It’s been an interesting year with RedHat’s acquisition of CentOS™. But the dust is slowly settling, and we’ve developed a new installation methodology for PBX in a Flash™ which we believe provides everyone with the best of all worlds. Like it or not, Red Hat® is in the driver’s seat now with CentOS, and Scientific Linux™ already has announced that they plan to fold into CentOS with the 7.0 release. That left the rest of us with two choices: fork CentOS and roll your own operating system or comply with the RedHat requirement to initially build a system with their ISO and then embellish it. The PBX in a Flash aggregation is just that. It’s always been built on a superset of the base CentOS operating system. That’s why we found the RedHat fanboy diatribes particularly offensive. PBX in a Flash has never provided a diluted or otherwise marginalized version of CentOS. If you don’t believe it, compare the list of RPMs on today’s build with the list on prior releases. They’re virtually identical even though (as you will see) the installation methodology is different. The bottom line is we don’t want to be in the operating system business, and the recent nightmare with OpenSSL should tell you why. Red Hat has a staff of hundreds to maintain RedHat and now CentOS. So why reinvent the wheel? When you peel away the marketing guys and the lawyers and the fan boys, that’s what open source has always been about. RedHat does what it does best, and we do the same. It never has meant you were getting a product that wasn’t genuine. You were getting a product that was embellished and enhanced to perform a specific task, telephony! By sticking with CentOS 6.5, we’ll all have a supported operating system on which to build telephony applications until the end of November, 2020. We can’t do better than that.

If you’re new to the VoIP community, we recommend you begin by watching this video. Before you begin the PBX in a Flash install procedure, you need to do three things first: pick your hardware platform, think about what types of phones you plan to use, and choose at least a couple of service providers to interconnect your PBX with the rest of the telephones in the world.

Making a Hardware Selection

We’re going to assume that you need a VoIP telephony solution that will support an office of up to several dozen employees and that you have an Internet connection that will support whatever your simultaneous call volume happens to be. This is above and beyond your normal Internet traffic. To keep it simple, you need 100Kbps of bandwidth in both directions for each call.¹ And you need a router/firewall that can prioritize VoIP traffic so that all your employees playing Angry Birds won’t cause degradation in VoIP call quality. Almost any good home router can now provide this functionality. Remember to disable ALG on your router, and it’s smooth sailing.

For computer hardware, you’ll need a dedicated machine. There are many good choices. Unless you have a burning desire to preserve your ties with Ma Bell, we recommend limiting your Ma Bell lines to your main number. Most phone companies can provide a service called multi-channel forwarding that lets multiple inbound calls to your main number be routed to one or more VoIP DIDs much like companies do with 800-number calls.

If you’re building a system for home or SOHO use, you probably don’t need PBX in a Flash. If you want the same functionality for under $50 then go with a BeagleBone Black and add RasPBX and Incredible PBX. Our tutorial will show you how to do it. For the business model we’ve described above, any good dual-core Atom computer will suffice. You’ll find lots of suggestions in this thread. And the prices generally are in the $200-$400 range. For larger companies and to increase Asterisk’s capacity with beefier hardware, see these stress test results.

If your requirements involve retention of dozens of Ma Bell lines and complex routing of calls to multiple offices, then we would strongly recommend you spend a couple thousand dollars with a consultant. Some of the best in the business frequent the PBX in a Flash Forum, and they do this for a living. They can easily save you the cost of their services by guiding you through the hardware selection process. For business or for home, another alternative is available if you don’t want to babysit your own hardware. That’s a cloud-based solution such as RentPBX. For $15 a month, you don’t have to worry about electricity and a reliable Internet connection ever.

Choosing the Right Phones

If there is one thing that will kill any new VoIP deployment, it’s choosing the wrong phones. If you value your career, you’ll let that be an organization-driven decision after carefully reviewing at least 6-12 phones that won’t cause you daily heartburn. You and your budget team can figure out the price points that work in your organization keeping in mind that not everyone needs the same type of telephone. Depending upon your staffing, the issue becomes how many different phone sets are you and your colleagues capable of supporting and maintaining on a long term basis.

Schmooze Com has released their commercial End Point Manager (EPM) at a price point of $99 per server. They’ve been using the application internally to support their commercial customers for two years. If you’re doing a major installation, it’s the best money you will ever spend. Just sign up for an account with Schmooze to purchase the software. You can review the Admin User Guide here. The beauty of this software is it gives you the flexibility to support literally hundreds of different VoIP phones and devices almost effortlessly. Using a browser, you can configure and reconfigure almost any VoIP phone or device on the market in a matter of minutes. So the question becomes which phones should you show your business associates. That again should be a decision by you and your management and budget teams, but collect some information from end-users first. Choose a half dozen representative users in your company and get each of them to fill out a questionnaire documenting their 10 most frequent daily phone calls and listing each step of how they process those calls. That will give you a good idea about types and variety of phones you need to consider for different groups of users. Cheaper rarely is better. Keep in mind that phones can last a very long time, even lousy ones. So choose carefully.

The phone brands that we would seriously consider include Yealink, Digium, Snom, Aastra, Mitel, Polycom, Cisco, and Grandstream. Do you need BLF, call parking or multiple line buttons, a hold button, conferencing, speakerphone, HD voice, power over Ethernet support, distinctive ringtones for internal and various types of external calls, Bluetooth, WiFi, web, SMS, or email access, an extra network port for a computer, headset support, customizable buttons (how many?), quick dial keys, custom software, XML provisioning, VPN support? How easy is it to transfer a call? Do you need to mimic key telephones? Also consider color screens, touch screens, busy lamp indicators, extension modules (what capacity?). What do we personally use: Yealink’s T46G is our favorite, and we also have several Digium phones of various types, a couple of Aastra phones, a Grandstream GXP2200, a collection of Panasonic cordless DECT phones, a Samsung Galaxy S4 and Moto X connected through an OBi202 with an OBiBT Bluetooth Adapter, and a Samsung Galaxy S3 extension interconnected with Vitelity’s vMobile service to provide transparent connectivity on both WiFi and cellular networks. You can read all about vMobile here. It is the future of VoIP telephony.

Choosing VoIP Service Providers

One of the design differences between VoIP and the Ma Bell network that we’re all familiar with is that you no longer have to put all your eggs in one basket. The company or companies that you use to make outbound calls need not be the same as the ones you use to handle incoming calls. For home use, VoIP providers typically offer two types of plans: all-you-can-eat (which isn’t really) and pay-by-the-minute (which, in most cases, is priced by the fraction of the minute that you actually use the service). For business use, you have a choice of pay-by-the-trunk (each simultaneous call uses a trunk) and pay-by-the-minute (where you don’t have to manage your simultaneous calls). There was a third option over the past 5 years, and that was Google Voice which was free. But, good things don’t last forever, and Google is in the process of shutting down that service except for those that like making calls with a web browser. Hello, Ring.to.

For businesses, we strongly recommend that you stick with Ma Bell for your main business number only. That gets you listed in the phone book and provides 99.999% reliability for access to your business. Most phone companies can provide a service called multi-channel forwarding that lets multiple inbound calls to your main number be routed to one or more VoIP DIDs much like companies do with 800-number calls. For other business lines as well as home and SOHO setups, ditch Ma Bell as quick as you can. You’ll save boatloads of money. Give some thought to how much non-cellphone usage actually occurs in your situation. In many cases, you will find that pay-by-the-minute service for outbound calls is much less expensive than all-you-can-eat plans. Remember, there are no long term contracts on pay-by-the-minute services so try it and see what your usage habits actually are if you’re unsure. Keep in mind that acquiring inbound trunks for DIDs or phone numbers is almost always all-you-can-eat service ranging in price from $2-$8 a month. The PBX in a Flash Forum is chock full of recommendations. Just remember that, in doing your calculations, separate out the the time spent on incoming calls from the time spent placing outbound calls. Also keep in mind that redundancy is a luxury you never had in the Ma Bell days. Take advantage of it and sign up with multiple pay-by-the-minute providers for outbound (termination) service. You only pay for what you actually use. For inbound trunks, many providers offer failover service to different numbers if the primary connection dies. Even if the failover is to your cellphone, it beats missing the call. If international calling is a frequent part of your business or lifestyle, then spend some time exploring the options that are available. There are numerous all-you-can-eat solutions at incredibly affordable rates if you do your homework. Now let’s get started…

Installing CentOS 6.5

The new installation methodology for PBX in a Flash™ works like this. First, you’ll download the CentOS 6.5 server ISO for what is known as a minimal install. You still have your choice of 32-bit (339.7 MB) or 64-bit (417.3 MB) flavors. Burn the ISO to a USB Thumb Drive or a CD/DVD using a Mac or Windows machine.

If you’re building a system in the cloud or in a hosted environment, the base CentOS install usually has been done for you so you can skip this step.

If you’re using a dedicated PC or virtual machine with no operating system, boot from the CentOS 6.5 CD/DVD or ISO and go through the standard CentOS install procedure. Here are the CentOS 6.5 setup steps and entries that we recommend [in brackets] which will assure that your new server has wired network connectivity through DHCP and a non-LVM partition configuration which is easier to back up and restore. Don’t be intimidated by the list. The entire CentOS setup process only takes a minute or two.

