asterisk – Page 48 – Nerd Vittles

Fall Festivus: Asterisk Text-to-Speech Roundup with a Baker’s Dozen New Voices

Tuesday, September 17, 2013 / 3 Comments on Fall Festivus: Asterisk Text-to-Speech Roundup with a Baker’s Dozen New Voices

[soundcloud url="http://api.soundcloud.com/tracks/110813303″ params="" width=" 100%" height="166″ iframe="true" /]

It’s been a while since we looked at the text-to-speech (TTS) landscape with Asterisk®. So we thought we’d bring you up to date on where we stand with text-to-speech in the free department insofar as Asterisk 11 is concerned. The hands-down winner remains Lefteris Zafiris’ implementation of Google TTS. It rivals any commercial TTS software application and costs you nothing. The good news is, if you’re running Incredible PBX 11, you already have it. For other PBX in a Flash systems, start with our previous Nerd Vittles tutorial to get Google TTS installed. For other systems, start with the Lefteris Zafiris tutorial. Once everything is installed, copy the perl script to /usr/local/sbin and make a temporary directory to hold your Google TTS recordings:

cp /var/lib/asterisk/agi-bin/googletts-cli.pl /usr/local/sbin/googletts-cli.pl mkdir /tmp/tts cd /tmp/tts

For each recording you wish to create, use the following syntax where hello.wav is the name for your new file and "Hello world" is the text you wish to convert to a sound file:

googletts-cli.pl -o hello.wav -l en -t "Hello world"

Next, convert the .wav file into a .gsm file that is compatible with Asterisk and move it into place for use with Asterisk:

sox hello.wav -r 8000 -c1 hello.gsm mv hello.gsm /var/lib/asterisk/sounds/custom

To convert the file into an MP3 for your cellphone or a silly web site like ours, it goes like this:

lame -h -b 64 "hello.wav" "hello.mp3"

Now you can use the recording in your Asterisk dialplan like this:

exten => 1234,n,Playback(custom/hello)

To use the recorded voice prompts in FreePBX®, you first must copy them to your desktop computer. Then, in FreePBX, choose Admin -> System Recordings. Pick the file on your desktop and click Upload. Give the recording a name and then click Save. The recordings then are available for use in your IVRs, Ring Groups, and Announcements.

To create Google TTS prompts on-the-fly in your dialplan, use the following syntax:

exten => 1234,n,agi(googletts.agi,"Hello world.")

If you need help, take a look at PIAF Forum thread covering Google TTS and build some terrific applications for you and your customers. It’s the ultimate freebie!

Today we also want to explore what else is out there besides Flite and Google TTS. Festival and its little brother, Flite, have been staples of the PBX in a Flash and Incredible PBX projects since the outset. The problem has always been the lack of voices. The good news is that now there are at least some choices with Festival. To use these new voices with Asterisk in PBX in a Flash and Incredible PBX, you’ll first need to crank up Festival. From the command prompt, type: festival –server &. If you’d prefer to start up Festival when your server boots, then issue the following command and reboot:

echo "festival --server &" >> /etc/rc.d/rc.local

To download and install the new voices, we’ll need the RPMForge repository. If you’re using a 32-bit system, issue the following commands to activate it:

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm rpm -Uvh rpmforge* sed -i 's|enabled = 0|enabled = 1|' /etc/yum.repos.d/rpmforge.repo

If you’re running a 64-bit system, issue the following commands:

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm rpm -Uvh rpmforge* sed -i 's|enabled = 0|enabled = 1|' /etc/yum.repos.d/rpmforge.repo

Now let’s add some voices to your server. You can find out what’s available by issuing one of the following commands:

yum search festvox
yum search festival

To install some new voices for you to play with, issue the following commands:

yum -y install festvox-rms-arctic-hts.noarch
yum -y install festvox-kal-diphone.noarch
yum -y install festvox-ked-diphone.noarch
yum -y install festvox-jmk-arctic-hts.noarch
yum -y install festvox-clb-arctic-hts.noarch
yum -y install festvox-awb-arctic-hts.noarch
yum -y install festvox-bdl-arctic-hts.noarch
yum -y install hispavoces-pal-diphone.noarch
yum -y install hispavoces-sfl-diphone.noarch

For a list of your installed voices for Festival, issue the following command:

echo "(voice.list)" | festival --interactive

kal_diphone

ked_diphone

nitech_us_clb_arctic_hts

nitech_us_jmk_arctic_hts

nitech_us_slt_arctic_hts

nitech_us_rms_arctic_hts

nitech_us_bdl_arctic_hts

nitech_us_awb_arctic_hts

JuntaDeAndalucia_es_sf_diphone

JuntaDeAndalucia_es_pa_diphone

To use Festival voices in your dial plan, you’ll need the name of the voice you wish to use with a prefix of voice_. So, for example, the kal_diphone voice would be voice_kal_diphone. You can control the volume of the voice prompts by (gradually) adjusting the scale. Then the dialplan syntax looks like this:

exten => 1234,n,System(echo "Hello." | text2wave -eval "(voice_kal_diphone)" -scale 1.0 -F 8000 -o /tmp/${UNIQUEID}.wav) exten => 1234,n,Playback(/tmp/${UNIQUEID}) exten => 1234,n,System(rm -f /tmp/${UNIQUEID}.wav)

We have a third option for you today. eSpeak for Asterisk is brought to you by none other than Lefteris Zafiris. If you haven’t already figured it out, Lefteris has single-handedly kept Asterisk text-to-speech humming along for years. We all owe him our deepest appreciation. Thank you, Lefteris!

eSpeak is a terrific TTS platform because it supports literally dozens of foreign languages. It’s still hard for some Americans to grasp the idea that the whole world doesn’t speak English so here’s an app for the Restivus. Lefteris is a Debian devotee so it takes a little elbow grease to get this one going on the CentOS platform with PBX in a Flash or Incredible PBX. If you can cut-and-paste commands, then this shouldn’t be too difficult; however, we don’t recommend this version for production use.¹ After logging into your server as root, make certain that you’ve enabled the RPMForge repo as explained above. Then issue the following commands to install eSpeak and eSpeak for Asterisk:

yum -y install portaudio-devel yum -y install libsndfile-devel yum -y install libsamplerate-devel yum -y install espeak yum -y install espeak-devel
cd /usr/src git clone git://github.com/zaf/Asterisk-eSpeak cd Asterisk-eSpeak make make install make samples cd /etc/asterisk mv espeak.conf espeak.conf.orig wget http://incrediblepbx.com/espeak.conf chown asterisk:asterisk *.conf amportal restart

Once eSpeak is loaded, the dialplan syntax for eSpeak TTS looks like this:

exten => 1234,n,Espeak("Welcome to the new world.",any,en-us) exten => 1234,n,Espeak("Bienvenido al nuevo mundo.",any,es-la)

For the list of eSpeak language abbreviations, issue the following command: espeak --voices.

So… where do we go from here? Hopefully, MBROLA and Festival MBROLA are next in line. The Debian methodology has already been documented. Who would like to tackle a CentOS tutorial?

Important Final Step. Once you’ve finished installing your new TTS apps and voices, don’t forget to turn off the RPMForge repo. There are many apps in the repo that will do irreparable damage to your PBX in a Flash server if it attempts to update a component from the wrong repository! Just issue the following command to disable the RPMForge repo until you need it again. Enjoy!

sed -i 's|enabled = 1|enabled = 0|' /etc/yum.repos.d/rpmforge.repo

Deals of the Week. There’s still an amazing deal on the street, but you’d better hurry. A new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage which will help avoid another PIAF Forum disaster.

Originally published: Tuesday, September 17, 2013

Need help with Asterisk? Visit the PBX in a Flash Forum.

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

Recompiling eSpeak from source with this patch will eliminate a reported file descriptor leak that could cause Asterisk to crash. [↩]

Newbie’s SIP Navigation Guide for Asterisk: Is It Safe?

Monday, September 9, 2013 / 1 Comment on Newbie’s SIP Navigation Guide for Asterisk: Is It Safe?

It’s Back to School Time at Nerd Vittles today with a wrap-up of our series exploring the symbiotic relationship between SIP and Asterisk® including the most important consideration of all: SIP Security 101, a quick-and-dirty look at the security implications of using SIP with Asterisk. If you read nothing else before you begin your VoIP adventure, move today’s article to the top of your list. It might save you a personal fortune! Think of it as winning the lottery without even buying a ticket. Then we’ll summarize some safe approaches to using SIP with Asterisk. And finish up with a novel way to implement free SIP calling using almost any telephone: POTS phone, cellphone, or any SIP phone.

Asterisk Boot Camp: SIP Security 101

By default, most Asterisk systems including those relying upon FreePBX® are configured to deny anonymous SIP calls. If your server has a fully-qualified domain name, it means SIP calls to 201@myserver.com will fail. Since SIP URI calls are free from anywhere in the world, that’s a big deal. The million dollar question is why not just enable anonymous SIP calling on your Asterisk server and call it a day. Then anybody can call any extension on your PBX. That’s half of the answer actually: "Then anybody can call any extension on your PBX." If that were the only exposure by opening up SIP to anonymous callers, many of us could probably live with that. After all, that’s how POTS phones worked for almost 100 years. The difference, of course, is anonymous SIP calls are free and often undetectable regardless of where the calling party happens to actually be. Unlike HTTP requests which preclude users from spoofing the IP address, SIP requests have no such limitation. That means a SIP packet can knock on your door masquerading as a SIP packet initiated from your own server.

Unfortunately, when you expose UDP port 5060 and your Asterisk server to any and all SIP traffic sent your way from the Internet, it means any kind of SIP packet can be sent to your server for processing. That includes login requests to extensions and trunks as well as SIP packets with all sorts of vile code embedded in the SIP headers.

SIP can be used for DDoS attacks from inside or outside of the network, and it is the SBC or other border controller device’s job to handle those types of issues. Common attacks include SIP registration floods, endpoint spoofing, and ENUM attacks.

Without boring you with the details, suffice it to say that SIP vulnerabilities have been discovered regularly in all flavors of Asterisk… as recently as a few weeks ago. And, Asterisk 12 is just around the corner with an entirely new approach to SIP. So, before you open your server to anonymous SIP attacks, ask yourself whether you (and your wallet) believe that we’ve seen the last of the SIP vulnerabilities. Keep in mind that, if an attacker gains access to your server, everything is vulnerable including not only your internal extension credentials but also your account names and passwords with all of your providers. Once they have those, they don’t need access to your server any longer. They can run up phone bills on your nickel using direct connections to your providers.

Believe it or not, there was actually a SIP exploit several years ago where the bad guys embedded some code in a SIP packet that crashed the server when anyone happened to look at the SIP entry in their call logs or CDR reports using a browser. And, before the crash, it relayed some of your most prized Asterisk secrets to the attacker. Remember, many Asterisk passwords are stored in plain text on your server. If you don’t believe it, try these commands after logging into your server and switching to the asterisk user (the user account that runs Asterisk and your Apache web server):¹

su asterisk cat /etc/asterisk/manager.conf asterisk -rx "database show" mysql -uroot -ppassw0rd asterisk -e "SELECT keyword,data FROM sip"

If that last one doesn’t scare the crap out of you, then Let Me Google That For You. The simple answer would have been to cleanse SIP headers before writing the contents to the logs. But the "purists" won that battle maintaining that such action would bastardize the call logs by failing to document everything in exactly the way it was received.

So much for security!

As long as we have very secure passwords for trunks and extensions, doesn’t Fail2Ban block hacking attacks after several unsuccessful login attempts? Unfortunately, that depends on the performance of your server and the one being used by the attacker. Remember, neither Asterisk nor the Linux kernel, scans SIP traffic for malware. Fail2Ban operates on the data after the fact by scanning entries in your server logs for matching patterns which you define. And these entries are written to the logs only after Asterisk or your web server has processed the packets. If it turns out the attacker is using a gazillion-horsepower server in the cloud, then your poor little server never gets enough processing time with Linux to actually scan the Asterisk log for failed login attempts. What that means is the attacker can execute thousands, if not tens of thousands, of SIP attempts before Fail2Ban ever springs into action even when you’ve set the threshold for blocking an IP address to as few as three failed login attempts.

