As part of our ongoing development efforts, we maintain about a dozen honeypot servers across the U.S. and Canada to monitor the latest adventures of the bad guys. Security becomes especially important for those wishing to live on the bleeding edge and deploy a cloud-based, public-facing VoIP server. Today we want to walk you through our latest suggestions to set up and secure a VitalPBX platform using just the built-in FirewallD, IPset, and Fail2Ban components. If you opt to deploy VitalPBX in the Cloud, a KVM-based VPS is absolutely essential in order to take advantage of the security mechanisms we will introduce today.

Here are 6 Key Security Features in today’s public design:

  • SIP Registration Lockdown by FQDN
  • Extension Lockdown by IP Address
  • Trunk Provider Lockdown by IP Address
  • Web Access Lockdown by WhiteList
  • Disguised Ports for SIP and SSH Access
  • 100,000+ VOIP Blacklist for FirewallD

Is it 100% safe? Nothing ever is. That’s what backups are for. 😉

FYI: The CentOS folks reintroduced a previous FirewallD bug on October 22 which (again) broke new VitalPBX installs. On October 23, the VitalPBX developers fixed the bug (again). There should be no problems with new installs. For previous installs, see this thread on the PIAF Forum for the fix.

Taking Incredible PBX with VitalPBX to the Cloud

Because Incredible PBX with VitalPBX 2.3.8 was originally distributed as an ISO, getting it installed in the cloud was a challenge. A few cloud providers let you bring your own ISO to install on their VPS platforms, but it was still a tedious process. So today we’re pleased to introduce a new install script that can be run on any CentOS 7 platform.

We have a few cloud providers that we recommend without reservation. Both Vultr and Digital Ocean provide referral credits to Nerd Vittles to support our VoIP project development efforts. We’ve used both of them for many years with no problems. Either of the platforms works well using the $5 a month option in your choice of cities. Just be sure to choose the CentOS 7 platform, not CentOS 8. For an extra buck, you can add automatic backups.

Our favorite bargain is now CrownCloud in Los Angeles. For $25 a year, they offer a KVM VPS that is ideal as a VoIP platform. And the offering includes a free snapshot image as well. As you might imagine, it’s very popular and goes Out of Stock from time to time so check back often. For our international friends, CrownCloud offers similar platforms at the same price point in both Germany and the Netherlands.

Installing Incredible PBX with VitalPBX on CentOS 7

Once your CentOS 7 platform is up and running, here’s how to install Incredible PBX for VitalPBX. Log into your server as root using SSH or Putty. Then issue these commands:

cd /root
passwd
yum -y install net-tools wget nano tar
wget http://incrediblepbx.com/incrediblepbx.sh
chmod +x incrediblepbx.sh
./incrediblepbx.sh

Incredible PBX Cloud Setup Recipe for VitalPBX

We think the easiest way to configure your new VitalPBX platform is to follow the simple steps outlined below. This will avoid your having to jump back and forth between tutorials to get all the pieces in place. When you’re finished, you’ll have a secure VitalPBX cloud platform. Don’t be intimidated by the number of steps. If you can handle slice-and-bake cookies, you can do this!

1. Point your browser to the IP address of your server. You’ll be prompted to set a password for admin access to the GUI. Fill in the blanks to proceed. Should you ever forget your admin password, here’s how as root user to force a reset on your next login from a browser:

mysql ombutel -e 'update ombu_settings set value = "yes" where name = "reset_pwd"'


2. Register your server when prompted. The VitalPBX Dashboard will appear.

3. Decipher the public IP address of your desktop machine and any other PCs that will be used to manage your server.

4. From the VitalPBX Dashboard, navigate to Admin:Security:Firewall:WhiteList. Enter each of your IP addresses from step #3 and click Save button.

5. From the VitalPBX Dashboard, navigate to Admin:Security:Intrusion Detection:WhiteList. Enter each of your IP addresses from step #3 and click Save button.

