a Google Voice account for a few more months, it can do that as well. It also supports a connection to another SIP provider of your choice for redundancy. For today, our focus is getting a Google Voice replacement service in place for your Asterisk server. You can scour the Internet to add the other pieces. The OBi110 is available through Amazon for under $50.1

Installing and Configuring the netTALK Duo

Before your netTALK Duo will work, it has to be registered on the netTALK web site. Locate your temporary username and password for the NetTalk DUO inside the box. Log into the web site and click Start Activation. Plug in your credentials and click LOGIN. Fill out the registration information and create a username and password for your new account. Then press CONTINUE. Complete the E911 information and click SAVE. Select a phone number and ASSIGN it to your account. Now plug a plain-old phone into your netTalk Duo, connect the device to your LAN, and then connect the power adapter. Some routers are problematic. Be sure SIP ALG is disabled on your router. It took about 5 minutes for ours to change from alternating green and red lights to a solid green light and the one-ring call indicating that the device is operating properly. Once you get the solid green light, make a call to the device and from the device. Nothing else works if the netTALK can’t make calls! Once it’s working, you can unplug the phone and use it to configure the OBi110 in the next section.

Installing and Configuring the OBi110

There are a number of steps to the OBi110 setup, but it isn’t difficult. If you can handle slice-and-bake cookies, you can do this. Just follow the recipe and don’t skip any steps. We’ll be configuring the OBi110 in two phases using the OBiTalk web site first and then using the OBi110′s built-in web server. Plug the OBi110 into your LAN and then attach the power adapter. Plug a POTS phone into the PHONE port of your OBi110. Once the OBi110 has booted, pick up the phone and make sure you have a dial tone. Then hang up.

IMPORTANT: Make sure that you restore the OBi to its factory default settings if you have previously used the device! ALWAYS keep your OBi110 behind a hardware-based firewall with NO Internet port exposure!

Now head over to the OBi web portal and set up an account if you don’t already have one. From the OBi Dashboard, click ADD DEVICE. Uncheck the box to set up a Google Voice account. You can do that later if desired. Now pick up the phone connected to the OBi110 and dial **5 plus the 4-digit number shown in your browser. This will identify your device to OBiTalk. Your OBi110 will appear in a dialog box for confirmation. Click CONFIRM promptly, or start over.

In the Device Configuration window that appears, add a Device Display Name, Webpage Admin PW, OBi Attendant PIN, and your TimeZone. SAVE your settings. The OBi110 should now appear in the OBi Dashboard with its assigned OBi number and speed dial number together with a Green status icon signifying it’s working.

Now is a good time to download the OBiON app to your iOS device or Android phone. Launch the app and login with your OBiTalk account information. In the OBi Dashboard, you will note that your softphone now has appeared and was assigned a 9-digit OBiTALK number. Write it down. You’ll need it in a minute to complete the OBi110 setup. Click on the Edit icon for the softphone and assign your OBi110 as the OBi Voice Gateway. SAVE your settings.

For the remainder of the OBi110 setup, we’ll be using the web interface built into the OBi110. If you don’t know the IP address of your OBi110, pick up the phone connected to your OBi and dial ***1.

1. Use your browser to log into the OBi110′s web interface. Log in with admin:admin as the username:password.

2. Once you’re logged into your OBi110′s web interface, the Setup Wizard will display. Expand the first five headings in the left column by clicking on the + icons for Status, System Management, Service Providers, Voice Services, and Physical Interfaces. Then expand ITSP Profile B under Service Providers.

3. Download the latest firmware from here to your desktop. Currently it’s 1.3.0 (Build: 2824). Install it on your device: Device Update -> Firmware Update. Your OBi110 will restart after loading the new firmware.

4. Disable ALL AutoProvisioning: Auto Provisioning -> Firmware Updates, ITSP Provisioning, OBiTalk Provisioning. Then Submit and Reboot.

This keeps external forces from stepping on your setup once it’s working. If something breaks down the road, you can manually provision your device once you know what’s broken.

5. While not absolutely necessary, we recommend you set a static IP address for your OBi110: Network Settings -> Internet Settings. Submit and Reboot. Using your browser, log back into the new IP address.

Another alternative is to permanently lock the DHCP-assigned IP address to the OBi110 using the web interface of your router.

6. Open the SIP profile under ITSP Profile B. Here you’ll need to insert the IP address of your Asterisk server in BOTH the ProxyServer and X_AccessList fields. Also add a check mark for X_SpoofCallerID. Before you can add these entries, you’ll need to uncheck the Default checkbox beside each entry. This applies to all further steps as well. After making the three entries, click Submit and Reboot.

7. Open the SP2 Service window. For X_ServProvProfile and X_CodecProfile, change the settings to B. Change X_InboundCallRoute to LI. Add a check mark for X_KeepAliveEnable. Change X_KeepAliveServerPort and X_UserAgentPort to 5061.

In the SIP Credentials section, change AuthUserName to obitrunk. Make up a secure password and insert it in the AuthPassword field. Remember the password! We’ll need it to configure your Asterisk trunk in a minute. For the URI entry, use the following with the actual IP address of your Asterisk server: obitrunk@192.168.0.82. Double-check all nine entries carefully and then click Submit and Reboot.

8. In the OBiTalk Service Settings window, change the InboundCallRoute to an entry that looks like this: {pp(ob290999999),li}. We recommend you cut-and-paste our example and then replace 290999999 with the 9-digit OBiTalk number that was assigned to your softphone above. A punctuation error here will block your softphone from ever working. Click Submit and Reboot.