We want to stress that this isn’t a diatribe against the developers with regard to security. The point is some of the fundamental design choices made with regard to Asterisk and FreePBX do not lend themselves to safe deployment on a public-facing server without additional layers of security. In the case of PBX in a Flash™, it’s the reason we have implemented Apache-level security on the FreePBX web assets in addition to an IPtables firewall and Fail2Ban. For history lovers, keep in mind that, when Asterisk@Home and trixbox® were in their heyday, none of these safeguards were provided.

We’re going to postpone discussion of SIP encryption and SRTP because of its complexity. Suffice it to say, it’s just coming into its own with Asterisk 11, and it raises new problems of its own, e.g. finding compatible phones. You can try it out using our PBX in a Flash WebRTC Virtual Machine. And here is today’s must-read article on the subject.

What’s the bottom line with SIP exposure of your Asterisk server to the Internet? The short answer is DON’T especially if you’re new to the VoIP and Asterisk world. You’re simply asking for a $100,000 phone bill. Ma Bell & Friends don’t really care who makes calls on your nickel. And, remember, keeping your server behind a hardware-based firewall with no Internet port exposure does not affect your ability to make or receive calls using registered providers. That includes SIP, IAX2, Google Voice, and PSTN calls. It also doesn’t affect your ability to make free outbound SIP URI calls to anywhere in the world even with no provider registrations.

Safely Integrating SIP URIs into Asterisk

The long answer is there is a relatively safe way to implement SIP access to your server from the Internet. First, you can use registered trunks with reputable providers to provide SIP connectivity to your server. This includes PSTN calls to DIDs as well as SIP URI calls in many cases. Let the providers worry about SIP attacks while your server sits safely behind a hardware-based firewall with NO Internet port exposure! There are better tools than Asterisk to avoid SIP disasters and protect against malicious SIP attacks. You can protect yourself by keeping a minimal amount of money in your provider accounts with no automatic replenishment from a credit card. Second, for those that need to connect remote phones to your Asterisk server, you can use Firewall WhiteLists with IPtables to restrict access to only the good guys. Travelin’ Man 3 sets up WhiteLists for PBX in a Flash servers in a couple of minutes.

What you can’t do is rely upon BlackLists of IP addresses to keep the bad guys out. If you’ve ever played Whac-A-Mole, you can appreciate the difficulty of using BlackLists to secure your server. The bad guys can change their identity by simply using different IP addresses or by using the IP address of a compromised PC such as the one sitting in your grandma’s kitchen. In addition, the bad guys have become experts in inserting important (safe) IP addresses in BlackLists which, of course, is extremely problematic if one of those IP addresses happens to be one of your SIP providers.

The silver lining of Asterisk is the ability to make and receive free calls to and from anywhere in the world using SIP URIs. They look like email addresses, but SIP URIs actually connect calls via SIP between SIP servers and endpoints regardless of where they may be on the Internet. In the "old days," advertising a SIP URI for inbound call access to your server meant exposing Asterisk to anonymous SIP traffic. Not any more! Simply sign up for a (pre-paid) account on VoIP.ms or a FREE account at either sip2sip.info or Anveo.com, follow one of our tutorials to register your account, and you’ll automatically have a free SIP URI for your Asterisk server. No Internet port exposure of your Asterisk server is ever required!

Instead of using some-account-number@atlanta.voip.ms or some-account-number@sip2sip.info as your SIP URI, most folks will prefer a SIP URI that matches your existing domain, if you happen to have one. This Nerd Vittles article will walk you through the process of converting your VoIP.ms or Sip2Sip URI into something more manageable: yourname@yourdomain.com. And, thanks to RentPBX, everyone is more than welcome to use the PBX in a Flash cloaking servers on the east and west coast to manage the SIP URI translation magic. If you happen to be (or would like to become) a PBX in a Flash Forum Guru, there’s another option. We’ll host your vanity SIP URI @pbxinaflash.com using your forum name. Just drop us a note on the forum for details. We’re always looking for subject matter experts on the forum. You don’t have to be an expert in everything, just one topic. If you qualify, please let us know and WELCOME!

Dialing SIP URI Calls with iNUM Using Any Telephone

We’ve saved the best for last again. The only problem with SIP URIs is how to dial them. Most phones don’t have a full keyboard. While you can certainly create a few Speed Dial (Custom) Extensions in FreePBX using sip/joe@schmo.com as the SIP URI dial string for the extension, this isn’t feasible on a bigger scale. What makes more sense is to actually use a phone number to connect the call. We previously have documented the iNum solution that’s available through a number of providers including VoIP.ms and LocalPhone. These calls used to be free with Google Voice until Google changed their mind. Now they’re 3¢ a minute. But they’re still free calls with most providers. The only real drawback is the length of the phone number. 883510009901997 is a little hard to remember, even to call Lenny. And, with RentPBX, you need a prefix of 011 to add insult to injury. But, hey, the calls are free to anywhere.

There’s a better way that actually uses your SIP URI to make the call. It’s John Todd’s brainchild, FreeNUM with ISN. As the image shows, ISN numbers are easy to remember and easy to dial. Instead of an @ symbol for email, you use an * symbol for you know what. And you still get Lenny! The trick to ISN dialing is that we pass a number such as 1234*1061 to a DNS server that knows how to translate the numeric sequence into a SIP URI that looks like this: 1234@pbxinaflash.com. It takes the number after the asterisk and resolves it to a fully-qualified domain name which is preconfigured at freenum.org. And the result is inter-domain numeric SIP addressing using ordinary telephone instruments.

The Asterisk setup using FreePBX is simple. The FreeNUM trunk should look like this:

The Outbound Route should look like this:

The dialplan context to tack on the end of /etc/asterisk/extensions_custom.conf looks like this:

[freenum] exten => _X.,1,Set(TIMEOUT(absolute)=10800) exten => _X.,2,NoOp(Number to Call: ${EXTEN}) exten => _X.,3,Set(isnresult=${ENUMLOOKUP(${EXTEN},sip,,1,freenum.org)}) exten => _X.,4,GotoIf($["${isnresult}"=""]?6:5) exten => _X.,5,Dial(SIP/${isnresult},40,r) exten => _X.,6,Background(ss-noservice) exten => _X.,7,Congestion exten => _X.,8,Hangup exten => h,1,Hangup exten => i,1,Hangup exten => T,1,Hangup

For those using Incredible PBX™, the good news is you already have it. Just pick up an extension on your system and dial 1234*1061 to give Lenny a piece of your mind. It works exactly like this SIP URI: sip/1234*1061@freenum.org. For everyone else, believe it or not, we’ve already written about this back when some of you still were in diapers. So read the article for all the details and ISN registration instructions. You will note that in more recent versions of Incredible PBX (including what we’ve shown above), the ** prefix for ISN calls has been eliminated. Now you can dial ISN calls just as described in the FreeNUM literature. We’ve also migrated our ISN domain from sip.pbxinaflash.com to pbxinaflash.com to simplify DNS administration. For PBX in a Flash Forum Gurus, we’ll be happy to set you up with your own free ISN number in the pbxinaflash.com domain as well.

Dialing SIP URI Calls with IPKall Using Any Telephone

There’s yet another option. With an IPKall DID from one of several Seattle area codes, you can interconnect your SIP URI with every PSTN phone in the world. And it’s free. Just make at least one inbound call a month, and the phone number is yours to keep. Here’s the easy way to do it. Just sign up for a free DID at www.ipkall.com. After choosing an area code for your free number, you’ll be prompted for the following information.

Here’s what you’d enter using your free Sip2Sip URI:

Phone Number: 323XXXXXXX
SIP Proxy: sip2sip.info
Email Address: your-email-address
Password: some-password-to-get-back-into-your-account

Here’s what you’d enter using your free Anveo SIP URI:

Phone Number: 1555ACCOUNTNUMBER
SIP Proxy: sip.anveo.com:5010
Email Address: your-email-address
Password: some-password-to-get-back-into-your-account

Once you’ve completed the form, submit it and wait for your new phone number to be delivered in your email. You should get it within a couple minutes so check your spam folder if you don’t see it. Congratulations! You’ve done everything you need to do for anyone to call you using either your SIP URI or your new DID from IPkall.

It’s worth noting that IPKall recycles DIDs that aren’t used for 30 days. If you use Incredible PBX, the easiest way to assure you don’t lose your number is to set up a weekly recurring Telephone Reminder that calls your IPkall number.

But How Do I Make VoIP Calls to Plain Old Telephones?

We’ve spent a lot of time on free SIP solutions for inbound calls, but inevitably you’re going to need a way to call Plain Old Telephones whether they be customers or friends and family. To make outbound calls or terminations in VoIP parlance, you’re going to need an account with a VoIP provider. If you’re in the United States, you still can get one or more free Google Voice accounts. These accounts let you make unlimited calls to anywhere in the U.S. and Canada. Both PBX in a Flash and Incredible PBX come preconfigured to support Google Voice calling. The scuttlebutt is this may be the last year of the free ride so it’s probably a good idea to try some other alternatives. It’s a good idea anyway because Google has made an art form of "improving" things and breaking VoIP calling periodically. Here’s our "Best of the Best" list of pay-by-the-minute VoIP providers for US48 calls. Lower cost providers are available to call some destinations, but the vendors below provide flat-rate per minute pricing to all US48 destinations. Trunks to support most of these providers also come preconfigured in Incredible PBX. With most of these providers, you set up an account and deposit a small pot of money. When you make calls, the cost of the call is debited from your account. When you run out of money, you can’t make any more calls. For the sake of redundancy, having multiple providers is a very good idea. It costs you nothing to have multiple providers until you actually make calls. Enjoy!

$.005 – LocalPhone* (mobile $.007)
$.007 – DIDlogic (toll-free $.005)
$.009 – SIP.US
$.010 – Flowroute (toll-free $.000)
$.010 – Anveo.com
$.011 – VoIP.ms*
$.014 – Vitelity
$.015 – Les.net
$.020 – CallCentric*

* Free iNUM DID and free worldwide iNUM calling. Tutorial here.

Don’t forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. And add your new number to the Do Not Call Registry to block telemarketing calls. Or just call 888-382-1222 from your new number.

Deals of the Week. There’s still an amazing deal on the street, but you’d better hurry. A new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage which will help avoid another PIAF Forum disaster.

Originally published: Monday, September 9, 2013

Need help with Asterisk? Visit the PBX in a Flash Forum.

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

On the Raspberry Pi platform, substitute "raspberry" for "passw0rd" in the MySQL example. [↩]

The Music Frontier: Taming Streaming Music on Hold with Asterisk 11

Tuesday, September 3, 2013 / 2 Comments on The Music Frontier: Taming Streaming Music on Hold with Asterisk 11

It’s been over 7 years since we first wrote about streaming music on hold with Asterisk®. While we’re energized with Back to School Fever, we decided it was about time for a refresher. And, in honor of TWOfer Tuesday, we also have a terrific new SIP discovery to share. It won’t cost you a dime.

For long time readers of Nerd Vittles, you will note that all of the MOH syntax has changed since the early Asterisk days. So today we wanted to document how to integrate streaming music on hold into Asterisk 11 with or without FreePBX®.

Prerequisites: With the PIAF-Green platform, all of the Linux tools you’ll need are already in place. On other Asterisk platforms, you may need to install MPG123 before any of this will work. Before streaming audio can be used for Music on Hold (MOH) with Asterisk, there are three essential pieces. First, you must have a source of streaming audio that works. Second, you need a streaming audio player on your Asterisk/Linux server that can "talk" to Asterisk. And, finally, Asterisk has to be properly configured to support streaming audio as the source for your music on hold.