1. Install or upgrade existing system
2. Test media [skip]
3. Begin setup [Next]
4. Choose language [English]
5. Keyboard [U.S. English]
6. Type Devices [Basic Storage Devices]
7. Discard Existing Data [yes]
8. Hostname [localhost.localdomain] ** BEFORE YOU CLICK NEXT, DO STEP 8a. **
  8a. Configure Network [Click eth0 & Edit. Check:Connect Automatically then Apply & Close]
9. Time Zone [New York] ** Uncheck: System Clock Uses UTC **
10. Root Password [** make it very secure **]
11. Type Installation: Create Custom Layout with Primary Partition checked for 11a and 11c
  11a. Create -> Standard Partition -> Mount Point: /boot Type: ext4 Size:200  Fixed
  11b. Create -> Standard Partition -> Mount Point: blank Type: swap Size:2048 Fixed
  11c. Create -> Standard Partition -> Mount Point: /     Type: ext4 Size:Fill to Max Size
12. NEXT
13. FORMAT
14. WRITE CHANGES
15. Checked: Install boot loader on /dev/sda  Boot loader CentOS List: /dev/sda3
16. Reboot when finished


Next, log in to your new server with your root credentials. First, check your disk partitioning to make sure everything looks okay: fdisk -l. Here’s what the partitioning looks like with a 20GB drive. For larger drives, your sda3 partition will obviously be larger.

Device    Boot Start   End  Blocks  ID System
--------- ---- ----- ----- -------- -- ----------
/dev/sda1   *      1    26   204800 83 Linux
/dev/sda2         26   287  2097152 82 Linux swap
/dev/sda3        287  2650 18979840 83 Linux


Now let’s prepare your server for installation of PBX in a Flash 3. None of these three commands will do any damage if your server happens to already be configured properly.


sed -i 's|no|yes|' /etc/sysconfig/network-scripts/ifcfg-eth0
ifup eth0
yum -y install wget nano


Installing PBX in a Flash

Now let us welcome you to the World of PBX in a Flash™. This is our best release ever whether you’re a total newbie or an experienced Asterisk developer. You can’t really appreciate what goes into an open source product like PBX in a Flash until you try doing it yourself. If you want to actually learn about Asterisk from the ground up using pure source code to customize your VoIP deployment, PBX in a Flash has no competition because your only other option is to roll your own starting with a Linux DVD. So our extra special kudos go to Tom King, who once again has produced a real masterpiece in that it is very simple for a first-time user to deploy and, at the same time, incredibly flexible for the most experienced Asterisk developer. The new PIAF3™ release not only provides a choice of Asterisk and FreePBX versions to get you started. But now you can build and deploy standalone servers for SugarCRM™, NeoRouter™ VPN, YATE™, FreeSwitch™, and OpenFire™ XMPP using the standard PIAF3 installer. So let’s get started.

Now we’re ready to begin the PIAF3 install. Issue the following commands to get started:

cd /root
wget --no-check-certificate http://nerd.bz/pbxinaflash3
mv pbxinaflash3 piaf3-install.tar.gz
# alternate site below if SourceForge is down
# wget http://pbxinaflash.com/piaf3-install.tar.gz
tar zxvf piaf3-install.tar.gz
./piaf3-install

When the install begins, there’s a 5-10 minute process to reconfigure CentOS by adding over 500 applications to the base install. Be patient. When it completes, your server will reboot, and you’re ready to begin the PBX in a Flash installation process. Choose option A to continue with the installation. While PBX in a Flash supports a number of versions of Asterisk and FreePBX, we believe the combination of Asterisk 11 and FreePBX 2.11 is so compelling in terms of functionality, stability, and security that the other options are no longer worth considering. We wholeheartedly recommend choosing PIAF-Green with FreePBX 2.11 as your platform.

For today, we’re installing PBX in a Flash. So leave it highlighted, tab to OK, and press Enter.

Now pick your PIAF flavor, tab to OK, and press Enter. HINT: Green is the fourth option.

The PIAF Configuration Wizard will load. Press Enter to begin.

Unlike any other aggregation, PIAF gives you the opportunity to fully configure Asterisk using make menuconfig if you know what you’re doing. For everyone else, type N and then confirm your choice.

Next, you’ll need to choose your Time Zone again for PHP and FreePBX. Don’t worry if yours is missing. A new timezone-setup utility is also available to reconfigure this to any worldwide time zone once the install has completed.

Next, choose your version of FreePBX to install. As we said, we recommend FreePBX 2.11. Note that Incredible PBX 11 requires PIAF-Green and FreePBX 2.11.

Finally, you need to choose a very secure maint password for access to FreePBX using a browser. You can pick your own, or the installer will generate one for you. Don’t forget it.

The installer will give you one last chance to make changes. If everything looks correct, press the Enter key and go have lunch. Be sure you have a working Internet connection to your server before you leave.

In about 30-60 minutes, your server will reboot. You should be able to log in as root again using your root password. Write down the IP address of your server from the status display (above) and verify that everything installed properly. Note that Samba is disabled by default. If you want to use your server with Windows Networking, run configure-samba once your server is up and running and you’ve logged in.

If you’re familiar with Asterisk and FreePBX, then you can take it from here. You now have a fully functioning platform on which to create your latest VoIP masterpiece. If you’re new to all of this, keep reading…

Configuring PBX in a Flash

Most PIAF Configuration is accomplished using the FreePBX Web GUI. Point your browser to the IP address shown in the status display above to display your PIAF Home Page. Click on the Users tab. Click FreePBX Administration. When prompted for your username and password, the username is maint. The password will be the FreePBX master password you chose in the Config Module phase of the PBX in a Flash installation procedure above.

Here’s a quick overview of what needs to happen before you can start making and receiving calls. You’ll need an account with at least one phone number for people to call you (known as a DID), and you’ll need an account to place outbound calls to plain old telephones throughout the world. Our Vitelity DID deal at the bottom of this article is a terrific service, and Vitelity also provides tremendous financial support to both the Nerd Vittles and PBX in a Flash projects. For outbound calling, you also can use Vitelity or choose from the provider recommendations on the PIAF Forum.

You’ll also need a softphone or SIP phone to actually place and receive calls. YATE makes a free softphone for PCs, Macs, and Linux machines so download your favorite and install it on your desktop. Phones connect to extensions in FreePBX to work with PBX in a Flash. Extensions talk to trunks to make and receive calls. FreePBX uses outbound routes to direct outgoing calls from extensions to trunks, and FreePBX uses inbound routes to route incoming calls from trunks to extensions to make the phones actually ring. In a nutshell, that’s how a PBX works. There are lots of bells and whistles that you can explore down the road. FreePBX now has some of the best documentation in the business. Start here.

To get a minimal system functioning to make and receive calls, here’s the 2-minute drill. Create at least one extension with voicemail. Next, configure a trunk to handle your outside calls. Then set up inbound and outbound routes to manage incoming and outgoing calls. Finally, add a telephone or softphone with your extension credentials.

If this sounds like Greek to you, then install Incredible PBX 11. It’s a 5-minute task. Incredible PBX does all the heavy lifting for you by configuring an extension, building dozens of trunks for the major SIP providers, and creating default routes to manage your calls. You also get a terrific collection of utility programs for Asterisk that handle everything from telephone reminders and wakeup calls to weather and news reports. To get started, log into your server as root and issue the following commands. Then jump to the Incredible PBX 11 tutorial and continue your journey there.

cd /root
wget http://incrediblepbx.com/incrediblepbx11.gz
gunzip incrediblepbx11.gz
chmod +x incrediblepbx11
./incrediblepbx11

A Few Words About Security. PBX in a Flash has been engineered to run on a server sitting safely behind a hardware-based firewall with NO port exposure from the Internet. Leave it that way! It’s your wallet and phone bill that are at stake. If you’re running PBX in a Flash in a hosted environment with no hardware-based firewall, then immediately read and heed our setup instructions for Securing Your VoIP in the Cloud Server. DO NOT RUN PBX IN A FLASH IN THE CLOUD WITHOUT INSTALLING AND ACTIVATING THE IPTABLES FIREWALL. HINT: TRAVELIN’ MAN 3 WILL DO THE HEAVY LIFTING FOR YOU. We would encourage you to visit your PIAF Home Page regularly. It’s our primary way of alerting you to security issues which arise. You’ll see them posted (with links) in the RSS Feed shown above. If you prefer, you can subscribe to the PIAF RSS Feed or follow us on Twitter. For late-breaking enhancements, regularly visit the Bug Reporting & Fixes Topic on the PIAF Forum. Enjoy!

Tweet

Originally published: Wednesday, May 28, 2014

---

Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.

---

whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.79 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity. 

---

Some Recent Nerd Vittles Articles of Interest…

#184895346 / gettyimages.com

We’ve devoted a lot of energy to Asterisk security over the years with our Primer on Avoiding the $100,000 Phone Bill and our 20 Failsafe Tips and our SIP Navigation Guide plus numerous tutorials on deployment of Virtual Private Networks to secure your servers and phones including NeoRouter, PPTP, and Easy OpenVPN among others. But, when it comes to ease of installation and use with rock-solid security, nothing comes close to deployment of WhiteLists with the IPtables Linux firewall that’s included at no cost with every major Linux distribution and with all of the Asterisk® aggregations including PBX in a Flash™ and Incredible PBX™. So we’re kicking off the summer with a careful look at the methodology behind IPtables and the Travelin’ Man™ tools developed to reduce the learning curve for new users.

Security, of course, is all about the “bundle of sticks.” As we learned from Aesop’s Fables, the more sticks you bundle together, the more difficult it is to break the stick. We are by no means advocating that you drop all of the other tools at your disposal to improve the security of your Asterisk security. So, before we dive into WhiteLists, let’s spend a little time covering some of the other tools that are available and why those tools should not be relied upon exclusively.

1. Hardware-based Firewall. The PBX in a Flash project has cautioned users for years not to run Asterisk-based servers connected to the Internet without a hardware-based firewall between your server and the public Internet. Is it failsafe? No. Some hardware-based firewalls have been compromised either by the bad guys or by the NSA. Pardon the redundancy. The other problem with hardware-based firewalls is that they’re generally not available with cloud-based solutions. As the price of cloud computing has dropped and the cost and headaches of maintaining your own hardware has increased, more and more folks are considering cloud-based alternatives. Yes. Hardware-based firewalls should be deployed whenever possible. No. They won’t resolve all security concerns.

