Posts tagged: asterisk

Another Ride on the Wild Side: Introducing Incredible PBX for CentOS 7

If you’re not one to turn down a new challenge and you consider yourself an open source purist, then this Bud’s for you. Last month we introduced the latest and greatest Ubuntu 14 offering with Incredible PBX. And today it’s RedHat’s turn with the brand new CentOS 7. Be forewarned that CentOS 7 is a very different Linux animal than CentOS 6.5, and it’s just two weeks old. RHEL 7 is only six weeks old. There are more than a few potholes in RedHat’s latest pathway to heaven. This results in a number of direct consequences in any Asterisk® and FreePBX® communications server which depends upon CentOS 7 under the covers. For openers, anything proprietary probably won’t work for a while. That includes Digium phones and Schmooze Com’s commercial modules for FreePBX. In addition, FreePBX 2.11 and 12 were designed using PHP 5.3. CentOS 6.5 is distributed with PHP 5.4. Ubuntu 14 and Fedora 20 have PHP 5.5. There are some incompatibilities between all three versions, and many of us still are sorting out what impact those incompatibilities will have on the overall reliability of the FreePBX platform and some of the Incredible PBX applications. You can help by testing this new build in a non-production environment. 95% of the feature set available in the CentOS 6.5 platform still works fine. But finding the gotcha’s is going to take some time… and some pioneers. So… roll up your sleeves and lend us a hand!

Incredible PBX™ for CentOS 7 is an independent aggregation that does not rely upon PBX in a Flash™ for its roots. Because of the nature of the CentOS 7 platform, it was built from the ground up. PBX in a Flash will follow once the stability of the CentOS 7 platform has been demonstrated. The Incredible PBX installer is pure GPL2 open source code so you are more than welcome (encouraged!) to examine it, improve upon it, and share your discoveries with all of us.

Incredible PBX for CentOS 7 follows our new install procedure which means it’s up to you to first create a CentOS 7 platform. Then you run the Incredible PBX installer. After 30-60 minutes of whirring, you’ll end up with an awesome (free) state-of-the-art Asterisk-based VoIP server with the very latest version of Asterisk 11 and FreePBX 2.11 as well as dozens of turnkey Incredible PBX applications. So enjoy a nice lunch while the Incredible PBX installer works its magic. No user intervention is required during the installation procedure. All text-to-speech (TTS) applications work out of the box. You can add Google’s Speech Recognition to many Incredible PBX applications by following our 5-minute tutorial.

Installing a Base CentOS 7 Operating System

Let’s begin by installing CentOS 7 on your favorite hardware or Desktop. Or you may prefer to use a Cloud provider1 that already offers a preconfigured CentOS 7 image. In the latter case, you can skip this section.

For those using a dedicated hardware platform or wishing to install CentOS 7 as a virtual machine, the drill is the same. Start by downloading the CentOS 7 ISO. We recommend the Everything ISO at the moment since there currently is no minimal install ISO. Minimal ISO is available NOW! Burn the whopping 6.6GB ISO to a DVD unless you’ll be booting from the ISO on a virtual machine platform such as VirtualBox. On virtual platforms, we recommend at least 1GB RAM and a 20GB dedicated drive. For VirtualBox, here are the settings:

Type: Linux
Version: RedHat 64-bit
RAM: 1024MB
Default Drive Options with 20GB+ space
Create
Settings->System: Enable IO APIC and Disable HW Clock (leave rest alone)
Settings->Audio: Enable
Settings->Network: Enable, Bridged
Settings->Storage: Far right CD icon (choose your ISO)
Start

Boot your server with the ISO, and start the CentOS 7 install. Here are the simplest installation steps:

Choose Language and Click Continue
Click: Install Destination (do not change anything!)
Click: Done
Click: Network & Hostname
Click: ON
Click: Done
Click: Begin Installation
Click: Root Password: password, password, Click Done twice
Wait for Minimal Software Install and Setup to finish
Click: Reboot

Configuring CentOS 7 for Incredible PBX Installation

Now log into your server as root and issue the following commands to put the basic pieces in place and to reconfigure your Ethernet port as eth0. Make a note of your IP address so you can log in with SSH.

setenforce 0
yum -y upgrade
yum -y install net-tools nano wget
ifconfig # figure out your server IP address here
sed -i 's|quiet|quiet net.ifnames=0 biosdevdame=0|' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot

If you’re on a virtual machine platform, now would be a good time to make an export or backup of your CentOS 7 image. The minimal install is about 500MB instead of 6.6GB. Don’t forget to first remove your hardware address (HWADDR) and network UUID from /etc/sysconfig/network-scripts/ifcfg-enp0s3 or whatever file name was assigned to your hardware. The saved image will be bootable with DHCP network support anywhere down the road.

NEWS FLASH: For those wanting to test things out using VirtualBox, a Scientific Linux 7 Minimal Install image (401MB) is now available on SourceForge. It gets you to right here in the install process.


Installing Incredible PBX for CentOS 7

Adding Incredible PBX to a running CentOS 7 server is a walk in the park. To restate the obvious, your server needs a reliable Internet connection to proceed. Using SSH (or Putty on a Windows machine), log into your new server as root at the IP address you deciphered in the ifconfig step at the end of the CentOS 7 installation procedure above.

Now you’re ready to kick off the Incredible PBX install. Just issue the following commands:

cd /root
wget http://incrediblepbx.com/incrediblepbx11.4.centos7.tar.gz
tar zxvf incredible*
./IncrediblePBX11.sh

Once you have agreed to the license agreement and terms of use, press Enter and go have a long cup of coffee. The Incredible PBX installer runs unattended so find something to do for the next 30-60 minutes unless you just like watching code compile. When you see “Have a nice day”, your installation is complete.

IMPORTANT: Write down your admin password! Change it by issuing the following command:

mysql -u root -ppassw0rd -e "update asterisk.ampusers set password_sha1 = '`echo -n $adminpw | sha1sum`' where username = 'admin' limit 1;"

Log out and back into your server as root and you should be greeted by something like this:

1. Access the Asterisk CLI by typing: asterisk -rvvvvvvvvvv

2. Set Your Correct Time Zone by typing: /root/timezone-setup

3. Change ALL of Your Passwords by typing: /root/update-passwords

You can access the FreePBX GUI using your favorite web browser to configure your server. Just enter the IP address shown in the status display. The default username is admin and the password is what you wrote down or reset when the install completed. Now edit extension 701 so you can figure out (or change) the randomized passwords that were set up for your 701 extension and voicemail account: Applications -> Extensions -> 701. If you’re behind a hardware-based firewall, change the NAT setting to: YES.

Setting Up a Soft Phone to Use with Incredible PBX

Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:


947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History

Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to set up a free Google Voice account. Google has threatened to shut this down but as this is written, it still works. The more desirable long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax 11, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using FreePBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX 11. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to set up your Google Voice trunk in FreePBX. After logging into FreePBX with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!

IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems.

Troubleshooting Audio and DTMF Problems

You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in FreePBX: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

A Few Words about the Incredible PBX Security Model for CentOS 7

Incredible PBX for CentOS 7 joins last month’s Ubuntu 14 build as our most secure turnkey PBX implementation, ever. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. The latest release also includes Port Knocker for simple, secure access from any remote computer or smartphone. You can get up to speed on how the technology works by reading the Nerd Vittles tutorial. Your Port Knocker credentials are stored in /root/knock.FAQ together with activation instructions for your server and mobile devices. The NeoRouter VPN client also is included for rock-solid, secure connectivity to remote users. Read our previous tutorial for setup instructions. As configured, nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. You can whitelist additional IP addresses by running the command-line utility /root/add-ip. You can remove whitelisted IP addresses by running /root/del-acct. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking. We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. And it’s your phone bill. :wink:

The IPtables firewall is a complex piece of software. If you need assistance with configuring it, visit the PIAF Forum for some friendly assistance.

Incredible PBX Automatic Update Utility

Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along.

In the meantime, we encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie.

Incredible PBX: Pick Your Poison

We fully appreciate that Bleeding Edge technology isn’t right for everyone. Fortunately, with Incredible PBX, you have lots of options, and they’re all free. Come join the party and see what you’ve been missing.


Originally published: Monday, July 20, 2014


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. Some of our links refer users to Amazon or other service providers when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from these providers to help cover the costs of our blog. We never recommend particular products solely to generate commissions. However, when pricing is comparable or availability is favorable, we support these providers because they support us. []

The Poor Wise Man’s Burglar Alarm System with Asterisk: Under $10/month

If you’re like us, spending $50 a month or more on a home security system is a bit like pouring money down the toilet. Add to that the complications of getting one to work reliably with VoIP without spending another $50 a month on a Ma Bell vintage telephone line just adds insult to injury.

So perhaps you can share our elation when an email arrived last week announcing Straight Talk’s new Remote Alert System, a $10/month cellular-based system that uses Verizon Wireless to provide SMS and phone call alerts for up to eight numbers. And actually it’s cheaper than that. $100 buys you a year of service. That’s less than $8.50 a month. Today we’ll show you how to transform your Prius-like Remote Alert System into a Tesla that will rival virtually any intrusion detection system on the market… at any price! The extra hardware required: any Asterisk-based server including the Raspberry Pi and BeagleBone Black.

Read and weep, ADT!

If we didn’t already have three Straight Talk lines of service, we would have filed this in the Too Good To Be True pile and moved on. But we’ve had terrific Almost-Unlimited™ AT&T Wireless service with Straight Talk for less than $500 a year. It’s not only indistinguishable from AT&T’s own offerings costing at least 50% more, but it’s also contract-free so we can bring any AT&T smartphone including iPhones to the party and never miss a beat.

We decided to take the bait and ordered the home security bundle. This gets you the Remote Alert wireless controller plus a wireless motion sensor plus a year of service for $229.99. If you prefer a one-month gamble, the bundle is only $139.99. Down the road, you can add additional motion sensors and window/door sensors for about $30 each. The add-ons now are available at Wal-Mart.

