Our last major Incredible PBX® upgrade on the Ubuntu platform supported Ubuntu 14.04 which was released in April, 2014. We skipped 16.04 because of all the wrinkles it introduced for VoIP deployments: an incompatible PHP upgrade, missing ODBC support, and on and on. Fortunately, all of those issues have been sorted out over the past two years, and two weeks ago we introduced Incredible PBX 13-13 for the Ubuntu 18.04 LTS platform which was released in April. What a difference two weeks makes. Now we’ve added SRTP encrypted communications as well as support for the hidden 32-bit version of Ubuntu 18.04. And the bug list has shrunk quickly with the return of CDR reports including CNAM support. You can track all the latest developments in this PIAF Forum thread.

As with our previous CentOS release, you now have a choice of the Lean, Mean Asterisk® Machine, or you can go for the Whole Enchilada which adds more than three dozen applications for Asterisk 13 LTS including most of the FreePBX® 13 GPL modules. If you enjoy a VoIP playground on the bleeding edge of technology, this Bud’s for you! We’re lowering the beta release flag now that our users have had an opportunity to kick the tires and find most of the major bugs.

We’d be remiss if we didn’t mention that native Google Voice support in Asterisk is probably going away in a couple of weeks. Thus far there has been no notification to current users other than an obscure post on their support forum. But there is a ray of hope that Bill Simon’s Simonics gateway offering Incredible PBX users a standards-based SIP connection to Google Voice may still provide a solution without purchasing Polycom’s Obihai hardware that we covered in last week’s tutorial. In fact, if you’re an existing Simonics gateway user, you are eligible to participate in the current beta program that supports Google’s new XMPP-free platform. You can review the Simonics signup details and caveats here. For today, we’ll get you started with Incredible PBX for Ubuntu 18.04 while we wait and see with Google Voice.

Building an Ubuntu 18.04 Platform for Incredible PBX 13-13

As a result of the trademark and copyright morass with Ubuntu, we’ve steered away from the bundled operating system in favor of a methodology that relies upon you to put in place the operating system platform on which to run Incredible PBX. The good news is it’s easy! With many cloud-based providers1 including Vultr and Digital Ocean, you can simply click a button to choose the Ubuntu 18.04 64-bit image and within minutes, you’re ready to go. For the VirtualBox virtual machine platform, we’ve uploaded a pre-built Ubuntu 18.04 64-bit image to SourceForge to get you started. If you’re rolling your own with on-premise hardware, start by downloading the Ubuntu 18.04 LTS 64-bit server image from here. If you happen to have older hardware, you can download the Ubuntu 18.04 32-bit mini ISO from here. Choose the LAMP, mail, SSH, and Ubuntu Server options during the install, and you’ll be ready to install Incredible PBX.

Installing Incredible PBX with Ubuntu 18.04

Adding Incredible PBX 13-13 to a running Ubuntu 18.04 server is a walk in the park. To restate the obvious, your server needs a reliable Internet connection to proceed. Using SSH (or Putty on a Windows machine), log into your new server as root at the IP address you deciphered using ifconfig.

If you’re using a 512MB droplet at Vultr or Digital Ocean, be advised that the Ubuntu 18.04 setup does NOT include a swap file. This may cause serious problems when you run out of RAM. Uncomment ./create-swapfile-DO line below to create a 1GB swap file which will be activated whenever you exceed 90% RAM usage on Digital Ocean.

Now let’s begin the Incredible PBX 13-13 install. Log back in as root and issue the following commands:

cd /root
wget http://incrediblepbx.com/incrediblepbx-13-13U-LEAN.tar.gz
tar zxvf incrediblepbx-13-13U-LEAN.tar.gz
rm -f incrediblepbx-13-13U-LEAN.tar.gz
#./create-swapfile-DO
./Incredible*

Once you have agreed to the license agreement and terms of use, press Enter. The Incredible PBX installer will load the latest updates for Ubuntu 18.04 and then reboot. Log back into your server and run the installer a second time: ./Incredible*. Be sure to use OAuth authentication for Google Voice if you plan to also install the Whole Enchilada. Then stick around for the first few minutes to answer a couple of additional prompts. The first only requires typing Y and pressing ENTER. The second asks for the default country code to associate with your PBX. For the U.S. and Canada, it’s the number 1.

When the installation finishes, your server will reboot to activate the preconfigure firewall whitelist. If you need to add additional IP addresses to the whitelist before rebooting, press Ctrl-C and run /root/add-ip. Don’t forget to reboot! Then log back in as root and you’ll be greeted with a status display like this after the Automatic Update Utility runs:

Assuming you’ve already created a very secure root password (update it by running passwd), perform the following 5 Steps to get everything locked down:

  1. Create an admin password for GUI access: /root/admin-pw-change
  2. Create an admin password for Apache web access: htpasswd /etc/pbx/wwwpasswd admin
  3. Configure the correct timezone for your server: /root/timezone-setup
  4. Retrieve your PortKnocker setup like this: cat /root/knock.FAQ
  5. Add IPtables WhiteList entries for remote access: /root/add-ip or /root/add-fqdn

Using the Incredible PBX 13-13 Web GUI

NOTE: If you plan to upgrade to the Whole Enchilada, you can skip this section. It’s for those that wish to roll their own PBX from the ground up.