2. Fail2Ban. Once upon a time, a number of us thought that Fail2Ban was the answer to all security issues with Asterisk-based servers. In a nutshell, Fail2Ban scans your logs searching for failed attempts to log in to either SSH, FTP, Apache, SIP, or an email account. After a small number of failed attempts, Fail2Ban blocks further access from the IP address initiating the requests. There are two problems with Fail2Ban. First, software developers of the affected services continue to “improve” things with new and different error messages when login failures occur. Since Fail2Ban is searching for specific word matches to identify unsuccessful logins, the whole security mechanism fails when the “magic words” change unless everyone is extremely vigilant in maintaining the “magic word” lists AND updating the Fail2Ban rules on all of your servers. Our experience suggests that the bad guys find the new “magic words” long before everyone else which means there are gaping holes in Fail2Ban regularly. The other problem is supercomputers such as Amazon EC2 which makes enormous computing resources available to every Tom, Dick, and Harry. We’re mostly worried about the Dick that can hammer your little server every second with hundreds of thousands of attempts to crack your SIP or SSH passwords. The problem this poses is that most Linux servers never allocate a sufficient time slice to Fail2Ban to scan your Asterisk, Apache, and SendMail logs. Instead of blocking a bad guy after 3 failed login attempts, a bad guy using EC2 may be able to perform several hundred thousand login attempts before Fail2Ban ever detects a problem. Yes. Fail2Ban helps against the bad guy manually keying in passwords. No. Fail2Ban is all but worthless against a sophisticated denial of service attack on your server.

3. Virtual Private Networks. The beauty of virtual private networks (VPNs) is that all of your Internet traffic is encrypted and tunneled through private IP addresses that others can’t intercept. That was the theory until Edward Snowden came along and spoiled the NSA’s party. Yes. We’ve known that PPTP VPNs were vulnerable for a good long while. No. We didn’t know that the NSA (and presumably others) may have had the keys to your castle much longer… regardless of the VPN topology you may be using. The other problem with VPNs is that you need VPN connections for every device connecting to your server. Unfortunately, VPN technology is only available on a small number of SIP telephones, and the supported OpenVPN topology is one of the more difficult VPNs to deploy on a Linux server. Are VPNs better than nothing? Absolutely. Does a VPN provide failsafe communications security over the open Internet? Probably not.

4. Nothing Beats Secure Passwords. Amen. There was a time when some Asterisk-based servers were routinely set up with extension passwords of 1234 or the extension number itself. And outbound SIP trunks were deployed with no dialing rules. And administrators opened accounts with SIP providers with automatic credit card replenishment whenever the accounts ran out of money to cover calls. And no safeguards were put in place to restrict international calling. Little did these folks know that registering to a SIP extension on an Asterisk server provided a blank check for making unlimited calls to anywhere on the planet. Thus was born the $100,000 phone bill. Yes. Nothing Beats Secure Passwords for root, for SIP accounts, and for SIP and IAX trunks connected to commercial providers. But you also need to implement dialing rules for outbound calls that allow your callers to reach only the destinations desired, not the world. And your accounts with providers should always include limits and restrictions on international calls and should never include automatic credit card replenishment.

5. BlackLists. There was a time when blacklisting IP addresses was believed to be the ultimate solution to Internet security problems. Sounds great, doesn’t it? Just set up a database with the IP addresses of all the bad guys in the world, and all our problems will be solved. Problem #1: A new bad guy is born every minute. Problem #2: The bad guys learned how to use VPNs and other random IP address masquerading sites to disguise their true identity. Problem #3: Security vulnerabilities in many Windows-based machines allowed the bad guys to take control of these computers and do their dirty work from there. Problem #4: There are actually some good guys that live in Russia and China. Problem #5: The bad guys learned to poison the “bad guy list” to block essential services such as DNS, Google, Amazon, Netflix, Pandora, and your favorite bank and credit card companies. Yes. The theory of blacklists sounded great. No. Blacklists not only don’t work. They’re downright dangerous.

WhiteLists with IPtables: The Knight in Shining Armor

#165972620 / gettyimages.com

For the past few years, our Internet security focus has turned toward defining a methodology that works with all PBX in a Flash and Incredible PBX servers, whether they’re dedicated servers behind a hardware-based firewall or public on a cloud-based shared host. And the conclusion we’ve reached is that nothing beats the IPtables Linux firewall for rock-solid Internet security. The reason is its deep integration into the Linux kernel itself through Netfilter, “a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack.” Wikipedia provides an excellent overview for those with an interest. For our purposes, suffice it to say that IPtables examines inbound and outbound packets before any further processing occurs on your server. With our default setup, we typically allow all outbound traffic from your server. For inbound traffic, if the iptables rules permit access, the packet comes in for processing. If not, the packet dies at the door with no acknowledgement that it was even received. In laymen’s terms, if someone attempts to scan your server to determine whether web or SIP services are available, there will be no response at all unless packets from the scanning server’s IP address are permitted in the iptables rules configured on your server. You can determine which rules are in force with this command: iptables -nL.

The basic configuration and syntax of iptables rules can be daunting to those unfamiliar with the territory. And thus was born Travelin’ Man 3, our open source tool to simplify configuration of IPtables by allowing administrators to define WhiteList entries describing the types of services that were allowed access to a server from specified external IP addresses. The basic rules of the Travelin’ Man 3 setup for iptables are these: (1) outbound packets are unrestricted, (2) forwarded, established, and related packets are permitted, (3) inbound packets from the private LAN are unrestricted, but (4) inbound packets from the public Internet are dropped unless permitted by a specific iptables rule. Those rules include certain basic services such as time synchronization (TCP 123) as well as WhiteListed IP address entries for specific or generic services.

Installation is easy. Log into your PBX in a Flash as root and issue the following commands. NOTE: Travelin’ Man 3 is optionally available as part of Incredible PBX installs on the CentOS, Scientific Linux, and PIAF OS platforms. It is preinstalled on the Raspberry Pi and BeagleBone Black platforms with RasPBX. You can determine if it’s already installed on your server with this command: ls /root/secure-iptables. If the script exists, you’ve already got Travelin’ Man installed, but it may not be running so keep reading…

cd /root
wget http://incrediblepbx.com/travelinman3.tar.gz
tar zxvf travelinman3.tar.gz
yum -y install bind-utils
./secure-iptables


Because PBX in a Flash and Incredible PBX servers are primarily designed to support telephony, Travelin’ Man 3 further simplifies the iptables setup by whitelisting the IP addresses of a number of the leading VoIP providers. These include Vitelity (outbound1.vitelity.net and inbound1.vitelity.net), Google Voice (talk.google.com), VoIP.ms (city.voip.ms), DIDforsale (209.216.2.211), CallCentric (callcentric.com), and also VoIPStreet.com (chi-out.voipstreet.com plus chi-in.voipstreet.com), Les.net (did.voip.les.net), Future-Nine, AxVoice (magnum.axvoice.com), SIP2SIP (proxy.sipthor.net), VoIPMyWay (sip.voipwelcome.com), Obivoice/Vestalink (sms.intelafone.com), Teliax, and IPkall. For the complete list: cat /etc/sysconfig/iptables (CentOS) or cat /etc/network/iptables (RasPBX).

The real beauty of Travelin’ Man 3 is you aren’t limited to our WhiteList. You can add your own entries easily using the TM3 scripts that are included in the /root directory. secure-iptables initializes your iptables setup and also lets you define a primary IP address or fully-qualified domain name (FQDN) that will always have access to your server. You must run this script at least once to activate IPtables on all platforms!

Once you have run secure-iptables, you can whitelist additional IP addresses by running add-ip. You can whitelist additional FQDNs by running add-fqdn. You can delete either IP addresses or FQDNs by running del-acct. As noted previously, you can check what’s authorized with the command: iptables -nL.

We’ve also included a custom script to restart IPtables gracefully: iptables-restart. The reason is because using the traditional restarting mechanism in IPtables will leave your server vulnerable (and IPtables inoperative) if a particular FQDN cannot be resolved. The iptables-restart script takes another approach and removes the offending rule from your whitelist, alerts you to the problem, and then restarts iptables without the offending entry. So all existing rules are put back in place and function as you would expect.

Finally, Travelin’ Man 3 includes a script that allows you to utilize FQDNs for users that may have ever-changing dynamic IP addresses. Steps #4, #5, and #6 in the original Travelin’ Man 3 tutorial will walk you through the Administrator set up which only takes a minute or two and never has to be touched again. Basically, a cron job script is employed to check for changes in the dynamic IP addresses you have identified with FQDNs. If changes are found, IPtables is restarted which updates the IP addresses accordingly.

Unfortunately, there was one group of end-users that weren’t covered by the Travelin’ Man 3 setup. This group included traveling salespeople or vacationing individuals that may land in a different city every night. Rather than relying upon an administrator to provide access to home base, these frequent travelers needed their own tool to manage their IP address as it changed. While this was supported through a web interface in Travelin’ Man 2, that setup exposed your web server to the public Internet and was burdensome for administrators to initially configure. Most importantly, it didn’t manage remote IP address access using IPtables which made coexistence with TM3 difficult. Thus was born Travelin’ Man 4.

Introducing Travelin’ Man 4: Managing WhiteList Access by Telephone

Travelin’ Man 4 is a new add-on for an existing Travelin’ Man 3 setup. It’s for those that wish to allow traveling individuals to manage their own whitelist access to PBX in a Flash or Incredible PBX using a telephone. An Administrator preconfigures accounts and passwords for the travelers together with the services to which they will have access on the server. Using any cellphone or hotel phone, the traveler simply dials a preconfigured number to access an IVR that will prompt the user for an account number and PIN. Unless you have a spare DID, you can grab a free one from IPkall.com to use with your Travelin’ Man 4 IVR. Once a user is successfully logged in, the IVR will prompt for the user’s IP address to be whitelisted on the server. Enter it using this format: 12*34*56*78.