Legal Disclaimer. There are all sorts of licensing restrictions on streaming of commercial music. With commercial radio broadcasts, the short answer is you can’t do it without paying a fee. However, things get murky where your music on hold stream originates with an Internet provider who already has paid a fee for your use of the streaming content. Nevertheless, you should consult with an attorney before beginning your broadcasting career. It would be an understatement to suggest that the RIAA, ASCAP, and their friends in Congress and the White House, have made "music mooching" an expensive hobby. In addition, there is a move afoot by the White House to make streaming of copyrighted music a felony. Not surprisingly, the White House Copyright Czar just jumped ship to take a cushy job heading up the industry’s anti-piracy lobbying group. For those that are criminally inclined, it probably would be less expensive to return to the glory days of shoplifting music and playing it in the comfort of your home or dorm room… not that we would ever encourage criminal behavior, of course.

Choosing a Streaming Audio Source. An almost infinite variety of streaming audio exists on the net. If you’re just getting into streaming audio, head over to SHOUTcast.com for over 50,000 FREE sources to get you started. If you’d prefer to set up your own SHOUTcast server, Nerd Vittles has previously covered solutions for both the Windows (WinAMP) and Mac (NiceCast) platforms. This is one area where the Mac platform really shines. NiceCast works flawlessly. Insofar as Asterisk is concerned, here’s the bottom line. If the streaming audio source you’ve chosen sounds like crap when you play it on your PC or Mac, it will sound the same way (or worse) as your MOH source. So start your project by picking a source that sounds good and be sure it plays reliably on your desktop PC or Mac before proceeding further. Keep in mind that anything above a 24K mono stream is wasted on a telephone call so there’s no need to choose a 128K stereo audio stream unless you just want to eat up your bandwidth. Also keep in mind that, unless you’re using your own stream on your private LAN, the streaming audio will be using the same bandwidth that you need to support incoming and outgoing phone calls over your broadband connection. So less is more!

Configuring Asterisk for MOH Streaming Audio. Here are the three steps to get things working today. First, you’ll need the web link to your music source. Second, you’ll need to configure a MUSICCLASS Channel to support that stream using Asterisk. And third, you’ll need to set up a test extension to try out your music stream.

In the case of SHOUTcast.com, the procedure to obtain the necessary link for your streaming audio source is straight-forward. Find the station desired and Ctrl-Click or Right-Click on the station and copy the link to your clipboard. This is NOT the link you’ll need for Asterisk! Instead, open the link in a new browser window. It will download a .pls file to your desktop. Open this file using a text editor, and copy out one of the File* entries (if there are several). Choose the one that looks something like this: http://160.79.128.61:5016. If you’re using Nicecast on a Mac, start up the app, choose your music source, and then click the Share button. Nicecast will display two entries as shown below:

Using our example, the required Nicecast link for Asterisk running on the same LAN is http://192.168.0.105:8002.

Now set up a music on hold channel for your streaming audio: nano -w /etc/asterisk/musiconhold_custom.conf. If you’re using your own streaming audio server, then use the Nicecast entry from the procedure above. Otherwise, use the SHOUTcast entry following the procedure we outlined. Here are some examples:
[Reggae] mode=custom application=/usr/bin/mpg123 -q -r 8000 -f 8192 -b 2048 --mono -s http://160.79.128.61:5016


[Top40]

mode=custom

application=/usr/bin/mpg123 -q -r 8000 -f 8192 -b 2048 --mono -s http://95.141.24.98:80
[NewAge]

mode=custom

application=/usr/bin/mpg123 -q -r 8000 -f 8192 -b 2048 --mono -s http://sfstream1.somafm.com:8032

;[nicecast] ;mode=custom ;application=/usr/bin/mpg123 -q -r 8000 -f 8192 -b 2048 --mono -s http://192.168.0.105:8002/

There’s a reason we’ve commented out the [nicecast] entry. If Asterisk doesn’t find it running, you’ll get an endless stream of "Interrupted system call" errors, not exactly the sort of stream we had in mind. And a cautionary note about bandwidth: a streaming audio source, once configured, continues streaming until you disable it in musiconhold_custom.conf and restart Asterisk. So choose your sources, the number of sources, and the amount of bandwidth each consumes carefully. Finally, here’s a tip about the volume of your audio stream. With MPG123, the -f setting is the closest thing there is to a volume setting. The values range from 1 to 32768. If some of your callers will be using cellphones, it has been reported that the 8192 setting is too high. Give 1192 a try and adjust as necessary to meet your own requirements.

Once you’ve specified your audio stream(s), save the updated musiconhold custom file: Ctrl-X, Y, then Enter.

Testing Your MOH Stream with Asterisk. With everything now properly configured, let’s set up an extension just to be sure it’s working correctly. Edit your extensions_custom.conf file in /etc/asterisk and insert the following snippet in the [from-internal-custom] context:
exten => 466,1,Answer exten => 466,2,Playback(pls-hold-while-try) exten => 466,3,Set(CHANNEL(MUSICCLASS)=nicecast) exten => 466,4,MusicOnHold() exten => 466,5,Hangup

exten => 467,1,Answer exten => 467,2,Playback(pls-hold-while-try) exten => 467,3,Set(CHANNEL(MUSICCLASS)=Reggae) ;exten => 467,3,Set(CHANNEL(MUSICCLASS)=Top40) ;exten => 467,3,Set(CHANNEL(MUSICCLASS)=NewAge) exten => 467,4,MusicOnHold() exten => 467,5,Hangup

Once you’ve added this extension code, save the updated file: Ctrl-X, Y, then Enter. Then restart Asterisk: amportal restart. Pick up a phone on your Asterisk system and dial 467. After you’re connected, it may take up to 2 minutes for the streaming audio to begin, but this delay only occurs after Asterisk is restarted. Once you’ve heard your audio stream playing, hang up and call back just to make sure. Remember, each stream you activate continues streaming! It’s your bandwidth.

Configuring FreePBX 2.11 for MOH Streaming Audio. Once you have everything working, let’s switch to FreePBX 2.11 and show you the quick-and-dirty way to accomplish the same thing with a single line of code. Just use the same Application string that was used in the musiconhold_custom.conf setup above. The only caution here is be sure to use different labels than the ones used above. For example, to use the same source as NewAge, just change the label to NewAge2 in FreePBX.

Now open FreePBX and click Settings -> Music on Hold -> Add Streaming Category. Then fill in the blanks like this:

Once you have one or more streaming categories defined, you can select your favorite when you create a new Inbound Route, Ring Group, or Conference.

Introducing Anveo

SIP Nirvana. We have another terrific SIP discovery for you this week. Previously, we’ve raved about Sip2Sip’s free SIP URIs and AnveoDirect’s terrific SIP bargains for those that like wholesale prices. And last week we introduced SIP.US which finally hits the $20/trunk price point for unlimited inbound and outbound calling in US48. It also works hand-in-glove with FreePBX 2.11. Today we want to introduce Anveo’s commercial offering which includes residential, business, and free SIP services. Anveo is the hands-down winner of our "Best Free VoIP Resource on the Net" award. We’ll get to why, but there’s so much more…

Let’s begin with a quick summary of their DID offerings:

Anveo has one of the most robust VoIP offerings you’ll find in terms of feature set. Here’s a quick overview:

SMS Messaging (1¢ per message)
Fax and Fax-to-Email Integration
Voicemail to Text
Salesforce.com CRM
ZOHO CRM
G.729 and G.722 (HD Voice)
Destination-based Outbound CallerID
Text-to-Speech (41 voices in 17 languages)
Google Contacts
Google Analytics
Web Calling
Call Recording with Amazon S3 Integration
Outbound Call Campaigns
Conference Calls with Recording
Worldwide DIDs and Number Porting
Disposable Phone Numbers
IVR Call Flow Builder
Anveo Phone API
Reseller Toolkit

For today, let’s focus on FREE. What a free Anveo account gets you is AMAZING. In addition to another SIP URI with fax support for your server, you also get access to Anveo’s Call Flow Builder to create templates with up to 10 items. None of it costs you a dime! Just sign up for a new account at anveo.com using the Nerd Vittles referral code: 9625450. That gets us a few shekels to keep the lights burning if you ever start spending real money with Anveo.

The shining star of Anveo is its drag-and-drop Call Flow Builder. The icing on the cake is Anveo’s Phone API which we will leave for exploration on another occasion. For Asterisk aficionados, think of Call Flow Builder as a drag-and-drop interface that actually creates Asterisk dialplan code on the fly. While you can create your own, there also is an impressive collection of sample templates from which to choose. Each takes less than 30 seconds to set up, and every template that you create gets its own dedicated SIP URI. For example, one click gets you a Fax-to-Email delivery service using any DID or SIP URI in your account. Another click gets you a Stealth AutoAttendant including automatic fax detection with email fax delivery plus SIP URI call forwarding, all for free. Very impressive! Here’s what it looks like when configured to send fax calls to email and non-fax inbound calls to Lenny. As we noted, this took less than 30 seconds to set up using a default template with any free Anveo account. All that we added was a SIP URI in the SIP Call Control by clicking on the Pencil icon to edit. Then we clicked SAVE in the blue title bar and, presto, Lenny worked!

First things first. Once you’ve signed up for a new account at anveo.com using the Nerd Vittles referral code: 9625450, Anveo will email your credentials. Sign in and activate a new SIP account. In order to register the Anveo SIP trunk with your Asterisk server, you’ll need two pieces of information which you will find under PBX -> Users/sub-accounts -> action.Preferences -> SIP Device Registration: Username and Password.

Once you have your username and password, open up FreePBX and add a new SIP Trunk with your credentials. You can create a custom DID for your trunk by tacking something like /12345 onto the end of the Registration String below.

Next, add an Inbound Route using the Custom DID you created above. Point it to an extension or other resource on your system. Then check to make sure your SIP registration was successful: Reports -> Asterisk Info -> SIP Info.

No exposure of your server to the Internet through your hardware-based firewall is required. However, for those using IPtables WhiteLists or Travelin’ Man for enhanced security, you will need to manually add a SIP entry for sip.anveo.com to /etc/sysconfig/iptables and restart IPtables. The appropriate entry should look like this:

-A INPUT -p udp -m udp -s sip.anveo.com --dport 5010 -j ACCEPT

Here’s what free gets you in addition to 15 megs of online storage for voicemails and faxes:

And Finally… The Magic. You now can receive free inbound SIP URI calls at zero cost from anywhere in the world using SIP/1555ACCOUNTNUMBER@sip.anveo.com:5010. And, if you prefer a more user-friendly SIP URI, take a look at last week’s Nerd Vittles cloaking service offering which is also free. Enjoy!

SIP URI Pricing Clarification. Inbound calls to your account’s SIP URI are always free. That means you can register an Asterisk trunk to your Anveo account, and all incoming SIP calls from your Anveo SIP URI will be free. If you sign up for a free IPKall DID as explained in our previous article, you’ll have a near perfect (and free) VoIP platform for your home or office. Give Lenny a try using our Anveo/IPKall/RentPBX combo:

On the Anveo Value Plans (see the DID screenshot above), be aware that calls using Call Flow templates that rely upon an additional Anveo SIP URI count against your daily bucket of "platform minutes." Free accounts get 40 free minutes a day. Business accounts get 150 minutes a day. Additional calls are billed at 1.5¢ per minute.¹

A Word of Caution. For those considering commercial or home use of Anveo for "real calling," be advised that Anveo recently changed their pricing model on calls terminated in the United States. Some of these calls now are $.005 per minute while others reportedly were as high as $.25 per minute! Pricing has changed every day this week. We would encourage you to find a different termination provider if costs are a consideration. After four attempts to implement a tiered pricing model for U.S. terminations, Anveo rolled back to flat rate pricing on Thursday evening. See the DSL Reports message thread for details.

Deals of the Week. There’s still an amazing deal on the street, but you’d better hurry. A new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage which will help avoid another PIAF Forum disaster.

Originally published: Tuesday, September 3, 2013 Last updated: Thursday, September 5, 2013

Need help with Asterisk? Visit the PBX in a Flash Forum.

