Just in Time for Santa: Return of The Glory Days with Skype Connect for Asterisk?

You’ve been good boys and girls all year, and today we have some great news for Asterisk® lovers. Skype is back! Oh, if it were only that simple. But let’s revel in the good news for a bit. Microsoft introduced Skype Connect™ about 5 years ago. Now it’s a SIP interface to Skype. And today we’ll take a fresh look at whether it’s a good fit with Asterisk. Skype Connect is part of Skype Manager™, a carefully considered and beautiful product offering that showcases Microsoft’s UI design skills. After shelling out our weekly allowance to join the party, we were ready to go. Here’s a quick overview from Microsoft:

Skype Connect provides connectivity between your business and the Skype community. By adding Skype Connect to your existing SIP-enabled PBX, your business can save on communication costs with little or no additional upgrades required.

With Skype Connect, your business can make great value Skype calls and receive calls from your customers using your desk phones. Customers can also contact your business for free by using Skype from a browser with Skype buttons, by calling [not for free] the Skype business accounts associated with your SIP-enabled PBX, or [by placing PSTN calls to Skype Numbers you may have purchased].

In addition to an Asterisk server, here’s what you’ll need to get started. First things first, sign up for a Skype Manager account if you don’t already have one. It’s easy and it’s free. Once you’re signed up and logged in, you’re going to need a little cash in your Skype credit account to get things going. $30 will get you started but finish reading the article before you invest.

Configuring Skype Connect for Asterisk

To get started, click Features in the toolbar, choose Skype Connect and click Set up a SIP Profile. Give the profile a name “SOHO Inc.” and click Next. Next, choose the number of Channels you need at $6.95 per month. A channel gets you one simultaneous call in or out of Skype. Two channels gets you one call in and one call out simultaneously for $13.90 per month. You can take it from there but, sorry, you can only buy 300 channels at this time. You can add the U.S. Minute Bundles, and we’ll explain that in a minute.

Don’t buy your channels just yet. For now, cancel out of the dialog by clicking Back. Microsoft will set up your profile anyway:

The money deposited into your Skype Manager account will be needed to fund Skype Connect in three separate ways: (1) monthly payments for Channels at $6.95 each, (2) monthly payments for Phone Numbers associated with those Channels at $6.30 each, and (3) allocation of funds in advance to pay for outbound calls from each profile you create. You’ll need at least one phone number (a.k.a. DID) to receive any inbound calls from POTS phones to the Skype Connect SIP account on your Asterisk server. You’ll also need at least one phone number before you can assign a CallerID to your outbound calls.1 Otherwise, they go out as Anonymous calls. Outgoing and incoming calls using traditional Skype Names are not supported.

Once you get your finances in order, it’s time to set up your SIP credentials for your new profile. Click on Authentication Details to display the dialog. Leave the Registration tab highlighted, and click on Generate a New Password, and a new SIP password will be sent to the email address you used to register when you set up your Skype Manager account.

Configuring Asterisk for Skype Connect

On your Asterisk server using your favorite GUI, create a new SkypeConnect SIP trunk with your CallerID and the number of channels you’ve paid for. For the Dialed Number Rule: Prepend: +1, Prefix: 759, Match Pattern: NXXNXXXXXX. Insert the following OutGoing Settings in PEER Details. Use skypeconnect for the peer name and your actual SIP user number and password from Microsoft:

username=990xxxxxxxxxxx
secret=YourRealPassword
type=peer
qualify=yes
insecure=invite
host=sip.skype.com
fromdomain=sip.skype.com
disallow=all
allow=ulaw
context=from-trunk
fromuser=990xxxxxxxxxxx

For the Register String, it’s your SIPusernumber:password@sip.skype.com/SIPusernumber

Finally, create an Incoming Route for your SIPusernumber and tell the GUI where to route the incoming calls. Create an Outbound Route for SkypeOut with a pattern of 759NXXNXXXXXX that points to your skypeconnect trunk. Calls can be placed by dialing the 759 prefix plus a 10-digit number. Adjust as necessary to meet your international requirements.

A Cost-Benefit Analysis of Skype Connect

If you’ve followed along so far and done the math for yourself, you’ve quickly discovered that Skype Connect’s beauty may only be skin deep depending upon your calling patterns. Let’s give Microsoft the benefit of the doubt and assume that they’re using first rate SIP trunks to carry your calls. Here’s our review of how Skype Connect stacks up to the competition.

Vitelity is one of our corporate sponsors. Their SIP trunking services are by no means the cheapest on the planet, but you get what you pay for so we’ll use them to compare prices against Skype Connect. For openers, if you haven’t figured it out already, Skype Connect doesn’t bear much resemblance to the Skype of yesteryear. It is essentially a pay-as-you-go SIP trunking service with very few of the historical benefits of Skype. None of the benefits are documented! According to Microsoft, no free calls except with Skype Buttons. This requires a web development effort and limits callers to browser-based phone calls, not exactly ideal. There’s another wrinkle. It doesn’t work. Skype URIs might, but we didn’t test it. No ability to call existing Skype users is supported except those that have purchased a $6.30/month telephone number to associate with their Skype account. And then you pay for the call… by the minute. There is a silver lining, however. By examining the Skype Connect logs, we discovered that Microsoft internally forwards incoming calls to DIDs back into Skype Connect account numbers before processing the calls. That suggested that Microsoft was using these account numbers for internal call routing. And, sure enough, that is the case. Although undocumented, existing Skype users can dial your Skype Connect account number with a + prefix, and the call will be connected to Skype Connect at no cost (see below). If your Skype Connect SIP trunk is registered to an Asterisk server, then the calls will flow directly into Asterisk.

Our attempts to apply a similar methodology using a remote SIP client, however, failed.2 Others have claimed it works or at least did at one time. Both direct calling approaches eliminate the need for Skype users on BOTH ends of a call to purchase dedicated phone numbers from Microsoft and to pay for long distance calls. The fact that Microsoft has chosen not to document this suggests that free Skype calling to Skype Connect using Skype clients may be short-lived. For today using Skype clients (only), calls will connect using our documented methodology.

Using the Nerd Vittles special Vitelity signup link below, $3.99 a month buys you a DID in your choice of area codes, unlimited incoming calls, and four channels. This means you can receive four simultaneous incoming calls without any caller receiving a busy signal. Now for the math. Identical service with Microsoft’s SIP trunking service and four channels would run you $34.10 per month, nearly 10 times the cost of Vitelity for comparable SIP service. That’s before you place your first outbound call.

Let’s consider some examples that factor into the outbound calling equation. For outbound calls, Microsoft wins if you only make tons of calls within the continental United States only. A U.S. bundle of 5,000 minutes runs $30 with Microsoft.3 That is a bargain at .6¢/min. if you use all 5,000 minutes every month. You can buy one bundle for each channel purchased. Vitelity’s rate to the continental U.S., Hawaii, and Canada is 1.44¢ per minute which works out to $72 for the same 5,000 minutes. Change the call mix to Canada only, and the Microsoft rate skyrockets to $115 while the Vitelity rate stays the same.

Using a more typical SOHO or home calling pattern of 2,000 outbound minutes a month, the Vitelity rate is $28.80 while Microsoft’s rate is $16. Combining the trunk charges, the Vitelity total comes to $32.75 while Microsoft comes in at $50.10. Translation: With the same trunks, channels, a single DID, and 2,000 minutes of outbound U.S. only calls, Vitelity saves you about a third of the monthly cost of the identical Microsoft configuration. For inbound only calling without factoring in free inbound Skype calls, Vitelity saves you 88%. For Canada calling with 2,000 minutes a month, Vitelity saves you about half.

Your actual costs obviously will vary depending upon the mix and number of simultaneous inbound/outbound calls as well as the origin and destination of the calls. For home and SOHO organizations, Skype Connect rarely will be your best choice unless you get a lot of calls from Skype users around the world. In that case, $6.95 a month for a Skype Connect channel (and nothing else) would be a bargain. For the most part, Microsoft’s focus seems to be larger organizations. For U.S.-based organizations that make substantial numbers of outbound calls to U.S. destinations, Skype Connect also could be financially attractive because of the U.S. calling bundles.