Within a couple minutes, the new IP address will be properly formatted and then whitelisted in IPtables, and the traveler will be sent an email acknowledging that the account has been activated. Once the account is activated, the traveler can use a SIP softphone application such as Zoiper on any iPhone or Android phone or a softphone on any desktop computer to place and receive calls as well as to check voicemail on the remote PBX in a Flash server. For anyone that doesn’t know their current IP address, a quick visit to WhatIsMyIP.com will tell you. Travelin’ Man 4 is licensed under GPL2 so download a free copy. Then read the tutorial and give it a whirl. Enjoy!

Tweet

Originally published: Wednesday, May 21, 2014

---

Need help with Asterisk? Visit the PBX in a Flash Forum.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest…

If making phone calls from a web browser is what you’ve always longed for, then you’re in good company with Google and its future direction in the telephony space. Call us old fashioned but this strikes us as a solution in desperate need of a problem. What’s wrong with a Plain Old Telephone or a smartphone for making connections with friends and business associates? The real head scratcher is the fact that the WebRTC and Hangouts push demonstrates that the wizards at Google are seriously out of touch with the next generation. Will our 14-year-old daughter use Skype or Hangouts or FaceTime? Sure. About once a month to chat with Grandma or to interact with cousins scattered around the country, it’s a terrific option. And the same is true in the business community. When you need to collaborate with a half dozen colleagues, conferencing applications are invaluable. But to meet 95% of day in and day out business requirements, a telephone or smartphone is the clear device of choice. So join us today in celebrating the end of Google Voice XMPP service and the beginning of a new and even more exciting VoIP era… sans Google.

#470660911 / gettyimages.com

Of course, if it were up to the next generation, telephone calls might completely disappear in favor of text messaging, Snapchat, Instagram, and any other platform that includes recorded photos or videos. Note the subtle difference. Kids really are not interested in live video interaction. They find posed images that tell a story much more appealing. Why? Because recorded photos and videos let users present their best face, their movie star pose, and their expression of what they want others to perceive they’re really like. In short, live video is too much like real life. Our conclusion for those targeting the next generation is you’d better come up with something better and quite different than Skype, Hangouts, and FaceTime.

It’s Fixed-Mobile Convergence, Stupid!

Now let’s return to our primary focus for today, the current business community. Suffice it to say, there are a dwindling number of what we used to call “desk jobs” where an employee arrives at his or her desk at 9 a.m. and leaves at 5 p.m. As more and more jobs are headed off shore, the telephone and smartphone have replaced the corporate desk as the most indispensable corporate fixture. Particularly in the American marketplace, what we see with most businesses is a management layer and an (upwardly) mobile force of salespeople, consultants, and implementers that interact primarily through PBXs in an office headquarters or home office together with smartphones for those that generally are on the road. Many of these Road Warriors don’t even have a home phone any longer.

#185230942 / gettyimages.com

The telephony Holy Grail for this new business model is Fixed-Mobile Convergence (FMC). It’s the ability to transparently move from place to place while retaining your corporate identity. Every employee from the night watchman in Miami to the salesperson making calls from a Starbucks in California to the CEO in New York has an extension on a PBX in the cloud together with the ability to accept and place calls using the company’s CallerID name and number, transfer calls, and participate in conference calls regardless of whether the phone instrument happens to be a desktop phone or a smartphone. Is this even possible? Well, as of last week, the answer is ABSOLUTELY.

Vitelity has been a long-time corporate sponsor of both the Nerd Vittles and PBX in a Flash open source projects so we were thrilled when we were offered a free, Samsung Galaxy S III to try out the new (live) vMobile service that took Best in Show honors at ITEXPO Miami in January. As Vitelity’s Chris Brown would probably tell you, it’s one thing to demonstrate a new technology at a trade show and quite another to bring it into production. But Vitelity did it:

What we want to stress up front is that we’ve received no special treatment in getting this to work. We received the phone, opened a support ticket to register the phone on Vitelity’s vMobile network, and plugged our new credentials into the phone so that it could be integrated into our PBX in a Flash server. Once the smartphone became an extension on our PBX, we could place calls through our PBX with the S3 using both WiFi and Sprint 3G/4G service. Switching between WiFi and cellular is totally transparent. The CallerID for all outbound calls was our standard PBX CallerID. We also could place calls to other extensions on the PBX by dialing a 4-digit extension while connected to WiFi or the Sprint network virtually anywhere. If you have 3-digit extensions, those are a problem over the Sprint network but we’ll show you a little trick to get them working as well.

Keep in mind that every call from the S3 goes out through the PBX just as if you were using a standard desktop phone as a hardwired extension. And it really doesn’t matter whether the S3 has a WiFi connection or a pure cellular connection on Sprint’s network. You receive calls on the S3 in much the same way. It’s just another extension on your PBX. If you want to add it to a ring group to process incoming calls, that works. If other users on your PBX wish to call the S3 directly using the extension number, that works as well. If you want to transfer a call, pressing ## on the S3 initiates the transfer just as if you were using a phone on your desk. When we say transparent convergence, we really do mean transparent. No recipient of a call from the vMobile S3 would have any idea whether you were sitting at a desk in the corporate headquarters in New York or in a seat on a Delta jet after landing in San Francisco. Both the call quality and the corporate CallerID would be identical. And your secretary on maternity leave at Grandma’s house still could reach you using her vMobile S3 by simply dialing your corporate extension.

So that’s the Fortune 500 view of the new VoIP universe. How about the little guy with a $15 a month PBX in a Flash server in the RentPBX cloud¹, a couple mobile sales people, and a handful of construction workers that build swimming pools for a living? It works identically. Each has an S3 connected as an extension on the PIAF cloud server. And calls can be managed in exactly the same way they would be handled if everyone were sitting side-by-side at desks in an office headquarters somewhere. The silver lining of cloud computing is that it serves as the Great Equalizer between SOHO businesses and Fortune 500 companies. Asterisk® paired with inexpensive cloud hosting services such as RentPBX lets you mimic the Big Boys for pennies on the dollar. We think Vitelity has hit a bases loaded, home run with vMobile.

vMobile Pricing

We know what you’re thinking. “Since you got yours for free, what does it really cost??” The Galaxy S3 (or S4) is proprietary running Trebuchet 1.0, a (rooted) CyanogenMod version of Android’s KitKat. You can purchase these devices directly from the Vitelity Store. Currently, you can’t bring your own device. The refurbished S3 is $189 including warranty. Works perfectly! That’s what we’re using. Next, you’ll need a vMobile account for each phone. Unless you’re a Nerd Vittles reader, it’s $9.95 per month. That gets you free WiFi calling and data usage anywhere you can find an available WiFi hotspot. And text messaging is free. For calls and data using Sprint’s nationwide network, the calls are 2¢ a minute and the data is 2¢ per megabyte ($20 per gigabyte). For us, a typical day of data usage with an email account and light web use costs about a quarter. YMMV! So long as you configure Android to download application updates when connected to WiFi, data usage should not be a problem unless you’re into photos and streaming video. Android includes excellent tools for monitoring and even curbing your data usage if this is a concern.

vMobile Gotchas

Before we walk you through the setup process, let’s cover the gotchas. The list is short. First, we don’t recommend connecting vMobile devices to a PBX sitting behind a NAT-based firewall, or you may end up with some calls missing audio. The reason is NAT and quirky residential routers. If you think about it, when your S3 is inside the firewall and connected to WiFi, it will have an IP address on your private LAN just like your Asterisk server. When your S3 is outside your firewall on either a cellular connection or someone else’s WiFi network, it will have an IP address that is not on your private LAN. Others may be smarter than we are, but we couldn’t figure a way to have connections work reliably in both scenarios using most residential routers. You can configure your S3′s PBX extension for NAT=No or NAT=yes, but you can’t tell Asterisk how to change it depending upon where you are. One simple solution is to deploy these phones with a VPN connection to your Asterisk server sitting behind a NAT-based firewall. The more reliable solution is to build your PBX in a Flash server in the cloud with no NAT-based firewall. Then use an IPtables WhiteList (aka Travelin’ Man 3) to protect your server. From there, you can either interconnect the cloud-based server with a second PBX behind your firewall, or you can dispense with the local PBX entirely. Either way will eliminate the NAT issues with missing audio. In both cases, use NAT=yes for the vMobile extension.

Another wrinkle involves text messaging. Traditional text messages work fine; however, MMS still is problematic unless you initiate the outbound MMS session with the other recipient. It’s probably worth noting that Google Voice never got MMS working at all despite years of promises. This wasn’t a deal breaker for us, but it’s a bug that still is being worked on.

Finally, there’s Sprint. You either love ‘em or hate ‘em. We really haven’t used Sprint service in about eight years. In the Charleston area, the barely 3G service still is just as lousy as it was eight years ago. But, if you live in an area with good Sprint coverage and performance, this shouldn’t be an issue for you. And vMobile works fine in Charleston. You just won’t be surfing the web very often unless you have hours to kill… waiting. Additionally, dialing numbers with less than 4 numbers is a non-starter with Sprint, but we’ll show you a simple workaround to reach 3-digit local extensions from your vMobile device below.