6. Modify the default SSH port by logging in to your server as root and issuing the following commands using the year you were born in the first line replacing 2000:

sed -i 's|#Port 22|Port 2000|' /etc/ssh/sshd_config
systemctl restart sshd

 
7. From the VitalPBX Dashboard, navigate to Admin:Security:Firewall:Services. Change the SIP port to 5080 or some other port number not in the 5060-5065 range. Change the SSH port to a 4-digit number matching the year you were born. Click Save button. Monitor your SSH log for attempted breaches and change your port if necessary:

cat /var/log/secure | grep password

 
8. Verify that you can log back into your server with SSH using the new SSH port number you assigned in step #6: ssh -p 2000 root@server-IP-address

9. From the VitalPBX Dashboard, navigate to Admin:Security:Firewall:Rules. Delete the HTTP and HTTPS items by clicking the Trash icon beside each entry. In the GENERAL tab, set Block ICMP Requests to YES. Click Save button. This blocks web access to everyone except those you’ve whitelisted in step #4 above. If you ever lock yourself out of web access, login to your server as shown in step #8 and temporarily whitelist the public IP address desired. This gets removed automatically the next time you save your Firewall settings from within the VitalPBX GUI.

iptables -A vpbx_white_list -s 12.34.56.78 -j ACCEPT

10. Before we get too far along, let’s put another layer of security in place for your new server. We’re going to add the VoIP Blacklist which blocks about 100,000 bad guys from around the globe. We’ll also add a cron job to update the blacklist every night. Log back into your server as root and issue these commands to put the pieces in place and enable the VoIP Blacklist.

TIP: The cron job below is scheduled to run at 20 minutes after 3 a.m. Change the time to something else so we don’t all bombard the VoIP Blacklist site for downloads at exactly the same time every night.

cd /etc
wget http://incrediblepbx.com/voipbl-firewalld.tar.gz
tar zxvf voipbl-firewalld.tar.gz
rm -f voipbl-firewalld.tar.gz
echo "20 3 * * * root /etc/update-voipbl.sh >/dev/null 2>&1" >> /etc/crontab
/etc/update-voipbl.sh

11. From the VitalPBX Dashboard, navigate to Admin:Add-Ons:Add-Ons. Click Check Online button. Click Install button beside Custom Contexts. Click Install button beside Phonebooks. Click Install button beside Domotic.

12. From the VitalPBX Dashboard, navigate to Settings:Tech Settings:SIP Settings.

  a. In the GENERAL tab, set the Bind Address port to 5080 or whatever port you chose in step #7 above. This is the port number together with the FQDN of your PBX (set in the next step) that any SIP phone will need to successfully register to an extension.

  b. In the SECURITY tab, set Allow Guest to NO, set Auto-Domain to NO, set Allow External Domains to NO, and enter a fully-qualified domain name (FQDN) pointing to the IP address of your server in the Domain field. We cannot stress enough how important this FQDN is to the security of your cloud-based server. It limits SIP registrations to this FQDN only, and all SIP registration attempts by IP address are automatically blocked. Don’t skip this step!

  c. In the NETWORK tab, enter the IP address of your server in External Address. Click the ADD button in the Local Networks section and enter the private IP addresses associated with your LAN and VPN, e.g. 192.168.0.0/255.255.0.0 and 10.0.0.0/255.240.0.0. Change NAT to Force,Comedia if your server is behind a NAT-based router.

  d. In the CODECS tab, enable ULAW, ALAW, G722, and G729.

  e. In the OTHERS tab, set SRV LOOKUPS to Yes. Click SAVE button.

13. From the VitalPBX Dashboard, navigate to Settings:Tech Settings:Profiles. Click Show All Profiles bar and choose Default PJSIP Profile. In the GENERAL tab, set the following entries to YES: Force rport, Rewrite Contact, Direct Media, RTP Symmetric, and Send Diversion Header. Click UPDATE button.