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

We inquired about the SIP URI pricing with Anveo tech support. Their response is included in this section. The remainder of the article already had been written before contacting Anveo. In responding to the support request (in less than 10 minutes), Anveo generously offered us the use of additional platform minutes and a $5 "slush fund" for future testing and purchases of Call Flow PRO items (4¢ each). While we all may have our price for slanting reviews, we want to assure everyone that Anveo’s generosity in no way affected the contents or views expressed in this article. The FTC and NSA now can resume their naps. [↩]

A Second Look at Grandstream’s UCM6100 Asterisk PBX & Some SIP Surprises

Tuesday, August 27, 2013

What a difference a couple months make! For those that are keeping an eye on the UCM6100 Asterisk® PBX from Grandstream, we wanted to provide some additional insights based upon two firmware updates that Grandstream has released since the PBX was first introduced earlier this summer. The short version of this story is Grandstream has addressed most of the open source issues and they’ve resolved well over a hundred bugs. In addition, they’ve published excellent documentation on the PBX in addition to a tutorial on how to interconnect the UCM6100 with other devices including FreePBX®-based Asterisk servers such as PBX in a Flash. So we are pleasantly surprised by Grandstream’s efforts to address many of the concerns that were raised by some of us in the open source community.

UPDATE: Here’s a newer Asterisk appliance for under $30.

Let’s talk about functionality. While the system is still closed in the sense that you can’t add your own Asterisk dialplan code, there’s a lot to like about an under $300 turnkey PBX platform that offers 2 FXO and 2 FXS ports plus most of the feature set you’d find in a $5,000 to $10,000 PBX. And, yes, it even does faxing. The device is especially appealing for organizations that have numerous satellite offices with minimal technical expertise on site. Did we mention you also can backup and restore or even clone multiple units in a matter of minutes using the web-based GUI and an SD card.

We’ve saved the best for last. The silver lining may very well be the functionality boost you’ll get from the addition of a $100 OBi202 device with a Bluetooth adapter.¹ This dynamic duo provides turnkey Google Voice support plus Bluetooth cellphone integration which means your cellphone becomes a transparent component in your PBX. When you’re in the office, calls to your cellphone can be managed through the PBX. When the Internet dies, outbound calls from users of the PBX can be routed out through your cellphone. And there’s support for up to three more SIP trunks from many of your favorite providers. Here’s a quick tutorial on how to integrate sip2sip.info and free SIP URIs.

If you glance up at the status screen shot, you’ll see that we have a SIP trunk registered to our primary PBX in a Flash server for transparent calling between extensions on both systems, a Google Voice trunk registered with the OBi202 for free calling in the U.S. and Canada, a second analog trunk registered to the Bluetooth port on the OBi202 to handle cellphone connectivity, a SIP extension registered to a Yealink T46G desktop SIP phone, and an analog extension registered to a collection of Panasonic analog (DECT) cordless phones. We have a Conference Room preconfigured and a Parking Lot to support 5 calls. In addition, there’s voicemail for each extension and an IVR setup (shown below) with virtually the same options you’d have with FreePBX. This is not some half-baked, crippled PBX. Mark Spencer & Co. developed the Asterisk-GUI which is what lies under the UCM6100 covers… and it shows.

Are we switching and dumping PBX in a Flash, Incredible PBX, and FreePBX? Of course not. But, having supported dozens of remote sites staffed with a handful of employees and no technical staff in a prior life, all I can say is this device would have been a godsend. It’s worth a careful look as a supplement to a full-featured central office Asterisk PBX.

Some SIP Surprises to Celebrate the End of Summer

Cloak & Dapper. If you like the clothes, then you’ll love this addition for your PBX. We’ve been exploring SIP URIs and free calling recently, and the one addition that many were clamoring for was an easy way to translate a SIP URI from sip2sip.info or voip.ms into an address using your own domain. By cloaking the address, your email and your "phone address" actually can match. So you can use joe@schmo.com for your email address and joe@schmo.com for your SIP URI as well. Unfortunately, DNS doesn’t speak SIP directly so it takes a little data manipulation to make this work. @w1ve, one of the PIAF resident gurus, actually discovered the sipcloak.org service in New Zealand. But, because of geographical limitations and the fact that it’s not open source, we preferred a home-grown solution. Thanks to the genius of Bill Simon, the magic of YATE, and the hosting generosity of RentPBX², we now have redundant SIP cloaking servers on the east and west coasts of the United States. To use the service, just add the following records to DNS substituting your own domain and user entries. Once installed, you can receive SIP URI calls using bert@schmo.com or ernie@schmo.com. The PHP source code customized for YATE is available on GitHub. Our extra special thanks to Bill, Diana, and Iman who made this possible!

_sip._udp.schmo.com. IN SRV 10 10 5060 east.pbxinaflash.com. _sip._udp.schmo.com. IN SRV 10 10 5060 west.pbxinaflash.com. sip-bert.schmo.com. IN TXT "123@sip2sip.info" sip-ernie.schmo.com. IN TXT "456@sip2sip.info"

Introducing SIP.US. We’re delighted to introduce a new SIP trunking provider and supporter for the PBX in a Flash project. While Vitelity³ remains the perfect choice for those wanting stellar reliability and pay-as-you-go convenience at rock-bottom pricing, there are organizations that actually need dedicated SIP trunks with an unlimited calling option. And, of course, in the VoIP world, redundancy is a good thing. With today’s special offer for PBX in a Flash users, SIP.US finally hits the $20 magic price point that many of us have clamored for. They also have an incredibly simple and secure module for FreePBX that makes setup a breeze. Here are some of the other advantages the SIP.US service offers:

The signup process couldn’t be easier. Sign up at our link using the PIAF promo code. Choose a free DID and obtain your security PIN for the FreePBX module from SIP.US. Finally, download the SIP.US module for FreePBX to your desktop and install it using Module Admin. Activate the module and enter your security PIN when prompted. That’s it! SIP.US handles the rest of the FreePBX setup process automagically. Give them a try. We think you’ll be delighted.

Deals of the Week. There are a couple amazing deals on the street, but you’d better hurry. ObiHai has all of their telephone adapters on sale at Amazon this week. Click on the Obi110 link in the sidebar to check out the latest pricing. A new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage which will help avoid another PIAF Forum disaster.

Originally published: Tuesday, August 27, 2013

Need help with Asterisk? Visit the PBX in a Flash Forum.

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

Some of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. [↩]
The $15 a month RentPBX hosting special for PBX in a Flash servers in the Cloud is still available through the link in the right sidebar of Nerd Vittles. Better hurry! [↩]
Vitelity has been and remains a loyal financial backer of the Nerd Vittles and PBX in a Flash projects. We appreciate Vitelity’s continuing support and encourage all of our readers to try out their service with the special pricing included toward the end of this article. [↩]

Practicing Safe SIP: Adding SIP URI and Free DID Connectivity to Asterisk

Monday, August 19, 2013

Last year, we began our exploration of safe SIP options for Asterisk® by introducing a hybrid solution using VoIP.ms for a registered SIP trunk and IPkall for a free DID. Today, in addition to a free IPkall DID to accept incoming PSTN calls, we have a slightly different approach that provides a direct SIP URI address from Sip2Sip.info for your server. As with the original tutorial, today’s implementation preserves our Zero Internet Footprint™ design for total SIP insulation of your server from the Internet. And all of the components to deploy today’s solution are completely free.

PBX in a Flash™ has a long (safe) history in the VoIP community, and the major reason is that we constantly preach never directly exposing any ports on your Asterisk server to the Internet without implementing a WhiteList of safe IP addresses. This Zero Internet Footprint™ design keeps everybody out except a trusted, defined group on your WhiteList. For everyone else, they never see your server. So how do you receive calls?

You do it with phone numbers (DIDs) or SIP URIs tied to registered Google Voice, SIP, and IAX trunks from reputable providers. Because these trunks have constant registrations with safe service providers on the Internet, calls to these DIDs and SIP URIs can flow in and out of your server without exposing your server directly to the Internet. Callers still can contact you, but they do it through an intermediary with whom you have a registered SIP trunk. Thus, the SIP vulnerability (if there is any) remains with the SIP provider and never with your server directly.

For today’s tutorial, we’ll be using the latest and greatest PIAF-Green™ Virtual Machine featuring Asterisk 11 and FreePBX® 2.11. We also recommend installation of Incredible PBX™ 11 which includes Travelin’ Man™ 3 to provide secure WhiteList management for your Asterisk firewall. Here are links to the PIAF-Green VM with Incredible PBX 11 as well as the Travelin’ Man 3 tutorial to get you started. We recommend you configure this using a VirtualBox® virtual machine on your favorite desktop computer just to get comfortable with the setup. Then you can repeat the drill using a dedicated or cloud-based server once you’ve mastered the basics. All of today’s setup will work without making any adjustments to your hardware-based firewall which should be sitting between your desktop computer and the Internet.

Registering for a Sip2Sip Account. Once you have the VoIP platform in place with Asterisk 11, FreePBX 2.11, Incredible PBX 11, and Travelin’ Man 3, you’re ready to add a SIP trunk from Sip2Sip.info. Just sign up for a free account on their site leaving the Account Name field blank. They will email you your credentials. Click on the provided link in the email to access your new account at http://x.sip2sip.info. Your account name will consist of a 10-digit-number@sip2sip.info. To log in, use the default SIP address as shown and leave the password field blank. Then click Login Now. Immediately click on the settings tab, choose an 8-digit numeric password, disable your Voice Mailbox, and click the SAVE button. Your Sip2Sip account is now secure unless someone is lucky enough to guess your password from the 100 million possibilities. You’ll need your 10-digit SIP account number and password to set up your SIP trunk on your Asterisk 11 server in the next step so write them down and then log out of your Sip2Sip account!

FreePBX and Asterisk Configuration Overview. Using a web browser, log into FreePBX® on your server. We’ll need to create several items to get everything working. First, we’ll add a new SIP trunk with your Sip2Sip credentials to handle incoming calls. Second, we’ll add a Custom Trunk to handle outbound calls to Sip2Sip. Third, we’ll add an Inbound Route to process incoming calls. Fourth, we’ll add an Outbound Route so that you can make calls using your outbound Sip2Sip trunk. Calls to other Sip2Sip numbers are free. For the rest, you’ll pay a per minute fee. Whether to use the pay service is completely up to you! Finally, we’ll log into your server as root and add Sip2Sip to your IPtables WhiteList and make two manual adjustments to the Asterisk dialplan to accommodate Sip2Sip’s way of handling SIP calls. Then we’ll restart Asterisk, and you’re done.

Connectivity -> Trunks -> Add SIP Trunk
Connectivity -> Trunks -> Add Custom Trunk
Connectivity -> Inbound Routes -> Add Incoming Route
Connectivity -> Outbound Routes -> Add Route
Enable Sip2Sip in your IPtables WhiteList
Add srvlookup=yes in sip_general_custom.conf
Set enable=yes in dnsmgr.conf
Restart Asterisk: amportal restart

Adding Sip2Sip SIP Trunk. While logged into FreePBX 2.11, choose Connectivity -> Trunks -> Add SIP Trunk. Fill out the form like this using your Sip2Sip 10-digit number and password. Unlike some trunk setups, entering your actual 10-digit Sip2Sip number as the Outbound Caller ID is mandatory, or inbound calls will be rejected by your server. Replace 223XXXXXXX with your actual 10-digit Sip2Sip number in the five places shown below. Replace 12345678 with your actual Sip2Sip password in the two places shown below.

Trunk Name: Sip2Sip
Outbound Caller ID: 223XXXXXXX
Dial Pattern: leave blank
Trunk Name: sip2sip
Trunk Details:

type=peer
canreinvite=no
nat=yes
qualify=yes
domain=sip2sip.info
fromdomain=sip2sip.info
outboundproxy=proxy.sipthor.net
fromuser=223XXXXXXX
defaultuser=223XXXXXXX
secret=12345678
insecure=invite
context=from-trunk
host=sip2sip.info&81.23.228.129&81.23.228.150&85.17.186.7

Register String: 223XXXXXXX:12345678@sip2sip.info/223XXXXXXX

Adding Sip2Sip Custom Trunk for Outbound Calling. While logged into FreePBX 2.11, choose Connectivity -> Trunks -> Add Custom Trunk. Fill out the form like this using the entries below:

Trunk Name: sip2sip-out
Dialed Number Matched Pattern: 223NXXXXXX
Custom Dial String: SIP/$OUTNUM$@sip2sip.info

Adding Inbound Route. Next you need to tell FreePBX how to process incoming calls from your Sip2Sip number. Choose Connectivity -> Inbound Routes -> Add Incoming Route and fill out the form to look like this. Change the destination to match whatever you prefer: an extension, ring group, IVR, etc. If you followed last week’s tutorial to install Lenny Encore, then you can choose Lenny as your destination as well.