With a service as revolutionary as vMobile with Sprint’s new FMC architecture, we can’t help thinking there may be other cellular carriers with an interest in deploying this technology sooner rather than later. But, given the vMobile feature set, Sprint is good enough for now especially when WiFi connectivity is available almost everywhere.

vMobile Configuration at Vitelity

For the Vitelity side of the setup, you first configure your smartphone using the (included) My Phone app. When the application is run, your cellphone number will be shown. Tapping the display about a dozen times will cause the phone’s setup to be reconfigured. Vitelity will provide you the secret key to activate your account. Next, you’ll log into the Vitelity portal and choose vMobile -> My Devices under My Products and Services. The account for your vMobile device will already exist. Clicking on the pull-down menu beside your vMobile device will let you create your SIP account on Vitelity’s server. Enter the IP address or FQDN of your Asterisk server and set up a very secure password. Your username will be the 10-digit phone number assigned to your vMobile phone. Save your settings and then choose the Edit option to view your setup. The portal will display your Username, Password, and FreePBX/Asterisk Connect Host name. Write them down for use when you configure your new extension using FreePBX®.

vMobile Configuration for Asterisk and PBX in a Flash

On the PBX in a Flash server, use a browser to open FreePBX. Choose Applications -> Extensions and add a new generic SIP device. For Display Name and User Extension, enter the 10-digit phone number assigned to your vMobile device. Under Secret, enter the password you assigned in Vitelity’s vMobile portal. Click Submit and reload FreePBX when prompted. Then edit the extension you just created. Set NAT=yes and change the Host entry from dynamic to the FQDN entry that was shown in Vitelity’s vMobile portal, e.g. 7209876542.mobilet103.sipclient.org. Update your configuration and restart FreePBX once again. Finally, from the Linux command prompt, restart Asterisk: amportal restart. If you’re using a WhiteList with IPtables such as Travelin’ Man 3, be sure to add a new WhiteList entry for your vMobile Host entry. Finally, add your vMobile extension to any desired Inbound Routes to make certain your vMobile device rings when desired.

You now should be able to place and receive calls on your vMobile device. If you want to be able to call 3-digit Asterisk extensions on both WiFi and while roaming on the Sprint cellular network, then you’ll need to add a little dialplan code since Sprint reserves 3-digit numbers for emergency services and will reject other calls with numbers of less than 4 digits. Here’s the simple fix. Always dial 3-digit extensions with a leading 0, e.g. 0701 to reach extension 701. We’ll strip off the leading zero before routing the call. The dialplan code below works whether you’re calling a local 3-digit extension or a 3-digit extension on an interconnected remote Asterisk server. Simply edit extensions_custom.conf in /etc/asterisk and insert the following code at the top of the [from-internal-custom] context. Then restart Asterisk: amportal restart. Note that we’ve set this up so that, if you have an extension 701 on both the local server and a remote server, the call will be connected to the local 701 extension. If you have different extension prefixes for different branch offices (e.g. 7XX in Atlanta and 8XX in Dallas), then this dialplan code will route the calls properly assuming you’ve configured an outbound route with the appropriate dial pattern for each branch office.

exten => _0XXX,1,Answer
exten => _0XXX,n,Wait(1)
exten => _0XXX,n,Set(NUM2CALL=${CALLERID(dnid):1})
exten => _0XXX,n,Dial(sip/${NUM2CALL})
exten => _0XXX,n,Dial(local/${NUM2CALL}@from-internal)
exten => _0XXX,n,Hangup


Vitelity vMobile Special for Nerd Vittles Readers

Now for the icing on the cake… We asked Vitelity if they would consider offering special pricing to Nerd Vittles readers and PBX in a Flash users. We’re pleased to report that Vitelity agreed. By using this special link when you sign up, the vMobile monthly fee will be $8.99 instead of $9.95. In addition, your first month is free with no activation fee. We told you last week that there was a very good reason for choosing Vitelity as your SIP provider. Now you know why.

And, if you’re new to Cloud Computing, take advantage of the RentPBX special for Nerd Vittles readers. $15 a month gets you your very own PBX in a Flash server in the Cloud. Just use this coupon code: PIAF2012. Enjoy!

Tweet

Originally published: Thursday, May 15, 2014

---

---

Need help with Asterisk? Visit the PBX in a Flash Forum.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest…

1. RentPBX also is a corporate sponsor of the Nerd Vittles and PBX in a Flash projects. [↩]

You don’t have to be a soothsayer to appreciate what’s about to happen in the VoIP community. In just two weeks, millions of telephones in the United States are about to go silent. Let’s begin with what we know and don’t know about Google Voice and Google’s May 15 deadline. Google has made it crystal clear that XMPP connectivity to Google Voice is going away on May 15. What that means is that inbound and outbound calling using an XMPP connection to Google Voice will no longer work, period. And the platform really doesn’t matter. That includes Asterisk, FreePBX, FreeSwitch, Yate, and GrooVe IP as well as hardware ATAs such has ObiHai devices. Why? The short answer is because Google says so, and they are/were paying the bills. The longer answer is that companies such as Microsoft and Apple that have proprietary communications platforms were not reciprocating with free connectivity to their services in the same way that Google was providing XMPP service. Another probable reason is that Google was taking a financial bath on Google Voice services which were being abused by many commercial organizations. Reportedly, as many as three to five million DIDs have been handed out as part of the Google Voice project with very little return on investment.



Some have suggested this is just another tempest in a teapot like Y2K. After all, Y2K came and went without many catastrophes. The difference is that businesses spent hundreds of millions of dollars preparing for Y2K to make certain there were no train wrecks. With Google Voice, many individuals have taken the ostrich approach with their heads buried in the sand pretending things are just going to work out. Without some effort on the part of those still using Google Voice, May 15 will be their Julius Caesar moment.

What to Do? One school of thought is that the “old fashioned” Google Voice connections using Python which simulated a web call with Google Chat will still function. If receiving and placing calls using your existing Google Voice numbers matters to you, take the opinions of these self-proclaimed experts with a grain of salt. Here’s what you need to appreciate. First, nobody outside of Google actually knows whether the Python approach will continue to function or not. Second, even if it works on May 15, nothing would preclude Google from making “adjustments” at any time that would disable this functionality. They’ve done it before. They can do it again. And Google has made it abundantly clear that they’re putting an end to the free gravy train. Third, it doesn’t take a rocket scientist to deduce that PSTN call forwarding using Google Voice may be the next axe to fall. This probably won’t happen on May 15, but who knows. Finally, should you decide to go down this road, be aware that it is a major coding project regardless of your platform. But, if this is the road you wish to travel, you can find some tips on making the transition here. You’ve been warned.

The Smarter Approach. Our recommendations today are limited to those in the United States. Our apologies, but that’s two-thirds of our readership and roughly 95% of those that currently rely upon Google Voice. The same recommendations apply to those in Europe and South America and the Far East if calls to destinations in the U.S. are a major part of your VoIP traffic. What do we recommend? First, become VoIP savvy! The provider you use for outbound calls need not be the provider you use for incoming calls. Not putting all your eggs in one basket is a very good idea in the VoIP world.

Call us Chicken Little if you must, but Outbound Calling with Google Voice is going away on May 15. So, in the next two weeks, you definitely need to come up with an alternative for call terminations in the U.S./Canada market. We think you have two options: purchase an all-you-can-eat plan that includes sufficient outbound calling minutes to meet your existing requirements. Or you can select a provider that offers pay by the minute service for all of your outbound calls. One advantage with most of the pay-by-the-minute providers is that you can set your CallerID as desired. Don’t be misled by the all-you-can-eat claims. Every VoIP provider imposes some sort of cap on outbound calling even if their plan is advertised as “unlimited.” If your outbound calling minutes exceed 2000-3000 minutes a month, you’re going to be looking for a new provider within weeks because every provider that we know will drop you like a hot potato when you are no longer profitable in their business model. The other gotcha is that most, if not all, of the all-you-can-eat plans are restricted to residential (non-business) use.

Full Disclosure: We have a favorite all-you-can-eat provider (Vestalink) and a favorite pay-as-you-go provider (Vitelity), and both of them provide some financial support to the Nerd Vittles and PBX in a Flash projects; however, both were our favorites before they provided any support to our projects.

All-You-Can-Eat Calling Plans. We continue to like Vestalink (formerly Obivoice) even though their prices have increased since the release of our original article. That’s actually a good thing. There was no way they could have stayed in business with their original pricing model. On a new 2-year plan with unlimited U.S./Canada inbound AND outbound calls, E911 service, and a free DID in your choice of area codes, the current rate for 24 months is $89.99 which works out to roughly $3.50 a month. The service comes with a 30-day money-back guarantee.

Another option which we previously have covered is a hardware device such as the netTALK Duo. With an upfront $100 hardware investment, you get the same features as Vestalink for $30 a year which works out to less than 10¢ a day. With both services, you have the option of porting your existing Google Voice number for a one-time fee. With Vestalink, you also have the option of spoofing your outbound CallerID number with your existing Google Voice number once it is verified as belonging to you. We prefer the latter approach at least until Google gives some hint that their call forwarding of incoming Google Voice calls is going away. Both services are bargains in our view. But, as we noted, for residential service we still prefer the pure VoIP solution provided by Vestalink.

Pay-As-You-Go Call Terminations. Most of the reputable pay-by-the-minute providers charge between 1¢ and 2¢ a minute for outbound calls with charges billed in 6 to 10-second increments. Unless you make an enormous number of lengthy calls, these rates are a bargain. Vitelity remains our favorite provider primarily because of the flexibility their service offers in setting up multiple sub-accounts for use with Asterisk or FreeSwitch. A sign-up link with a 50% discount on most DIDs is provided here and at the end of this article. We appreciate your support of our VoIP projects!!

While it is not yet officially available, the most compelling reason to switch to Vitelity is vMobile, a new $9.99/month cellphone plan that will integrate your Vitelity cellphone (actually a Samsung Galaxy S III) directly into your Asterisk setup. What that means is calls to extensions on your Asterisk server will also ring on your cellphone. And your cellphone functions exactly like any other extension on your Asterisk server whether you’re operating on 3G, 4G, or LTE networks as well as on WiFi at your home or office. You’ll be able to park calls, transfer calls, set up call monitoring, conferencing, and recording just as if you were on a standard VoIP phone in your home or office. And you can’t beat the price. Inbound and outbound calls on WiFi are totally free. Calls received or placed over what appears to be Sprint’s nationwide network are 2¢ a minute, about the same cost as pure VoIP calls.

