Orgasmatron 5.2: The Secure Swiss Army Knife for Asterisk

It’s been an exciting couple of weeks watching the overwhelmingly positive response to our release of Orgasmatron 5.1. With this version, we introduced a new Asterisk® security model that took into account the ever-increasing security risks posed by exposing web and telephony servers to direct Internet access. The bottom line is this. If your telecom requirements still can be accomplished by placing a server securely behind a $35 hardware-based Internet firewall with no Internet exposure, then it makes absolutely no sense to dangle such a tempting target in front of the world’s most nefarious creeps.

News Flash: Incredible PBX 4.0 is now available with FreePBX 2.10 support!

Coming January 19: Incredible PBX 11 & Incredible Fax for Asterisk 11 and FreePBX 2.11

Our experience suggests that the only trade off with this new approach is the inability to receive anonymous SIP calls… a small price to pay considering the potential financial and computer risks involved. You still can place outbound VoIP calls as well as placing and receiving calls using any of the phone numbers registered on your new PBX in a Flash server. And, thanks to Google Voice, SIPgate, and IPkall, all inbound calls are free, and all outbound calls to numbers in the U.S. and Canada are free as well.

If a SIP URI and your own Freenum/ISN number are simply features you can’t live without, sign up for a voip.ms IAX account, and you’ll get a SIP URI for free. Inbound SIP URI and Freenum/ISN calls will set you back $1 for every 1,000 minutes billed in 6 second increments.

Or you can sign up for a free IP Freedom CallCentric account and configure a new SIP trunk in FreePBX by following these directions. Once configured, your new server SIP URI will be 1777xxxxxxx@in.callcentric.com where xxxxxxx is your assigned 7-digit CallCentric number.

Keep in mind that a new security vulnerability has been found with either Asterisk or FreePBX almost monthly. The chart below tells you why. With virtually limitless attack surfaces because of the number of interrelated components in CentOS, Asterisk, and FreePBX comes enormous and recurring potential for remote compromise of these systems. Rather than play this cat-and-mouse security game with the underworld, the Orgasmatron design changes the paradigm. It lets you use any (secure or insecure) version of Asterisk and FreePBX without worrying about any outside attacks. Do passwords on your new server matter? Not really… unless there is someone inside your firewall that you don’t trust. :roll: Are we going to secure them anyway? Absolutely. But instead of the constant worry over new security vulnerabilities, Orgasmatron 5.2 lets you enjoy exploring the world of Asterisk and VoIP telephony with an incredibly rich feature set that you won’t find anywhere else, period! We’ll resist making any other device analogies, but the idea here is to protect the good guy (you!) while keeping the bad guys out. No penetration. No worries. Simple as that.

In our former life working for a living, we actually procured and managed multimillion dollar PBXs as part of our “other duties as assigned.” Without qualification, we can tell you that the feature set that Orgasmatron 5.2 brings to the table for free runs circles around anything you could buy (then or now) in the commercial marketplace. And, at one time or another, we purchased every Nortel feature good money could buy. There’s one other difference. Orgasmatron 5.2 runs swimmingly on a $200 Atom-based PC that you can purchase at any Best Buy as well as hundreds of other stores including Amazon, NewEgg, and Buy.com. We paid more than $200 to provision an additional extension on our Nortel switch! You, of course, can add as many extensions as you like. De nada.

So, why a new version of Orgasmatron in only a few weeks? Well, it’s not security-related. In fact, there is nothing wrong with continuing on with Orgasmatron 5.1. Unfortunately, it relied exclusively upon SIPgate to make free Google Voice calls in the U.S. and Canada. And SIPgate required an invite using an SMS message from a U.S.-based cellphone. That pretty well knocked out all of our friends living outside the United States. Today’s version fixes that by letting anyone sign up for a free IPkall phone number in Washington state. All you need is a valid email address. The setup process is a bit more complex because IPkall doesn’t support registered connections to their servers. But we’ll walk you through the additional steps and, once completed, your server will be just as secure as the SIPgate approach we set up with Orgasmatron 5.1. And few, if any, Linux skills are required to set up or manage Orgasmatron 5.2. As we’ve noted previously, if you can handle slice and bake cookies, you’ve got the necessary skillset! Be aware this is about a one-hour project, and you need to track through the article carefully, or the entire house of cards comes down.