For an interesting look at Microsoft’s future in the telecom space, read this article.

Q: Is Skype Connect a good value?

A: It depends! Do the math. YMMV!

Originally published: Monday, December 21, 2015





Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…

  1. According to this article, phone numbers registered to your company can also be used as a CallerID number. []
  2. Attempts to register using a free DID at IPkall also were unsuccessful. []
  3. In the fine print, Microsoft discloses that nearly 100 six-digit dialing prefixes in the U.S. are excluded from the bundle pricing. Download the User Guide here. []

Virtual Paradise: An Asterisk OVF Template for VMware and VirtualBox Fans


Let’s face it. Virtual Machines are the future of server administration. Whether you prefer your own dedicated hardware or cloud-based resources managed by you or someone else, virtual platforms are the way to go. You get more bang for the buck out of your hardware by pooling resources for multiple tasks. Platforms such as VMware® and VirtualBox® make it easy.

What we were missing in the Asterisk® aggregation market was a simplified, open source installer that would let you deploy servers on the virtual platform of your choice without our having to maintain separate builds for each VM technology.

Today, we’re pleased to introduce the new Incredible PBX Unified Installer for VMware and VirtualBox with new OVF editions for Incredible PBX Full Enchilada as well as Lean & Mean. Download the OVF flavor of your choice to your desktop and fire up your favorite virtual machine GUI. With a few mouse clicks and a couple of minutes, you’ll have a Scientific Linux 6.7 platform in place with Incredible PBX just a single keystroke away. It doesn’t get any easier than that. And, unlike the static builds offered by the competition, with Incredible PBX you always get the very latest release of Asterisk 13 and the Incredible PBX GUI compiled on the fly from source code that you can actually examine, enhance, and share… just like the GPL license says. Feel free to compare our open source approach to Sangoma’s Gotcha Special. You have a very real choice!

Choosing a Virtual Machine Platform

Making the right deployment choice for your virtual machine platform depends upon a number of factors. We initially started out with Proxmox 4 which looked promising. After all, we had used and recommended earlier releases of Proxmox for many years until some security vulnerabilities caused us to look elsewhere. Those kernel issues are now a thing of the past, but Proxmox 4 introduced some new wrinkles. First, to stay current with software fixes and updates, you have to pay the piper by signing up for the annual support license. This turned out to be a deal breaker for a couple of reasons. It was expensive since it’s based upon the number of CPUs in your platform. In the case of the hardware shown below, that turned out to be 4 CPUs (by Proxmox’s calculation) which meant the annual support license would run nearly $400 per year. That buys an enormous number of virtual machines at Digital Ocean without having to babysit hardware at all. And, you get a $10 credit to try out the service just for signing up. We also ran into serious technical problems with Proxmox 4. While the server would run without hiccups for a day or so, connectivity failed regularly after that. A reboot would fix the problem for another day, and then it was more of the same. Whether this was a bug or a design choice to encourage paid software updates, we obviously don’t know. Regardless of the reason, we reluctantly concluded that Proxmox 4 wasn’t ready for production use.

That narrowed the selection to VMware or VirtualBox. VMware is rock-solid and has been for more than fifteen years. VirtualBox is equally good, but typically runs on a desktop computer rather than dedicated hardware. If you don’t have the funds for a hardware purchase to support your virtualization requirements, then VirtualBox is a no-brainer. For many, however, some separation of the virtualization environment from your desktop computing environment is desirable. And, again, the choice is a no-brainer. VMware wins that one, hands down.

Getting Started with VMware ESXi

Many of you have VMware platforms already in place at work. For you, installing Incredible PBX is as simple as downloading the OVF tarball to your desktop and importing it into your existing platform. If you’re new to VMware, here’s an easy way to get started, and the software won’t cost you a dime. VMware offers a couple of free products that will give you everything you need to run a robust VMware platform on relatively inexpensive hardware. Let’s start with the hardware.

A $500 VMware Platform for SOHO and Small Business Applications

You’re looking at all the components that make up the $500 Intel® NUC D54250WYK with a Core i5 dual-core processor, a 250GB mSATA drive, and 16GB of RAM. While you install the RAM and disk drive yourself, if you can unscrew 5 screws and have 5 minutes to spare, you can handle this.

Here’s how we started. Of course, you can adjust the components and the merchant to meet your own requirements. For us, Amazon1 works great, and the prices are competitive. Who else delivers on Sunday? Despite the notice that the computer would be here on Monday, we knew better. And sure enough it was in the box with the other Sunday goodies. We removed the four screws from the bottom feet of the computer, and the case opened easily. Next, we unscrewed the screw from the bottom of the motherboard that holds the SSD drive in place securely. Snap in the mSATA drive and the two memory sticks, replace the screws, and we were in business.

NEWS FLASH: The Intel NUC pictured above is the 4th Generation Core i5 device. Now the 5th Generation edition is an even better deal. See the sidebar for the NUC5i5RYK link.

A Free VMware Software Platform for SOHO and Small Business Applications

Before you can download either of the components for the free VMware ESXi platform, you’ll need to sign up for a free account at my.vmware.com. Once you’re signed up, log in and go to the ESXi 6 Download Center and sign up for a free ESXi license key:

  1. Write down your assigned License Key
  2. Manually download the VMware vSphere Hypervisor 6.0 Update 1 ISO
  3. Manually download the VMware vSphere Client 6.0U1

Next, burn the ISO to a CD/DVD and boot your dedicated VM hardware platform with it. Follow the instructions to complete the install. Next install the vSphere Client on a Windows computer. Don’t forget to add your ESXi License Key when you complete the installation. Once the ESXi server is up and running, you can stick the hardware on a shelf somewhere out of the way. You will rarely interact with it. That’s all handled using the VMware vSphere Client on your Windows Desktop. Yes, there is a web client as well, but you’ll have to pay for that one.

Deploying Incredible PBX OVF Templates with VMware vSphere Client

Deploying an Incredible PBX OVF template takes about two minutes, but first you need to download and unzip the desired Incredible PBX OVF templates from SourceForge onto your Windows Desktop.

Once you have the Incredible PBX OVF templates on your desktop, here are the deployment steps:

1. Login to the vSphere Client on your Windows Desktop using the root account you set up when you installed ESXi. Choose File, Deploy OVF Template.

2. Select the desired Incredible PBX .ovf template from your desktop PC after first unzipping the downloads.

3. Click Next.

4. Give the new Virtual Machine a name.

5. IMPORTANT: Choose Thin Provision option and click Next.

6. Review your entries and click Next to create the new Virtual Machine.

7. It takes about 2 minutes to create the new Virtual Machine.

8. The Main Client window will redisplay and your new VM should now be shown in the left panel. (1) Click on it. (2) Then click the Green start icon. (3) Click the Console Window icon.

9. When the VM’s Console Window opens, click in the window in the black area. Then press ENTER to kick off the Incredible PBX Phase 2 install. Review the Incredible PBX tutorial to get started.

Ctrl-Alt gets your mouse and keyboard out of the console window.

Installing the vSphere Web Client

If you’re lucky, you may not have a Windows machine. The downside is that the vSphere Client described above only works on the Windows platform. After hours of searching some of the most dreadful documentation on the planet, we finally uncovered a simple way to install the (experimental) vSphere Web Client. It is pure HTML5 with no Flash code! It’s also not ready for prime time. Most of the feature set looks pretty but doesn’t work if you have a free license. But it will give you an idea of where VMware is headed, and the bug reportedly will be fixed in the ESXi 6.0U2 release.

FYI: An easy way to apply License Key once it’s set up: Virtual Machines -> Licensing -> Apply License

1. Log into the console of your ESXi server as root using your root password.

2. Press F2 to Customized System.

3. Choose Troubleshooting Options.

4. Choose Enable SSH.

5. Using a Terminal window on a Mac or Linux machine or using Putty with Windows, log into the IP address of your ESXi server as root.