For pay-by-the-minute terminations, we always recommend you set up accounts with multiple providers. Then, by setting multiple trunk sequences in your outbound routes, you’ll always have successful calls even when a particular provider happens to have an outage. Other than perhaps a small deposit, redundancy costs you nothing since you only pay for calls that you actually place through each provider. For a current list of our favorite termination providers in both the U.S. and Canada, see this thread on the PIAF Forum.

Handling Incoming VoIP Calls. Here’s the bottom line. The one thing you don’t want to do is risk losing your phone number because of the Google Voice train wreck. We have noticed a dramatic difference in call reliability for incoming calls over the past few months. Perhaps it’s an upstream provider problem… and perhaps not. Whatever the reason, get your phone numbers ported out of Google Voice as quickly as you can. It doesn’t have to be in the next two weeks, but you are well advised to begin the porting process soon. The Nerd Vittles Vitelity link will get you a monthly rate of $3.95 for a Tier A DID with unlimited incoming calls each month and automatic server failover. There are a few less expensive DID providers but, when it comes to our phone number, we’ve always wanted a provider with rock-solid reliability, flexibility, and a proven track record. Vitelity meets those requirements in spades. As we noted at the outset, the other advantage in separating out your inbound and outbound trunks is that, when service gets disrupted (and it happens to the best of providers), you’re not completely dead in the water.

For the short term, so long as you have an existing DID in the U.S. or Canada, you can forward your incoming Google Voice calls to that DID by simply adding it as a call forwarding destination in your Google Voice profile. We also recommend adding your cellphone as an additional call forwarding destination. Finally, be sure to disable the Google Chat option in your Google Voice setup and remove the Google Voice trunk in your FreePBX Google Voice/Motif setup. Good luck!

Tweet

Originally published: Thursday, May 1, 2014

---

Need help with Asterisk? Visit the PBX in a Flash Forum.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest…

After a week of testing, we’re taking a second look at Digital Ocean, a terrific cloud platform for experimenting with VoIP. Our initial testing was performed during a week that many folks were on Spring Break. After Easter weekend, our own testing suggested a very different level of performance. That warranted a more sober reevaluation in our judgment. Before we get to the specifics, let us emphatically stress that we do not recommend Digital Ocean as a long-term, cloud-based VoIP solution because of some mixed reviews on overall service reliability. Go here for details. Our own testing confirms that performance can be problematic because of what looks to be server capacity issues. To their credit, Digital Ocean provides bleeding edge technology which is regularly updated. But, if rock-solid platform stability and reliable performance are your primary requirements, there is no finer service than RentPBX, a long-time supporter and contributor to the PBX in a Flash project. With the PIAF2012 coupon code, your first turnkey PBX in the cloud is still $15 a month with server locations throughout the world. The cost difference is negligible if the quality of your phone calls actually matter to you. RentPBX has a proven record as an extremely reliable provider. And, if your business depends upon reliable VoIP technology, RentPBX remains one of the best bargains on the planet.

For today, we’re exploring Digital Ocean which we believe offers a good platform for learning about Asterisk® and VoIP because of its flexibility in creating and deleting virtual machines in the cloud environment. As you can see from the screenshot above, the base Digital Ocean offering appears to be ideal as a cloud-based Asterisk server. The 512MB memory option with 20GB of SSD storage and a terabyte of monthly bandwidth costs $5 a month. You actually pay $0.007 an hour until you reach the $5 monthly cap. Unfortunately, depending upon server load, performance can be hit and miss.

Digital Ocean calls their images droplets, and you’ll have to pardon us for using the terms interchangeably. The bottom line is we were able to create a PBX in a Flash server with Incredible PBX 11 running atop CentOS 6.5 in less than an hour. And we played with it for another hour. See below for the total cost. Note that the meter continues to run with your droplets until you physically Destroy them from the Digital Ocean Control Panel. What our initial testing did not reveal was that at busy times of the day the droplet creation process can vary from almost instantaneous to a couple of hours.

Getting Started. Let’s walk through the entire process of creating a PBX in a Flash server and adding Incredible PBX 11 using a Digital Ocean droplet, and we’ll assume you hit a Digital Ocean server on a good day. First, you’ll need an account. You can sign up with our referral code and provide a little financial support to the Nerd Vittles project. That doesn’t cost you a dime. Here’s the link. As part of the sign up procedure, you’ll be prompted to enter a coupon code. SSDMAY10 will get you a $10 credit if you hurry. You still need to add at least $5 to your account either using a credit card or PayPal. We strongly recommend that you start with a minimal investment to make certain that Digital Ocean’s performance will meet your requirements. Test it regularly during your free trial period.

Once you’re registered, you can create your first Droplet by clicking on Droplets in the Digital Ocean Control Panel and then clicking the Create Droplet button. You’ll be prompted for a Hostname, the size Droplet you wish to create, the Region for your cloud-based server, and the Image Type for your server. We used PIAF512 for the hostname. The 512MB memory droplet will work just fine for experimentation. Choose a region that’s close to the provider you wish to use for VoIP calls. For the image type, choose a CentOS 6.5 32-bit server. In the Settings, leave Enable VirtIO checked and skip the Private Networking and Enable Backups options for the time being. Click Create Droplet to initiate the droplet build process which takes under a minute. Your new Droplet credentials will be emailed to you when the procedure is complete.

Installing PBX in a Flash. At this point, you have the option of logging into the Droplet from the Digital Ocean Control Panel, or you can use SSH to log in as root using the IP address provided in your Droplet creation email. Once you’ve logged in, issue the following command to set up your new server for the PIAF3 installer:
yum -y install wget nano

Now you’re ready to kick off the PBX in a Flash 3 installation. Here are the commands:
cd /root
wget http://pbxinaflash.com/piaf3-install.tar.gz
tar zxvf piaf3-install.tar.gz
./piaf3-install


The server will whir away for about 5 minutes (on a good day) configuring a CentOS superset of over 500 additional RPMs to support PBX in a Flash 3. When the setup is complete, your droplet will reboot. Count to 30 and then log back in as root and choose option A to install PBX in a Flash. Then choose PIAF from the menu of choices. Accept the license agreement and select PIAF-Green as your desired flavor. This gets you the latest Asterisk 11 release. When the Configuration Wizard loads, choose N to avoid loading Make MenuConfig for customization of Asterisk. Confirm your choice. At Step 2, choose your Time Zone and confirm your choice. At Step 3, choose FreePBX® 2.11 as your GUI and confirm your choice. At Step 4, create a master password for GUI and utility access. Tap Enter to confirm all of your selections one final time. Then take a coffee break. Depending upon server load, you’ll have a shiny new PBX in a Flash 3 server with CentOS 6.5, Asterisk 11, and FreePBX 2.11 in either 30 minutes (on a good day) or a couple of hours (on a not-so-good time of day).

Installing Incredible PBX 11. Once your server has rebooted following completion of the PIAF install, you’re ready to install Incredible PBX 11. This gets you dozens of preconfigured applications for Asterisk as well as a base configuration of FreePBX. You’ll still need to add a VoIP trunk to handle incoming and outgoing calls as well as configuring a phone to use your extension 701 credentials. Log back into your server and issue the following commands to install Incredible PBX 11:
wget http://incrediblepbx.com/incrediblepbx11.gz
gunzip incrediblepbx11.gz
chmod +x incrediblepbx11
./incrediblepbx11


You can complete the configuration of your server using the FreePBX GUI. Using a browser, visit the IP address of your server. Click the Users button to display the PIAF Admin Control Panel. Then click the FreePBX option. Log in with username maint and the maint password you created above. Sign up for VoIP service with your favorite VoIP provider. Then create a trunk for that provider or edit and enable one of the preconfigured trunks that’s included in Incredible PBX. Download a softphone to your desktop and configure it using the credentials provided for the 701 extension in FreePBX. Then you’re ready to make your first call. See last week’s Nerd Vittles article for complete details.

Tweet

Originally published: Thursday, April 17, 2014    Second Look: Wednesday, April 23, 2014

---

Need help with Asterisk? Visit the PBX in a Flash Forum.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest…

With the release of version 3 of PBX in a Flash™, it seemed only fitting to reintroduce our one-click wonder that takes advantage of the latest and greatest feature sets in both Asterisk® 11 and FreePBX® 2.11. Incredible PBX™ 11 gives you the best of all worlds plus all of the very best, preconfigured Asterisk applications we could find. And the installer together with all of the apps are pure open source so you can learn how to build a system like this for yourself if that happens to be your thing.

You’ll need two components to get started: a CentOS 6.5-compatible operating system and the latest PIAF-Green which includes Asterisk® 11 and FreePBX® 2.11. Once you have these components in place and before you make any additions to your server, download and run the Incredible PBX 11 installer. If you wish to add fax support, run the Incredible Fax 11 installer. It’s easy enough for a fifth grader! Five minutes later you’re ready to begin the VoIP adventure. It’s FREE!

News Flash: Incredible PBX 11 and Incredible Fax also are available for the $35 Raspberry Pi and BeagleBone Black.

So what’s included? Dozens of upgraded Asterisk Apps. 9-Layer Security. 20 Preconfigured VoIP Provider Trunks. One-Click Installers for Asterisk.everything. Certified Asterisk support. Google Voice connectivity with Asterisk Motif until May 15. (HINT: It’s time to start looking elsewhere!) Voice-enabled SMS messaging and script-based SMS message blasting. Incredible PBX Automatic Updates. And Incredible Fax™ 11 delivers free faxing with HylaFax™ and AvantFax®. Both the Incredible PBX and Incredible Fax installers now are GPL2-licensed so add all the tweaks you like. And you’re licensed to use our trademarks so long as you retain the original functionality of the Incredible PBX and Incredible Fax collection of applications.