Shameless Plug. We obviously don’t charge for access to our articles. But you can assist the Nerd Vittles project financially by using our referral link with eBates® to make your purchase if you decide to try this. It doesn’t cost you a dime but returns 13.5% of your purchase price to the Nerd Vittles project. It’s just a couple of clicks. Start here to access eBates. Then Search for Straight Talk and click on the link. After the Straight Talk web site displays, click on the following link to access the Straight Talk Security Bundle. And, THANK YOU!

So… back to our story. The controller supports four zones for monitoring. Zone 4 is reserved for sensors you want to monitor while someone may still be moving around in the house, for example while only some of your family may be sleeping or if pets are roaming. The other three zones typically would be used for motion sensors that trigger alerts when anything moves… after giving you 30 seconds to leave and return, of course. You can activate Home or Away monitoring using either the controller, an optional $25 key fob, or a free app for your iPhone or Android smartphone.

You get to decide what happens when the system is armed and an alert is triggered either by motion or a monitored door or window being opened. For us, silence was the name of the game. Using the Android Remote Alert System, click the Silent ARM icon once you leave the house, and you’re done. When you return, click the Disarm icon within 30 seconds of opening the door, and monitoring is disabled. You can also enter your 4-digit alarm code on the controller to disable monitoring.

Remote Alert System Setup. Once you get the equipment, it’s a 5-minute phone call to get set up. Install the backup batteries in the controller and motion detector, and plug the controller into an A/C power source. Press the required sequence on the controller to activate it, and you’re in business. The motion detector is already paired with the controller when it arrives, but adding new sensors is a 15-second task. All of the commands are documented in the manual which accompanies the system. But the tutorials also are available on line if you want to have a look.

Step #1 is changing your security alarm password. The next step is entering your phone numbers. Straight Talk goes to great lengths warning you that this is not a home security system because it has no external siren and can’t make 911 calls. They obviously haven’t heard of Asterisk®. :-) But let’s get through the standard setup before we talk about Asterisk integration. You get to set up three numbers to receive SMS text messages when an alarm is triggered. And you get to set up five phone numbers to receive calls when an alarm is triggered. What the called party will actually hear is an obnoxious alarm tone which continues to play for 15 seconds. If you had multiple properties with alarm systems and no Caller ID, you’d never know the source of the alarm! But people with multiple properties probably aren’t smart enough to use this system to begin with so let’s move on. You configure the SMS and phone numbers by entering a special code on the controller to program each of the eight destinations. Then you enter the 10-digit number twice, and you’re done. Easy Peasy!

If you’re new to home security systems, the key to motion sensors is placement. Straight Talk recommends placement about seven to ten feet off the floor with a wide field of view. The range of the motion sensor is about 26 feet. It obviously depends upon the layout of your house or apartment, but we had much better success placing the motion sensor on a window sill at about 5 feet high and aiming it at the center hall of our home. It improved the motion detection dramatically. Trial and error is your friend!

The next step is positioning your controller. A mounting bracket is included so that you can place it almost anywhere you like. Our preference is to hide it so long as it still has Verizon cellular coverage and a source of electricity. You can test it by arming the controller with your smartphone and then triggering the motion sensor. If you get an SMS message or a call, it’s working. We also prefer silent mode. An intruder is obviously going to attempt to destroy your controller if they hear it. Yes, the intruder may leave, but they’ll probably carry some of the family jewels with them. With an Asterisk server in place, we’d prefer to send the police without alerting the intruder that something has gone wrong.

Asterisk Integration. Speaking of Asterisk, here’s what we’ve developed to add 911 alerts and telephone alarms to this system. It’s a 5-10 minute project! The way this works is to first add a phone number to your controller that calls a dedicated DID on your Asterisk server. Calls to that DID trigger the special context [st-remote-alert] which verifies the CallerID number of your alarm system. As configured, if the CallerID doesn’t match, the call is immediately disconnected although you could easily modify our code to use an existing (non-dedicated) DID if you prefer. Just route the non-matching CallerIDs to whatever context you traditionally use to process inbound calls. If the CallerID of the alarm system is matched, then the call is disconnected AND an outbound call is placed to 911. When the 911 operator answers, a prerecorded message is played at least twice that says something like this using REAL information:

This is an automated security request for assistance from the residence at 36 Elm Street in Podunck, Arkansas. The owner of this residence is Joe Schmo at phone number: 678-123-8888. An intruder has been detected inside the home. A suspected burglary is in progress. All of the residents of the home are unavailable to place this call. Please send the police.

The phone number from which this automated call is being placed is 678-123-4567. If the owners have a working cell phone, you can reach them at the following number: 678-123-9999. Please dispatch the police to 36 Elm Street immediately, whether you can reach the owners or not.
A suspected burglary is in progress. Thank you for your assistance. This message will repeat until you hang up…

You can either use Flite and Igor to play the message, or you can record your own message to be played to 911. Use the FreePBX® Admin -> System Recordings option. We recommend the latter especially since you’ll be sending these emergency calls to 911. You obviously want the 911 operator to be able to quickly decipher what’s being said.

Legal Disclaimer. We cannot stress strongly enough that you need to test this carefully on your own server by placing test calls to some number other than 911 until you are positive that it is working reliably as determined solely by you. Be advised that this system will not work at all in the event of an electrical, Internet, or server outage. As delivered, this code will NOT place calls to 911. The choice of whether to modify the code to place 911 emergency calls is solely yours to make. Be advised that false and inadvertent calls to 911 may result in civil and criminal penalties. DON’T BLAME US!


NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTY OF FITNESS
FOR A PARTICULAR PURPOSE AND MERCHANTABILITY, ARE BEING PROVIDED.

BY PROCEEDING WITH IMPLEMENTATION AND INSTALLATION OF THIS SOFTWARE, YOU AGREE
TO ASSUME ALL RISK AND COMPLETE RESPONSIBILITY FOR ANY AND ALL CONSEQUENCES
OF IMPLEMENTATION WHETHER INTENDED OR NOT AND WHETHER IMPLEMENTED CORRECTLY
OR NOT. YOU ALSO AGREE TO HOLD WARD MUNDY, WARD MUNDY & ASSOCIATES LLC, AND
NERD VITTLES HARMLESS FROM ALL CLAIMS FOR ACTUAL OR CONSEQUENTIAL DAMAGES.
BEFORE IMPLEMENTING AUTOMATED 911 CALLS, CHECK WITH A LOCAL ATTORNEY TO MAKE
CERTAIN THAT SUCH CALLS ARE LEGAL IN YOUR JURISDICTION.

IN THE EVENT THAT ANY OF THESE TERMS AND CONDITIONS ARE RULED UNENFORCEABLE,
YOU AGREE TO ACCEPT $1.00 IN COMPENSATION FOR ANY AND ALL CLAIMS YOU MAY HAVE.

THIS SOFTWARE IS FREE AND YOU AGREE TO ASSUME ALL RISKS WHETHER INTENDED OR NOT.
YOU ALSO ACKNOWLEDGE AND UNDERSTAND THAT THINGS CAN GO WRONG IN TECHNOLOGY.

WE CANNOT AND DO NOT WARRANT THAT THIS CODE IS ERROR-FREE OR THAT IT WILL
PROTECT YOUR PROPERTY, YOUR LOVED ONES, OR ANYONE, OR ANY THING IN ANY WAY.

IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS OF USE, DO NOT PROCEED!

Asterisk Implementation. First, you’ll need a dedicated DID that can be used to receive incoming calls from your Remote Alert System. Hopefully, you won’t be receiving many calls on this number so any of the inexpensive pay-by-the-minute DIDs will suffice. Or you can use a free DID from ipkall.com. The only gotcha with ipkall.com is having to make a call to keep the number active at least once every 30 days. But this could be accomplished with a weekly telephone reminder that only connected for a few seconds. Just don’t make the weekly call using the CallerID of your alarm system. You obviously do not want to trigger a 911 emergency call.

Next, you’ll need an outbound trunk on your Asterisk server that’s previously been registered with E911 support and that already is configured to place outbound 911 calls from your server. Google Voice trunks will not work! Your name, address, and phone number as they were registered with E911 will be important pieces of information to relay in your automated emergency call to 911. You’ll also need a cellphone number that can be provided with your 911 calls so that emergency responders have a way to contact you to follow up on automated emergency calls from your server.

Temporarily, you’ll also need a 10-digit number to which to deliver the automated emergency calls for testing. Your cellphone number would suffice. Once you’re sure everything is working, we’ll show you how to modify the dial plan code to replace this number with 911 when your system goes “live.”

Installation. Once you have all of the required pieces in place, you’re ready to begin the installation. Log into your server as root and issue the following commands to begin:

cd /root
wget http://nerdvittles.com/wp-content/st-remote-alert.tar.gz
tar zxvf st-remote-alert.tar.gz
rm -f st-remote-alert.tar.gz
./st-remote-alert.sh

Once the install is finished, use FreePBX to modify the DID Trunk that will receive the incoming alerts from your Remote Alert System. Change the context entry to: context=st-remote-alert

Test. Test. Test. Testing is critically important before you actually turn on automated calls to 911. Once you’ve installed the software, activate your Remote Alarm System and then trip the motion detector to trigger a call to the dedicated DID on your Asterisk server. There’s typically a 30-second delay between tripping a motion detector and the commencement of the alert calls. Within a minute, you should receive a call on the emergency number you set up for testing. You can follow the progress of the procedure using the Asterisk CLI: asterisk -rvvvvvvvvvv. We recommend testing this repeatedly for at least a month before even considering 911 deployment. Make certain that everyone in your household knows how to disable the alarm system when they return home after arming it. Make certain that everyone in your household knows to never arm the system with motion detectors activated when anyone or any animal inside the house could potentially trip the alarm. At least until everyone is accustomed to these new security procedures and has a proven (successful) track record, NEVER DEPLOY SILENT ARMING OF YOUR REMOTE ALERT SYSTEM! If you change to silent arming of the Remote Alert System, test for at least another full month with no inadvertent failures before considering 911 deployment.

Making Changes. The st-remote-alert.sh installer has been designed to let you run it over and over again to replace or update your settings. So don’t be shy about making changes.

Substituting a Personally Recorded Message. If you’d prefer to record your own message to be delivered to 911, then review the script above and make yourself a cheat sheet before you begin. Then use a browser to open FreePBX. Choose Admin -> System Recordings and enter an extension number on your system to use for recording. Click the Go button to begin. Then dial *77 from that extension and record your message. Press # when you’re finished. Be sure to listen to the recording to make sure it’s what you intended. If not, rerecord the message until you get it right. You can dial *99 to listen to your recording a final time. When you’re sure it’s correct, name the recording nv-alert. Click Save.

Now you need to tell the automated alert dialer to use your recorded message instead of Flite and Igor.
Edit /etc/asterisk/extensions_custom.conf. Search for the line containing “pickrecording”. Change Extension: 4 to Extension: 5. Save the file and reload your dial plan: asterisk -rx "dialplan reload"

Do some additional testing if you have substituted your own recording!

Adding Audible Alarms During Emergencies. If you prefer a little noise sprinkled around your home during burglaries, then we’ve put in place the necessary components to sound alarms on SIP phones that support AutoAnswer after feeding an extension to the speakerphone. For example, assuming you have deployed a Yealink T46G with an IP address of 192.168.0.10 and default admin credentials, you could add this additional line just before the final s,n,Hangup line in the [st-remote-alert] context of /etc/asterisk/extensions_custom.conf:

exten => s,n,System(curl -s -S --user-agent "Alert" http://admin:admin@192.168.0.10/servlet?number=25276)

To add additional Yealink phones, just add additional lines to the dialplan with the IP address of each phone. For other phone models, you’ll need to do a little research. :wink:

Going Live with Automated Emergency Calls to 911. When you and everyone in your household are absolutely comfortable with the arming, disarming, and motion detection procedures, then you can decide whether to reroute the automated notifications to 911. Be advised that, in some states or municipalities, it may be illegal to auto-dial 911 from a non-human caller/system. Before doing this, check with an attorney or local authorities in your jurisdiction to make sure you are in compliance with federal/state/local laws.1 If you elect to proceed, edit extensions_custom.conf in /etc/asterisk. Search for the line containing “SEND-HELP-REQUEST-TO”. Replace the temporary number that you set up with the number: 911. Save the file and reload your dial plan: asterisk -rx "dialplan reload". Sleep well!

Originally published: Monday, July 14, 2014


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. Autodialers that make emergency calls to E911 as part of a burglar alarm system are specifically exempted in some states such as Illinois. This comports with federal law under The Telephone Consumer Protection Act (47 U.S.C. § 227). Emergency robocalls are specifically exempted from the new PSAP Do-Not-Call Registry rules. See also this article about E911 laws in the Northeast. In most cases, but not all, these laws target abuse of the E911 system. Surprisingly, one town that reportedly prohibits ALL autodialing to 911 is Palo Alto, CA. And Paris, Tennessee also has joined the illegal club. Special thanks to @TheMole on the PIAF Forum for his excellent research. []

Knock Three Times: Pain-Free Remote Access to Your Asterisk or Linux Server

No. We’re not going to make you relive the 1970′s with us today although now you can listen to this Number 1 Hit and a million others for free with Amazon’s new Prime Music. No, we don’t get a commission if you sign up for Amazon Prime. Yes, we make millions when you buy something from Amazon using our links. Thank you! What we have for you today is a Number 1 Utility, and it works on virtually any Linux platform. If your fraternity or sorority had a secret knock to gain access, then you already know the basic concept. Port Knocker (aka knockd) from Judd Vinet is a terrific utility that runs as a daemon on your server and does just what you’d expect. It listens for knocks. When it detects three knocks on the correct three ports in the proper sequence and from the same IP address, it opens the IPtables Linux Firewall for remote access from that IP address to your server for a predefined period of time. This would allow you to log into your server with SSH or make SIP phone calls using a softphone registered to your remote Asterisk® server. What makes Port Knocker especially useful is the existence of knocking clients for virtually any smartphone, tablet, or desktop computer. For the Travelin’ Man, it’s another must have utility.

We introduced a turnkey implementation of Port Knocker in Incredible PBX for Ubuntu 14 late last week. If you were a pioneer earlier in the week, go back and install it again to take advantage of Port Knocker. Or better yet, follow along and we’ll show you how to install it on your own RedHat/CentOS or Ubuntu/Debian server in just a couple of minutes.

Prerequisites. We’ve built open source installation scripts for both the RedHat/CentOS platform as well as the Ubuntu/Debian operating systems. These knockd installers assume that you have a fully functional and locked down IPtables firewall with an existing WhiteList of authorized users. We’d recommend Travelin’ Man 3 if you need to deploy this technology and haven’t done so already. Last week’s Incredible PBX for Ubuntu 14 already includes Travelin’ Man 3 whitelisting technology. Read the article for full details.

Today’s knockd installers are fairly generic but, if you’re running a version of CentOS earlier than 6.x or Ubuntu earlier than 14 or Debian.anything, be advised that we haven’t tested these installers on those platforms so you’re on your own. Finally, if your server is sitting behind a hardware-based firewall (as we ALWAYS recommend), then you’ll also need to map three TCP ports from your hardware-based firewall to your server so that legitimate “knocks” can find their way to your server. These ports need not be opened in your IPtables firewall configuration! We’re just knocking, not entering. :-)

Overview. As configured, today’s installation scripts will install and preconfigure knockd to load automatically when you boot up your server. Three random TCP ports will be assigned for your server, and this port sequence is what remote users will need to have in order to gain access. Yes, you can change almost everything. How secure is it? Well, we’re randomizing the 3-port knock sequence using over 3,900 ports so you can do the math to figure out the odds of a bad guy guessing the correct sequence. HINT: 3900 x 3900 x 3900. Keep in mind that these “knocks” must all be received from the same IP address within a 15-second window. So sleep well but treat the port sequence just as if it were a password. It is! Once a successful knock sequence has been received, the default Port Knocker configuration will open all ports on your server for remote access from the knocking IP address for a period of one hour. During this time, “The Knocker” can log in using SSH or make SIP calls using trunks or extensions on the server. Port Knocker does not alleviate the need to have legitimate credentials to log into your server. It merely opens the door so that you can use them. At the bewitching (end of the) hour, all ports will be closed for this IP address unless “The Knocker” adds a whitelist entry for the IP address to IPtables during the open period. Yes, all of this can be modified to meet your individual requirements. For example, the setup could limit the range of ports available to “The Knocker.” Or the setup could leave the ports open indefinitely until another series of knocks were received telling knockd to close the IPtables connection. Or perhaps you would want to leave the ports open for a full day or a week instead of an hour. We’ll show you how to modify all of the settings.

Server Installation. To get started, log into your server as root and download and run the appropriate installer for your operating system platform.

For RedHat/Fedora/CentOS/ScientificLinux servers, issue the following commands:

cd /root
wget http://nerdvittles.com/wp-content/knock-R.tar.gz
tar zxvf knock*
rm knock-R.tar.gz
./knock*

For Ubuntu/Debian servers, issue the following commands:

cd /root
wget http://nerdvittles.com/wp-content/knock-U.tar.gz
tar zxvf knock*
rm knock-U.tar.gz
./knock*

For ARM-based servers, issue the following commands:

cd /root
wget http://nerdvittles.com/wp-content/knock-ARM.tar.gz
tar zxvf knock*
rm knock-ARM.tar.gz
./knock*

Server Navigation Guide. On both the RedHat/CentOS/Fedora and Ubuntu/Debian platforms, the knockd configuration is managed in /etc/knockd.conf. Before making changes, always shutdown knockd. Then make your changes. Then restart knockd. On RedHat systems, use service knockd stop and start. On Ubuntu, use /etc/init.d/knockd stop and start. By default, knockd monitors activity on eth0. If your setup is different, on Ubuntu, you’ll need to change the port in /etc/default/knockd: KNOCKD_OPTS="-i wlan0". On RedHat, the config file to modify is /etc/sysconfig/knockd.

In /etc/knockd.conf, create an additional context to either start or stop an activity. It can also be used do both as shown in the example code above. More examples here. There’s no reason these activities have to be limited to opening and closing the IPtables firewall ports. You could also use a knock sequence to turn on home lighting or a sprinkler system with the proper software on your server.

To change the knock ports, edit sequence. Both tcp and udp ports are supported. seq_timeout is the number of seconds knockd waits for the complete knock sequence before discarding what it’s already received. We’ve had better luck on more servers setting tcpflags=syn. start_command is the command to be executed when the sequence matches. cmd_timeout and stop_command tell knockd what to do after a certain number of seconds have elapsed since the start_command was initiated. If you’re only starting or stopping some activity (rather than both), use command instead of start_command and stop_command to specify the activity.

IPtables 101. The default setup gives complete server access to anyone that gets the knock right. That doesn’t mean they get in. In the PIAF World, it means they get rights equivalent to what someone else on your LAN would have, i.e. they can attempt to log in or they can use a browser to access FreePBX® provided they know the server’s root or FreePBX credentials.

If you would prefer to limit access to a single port or just a few ports, you can modify command or start_command and stop_command. Here are a few examples to get you started.