Adding Outbound Route. Next you need to tell FreePBX how to process outbound calls to your Sip2Sip account. Choose Connectivity -> Outbound Routes -> Add Route and fill out the form to look like this. After you have saved your entries, make certain that you drag the sip2sip-out route to the top of your Outbound Route List (on the right side). Otherwise, 10-digit Sip2Sip calls may inadvertently be processed by one of your other trunks that handles 10-digit numbers. The 3333 and 4444 numbers are test accounts at Sip2Sip to enable you to try out connectivity.

Adding Sip2Sip to Your IPtables WhiteList. We’re assuming you already have installed Travelin’ Man 3 and secured your server by running /root/secure-iptables. If not, start there. Now we need to enable UDP SIP connectivity for Sip2Sip in your WhiteList by running the following commands while logged in as root:

/root/add-fqdn sip2sip sip2sip.info /root/add-ip sip2sip1 81.23.228.129 /root/add-ip sip2sip2 81.23.228.150 /root/add-ip sip2sip3 85.17.186.7

Making Asterisk Dialplan Adjustments. While still logged into your server as root, issue the following commands to finish up enabling Sip2Sip URI support in Asterisk. The last command verifies that your Sip2Sip trunk is actually registered.

echo "enable=yes" >> /etc/asterisk/dnsmgr.conf echo "srvlookup=yes" >> /etc/asterisk/sip_general_custom.conf amportal restart asterisk -rx "sip show registry"

Adding an IPkall DID for Your SIP URI. We’ve now completed all the steps necessary to receive incoming SIP URI calls using your new Sip2Sip URI: 323XXXXXXX@sip2sip.info. Anyone in the world can dial that SIP URI from a SIP phone, and the calls will be answered by your server. But suppose we’d also like folks to be able to pick up a Plain Old Telephone and call using Sip2Sip.info to route the incoming call through the SIP URI. Here’s the easy way to do it. Just sign up for a free DID at www.ipkall.com. After choosing an area code for your free number, you’ll be prompted for the following information. Here’s what you’d enter using today’s example:

Sip2Sip Phone Number: 323XXXXXXX
SIP Proxy: sip2sip.info
Email Address: your-email-address
Password: some-password-to-get-back-into-your-account

Once you’ve completed the form, submit it and wait for your new phone number to be delivered in your email. You should get it within a couple minutes so check your spam folder if you don’t see it. Congratulations! You’ve done everything you need to do for anyone to call you using either your Sip2Sip URI or your new DID number from IPkall.

It’s worth noting that IPkall recycles DIDs that aren’t used for 30 days. If you use Incredible PBX, the easiest way to assure you don’t lose your number is to set up a weekly recurring Telephone Reminder that calls your IPkall number.

Adding SIP URI Dialing with Your Own Domain. Thanks to a great tip from @w1ve on the PIAF Forum, you now can create free SIP URIs using your own domain. Here’s how.

Troubleshooting. If you experience intermittent congestion issues with attempted connections to your SIP URI, try the [from-sip-external] trick outlined in our PIAF Forum posting.

Add Free Calls to 40 Million Asterisk Servers with e164.org. While we’re on a roll of free calling, here’s a simple way to add free calling to 40 million Asterisk servers around the world. Just add your name and phone numbers to the e164.org registry at no cost and configure FreePBX with ENUM support. Then outbound calls to numbers in the e164 registry will always be free as well. The whole setup takes less than 10 minutes. Here’s how.

You already have a SIP URI for your Asterisk server from the Sip2Sip setup above. Now let’s get you signed up with an account on e164.org. Go to the web site and click the Sign Up tab. Go through the sign up drill and then log into your new account. Then click the Phone Numbers tab and add your IPkall phone number to e164. If you have additional DIDs, enter the area code and number for each of them. Then click the Next button. You’ll be warned about not having the number you’ve specified redirected to an IVR. If you already have this DID redirected to an IVR, change the routing temporarily to an extension that you can answer to obtain your PIN before you press Next to proceed. You’ll then be prompted for the SIP address to contact your server. Leave the default SIP protocol and plug in the address you were assigned by Sip2Sip. As soon as you click the Next button, your phone should start to ring, but there may not be a message when you answer. Hang up and wait for the second call within 15 minutes. It will include your PIN. Now click on the Phone Numbers tab and update your phone entry by choosing Enter PIN and typing your assigned PIN. Your phone number now has been activated with the e164 service. To complete the setup, you’ll want to click on the Do Not Call option and make your selections. You also can decide whether to list yourself in the ENUM White Pages directory.

Remember that the real purpose of this drill is to avoid charges when you place outbound calls to numbers in the ENUM directory. We merely added your numbers to e164.org so that others could benefit as well. So the final step before you can start saving money is to configure FreePBX to handle ENUM lookups for outbound calls from your server. One more observation may be helpful. You’ll recall that one of the limitations of FreePBX has always been that once an outbound route was chosen for a call, if the call was completed using the first destination trunk in that route, then the call processing ended there. ENUM adds a new wrinkle because we basically want to connect to ENUM to check for a free route and, if no matching entry is found, then we want the next trunk to process the call. As luck would have it, FreePBX has been tweaked to allow this scenario. All you have to do is create an ENUM trunk and then place it first in your sequence of trunks for each of your outbound routes. If an ENUM entry is found for the number you’re calling, the call will be routed as a free call with a direct SIP connection. Otherwise, the call processing will continue and the call will be routed using the next trunk specified in your outbound route.

There are two steps in FreePBX to implement ENUM. First, create a special ENUM trunk. Second, adjust your Outbound Routes to process outbound calls using the ENUM trunk first. Then the series of trunks you already have specified in each outbound route will be triggered if there is no ENUM path for your call. NOTE: You obviously wouldn’t do this for an emergency 911 outbound route.

In FreePBX, click Connectivity -> Trunks, Add ENUM Trunk. Enter your desired CallerID for these calls. Set a maximum number of channels, if desired, and then leave the other entries blank in most cases. Save your settings and reload your dialplan. Now click Connectivity -> Outbound Routes and adjust the sequence of trunks for each of your existing routes. Be sure to put ENUM in the top position of each desired route. Also make certain that all calls are dialed with a dial string of 1NXXNXXXXXX or NXXNXXXXXX with a Prepend entry of 1 as shown below. Enjoy!

Don’t forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. And add your new number to the Do Not Call Registry to block telemarketing calls. Or just call 888-382-1222 from your new number.

Deals of the Week. There’s still one amazing deal on the street, but you’d better hurry. A new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage which will help avoid another PIAF Forum disaster.

Originally published: Monday, August 19, 2013

Need help with Asterisk? Visit the PBX in a Flash Forum.

Don’t miss the first-ever FreePBX World on August 27-28 at the Mandalay Bay in Las Vegas. For complete details, see this post on the FreePBX blog.

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

2013 Greatest Hits: Lenny Returns for an Encore Performance

Monday, August 12, 2013 / 2 Comments on 2013 Greatest Hits: Lenny Returns for an Encore Performance

Nothing in the VoIP community this year quite captured the hearts and minds of geeks around the world like Brian West’s "Lenny." For anyone that’s ever been dogged by obnoxious telemarketers or that’s had to deal with less than lucid tech support inquiries, Lenny was a godsend. Finally, we all had a place to send those poor souls while getting our daily chuckle listening to the results. If you’re late to the party and missed all the fun, then start today by listening to some of the recordings posted on ItsLenny.com and Reddit. Our personal favorite has got to be the "security expert" explaining the discovery of a vulnerability in Lenny’s network:

[ca_audio url_mp3="http://www.itslenny.com/recording.php?file=4d8cde0cc5a4d86ccf221aa5b2903e95″ url_ogg="audiofile.ogg" width="400″ height="50″ css_class="codeart-google-mp3-player" autoplay="false" download="true" html5="true" skin="small" align="none"]

As if Brian needed another feather in his cap after FreeSwitch™, what made Lenny an instant hit was the ability to reroute telemarketing and blacklisted callers directly to ItsLenny.com headquarters for processing. The site provided numerous local phone numbers around the world as well as a SIP URI. For those in the PBX in a Flash™ and FreePBX® community, it was especially easy because of the Lorne Gaetz Lenny Blacklist Mod. By simply entering the SIP URI of Lenny, all of your telemarketers were immediately rerouted to Lenny. And then one day, The Music Died.

What? No more Lenny? Were we all destined to return to the screaming monkeys?

Well, not so fast. We got in touch with Brian to inquire about Lenny’s health. Brian explained that he was seeking a more robust home for our pal because of the tremendous response and worldwide usage of the ItsLenny.com site.

Brian also graciously offered permission to use the Lenny recordings for those that wanted to host their own "Lenny" during the interim. And that brings us to today. We’re not sufficiently proficient in FreeSwitch to offer an interim solution on that platform. And, for our shortcomings, we apologize. But what we can do is provide an Asterisk® alternative that you can host on your own server until Lenny returns to his former glory in his new home.

Introducing Lenny Encore! We’ve actually got a number of new creations to introduce today. First, we’ll give you a short law school lesson on the do’s and don’ts of recording phone calls. Second, today’s Lenny Encore dialplan code introduces the Asterisk BackgroundDetect function which actually waits for someone to speak and then proceeds when silence ensues. It’s not perfect, but it helps with applications like this and for applications that seek to detect the presence of answering machines when making robocalls. Third, we’ll show you how to use the Lenny Blacklist Mod in FreePBX to redirect blacklisted callers to any extension you wish rather than merely playing a congestion or Zapateller Special Information Tone (SIT). Fourth, we’ll show you how to record calls in Asterisk with one line of dialplan code. Fifth, we’ll document for the first time how to create a button on almost any SIP phone to reroute ringing (unanswered) incoming calls to another extension. Sixth, we’ll review how to safely set up your own SIP URI and Free DID to enable Lenny Encore access from anywhere. And, finally, we’ll provide you some links to take Lenny Encore for a test drive before you install anything. Please don’t use these links as a destination for your blacklist. The links will only be available for a few weeks. Now let’s get started.

Law School 101: Recording Phone Calls. For openers, this is not legal advice! Consult your own attorney for that. This is merely background information to hopefully alert you to some of the pitfalls which await should you decide to start recording phone conversations. One of the first things you learn in law school is that there’s a difference of legal opinion on almost every topic. That’s why both sides pay lawyers which is a good thing… for lawyers. So it is with the law pertaining to the recording of phone calls. Let’s start with the ABC’s of phone recording. Whether you can legally record a phone call between you and someone else depends upon several things: (A) the location of the person making the call, (B) the location of the person receiving the call, and (C) how the call makes the journey from Point A to Point B.

In some jurisdictions, you probably can’t record a phone call at all because you can’t legally operate an Asterisk server. In other jurisdictions, you can record a call if you give yourself permission to record your conversations with others. In a few jurisdictions (including at least a dozen states in the United States), both parties have to consent before you can record a phone call. In some of those, providing an announcement that you’re recording the call will suffice while in others you have to explain why you’re recording the call and allow the caller to opt out. At least in the United States, if the call crosses state lines then federal law may control; however, there may also be federal agency rules and regulations that impose additional constraints on interstate calls. In law school, there’s a full-semester course devoted to Conflict of Laws. What you need to know is that normally (but not always) the law of the jurisdiction in which the call is initiated controls. Clear as mud? You bet. Here’s the state-by-state and country-by-country breakdown of the rules for those of you that are curious. The moral of this story should be clear:

UNLESS YOUR INITIALS ARE NSA, DON’T RECORD PHONE CALLS UNLESS YOU’VE CONSULTED A LAWYER AND CAREFULLY EXPLAINED WHO THE CALLING PARTIES WILL BE, WHAT YOU INTEND TO RECORD, WHERE EACH POTENTIAL CALLER WILL BE CALLING FROM, WHEN YOU WILL BE RECORDING THE CALLS, WHY YOU ARE DOING IT, AND HOW YOU WILL BE RECORDING THE CALLS. And this isn’t going too well for the NSA either!

6 P.M. UPDATE: A couple of serious bugs were discovered in the initial release. If you’ve already installed Lenny Remake, please replace the original dialplan code using the following commands. Skip this step if you have not previously installed Lenny Remake. The first-time install instructions below have been corrected to remove the problem. Our apologies.

cd /tmp wget http://pbxinaflash.com/lsupport.tgz tar zxvf lsupport.tgz rm lsupport.tgz sed -i '\:// BEGIN Lenny Remake:,\:// END Lenny Remake:d' /etc/asterisk/extensions_custom.conf sed -i '/\[from-internal-custom\]/r /tmp/lenny.txt' /etc/asterisk/extensions_custom.conf rm lenny.txt rm 3.gsm asterisk -rx "dialplan reload" amportal a r

Installing Lenny Encore for the First Time. Now for the fun stuff. We’ve only tested this on PBX in a Flash servers running Asterisk 1.8 and Asterisk 11. For other platforms, there may be some prerequisites that you have to address. On the PIAF platform, log into your server as root. Then create and run a shell script that looks like this:
#!/bin/bash


mkdir /var/lib/asterisk/sounds/lenny

chown asterisk:asterisk /var/lib/asterisk/sounds/lenny

cd /var/lib/asterisk/sounds/lenny

wget http://pbxinaflash.com/Lenny.tgz

tar zxvf Lenny.tgz

rm Lenny.tgz
cd /tmp

wget http://pbxinaflash.com/lsupport.tgz

tar zxvf lsupport.tgz

rm lsupport.tgz

sed -i '\:// BEGIN Lenny Remake:,\:// END Lenny Remake:d' /etc/asterisk/extensions_custom.conf

sed -i '/\[from-internal-custom\]/r /tmp/lenny.txt' /etc/asterisk/extensions_custom.conf

rm lenny.txt

mv 3.gsm /var/lib/asterisk/sounds/lenny

cd /var/lib/asterisk/sounds/lenny

chown asterisk:asterisk *

chmod 755 *
echo " " >> /etc/asterisk/extensions_custom.conf

echo "[bridgit]" >> /etc/asterisk/extensions_custom.conf

echo "exten => 4,1,Pickup(701@from-internal)" >> /etc/asterisk/extensions_custom.conf

echo "exten => 4,2,Pickup(777@from-internal)" >> /etc/asterisk/extensions_custom.conf

echo " " >> /etc/asterisk/extensions_custom.conf
asterisk -rx "dialplan reload"

amportal a r

echo "Try it out by dialing 53669 from any extension on your PBX."

In the [bridgit] section of the code (at the bottom of the script), you’ll see two extensions in bold: 701 and 777. These represent a phone extension and ring group on your server that handle incoming calls from telemarketers. We’ll explain it in more detail shortly. For now, change the numbers to match your setup before you run the script. If you want to manage telemarketing calls from additional extensions with SIP phones, just add additional lines to the [bridgit] context incrementing the line numbers as you go, e.g. 4,3 then 4,4, etc.

Installing Lenny Blacklist MOD. To automatically reroute blacklisted callers to Lenny Encore, you’ll need to modify the blacklist processing setup in FreePBX. To do this, you first have to install the Lennny Blacklist MOD. Download it to your desktop from the Download Now link. Next, add it to FreePBX in the usual way: Admin -> Module Admin -> Upload Modules. Choose the Lenny Blacklist MOD on your Desktop. Once its imported, click on the Local Module Admin link to install and enable it. Once it’s enabled, open it under Other -> Lenny Blacklist MOD. Configure it to match what’s shown below:

Recording Calls with Lenny Encore. By default, Lenny Encore will do its thing with no call recording. If you and your lawyer think recording is a good idea, here’s how to enable it. Log in as root and edit extensions_custom.conf in /etc/asterisk. Simply uncomment the three lines near the top of the file that look like what’s shown below and reload your dialplan:

;exten => 53669,n,MixMonitor(/tmp/Lenny/${RECORDING}.wav) ;exten => 53669,n,NoOp(Recording will be available: /tmp/Lenny/${RECORDING}.wav) ;exten => 53669,n,Playback(en/this-call-may-be-monitored-or-recorded)

This gets the recordings saved to the /tmp/Lenny directory on your server, but these file collections can grow large. We recommend emailing them to yourself in MP3 format once a day and then deleting them. Here’s how to set this up:

cd /root wget http://nerdvittles.com/convert2mp3.tar.gz tar zxvf convert2mp3.tar.gz nano -w convert2mp3.sh

When the editor opens, plug in your email address for delivery of the files and then save the modified script. Now add an entry to /etc/crontab that looks like this:

6 1 * * * root /root/convert2mp3.sh >/dev/null 2>&1

Reroute Ringing Calls to Lenny Encore. We’ve never seen this documented for Asterisk so here’s a bonus for this week. Have you ever wanted to reroute an incoming call to another extension while it was ringing so that you didn’t have to answer, tell the caller to hold, and transfer the call? Well we have, too. That’s especially true in the case of telemarketers and politicians.

As part of the Lenny Encore dialplan code, we’ve added the necessary piece to get this working on many SIP phones with a spare button that can be pressed to dial a number. Many phones call it a Speed Dial entry. Just create a Speed Dial entry for your phone that looks like this:

Now, when the CallerID shows an annoying caller is ringing, just press the Lenny key!

But suppose you want to make this more generic. If you’d like to be able to press the Lenny key and be prompted for the extension number to which to forward the incoming call, then edit the 536691 dialplan code (as we did with call recording) and uncomment the following lines:

;exten => 536691,n,Flite("After the beep, enter extension or press pound for Lenny.") ;exten => 536691,n,Read(SENDTO,beep,7) ;exten => 536691,n,GotoIf($["foo${SENDTO}" = "foo"]?5:6)

If you hit the Lenny key while an incoming call is ringing and enter an extension number followed by #, then that’s where the call will go. If you just hit #, then Lenny Encore gets the call.

Taking Lenny Encore for a Test Drive. We’ve set up a temporary site to let you try Lenny out before installing on your own server. Just call 1-206-424-6913 or use either of the following SIP URIs: 2233435945@sip2sip.info or lenny@nerdvittles.com. Our next article shows you how to do it yourself!

Upgrading Lenny Encore. This project is still a work in progress. What that means is the code is changing almost daily. You can replace your setup with the latest code by following the 6 p.m. update procedure documented above. This will reset your system to NO RECORDINGS in addition to loading the latest dial plan code. Your feedback is, of course, always appreciated. Come join the fun!

More Lenny Encore to Come! Well, that’s enough to keep you busy this week. Next week (now available!), we’ll walk you through setting up a safe SIP URI and free DID to handle inbound calls for Lenny or any other purpose on your PBX in a Flash server.

Deals of the Week. There are a few amazing deals still on the street, but you’d better hurry. First, for new customers, Sangoma is offering a board of your choice from a very impressive list at 75% off. For details, see this thread on the PIAF Forum. Second, a new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage, too, which will help avoid another PIAF Forum disaster. Finally, O’Reilly has over 1,000 Packt Ebooks on sale for 50% off until August 15. Only 3 days left!

Originally published: Monday, August 12, 2013

Need help with Asterisk? Visit the PBX in a Flash Forum.

Don’t miss the first-ever FreePBX World on August 27-28 at the Mandalay Bay in Las Vegas. For complete details, see this post on the FreePBX blog.

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

Introducing the Grandstream UCM6100 Asterisk PBX: So Close But So Far Away

Tuesday, July 30, 2013 / 5 Comments on Introducing the Grandstream UCM6100 Asterisk PBX: So Close But So Far Away

UPDATE: Here’s a newer Asterisk appliance for under $30.

Grandstream has done with Asterisk what Samsung and others did with Android. You basically take a freely available, open source toolkit and transform it into a terrific piece of turnkey hardware with tremendous savings in development costs. While it’s great for consumers, to us it highlights what is wrong with the GPL2 license which lets companies do this in the first place. These for-profit companies give almost nothing back to the open source community. Remember, it’s not their toolkit which took talented (and uncompensated) developers hundreds of man-years to construct. In Samsung’s case, they built closed source smartphones and tablets. With the Grandstream UCM6100 series, you get closed source PBXs. What’s wrong with this picture? Lots! You’re taking someone else’s work product, embellishing it to make a profit, and returning nothing to the open source community that made your open source product possible in the first place. Don’t get us wrong! We love Samsung’s smartphones and tablets. We’ve owned at least a half dozen of them. And Grandstream’s UCM6100 is an incredibly useful appliance for home offices as well as small and large organizations. We can think of a thousand use cases for the UCM6100 in the corporate and government workplace. If done right, it could easily have replaced the $200,000 PBX that supported 100+ employees in one of my former organizations. We also should note that Grandstream isn’t the first company to attempt this feat with Asterisk. Read Tom Keating’s excellent article for the history. And don’t forget the AA50 for a few cents more. 🙂

What is disappointing is that all of these products would be so much better and so much safer if the companies would open source their code and encourage community development to finish the job they started.¹ No individual and few companies could match the hardware development platform that Samsung and Grandstream have managed to put together. In Grandstream’s case, you can buy the UCM6102 at retail for $264! It includes two FXS ports for devices such as fax machines and two FXO ports for interconnecting your Ma Bell PSTN trunks to a one-pound SIP powerhouse. That $264 buys you an incredibly attractive piece of hardware with an LCD that tells you everything about your PBX at the click of a button. And there are small LEDs to display the status of the LAN, WAN, USB, SD card, Phone, Fax, and both Telco lines. The device can sit under your phone on your desk in a SOHO office, or it can be wall-mounted in the closet of a bank’s branch office. Models are also available with 4 FXO ports (pictured above) as well as 8 and 16 FXO ports. One of these could meet the needs of almost any organization, regardless of size. Amazing hardware technology, really!

The web-based software user interface (UI) is no less impressive. FreePBX® has been our development partner on open source Asterisk® projects for the better part of a decade. To say they’ve made Asterisk what it is today is an understatement. Asterisk is a toolkit. FreePBX makes it a useful PBX for millions of users around the globe. Having said all of that, competition makes the world go ’round. And Grandstream has built an impressive UI for the UCM6100 devices. What is more amazing is to compare the performance of the Grandstream device to our own Incredible PBX for the Raspberry Pi which runs with Asterisk and FreePBX on a virtually identical processor with the same memory constraints as the UCM6100 devices. Night and day is the only way to sum it up. The Grandstream PBX literally runs circles around the Raspberry Pi in hardware and UI performance. In fact, you would never know the Grandstream PBX wasn’t running on a quad-core processor with several gigs of RAM if you were judging by performance. And there’s even a little fan that comes on about once an hour as if to remind you that there’s a real computer under the covers.

After receiving our UCM6102 late last week, we put it through its paces. We set up extensions and trunks and ring groups and outbound routes and inbound routes. We tested voicemail. We configured an IVR. We uploaded custom voice prompts. We tried out the Parking Lot and Call Forwarding and Conferencing. It all worked swimmingly, and configuration took only minutes with the web-based UI which was quite intuitive given its similarity to older releases of FreePBX such as 2.8 and 2.9.

But, in the words of Geoffrey Chaucer, "All good things must come to an end." Our next mission was to interconnect the UCM PBX with one of our existing PBX in a Flash servers. After all, the real utility of a turnkey PBX appliance like this would be to support a branch office with no technical staff in residence. This would allow a bank or a hospital or a real estate company to interconnect sites with extensions at each site that could transparently connect to each other. For example, dialing 5000-5099 would ring phones in the main headquarters while dialing 5300-5399 would ring phones in branch office #3. For this to work in the Asterisk environment, we need password-protected trunks on each Asterisk server that interconnect the PBXs to each other to form a meshed network. It’s not difficult, and we’ve explained how to do it in previous Nerd Vittles articles using PBX in a Flash as well as Incredible PBX for the Raspberry Pi.