9. Finally, we need to configure the LINE Port. For the InboundCallRoute, insert the following using the 10-digit phone number assigned to your netTALK Duo: SP2(6781234567). For the SilenceTimeThreshold, set the number of seconds you want the OBi110 to wait before disconnecting a call where nobody at the other end of the call says anything. We recommend 600 which is 10 minutes. Click Submit and Reboot.

10. Now it’s time to connect your netTALK Duo to your OBi110. Unplug any phone connected to the netTALK Duo. Using a telephone cable, connect the PHONE port of the netTALK Duo to the LINE port of the OBi110. Never plug the netTALK Duo into the PHONE port of the OBi110, or your OBi is (burnt) toast!!!

11. Test your configuration. Pick up the phone that’s still connected to the OBi110 and dial either a 10-digit or 11-digit number of someone you love: 8005551212 or 18005551212. Do the same thing using the OBiON app on your cellphone or tablet. Be patient! OBiON connections are not instantaneous. Your connections have to be authenticated through OBiHai’s servers before they go through.

Interconnecting Asterisk with the OBi110

There basically are three pieces you need to add to Asterisk so that it can communicate with your netTALK Duo and OBi110. You need a Trunk to which the OBi110 will register. You need an Inbound Route to tell Asterisk how to handle incoming calls from the netTALK Duo phone number. And you need an Outbound Route to tell Asterisk which outgoing calls should be routed out through the netTALK Duo. We’re assuming you will be using the netTALK Duo as your primary trunk for outbound AND emergency calls. We’re also assuming you will not be making international calls. Finally, we’re assuming you are using FreePBX 2.11 with either PBX in a Flash or with one of the Incredible PBX builds on the CentOS 6.5, Raspbian, or Ubuntu platforms. Other FreePBX 2.11 setups should work in much the same way. If any of these assumptions don’t apply, you’ll obviously need to make the necessary adjustments for your environment.

Trunk Configuration. To set up the obitrunk under FreePBX 2.11, log into FreePBX and choose Connectivity -> Trunks -> Add SIP Trunk. For the Trunk Name, use obitrunk. For Outbound Caller ID, enter the 10-digit phone number assigned to your netTALK Duo. For Maximum Channels, use 1. For Dialed Number Manipulation Rules, add the following Match Patterns: 1NXXNXXXXXX, NXXNXXXXXX, and 911.

In Outgoing Settings, use obitrunk for Trunk Name and enter the following PEER Details:
type=peer
host=dynamic
port=5061
disallow=all
allow=ulaw
dtmfmode=rfc2833

In Incoming Settings, enter your actual 10-digit netTalk phone number in the User Context field: 6781234567. Enter the following USER Details replacing mypassword with the password you set up in OBi110 step #7 SIP credentials above and adjusting the permit entry to match your LAN subnet:
type=friend
secret=mypassword
host=dynamic
context=from-trunk
canreinvite=no
nat=yes
port=5061
qualify=yes
dtmfmode=rfc2833
disallow=all
allow=ulaw
deny=0.0.0.0/0.0.0.0
permit=192.168.0.0/255.255.255.0

Click Submit Changes and Apply Config to save your entries.

Inbound Route Configuration. If you already have a default inbound route on your Asterisk server, then you can skip this step unless you want incoming calls from the netTALK DID routed in a special way. To create an inbound route for the netTALK phone number, choose Connectivity -> Inbound Routes -> Add Incoming Route. For the Description, enter netTALK-OBi110. For the DID Number, enter your 10-digit netTALK phone number. For CID Lookup Source, choose CallerID Superfecta if you’re using this module. For Set Destination, choose how you want FreePBX to route the incoming calls, i.e. an extension, ring group, IVR, etc.

Click Submit and Apply Config to save your entries.

Outbound Route Configuration. If you want all 10-digit, 11-digit, and 911 calls placed from your Asterisk server to be routed out through the netTALK Duo, then you’d Add a Route under Connectivity -> Outbound Routes that looks something like the following. Don’t forget to move this Outbound Route (in the right column) to the TOP of your list of Outbound Routes to make certain it is processed first by FreePBX.

For Route Name, use obiout. For Dial Patterns, use the same ones you used in your Trunk setup above: 1NXXNXXXXXX, NXXNXXXXXX, and 911. For Trunk Sequence, select obitrunk.

Click Submit Changes and Apply Config to save your entries.

While still in Outbound Routes, drag obiout to the top of the outbound routes list in the right column. Then click Apply Config again to save your trunk processing sequence.

Verifying Connectivity. Let’s be sure everything works. First, log back into the IP address of your OBi110 and verify that System Status -> SP2 Service Status shows the OBi110 is registered to your Asterisk server. Next place a 10-digit call using an extension on your Asterisk server and monitor the Asterisk CLI to make certain that the call went out using the netTALK Duo trunk and was completely successfully. Finally, use your cellphone to call the number assigned to your netTALK Duo. The call should ring on the devices you configured in the Inbound Route above. Enjoy your new freedom from Google Voice!

Special Thanks. We want to express our appreciation to ObiHai for an excellent Administrator’s Guide and to the numerous individuals who have wrestled with the OBi110 setup over the years. This includes Adrian Li, Ad_Hominem and MichiganTelephone on the OBiTalk Forum as well as the reference articles which now are available here.

Originally published: Tuesday, January 7, 2014




Need help with Asterisk? Visit the PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for all of us.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity. 


Some Recent Nerd Vittles Articles of Interest…

  1. Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. []

Ringbinder theme by Themocracy