To open SSH access (TCP port 22):

/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

To close SSH access (TCP port 22):

/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

To open a range of SIP ports (UDP 5060 to 5069):

/sbin/iptables -A INPUT -s %IP% -p udp --dport 5060:5069 -j ACCEPT

To close a range of SIP ports (UDP 5060 to 5069):

/sbin/iptables -D INPUT -s %IP% -p udp --dport 5060:5069 -j ACCEPT

Here’s a gotcha to be aware of. If you’re using the Travelin’ Man 3 WhiteList setup on your server, be especially careful in crafting your IPtables rules so that you don’t accidentally remove an existing Travelin’ Man 3 rule in closing some port with knockd. You will note that the syntax of the knockd commands is intentionally a bit different than what you will find in your Travelin’ Man 3 setup. This avoids clobbering something accidentally.

Monitoring Activity. Here are the two best tools to monitor knockd activity to make certain your setup is performing as expected. The knockd log (/var/log/knockd.log) will tell you when a knocking attempt has occurred and whether it was successful:
[2014-07-06 14:44] starting up, listening on eth0
[2014-07-06 15:29] 79.299.148.11: opencloseSSH: Stage 1
[2014-07-06 15:29] 79.299.148.11: opencloseSSH: Stage 2
[2014-07-06 15:29] 79.299.148.11: opencloseSSH: Stage 3
[2014-07-06 15:29] 79.299.148.11: opencloseSSH: OPEN SESAME
[2014-07-06 15:29] opencloseSSH: running command: /sbin/iptables -A INPUT -s 79.299.148.11 -p tcp --dport 22 -j ACCEPT

Next, verify that the IPtables command did what it was supposed to do. iptables -nL will tell you whether port 22 access was, in fact, enabled for 79.299.148.11. The entry will appear just above the closing Chain entries in the listing:

ACCEPT     tcp  --  79.299.148.11         0.0.0.0/0           tcp dpt:22

Two things typically can go wrong. Either the knock from a client computer or cellphone wasn’t successful (knockd.log will tell you that) or IPtables didn’t open the port(s) requested in your knockd command (the iptables -nL query will show you that). In the latter case, it’s usually a syntax error in your knockd command.

Port Knocker Clients. The idea behind Port Knocker is to make remote access easy both for system administrators and end-users. From the end-user perspective, the simplest way to do that is to load an app on the end-user’s smartphone so that even a monkey could push a button to gain remote access to a server. If the end-user’s cellphone has WiFi connectivity sitting behind a firewall in a hotel somewhere, then executing a port knock from the smartphone should open up connectivity for any other devices in the hotel room including any notebook computers and tablets. All the devices typically will have the same public IP address, and this is the IP address that will be enabled with a successful knock from the smartphone.

Gotta love Apple’s search engine. Google, they’re not…

There actually are numerous port knocking clients for both Android and iOS devices. Here are two that we’ve tested that work: PortKnock for the iPhone and iPad is 99¢ and PortKnocker for Android is free. Some clients work better than others, and some don’t work at all or work only once. DroidKnocker always worked great the first time. Then it wouldn’t work again until the smartphone was restarted. KnockOnD for the iPhone, which is free, worked fine with our office-based server but wouldn’t work at all with a cloud-based server at RentPBX. With all the clients, we had better results particularly with cloud-based servers by changing the time between knocks to 200 milliseconds. How and when the three knocks are sent seems to matter! Of all the clients on all the platforms, PortKnocker was the least temperamental and offered the most consistent results. And you can’t beat the price. A typical setup is to specify the address of the server and the 3 ports to be knocked. Make sure you have set the correct UDP/TCP option for each of the three knocks (the default setup uses 3 TCP ports), and make sure the IP address or FQDN for your server is correct.

Another alternative is to use nmap to send the knocks from a remote computer. The knock.FAQ file in your server’s /root directory will tell you the proper commands to send to successfully execute a connection with your server’s default Port Knocker setup. Enjoy!

Originally published: Monday, July 7, 2014


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Meet Ubuntu: An Exciting New Frontier for Asterisk and the VoIP Community

Flash back to your preschool days for a moment. Remember how excited you were when you first learned to ride a bike? And you may also recall the neighborhood bullies whizzing by to remind you that they’d been riding bigger and better bikes for years. Imagine our surprise when we got to relive that scenario last week because of our enthusiasm in attempting to bring Ubuntu and text-to-speech VoIP applications to an entirely new audience of Asterisk pioneers. A few folks apparently were miffed because they had discovered Ubuntu first and their double-top-secret sandbox was being invaded by the new kid on the block. Who would have thought Cinderella could stir such emotions? Of course, all of the condescending tweets have long since disappeared. Perhaps, in a moment of reflection, The Ubuntu Club remembered that collaboration in the open source community is what it’s all about. We hope so.


Usually by the time you celebrate your sixth birthday you’ve learned that there will always be somebody eager to jump at the opportunity to put you down for doing something they never thought of. That attitude motivated many of us to learn how to do new things like riding a bike on one wheel. So thank you for that.

Introducing Incredible PBX for Ubuntu 14

Let’s begin our Ubuntu adventure today on that positive note. The plan is to build an Incredible PBX server with Ubuntu 14 that mimics the functionality of our previous builds with literally dozens of turnkey applications that show off the very best features of Asterisk. The Wish List for today’s project is shown in the tweet above. You can count on one hand the number of these that were functioning a week ago. Now they all work seamlessly. So hang on to your handlebars!

Two weeks ago, we could barely spell Ubuntu. Then an enterprising young programmer named Eric Teeter shot us a script to install Ubuntu with Asterisk® and FreePBX® and encouraged us to embellish it and to share the results with our Nerd Vittles audience. Having rarely met an operating system we didn’t like, we jumped at the opportunity knowing full well that Billy Chia at Digium and Tony Lewis at Schmooze Com had reported impressive results with Ubuntu years ago. It seemed like a good fit for Incredible PBX as well. Unlike CentOS, Ubuntu also was a platform that was easily transferable to the new $50 BeagleBone Black. We’ll take a second look at that platform later this summer. A word of caution before we begin. Like Fedora 20, Ubuntu 14 includes PHP 5.5 which still has a few incompatibilities with prior releases. The one that bit us in the butt was the previous ability to begin a PHP script with <?, but not any more. The only legal syntax now is <?php. Go figure. Suffice it to say, FreePBX 2.11 was written for PHP 5.3 so keep your eyes open and report any glitches you discover so that they can be addressed. In the meantime, these two commands will clean up all of the old AGI scripts you might have lying around.

For the short term, there were other issues. First, Debian and Ubuntu don’t use RPMs or yum, the two tools that are the lynchpin of PBX in a Flash installers and all of the other popular Asterisk aggregations. That meant learning an entirely new way of managing applications. Fortunately, we’d already crossed that bridge with the Raspberry Pi. Second, there was Eric’s methodology. He opted for package installs while we prefer building Asterisk from source because of the added flexibility. And finally, we discovered text-to-speech (TTS) applications such as Flite and GoogleTTS didn’t work at all on the Ubuntu platform. Since dozens of Incredible PBX applications depend upon TTS, there was no reason to proceed if we couldn’t get the TTS piece working with Asterisk. There are hundreds of Asterisk implementations out there. Our niche is full-featured applications that rival the commercial phone systems. Without TTS, we weren’t much interested in YAAB (Yet Another Asterisk Build).

A quick email to our friend, Lefteris Zafiris, was all it took. Within minutes from the other side of the world, Lefteris had logged into our Ubuntu Server in the Cloud and tamed the TTS beast. If ever there was an unsung hero in the Asterisk community, it’s Lefteris Zafiris. He has single-handedly kept all of the speech applications humming along through countless versions of Asterisk. We would have quit long ago without his untiring assistance. Thank you (again), Lefteris, for coming to the rescue.

Building an Ubuntu 14 Platform for Incredible PBX

As a result of the trademark and copyright morass, we’ve steered away from the bundled operating system in favor of a methodology that relies upon you to put in place the operating system platform on which to run PBX in a Flash or Incredible PBX. The good news is it’s easy! With many cloud-based providers1, you can simply click a button to choose your favorite OS flavor and within minutes, you’re ready to go. With many virtual machine platforms such as VirtualBox, it’s equally simple to find a pre-built Ubuntu 14 image or roll your own. For today, we’ll walk you through building your own stand-alone server using the Ubuntu 14.04 mini.iso. To get started, download the 32-bit or 64-bit Ubuntu 14.04 “Trusty Tahr” Minimal ISO from here. Then burn it to a CD/DVD or thumb drive and boot your dedicated server from the image. Remember, you’ll be reformatting the drive in your server so pick a machine you don’t need for other purposes.

For those that would prefer to build your Ubuntu 14 Wonder Machine using VirtualBox on any Windows, Mac, or existing Linux Desktop, here are the simple steps. Create a new virtual machine specifying either the 32-bit or 64-bit version of Ubuntu. Allocate 1024MB of RAM (512MB also works fine!) and at least 20GB of disk space using the default hard drive setup in all three steps. In Settings, click System and check Enable I/O APIC and uncheck Hardware Clock in UTC Time. Click Audio and Specify then Enable your sound card. Click Network and Enable Network Adapter for Adapter 1 and choose Bridged Adapter. Finally, in Storage, add the Ubuntu 14 mini.iso to your VirtualBox Storage Tree as shown below. Then click OK and start up your new virtual machine. Simple!