Most of the configuration of your PBX will be performed using the web-based Incredible PBX GUI with its FreePBX 13 GPL modules. Use a browser pointed to the IP address of your server and choose Incredible PBX Admin. Log in as admin with the password you configured in the first step above. HINT: You can always change it if you happen to forget it.

To get a basic system set up so that you can make and receive calls, you’ll need to add a VoIP trunk, create one or more extensions, set up an inbound route to send incoming calls to an extension, and set up an outbound route to send calls placed from your extension to a VoIP trunk that connects to telephones in the real world. You’ll also need a SIP phone or softphone to use as an extension on your PBX. Our previous tutorial will walk you through this setup procedure. Over the years, we’ve built a number of command line utilities including a script to preconfigure SIP trunks for more than a dozen providers in seconds. You’ll find links to all of them here.

Continue Reading: Configuring Extensions, Trunks & Routes

Upgrading to Incredible PBX Whole Enchilada

There now are two more pieces to put in place. The sequence matters! Be sure to upgrade to the Whole Enchilada before you install Incredible Fax. If you perform the steps backwards, you may irreparably damage your fax setup by overwriting parts of it.

The Whole Enchilada upgrade script now is included in the Incredible PBX LEAN tarball. To run it, issue the following commands:

cd /root
./Enchilada*

If you accidentally installed Incredible Fax before upgrading to the Whole Enchilada, you may be able to recover your Incredible Fax setup by executing the following commands. It’s worth a try anyway.

amportal a ma install avantfax
amportal a r

Installing Incredible Fax with HylaFax/AvantFax

You don’t need to upgrade to the Whole Enchilada in order to use Incredible Fax; however, you may forfeit the opportunity to later upgrade to the Whole Enchilada if you install Incredible Fax first. But the choice is completely up to you. To install Incredible Fax, log into your server as root and issue the following commands:

cd /root
./incrediblefax13.sh

After entering your email address to receive incoming faxes, you’ll be prompted several times to choose options as part of the install. Simply press the ENTER key at each prompt and accept all of the defaults. When the install finishes, make certain that you reboot your server to bring Incredible Fax on line. There will be a new AvantFax option in the Incredible PBX GUI. The default credentials for AvantFax GUI are admin:password. Be advised that there remain a couple of quirks on the Ubuntu 18.04 platform. First, after entering your credentials, you may get a timeout error with your browser. Simply press the Reload/Refresh icon in your browser, and the default AvantFax menu will appear. Second, you will need to set your email delivery address and a new password for AvantFax manually. Click on the Settings option in the upper right corner of the dialog. When you save your settings, you may again experience a timeout event. Click the Reload/Refresh button on your browser again, and AvantFax will come back to life.

Setting Up a Soft Phone for Incredible PBX

Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension after installing Enchilada. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. You can dial a few of these to get started or, better yet, take Allison’s Incredible PBX IVR for a spin by dialing D-E-M-O (3366). NOTE: The Voice Recognition options will not work until you first enter your credentials (covered below).

123 - Reminders
222 - ODBC Demo (use acct: 12345)
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History

The next step is establishing an interface on your PBX to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least until mid-June) is to use an existing (free) Google Voice account. The more desirable long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started. And, of course, our platinum sponsor, Vitelity, stands ready to assist with a special offer at the end of this article.

Incredible PBX Wholesale Providers Access

Nerd Vittles has negotiated a special offer that gives you instant access to 300+ wholesale carriers around the globe. In lieu of paying the $650 annual fee for the service, a 13% wholesale surcharge is assessed to cover operational costs of TelecomsXchange. In addition, TelecomsXchange has generously offered to contribute a portion of the surcharge to support the Incredible PBX open source project. See this Nerd Vittles tutorial for installation instructions and signup details.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax 11, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Google Voice account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Use a previously configured and dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX 11.

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you’re probably out of luck. Google has disabled the option in newly created accounts as well as some old ones that had Google Chat disabled. Now go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

UPDATE: Google has improved things… again. You may not see the options documented above at all. Instead, you may be presented with the new Google Voice interface which does not include the Google Chat option. But fear not. At least for now there’s still a way to get there. After you have set up your new phone number, click on (1) Settings -> Phone Numbers and then click (2) Transfer (as shown below). That returned the old UI. Make sure the Google Chat option is selected and disable forwarding calls to default phone number.