New Asterisk Security Model. Orgasmatron 5.2 maintains our design goal of running an absolutely secure Asterisk PBX from behind a hardware-based firewall with either NO INBOUND PORTS exposed to the Internet with SIPgate or an IP-address-restricted IAX port for IPkall. Don’t defeat this security mechanism by exposing additional ports on your PBX in a Flash server to Internet access. And choose your NAT-based firewall/router carefully. All of these devices are not created equally. Not only do some perform better than others, but certain models are notoriously bad at handling NAT-based routing tasks, a critical requirement in the Asterisk VoIP environment. In almost every case of problems with one-way audio, the real culprit can be traced back to a crappy router. For $35, you really can’t go wrong with the dLink WBR-2310. If you want traffic shaping functionality as well, take a look at dLink’s Gaming Router, our personal favorite.

As long as your router, Google Voice, SIPgate, and IPkall passwords are secure, you can sleep like a baby. We use an intermediate SIP provider for Google Voice to set up free outbound Google Voice calls in the U.S. and Canada because Google Voice actually places two calls to connect you to your destination. First, you get a call back. And then the party you’re calling is connected. The SIPgate or IPkall trunk is used by Google Voice to call you back so the inbound call is always free. We handle the interconnection magic with Asterisk transparently so your calls appear to be processed as if you were using a standard telephone to dial out. Just refrain from using extension 75 in Asterisk for personal conferencing!

The choice is yours. You can use SIPgate with no incoming ports exposed to your server from the Internet. Or you can use IPkall and map UDP port 4569 (IAX2) on your hardware-based firewall to the internal IP address of your new PBX in a Flash server. Even with the IPkall setup, we’ve locked down IPtables (our Linux firewall) to restrict IAX access to several specific IP addresses so your server remains absolutely secure. We’ve also included support for FonicaTec’s IAX offering for those that want a backup IAX provider. We’ll have much more to say about IPtables in coming weeks.

If you’ve already installed Orgasmatron 5.1 and it’s working for you, do you need to upgrade? NO. With the exception of the new IAX support for IPkall, the code in Orgasmatron 5.2 is identical.

We, of course, continue to recommend that you sign up with Vitelity so you have an alternate communications vehicle in the event of a problem with your free service. Vitelity also can provide 911 emergency service for your home or home office. You can save a little money while supporting the PBX in a Flash project by using the links at the end of this article.

Swiss Army Knife Inventory. There’s no need for a Swiss Army Knife if you don’t know what all the blades are for. So, for those that are wondering what’s included in the Orgasmatron 5.2 build, here’s a feature list of the components you get in addition to the base PBX in a Flash build with CentOS 5.4, Asterisk 1.4, FreePBX 2.6, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Please note that A2Billing, Cepstral TTS, Hamachi VPN, and Mondo Backups are optional and may be installed using the scripts that are provided.

Prerequisites. Here’s what you’ll need to get started:

  • Broadband Internet connection
  • Rock-solid NAT router/firewall. Recommend: $35 dLink WBR-2310
  • $200 PC on which to run PBX in a Flash or a Proxmox Virtual Machine
  • Free Google Voice account (HINT: Under $2 on eBay)
  • Free SIPgateOne residential account (Use cell to get SMS invite) OR
  • Free IPkall IAX account

Learn First. Install Second. Even though the installation process is now a No-Brainer, you are well-advised to do some reading before you begin. VoIP PBX systems have become a favorite target of the hackers and crackers around the world and, unless you have an unlimited bank account, you need to take some time learning where the minefields are in today’s VoIP world. Start by reading our Primer on Asterisk Security. Then read our PBX in a Flash and VPN in a Flash knols. If you’re still not asleep, there’s loads of additional documentation on the PBX in a Flash documentation web site.