Here are the steps to get Ubuntu 14 humming on your new server or virtual machine once you’ve booted up. If you can bake cookies from a recipe, you can do this:

UBUNTU mini.iso install:
Choose language
Choose timezone
Detect keyboard
Hostname: incrediblepbx < continue >
Choose mirror for downloads
Confirm archive mirror
Leave proxy blank unless you need it
< continue >
** couple minutes of whirring as initial components are loaded **
New user name: incredible
< continue >
Account username: incredible
< continue >
Account password: makeitsecure
< continue >
Encrypt home directory < no >
Confirm time zone < yes >
Partition disks: Guided - use entire disk and set up LVM
Confirm disk to partition
Write changes to disks and configure LVM
Whole volume? < continue>
Write changes to disks < yes> < -- last chance to preserve your disk drive!
** about 15 minutes of whirring during base system install ** < no touchy anything>
** another 5 minutes of whirring during base software install ** < no touchy anything>
Upgrades? Install security updates automatically
** another 5 minutes of whirring during more software installs ** < no touchy anything>
Software selection: *Basic Ubuntu server (only!)
** another couple minutes of whirring during software installs ** < no touchy anything>
Grub boot loader: < yes>
UTC for system clock: < no>
Installation complete: < continue> after removing installation media
** on VirtualBox, PowerOff after reboot and remove [-] mini.iso from Storage Tree & restart VM
login as user: incredible
** enter user incredible's password **
sudo passwd
** enter incredible password again and then create secure root user password **
su root
** enter root password **
apt-get update
apt-get upgrade -y
apt-get install ssh -y
sed -i 's|without-password|yes|' /etc/ssh/sshd_config
sed -i 's|yes"|without-password"|' /etc/ssh/sshd_config
ifconfig
** write down the IP address of your server from ifconfig results
reboot
** login via SSH to continue **

Installing Incredible PBX on Your Ubuntu 14 Server

Adding Incredible PBX to a running Ubuntu 14 server is a walk in the park. To restate the obvious, your server needs a reliable Internet connection to proceed. Using SSH (or Putty on a Windows machine), log into your new server as root at the IP address you deciphered in the ifconfig step at the end of the Ubuntu install procedure above. First, make sure to run the update and upgrade steps for Ubuntu before you begin the install. This is especially important if using a cloud-based Ubuntu 14 server.

apt-get update
apt-get upgrade -y
reboot

Now you’re ready to kick off the Incredible PBX install. Just issue the following commands:

cd /root
wget http://incrediblepbx.com/incrediblepbx11.4.ubuntu14
chmod +x incredible*
./incredible*

Once you have agreed to the license agreement and terms of use, press Enter and go have a long cup of coffee. The Incredible PBX installer runs unattended so find something to do for the next 30 minutes unless you just like watching code compile. When you see “Have a nice day”, your installation is complete. Log out and back into your server as root and you should be greeted by something like this:

You can access the Asterisk CLI by typing: asterisk -rvvvvvvvvvv

You can access the FreePBX GUI using your favorite web browser to configure your server. Just enter the IP address shown in the status display. The default username and password are admin:admin. Change them immediately in FreePBX Administration by clicking Admin -> Administrators -> admin. Enter a new password and click Submit Changes then Apply Config. Now edit extension 701 so you can figure out (or change) the randomized passwords that were set up for your 701 extension and voicemail account: Applications -> Extensions -> 701.

Setting Up a Soft Phone to Use with Incredible PBX

Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

123 - Reminders
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History

Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to set up a free Google Voice account. Google has threatened to shut this down but as this is written, it still works. The more desirable long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax 11, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using FreePBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX 11. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to set up your Google Voice trunk in FreePBX. After logging into FreePBX with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!

IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems.

Troubleshooting Audio and DTMF Problems

You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in FreePBX: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

Adding Speech Recognition to Incredible PBX

To support many of our applications, Incredible PBX has included Google’s speech recognition service for years. These applications include Weather Reports by City (949), AsteriDex Voice Dialing by Name (411), and Wolfram Alpha for Asterisk (4747), all of which use Lefteris Zafiris’ terrific speech-recog AGI script. Unfortunately (for some), Google now has tightened up the terms of use for their free speech recognition service. Now you can only use it for “personal and development use.” If you meet those criteria, keep reading. Here’s how to activate speech recognition on Incredible PBX. Don’t skip any steps!

1. Using an existing Google/Gmail account to join the Chrome-Dev Group.

2. Using the same account, create a new Speech Recognition Project.

3. Click on your newly created project and choose APIs & auth.

4. Turn ON Speech API by clicking on its Status button in the far right margin.

5. Click on Credentials in APIs & auth and choose Create New Key -> Server key. Leave the IP address restriction blank!

6. Write down your new API key or copy it to the clipboard.

7. Log into your server as root and issue the following commands:

# for Ubuntu and Debian platforms
apt-get clean
apt-get install libjson-perl flac -y
# for RedHat and CentOS platforms
yum -y install perl-JSON
# for all Linux platforms
cd /var/lib/asterisk/agi-bin
mv speech-recog.agi speech-recog.last.agi
wget --no-check-certificate https://raw.githubusercontent.com/zaf/asterisk-speech-recog/master/speech-recog.agi
chown asterisk:asterisk speech*
chmod 775 speech*
nano -w speech-recog.agi

8. When the nano editor opens, go to line 70 of speech-recog.agi: my $key = "". Insert your API key from Step #6 above between the quotation marks and save the file: Ctrl-X, Y, then Enter.

Now you’re ready to try out the speech recognition apps. Dial 949 and say the name of a city and state/province/country to get a current weather forecast from Yahoo. Dial 411 and say “American Airlines” to be connected to American.

To use Wolfram Alpha by phone, you first must install it. Obtain your free Wolfram Alpha APP-ID here. Then run the one-click installer: /root/wolfram/wolframalpha-oneclick.sh. Insert your APP-ID when prompted. Now dial 4747 to access Wolfram Alpha by phone and enter your query, e.g. “What planes are overhead.” Read the Nerd Vittles tutorial for additional examples and tips.

A Few Words about the Incredible PBX Security Model for Ubuntu

Incredible PBX for Ubuntu 14 is our most secure turnkey PBX implementation, ever. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. The latest release also includes Port Knocker for simple, secure access from any remote computer or smartphone. You can get up to speed on how the technology works by reading the Nerd Vittles tutorial. The NeoRouter VPN client also is included for rock-solid, secure connectivity to remote users. Read our previous tutorial for setup instructions. As configured, nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. You can whitelist additional IP addresses by running the command-line utility /root/add-ip. You can remove whitelisted IP addresses by running /root/del-acct. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking. We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. And it’s your phone bill. :wink:

The IPtables firewall is a complex piece of software. If you need assistance with configuring it, visit the PIAF Forum for some friendly assistance.

Incredible PBX Automatic Update Utility

Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along.

In the meantime, we encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie. Come join us!

Originally published: Monday, June 30, 2014


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. With some providers including ones linked in this article, Nerd Vittles receives referral fees which assist in keeping the Nerd Vittles lights burning brightly. []

The Definitive VoIP Quickstart Guide: Incredible PBX for the Raspberry Pi

It’s been a wild ride with the $35 Raspberry Pi®. Last month, sales of the Raspberry Pi topped three million. And, if you didn’t already know, the Raspberry Pi makes a near perfect platform for your very own VoIP PBX. It’s less than a ONE HOUR project!

If you’re new to the party, imagine squeezing a 700 mHz ARM processor with 512MB of RAM, 2 USB ports, a 10/100 Ethernet port, an HDMI port, composite video, a separate audio jack, an SDHC card slot, and a micro USB port onto a motherboard the size of a credit card weighing 1.6 ounces. Adding WiFi is as simple as plugging in a USB adapter. If your WiFi connection is password-protected, just plug your credentials into the top of /etc/wpa.conf and /root/restart-wlan0.

Absolute perfection. Other than the slow write speeds to the sd card (you might add a warning note about that part), I had it swapped over to local extension numbers and trunked to existing asterisk servers in minutes… [I]t doesn’t get any cooler than this! — Scott P.

Trust us when we say the performance of this tiny computer is nothing short of amazing. Can it do everything a $300 dual-core Atom PC can do? No. Can it do 90% of everything for someone whose requirements do not exceed a handful of simultaneous calls at a time but still wants a full-blown PBX for call routing, transcribed voicemails delivered by email, IVRs, music on hold, and text-to-speech and speech-to-text apps for a home, a SOHO office, a Little League team, or a dorm room? Absolutely. As Scott mentioned, configuration changes may take you a few seconds longer than would normally be the case with an Atom-based PC and a hard disk. But, hey, you can have this delivered to your front door in two days with Amazon Prime shipping for less than $2 more than the actual cost of the $35 computer. See the ad in the sidebar for ordering info. You’ll have a fully functional PBX up and running before you can break a summer sweat.

And today we’re pleased to introduce Incredible PBX 3.11.10 for the Raspberry Pi, a turnkey PBX featuring the latest releases of Asterisk® 11 and FreePBX® 2.11 for a near perfect telephony platform. Special thanks to the tens of thousands of pioneers that have given the first dozen iterations of this software a healthy workout over the past 18 months. We couldn’t have done it without you!

What’s New in Incredible PBX 3.11.10? Well, just about everything is either new or upgraded. For those of you already running a previous version, here’s a quick thumbnail of the 3.11.10 feature set. As in the past, we’ve tried to mimic as much of the previous build functionality as possible while providing new firmware support for the very latest Raspberry Pi boards. So you still get simple utilities to configure 1GHz overclocking and automatic expansion of the 3.11 image to run on any size SDHC card. You also get Asterisk’s latest long-term support release, Asterisk 11, which provides an incredibly stable VoIP platform. There also have been some major plumbing enhancements in FreePBX 2.11 to improve its stability and to enhance security. Although we can’t promise it will last forever, you also still get Google Voice support with free calling in the U.S. and Canada as well as free faxing and SMS messaging plus most of the Incredible PBX feature set. We’ve also added optional voice transcription and email delivery of MP3 voicemails to smooth the migration to unified messaging. If you want the first 15 seconds of each voicemail transcribed, then issue the following commands after logging into your server as root. Additional documentation is available here.

cd /usr/sbin
mv sendmailmp3 sendmailmp3.notrans
mv /root/sendmailmp3 sendmailmp3

Incredible PBX 3.5 and beyond added automatic detection and support of 512MB Raspberry Pi devices without touching anything. Beginning with version 3.7, we added an awesome fax server to Incredible PBX for those with a 512MB board. The complete tutorial is available here. update-my-pi in the /root folder of your server helps to safeguard your system by bringing it up to date with the latest fixes and enhancements. After running it the first time, it gets run automatically whenever you log in as root. For the safety of your server, don’t disable it! It’s free for the first ten updates, and then it’s just $20 a year. And it’s on the honor system so you can cheap out if you prefer not to contribute.