Trunk to Trunk Server Connections. As the screenshot above shows, connecting a trunk from the Grandstream PBX to our Asterisk server was a breeze using both SIP and IAX trunks. But attempts to connect a trunk from the Asterisk server to the Grandstream PBX using both SIP and IAX failed with password errors. When we alerted the Grandstream development team, suffice it to say they were confused. Did we mean we wanted to connect a remote Asterisk server to an extension on the UCM6100? That was the first hint that all was not well in Asterisk Land. It became readily apparent that the developers were quite adept at mimicking the functionality of FreePBX to create a powerful PBX. But they lacked an in depth understanding of some of the Asterisk fundamentals. While the Grandstream development team was incredibly responsive, it reinforces why open sourcing their code would provide huge benefits not only to others but also to their own project. It gets worse, unfortunately, much worse.

To make a long story short, it doesn’t appear that safely interconnecting trunks between Asterisk servers and the Grandstream devices is available at least at this juncture. What is possible and what the Grandstream developers documented is the ability to create a trunk on a remote Asterisk server that registers to an extension on the Grandstream PBX. But this still did not enable users on remote Asterisk servers to call extensions on the Grandstream PBX unless the Allow Guest Calls option was enabled in the device’s SIP settings. That didn’t make a lot of sense to us if, in fact, the remote Asterisk server was actually registered to the Grandstream PBX. So we changed the password on the extension to make sure the registration would fail. And, yes, you still could make calls to the Grandstream PBX extensions so long as Allow Guest Calls was enabled. Did we mention? It gets worse, much worse.

IVR Vulnerability. Remember that IVR setup we mentioned? By default, it sits on extension 7000 on the Grandstream PBX. We called it from an extension on the remote Asterisk server, and it worked as expected even without a valid SIP registration so long as Allow Guest Calls was enabled. You probably can guess what our next test was. We disabled Allow Guest calls and attempted to call an extension on the Grandstream PBX. It rang busy as it should. We then dialed extension 7000, and guess what? The call went through. Whoa! Remember, SIP guest calls had been disabled, and there was no SIP registration because of a password mismatch. In short, anybody from anywhere that knew the public IP address of our Grandstream PBX could now connect to any IVR on the device just by knowing that the IVRs begin with extension 7000. It’s a classic dial plan mistake of letting external calls bleed into privileges which should be reserved for internal users. For security and other reasons, it’s also why FreePBX does not assign extension numbers to IVRs. But there’s more.

Stealth AutoAttendant Gone Bad. As you can see from the IVR Setup screen shown above, two of the options available when setting up an IVR are to enable calls to Extensions and to Trunks. Many administrators as well as casual users that barely understand what they’re doing probably would enable these features believing the options would be restricted to local use by the default guest call restriction. Wrong! What it means in terms of this security lapse is that now any anonymous caller with your IP address can dial into your Grandstream PBX and, while the IVR announcement on the default IVR extension (7000) is playing, the anonymous caller can dial any Extension or any long distance call supported by the Grandstream PBX trunk configuration so long as these options were enabled in the IVR. In Nerd Vittles parlance, think of it as a remake of our Stealth AutoAttendant with Public DISA Connectivity… for the world!

FXO/PSTN Warning. In discussing this with Tony Lewis of Schmooze and FreePBX fame, he reminded me that we’re talking about a PBX that’s been designed for business use with FXO ports and PSTN trunks. So, while the SIP vulnerability at least required that someone know the IP address of your PBX, once you connect PSTN lines to the Grandstream PBX and answer incoming calls with an IVR on the system, all bets are off. Anonymous bad guys now can place PSTN calls to any published phone number for your server that happens to connect to an IVR. These calls then can be used as the springboard to place outbound calls to anywhere the PBX trunk setup permits. Get out your checkbook!

http://www.youtube.com/watch?feature=player_embedded&v=Varwjb-eJjw

Syslog Configuration. We have another concern with the device as well. The default syslog setup sends information to log.ipvideotalk.com which is a server registered to Grandstream Networks in Los Angeles. With a closed platform, you have no way to decipher what is actually being sent without putting Wireshark on the line and monitoring it. While we are not suggesting that Grandstream has anything but the best of intentions, we think it’s a better practice to allow folks to opt in to monitoring systems, particularly ones that provide as much confidential information as the Asterisk syslog setup.

Other Security Issues. Having owned the device for only a few days, we obviously have not tested all of the potential attack vectors. There are other anomalies in the dial plan code which we really can’t quite figure out without seeing the actual code. We were going to try to document an equally serious issue with the trunk peering, but your head would probably explode just trying to wrap your head around the problem. Ours did! Suffice it to say, with a single outbound route to a registered trunk that has failed to register, all outbound calls initiated by internal and external callers should always fail. They don’t! We’re also unclear whether the appliance provides SSH access for the root user. In any case, you aren’t provided the password. That could potentially be a problem if, in fact, a root account is enabled on the appliance. Finally, we should note that, according to the GPL materials published by Grandstream, this appliance is running Asterisk 1.8.9.3. Twenty-five versions of Asterisk 1.8 have been released since that offering appeared eight months ago. Some of those updates patched serious security vulnerabilities in the Asterisk 1.8 code.

Until Grandstream addresses some of these security issues, you are well advised to only operate a Grandstream PBX behind a secure, hardware-based firewall with no Internet port exposure. We would caution against connecting PSTN trunks to the device at this juncture. If you’re feeling lucky, a possible option for the time being would be to disable IVRs and especially the extension and trunk dialing options. That alternative unfortunately defeats the real purpose of buying these devices.

I Have A Dream. Not to beat a dead horse, but discoveries like this reinforce the need for companies such as Grandstream to revisit their design strategy and give serious consideration to open sourcing their code. After all, Grandstream is primarily a hardware company, and they could sell a gazillion of these appliances if the platform were open. We’ve hurriedly compiled a list of features that currently are missing which could be added almost overnight if this were an open source project. The PBX in a Flash development team would be at the front of the line to assist!

No text-to-speech functionality

No speech-to-text functionality

No (intended) DISA functionality (but data is collected in syslog??)

No ability to load custom dialplan code

No AGI/PHP script support

No Google Voice support for free calling in U.S. and Canada (add it for $30 like this)

No SIP/IAX trunk registrations from remote Asterisk servers

No incoming calls except via anonymous SIP or PSTN (nixes interoffice setups for extensions)

No traditional fax support except using fax machine on FXS port (T.38 is supported)

No access to Asterisk CLI for debugging or otherwise

Crippled SSH access (basic config info, set/get variable, upgrade, reboot, reformat)

No VPN support

No SIP security with Internet exposure

No Fail2Ban support

No WhiteList security to lock down the server

Recommendations. In closing, we don’t mean to suggest that security vulnerabilities never occur in open source code, but open source does guarantee that hundreds if not thousands of developers would be reviewing the code rather than a handful of people that may not fully appreciate all of the nuances of Asterisk. And each time a discovery like this occurs that has the potential of costing unsuspecting companies thousands of dollars in unanticipated phone bills, it gives Asterisk an undeserved black eye. Issuing a patch unfortunately won’t cure this problem for most purchasers because most purchasers never upgrade firmware on appliances.

We hope Grandstream will either pull the devices from the marketplace until the default firmware is fixed or place a big orange warning sticker on the boxes warning purchasers to upgrade the firmware and explaining the consequences of not doing so. Better yet, do the right thing and open source the platform and the code so that others can benefit from Grandstream’s development work on what still could be an incredibly useful and amazing device.

July 31 Update: After an exchange of emails with Grandstream, we have a better understanding of their call routing methodology that we want to pass along. It should be noted that the security holes we documented still exist, but there are mechanisms in place to stop the bleeding… if you know how to use them. Grandstream relies upon a set of Privilege Levels for extensions and IVRs as well as inbound and outbound routes. These include Internal, Local, National, and International. Only Extensions and IVRs with matching or higher privileges can use Inbound and Outbound Routes of a matching or lower privilege level. Read that again! It’s important. For example, if an extension has Internal privileges (the default), then that Extension can only access Outbound Routes designated as Internal. Calls to other numbers will fail. Unfortunately, all routes default to Internal, and this security mechanism is barely documented in the User Manual. Unlike FreePBX which uses Outbound Routes to connote calls leaving your server, Outbound Routes in Grandstream parlance are a set of dialplan rules for every call. Stated differently, to have a secure system, you need to create an Outbound Route for every possible type of external AND internal call. The same holds for Inbound Routes. Here’s an example of how to safely configure Trunks and Extensions between the Grandstream PBX and a remote Asterisk server so that extension-to-extension calls can be made between the two offices while insulating your IVRs from the long distance free for all that we documented in the original article.

Unfortunately, the IVR setup is still buggy and hence vulnerable. As the chart at the end of this article makes clear, there presently is no way to configure an IVR in such a way that remote callers cannot make long distance trunk calls while local extensions can. The only options presently available are either to disable the Dial Trunk option or to set the IVR Privileges lower than the Privileges setting for your outbound trunks. Do NOT rely upon a separate IVR for local users with the Dial Trunk option enabled thinking you’re safe. You’re not! Our original article above explains the possible consequences.

Remote Asterisk Server Setup Using FreePBX. On our remote server, we want to create two Trunks and an Outbound Route. One trunk will be used to set up an outbound registration to an Extension on the Grandstream PBX. We’ll use this trunk to place calls to Grandstream PBX extensions, IVRs, and conference rooms. The other trunk will be used to authenticate an inbound registration from the Grandstream PBX. The Grandstream PBX extensions will use this trunk (with registration from the Grandstream PBX) to initiate calls to extensions registered on our remote server. The outbound route will be used to route calls using the outbound registration trunk to Grandstream PBX extensions, IVRs, and conference rooms.

Here is the outbound registration trunk to extension 5001 on the Grandstream PBX (192.168.0.120 in our example):

Here is the inbound registration trunk to authenticate the Grandstream PBX matching trunk:

Here is the outbound route that allows extensions on the remote server to call Grandstream extensions, IVRs, and Conference Rooms:

You would also want to create an Inbound Route for 5001 that sends incoming calls from dialing 5001 on a Grandstream PBX extension to a particular destination on your remote server. Otherwise, the calls would be processed using the FreePBX default inbound route if you happen to have one. In our setups, we typically point the default inbound route to an IVR or a receptionist’s extension.

Grandstream PBX Setup to Connect to Remote Asterisk Server. To make all of this work securely, we need to create an Extension to handle the inbound registration from the remote Asterisk server so that users on the remote server can call extensions, IVRs, and conference rooms on the Grandstream PBX. And we need a SIP trunk that will register to the remote Asterisk server so that Grandstream PBX users can call extensions on the remote Asterisk server. Then we need Inbound and Outbound Routes to lock things down. We’re using 192.168.0.181 as the IP address of the remote Asterisk server in this example. The key point in securing the Grandstream PBX is to assign the proper permissions to the Grandstream Extension and IVRs that will be used with remote server connections. Then elevate permissions where necessary on the Inbound and Outbound Routes to make sure only our truly local extensions can make calls using Grandstream long distance and PSTN trunks. Don’t confuse local extensions with Local permissions. A local extension is an extension that registers to the Grandstream PBX. Local permissions is a security level that means a particular resource can only do things with other matching Internal or Local resources and with no resources that have been assigned a higher permission level. Internal permissions means a resource can only do things with other Internal resources. Clear as mud? We know. Hang in there until we’re finished.

First, create extension 5001 that will be used by the remote Asterisk server to register with the Grandstream PBX:

Next, create a SIP Trunk that will register to the remote Asterisk server at 192.168.0.181. We’ve used 1234 as the password in our examples so plug that in for the time being. You obviously would want something more secure than that! You’ll note that you don’t assign a Permission level to a Trunk. That is handled in the Inbound and Outbound Routes which tie particular routes to designated trunks. So Trunks inherit their permissions based upon a matching route. We suspect this may be the root cause of the security holes that we’ve documented. If there is no specified route for a particular type of call, Grandstream is doing something internally to make a determination on whether to allow the call or not. In some cases, that determination just happened to be wrong.

For truly local users, i.e. extensions directly connected to the Grandstream PBX, you need to elevate the Permissions for those extensions to reflect the types of calls you want them to be able to make. Typical permission for these extensions would be National or International. The same holds true for IVRs. Elevate IVR permissions to restrict usage to your intended audience. Keep in mind that we’re treating calls to extension 5001 on the remote Asterisk server as Internal. That’s the bottom rung in the security ladder which means every local extension and IVR will be able to place calls to that extension. If this isn’t what you want, then you’ll need to elevate the 5001 extension permissions accordingly. For example, you may only want Grandstream PBX extensions with Local call permissions to be able to call extensions on the remote PBX. In this case, you would want to change the 5001 extension permission level to Local.

Let’s tackle the Inbound Routes next since this was the cause of the inability to connect to local Grandstream extensions from the remote server. If you’re using the default Grandstream setup, then you’ll need Inbound Routes for both _50XX extensions and _70XX IVRs to permit remote callers to connect with Grandstream PBX extensions and IVRs with Local permissions only. This means that even if they connect to the 7000 IVR, they will not be able to make long distance calls on your nickel even if Trunk dialing is enabled.

The Inbound Route rule for Extensions should look like this:

The Inbound Route rule for your IVRs should look like this:

The key point to keep in mind with Inbound Route IVR permissions is to keep the permission level LOWER than whatever permission level you assign to the Outbound Route for placing calls that cost you money, typically National and International.

Now let’s set up the Outbound Route to restrict outbound calls to 10-digit numbers for extensions, IVRs, and Inbound Routes to those with at least National permissions. Keep in mind you may need additional outbound routes with Local permissions for certain 10-digit numbers if your local calling area happens to include free calling to multiple area codes, e.g. Atlanta.

Depending upon your setup, you may need additional dialplan rules and outbound routes to handle 11-digit numbers which should be routed out through a PSTN trunk, e.g. 1NXXNXXXXXX. And because of the security hole, be sure to add a catch-all for international calls that requires International permissions. The dial string XXXXXXXXXXX. will catch everything not included in the NXXNXXXXXX and 1NXXNXXXXXX outbound rules.

Finally, you’ll need an Outbound Route that allows local callers on the Grandstream PBX to connect to extensions on the remote PBX. You typically would assign Internal or Local permissions to this route which would look something like the following depending upon the extension configuration on your remote PBX:

A Word of Caution on IVRs: In the Grandstream security model, IVRs have their own Privilege levels. At least at this juncture, that Privilege level can "promote" the permissions of a call that began at a lesser privilege level. For example, if your Inbound Route for 7XXX calls is assigned Local privileges and the 7000 IVR is assigned National privileges, an incoming call to 7000 from a remote PBX will "inherit" the National privileges of the IVR. This obviously should never be possible. Either the 7000 IVR should generate Congestion and not answer the call at all where the Inbound Route has lesser privileges than the IVR. Or, at the very least, those options in the IVR (including stealth extension and trunk dialing) that require National or International privileges should generate Congestion and disconnect the call. For the time being, ALWAYS set the Privilege level of an IVR to the lowest permission threshold to protect your server and wallet from the consequences of placing unintended toll calls. Here’s a little chart we put together to document the impact of merely changing the Privilege setting for the 7000 IVR:

Other Tips and Tricks. Here are a few other suggestions to expand the functionality of your Grandstream PBX:

Add Google Voice Support with an OBi Device

Add Bluetooth Cellphone Trunk with an OBi202

Add Free iNum Calling Worldwide with a VoIP.ms Account using an OBi202

Continue reading Part 2…

Deals of the Week. There are a couple of amazing deals still on the street, but you’d better hurry. First, for new customers, Sangoma is offering a board of your choice from a very impressive list at 75% off. For details, see this thread on the PIAF Forum. Second, a new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage, too, which will help avoid another PIAF Forum disaster.

Originally published: Tuesday, July 30, 2013

Need help with Asterisk? Visit the PBX in a Flash Forum.

Don’t miss the first-ever FreePBX World on August 27-28 at the Mandalay Bay in Las Vegas. For complete details, see this post on the FreePBX blog.

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

It turns out Grandstream may not have much of a choice but to open source their code. It now appears their PBX and User Interface are both based upon open source GPL2 software owned by Digium. [↩]

Taking a Page from Asterisk: How Far We Have Come

Monday, July 22, 2013

We’ve never written about paging technology before, and this is one of those areas of VoIP telephony where it certainly paid to wait. What a difference a few years makes! At least in the Asterisk® context, SIP-based paging traditionally involved issuing a Page command with a list of extensions in your dialplan. The wrinkle was that each VoIP phone manufacturer had its own SIP header to trigger autoanswer on its phones. And, without autoanswer, paging becomes next to worthless with desktop phones. Then came FreePBX®. It took all the pain out of the process by using the *80 prefix to issue a page to almost any type of SIP phone. The one wrinkle was that Grandstream and a few other phones require that autoanswer be enabled for paging in the device configuration. Aside from that, any user can pick up a phone on a PBX in a Flash system and dial *80707 to page extension 707 with duplex voice communications through the speakerphones, meaning both parties can talk and listen to each other, the perfect VoIP intercom. And, there’s more good news. Paging works with almost all of the major phone manufacturers’ phones: Aastra, Digium, Grandstream, Linksys/Sipura, Mitel, Polycom, SNOM, and Yealink. In addition, the SIP-compatible Cyberdata ceiling speaker and Cyberdata POE Doorphone/Intercom with Keypad function just like a SIP phone.

For small groups of phones, paging now works equally well using the FreePBX Paging Module which allows an administrator to preconfigure a group of phones, specify whether to skip busy extensions, barge into busy extensions and place existing callers on hold, or whisper the page to the busy extensions. You can even enable or disable duplex communications during the page. Think of it as instant conference. The module also provides the flexibility for individual phone users to block pages from one or more extensions or even all extensions. Finally, the module lets you create and save multiple configurations for different purposes, and you can designate an Announcement message that plays to every page recipient. For a historical look at the evolution of paging on the Asterisk platform, see Chapter 11 of Asterisk: The Definitive Guide (4th edition). Better yet, buy the book!

So why do we need paging? In the corporate setting, it provides a perfect emergency broadcast service for fires, earthquakes, patient escapes from the loony bin, etc. In a school setting, it could inexpensively replace costly public address systems requiring dedicated wiring, speakers, and amplifiers. The Asterisk paging solution has the added benefit of letting anyone broadcast from anywhere by simply picking up a nearby phone and dialing some (hopefully password-protected) extension number. Separate RTP streaming IP addresses also could be configured on departmental phones to allow automobile dealership zone paging for parts, sales, or service. So a receptionist could park a call and then announce it to a particular department by pressing a softkey on the sidecar. And you still could have an additional emergency channel that reaches everybody. Just set up a different number to page each zone as well as the entire organization.

So that’s where we were until a week ago when Brian Kelly of PIAF Forum fame began exploring Multicast RTP Paging with Asterisk and AirPlay. Think of Multicast RTP as a radio station that streams data on a particular IP address and port. If you happen to have Multicast-aware SIP phones, they can "tune in" to particular channels of interest. And, whenever a stream is broadcast on one of the channels the phone device is preconfigured to listen to, it will go off hook just as if it had received a page as outlined above. The major advantage to RTP streaming is that there is only a single stream of data on a single channel whereas paging to multiple extensions requires a channel of data for every extension. If you want to follow along with today’s project, just configure one of the Multicast RTP streams on your phone with the port and IP address shown below.

The wrinkle is your phone devices must support Multicast RTP streaming, and many current models do not. Our VoIP Phone of the Year, the Yealink T46G, qualifies. So do some of the Aastra, SNOM (v7), and Linksys/Cisco phones (with quirks!). And the Cyberdata speaker and doorphone (above) support Multicast RTP streaming as well. Digium Phones currently do not. If you know of other phones that support Multicast RTP streams, please post a comment. You’ll know if your particular phone supports it if it has a configuration section in the manual that looks something like this:

The good news is current versions of Asterisk including 1.8, 10, and 11 support Multicast RTP Streaming and PIAF-Purple and PIAF-Green come preconfigured for RTP Multicast Streaming. A single line of dialplan code is all you need to initiate a broadcast:

exten => 1234,1,Dial(MulticastRTP/basic/224.0.0.1:1234)

This would cause the Multicast RTP Stream broadcast to begin on port 1234 of IP address 224.0.0.1 as soon as someone on your PBX in a Flash server dialed extension 1234 and began to speak. Every phone or SIP device listening for broadcasts on port 1234 from IP address 224.0.0.1 would receive the listen-only page on their speakerphone.

Of course, Brian was not content to merely issue a page from Asterisk to his SIP phones. He wanted all of them to be able to listen to his iTunes music collection using his iPhone or iPad. This required AirPlay, but AirPlay can only stream to iOS devices. Well, not so fast. An enterprising guru on SourceForge created his own AirPlay emulator called Shairport4w. This is a Windows application that works just like an AirPort server. It "listens" for content from an iPhone or iPad that has designated Shairport4w as its AirPlay device. iTunes has the ability to stream music to any AirPlay device including the Shairport4w. So that was half of the puzzle. That got iTunes music playing great on the Windows desktop.

But we needed the other piece of the puzzle. We needed to push the music from the Windows machine to the SIP phones using Multicast RTP streaming. Brian found the missing piece of the puzzle for that as well. It’s called Multicast Streamer for Windows and it’s available at no cost from CodeProject. Simply download and unzip the bundle of goodies and run Multicast Streamer on your Windows desktop together with Shairport4w. Shairport4w captures the incoming AirPlay stream and pushes it to the sound card.

Now we simply need to configure the sound card as the input device for Multicast Streamer and make the appropriate settings to broadcast the RTP stream to port 1234 on IP address 224.0.0.1. This was the listening port and IP address we configured on our SIP phones. Be sure to also adjust the Samples per second to 8,000 and the Bits per Sample to 16.

Your mileage may vary but in our case the only output device showing on Multicast Streamer was Microphone. What we needed was Stereo Mix to capture data from the sound card rather than the microphone. If yours is missing, do the following. Right-click on the Speaker icon and switch to the Recording tab. If you don’t see Stereo Mix, then Right-click on an empty area and make sure that both "Show Disabled Devices" and "Show Disconnected Devices" are checked. When the Stereo Mix option appears, Right-click on it and check Enable. Set the level to 100. Now it will also appear as an input device when you restart Multicast Streamer. Choose it as the default input device, make sure all your other settings match what we outlined above, and then click Start to begin the stream. Now stroll over to your iPod music player app on your iPhone or iPad, choose Shairport4w as the AirPlay output device, and play away. To cancel the stream on any phone, just hangup the speakerphone. Enjoy!

Deals of the Week. There are a couple of amazing deals still on the street, but you’d better hurry. First, for new customers, Sangoma is offering a board of your choice from a very impressive list at 75% off. For details, see this thread on the PIAF Forum. Second, a new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage, too, which will help avoid another PIAF Forum disaster.

Originally published: Monday, July 22, 2013

Need help with Asterisk? Visit the PBX in a Flash Forum.

Don’t miss the first-ever FreePBX World on August 27-28 at the Mandalay Bay in Las Vegas. For complete details, see this post on the FreePBX blog.

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

Tag Archives: asterisk

The Most Versatile VoIP Provider: FREE PORTING

Links

Follow us

Recent Posts

Special Thanks to Our Generous Sponsors

Asterisk Boot Camp: SIP Security 101

Safely Integrating SIP URIs into Asterisk

Dialing SIP URI Calls with iNUM Using Any Telephone

Dialing SIP URI Calls with IPKall Using Any Telephone

But How Do I Make VoIP Calls to Plain Old Telephones?

Special Thanks to Our Generous Sponsors

Introducing Anveo

Special Thanks to Our Generous Sponsors

Some SIP Surprises to Celebrate the End of Summer

Special Thanks to Our Generous Sponsors

Special Thanks to Our Generous Sponsors

Special Thanks to Our Generous Sponsors

Special Thanks to Our Generous Sponsors

Special Thanks to Our Generous Sponsors

Post navigation

Support Nerd Vittles

Free Asterisk Solutions

Tags