Today’s Drill. The installation process is straight-forward, but a little different than the Orgasmo 5.1 scenario because of the need to accommodate IPkall. Just don’t skip any steps. In a nutshell, here are the 6 Steps to Free Calling and an incredibly versatile, preconfigured Asterisk PBX:

1. Install the latest version of PBX in a Flash
2. Run the Orgasmatron 5.2 Installer
3. Configure a softphone or SIP telephone
4. Configure Providers for Orgasmatron 5.2
5. Enter your Google Voice and SIPgate/IPkall credentials
6. Change existing passwords to secure your system

Installing PBX in a Flash. Here’s a quick tutorial to get PBX in a Flash installed. We recommend you install the latest PIAF 1.6 beta on a new Atom-based PC. This beta is virtually identical to version 1.4 except it uses CentOS 5.4 instead of CentOS 5.2. This means it works better with newer hardware including Atom-based computers and newer network cards. Unlike other Asterisk aggregations, PBX in a Flash utilizes a two-step install process. The ISO only installs the CentOS operating system. Once installed, the server reboots and downloads a payload file that includes Asterisk, FreePBX, and many other VoIP and Linux utilities. We use the identical payload for versions 1.3, 1.4, 1.5, and 1.6 of PBX in a Flash. The beta label simply means we haven’t had time to sufficiently test CentOS. But this is not a Microsoft-style beta so fear not!

Download the 32-bit, PIAF 1.6 version from Google, SourceForge, Vitelity, Cybernetic Networks, or AdHoc Electronics. The MD5 checksum for the file is e8a3fc96702d8aa9ecbd2a8afb934d36. Burn the ISO to a CD. Then boot from the installation CD and type ksalt to begin.

WARNING: This install will completely erase, repartition, and reformat ALL disks on your system! Press Ctrl-C to cancel the install.

On some systems you may get a notice that CentOS can’t find the kickstart file. Just tab to OK and press Enter. Don’t change the name or location of the kickstart file! This will get you going. Think of it as a CentOS ‘feature’. :-)

At the keyboard prompt, tab to OK and press Enter. At the time zone prompt, tab once, highlight your time zone, tab to OK and press Enter. At the password prompt, make up a VERY secure root password. Type it twice. Tab to OK, press Enter. Get a cup of coffee. Come back in about 5 minutes. When the system has installed CentOS, it will reboot. Remove the CD promptly. After the reboot, choose A option. Have a 10-minute cup of coffee. After installation is complete, the machine will reboot a second time. Log in as root with your new password and execute the following commands:

update-scripts
update-fixes

When prompted, change the ARI password to something really obscure. You’re never going to use it! You now have a PBX in a Flash base install. On a stand-alone machine, it takes about 30 minutes. On a virtual machine, it takes about half that time.

NOTE: So long as your system is safely sitting behind a hardware-based firewall, we do NOT recommend running update-source on the Orgasmatron builds because of parking lot issues in the latest releases of Asterisk.

Running the Orgasmatron 5.2 Installer. Log into your server as root and issue the following commands to run the Orgasmatron 5.2 installer:

cd /root
wget http://pbxinaflash.net/orgasmo52.x
chmod +x orgasmo52.x
./orgasmo52.x

Have another 15-minute cup of coffee. It’s a great time to consider a modest donation to the Nerd Vittles project. You’ll find a link at the top of the page. When the installer finishes, READ THE SCREEN!

Now run passwd-master1. Set your FreePBX passwords to something very secure but different from your Linux root password.

Next, type status2 and press Enter. Write down the IP address of your new server.

If you’re using IPkall, now’s the time to log in to your hardware-based firewall/router and map UDP port 45693 to the private IP address that you just wrote down. This tells your firewall to pass all IAX2 traffic from the Internet directly to your new server. Don’t worry. We have severely restricted which IP addresses can actually send IAX data through the PBX in a Flash IPtables firewall which is an integral part of this build. And, remember, no hardware firewall adjustments are necessary if you’re using SIPgate instead of IPkall.

For good measure, we recommend you reboot your server at this point. The command to type is simple: reboot4

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you’ll want a real SIP telephone, and you’ll find lots of recommendations on Nerd Vittles. For today, let’s download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using 82812661 as the password for extension 701 and the actual IP address of your PBX in a Flash server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

Don’t Forget! After you change your extension passwords later in this tutorial, you will need to update the password entry in X-Lite, or you will no longer be able to place calls! In fact, you will get locked out of your server for 90 minutes after three failed password attempts. So put this on a sticky note so you don’t forget, or you’ll regret it in about 15 minutes.

Either a free SIPgate One residential phone number or an IPkall number is a key component in today’s project. And there’s really no reason you can’t use both if they’re available in your location. Do NOT use special characters in your provider passwords, or nothing will work! Continue reading whichever section below applies to you.

Configuring SIPgate. If you live in the U.S. and have a cellphone, we’d recommend the SIPgate option since no adjustment of your hardware-based firewall is required. Otherwise, skip to the IPkall setup below. Step #1 is to request a SIPgate invite at this link. You’ll need to enter your U.S. cellphone number to receive the SMS message with your invitation code. Don’t worry. You can erase your cellphone number from your account once it is set up. Once you receive the invite code, enter it and choose the option to set up a residential account. Next, choose a phone number and write it down. The area code really doesn’t matter because Google Voice is the only one that will be calling this number after we get things set up. For now, leave your cellphone number in place so that you can receive your confirmation call from Google Voice in the next step. After that, you’ll want to revisit SIPgate and remove all parallel calling numbers. Finally, click on the Settings link and write down your SIP ID and SIP Password. You’ll need these in a few minutes to configure PBX in a Flash. Now place a call to your new SIPgate number and make certain that your cellphone rings before proceeding.

Configuring IPkall. If you’ve opted to use IPkall, here’s the drill. First, you’ll need to register for a free IPkall number. This is actually a two-step process. Set it up as a SIP connection when you first register. Then we’ll change it to IAX once your new phone number is provided. So your initial IPkall request should look like this:

We recommend area code 425 for your requested number because IPkall appears to have lots of them. If they don’t have an available number, your request apparently goes in the bit bucket. You’ll know because IPkall typically turns these requests around in a few minutes. Don’t worry about the mothership entry. We’ll change it shortly. The other issue here is your public IP address. If you have a dedicated IP address, no worries. Just plug in the IP address for SIP Proxy. If it’s dynamic, then you’ll need to set up a fully-qualified domain name (FQDN) with a provider such as dyndns.com. Once you’ve got it set up, enter your credentials in the Dynamic DNS tab of your hardware-based firewall to assure that your dynamic IP address is always synchronized with your FQDN. Then enter the FQDN for your SIP Proxy address in the IPkall form. Be sure to make up a VERY secure password. Now send it off and wait for the return email with your new phone number.

When you receive your new phone number, you’ll need to revisit the IPkall site and log in with your phone number and the password you chose above. Make the changes shown below using your actual IPkall phone number instead of 4259876543:

It’s worth stressing that these settings are extremely important so check your work carefully. Be sure the IAX option is selected. Be sure there are no typos in your two phone number entries. And be sure your FQDN or public IP address is correct. Then save your new settings.

We’re going to be making some entries in FreePBX which is the web-GUI that manages PBX in a Flash. For now, we simply need to enter your new IPkall phone number so that incoming calls to your IPkall number will actually ring on your softphone. Later, we’ll make some further adjustments once we get Google Voice humming along.

Using a web browser from your desktop, log in to FreePBX 2.6 at the following link substituting your server’s private IP address for ipaddress: http://ipaddress/admin. You’ll be prompted for a user name (maint) and password (the one you just created with passwd-master).

When FreePBX loads, choose Setup, Trunks, ipkall (iax). In the USER Context field, enter your 10-digit IPkall phone number. Click Submit Changes, Apply Configuration Changes, Continue with Reload to save your settings.

TIP: Be aware that IPkall cancels an assigned phone number after 30 consecutive days of inactivity. If you will be using your number infrequently, it’s a good idea to schedule a Weekly Reminder to call the number with a prerecorded message. This will assure that your number stays functional.

Now let’s test your new phone number. Call your IPkall number from a cellphone or some other phone. Your softphone should ring. Answer the call, and be sure you have voice in both directions! Do not proceed without success here, or the rest of the adventure is a waste of your time.

Configuring Google Voice. Google Voice still is by invitation only so the first thing you’ll need is an invite. If you’re in a hurry, then stroll over to eBay where you’ll find lots of them for under $2. Once you have your invite in hand, click on the email link to set up your account. After you’ve chosen a telephone number, plug in your new SIPgate or IPkall number as the destination for your Google Voice calls and choose Office as the Phone Type. Trust us.