The Incredible PBX 11 Inventory. For those that have never heard of The Incredible PBX, here’s the current 11.9 feature set in addition to the base install of PBX in a Flash with a CentOS 6.5-compatible OS, Asterisk 11, FreePBX 2.11, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Incredible Fax, NeoRouter and PPTP VPNs, and all sorts of backup solutions are still just one command away and may be installed using the scripts included with Incredible PBX 11 and PBX in a Flash. Type help-pbx and browse /root for dozens of one-click installation scripts.

• AsteriDex
• CallerID Superfecta (FreePBX Module adds Names to CID Numbers)
• CallWho for Asterisk (Dial 411)
• Digium Phone Support (install-digiphones)
• Preconfigured Email That Works with SendMail and Incredible Fax
• OSS Endpoint Manager
• Extensions (1 preconfigured with random password)
• Festival Server and Festival TTS for Asterisk (festival –server &)
• Flite TTS for Asterisk
• FreePBX Backups
• Google Dictionary by Phone (Dial 333)
• Google News by Phone (Dial 951)
• Google Stocks by Phone (Dial 950)
• Google Voice (FreePBX GV/Motif Module)
• Hotel-Style Wakeup Calls (FreePBX Module)
• Incredible Backups… and Restores (install-incredbackup2)
• ISN: FreeNum SIP Calling from Any Phone
• MeetMe Conference Bridge (just dial C-O-N-F)
• Mondo Full System Backups (install-diskbackup)
• Incredible Fax 11 (/root/incrediblefax11.sh)
• Incremental Daily Backups (install-dailybackup)
• Munin Reports (install-munin)
• NeoRouter VPN Client (nrclientcmd)
• NewsClips from Yahoo
• ODBC Database Support (Dial 222, 223)
• OpenFire Instant Messaging & Chat Server (install-openfire)
• New PBX in a Flash Registry (show-registry)
• PPTP VPN for PIAF (/root/install-pptp)
• Reminders by Phone and Web
• SAMBA Windows Networking (configure-samba)
• SMS Dictator with Google Voice (Dial S-M-S)
• Speech-to-Text Directory Assistance (Dial 411)
• Stealth AutoAttendant
• TFTP Server (setup-tftp)
• Tide Reports with xTide (Dial T-I-D-E)
• Travelin’ Man 2 & 3 (Secure, remote access)
• Trunks (Vitelity, Gtalk, SIPgate, IPkall, VoIP.ms, and more)
• Weather by ZIP Code
• Worldwide Weather by Phone (Dial 949)
• Wolfram Alpha by Phone (/root/wolfram)

And then there’s the Incredible Freebie! As they say, “Never look a gift horse in the mouth.” What began as a kludgey, dual-call, dual-provider Google Voice implementation to take advantage of Google’s free PSTN calling in the U.S. and Canada with Asterisk 1.4 and 1.6 is now a zippy-quick, Gtalk-based calling platform that rivals the best SIP-to-SIP calls on the planet. The Incredible PBX Google Voice implementation provides virtually instantaneous PSTN connections to almost anybody, anywhere. Trust us! Except for the price which is still free, you’ll never know you weren’t connected via Ma Bell’s overpriced long-distance lines and neither will the Little Mrs.

Creating the Base Linux Platform for PBX in a Flash

We’re not doing anything special here. In fact, you can build your base Linux platform for PBX in a Flash on a standalone server, on a virtual machine of your choice, or in the cloud using a provider such as Amazon or RentPBX. You can use CentOS 6.5, Scientific Linux 6.5, or the PIAF 6.5 OS. The easiest way is documented here because the ISO is the smallest to download and install. The results will be the same with the other Linux OS flavors documented above.

Start by downloading the 32-bit or 64-bit CentOS 6.5 minimal install ISO. You can do exactly the same thing using Scientific Linux if you prefer. The PIAF 3.6.5 OS images and torrents for VirtualBox are available on SourceForge. With the ISOs, go through the usual drill of preparing an installer from the ISO. Burn the ISO to a USB Thumb Drive or a CD/DVD using a Mac or Windows machine. With VirtualBox .ova images, you can build a virtual machine in under 2 minutes. So pick your favorite methodology and create your Linux platform on the hardware of your choice. If you want your drive partitions configured without LVM in the standard PIAF2 methodology, follow this tutorial.

IMPORTANT NOTE: Neither CentOS nor Scientific Linux installs with network connectivity enabled. This is one of the primary reasons that we previously have customized CentOS for use with PBX in a Flash. After performing a minimal OS install, log in as root and issue the following commands to prepare your server for PBX in a Flash:

sed -i 's|no|yes|' /etc/sysconfig/network-scripts/ifcfg-eth0
ifup eth0
yum -y install wget nano


Creating a PBX in a Flash 3.6.5 Server

Now you’re ready to install PIAF-Green with Asterisk 11 and FreePBX 2.11. Just download the PIAF3 Installer and run it. It works exactly as it always has. The installer is plain text so feel free to customize it to meet your own requirements. If you need the complete PIAF installation tutorial, jump to this link.

cd /root
wget http://pbxinaflash.com/piaf3-install.tar.gz
tar zxvf piaf3-install.tar.gz
./piaf3-install


Installing Incredible PBX 11

The installation process is simple. Log into your server as root and issue the following commands:

cd /root
wget http://incrediblepbx.com/incrediblepbx11.gz
gunzip incrediblepbx11.gz
chmod +x incrediblepbx11
./incrediblepbx11


When the installation finishes, you’ll be prompted whether to install Travelin’ Man 3 and Travelin’ Man 2. As documented below, Incredible PBX is designed for use behind a hardware-based firewall with no Internet port exposure. If you need phones at remote locations that are not behind your firewall, then you also need a way to protect your server from the bad guys since you’ll have to allow port 5060 and 10000-20000 UDP access to your server through the firewall. Travelin’ Man 3 does this by setting up a whitelist of safe Internet addresses and domains. Travelin’ Man 2 lets end-users take control by creating safe IP addresses using a web browser. If you don’t have external phones, you don’t need either of these resources so you can just cancel the rest of the Incredible PBX install by pressing Ctrl-C. Then restart Asterisk with this command: amportal restart.

A Few Words About Security. Thanks to its Zero Internet Footprint™ design, Incredible PBX is different. It remains the most secure Asterisk-based PBX around. What this means is The Incredible PBX has been engineered to sit safely behind a NAT-based, hardware firewall with no Internet port exposure to your actual server. For those needing remote telephone support, Incredible PBX optionally loads Travelin’ Man 2 and 3 for you so your IPtables Linux Firewall can be either self-managed by end-users or set up with predefined IP addresses and FQDNs for all of your remote sites. Read about this Asterisk SIP vulnerability. Then you’ll understand why WhiteList-based server security has become absolutely essential. WhiteList Security means only those devices with a registered IP address in your WhiteList can get to your server’s resources. To the NSA and everyone else, your server doesn’t even exist. Their only way to connect to you is with a POTS telephone and your published phone number. Can you hear me now?

For those with multiple servers to interconnect, we’ve provided one-click installers for not one but two VPN solutions: NeoRouter and PPTP. Suffice it to say, Incredible PBX has Security in Spades™: customized IPtables Linux Firewall, Fail2Ban tweaked for Asterisk security monitoring, FreePBX Extension Lockdown by IP address, randomized FreePBX extension passwords, Travelin’ Man 2 and 3 WhiteList Security, multiple VPN solutions for encrypted server-to-server communications, plus a bottom-up design focused on flawless operation behind a hardware-based firewall. You won’t find a more secure Personal Branch Exchange™ at any price.

Here’s the Incredible PBX 9-Layer Security Model:

• Hardware-based Firewall
• IPtables
• Fail2Ban
• Randomized Extension Passwords
• IP-Address Lockdown for Extensions
• Travelin’ Man 2 User-Managed WhiteList
• Travelin’ Man 3 Administrator-Managed WhiteList
• NeoRouter VPN
• PPTP VPN

書呆子Vittles: Did we mention that all of this telephone goodness is still absolutely FREE!

Prerequisites. For standalone hardware buffs, here’s what we recommend to get started properly:

• Broadband Internet connection
• $200 Dual-Core Atom PC, 4GB RAM, 60GB SSD (no moving parts!)
• dLink Router/Firewall. Low Cost: $35 WBR-2310  Best: DGL-4500  Latest: DIR-826-L
• 2 Dedicated Google Voice accounts (voice and fax)

We’ve shifted gears on our recommended Atom platform for PIAF3 after excellent results with both the single-core and dual-core Atom kits manufactured by Foxconn (pictured on the left below). That’s the dLink Gaming Router on the right. Seems kinda silly to spend twice as much for a machine that you can build yourself in under 5 minutes. Basically you remove four screws, insert a Phillips screwdriver in one of the holes and gently pry the cover away from the box. Then you pop off the back by inserting a small flat-blade screwdriver, remove four more screws, slide in a solid-state drive (SSD) and a 4GB stick of notebook computer RAM, and you’re done in a couple minutes. Replace the screws and the cover, and you have a perfect PIAF2 platform with terrific performance and no moving parts for about $200. The link above will take you to the PIAF Forum thread for these machines. They go on sale almost weekly. See the right column of Nerd Vittles (just below our tweets) for this week’s special at Amazon. The dual-core Atom box typically is under $150. It could easily handle an office with 50+ employees sitting on a bookshelf with an Internet connection (wired or wireless!). No noise. Very little heat. Low power requirements. Perfect!