14. From the VitalPBX Dashboard, navigate to PBX:Applications:Parking. Click Show All Parking Profiles bar and choose Default. Change Code from 700 to 7000 and click Update button. This changes your Parking Lot extensions to the 7000 range so that 700 range can be used for Extensions, just like other versions of Incredible PBX.

15. Log out of your Dashboard and then log back in so that the menus get refreshed with the Custom Contexts addition.

16. From the VitalPBX Dashboard, navigate to PBX:Applications:Custom Contexts. Create the new sample IVR context with the following entries. Then click Save button.

  • Description: IncrediblePBX
  • Context: incrediblepbx
  • Extension: s
  • Priority: 1
  • Destination: Terminate Call -> Hangup

17. From the VitalPBX Dashboard, navigate to PBX:Applications:Custom Applications. Create the custom application for the sample IVR and Save it.

  • Code: 3366
  • Name: DEMO
  • Enabled: YES
  • Destination: Custom Contexts -> IncrediblePBX

18. From the VitalPBX Dashboard, navigate to PBX:Applications:Conferences. Create the new sample conference application and Save it.

  • Code: 2663
  • Description: CONF
  • Music on Hold When Empty: YES
  • User Count: YES
  • Announce Join/Leave: YES
  • Announce Only User: YES
  • User PIN: 1234
  • Leader PIN: 4321
  • Drop Silence: YES

19. If you didn’t read last week’s article on Custom Contexts, now would be a good time to do so. Here are the commands to put all those pieces in place on your new cloud-based server:

cd /
yum -y install dialog wget nano tar mailx
cp -p /etc/crontab /etc/crontab.bak
wget http://incrediblepbx.com/incrediblepbx-vitalpbx.tar.gz
tar zxvf incrediblepbx-vitalpbx.tar.gz
rm -f incrediblepbx-vitalpbx.tar.gz
chown asterisk:asterisk /var/lib/asterisk
cd /etc/asterisk/ombutel
echo "[cos-all-custom](+)" >> extensions__80-custom.conf
echo "exten => 412,1,NoOp(Voice Dialer)" >> extensions__80-custom.conf
echo " same => n,Answer" >> extensions__80-custom.conf
echo " same => n,Goto(incrediblepbx,1,1)" >> extensions__80-custom.conf
echo " same => n,Hangup()" >> extensions__80-custom.conf
echo "" >> extensions__80-custom.conf
echo "exten => 951,1,NoOp(News)" >> extensions__80-custom.conf
echo " same => n,Answer" >> extensions__80-custom.conf
echo " same => n,Goto(incrediblepbx,5,1)" >> extensions__80-custom.conf
echo " same => n,Hangup()" >> extensions__80-custom.conf
echo "" >> extensions__80-custom.conf
echo "exten => 947,1,NoOp(Weather by ZIP)" >> extensions__80-custom.conf
echo " same => n,Answer" >> extensions__80-custom.conf
echo " same => n,Goto(incrediblepbx,6,1)" >> extensions__80-custom.conf
echo " same => n,Hangup()" >> extensions__80-custom.conf
echo "" >> extensions__80-custom.conf
echo "exten => 3172,1,NoOp(DISA Voice Dialer)" >> extensions__80-custom.conf
echo " same => n,Answer" >> extensions__80-custom.conf
echo " same => n,Goto(incrediblepbx,9,1)" >> extensions__80-custom.conf
echo " same => n,Hangup()" >> extensions__80-custom.conf
echo "" >> extensions__80-custom.conf
echo "exten => 4747,1,NoOp(Wolfram Alpha)" >> extensions__80-custom.conf
echo " same => n,Answer" >> extensions__80-custom.conf
echo " same => n,Goto(incrediblepbx,3,1)" >> extensions__80-custom.conf
echo " same => n,Hangup()" >> extensions__80-custom.conf
echo "" >> extensions__80-custom.conf
echo "exten => 8463,1,NoOp(Time of Day)" >> extensions__80-custom.conf
echo " same => n,Answer" >> extensions__80-custom.conf
echo " same => n,Goto(incrediblepbx,*,1)" >> extensions__80-custom.conf
echo " same => n,Hangup()" >> extensions__80-custom.conf
echo "" >> extensions__80-custom.conf
echo "exten => 53669,1,NoOp(Lenny)" >> extensions__80-custom.conf
echo " same => n,Answer" >> extensions__80-custom.conf
echo " same => n,Goto(incrediblepbx,53669,1)" >> extensions__80-custom.conf
echo " same => n,Hangup()" >> extensions__80-custom.conf
echo "" >> extensions__80-custom.conf
echo "exten => 86329,1,NoOp(Today in History)" >> extensions__80-custom.conf
echo " same => n,Answer" >> extensions__80-custom.conf
echo " same => n,Goto(incrediblepbx,7,1)" >> extensions__80-custom.conf
echo " same => n,Hangup()" >> extensions__80-custom.conf
echo "" >> extensions__80-custom.conf
systemctl restart asterisk
chown asterisk:asterisk /var/lib/asterisk
chown asterisk:apache /var/lib/asterisk/agi-bin