Google then will place a call to your number and ask you to enter a confirmation code that’s been provided. When your cellphone (SIPgate) or softphone (IPkall) rings, answer it and punch in the number. Wait for confirmation. Then hang up.

As we mentioned earlier, there’s no reason you can’t set up both SIPgate and IPkall forwarding numbers in Google Voice. Just repeat the drill with the other provider’s number if you wish to activate both numbers for use with Google Voice. They’re not both going to ring simultaneously as you will see in a minute.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Finally, place a test call to your new Google Voice number and be sure your cellphone or softphone rings. Don’t move forward until you’ve been able to successfully place a call to your phone by dialing your Google Voice number. Once this is working, revisit SIPgate and remove all parallel calling numbers including your cell number.

Adding Your Credentials to PBX in a Flash. We’re ready to insert your Google Voice credentials and SIPgate/IPkall number into PBX in a Flash. You’ll need four pieces of information: your 10-digit Google Voice phone number, your Google Voice account name (which is the email address you used to set up your GV account), your GV password (no spaces!), and your 11-digit SIPgate or IPkall RingBack DID (beginning with a 1). Don’t get the 10-digit GV number mixed up with the 11-digit SIPgate/IPkall RingBack DID, or nothing will work. :-)

Log back into your server as root and issue the following command: ./configure-gv. Check your entries carefully. If you make a typo in entering any of your data, press Ctrl-C to cancel the script and then run it again!!

Configuring FreePBX. Now shift back to your Desktop and, using a web browser, log in to FreePBX 2.6 at the following link substituting your actual IP address for ipaddress: http://ipaddress/admin. You’ll be prompted for a user name (maint) and password (the one you just created with passwd-master). Depending upon which intermediate provider you’re using, do the following:

SIPgate Setup. When FreePBX loads, choose Setup, Trunks, sipgate. In Peer Details, replace both instances of sipID with your actual SipGate SIP ID. In Peer Details, replace sipPassword with your actual SipGate SIP Password. In Register String, replace sipID with your SipGate SIP ID, replace sipPassword with your SipGate SIP Password, and replace 3333333333 with your 10-digit SipGate Phone Number. When finished, the Register String should look something like the following:

7004484f0:B8TTW3@sipgate.com/4155201234

Click Submit, Apply Configuration Changes, Continue with Reload to save your changes.

SIPgate and IPkall Setup. While still in FreePBX with your browser, click Setup, Inbound Routes, gv-ringback. In DID Number, replace 3333333333 with your 10-digit SIPGate or IPkall Phone Number. In CallerID Number, replace 7777777777 with your 10-digit Google Voice Number.

Click Submit, Apply Configuration Changes, Continue with Reload to save your changes.

Securing FreePBX. You’re almost done. While still in FreePBX, choose each of the 16 preconfigured extensions on your new server and change the extension AND voicemail passwords. Here’s the drill: Setup, Extensions, 501, Submit. After changing secret and Voicemail Password, repeat with the next extension number instead of 501. Then Apply Config Changes, Continue when you’ve finished with all of them.

Now change the default DISA password: Setup, DISA, DISAmain, PIN, Submit Changes, Apply Config Changes, Continue.

Don’t forget to adjust your X-Lite password to match the password entry you made for extension 701!

Orgasmatron Test Flight. The proof is in the pudding as they say. So let’s try two simple tests. First, from another phone, call your Google Voice number. Your softphone should begin ringing shortly. Answer the call and make sure you can send and receive voice on both phones. Hang up. Now let’s place an outbound call. Using the softphone, dial your cellphone number. Google Voice should transparently connect you. Answer the call and make sure you can send and receive voice on both phones. If everything is working, congratulations!

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. Save the file and restart Asterisk with the command: amportal restart.