Configuring Google Voice

If you plan to use Google Voice, be advised that, according to Google, it’s going away in less than 6 weeks on May 15. If you want to use it anyway, you’ll need a dedicated Google Voice account to support Incredible PBX 11. If you want to use the inbound fax capabilities of Incredible Fax 11, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using FreePBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX 11. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

• Call Screening – OFF
• Call Presentation – OFF
• Caller ID (In) – Display Caller’s Number
• Caller ID (Out) – Don’t Change Anything
• Do Not Disturb – OFF
• Call Options (Enable Recording) – OFF
• Global Spam Filtering – ON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Accessing The FreePBX 2.11 GUI

Using a web browser, you access the FreePBX GUI by pointing your browser to the IP address of Incredible PBX 11. Click on the Users tab. It will change to Admin. Now click the FreePBX Admin button. When prompted for a username, it’s maint. When prompted for the password, it’s whatever you set up as your maint password when you installed PBX in a Flash. If you forget it, you can always reset it by logging into your server as root and running passwd-master.

Configuring Google Voice Trunks in FreePBX. All trunk configurations now are managed within FreePBX, including Google Voice. This makes it easy to customize your Incredible PBX to meet your specific needs. If you plan to use Google Voice, here’s how to quickly configure one or more Google Voice trunks within FreePBX. After logging into FreePBX with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!

While you’re still in FreePBX, choose Applications, Extensions, and click on the 701 extension. Write down your extension and voicemail passwords. You’ll need them to configure a phone in a minute.

IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

Installing Incredible Fax 11

If you want the added convenience of having your Incredible PBX double as a free fax machine, run /root/incrediblefax11.sh after the Incredible PBX 11 install completes. Plug in your email address for delivery of incoming faxes and enter your home area code when prompted. For every other prompt, just press the Enter key. If you’d like to also add the optional OCR utility, just choose it when prompted. For complete documentation, see this Nerd Vittles article. Don’t forget that a REBOOT OF YOUR SERVER is required when the install is finished, or faxing won’t work! Then log in through the PIAF GUI as maint with your password. You’ll find the AvantFax GUI on the Admin menu.

Also be sure to set up a second, dedicated DID or Google Voice trunk if you want support for inbound faxing. Once the credentials are configured in FreePBX for the additional line, simply add an Inbound Route for this DID to point to the Custom Destination: Fax (Hylafax). This comes preconfigured with Incredible PBX 11.

Troubleshooting Audio and DTMF Problems

You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in FreePBX: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

Configuring a Desktop Softphone

PBX in a Flash supports all kinds of telephones, but we’ll start with the easy (free) one today. You can move on to “real phones” once you’re smitten with the VoIP bug. For today, you’ll need to download a softphone to your desktop PC or Mac.

The easiest way to get started is to set up a YATE softphone on your Desktop computer. Versions are available at no cost for Macs, PCs, and Linux machines. Just download the appropriate one and install it from this link. Once installed, it’s a simple matter to plug in your extension credentials and start making calls. Run the application and choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 201 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place your first call. It’s that easy!

Taking Incredible PBX 11 for a Spin

The proof is in the pudding as they say. So let’s try two simple tests. First, let’s place an outbound call. Using the softphone, dial your 10-digit cellphone number. Google Voice or your other SIP trunk should transparently connect you. Answer the call and make sure you can send and receive voice on both phones. Second, from another phone, call the number that you’ve dedicated to The Incredible PBX. Your softphone should begin ringing shortly. The call will be answered by the Nerd Vittles sample IVR. You can explore all of the preconfigured options at your leisure.

Learn First. Explore Second. Even though the installation process has been completed, we strongly recommend you do some reading before you begin your VoIP adventure. VoIP PBX systems have become a favorite target of the hackers and crackers around the world and, unless you have an unlimited bank account, you need to take some time learning where the minefields are in today’s VoIP world. Start by reading our Primer on Asterisk Security. We’ve secured all of your passwords except your root password and your passwd-master password. We’re assuming you’ve put very secure passwords on those accounts as if your phone bill depended upon it. It does! There’s loads of additional documentation on the PBX in a Flash documentation web site.

Incredible PBX 11 Automatic Update Utility

Incredible PBX 11 includes an automatic update utility to assist in keeping your system current and secure. It runs each time you log into your server as root. The first ten updates are at no cost. You then can elect to continue the service by subscribing to the update service which is available for a modest $20 for the remainder of the calendar year. Whether you subscribe or not, new releases of PBX in a Flash and Incredible PBX will always be free! This simply is a way for us to recover our costs in providing a service that many of our users have asked for. We hope you like it.

Choosing VoIP Providers

Nothing beats free when it comes to long distance calls. But nothing lasts forever. And, in the VoIP World, redundancy is dirt cheap. So we strongly recommend you set up another account with Vitelity using our special link below. This gives your PBX a secondary way to communicate with every telephone in the world, and it also gets you a second real phone number for your new system… so that people can call you. Here’s how it works. You pay Vitelity a deposit for phone service. They then will bill you $3.99 a month for your new phone number. This $3.99 also covers the cost of unlimited inbound calls (two at a time) delivered to your PBX for the month. For outbound calls, you pay by the minute and the cost is determined by where you’re calling. If you’re in the U.S., outbound calls to anywhere in the U.S. are a little over a penny a minute. If you change your mind about Vitelity and want a refund of the balance in your account, all you have to do is ask. The trunks for Vitelity already are preconfigured with The Incredible PBX. Just insert your credentials using FreePBX and uncheck the Disable Trunk checkbox. Then add the Vitelity trunk as the third destination for your default outbound route. That’s it. Congratulations! You now have a totally redundant phone system.

Incredible PBX 11 includes preconfigured trunk setups for all of your favorite trunk providers. Just plug in your credentials and activate the trunks you need. In less than a minute, you’re done. Here’s the Incredible PBX Top 20 Trunk List with some reasons why these providers made our short list:

• AxVoice ($14.99/mo. Business Plan; $16.58/mo. Unlimited Calls to 45 Countries)
• CallCentric (Good International Calling Rates)
• DIDforSale (20 channels per DID; unlimited DID calls for $8.99/mo.)
• ENUM
• FlowRoute (Good International Calling Rates)
• FreeNum
• Future-Nine (Supports CallerID Spoofing)
• Google Voice (Free DIDs and free U.S./Canada calling)
• IPkall (Free SIP/IAX DIDs)
• Les.net (Supports CallerID Spoofing; very low rates)
• LocalPhone (Dirt-cheap DIDs and calling rates worldwide; Free iNum DID)
• Simon Telephonics (Free SIP-to-GoogleVoice Gateway)
• SIPgate (Free residential DIDs sometimes)
• Skype (Free Skype-to-Skype calls worldwide)
• Teliax (Unlimited inbound DID $5/mo.)
• Vitelity (Our supporter and the Best in the Business!)
• VoIPms (CallerID spoofing; Free iNum calling; Very low rates)
• VoIPMyWay (Residential Unlimited: $15.50/mo. Business Unlimited: $40/mo.)
• VoIPStreet (Free DID)

Configuring Email Noticing in FreePBX

You’re going to want to be notified when updates are available for FreePBX, and you may also want notifications when new voicemails arrive. Everything already is set up for you except actually entering your email notification address. Using a web browser, open the FreePBX GUI by pointing your browser to the IP address of your Incredible PBX. Then click Administration and choose FreePBX. To set your email address for FreePBX updates, go to Admin -> Module Admin and click on the shield on the right margin. To configure emails to notify you of incoming voicemails, go to Applications -> Extensions -> 701 and scroll to the bottom of the screen. Then follow your nose. Be sure to reload FreePBX when prompted after saving your changes.

A Final Word About Security

In case you couldn’t tell, security matters to us, and it should matter to you. Not only is the safety of your system at stake but also your wallet and the safety of other folks’ systems. Unless you subscribe to the new Automatic Update Utility, our only means of alerting you to security issues which arise is through the RSS Feed that we maintain for the PBX in a Flash project. This feed is prominently displayed in the web GUI which you can access with any browser pointed to the IP address of your server. Check It Daily! Or add our RSS Feed to your favorite RSS Reader. We also recommend you follow @NerdUno on Twitter. We’ll keep you entertained and provide immediate notification of security problems that we hear about. Finally, visit the PIAF Forums regularly. You’ll be surprised what you can learn in 10 minutes of browsing. Be safe!

Kicking the Tires

NEWS FLASH: Google Speech Recognition was an integral part of several Incredible PBX apps including the 949 Weather Reports and 411 Phonebook Directory Lookups with AsteriDex. Google changed their API to now require a personal API key for further use of the service. Thanks to Lefteris Zafiris, the speech recognition engine has been restored to operation. For instructions on obtaining your own API key and for properly reconfiguring your system to support speech-to-text, see this thread on the PIAF Forum. Google’s API is for personal and development use only!

That’s enough tutorial for today. Let’s play. Using your new softphone, begin your adventure by dialing these extensions:

• D-E-M-O – Incredible PBX Demo (running on your PBX)
• T-I-D-E – Get today’s tides and lunar schedule for any U.S. port
• 4-1-1 – Phonebook lookup/dialer with AsteriDex
• C-O-N-F – Set up a MeetMe Conference on the fly (PIN: 1234)
• 1-2-3 – Schedule regular/recurring reminder (PW: 12345678)
• 2-2-2 – ODBC/Timeclock Lookup Demo (Empl No: 12345)
• 2-2-3 – ODBC/AsteriDex Lookup Demo (Code: AME)
• 3-3-3 – Look up a definition for any word or term
• 9-4-9 – Weather forecast for any city in the world
• 9-5-0 – Retrieve stock report by stock symbol
• 9-5-1 – Latest Google News headlines
• Dial *68 – Schedule a hotel-style wakeup call from any extension

---

Don’t forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. And add your new number to the Do Not Call Registry to block telemarketing calls. Or just call 888-382-1222 from your new number.

Deals of the Week. A relatively new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage, too, which will assist with our disaster recovery plan.

Tweet

Originally published: Thursday, April 3, 2014

---

Need help with Asterisk? Visit the PBX in a Flash Forum.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest…