2015 marks the year we finally settled upon an Asterisk® platform that was not only feature rich but also easy to deploy and maintain. Incredible PBX™ began as an add-on feature set for PBX in a Flash™. But we really wanted a pure open source platform that was built from the ground up. So we introduced a number of stand-alone installers that could be deployed using existing Linux platforms: CentOS, Ubuntu, Debian, Raspbian, and even FreePBX® Distro’s SHMZ. These continue to be our "best sellers" even though we give them away. With the exception of SHMZ, the beauty of the other stand-alone installers is you can use them anywhere whether it’s a Raspberry Pi® or in the Cloud1 with RentPBX or Digital Ocean. But there were some that preferred either dedicated hardware or in-house virtual machine platforms such as VirtualBox and Proxmox. For these platforms, a two-step OS and Incredible PBX install procedure was a hassle. So we introduced an ISO build of Incredible PBX with a superset of Scientific Linux 6.7 preconfigured. And finally we added snapshot images for VirtualBox and Proxmox. What used to take hours has been reduced to less than 30 seconds on the Proxmox 4 KVM platform. With Incredible PBX, it’s all about choice and the FREEDOM to choose with NoGotchas!

Along the way, we experimented with a number of other hardware platforms, and we even tried several other management GUI’s for Asterisk. But there comes a time when you have to sharpen your focus and produce a product that is something other than experimental. And that’s why we are pleased to introduce the new Certified Incredible PBX Builds. These are robust unified communications solutions that we not only test regularly but also use ourselves. Yes, we eat our own dog food.

So where do you begin? We documented a simple, 3-Step Decision Tree to guide you through the process of choosing a GPL platform and VoIP communications solution that’s right for you. You can take it for a spin here or read the complete tutorial.

[purehtml id=21]

  
  

The more difficult question is deciding how to host your Unified Communications server. Do you want to maintain it yourself, or do you prefer that someone else maintain either the hardware or software or both? We can’t really answer that for you without a great deal of additional information. What we can tell you is that experimentation is a wonderful thing, and you’ll learn an awful lot in the process. Take advantage of the PIAF Forum. There are hundreds of VoIP experts and 10,000+ members to help with your new adventure. Building systems with Incredible PBX is a process that, in the worst case, takes under an hour. And, in the best case, it takes under 30 seconds. So our advice is try several Cloud approaches and, if you have some old hardware lying around the house, try that option as well. We would hasten to add that we don’t recommend running your phone system on old hardware permanently. If you choose the stand-alone server route, invest $200 and get our recommended Intel® NUC or invest $100 and put a Raspberry Pi 2 platform into production. Both are easy to back up and restore. If you’re a dedicated iMac user with processing power and RAM to spare, then the VirtualBox solution really is a no-brainer. It doesn’t cost you a dime, and you’ll never know your phone system is operating as a virtual machine.

The Incredible PBX Gold Standard

We get emails all the time that go something like this. "Cut the crap. You’re the expert. Just tell me the platform that you use and would recommend." Fair enough. Here you go. We experiment on Cloud-based servers almost daily. We have a virtual machine at RentPBX that has run non-stop for years without a hiccup. Use our $15/month coupon code if you sign up: NOGOTCHAS. We build and tear down systems at Digital Ocean and CloudAtCost and Wable almost daily. These three have the added advantage of letting you take snapshots of your virtual machines. Snapshots can be restored in minutes. While CloudAtCost is a good sandbox, don’t even think about using it in production!

The system we recommend for SOHO and small businesses is $200 dedicated hardware, an Intel NUC. The software is Incredible PBX 13 ISO. The server is powerful, quiet, tiny, and easy to back up using Clonezilla and an external USB drive. Our production machine doesn’t change much for months at a time. Once configured, yours probably won’t either. Don’t go update crazy! Apply updates and upgrades only when something doesn’t work or you need a new feature. If it ain’t broke…

A Few Words About Incredible PBX Applications for Asterisk

Asterisk is a complex telephony platform. Don’t expect to learn it all in a day. We’ve been at it for 10 years, and there’s still much that we don’t know. On top of Asterisk, we’ve added over three dozen Asterisk applications. And, yes, there is documentation. Spend a little time with the tutorial, and it will improve your appreciation for Asterisk 1000%.

A Few Words About Google Voice OAUTH Authentication

We have been a strong proponent of Google Voice for many years. Why? Because in the United States, you can make limitless calls to the U.S. and Canada for free. Faxes work, too. Just don’t put all of your eggs in the Google Voice basket. It does break, and Google regularly "improves" things. Thus far, we’ve always managed to get things going again thanks to some very talented telephony gurus around the globe. The one component of Google Voice that Google continues to threaten to shut down is the use of plain text passwords for authentication. With Incredible PBX, you can do something about that by implementing OAUTH authentication on your server. We’ve written a simple tutorial to guide you through implementation and use of OAUTH 2.0 with Google Voice. Please read it before your Google Voice trunks suddenly drop dead.

A Few Words About Security and Firewalls

If you have a phone system that is exposed to the Internet, the bad guys are going to attempt to make calls on your nickel forever. No firewall means sooner or later you’re going to get hit with a very expensive phone bill. Some of the horror stories include charges of over $100,000 in a single month.

Incredible PBX includes a sophisticated firewall that is locked down to private networks, preferred (by us) VoIP providers, and the IP addresses of your desktop computer and your server. Don’t disable it!

We do not recommend using Incredible PBX on the Amazon EC2 platform for the simple reason that Amazon treats all customers as part of the same private LAN. This defeats the security provided by the Incredible PBX firewall and leaves your extension and trunk passwords as your only line of defense. Yes, there are bad guys using Amazon. You’ve been warned.

If you opt to host your own dedicated server for Incredible PBX, we strongly recommend that you place the server behind a hardware-based firewall in addition to the IPtables firewall provided as part of every Incredible PBX build. Two firewalls are almost always better than one. It’s one more nut to crack for the bad guys.

Finally, a word about the new FreePBX Firewall. Don’t. Good network practices suggest that a firewall should be as separated from your applications as possible. The IPtables firewall used by Incredible PBX is only accessible through SSH or the console with root login. It also requires root permissions for any type of modification to its setup. The FreePBX firewall is an integral component of FreePBX and is accessible through the FreePBX GUI itself using the standard FreePBX admin credentials. In addition, during the first week, a vulnerability was reported which resulted in a root vulnerability. What’s puzzling about that is the fact that FreePBX itself traditionally has not operated with root permissions which suggests that other changes have been made in the GUI so that the user account separation between the asterisk user account and the root user account has now been compromised, a very dangerous new development. If this is ever explained, we will pass it on.


https://twitter.com/0x00string/status/655513518578339841

A Few Words About Module Repositories

FreePBX 12 GPL modules are an integral component of Incredible PBX. Why don’t we use "pure" FreePBX 12? The short answer is Sangoma® has integrated a hidden module repository into FreePBX 12. It is comprised of modified FreePBX 12 modules that are not provided on any publicly-accessible web site. Yes, FreePBX 12 GPL modules are available through their GIT repository, but these modules differ from the ones that actually make FreePBX 12 work properly (see next section). As a result, we have chosen to build and use a public module repository for FreePBX 12 GPL modules included in Incredible PBX. For further details, see this Nerd Vittles article. To access our public repository of FreePBX 12 GPL modules, go here.

A Few Words About Module Signatures

With FreePBX 12, Sangoma also has chosen to bar use of competitor’s commercial modules within the product. In addition, Sangoma has implemented a module signature scheme which results in nasty security alerts whenever a compatible FreePBX module is included in the GUI that was not produced or approved for inclusion by Sangoma giving the impression that your server has been compromised. As a result, we have chosen to disable module signature checking by default with Incredible PBX. As changes are made within the GUI, the nasty warnings reappear. We have included the gui-fix script to again disable signature checking. A permanent fix which eliminates signature checking permanently is available here.

A Few Words About Asterisk Upgrades

When you install Incredible PBX, you automatically get the latest and greatest version of Asterisk. Depending upon the installer used, you get either Asterisk 11 or 13. Both versions of Asterisk get regular upgrades provided by Digium®. As with updates, our recommendation is to not apply upgrades unless you actually need a new feature or your existing server is experiencing problems related to the version of Asterisk you are running. We have provided an upgrade utility to make the upgrade process painless. It will NOT move you from Asterisk 11 to 13. It only moves you to the latest release in the version of Asterisk you already have installed.2 In the case of Asterisk 13, the upgrade utility will preserve Google Voice OAUTH authentication if you have previously applied the Asterisk 13 patch as documented above. To upgrade your server, log in as root and issue the following commands:

cd /root
wget http://incrediblepbx.com/upgrade-asterisk-to-current.tar.gz
tar zxvf upgrade-asterisk-to-current.tar.gz
rm -f upgrade-asterisk-to-current.tar.gz
./upgrade-asterisk-to-current

A Few Words About Backups

There are two kinds of administrators in the world: those that make regular backups and those that don’t. Only the first category of administrators generally keep their jobs. Whether you do this for a living or for fun, you are strongly encouraged to make regular backups of your server. There are two types of backups: full system backups and incremental backups using the incrediblebackup script. You need both. For dedicated servers, we recommend you obtain the free Clonezilla application for full system backups. Used in conjunction with an external USB drive, it provides excellent results. For those using Incredible PBX in a virtualized environment, we recommend you use the snapshot utility included on your platform to make periodic backups. Backups should always be stored in a location separate from that of your server or virtual machine.

Originally published: Monday, October 26, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: 3CX, RentPBX, Amazon, Vitelity, DigitalOcean, Vultr and others provide financial support to Nerd Vittles and our open source projects through advertising or referral revenue. We’ve chosen these providers not the other way around. Our decisions were based upon their corporate reputation and the quality of their offerings and their pricing. Our technology recommendations are reached independently of financial considerations except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com. Better yet, download the PIAF5 ISO powered by 3CX. Free version includes support for 8 simultaneous calls with a SIP trunk.

  • Run on Premise or in the Cloud, on Windows and now on Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • RentPBX, a long-time partner and supporter of PIAF project, is offering generous discounts for Nerd Vittles readers. For all of your Incredible PBX hosting needs, sign up at www.RentPBX.com and use code NOGOTCHAS to get the special pricing. The code will lower the price to $14.99/month, originally $24.99/month. It’s less than 50¢/day.


    Some Recent Nerd Vittles Articles of Interest…

    Be Sociable, Share!

    1. Some of our links refer users to service providers when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee or advertising revenue from some of these providers to help cover the costs of our blog. We never recommend particular products solely to generate commissions. However, when pricing is comparable or availability is favorable, we support these providers because they support us. []
    2. Some of the FreePBX Distro cheerleaders have touted the beauty of their NagWare noting that you can move back and forth between Asterisk 11 and 13. The question is why would anyone ever want to move back to Asterisk 11 after migrating to Asterisk 13. So we’re talking about a one-time reinstall followed by a restore using Incredible Backup and Restore from your Asterisk 11 server. Can you say lunch break? []