Choosing a VoIP Provider. For this week, we’ll point you to some things to play with on your new server. Then, in the subsequent articles below, we’ll cover in detail how to customize every application that’s been loaded. Nothing beats free when it comes to long distance calls. But nothing lasts forever. So we’d recommend you set up another account with Vitelity using our special link below. This gives your PBX a secondary way to communicate with every telephone in the world, and it also gets you a second real phone number for your new system… so that people can call you. Here’s how it works. You pay Vitelity a deposit for phone service. They then will bill you $3.99 a month for your new phone number. This $3.99 also covers the cost of unlimited inbound calls (two at a time) delivered to your PBX for the month. For outbound calls, you pay by the minute and the cost is determined by where you’re calling. If you’re in the U.S., outbound calls to anywhere in the U.S. are a little over a penny a minute. If you change your mind about Vitelity and want a refund of the balance in your account, all you have to do is ask.

The VoIP world is new territory for some of you. Unlike the Ma Bell days, there’s really no reason not to have multiple VoIP providers especially for outbound calls. Depending upon where you are calling, calls may be cheaper using different providers for calls to different locations. So we recommend having at least two providers. Visit the PBX in a Flash Forum to get some ideas on choosing alternative providers.

Kicking the Tires. OK. That’s enough tutorial for today. Let’s play. Using your new softphone, begin your adventure by dialing these extensions:

  • D-E-M-O – Nerd Vittles Orgasmatron Demo (running on your PBX)
  • 1234*1061 – Nerd Vittles Demo via ISN FreeNum connection to NV
  • 17476009082*1089 – Nerd Vittles Demo via ISN to Google/Gizmo5
  • Z-I-P – Enter a five digit zip code for any U.S. weather report
  • 6-1-1 – Enter a 3-character airport code for any U.S. weather report
  • 5-1-1 – Get the latest news and sports headlines from Yahoo News
  • T-I-D-E – Get today’s tides and lunar schedule for any U.S. port
  • F-A-X – Send a fax to an email address of your choice
  • 4-1-2 – 3-character phonebook lookup/dialer with AsteriDex
  • M-A-I-L – Record a message and deliver it to any email address
  • C-O-N-F – Set up a MeetMe Conference on the fly
  • 1-2-3 – Schedule regular/recurring reminder (PW: 12345678)
  • 2-2-2 – ODBC/Timeclock Lookup Demo (Empl No: 12345)
  • 2-2-3 – ODBC/AsteriDex Lookup Demo (Code: AME)
  • Dial *68 – Schedule a hotel-style wakeup call from any extension
  • 1061*1061 – PBX in a Flash Support Conference Bridge
  • 882*1061VoIP Users Conference every Friday at Noon (EST)


Click above. Enter your name and phone number. Press Connect to begin the call.


Homework. Your homework for this week is to do some exploring. FreePBX is a treasure trove of functionality, and the Orgasmatron build adds a bunch of additional options. See if you can find all of them. For starters, you’ll want to activate CallerID Lookups in FreePBX. Choose Setup, CID Superfecta, Default and enter the maint password you created with passwd-master. Then choose Tools, Module Administration, CallerID Lookup, Enable, Process and Save the Settings. Then edit each of the Inbound Routes and choose CallerID Superfecta as the CID Lookup Source. Save your changes. Finally, choose Setup, CallerID Lookup Sources, CallerID Superfecta and be sure your maint password created with passwd-master is correct here, too. If not, update it. For additional tips, visit the forums.

Be sure to log into your server as root and look through the scripts added in the /root/nv folder. You’ll find all sorts of goodies to keep you busy. s3cmd.faq tells you how to quickly activate the Amazon S3 Cloud Computing service. And, if you’ve heeded our advice and purchased a PogoPlug, you can link to your home-grown cloud. Just add your credentials to /root/pogo-start.sh. Then run the script to enable the PogoPlug Cloud on your server. All of your cloud resources are instantly accessible in /mnt/pogoplug. It’s also perfect for off-site backups!

Also check out Tweet2Dial which lets you use Twitter to make Google Voice calls, send free SMS messages, and manage your new Asterisk server. Don’t forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. And add your new number to the Do Not Call Registry to block telemarketing calls. Or just call 888-382-1222 from your new number. Finally, try out the included Stealth AutoAttendant by dialing your own number and pressing 0 while the greeting is played. This will reroute your call to the demo applications option in the IVR.

Continue reading Part II.

Continue reading Part III.

Continue reading Part IV.

Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! We maintain a thread with the latest Patches for Orgasmatron 5.1 and 5.2. Please have a look. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of ordinary users just like you. So you won’t have to wait long for an answer to your questions.