6. Issue the following command to install the vSphere Web Client vib:

esxcli software vib install -v http://download3.vmware.com/software/vmw-tools/esxui/esxui-2976804.vib

7. Using a web browser, login to the web client as root at https://ESXi-server-IP-address/ui

8. Should you ever wish to remove the web client from your server:

esxcli software vib remove -n esx-ui

9. Don’t forget to disable SSH access when you’re finished. Just repeat steps 1-4 above.

Installing Incredible PBX OVF Templates with VirtualBox

For those that opt for a desktop virtualization solution, there is no finer choice than VirtualBox. We’ve written about VirtualBox previously on Nerd Vittles so we won’t repeat the history here. If you need help setting it up, see this Nerd Vittles tutorial.

For today, we’ll show you how to take a VMware OVA template and build a VirtualBox VM:

1. Start up VirtualBox on your desktop.

2. Choose File, Import Appliance and select your Incredible PBX OVF template by clicking on the File Dialog icon. Click Continue when done.

3. In the Appliance Settings dialog, be sure “Reinitialize MAC Address of all network cards” is checked. Click Import.

4. Once the virtual machine is created, select it and click Settings. Name the VM in the General tab. Check Enable I/O APIC in the System tab. Set Video Memory to 16MB in the Display tab. Enable Audio and choose your sound card in the Audio tab. Enable Network and choose Bridged Network for Adapter 1 in the Network tab. Click OK to save your changes.

5. Click the Start icon to fire up your virtual machine. Press ENTER in the VM window to start Phase II of the Incredible PBX install.

6. Review the Incredible PBX tutorial to get started.

Initial Configuration of Incredible PBX

To complete the install, use SSH or putty to log into your VM as root. Default password: password. Then…

  • Change your root password immediately: passwd
  • Set your FreePBX admin password: /root/admin-pw-change
  • Set your web apps admin password: htpasswd /etc/pbx/wwwpasswd admin
  • Set your correct time zone: /root/timezone-setup
  • Add WhiteList entries to firewall if needed: /root/add-ip or /root/add-fqdn
  • Store PortKnocker credentials in a safe place: cat /root/knock.FAQ
  • Login to your NeoRouter VPN server if desired: /root/nrclientcmd
  • Run the Incredible Fax installer, if desired: /root/incrediblefax11.sh
  • Set your admin password for AvantFax: /root/avantfax-pw-change
  • Enable Google Voice OAUTH authentication support, if desired: http://nerd.bz/1JaO4ij (section 1b.)

Originally published: Monday, December 14, 2015




Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…

  1. Some of our purchase links refer users to Amazon and other sites when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from merchants to help cover the costs of our blog. We never recommend particular products solely to generate commissions. However, when pricing is comparable or availability is favorable, we support Amazon and other merchants because they support us. []

Rolling Your Own: Creating a Custom Incredible PBX ISO for Asterisk

We promised to provide the Incredible PBX 13.2 ISO build environment for those of you that wanted to learn how to roll your own ISO. Why would you want to do such thing? Well, we can think of a number of reasons. First, you may just want to learn how sh*t works. Or you may want to impress your boss by building a custom ISO with the corporate logo splattered all over the place. Then there are those that want to add a feature or function that we haven’t included yet so you can share your creation with your friends. For us, the motivation was to provide an Asterisk® aggregation that others could build upon without legal hassles about copyrights and trademarks… you know, a real open source project based upon the GPL license.

Regardless of your motivation, today’s your lucky day. We’re providing an exact duplicate of the build environment that was used to create the Incredible PBX 13.2 ISO. It’s released under the same GPL license that applies to the ISO itself. Copy it, enhance it, give it to your friends, and share your additions so that all of us can learn from you. In addition to the code, we’re actually going to document how to modify it and use it… you know, real instructions.


The Schmoozers were back in full force last week with one accusing us of “stealing” their code and another with this gem:


For the record, we use GPL code of others with full credit to the authors. That’s what the GPL and Asterisk aggregations have always been about. Let’s compare that to our Sangoma® friends who rip the covers off RedHat’s GPL ISO, brand it as their own, and then have the balls to distribute it as closed source code. Repeating a lie over and over doesn’t make it come true!


Getting Started. Before you can use today’s code, you’ll need a suitable platform on which to play. You’ve got a couple of choices. First, you can actually install Incredible PBX 13.2 using last week’s ISO. A second option is to build yourself a virtual machine or a cloud-based server with Scientific Linux 6.7 or even CentOS 6.7 minimal. We recommend 32-bit architecture because the Incredible PBX 3.2 ISO build environment as configured is 32-bit to assure maximum hardware compatibility. The server hardware platform doesn’t really matter. Cheaper means it takes a little longer, but you’ll get the same results.

Installing the Incredible PBX 13.2 ISO Build Environment. Once you have your server up and running, log in as root. This usually isn’t a good idea for a build environment, by the way. We’re doing it because we’re assuming you have a machine dedicated to just building ISOs on which to experiment. Issue these commands to put the ISO build platform in place:

cd /root
setenforce 0
yum -y install wget nano
wget http://incrediblepbx.com/create-ISO-new.tar.gz
tar zxvf create-ISO-new.tar.gz
rm -f create-ISO-new.tar.gz

Creating Your First ISO. Why waste time? Let’s actually build an Incredible PBX ISO to show you how easy it is. Issue the following command to kick off the process: /root/create-ISO-new. Depending upon your server’s specs, the whole build procedure should take a minute or two to complete. When it’s finished, you’ll have a shiny new ISO that can be burned to a DVD or USB thumb drive following the steps documented in our previous tutorial:

ls -all /root/kickstart_build/*.iso

-rw-r--r-- 1 root root 890241024 Nov 24 12:45 /root/kickstart_build/IncrediblePBX13.2.iso

ISO Design Overview. There are lots of ways to design an ISO architecture. We’ve chosen a hybrid approach with a two-phase install. When you first boot from the ISO installer, you get the operating system platform. The server then reboots, and Phase II downloads and then runs the latest Incredible PBX installer. Our main reason for choosing this design is that you don’t have to create a new ISO every time you make changes in the Incredible PBX installer. For those of you that remember the Asterisk@Home and trixbox days, this was a major shortcoming. The ISOs were released about every three to six months, and invariably a major glitch was discovered about a week after the new ISO was introduced. With our two-phase installer, slipstream changes are easy to implement by simply adding a line to the Incredible PBX install script. The ISO itself never has to be updated until a major operating system refresh is necessary.

Adding Packages to Your ISO. With Incredible PBX, RHEL 6.7-compatible packages are added to new servers in a couple of ways. First, there are packages actually included within the ISO itself that are loaded during Phase I of the install, i.e. when Scientific Linux 6.7 platform is installed. These packages must include all necessary dependencies. The kickstart process actually resolves and loads package dependencies as part of the Phase I ISO install procedure. Once the base install is completed, the end-user’s server reboots and then the Phase II install kicks off by downloading and running the Incredible PBX 13-12R installer. Additional RPM packages and a number of other applications in tarball format are downloaded and installed during this Phase II process. Today, we’ll show you how to modify both pieces of the ISO install procedure.

To add RPMs to the ISO itself, keep in mind that the new RPMs must match the architecture of the default build environment. In the case of Incredible PBX, it’s a 32-bit architecture which means you’ll need 32-bit versions of RPMs you wish to add. Otherwise, you will need to replace all of the packages in the build environment with their 64-bit cousins.

There are 3 steps to adding new packages to the ISO build environment.

First, create a temporary directory (/tmp/packages) to use for gathering up the RPMs to be added. This is so you can check your work without screwing up your build environment. To add an RPM, you first need to download it from a repository to your temporary directory. The syntax looks like this where NetworkManager is the name of the RPM you wish to install:

yum -y install --downloadonly --downloaddir=/tmp/packages NetworkManager

Second, move the RPMs from /tmp/packages into your build environment. This must include RPM package dependencies (as was the case when adding NetworkManager):

mv /tmp/packages/*.rpm /root/kickstart_build/isolinux/Packages/.

Third, add the names of your new RPMs to the kickstart config files (ks*.cfg) in /root/kickstart_build/isolinux. The package names go in the section of each kickstart file labeled %packages.

NOTE: You do not have to add the names of RPMs being added because of dependencies in step 3. You DO have to add the actual RPMs and RPM dependencies in step 2. For example, with NetworkManager, only NetworkManager itself needed to be added to the %packages list in the ks*.cfg config files. But the collection of NetworkManager RPMs and its dependencies for step 2 looked like this:

avahi-autoipd-0.6.25-15.el6.i686.rpm
dnsmasq-2.48-14.el6.i686.rpm
libdaemon-0.14-1.el6.i686.rpm
mobile-broadband-provider-info-1.20100122-4.el6.noarch.rpm
ModemManager-0.4.0-5.git20100628.el6.i686.rpm
NetworkManager-0.8.1-99.el6.i686.rpm
NetworkManager-glib-0.8.1-99.el6.i686.rpm
ppp-2.4.5-10.el6.i686.rpm
rp-pppoe-3.10-11.el6.i686.rpm
wpa_supplicant-0.7.3-6.el6.i686.rpm

Changing the ISO Default Boot Menu. Once you have burned the ISO to a DVD-ROM or USB flash drive and booted your server-to-be, a default kickstart menu will be presented: /root/kickstart_build/isolinux/isolinux.cfg. Edit it to customize the splash screen and make any desired changes in the screen title and options displayed to those using your ISO. WARNING: If you modify the ks*.cfg options in the file, you also will need to make similar modifications in the create-ISO-new build script as well as adding new matching ks config files in /root/kickstart_build/isolinux.

Modifying the Phase II ISO Install Procedure. The Phase I install setup already provided in the Incredible PBX ISO will work for any number of ISO requirements you might have because it provides a robust Scientific Linux 6.7 base platform. Now for the fun part. You can modify the Phase II install in any way you like by simply adjusting the download script and hosting it on your own public server.

The Phase II magic is housed in the %post section of the kickstart config files (ks*.cfg). The initial setup in this section will work for almost any setup. It addresses the quirks of getting a working network connection functioning on most server platforms. This got much more complicated with the introduction of UEFI on newer Intel-based servers. But we’ve addressed all of that. To customize the install to run your own Phase II script, you need only modify the last few lines of the %post section:

/bin/echo "cd /root" >> /tmp/firstboot
/bin/echo "/usr/bin/wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "/bin/tar zxvf incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "/bin/rm -f incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "./Inc*" >> /tmp/firstboot
/bin/chmod +x /tmp/firstboot
eject
%end

These last few lines tell the ISO installer where to find your Phase II script and manage the procedure for downloading it, untarring it, and then running it. To deploy your own Phase II install script, simply modify lines 2, 3, 4, and 5 above. In line 2, provide the public server location of your script in .tar.gz format. In line 3, untar the script in the /root folder of the new server. In line 4, remove the .tar.gz file after it’s been decompressed. In line 5, run the shell script included in your tarball. The remaining lines shown above should be preserved as shown. Once you finish making changes in ks.cfg, copy the %post section to your other kickstart config files and then rerun /root/create-ISO-new to build your new ISO. Enjoy!

Originally published: Friday, December 11, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…

Cyber Monday 2016: The Return of the Lean, Mean Asterisk Machine


We promised to deliver the Incredible PBX™ ISO build environment this week, but that didn’t really have much sex appeal for Cyber Monday. Instead, today we’re introducing the product that tops the 2016 Wish List from Nerd Vittles readers: a stripped down, lean and mean version of Incredible PBX 13 with just the operating system platform, the latest version of Asterisk® 13, and an uncluttered Incredible GUI with the basic collection of FreePBX® GPL modules… and No Gotchas.

Who would want such a thing? Well, lots of folks apparently. Developers and system integrators prefer a clean slate when they’re rolling out systems for new customers. And we want to provide a mix of solutions that meet everyone’s requirements. The three dozen Incredible PBX applications for Asterisk still can be added on an as needed basis. Or, if you change your mind and decide you’re missing all of those preconfigured, free applications, just run the Incredible PBX installer again and switch tutorials. As they say in the hood, “Different strokes for different folks.”

The silver lining in the one week delay of the ISO Build Environment rollout means that next week you’ll have all the pieces as well as the templates needed to create two versions of Incredible PBX instead of one… plus some important bug fixes. And speaking of bugs, there was a Big One in the 11/29/2015 ISO that prevented installation of Incredible PBX Full Enchilada. This has been fixed in the 12/01/2015 release:

Initially, we had planned to roll out a separate ISO for Incredible PBX Lean. But that seemed kind of silly. After all, the beauty of an ISO is being able to present a menu of choices and then let the person installing the software make a selection that best meets their needs. So there’s an updated ISO on SourceForge that now lets you choose between the Full Enchilada and the Lean & Mean version of Incredible PBX 13. Last week’s tutorial will walk you through the Full Enchilada setup. Today we’ll cover what’s necessary to install and deploy the Lean & Mean version. And, yes, you can burn the new ISO to either a DVD-ROM or a 1GB or larger USB thumb drive.

Introducing the Incredible PBX 13.2 Lean Platform

Overview. The Incredible PBX Lean installation process couldn’t be easier. Download IncrediblePBX13.2.iso from SourceForge. Burn the ISO to a DVD-ROM or USB thumb drive. Four different methods are outlined below. Need some great hardware for under $200? Read our tutorial. Or, if you have an old PC lying around, that’ll work, too. Boot up the dedicated machine on which you want to install Incredible PBX. Highlight the Lean & Mean option on the ISO installation menu and press the ENTER key. Choose your time zone, create a really secure root password, and have a coffee break. When Scientific Linux 6.7 has been installed, your server will reboot. Accept the Incredible PBX license agreement and press the ENTER key. Go to lunch and, when you return, you should be good to go. Finish reading this tutorial to add the finishing touches and secure your server.

Let us take a moment to explain the Incredible PBX installation process using this ISO. We don’t hide stuff in our ISO or play games with your security. We don’t give ourselves or our application any secret permissions. There are just two steps to an Incredible PBX ISO install. When the install begins, it loads pure Scientific Linux 6.7 onto your server,1 not some homegrown concoction using proprietary repositories. Your server then reboots. After restarting, the very latest copy of the Incredible PBX 13-12 installer is downloaded and run. You’ll find the source code for the Incredible PBX installer in your /root directory after the install is completed: IncrediblePBX13-12L.sh. You’ll also find some other helpful scripts in /root including the optional (free) Incredible Fax installer. If you ever have a question about what was installed on your server, feel free to examine the source code of our installers or post a note on the PIAF Forum. It’s unencrypted GPL2 code. You’re free to use it, enhance it, and share it. Try that with Sangoma. It’s your choice!

Incredible PBX 13.2 ISO Installation Guide

Downloading the Incredible PBX 13.2 ISO. On the machine you’ll be using to create your installation media, download IncrediblePBX13.2.iso from SourceForge.

Burning a DVD-ROM from the ISO. If your server platform doesn’t have USB support, then burn the ISO to a DVD using a Mac or Windows machine.

Creating a USB Flash Drive Installer. If your server platform has USB ports, you have three ways to move the Incredible PBX 13.2 ISO to a 1GB or larger flash drive. You can use a Windows PC, a Mac, or a Linux machine to create the USB thumb drive installer.