20. Create new Extensions for your PBX by navigating to PBX:Extensions:Extensions. You only need to fill in the Extension, Name, and Email Address fields. We recommend extension numbers beginning with 701. If the extension will be used from a phone behind a NAT-based router, change the NAT entry to Force,Comedia. If the phone associated with the extension has a static IP address, enter it in the Permit field for an extra layer of security. In the VOICEMAIL tab, you will note that voicemail is enabled by default with a password matching the extension number. This forces the user to set the voicemail password the first time they access voicemail with their phone. We recommend the YES setting for Attach Voicemail, Ask Password, Say CID, Say Duration, and Envelope. Then press SAVE.

21. Once you have created your extensions, you can create Ring Groups to assign multiple extensions and external numbers to a designated number which will ring all of the extensions and external numbers in the ring group either simultaneously or serially. Navigate to PBX:Call Center:Ring Groups to set this up.

22. Trunk Setup. While we don’t recommend it, if you just want to play around with some toll-free calls using option 1 in the DEMO IVR to see how everything works, here’s a simple trunk setup to get you started. First, navigate to Settings:Telephony:Channel Groups and save a group named Default with no entries. Then navigate to PBX:External:Trunks:CUSTOM. Create TollFree trunk with this Dial String: SIP/1${EXTEN}@ovh.starcompartners.com. No other entries are required. Click SAVE and reload your dialplan. Finally, create an Outbound Route for these calls in PBX:External:Outbound Routes like this:

  • Description: TollFree
  • Trunks: TollFree
  • Dial Pattern: Pattern=NXXNXXXXXX

Save your settings and reload the dialplan. You now can skip down to step #25. NOTE: You will not be able to receive outside calls or make calls to numbers other than toll-free ones.

Our preference is that you use our Platinum Provider, Skyetel, for your default trunk and DID because they offer quadruple redundancy so you never miss a call. Sign up for Skyetel service and take advantage of the Nerd Vittles specials which include a $10 credit to kick the tires. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request the $10 credit for your account by referencing the Nerd Vittles special offer. Once you are satisfied with the service, fund your account as desired, and Skyetel will match your deposit of up to $250 simply by opening another ticket. That gets you up to $500 of half-price calling. You can also port in your DIDs at no cost for 60 days after funding your account. Credit is limited to one per person/company/address/location.

We don’t recommend trunk registrations with a publicly exposed server because it creates a potential attack vector for intruders and any intrusion would be undetectable from the PBX since the attacker could make unauthorized calls after registering directly with your SIP provider. For this reason, Skyetel does not use SIP registrations to make connections to your PBX. Instead, Skyetel utilizes Endpoint Groups to identify which servers can communicate with the Skyetel service. An Endpoint Group consists of a Name, an IP address, a UDP or TCP port for the connection, and a numerical Priority for the group. For incoming calls destined to your PBX, DIDs are associated with an Endpoint Group to route the calls to your PBX. For outgoing calls from your PBX, a matching Endpoint Group is required to authorize outbound calls through the Skyetel network. Thus, the first step in configuring the Skyetel side for use with your PBX is to set up an Endpoint Group. Here’s a typical setup for Incredible PBX 16 for VitalPBX:

  • Name: IncrediblePBX
  • Priority: 1
  • IP Address: IncrediblePBX-Public-IP-Address
  • Port: 5062
  • Protocol: UDP
  • Description: my.incrediblepbx.com

To receive incoming PSTN calls, you’ll need at least one DID. On the Skyetel site, you acquire DIDs under the Phone Numbers tab. You have the option of Porting in Existing Numbers (free for the first 60 days after you sign up for service and fund your account) or purchasing new ones under the Buy Phone Numbers menu option.

Once you have acquired one or more DIDs, navigate to the Local Numbers or Toll Free Numbers tab and specify the desired SIP Format and Endpoint Group for each DID. Add SMS/MMS and E911 support, if desired. Call Forwarding and Failover are also supported. That completes the VoIP setup on the Skyetel side. System Status is always available here.

If you’d like additional details on why we recommend Skyetel, see this Nerd Vittles article.

On the VitalPBX side, we need to add a new Skyetel trunk. Navigate to PBX:External:Trunks:PJSIP. The VitalPBX Trunk setup should look like the following for Skyetel. If you’d like to cut-and-paste the entries for the Match field, here you go:

52.41.52.34,52.8.201.128,52.60.138.31,50.17.48.216,35.156.192.164



In Admin:Security:Firewall:WHITELIST, you’ll need to individually Add the five Skyetel IP addresses used in the Match field above and then SAVE your firewall settings.

Finally in PBX:Incoming Calls:CID Modifiers, add a new entry for Skyetel with Skip/Length = 2/10 and Save your settings.

23. Before your PBX can receive calls, you’ll need at least one Inbound Route. This tells the PBX how to route calls from one or more phone numbers (DIDs) that you own to a destination on your PBX, e.g. an extension, a ring group, an IVR, or custom context. Navigate to PBX:External:Inbound Routes to get started. Let’s set up a default inbound route for all the DIDs you have acquired from Skyetel in step #22. Fill in the fields shown below. Then SAVE.

  • Routing Method: Default
  • Description: Default Skyetel
  • DID Pattern: [leave blank for ALL DIDs]
  • CallerID Modifier: Skyetel
  • Inbound Destination: Custom Contexts -> IncrediblePBX

24. Before you can make outbound calls from extensions on your PBX, you’ll need at least one Outbound Route. This tells the PBX which provider to use to complete calls dialed with a certain sequence of numbers. For example, you probably would want 10-digit numbers routed to Skyetel. And, if users dial 1 and then a 10-digit number, you’d probably want those calls routed to Skyetel as well. To create this outbound route, navigate to PBX:External:Outbound Routes. Fill in the fields shown below. Click ADD to add a second Dial Pattern. Click SAVE and Reload Dialplan when finished.

NOTE: While you can "spoof" any CallerID number here, it is only legal to assign CallerID numbers that you actually own. Most carriers do not forward CallerID names to destinations regardless of what you enter here. The CallerID name and number will be shown in your CDR logs: Reports:CDR Reports:CDR.

  • Description: Skyetel-OUT
  • Trunks: Skyetel
  • Outbound CID: [Your Name and CallerID Number]
  • Overwrite CID: YES
  • Dial Pattern: Prepend=1 Pattern=NXXNXXXXXX
  • Dial Pattern: Pattern=1NXXNXXXXXX

25. For the time being, we strongly recommend disabling IPv6 simply because we don’t have the necessary confidence that all of the security mechanisms are in place for IPv6. Here’s how on the CentOS 7 platform:

echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
sysctl -p
sed -i 's|#AddressFamily any|AddressFamily inet|' /etc/ssh/sshd_config
systemctl restart sshd
sed -i 's|inet_protocols = all|inet_protocols = ipv4|' /etc/postfix/main.cf
systemctl restart postfix

 
26. Outbound email functionality is essential on your PBX. You’ll need it to be alerted to potential issues with VitalPBX, and you’ll need it for delivery of voicemail messages to users. There are a couple ways to implement it, and both are easy. If you want to use the native capabilities of Postfix to send the emails assuming your provider is not blocking outbound SMTP mail from downstream servers, then follow these steps:

  • Insert your FQDN from step #12b into /etc/hosts immediately after 127.0.0.1
  • Replace the contents of /etc/hostname with the same FQDN
  • Issue the following command using your actual FQDN: hostname FQDN
  • Sending yourself an email: echo "test" | mail -s test you@your-domain.com

If you don’t receive the test email message, then the easiest solution is to configure PostFix as an SMTP Relay using a Gmail account. You can do this easily from within the VitalPBX GUI. Navigate to Admin:System Settings:Email Settings and click the External Mail Server tab. Be sure that Gmail is selected and enter your Gmail name and password in the fields provided. Save your settings and send yourself an email using the field provided.

27. Once you get outbound email flowing, jump down to the next section and obtain IBM TTS and STT passwords. Now set up Voicemail Transcription with Email Message Delivery:

  a. After logging into your VitalPBX server as root using SSH/Putty:

cd /tmp
mkdir sendmail
cd sendmail
wget http://incrediblepbx.com/sendmailibm-vitalpbx.tar.gz
tar zxvf sendmailibm-vitalpbx.tar.gz
rm -f sendmailibm-vitalpbx.tar.gz
mv usr/sbin/sendmailibm /usr/sbin
cd /etc/asterisk/ombutel
echo "[general](+)" > voicemail__60-1-transcript.conf
echo "; format=wav|wav49|gsm" >> voicemail__60-1-transcript.conf
echo "mailcmd=/usr/sbin/sendmailibm" >> voicemail__60-1-transcript.conf
chown apache:apache voicemail__60-1-transcript.conf
rm -rf /tmp/sendmail

 
  b. Restart Asterisk core services: asterisk -rx "core reload"

  c. Edit /usr/sbin/sendmailibm and insert your IBM Watson STT APIkey on line 23. Change the language on line 31 if you don’t want en-US. Then save the file.

  d. Log back into the VitalPBX GUI and configure the extensions desired for email delivery of voicemail. For each extension in PBX:Extensions:General, enter an Email Address for delivery of voicemails. In PBX:Extensions:Voicemail, verify the VM settings from step #20.

28. We hesitate to even mention (free) Festival TTS as a text-to-speech alternative because it is so bad compared to IBM TTS. But for those that like always free, here’s how to install it. Once installed, you can issue Festival commands in your dialplan using the keyword Festival followed by the text to be spoken in parentheses.

yum -y install festival
echo "[general]" > /etc/asterisk/festival.conf
asterisk -rx "dialplan reload"
festival_server &
systemctl restart asterisk
echo "/usr/bin/festival_server &" >> /etc/rc.d/rc.local

 

29. If you’d like to test the performance of your cloud-based server, here’s how to deploy and run SpeedTest:

cd /root
wget -O speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
chmod +x speedtest-cli
/root/speedtest-cli

 
30. Associating CallerID Names (CNAM) with inbound calls for display on SIP phones and in the CDR logs is an often-requested PBX feature. There are a few ways to do it. First, for less than a penny a call, you can activate the feature with your DIDs in the Skyetel Dashboard. Or, for about half the cost, you can acquire an OpenCNAM account and activate it in VitalPBX by navigating to PBX:Incoming Calls:CID Lookup. Choose OpenCNAM as the Source and enter your credentials. Then SAVE your settings and reload the dialplan. Then, for each of your Inbound Routes, add OpenCNAM as the CID Lookup source and Update your configuration.

31. Unless you want a full-time job monitoring the size of your logs, remove the fail2ban Asterisk log which grows every 5 seconds. Navigate to Settings:PBX Settings:Log Files and click the Trash icon beside fail2ban. It’s probably a good idea to turn OFF the Notice option for the full log while you’re at it. Then SAVE your changes.

32. Before you do anything else, navigate to Admin:Admin:Backup & Restore, configure and run a Full Backup, and then download the file and keep it in a safe place. Be advised that Backup/Restore doesn’t restore Add-Ons, /var/lib/asterisk/agi-bin, custom contexts (extensions__80*.conf) in /etc/asterisk/ombutel, custom MySQL databases (mysqldump -u root yourDB > yourDB.sql), custom and lenny sound directories in /var/lib/asterisk/sounds, phpMyAdmin, /usr/local/sbin, and /etc/crontab.

Obtaining IBM Watson TTS and STT Credentials

Incredible PBX uses IBM Watson® for TTS and STT support. This Nerd Vittles tutorial will walk you through getting your IBM account set up and obtaining both your TTS and STT credentials. Be sure to write down BOTH sets of credentials which you’ll need in a minute. For home and SOHO use, IBM access and services generally is FREE even though you must provide a credit card when signing up. Details are provided when you sign up. If you ever forget your passwords, you can retrieve them by navigating to Resource List:Services:TTS or STT:View Full Details:Show Credentials.

Obtaining Wolfram Alpha Credentials

When people ask what exactly Wolfram Alpha is, our favorite answer was provided by Ed Borasky.

It’s an almanac driven by a supercomputer.

That’s an understatement. It’s a bit like calling Google Search a topic index. Unlike Google which provides links to web sites that can provide answers to queries, Wolfram Alpha provides specific and detailed answers to almost any question. Here are a few examples (with descriptions of the functionality) to help you wrap your head around the breadth of information. For a complete list of what’s available, visit Wolfram Alpha’s Examples by Topic. Type a sample query here. Some of our favorites include:

Weather in Charleston South Carolina
Weather forecast for Washington D.C.
Next solar eclipse
Otis Redding
Define politician
Who won the 1969 Superbowl? (Broadway Joe)
What planes are flying overhead now? (flying over your server’s location)
Ham and cheese sandwich (nutritional information)
Holidays 2012 (summary of all holidays for 2012 with dates and DOW)
Medical University of South Carolina (history of MUSC)
Star Trek (show history, air dates, number of episodes, and more)
Apollo 11 (everything you ever wanted to know)
Cheapest Toaster (brand and price)
Battle of Gettysburg (sad day 🙂 )
Daylight Savings Time 2012 (date ranges and how to set your clocks)
Tablets by Motorola (pricing, models, and specs from Best Buy)
Doughnut (you don’t wanna know)
Snickers bar (ditto)
Weather (local weather at your server’s location)

Before you can actually use our TTS implementation of Wolfram Alpha, you’ll need to obtain a free Wolfram Alpha account. As you can imagine, there have to be some rules when you’re using someone else’s supercomputer for free. So here’s the deal. It’s free for non-commercial, personal use once you sign up for an account. But you’re limited to 2,000 queries a month which works out to almost 70 queries a day. Every query requires your personal application ID, and that’s how Wolfram Alpha keeps track of your queries. Considering the price, we think you’ll find the query limitation generous compared to other web resources.

To get started, sign up for a free Wolfram Alpha API account. Just provide your email address and set up a password. It takes less than a minute. Log into your account and click on Get An App ID. Make up a name for your application and write down (and keep secret) your APP-ID code. That’s all there is to getting set up with Wolfram Alpha. If you want to explore costs for commercial use, there are links to let you get more information.

Configuring Your Incredible PBX Credentials

In addition to your Wolfram Alpha APPID, there are two sets of IBM credentials to plug into the Asterisk AGI scripts. Keep in mind that there are different passwords for the IBM Watson TTS and STT services. The TTS credentials will look like the following: $IBM_password. The STT credentials look like this: $API_PASSWORD. Don’t mix them up. The username for both TTS and STT is now the single word: apikey

All of the scripts requiring credentials are located in /var/lib/asterisk/agi-bin so switch to that directory after logging into your server as root. Edit each of the following files and insert your TTS credentials in the variables already provided: nv-today2.php, ibmtts.php, and ibmtts2.php. Edit each of the following files and insert your STT credentials in the variables already provided: getquery.sh, getnumber.sh, and getnumber2.sh. Finally, edit 4747 and insert your Wolfram Alpha APPID.

If you ever want to learn how to develop applications for Asterisk, these scripts coupled with the dialplan code included in /etc/asterisk/ombutel/extensions__80-1-incrediblepbx.conf will point you in the right direction with easy to follow examples.

Managing the AsteriDex SQLite3 Database

We’ve alluded to the AsteriDex database in a couple of VitalPBX articles but never mentioned how to access it. Using a browser, point it to http://server-ip/asteridex4. You can add, edit, display, and delete entries from there. Before you can make changes in the database, issue the following command after logging into your server as root:

chown asterisk:apache /var/lib/asterisk/agi-bin

Taking Incredible PBX for a Test Drive

You can take Incredible PBX for VitalPBX on a test drive in two ways. You can call our server, and then you can try things out on your own server and compare the results. Call our IVR by dialing 1-843-606-0555. For our international friends, you can use the following SIP URI for a free call: 10159591015959@atlanta.voip.ms. For tips on setting up your own secure, hybrid SIP URI with VitalPBX, see our original tutorial. The FreePBX® setup is virtually identical except for the location of the custom SIP setting for match_auth_username=yes. On a VitalPBX server, you will enter it here: Settings:Technology Settings:SIP Settings:CUSTOM.

With Allison’s Demo IVR, you can choose from the following options:

  • 0. Chat with Operator — connects to extension 701
  • 1. AsteriDex Voice Dialer (412) – say "Delta Airlines" or "American Airlines" to connect
  • 2. Conferencing (2663) – log in using 1234 as the conference PIN
  • 3. Wolfram Alpha Almanac (4747) – say "What planes are flying overhead now?"
  • 4. Lenny (53669) – The Telemarketer’s Worst Nightmare
  • 5. Today’s News Headlines (951) — courtesy of Yahoo! News
  • 6. Weather by ZIP Code (947) – enter any 5-digit ZIP code for today’s weather
  • 7. Today in History (86329) — courtesy of OnThisDay.com
  • 8. Call Extension 701 — on your local PBX
  • 9. DISA Voice Dialer (3172) — say any 10-digit number to be connected
  • *. Current TIME and Date (8463) — courtesy of VitalPBX

CAUTION: We have intentionally disabled outbound calls using Option #9 and redirected callers to Lenny. The reason is that an unscrupulous caller could easily run up your phone bill by entering a number with expensive destination charges. If you wish to enable the feature, despite the risks, you can edit extensions__80-1-incrediblepbx.conf and make the change.

You can call your own IVR in a few ways. From an internal VitalPBX phone, dial D-E-M-O (2663) to be connected. Or simply dial the number of the DID you routed to the Incredible PBX Custom Context. Local users can also dial the individual feature codes shown in parentheses above. Be sure that you heed AND test the CAUTION documented above.

Originally published: Monday, October 21, 2019





Need help with VitalPBX? Visit the VitalPBX Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: RentPBX, Amazon, Skyetel, Vitelity, DigitalOcean, Vultr, Digium, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls plus quadruple data center redundancy assures that you’ll never have a failed call. Tutorial and sign up details are here.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Print Friendly, PDF & Email

Be Sociable, Share!

Tags:

This article has 1 comment

  1. I built this twice in Digital Ocean at the $5 level, both times when I get near the end of your instructions and then add a few IPs from the Skyetel site the whole systems hangs and is not recoverable. I wonder if the 1 cpu-1g ram is too small or any ideas?

    [WM: I don’t think it’s a RAM issue. Please post this on the PIAF Forum. We’ll need some additional information. Thanks.]

Leave a comment

Your email address will not be published. Required fields are marked *

*