Coming Attractions. In our next episode, we’ll walk you through the process of adding a second, third, fourth, and fifth Google Voice line to your server so that you’ll never run out of free calling on your server. Enjoy!




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Be Sociable, Share!

  1. passwd-master is the PIAF utility for setting a master password for FreePBX access with the maint user account. []
  2. status is the PIAF utility program that displays the current status of most major applications running on your server. []
  3. Mapping a port on your firewall to a private IP address unblocks certain Internet packets and allows them to pass through your firewall directly to an IP device “inside” your firewall for further processing. []
  4. reboot is the Linux command for restarting your server. It’s functionally equivalent to shutdown -r now. []

19 Responses to “Orgasmatron 5.2: The Secure Swiss Army Knife for Asterisk”

  1. Fuyun says:

    Ward:
    Thank you for your continuing effort to make Orgasmatron more versatile and better. I am happy with Orgasmatron 5.1 so I will probably not upgrade. As for Coming Attractions “the process of adding a second, third, fourth, and fifth Google Voice line” sounds really interesting. One more thing I want to know is about international dialing via Orgasmatron. Can you also shed some light on this?

  2. ward says:

    $45,582 Phone Bill is a good overnight reminder of why the Orgasmatron security model makes sense. http://bit.ly/cAh8b0 Thanks, @randulo.

  3. ward says:

    Be advised that with some IPkall numbers, IPkall incorrectly passes the CallerID for incoming calls. The fix is posted in the PBX in a Flash forum.

  4. ward says:

    7-digit local dialing with Orgasmatron 5.2…

    In the GoogleVoice Outbound Route, make your Dial Pattern look like this:

    48|NXXNXXXXXX
    NXXXXXX

    In the local/$OUTNUM$@custom-gv Trunk, make your Dial Pattern look like this (with your area code obviously):

    1NXXNXXXXXX
    NXXNXXXXXX
    843+NXXXXXX

    FreePBX HINT: You have to have a Pattern Match in an Outbound Route before you ever get to an examination of Trunks. And you can’t add stuff in a Route, only in a Trunk.

  5. ward says:

    Starting to look like Google Voice may be intentionally spoofing CallerID to IPkall numbers as a cost saving mechanism. By using an IPkall number as the CallerID, IPkall apparently gets a very different monetary slice for terminating these calls. Hmmmm. Sent a note to Craig Walker at Google to see Whassup!

  6. rich says:

    thanks for this article ward, I’ve been looking for a cheap (unless I get hacked) method of talking to my girlfriend in the states (as I live in the UK)

    One question though, me being in the UK – can I still use GV? I know I’d have to buy a invite, but would my IP give it away that I’m not a yankee?

    [WM: Rumor has it that using a U.S. proxy to sign up works great. :-) ]

  7. rich says:

    *switches to the NY proxy* being a sys admin at a global company has it’s perks :p but it still doesn’t negate the fact that my UK IP, which is so very blatently english connects to GV (when/if I get an invite)?

    Although I did get through to the GV site this time.

  8. Jon Stevens says:

    Ward, I am thinking of reinstalling my PIAF to get the latest Orgasmatron benefits and generally clean up a well modified system. I am keen to try the Proxmox approach. Do you still recommend this for the latest builds, and are there any watchouts not listed above I should be aware of for installing?

    [WM: If you can live without hardware telephony cards, Proxmox is darn near perfect.]

  9. jean-paul jarboe says:

    I’m having trouble getting the initial call from my cell to the IPKall number to work. It just rings once and then goes busy. I’ve been monitoring my traffic on my firewall and I don’t even see anything coming from IPKall. I’ve verified that all the info in my IPKall settings are correct. Any ideas?

    [WM: See the Bug Fixes link for a possible solution.]

  10. Jon Stevens says:

    Ward, I see that the OpenVZ image for Proxmox is still Centos 5.3 – am I ok to follow the above instructions using the OpenVZ image, are there any other considerations I should make. Do you know for an OpenVZ image based on Centos 5.4/1.6?

    [OpenVZ 5.3 image will work fine. CentOS 5.4 is way off for OpenVZ.]