To enable overclocking at your own risk, run: raspi-config. Overclocking works for us. YMMV! The key is a good power supply. If you’re using an SD card larger than 4GB, version 3.11.10 can resize your partitions on the fly. Just choose the option in raspi-config and reboot. Even though the kernel now monitors CPU temperature and manages overclocking, it’s always nice to see for yourself. To monitor the CPU temperature, just run the status program which provides a current snapshot anytime. Temperature data now is provided on the FreePBX Dashboard as well.

There’s more good news. Networking is much more stable; however, we’ve dropped support for the TP-Link WiFi adapters. If you still have one of these adapters, see this thread on the PIAF Forum for setup instructions. Otherwise you’ll need the recommended AirLink 101 N-150 if you want WiFi capability. In the 3.11.10 release, your server will automatically attempt to connect to any open WiFi network that it can find. We’ve also added two scripts in /root to let you restart either your wired or wireless network and designate it as the primary network: restart-eth0 and restart-wlan0. Time zone management was also a bit of mess with multiple file settings required to support both Linux and PHP. In this release, you’ll be prompted to select your timezone when you first log in as root. The setup script will automatically apply your entry in all the right places. We’ve also replaced SendMail with Exim to simplify the process of using an SMTP mail gateway such as Gmail. The procedure for making the change is documented here.

As part of the latest build, we’ve also eliminated the pi user account. Everything you need to do to configure Incredible PBX requires root permission. So goodbye sudo. Only the root user account is included, and the default password is raspberry. Change the password when you first log in. New SSH and DUNDI keys now are automatically generated when you first boot your server. The FreePBX Backup and Restore Utility is included in this new build. AsteriDex Speed Dialing has been enhanced for our friends across the Atlantic. Enter 3-digit Dial Codes in AsteriDex, and you can call by dialing 000nnn. In this upgrade, Telephone Reminders work like a champ.

X Windows is included in this build. This won’t work with SSH. For a demo slideshow, plug in a real monitor and log in as root. In the /root folder, enter the command: startx. To end the slideshow, press ESCape. To disable the slideshow: mv .xinitrc xinitrc. To add photos, copy .jpg images into /root/slideshow. No mouse is required for the slideshow but, if you run X Windows natively, you’ll need a USB mouse. The SMS Blasting app in /root now supports phone numbers (which use SMS) and email addresses (which use SendMail).

Last but not least, a sophisticated Conference Bridge has been added to Incredible PBX. If you route one of your inbound DIDs to the predefined IVR, users can press 0 and enter 1234 for the conference PIN to join the conference. Local extensions simply dial C-O-N-F. We’ve already tested a 9-person conference call with excellent results. But don’t take our word for it. Try it for yourself. Just call our demo Raspberry Pi AutoAttendant and take the Conference Bridge and a handful of other Incredible PBX™ apps for a test drive:

And here’s what the conference call looked like in the FreePBX Dashboard:

So you don’t have to jump around between articles, we’ve put together this Quick Start Guide that tells you everything you need to know to get up and running in about an hour. Most of that time will be consumed copying the Incredible Pi image to an SD card. So there’s plenty of time for lunch during the hour. Once your system is running and you’ve completed the setup steps below, then jump over to the application tutorial which explains how to use every one of the 35+ Incredible PBX Apps for the $35 Raspberry Pi.

What to Buy. Here’s everything you need to get started.1 The case is optional. Yes, you can run the Raspberry Pi sitting on your desk with no case. It’s only 5 volts. WiFi is also optional. There’s a 10/100 port on the Raspberry Pi that gives you all the networking you need. Here are the links to buy the pieces. You also need a CAT5 cable and either a spare PC or Mac with Putty or SSH and a pair of earbuds or an HDMI cable to connect to a TV or monitor and a USB keyboard.

Setting Up Google Voice. If you want free calling in the U.S. and Canada, then you’ll need a Google Voice account, and you’ll need one dedicated to Incredible Pi, or it won’t work. Log out after setting up the new Google Voice account! Also note that Google Voice will cease to function on May 15, 2014. You can read all about it here.

  • Register for Google Voice account (no funky characters in your password!)
  • Enable Google Chat as Phone Destination
  • Configure Google Voice Calls Settings:
    • Call ScreeningOFF
    • Call PresentationOFF
    • Caller ID (In)Display Caller’s Number
    • Caller ID (Out)Don’t Change Anything
    • Do Not DisturbOFF
    • Call Options (Enable Recording)OFF
    • Global Spam FilteringON

  • Place test call in and out using GMail Call Phone

Baking Your Incredible Pi. The disk drive for the Raspberry Pi is an SD card. So what you need to do is download Incredible Pi and copy the image onto an SDHC card. Mac and Linux installers are included. For Windows, just use Win32 Disk Imager. Here are the steps:

  1. Download the latest Incredible Pi package
  2. Decompress the tarball: tar zxvf incrediblepi-version.tar.gz
  3. Copy .img file to SDHC using image utility or script
  4. Insert SDHC card into Raspberry Pi
  5. Boot the Raspberry Pi from Incredible Pi SDHC card

Your First Bite of Incredible Pi. If you’re not using a monitor and keyboard, you can use SSH to gain root access to Incredible Pi. And you can use any web browser on your private network to access your server. There are a couple of hurdles. First, you need the network address of your new server. And, second you need an SSH client. With Incredible PBX 3.3 and beyond, you needn’t worry about the IP address. You now can access your server via SSH by logging in like this: root@incrediblepbx.local. And browser access to your server is available at the following address: http://incrediblepbx.local. You still can plug in some earbuds when the bootup process begins and listen for the Incredible Pi to tell you its IP address when the boot procedure completes (about 90 seconds). Then you can use that IP address instead of incrediblepbx.local. The latest releases of Incredible PBX also include a Java-based SSH client in the FreePBX web GUI: Admin -> Java SSH. Because of the almost weekly security problems with Java, we strongly recommend using a standalone SSH client such as Putty.

Here’s everything you need to know about security for Incredible Pi:

1. ALWAYS RUN INCREDIBLE PI BEHIND A SECURE HARDWARE-BASED FIREWALL/ROUTER
2. NEVER EXPOSE ANY INCREDIBLE PI PORTS DIRECTLY TO THE INTERNET
3. NEVER MAP INBOUND INTERNET PORTS FROM YOUR FIREWALL TO INCREDIBLE PI

Initial Setup. There also are a few setup steps to complete once your Incredible Pi finishes the bootup process. When you first login (username: root  password: raspberry), you’ll be prompted to change your root password and to set your default time zone. If you’re using either a wired network or an open WiFi network, then everything just works. If you’re using secured WiFi, then you’ll need to plug in your credentials in /etc/wpa.conf and reboot. The wired network always takes precedence so unplug the cable if you want WiFi to be your primary network. /root/update-my-pi runs automatically when you log in as root. It will bring your server up to current specs. Finally, now’s the time to repartition your SD card if you’re using a card larger than 4GB (highly recommended!). While you’re at it, bump up the performance of your Raspberry Pi by 50% by setting the overclocking to turbo mode. It works great for us. YMMV! The key is a rock-solid power adapter such as the one we’ve recommended. Just run raspi-config and follow your nose.

Accessing Incredible Pi By GUI. You don’t have to be a Linux guru to use Incredible Pi. In fact, we’re just about finished with the Linux command prompt, but stay logged in until we finish the steps below. Most of your configuration of the PBX will be performed using the FreePBX® Web GUI.

If you’re new to Asterisk® and FreePBX, here’s the one paragraph primer on what needs to happen before you can make free calls with Google Voice. You’ll obviously need a free Google Voice account. This gets you a phone number for people to call you and a vehicle to place calls to plain old telephones throughout the U.S. and Canada at no cost. You’ll also need a softphone or SIP phone to actually place and receive calls. YATE makes a free softphone for PCs, Macs, and Linux machines so download your favorite and install it on your desktop. Phones connect to extensions in FreePBX to work with Incredible Pi. Extensions talk to trunks (like Google Voice) to make and receive calls. FreePBX uses outbound routes to direct outgoing calls from extensions to trunks, and FreePBX uses inbound routes to route incoming calls from trunks to extensions to make your phones ring. In a nutshell, that’s how a PBX works. There are lots of bells and whistles that you can explore down the road.

Let’s get started. Using a browser, enter the IP address of your server or just use incrediblepbx.local as the address. Choose FreePBX Administration. When prompted for a username and password, use admin for both. Here are the six steps you need to complete before making your first free call:

  1. Change FreePBX admin Password and Default Email
  2. Add Google Voice Account credentials
  3. Set Destination for Incoming Calls
  4. Change Extension 701 Passwords
  5. Eliminate Audio and DTMF Problems
  6. Install and Register a Softphone to Extension 701

1. Changing FreePBX admin Password and Default Email. From the main FreePBX GUI, click Admin => Administrators. Click on admin user in the far-right column. Enter a new Password and click Submit Changes button. Then click the Apply Config button. Next, set your default email address in the right margin of Admin -> Module Admin and save your entry.

2. Activating a Google Voice Trunk. To create a Trunk in FreePBX to handle calls to and from Google Voice, you’ll need three pieces of information from the Google Voice account you set up above: the 10-digit Google Voice phone number, your Google Voice account name, and your Google Voice password. Choose Connectivity -> Google Voice (Motif) from the FreePBX GUI. The following form will appear:

Fill in the blanks with your information and check only the top 2 boxes. If your Google Voice account name ends in @gmail.com, leave that out. Otherwise, include the full email address. Then click Submit Changes and Apply Config.