Creating a USB Flash Drive Installer with a Windows PC. In order to create a USB thumb drive using an ISO image, you’ll first need to install Rufus. It’s free. Once you’ve installed it, insert a blank USB thumb drive and run Rufus. Make your settings look like what’s shown above. Be very careful in choosing your Device. You don’t want to accidentally erase the wrong drive on your Windows machine. The correct choice is the USB thumb drive you just inserted. Don’t guess!! Step 2 is choosing the IncrediblePBX13.2.iso file that you downloaded from SourceForge. Step 3 is clicking Start. The ISOHybrid Window will be presented. Step 4 is changing the default setting to “Write in DD image mode.” Step 5 is pressing OK. In a few minutes, your ISO image transfer to the USB flash drive will be finished. Give it 15 seconds just to be safe. Then remove the USB thumb drive and you’re ready to begin the install on your dedicated Incredible PBX server.

Creating a USB Flash Drive Installer with a Mac. To create a USB thumb drive using an ISO image on a Mac, first insert the USB thumb drive and partition it with a single MS-DOS partition using Disk Utility. Next, open a Terminal window and issue the command: diskutil list. Review the device names and find the one that matches the size of your thumb drive. It will be something like /dev/disk9. Again, be careful. You don’t want to accidentally erase the wrong drive on your Mac! Next, change to the directory into which you downloaded IncrediblePBX13.2.iso, e.g. cd Desktop. Now issue the following commands substituting the actual device name for /dev/disk9 below:

diskutil unmountDisk /dev/disk9
sudo dd if=IncrediblePBX13.2.iso bs=1m of=/dev/disk9
sudo sync
diskutil eject /dev/disk9

When the install completes, remove the USB thumb drive and you’re ready to begin the install on your dedicated Incredible PBX server. NOTE: There will be no feedback during the dd step above. It can take 15 minutes or more depending upon the horsepower of your Mac. Be patient!

Creating a USB Flash Drive Installer on a Linux machine. To create a USB thumb drive using an ISO image on a Linux machine, first log into your server as root. Insert a blank USB thumb drive. From the CLI, decipher the device name of your thumb drive: fdisk -l. The device name will be something like /dev/sdb. Be careful. You don’t want to accidentally erase the wrong drive on your Linux server! Change to the directory into which you downloaded IncrediblePBX13.2.iso, e.g. cd /root. To transfer the ISO to your thumb drive, issue the following commands replacing /dev/sdb with the actual device name for your thumb drive in lines 1 and 3 below:

dd if=IncrediblePBX13.2.iso bs=4M of=/dev/sdb
sync
udisks --detach /dev/sdb

When the install completes, remove the USB thumb drive and you’re ready to begin the install on your dedicated Incredible PBX server. NOTE: There will be no feedback during the dd step above. It can take 5 to 15 minutes depending upon the horsepower of your Linux machine.

Kicking Off the Incredible PBX 13 Lean Install. Now we’re ready to install Incredible PBX 13 Lean on your dedicated server platform. Simply insert the DVD-ROM or USB thumb drive in your server-to-be and boot. During the POST boot process, press the function key that displays a Boot Device Menu and choose your DVD-ROM drive or USB device. When the Incredible PBX 13 installation menu displays, choose the second option for the Lean & Mean Install and press ENTER. Choose your time zone, create a really secure root password, and have a coffee break. When Scientific Linux 6.7 has been installed, your server will reboot. Accept the Incredible PBX license agreement and press the ENTER key. Go to lunch and, when you return, you should be good to go. When the installation finishes, reboot your server and log in as root to apply the last minute updates for Incredible PBX.

To complete the install, perform the following from the Linux CLI while logged in as root:

  • Change your root password if it’s insecure: passwd
  • Set your Incredible GUI admin password: /root/admin-pw-change
  • Set your web apps admin password: htpasswd /etc/pbx/wwwpasswd admin
  • Set your correct time zone: /root/timezone-setup
  • Add WhiteList entries to firewall if needed: /root/add-ip or /root/add-fqdn
  • Store PortKnocker credentials in a safe place: cat /root/knock.FAQ
  • *** THE REMAINING FEATURES ARE OPTIONAL ADDITIONS ***
  • Login to your NeoRouter VPN server: /root/nrclientcmd
  • To enable free faxing: /root/incrediblefax11.sh
  • Set admin password for AvantFax: /root/avantfax-pw-change
  • To enable PPTP VPN: /root/pptp-install
  • To enable Google Voice OAUTH authentication: http://nerd.bz/1JaO4ij (1b.)
  • To install FCC RoboCall BlackList: http://nerdvittles.com/?p=15412

Managing Your Server with Incredible PBX Web-Based Tools

Most of your time initially configuring and managing your server will be spent using the web-based tools provided with Incredible PBX. Because most of the apps have been removed in the Lean version of Incredible PBX, the Kennonsoft Menu layer has been removed from the install. Using any modern browser, go to the IP address of your server as shown in the status display above. Choose Incredible GUI Administration. The default username is admin and the password is what you set during the final installation steps above. The Incredible PBX GUI’s Status will display with a clean slate. The only additions to the base install of the FreePBX GPL modules are a dozen preconfigured (but disabled) trunks from the leading trunk providers. This will save you some time, but you can delete any or all of them with a few mouse clicks. We’ve also removed module signature checking to streamline the addition of GPL modules from providers other than Sangoma®. We strongly recommend that you log into the Incredible GUI at least once a week and check the PBX in a Flash RSS News Feed for security alerts and bulletins.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to set up your Google Voice trunk in the GUI. After logging in with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!

IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.

Troubleshooting Audio and DTMF Problems

You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in the GUI: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

A Few Words about the Incredible PBX Security Model for SL 6.7

Incredible PBX for Scientific Linux joins our previous builds as our most secure turnkey PBX implementation. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. The latest release also includes Port Knocker for simple, secure access from any remote computer or smartphone. You can get up to speed on how the technology works by reading the Nerd Vittles tutorial. Your Port Knocker credentials are stored in /root/knock.FAQ together with activation instructions for your server and mobile devices. The NeoRouter VPN client also is included for rock-solid, secure connectivity to remote users. Read our previous tutorial for setup instructions. As configured, nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. You can whitelist additional IP addresses by running the command-line utility /root/add-ip. You can remove whitelisted IP addresses by running /root/del-acct. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking. We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. And it’s your phone bill. 😉

The IPtables firewall is a complex piece of software. If you need assistance with configuring it, visit the PIAF Forum for some friendly assistance.

Incredible Backup and Restore

We’re pleased to introduce our latest backup and restore utilities for Incredible PBX. Running /root/incrediblebackup will create a backup image of your server in /tmp. This backup image then can be copied to any other medium desired for storage. To restore it to another Incredible PBX server, simply copy the image to a server running Asterisk 13 and the same version of the Incredible PBX GUI. Then run /root/incrediblerestore. Doesn’t get much simpler than that.

Incredible PBX Automatic Update Utility

Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along. We originally had planned to make our fortune off update fees, but we changed our mind. So… contrary to the language in some of our builds, contributions to our projects are PURELY VOLUNTARY. You’ll get every update as it’s released whether you financially support our projects or not. Why haven’t we fixed the language? Good question. The short answer is it’s buried deep in the GUI image that would have to be regenerated from scratch. We’ll get to it one of these days. In the meantime, sleep soundly. No one will be breaking down your door for a donation.

We also encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie. Enjoy!