One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to set up your Google Voice trunk in the GUI. After logging in with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!

IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.

Troubleshooting Audio and DTMF Problems

You can avoid one-way audio on calls and touchtones that don’t work by entering these simple settings in the GUI: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

A Few Words about the Incredible PBX Security Model for Ubuntu

Incredible PBX for Ubuntu 18.04 is a very secure, turnkey PBX implementation. As configured, your server is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. Nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking.

You can whitelist additional IP addresses for remote access in several ways. First, you can use the command-line utilities: /root/add-ip and /root/add-fqdn. You can also remove whitelisted IP addresses by running /root/del-acct. Second, you can dial into extension 864 (or use a DID pointed to extension 864 aka TM4) and enter an IP address to whitelist. Before Travelin’ Man 4 will work, you’ll need to add credentials for each caller using the tools in /root/tm4. You must add at least one account before dial-in whitelisting will be enabled. Third, you can temporarily whitelist an IP address by successfully executing the PortKnocker 3-knock code established for your server. You’ll find the details and the codes in /root/knock.FAQ. Be advised that IP addresses whitelisted with PortKnocker (only!) go away whenever your server is rebooted or the IPtables firewall is restarted. For further information on the PortKnocker technology and available clients for iOS and Android devices, review the Nerd Vittles tutorial.

HINT: The reason that storing your PortKnocker codes in a safe place is essential is because it may be your only available way to gain access to your server if your IP address changes. You obviously can’t use the command-line tools to whitelist a new IP address if you cannot gain access to your server at the new IP address.

We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. If you use a hardware-based firewall, be sure to map the three PortKnocker ports to the internal IP address of your server!

The NeoRouter VPN client also is included for rock-solid, secure connectivity for remote users. Read our previous tutorial for setup instructions.

As one would expect, the IPtables firewall is a complex piece of software. If you need assistance configuring it, visit the PIAF Forum for some friendly assistance.

Incredible PBX Automatic Update Utility

Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along. Also be sure to check the PBX in a Flash RSS Feed inside the GUI for the latest security alerts.

Mastering the Incredible PBX Applications

Your next stop should be a quick read of the Application User’s Guide for Incredible PBX. Even though the target audience was Raspberry Pi users, the feature set is identical, and this guide will tell you everything you need to know about the dozens of applications for Asterisk that have been installed on your new server.

We also want to encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie. Come join us!

Originally published: Monday, May 21, 2018  Updated: Monday, June 4, 2018


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: RentPBX, Amazon, Vitelity, DigitalOcean, Vultr, Digium, Sangoma, 3CX, TelecomsXchange and others have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and their pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


RentPBX, a long-time partner and supporter of PIAF project, is offering generous discounts for Nerd Vittles readers. For all of your Incredible PBX hosting needs, sign up at www.RentPBX.com and use code NOGOTCHAS to get the special pricing. The code will lower the price to $14.99/month, originally $24.99/month. It’s less than 50¢/day.


Some Recent Nerd Vittles Articles of Interest…

Be Sociable, Share!

  1. With some providers including ones linked in this article, Nerd Vittles receives referral fees which assist in keeping the Nerd Vittles lights burning brightly. []

This article has 4 comments

  1. ./admin-pw-change working for anyone else?

    mysql: [Warning] Using a password on the command line interface can be insecure.
    ERROR 1406 (22001) at line 1: Data too long for column ‘password_sha1’ at row 1

    eth0: error fetching interface information: Device not found
    Done. Use browser to access FreePBX at http://

    [WM: There was a bug in the admin-pw-change script. A patch has been pushed out through the Automatic Update Utility. Just log out and log back into your server to get it. The browser link also was fixed. The MySQL warning is harmless, just an alert that you are using the MySQL password on the command line.]

  2. For the first time (for at least 5 years), /root/add-ip and /root/add-fqdn are not working, I could login using kvm mode (through http://www.ovh.com) by I could not do so with putty. I had installed twice to make sure it was done properly.

    [WM: Sorry, but we’ve been unable to duplicate your problem. Please head to the PIAF Forum if you need assistance with this.]

  3. hi, I tried to install in aws.amazon.com using soft key (no login is required) and selinux is disabled. I could login. May be it is just OVH peculiar environment. thx for the wonderful work.

    [WM: We don’t recommend Amazon AWS but, if you use it, make certain that the 172.16 whitelist entry is disabled in /etc/iptables/rules.v4. Otherwise, every Amazon user will have access to your server. And don’t forget to restart IPtables after making the change: iptables-restart]

  4. Wow that was unusual. I just wrote a really long comment but after I
    clicked submit my comment didn’t appear. Grrrr…
    Well, I’m not writing all that over again. Regardless, just wanted to say fantastic blog!

Leave a comment

Your email address will not be published. Required fields are marked *

*