There’s one more step or your Google Voice account won’t work reliably with Incredible Pi! From the Linux command prompt while logged into your server as root, restart Asterisk: amportal restart

3. Setting a Destination for Incoming Calls. Now that you’ve created your Google Voice Trunk, we need to tell FreePBX how to process inbound calls when someone dials your Google Voice number. There are any number of choices. You could simply ring an extension. Or you could ring multiple extensions by first creating a Ring Group which is just a list of extension numbers. Or you could direct incoming calls to an Interactive Voice Response (IVR) system (we’ve actually set one up for you to play with).

By default, Incredible Pi is configured to route all incoming calls to a demo IVR that shows off some of the applications that come with Incredible Pi. You can change whenever you like by choosing Connectivity -> Inbound Routes -> Default. In the Set Destination section of the form, change the target to Extensions and then select 701 from the list. Then click Submit and Apply Config.

4. Changing Extension Passwords. From the main FreePBX GUI, choose Applications -> Extensions. Then click on 701 in the Extension List on the right side of your display. You’ll see a form that looks like this:

For now, we only need to make a few changes. First, you need a very secure password for both the extension itself and your voicemail account for this extension. The extension secret needs to be a combination of letters and numbers. The Voicemail Password needs to be all numbers, preferably six or more. Replace the existing 1234secret and 1234 with your own (very secure) entries. You also need to lock down this extension so that it is only accessible from devices on your private LAN. You do that with the deny and permit entries which currently are filled with zeroes. Leave the deny entry the way it is which tells Incredible Pi to block everybody except those allowed in the permit entry below. For the permit, we need the first three octets of your private LAN address, e.g. if your LAN is 192.168.0.something then the permit entry will be 192.168.0.0/255.255.255.0.

Finally, you need to plug in your actual email address in the Voicemail section so that voicemails can be delivered to you when someone leaves a message. You can also include a pager email address if you want a text message alert with incoming voicemails. If you want the voicemails to automatically be deleted from the server after they are emailed to you (a good idea considering the disk storage limitations of an SDHC card), change the Delete Voicemail option from No to Yes. That’s it. Now save your settings by clicking the Submit button. Then reload the dialplan by clicking on the red prompt when it appears.

In case you’re curious, unless you’ve chosen to automatically delete voicemails after emailing them, you can retrieve your voicemails by dialing *98701 from any extension on your phone system. You’ll be prompted to enter the voicemail password you set up. In addition to managing your voicemails, you’ll also be given the opportunity to either return the call to the number of the person that called or to transfer the voicemail to another extension’s voicemail box. And you can always leave a voicemail for someone by dialing their extension number preceded by an asterisk, e.g. *701 would let someone leave you a voicemail without actually calling you.

5. Eliminating Audio and DTMF Problems. You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in FreePBX: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

6. Setting Up a Desktop Softphone. Incredible Pi supports all kinds of telephones, but we’ll start with the easy (free) one today. You can move on to “real phones” once you’re smitten with the VoIP bug. For today, you’ll need to download a softphone to your desktop PC or Mac.

7. Activating Voice Recognition for Incredible Pi Apps. Google now requires an API key to use their voice recognition services. This affects a number of Incredible Pi applications including the Yahoo Weather report service (951) which lets you say the name of a city to retrieve its weather forecast, dial by name to call anyone in your AsteriDex database (411), and the Wolfram Alpha almanac service which lets you look up almost anything (4747). The 5-minute tutorial to activate voice recognition is available in the PIAF Forum.

As we mentioned, the easiest way to get started with Incredible Pi is to set up a YATE softphone on your Desktop computer. Versions are available at no cost for Macs, PCs, and Linux machines. Just download the appropriate one and install it from this link. Once installed, it’s a simple matter to plug in your extension 701 credentials and start making calls. Run the application and choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of Incredible Pi, 701 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place your first call. It’s that easy!

Monitoring Call Progress with Asterisk. That about covers the basics. We’ll leave you with a tip on how to monitor what’s happening with your PBX. There are several good tools within the FreePBX GUI. You’ll find them under the Reports tab. In addition, Asterisk has its own Command Line Interface (CLI) that is accessible from the Linux command prompt. Just execute the following command while logged in as root: asterisk -rvvvvvvvvvv.

Activating SAMBA for Windows Networking. SAMBA is included for transparent access using the Windows Networking Protocol from PCs, Macs, and other Linux machines. As delivered, SAMBA is deactivated. For obvious reasons, we recommend you never activate root login access to SAMBA without a very secure password. If you wish to enable SAMBA on your server, here are the steps while logged in as root:

  • 1. Set SAMBA password for user root: smbpasswd -a root
  • 2. Change Windows workgroup from WORKGROUP, if needed: nano -w /etc/samba/smb.conf
  • 3. Manually start SAMBA from command prompt: service samba start
  • 4. If desired, set SAMBA to start on boot: rcconf and activate SAMBA option

Activating the PPTP VPN Client. If you’ve followed the Nerd Vittles tutorial and previously set up a PPTP VPN Server for your devices, then it’s pretty simple to add Incredible Pi to the mix by activating its PPTP VPN client. You’ll need the FQDN or public IP address of your VPN server as well as a username and password for VPN access to your VPN server. Once you have those in hand, log into Incredible Pi as root.

Lest we forget to mention, you cannot log into your PPTP server from an IP address on the same private LAN so you’d only use the PPTP VPN when your Incredible Pi is at a remote location.

Edit the connection template: nano -w /etc/ppp/peers/my-pptp-server. Insert the following text and replace myfqdn.org with the FQDN of your PPTP server, replace myname with your PPTP username, and replace mypassword with your PPTP password. Then save the file: Ctrl-X, Y, then Enter.

To test it, issue the following command: /etc/init.d/pptp start. When you run ifconfig, you should now see a ppp0 entry:

ppp0 Link encap:Point-to-Point Protocol
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

Remember, it won’t show an IP address if the Raspberry Pi and your PPTP VPN Server are on the same subnet (like ours). Once you install your Raspberry Pi in a remote location, you now can access it at the first IP address in your reserved PPTP IP address pool.

To permanently activate the PPTP VPN client on your Incredible Pi server, run rcconf. Scroll to the bottom of the list and highlight pptp. Press the space bar to select it for automatic startup when you boot your server. Then tab to OK and press Enter.

Activating Incredible Fax. With a 512MB Raspberry Pi, here are the 5 Simple Steps to activate Incredible Fax. The original tutorial is available here.

  1. Download and Install Incredible PBX 3.11
  2. Run the /root/fax-enable Script to Automatically Configure HylaFax
  3. Using FreePBX, Add Additional, Dedicated DID and Inbound Route to Handle Incoming Faxes
  4. Install Any Desktop HylaFax Client to Send Faxes via Print-to-Fax using any PDF
  5. Reboot Your Server and Enjoy

Incredible Trunks. When you’re ready to try some other SIP providers, here is a quick Cheat Sheet courtesy of Kristian Hare, who translated our original setups into a spreadsheet. Just click on the image below to open it in a new window. Then click on the redisplayed image to enlarge it.

Configuring CallerID Superfecta. In order to match names with phone numbers, Incredible PBX includes a FreePBX application named CallerID Superfecta. Out of the box, Incredible PBX 3.11 will work fine if you remember to activate CallerID Superfecta whenever you create a new Inbound Route. The CNAM entries also will be displayed in your CDR reports. For those not in the United States, you may prefer to use a lookup source for your numbers other than the ones preconfigured in CallerID Superfecta. You will find all of the available modules on the POSSA GitHub site. Just download the ones desired into /var/www/html/admin/superfecta/sources and then activate the desired sources in Admin -> CID Superfecta -> Default. You can test your results and the performance using the Debug facility that’s built into the module.

Shutting Down Your Server. Last but not least, never just pull the plug when you want to shut down your server, or you may end up with corrupted MySQL databases. Then nothing will run. Instead, log into your server as root, and issue the following command: shutdown -h now. Enjoy!

Where To Go Next. Once you’ve done a little exploring, take a few minutes to read the complete tutorial on all 35 Incredible PBX applications for Raspberry Pi. A few require a bit of configuration before you start using them. And then you’ll want to explore Interconnecting Asterisk Servers with Incredible PBX and the Raspberry Pi. Enjoy!


Don’t forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. And add your new number to the Do Not Call Registry to block telemarketing calls. Or just call 888-382-1222 from your new number.

Originally published: Monday, June 23, 2014


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of ordinary users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. []

Another Feather in the VoIP Cap: Fedora 20 Comes to PBX in a Flash

Summer has always been the season for experimentation at Nerd Vittles, and 2014 is shaping up to be a banner year. Red Hat® has been a pioneer in all things Linux® so we were anxious to take their latest technologies for a spin. Nothing sums up Fedora™ 20 better than Cubieboard’s graphic (shown above). For those new to open source, Fedora is where the Bleeding Edge action is. If you like roller coasters and fast cars, then you’ll feel right at home with Fedora 20. Suffice it to say it’s the 10th year anniversary edition and the twentieth release of Fedora. What’s new? Well, almost everything. At the desktop level, you’ll be struck by how quickly Fedora components are closing the gap on Windows® and Mac OS X®. In particular, the new LibreOffice™ office suite will leave you wondering whether your favorite word processor has been ported to Linux. It’s that good. And graphics support in Firefox® is every bit as good as any browser you’re currently using on any platform. Of particular interest to us was Fedora’s new support for the Cloud and more important to VoIP, the ARM® platform. This opens up exciting possibilities with the Raspberry Pi® and especially the third generation BeagleBone Black® with its new 4GB flash drive. Is that enough trademark symbols for you? If we missed any owned Word®, our apologies. Yes, you all own your brand names. And no, we didn’t invent any of this. We’re in the aggregation business, trying to make all the pieces work together. For a look at everything new in Fedora 20, be sure to read Danny Steiben’s terrific review. While there still are a few rough edges, it’s actually a much better product than the graphic above might lead you to believe. Here is sample displaying a favorite webcam site, ours.


What does all of this have to do with VoIP? Everything. Fedora is where RedHat experiments with new technologies that ultimately find their way into Enterprise Linux® releases.1 With last week’s release of RHEL 7, CentOS™ 7 cannot be far behind. And much of the new Linux technology found in Fedora will be coming to a VoIP desktop or Cloud near you very soon. So it was important for us to see just how well Asterisk® and FreePBX® perform using the current PBX in a Flash™ installer. If you’re one who likes to read the last page of a book first, we’d give Fedora 20 an A-. And we don’t give out many A’s.

Our tasks for today are three-fold. We’ll show you how to install PBX in a Flash on top of an existing Fedora 20 installation. Then we’ll show you how to roll your own Fedora Remix, a generic operating system that you can embellish and redistribute to your heart’s content (pursuant to GPL2) without worrying about RedHat’s legal beagles. Finally, we’ll provide a Fedora Remix appliance for VirtualBox® that will let you deploy and play with Fedora 20 and PBX in a Flash on your favorite desktop computer. The complete appliance setup takes less than 5 minutes on almost any Windows, Mac, or Linux desktop.

Installing PBX in a Flash Atop Fedora 20 or Fedora Remix

Before you can install the latest PBX in a Flash aggregation, you’ll first need an operating system platform on which to run it. In the case of Fedora 20, that means downloading and installing the Live Media Desktop Edition. For today, we’ll assume you’re installing Fedora 20 on VirtualBox, but any relatively recent desktop computer should work equally well.

You actually have two choices for your operating system: the Fedora 20 platform described above or the PIAF-FC20 Remix which is a superset of that platform. The choice is completely yours. The Fedora Remix is not provided or supported by the Fedora Project. It has been created and is maintained by Ward Mundy & Associates LLC on behalf of the PBX in a Flash Development Team. Download the official Fedora software from here. Or download the PIAF-FC20 Remix ISO from SourceForge.

Let us restate the obvious. This is Bleeding Edge technology. Only deploy it behind a hardware-based firewall with no Internet port exposure. It is not safe to deploy this aggregation on the open Internet. It’s your phone bill. :-)

Create a new Fedora 20 Virtual Machine in VirtualBox:

Type: Linux
Version: Fedora
RAM: 1024MB
Default Drive Options with 20GB+ space
Create
Settings->System: Enable IO APIC and Disable HW Clock (leave rest alone)
Settings->Audio: Enable
Settings->Network: Enable, Bridged
Settings->Storage: Far right CD icon (choose your ISO) and click Live CD/DVD
Start

Install and configure Fedora 20:

Start your Virtual Machine
Start Fedora Live (be patient while it loads)
Click: Install to Hard Drive
Choose Language and Click Continue
Click: Install Destination (do not change anything!)
Click: Done
Click: Continue (to autoconfigure disk)
Click: Begin Installation
Click: Root Password: password, password, Click Done twice
Click: User Creation: admin, admin, password, password, Click Done twice
Wait for Software Install and Setup to finish
Click Quit
Click Activities and Search for terminal
Click Terminal icon
shutdown -h now
Close the VM window and choose Power Off Machine

Adjust Virtual Machine to Remove Live Image:

Settings->Storage: Click on Fedora Live ISO
Click: (-) icon to remove Live ISO
Confirm: Remove
Click: OK
Restart Virtual Machine

Fedora 20 Initial Setup:

Accept default kernel for boot
Click: Admin user, enter password, Accept
Choose Language, Keyboard
Ignore Link to Data in Cloud, Next
Start Using Fedora
Click: X to close Gnome Help window
Activities, Search: terminal
Click: Terminal icon
su root
enter your password
init 3
login again as root
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
service sshd start
chkconfig --level 2345 sshd on
ifconfig (decipher IP address for SSH login)
shutdown -h now

Once you login with admin:password, the Gnome Desktop will appear. Navigation is similar to a Windows or Mac desktop. Clicking on the Power button and then the Settings icon will bring up the Settings window. Clicking on Activities will bring up the Application list and Search bar. You can drag any of your favorite apps to the left toolbar for quick access. For our purposes, type terminal in the search bar to access a Terminal window. Switch to the root user: su root. And enter your root password. Then complete the steps above to configure Fedora 20 for PIAF installation. You will NOT lose your ability to also use Fedora 20 apps in graphics mode. Switch between modes with init 5 for graphics and init 3 for non-graphics, multi-user mode. PIAF installation and operation requires run level 3. But, once it’s installed and operating, you can easily switch to run level 5 to use desktop applications such as FireFox and LibreOffice. The advantages of a multi-purpose platform for those who travel or for deployment at small remote sites should be obvious. A single computer could be used to provide BOTH desktop computing services as well as a full-featured PBX with secure connectivity to home base.


 

Preliminary Steps for PIAF3 Installation:

Restart Virtual Machine
Login as root using SSH so you can cut-and-paste
cd /etc/yum.repos.d
# change gpgcheck=0 for all repos
yum -y install httpd* php wget nano iptables-services glibc.i686
sed -i 's|SELINUX=enforcing|SELINUX=disabled|' /etc/selinux/config
systemctl enable httpd.service
systemctl start httpd.service
systemctl stop firewalld.service
systemctl status firewalld.service
chkconfig --level 2345 firewalld off
cd /root
wget http://pbxinaflash.com/piaf3-install.tar.gz
tar zxvf piaf3-install.tar.gz
./piaf3-install

PIAF3 Installation Procedure:

Phase 1: Allow automated install to complete (2,000+ new components)
Phase 2: Following reboot, choose option C to exit to command prompt
Type: piafdl
Flavor: PIAF-Green
# expand the size of your SSH window now by doubling its size
Enable make menuconfig option: Y
Time Zone: your choice
FreePBX: 2.11
Master password: your choice
When menuconfig opens, press down arrow, right arrow, left arrow, and X
Wait for reboot and login again
Post-install script will run and leave you with a functional system

Congratulations! Enjoy your new Bleeding Edge VoIP platform.

Rolling Your Own Fedora Remix

We promised you a quick tutorial on building your own Fedora Remix using Fedora 20 as a base. It’s actually pretty easy and can be built using the platform you created above. After logging into your server as root, issue the following commands to create the ISO. When you’re finished, you’ll have the same Fedora Remix ISO that can be downloaded from our SourceForge site.

mkdir /root/remix
cd /root/remix
yum -y install livecd-tools spin-kickstarts
wget http://pbxinaflash.com/piaf-fc20-remix-ks.tar.gz
tar zxvf piaf-fc20-remix-ks.tar.gz
livecd-creator --config=fedora-live-desktop.ks --fslabel=PIAF-FC20-Remix \
--cache=/var/cache/live

PIAF3 VirtualBox Appliance with Fedora Remix

You may be asking, “Why the knuckle drill with rolling your own remix when Fedora provides the ISO for you?” The short answer is because RedHat has rules (lots of them) on how you can redistribute their open source products (many of which aren’t theirs at all). Most of these rules address which trademarks of theirs can and cannot be used and under what circumstances. For anyone building virtual machines, it’s simply the cost of doing business with RedHat. If it were as easy as removing the fedora-logos, fedora-release, and fedora-release-notes packages and replacing them with the generic-logos, generic-release, and generic-release-notes packages as RedHat’s site suggests, life would be easy. Unfortunately, there are dozens of commingled dependencies that get broken by directly swapping out these RPMs on a live system. While it has never been legally tested, as things stand today, you are forced to build your own ISO with the appropriate packages in order to comply with Red Hat’s licensing rules. Once you’ve done that, then creation of virtual machine appliances with the remix operating system are straight-forward and simple to create. We have built a VirtualBox appliance that will provide you a functional system on any desktop computer in minutes. The .ova appliance (3.1GB) is available for download from SourceForge. For those that want to experiment with this exciting new platform without the installation hassle, this virtual machine appliance is for you. After downloading the .ova image, just follow our previous VirtualBox tutorial to get started. It only takes a couple of minutes. At a minimum, change your root password by running passwd and change your FreePBX maint password by running passwd-master.

What’s Still Broken with PIAF Running Fedora 20

The new PIAF install procedure lets us push the latest fixes to every system as necessary. These always get loaded the first time you log in as root and configure your network for DHCP access, and you can reapply the latest fixes by issuing the command touch /etc/firsttime and then logging out and back into your server as root. With the latest fixes, the bug list is tiny. Apache authentication for FreePBX now works just as it does in all other versions of PBX in a Flash. Simply log into the FreePBX web GUI with username maint and the maint password you set up with passwd-master. The original PIAF status application has been replaced with an interim status app that provides most of the same functionality as the original. Zend Guard loader remains broken because Fedora 20 uses PHP 5.5. It means FreePBX commercial apps will not yet function. With those two exceptions, PBX in a Flash running under Fedora 20 should be indistinguishable from PIAF running on other OS platforms.

We really need your help identifying bugs! Much of this platform will ultimately be part of the new CentOS 7 and RHEL 7 builds. If you happen to stumble upon problems, particularly in FreePBX which now is dependent upon a new version of PHP and the new MariaDB database engine which replaced MySQL, please post a comment on the PIAF Forum AND open a bug ticket in the FreePBX Issue Tracker. The PIAF and FreePBX Dev Teams take all bug reports seriously and appreciate your assistance. Enjoy!

Originally published: Monday, June 16, 2014




Need help with Asterisk? Visit the PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource for all of us.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.79 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity. 


Some Recent Nerd Vittles Articles of Interest…

  1. Did you happen to notice who is using someone else’s trademark in their brand name? But we digress. []

Ringbinder theme by Themocracy