Originally published: Monday, November 30, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…

  1. If you’re wondering what packages are installed with Scientific Linux 6.7, come back next week and download the entire Incredible PBX ISO build environment. All of the packages installed on your server are included in the build platform itself. Feel free to add to them or change them to your heart’s content. We don’t have a million dollar staff. That’s why we depend upon folks like you to offer suggestions and enhancements. In short, we treat Incredible PBX like a real open source project. Come join the fun! []

Free at Last: Incredible PBX 13.2 ISO Supporting DVD-ROM and USB Flash Drives


Leave it to Sangoma® and the Schmoozers1 to light a fire under us and encourage development of USB flash drive support for our Incredible PBX installer. When Sangoma is complaining about Gotchas, you’d best pay attention because nobody knows more about Gotchas than Sangoma. After all, this is the company that considers it a badge of honor to prohibit redistribution of the FreePBX® Distro ISO. You can’t make a copy, give it to friends, or pass it on to your colleagues at work. No, sir. That would violate the copyright law… according to Sangoma anyway. Never mind Sections 5 and 6 of the GPL and the 99% of their ISO that’s comprised of GPL code produced by others. Here’s a quick refresher for all you legal beagles…



So much for FOSS and open source development. And, thank you, Sangoma for reminding us that it’s 2015. The Incredible PBX 13 ISO was getting long in the tooth. It’s been on the street almost two months. So we’re pleased to accept the challenge and introduce the second-generation Incredible PBX 13.2 ISO. Like its predecessor, it’s 100% open source and GPL code. Perhaps now Sangoma will follow suit. And produce a legit GPL source repository for FreePBX 12 while you’re at it.

The new Incredible PBX 13.2 ISO can be burned to either a DVD-ROM or a 1GB or larger USB flash drive using a Mac, a Windows PC, or almost any Linux machine. And, unlike the FreePBX Distro, you’re more than welcome to share our code and the ISO with all of your friends and business associates. In fact, next week we’re releasing the entire Incredible PBX build platform for those of you that want to roll your own ISO. Share your enhancements and tweaks or make a customized ISO for just your company and pass it around. We’d be delighted. And our previous tutorial will even show you how to set up and maintain your own Cloud Repository for Incredible PBX. FREEDOM: THAT’S WHAT OPEN SOURCE IS ALL ABOUT!

All together now… No Gotchas! Dear Sangoma: Don’t SAY you love Freedom on freepbx.org and then DO just the opposite.

Introducing the Incredible PBX 13.2 ISO

Overview. The Incredible PBX installation process couldn’t be easier. Download IncrediblePBX13.2.iso from SourceForge. Burn the ISO to a DVD-ROM or USB thumb drive. Four different methods are outlined below. Need some great hardware for under $200? Read our tutorial. Or, if you have an old PC lying around, that’ll work, too. Boot up the dedicated machine on which you want to install Incredible PBX. Choose whether you prefer the Incredible PBX Whole Enchilada with 30+ applications for Asterisk or the Lean & Mean version which has its own separate tutorial here. Press the ENTER key. Choose your time zone, create a really secure root password, and have a coffee break. When Scientific Linux 6.7 has been installed, your server will reboot. Accept the Incredible PBX license agreement and press the ENTER key. Go to lunch and, when you return, you should be good to go. Finish reading this tutorial to add the finishing touches and secure your server. Then read the Incredible PBX Application Users Guide to learn all about the three dozen FREE applications for Asterisk® that are included in the build. DONE!

Let us take a moment to explain the Incredible PBX installation process using this ISO. We don’t hide stuff in our ISO or play games with your security. We don’t give ourselves or our application any secret permissions. There are just two steps to an Incredible PBX ISO install. When the install begins, it loads pure Scientific Linux 6.7 onto your server,2 not some homegrown concoction using proprietary repositories. Your server then reboots. After restarting, the very latest copy of the Incredible PBX 13-12 installer is downloaded and run (see the actual source code of the script below). You’ll find the source code for the Incredible PBX installer in your /root directory after the install is completed: IncrediblePBX13-12R.sh. You’ll also find some other helpful scripts in /root including the optional (free) Incredible Fax installer. If you ever have a question about what was installed on your server, feel free to examine the source code of our installers or post a note on the PIAF Forum. It’s unencrypted GPL2 code. You’re free to use it, enhance it, and share it. Try that with Sangoma. It’s your choice!

%post
###############################################################
#
# Post Script - this script runs on Incredible PBX server
# immediately after Scientific Linux 6.7 install finishes
#
###############################################################
/usr/sbin/ntpdate -su pool.ntp.org
rpm -e readahead
/bin/sed -i 's|rhgb quiet||' /boot/grub/grub.conf
/bin/echo "/tmp/firstboot" >> /etc/rc.d/rc.local
/bin/echo "#!/bin/bash" > /tmp/firstboot
/bin/echo " " >> /tmp/firstboot
/bin/echo "NETDN=`/bin/ping -c 1 incrediblepbx.com | /bin/grep incrediblepbx.com`" >> /tmp/firstboot
/bin/echo "if [[ -z $NETDN ]]; then" >> /tmp/firstboot
/bin/echo " read -p 'Network is down. Please fix. Then press RETURN to reboot and retry.'" >> /tmp/firstboot
/bin/echo " /sbin/reboot" >> /tmp/firstboot
/bin/echo " exit" >> /tmp/firstboot
/bin/echo "fi" >> /tmp/firstboot
/bin/echo "sed -i '/firstboot/d' /etc/rc.d/rc.local" >> /tmp/firstboot
/bin/echo "sed -i 's|NO_DM |NO_DM rhgb quiet|' /boot/grub/grub.conf" >> /tmp/firstboot
/bin/echo "cd /root" >> /tmp/firstboot
/bin/echo "wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "tar zxvf incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "rm -f incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "./Inc*" >> /tmp/firstboot
/bin/chmod +x /tmp/firstboot
eject
%end

Incredible PBX 13.2 ISO Installation Guide

Downloading the Incredible PBX 13.2 ISO. On the machine you’ll be using to create your installation media, download IncrediblePBX13.2.iso from SourceForge. Update: The 11/29/2015 version of the ISO had a bug that prevented proper installation of Incredible PBX Full Enchilada. The 12/01/2015 release fixed the problem.

Burning a DVD-ROM from the ISO. If your server platform doesn’t have USB support, then burn the ISO to a DVD using a Mac or Windows machine.

Creating a USB Flash Drive Installer. If your server platform has USB ports, you have three ways to move the Incredible PBX 13.2 ISO to a 1GB or larger flash drive. You can use a Windows PC, a Mac, or a Linux machine to create the USB thumb drive installer.

Creating a USB Flash Drive Installer with a Windows PC. In order to create a USB thumb drive using an ISO image, you’ll first need to install Rufus. It’s free. Once you’ve installed it, insert a blank USB thumb drive and run Rufus. Make your settings look like what’s shown above. Be very careful in choosing your Device. You don’t want to accidentally erase the wrong drive on your Windows machine. The correct choice is the USB thumb drive you just inserted. Don’t guess!! Step 2 is choosing the IncrediblePBX13.2.iso file that you downloaded from SourceForge. Step 3 is clicking Start. The ISOHybrid Window will be presented. Step 4 is changing the default setting to “Write in DD image mode.” Step 5 is pressing OK. In a few minutes, your ISO image transfer to the USB flash drive will be finished. Give it 15 seconds just to be safe. Then remove the USB thumb drive and you’re ready to begin the install on your dedicated Incredible PBX server.

Creating a USB Flash Drive Installer with a Mac. To create a USB thumb drive using an ISO image on a Mac, first insert the USB thumb drive and partition it with a single MS-DOS partition using Disk Utility. Next, open a Terminal window and issue the command: diskutil list. Review the device names and find the one that matches the size of your thumb drive. It will be something like /dev/disk9. Again, be careful. You don’t want to accidentally erase the wrong drive on your Mac! Next, change to the directory into which you downloaded IncrediblePBX13.2.iso, e.g. cd Desktop. Now issue the following commands substituting the actual device name for /dev/disk9 below:

diskutil unmountDisk /dev/disk9
sudo dd if=IncrediblePBX13.2.iso bs=1m of=/dev/disk9
sudo sync
diskutil eject /dev/disk9

When the install completes, remove the USB thumb drive and you’re ready to begin the install on your dedicated Incredible PBX server. NOTE: There will be no feedback during the dd step above. It can take 15 minutes or more depending upon the horsepower of your Mac. Be patient!

Creating a USB Flash Drive Installer on a Linux machine. To create a USB thumb drive using an ISO image on a Linux machine, first log into your server as root. Insert a blank USB thumb drive. From the CLI, decipher the device name of your thumb drive: fdisk -l. The device name will be something like /dev/sdb. Be careful. You don’t want to accidentally erase the wrong drive on your Linux server! Change to the directory into which you downloaded IncrediblePBX13.2.iso, e.g. cd /root. To transfer the ISO to your thumb drive, issue the following commands replacing /dev/sdb with the actual device name for your thumb drive in lines 1 and 3 below:

dd if=IncrediblePBX13.2.iso bs=4M of=/dev/sdb
sync
udisks --detach /dev/sdb

When the install completes, remove the USB thumb drive and you’re ready to begin the install on your dedicated Incredible PBX server. NOTE: There will be no feedback during the dd step above. It can take 5 to 15 minutes depending upon the horsepower of your Linux machine.

Kicking Off the Incredible PBX 13 Install. Now we’re ready to install Incredible PBX 13 on your dedicated server platform. Simply insert the DVD-ROM or USB thumb drive in your server-to-be and boot. During the POST boot process, press the function key that displays a Boot Device Menu and choose your DVD-ROM drive or USB device. When the Incredible PBX 13 installation menu displays, choose Basic Install and press ENTER. Choose your time zone, create a really secure root password, and have a coffee break. When Scientific Linux 6.7 has been installed, your server will reboot. Accept the Incredible PBX license agreement and press the ENTER key. Go to lunch and, when you return, you should be good to go. When the installation finishes, reboot your server and log in as root to apply the last minute updates for Incredible PBX.

To complete the install, perform the following from the Linux CLI while logged in as root:

  • Change your root password if it’s insecure: passwd
  • Set your Incredible GUI admin password: /root/admin-pw-change
  • Set your web apps admin password: htpasswd /etc/pbx/wwwpasswd admin
  • Set your correct time zone: /root/timezone-setup
  • Add WhiteList entries to firewall if needed: /root/add-ip or /root/add-fqdn
  • Store PortKnocker credentials in a safe place: cat /root/knock.FAQ
  • *** THE REMAINING FEATURES ARE OPTIONAL ADDITIONS ***
  • Login to your NeoRouter VPN server: /root/nrclientcmd
  • To enable free faxing: /root/incrediblefax11.sh
  • Set admin password for AvantFax: /root/avantfax-pw-change
  • To enable PPTP VPN: /root/pptp-install
  • To enable Google Voice OAUTH authentication: http://nerd.bz/1JaO4ij (1b.)
  • To remove GPL Module Signature Checking in GUI: http://nerd.bz/1fpwZJL
  • To install FCC RoboCall BlackList: http://nerdvittles.com/?p=15412
  • To upgrade Asterisk to current release3: /root/upgrade-asterisk-to-current
  • To upgrade all FreePBX GPL Modules: /var/lib/asterisk/bin/module_admin upgradeall && amportal a r

Managing Your Server with Incredible PBX Web-Based Tools

Most of your time initially configuring and managing your server will be spent using the web-based tools provided with Incredible PBX. Using any modern browser, go to the IP address of your server as shown in the status display above. This will bring up the Kennonsoft GUI that provides access to all of the web-based applications. Toggle between User and Admin apps by clicking on the blue tab in the lower left section of the display. This GUI also displays the latest security alerts and bug fixes from the PIAF RSS Feed. We recommend you check it at least once a week.

The other GUI to configure the FreePBX® GPL modules is accessed from the Admin menu in the Kennonsoft menus. Choose Incredible GUI Administration. The default username is admin and the password is what you set during the final installation steps above. Once the Incredible PBX GUI appears, edit extension 701 so you can figure out (or change) the randomized passwords that were set up for your 701 extension and voicemail account: Applications -> Extensions -> 701. If you’re behind a hardware-based firewall, verify the NAT setting is set to YES.

Setting Up a Soft Phone to Use with Incredible PBX

Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:


DEMO - Allison's IVR Demo
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History

Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to set up a free Google Voice account. Google has threatened to shut this down but as this is written, it still works. Upgrading your server for OAUTH authentication is covered here. Start at step #1b. The safer long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to set up your Google Voice trunk in the GUI. After logging in with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!

IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.

Troubleshooting Audio and DTMF Problems

You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in the GUI: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

A Few Words about the Incredible PBX Security Model for SL 6.7

Incredible PBX for Scientific Linux joins our previous builds as our most secure turnkey PBX implementation. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. The latest release also includes Port Knocker for simple, secure access from any remote computer or smartphone. You can get up to speed on how the technology works by reading the Nerd Vittles tutorial. Your Port Knocker credentials are stored in /root/knock.FAQ together with activation instructions for your server and mobile devices. The NeoRouter VPN client also is included for rock-solid, secure connectivity to remote users. Read our previous tutorial for setup instructions. As configured, nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. You can whitelist additional IP addresses by running the command-line utility /root/add-ip. You can remove whitelisted IP addresses by running /root/del-acct. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking. We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. And it’s your phone bill. 😉

The IPtables firewall is a complex piece of software. If you need assistance with configuring it, visit the PIAF Forum for some friendly assistance.

Incredible Backup and Restore

We’re pleased to introduce our latest backup and restore utilities for Incredible PBX. Running /root/incrediblebackup will create a backup image of your server in /tmp. This backup image then can be copied to any other medium desired for storage. To restore it to another Incredible PBX server, simply copy the image to a server running Asterisk 13 and the same version of the Incredible PBX GUI. Then run /root/incrediblerestore. Doesn’t get much simpler than that.

Incredible PBX Automatic Update Utility

Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along. We originally had planned to make our fortune off update fees, but we changed our mind. So… contrary to the language in some of our builds, contributions to our projects are PURELY VOLUNTARY. You’ll get every update as it’s released whether you financially support our projects or not. Why haven’t we fixed the language? Good question. The short answer is it’s buried deep in the GUI image that would have to be regenerated from scratch. We’ll get to it one of these days. In the meantime, sleep soundly. No one will be breaking down your door for a donation.

We also encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie.

Incredible PBX Application Users Guide

Your next stop ought to be learning about the three dozen applications included in Incredible PBX. We’ve put together this tutorial to get you started. Enjoy!

Originally published: Sunday, November 22, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…

  1. Sangoma and the Schmoozers: What a great name for a band! Maybe that’s fitting since they’ve chosen to treat their ISO almost like a music CD. []
  2. If you’re wondering what packages are installed with Scientific Linux 6.7, come back next week and download the entire Incredible PBX ISO build environment. All of the packages installed on your server are included in the build platform itself. Feel free to add to them or change them to your heart’s content. We don’t have a million dollar staff. That’s why we depend upon folks like you to offer suggestions and enhancements. In short, we treat Incredible PBX like a real open source project. Come join the fun! []
  3. This is unnecessary when you first install Incredible PBX because it automatically installs the latest version of Asterisk 13. []

The FUD Factor: Why Does the Asterisk Community Shoot Itself in the Foot?



2015 has been quite the year for the Asterisk® VoIP community. First came the surprise announcement that Sangoma® had acquired FreePBX®. Next, Digium® caved on Asterisk-GUI and adopted FreePBX as their “free” distribution giving Sangoma a virtual monopoly in the Asterisk graphical user interface and aggregation market. And then the fireworks began. There were only two open source and GPL-compliant Asterisk aggregations left: Elastix® and PBX in a Flash™.

We had been on a downhill slide with the Schmoozers for quite a while after their “commercial tech support” for PBX in a Flash morphed into a sales pitch to switch users to the FreePBX Distro. What they left out of the narrative was the fact that the FreePBX Distro is neither open source nor a GPL product. Not only is it laced with NagWare and CrippleWare, but you are prohibited from redistributing or reusing the code. While it’s copyrighted and trademarked up the ying yang, it’s also full of “trade secrets” and GPL code obtained for free from the open source community. So much for the GPL. The Free Software Foundation has long since lost its appetite for lawsuits. Digium has kept a low profile through all of this. That’s probably because they’re now 100% dependent upon FreePBX, an integral component in their morphed AsteriskNOW® product.