  11. David says:

    Very nice! I installed and configured with SipGate and GV and was surprised how well the process went, including the addition of a BT200 Sip phone. The only issue I am encountering is that after “X” number of hours, it appears the Web Server starts indicating Timeout and Error conditions via the FreePBX panel and the system becomes completely unresponsive and I have to do a hard reset.

    Also, and this is just a general question, is there a separate forum for Orgasmatron builds and at what point should a newb go from here to a forum for assistance?

    Thanks for the great product!

    [WM: Thanks for the comments. If you're having issues, now's the time to head to the forums.]

  12. jean-paul jarboe says:

    Just a little update for anyone else who might have a similar issue.My problem seems to have come from using an @ in my ipkall password. I changed it to some thing without an @ it started working immediately. I then switched it back to an @ and it stopped.
    At any rate, once I got this sorted out everything worked like a charm! Keep up the good work! PBIAF/Orgamatron is leaps and bounds better than anything else I’ve used.

  13. Gordon says:

    Is the Dell T100 still your top choice if you need to use a hardware card? How about the newer T110 and cheaper AMD-based T105?

  14. Seth says:

    voip.ms has IAX support.. will you further support them? or les.net?

    [WM: All registered connections (SIP and IAX) will work just fine.]

  15. Tom Schmitt (TomS) says:

    I have been trying to install PiaF that includes CentOS 5.4 from above on my Dell T105. It installs fine but when I try to run update-scripts, I either tries forever or comes back in a short time and says that the script will not download.
    DNS seems to be OK as I can ping yahoo.com by name just fine.
    If I do update-scripts and update-fixes on my Dell SC440 running Asterisk 1.4 CentOS 5.2 of PiaF, it works just fine.
    I want to complete the Orgasmatron 5.2 load but want to get the updates first.
    I thought that getting the updates done before loading the Orgas 5.2 was important as it says to not to the updates later as it will interfere with the Parking Lot entries.
    I have tried and reloaded multiple time on Friday, Saturday, and Sunday.
    Any assistance will be greatly appreciated!

    [WM: Sounds like an incompatible network adapter off the top of my head, but please post this on the forums, and we'll wrestle with it. Thanks.]

  16. Tom Schmitt says:

    Is there any problem applying 5.2 to the ks16alt load?
    Digium says that I must be running Asterisk 1.6 with Dahdi for the Digium AEX800 card before going further with the one-way missing audio (inbound from pstn).
    Thanks for all the Great Work WARD!

    [WM: Shouldn't be a problem.]

  17. BillyBob2 says:

    did google break this again?

    [WM: Nope. Just tried it. Check for typos. :-) ]

  18. Matt says:

    I’m having a weird problem…I’ve set up Google Voice as advised (through SIPGate). I can place calls, and I can receive calls, and once I worked out some problems with my ATA’s settings (hard to believe Cisco ships a product with defaults as broken as those on the PAP2T, but never mind…) things are mostly working at at least a minimal level.

    But caller ID isn’t working quite right. Whenever anyone calls, the caller ID shown (either on my analog phone plugged into the PAP2T or on the softphone) is that of the SIPGate DID, not the person calling.

    I know the data is in there, because on the softphone, the caller’s number does appear on a second line of the display (in un-bolded text, and much smaller). And I do have GVoice set up to send the caller’s info (I’ve had it this way since GVoice was forwarding to my landline and cell phones…didn’t need to change it for PIAF/Orgasmatron).

    So. Does anyone else have this problem. Has anyone found a fix for it? Should I go to the PIAF forums and ask there instead?

  19. Matt says:

    BTW…on another matter.

    After all the (completely unnecessary in a sane world) work I did to get the PAP2T working correctly with Asterisk/PIAF/Orgasmatron and a standard US analog phone, I’m working on a web-based autoconfig tool to do the same job, by pulling the relevant data from PIAF’s config and generating an XML file that can be fed to the PAP2T’s “provisioning” interface. (I’m a relative newbie to VoIP systems, but I’ve been building web apps like this since before most people had heard the word “internet”.)

    Once I’ve got it working, would you guys be interested in including it in the next version of Orgasmatron?

    wm: You bet! Just let us know when it’s ready.

Ringbinder theme by Themocracy