If you’ve been involved in the technology business, you already know that the marketing strategy for many companies is full of examples of the traditional Good Cop/Bad Cop routine: beat you up with the bad guy and then let the good guy swoop in to close the deal. With free software, there’s another hurdle. You’ve first got to persuade customers that they really don’t want something for nothing. They’ll be much better off paying for everything: software, add-ons, updates/upgrades, and support. Remember the old adage: “Nobody ever got fired for choosing IBM®.” Same song, different verse!

In the Asterisk VoIP community, there’s been another secret ingredient: fear, uncertainty, and doubt. Yes, good old FUD. This strategy relies upon confusing everybody to the point that they throw up their hands and stop believing anything anybody says. Then the good guy swoops in to close the commercial deal for the “safe company.” Classic IBM!

With a legal background, we’d be the first to admit that the FUD strategy is difficult to deal with. You’re trying to explain fairly complex technical material in a logical way and all of a sudden you’re bombarded with completely off-the-wall comments that have no basis in fact. If you love Fox News, you’re accustomed to this already. Never mind the images on the screen don’t match the story that’s being told. The point is to make things look worse than they are so that the blonde bombshell can swoop in and say literally anything… and you’ll believe it.

If you watched Tag Team Wrestling as a kid, you’ll appreciate this sales strategy. Here we use one of our employees to publish a position on social media such as Twitter or one of the forums. Then other employees chime in with how brilliant the first employee’s idea really was. Better yet, get a handful of anonymous resellers to join in. This is especially effective when the general public has no clue that these folks are affiliated with the company and its marketing strategy.

If all else fails, bring on the personal attacks. Anyone that doesn’t agree with your position is labeled a troll and the piling on begins from other employees and resellers. Of course, there are always a few that stay above the fray urging everyone to “just get along” for the sake of the Asterisk “community.” Classic Rodney King.

In the meantime, we’re watching an already fractured VoIP market that seems headed for oblivion. Have you watched how your kids communicate lately? Do you really think they’re going to be relying on PBXs ten or fifteen years down the road when all of their smartphone calls and messaging are basically free? Did we mention the other elephants in the room: Skype, Hangouts, and FaceTime? America’s Big 3 already provide free worldwide telecommunications and video conferencing with any smartphone or desktop computer. And TV support is becoming commonplace. So… Party On, FUD Masters.

Let’s look at a few examples of how this has played out. The best example is security. No sane IT guy would ever run a VoIP server fully exposed to the Internet without several layers of security including either a hardware or software-based firewall. That’s Networking 101. Yet there was a group of folks in the Asterisk community that, over the course of 10 years, never mentioned firewalls at all… until a few months ago. Guess who? And guess who’s server platform consistently got hacked? The response: FUD, and lots of it. When users began reporting totally compromised servers, “the team” response was disbelief and, of course, a post documenting a vulnerability in PBX in a Flash. The difference? The PBX in a Flash vulnerability still required administrator permission and an admin password for access. But, hey, it was a vulnerability and all vulnerabilities are alike, right? Wrong. Pure FUD but the equal billing of both vulnerabilities on their forum for months presumably achieved the goal of demonstrating that all software has “issues” from time to time.


And then there was the FreePBX Firewall, a recent creation that runs within the FreePBX GUI and is accessible within a web browser without root user permissions. There’s only one catch. A vulnerability in the firewall gave the intruder root access to the server without ever obtaining root user credentials. It doesn’t get much more dangerous than that. And, sure enough, while the developer was at AstriCon crowing about his awards and firewall accomplishments, a root exploit was identified less than a week after the product hit the market. The response? We fixed the only known vulnerability. Well, not so fast. The problem with the design is that users were continually locking themselves out of their own servers because they didn’t quite know what they were doing in implementing the new firewall rules. After bad-mouthing PortKnocker as an overly complex magic incantation, the developer couldn’t quite bring himself to go that route to get users back into their servers. After all, firewalls are supposed to be easy. Instead, he chose to disable the firewall entirely during the first 5 minutes after a server was rebooted. Sounds great, right? Wrong again. Almost any DDOS attack has the potential to crash a server and force a reboot. Guess who gets the easy pass to hack your server after the server comes crashing down? You may be wondering how a root vulnerability occurs when FreePBX runs as the asterisk user. Good question. And the answer is you have to load the encrypted SysAdmin module which reportedly gives itself root permissions to servers. In response… FUD and more FUD.


The latest FUD involves the so-called Module Signature Checking mechanism in FreePBX 12. Sangoma claims it was to protect end-users by throwing up glaring error messages whenever you install or use a FreePBX module that wasn’t produced by (you guessed it!) Sangoma. Our take is it was a not-so-subtle attempt to freeze everyone else out of the FreePBX module development market where Sangoma hopes to make a fortune in license fees and renewal contracts. Dream on. The downside is that, with the exception of a single module to support Digium® phones, there hasn’t been a non-Sangoma module for FreePBX produced in years! The FUD hit the fan when we published (OPTIONAL) code to let administrators remove the module signature checking mechanism if they chose to do so. This meant FreePBX 12 GPL modules worked exactly like those in every previous version of FreePBX. Suddenly, lack of module signatures became a security issue… except in earlier FreePBX releases, of course. What’s particularly disingenuous about this latest FUD attack is that FreePBX 2.11 and prior releases are still in active use. None of those releases even had the option to enable module signature checking whether an administrator wanted it or not. And, of course, all Incredible PBX builds include a preconfigured firewall that blocks all of the bad guys from even seeing your server much less attacking it. But suddenly our giving the administrator the option to use module signature checking has become a critical “security issue” that will cause users to “get hacked and lose money.” That’s the Sangoma FUD mentality we’re dealing with folks.

Finally, let’s talk about hardware. Sangoma loves hardware. It is or, more accurately, was their bread and butter. First, they touted their Session Border Controller as the only way to protect an Asterisk server. For the FUD scorecard on SBCs, read our SBC article. And then there are the Asterisk appliances, preconfigured FreePBX Distro boxes running on generic (overpriced) computer platforms. In a recent article, we noted that a $200 Intel® NUC could run circles around the entry-level $579 FreePBX Phone System 50. And, for $500, a high performance Intel NUC could actually run a half-dozen or more Asterisk servers. Didn’t take long for a FreePBX cheerleader to crank up the FUD proclaiming that Intel NUC’s won’t boot:


Of course, if Mr. Messano had bothered to read the Nerd Vittles article, he would have learned that it only took about 10 seconds to apply a BIOS tweak that solved the booting problem forever. But, again, the damage was done. Believe it or not, many casual observers derive much of their technical expertise from 140-character tweets. And some will no doubt conclude that there must be a problem with the Intel hardware. Otherwise, why would some stranger suggest such a thing.

The point of all this is to document why those relying upon Asterisk for their bread and butter would do well to start devising a backup plan. Many in the business, medical, and government communities are reluctant to touch Asterisk with a 10-foot pole and now you know why. Over 500,000 people read Nerd Vittles each year. That’s not to suggest that they all agree with everything we suggest. But you can rest assured that they will continue to hear both sides when these hit-and-run attacks occur. As a CEO in the Asterisk “community,” we’d be asking whether this approach is really worth the cost to the shareholders? While the derisive comments of some employees may play well to backslapping coworkers, the long-term consequence of alienating actual decision-makers reading this misleading FUD will be to drive serious customers to other platforms permanently. “Where there’s smoke, there’s probably fire” goes the old saying. And, while Asterisk 13 has proven itself to be a good platform for a business phone system, the end-user alienation and disingenuous FUD ultimately are going to have repercussions for businesses that have chosen to earn a living using Asterisk. As an Asterisk evangelist and a shareholder of Sangoma, we view these developments as unfortunate because the wounds are mostly self-inflicted.

For the rest of the story…

Originally published: Wednesday, November 18, 2015



Need help with Asterisk? Come join the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…