Posts tagged: cloud computing

The Next Plateau: VoIP Communications with Asterisk in Amazon’s EC2 Cloud


We’ve spent considerable effort exploring and enhancing the VoIP cloud offerings for our followers, and today we’re delighted to introduce another terrific service: Amazon’s Elastic Compute Cloud (EC2). This is one of several Amazon Web Service (AWS) offerings that provides resizable compute capacity in the cloud and is designed to make web-scale computing easier for developers. That’s the Amazon pitch for their service. Ours is a bit different. For anyone with mission-critical operations or that has ever given a moment’s thought to business continuity planning (THINK: hurricanes, tornados, earthquakes, blizzards, fires, floods, bombs), you need an EC2 backup plan for VoIP communications. It really doesn’t matter whether your organization uses a proprietary phone system, or Asterisk®, or good ol’ black telephones, the point is simply this. When your lights go out and you still need a communications system for your employees and your customers, what’s your plan? Staying home in bed isn’t a choice for most folks. So our focus is not to persuade anybody to move their primary communications platform to Amazon EC2 although it’s certainly worth considering. For today, let’s tackle emergency planning and Disaster Recovery 101 for that dreadful day when you really don’t have a choice. And D-Day is a really bad day to start thinking about communications alternatives. You’ll have plenty of other things to do.

We’re going to make this fun today and provide all the tools you’ll need to set up shop in Amazon’s EC2 Cloud. The good news is that EC2 is almost free for your first year so getting started isn’t going to be a financial burden. Once you have everything built, you can turn it off and hope you never have to use it. On the other hand, it’s dirt cheap for an entire year so enjoy yourself and learn why VoIP communications can revolutionize your business at a fraction of the cost of a proprietary communications system. For our Asterisk aficionados that have already discovered the beauty of free VoIP communications, we’ve got some additional goodies today, Incredible Backup and Incredible Restore, that will let you quickly move your communications platform back and forth between EC2 and a local server or virtual machine effortlessly.

For those just getting started, the real beauty of VoIP communications is that, once your server platform is operational, you can bring up communications services for your employees without any hardware investment. A notebook computer and a free SIP softphone will let you make and receive calls through your EC2 communications system. By adding trunks from Google Voice or any SIP service provider, you complete the communications circle to connect to any phone in the world. We do this for a living so, if your business needs some hand-holding to get started, drop us a note. We like to travel.

The Choice is Yours: PIAF-Purple with Asterisk 1.8 or PIAF-Green with Asterisk 11

Getting Started. For your communications platform, we’ve built two new versions of PBX in a Flash™ for Amazon EC2: PIAF-Purple and PIAF-Green. You can’t beat the price. Both are free! These two builds are based upon the two long-term support (LTS) releases of Asterisk: 1.8 and 11. In our testing, both are rock solid and production-ready. If tried and true is your cup of tea, then PIAF-Purple with Asterisk 1.8 and FreePBX 2.10 is your baby. If you want to get a jump on the future, then PIAF-Green with Asterisk 11 and FreePBX 2.11 is worth a careful look. But, to use either one, you first need to get set up with an Amazon EC2 account. So head over to Amazon and click on Sign Up Now. A word to the wise here. You don’t want the bad guys breaking into your account unless you have an unlimited budget. There are lots of non-free Amazon EC2 services that could max out your credit card quickly. So, in addition to signing up for your Amazon account, also activate Multi-Factor Authentication. It’s your bank account!

Once your account is activated, sign in to the Amazon Management Console. After entering both your passwords, the AWS Management Console will appear. Click on EC2 to bring up the EC2 Dashboard (shown above). This is home base in EC2. The Launch Instance button is used to start a new virtual machine. We’ll walk you through that process in a minute. In the left margin are the functions you’ll be using most often. Instances displays your existing virtual machines, both running and stopped. Volumes are the virtual hard disks associated with your virtual machines or instances in Amazon-speak. A volume gets created as part of the VM launching process. When you delete instances, it’s important to also delete the associated volume, or you get billed for it separately. Elastic IPs lets you assign an IP address to an Instance using Amazon’s DHCP servers. You access your virtual machines using SSH and, without an IP address, you can’t gain access. For SSH security, EC2 uses Key Pairs. As part of launching a new virtual machine, we’ll walk you through creating one. Amazon EC2 also has its own firewalls called Security Groups. Basically, all services are blocked until you open them up. We’ll also walk you through that process as well. Once you’ve created your Key Pair and Security Group, you can use them with multiple instances. Now you’re an expert so let’s Launch a New Instance.

Creating a New Virtual Machine. Click on the blue Launch Instance button in the EC2 Dashboard to begin. Choose Classic Wizard. You build a new instance by starting with one that someone else has already built. Be careful here. There are literally thousands to choose from and, unless you know the creator, use Name Brand, trusted instances only. Anybody can hide anything in an instance that they’ve made publicly available. Think of your worst Trojan Horse horror story, and there’s probably a public Amazon instance to match it. For our purposes, the magic number you need to know is 399149154715. That’s our Amazon EC2 account number, and it means any instances prefixed with that number or our mugshot were created by us. So click on the Cloud Market and search for PIAF. In about a minute, both PIAF2 AMIs will appear. Pick your favorite but be sure the file name displays our smiling face. Then click Select. For the Instance Type, make sure T1 Micro is chosen. That’s the only free option during your first year. Leave the Availability Zone at No Preference and Number of Instances set to 1. Click Continue. In Advanced Instance Options, accept all of the defaults and click Continue. For Storage Device Configuration, accept the defaults by clicking Continue. Next, you’ll be prompted to add Tags to your Instance. This is a short-hand description to help you distinguish one instance from another. For the Name Value, enter something like PIAF-Purple-64 or PIAF-Green-64 and click Continue. Next, you’ll be prompted to create a Key Pair to use with the instance. If you don’t already have one, click Create New Key Pair and Continue. Once the key pair is created, the .pem file will be downloaded to your desktop computer. Change the permissions on the .pem file to what SSH requires: chmod 700 mykey.pem. You’ll need this key file to log into your instance with SSH so move it to a safe place. Next, you’ll create or use an existing Security Group. This sets up the firewall rules to use with your instance. For PBX in a Flash, you’ll need at least the following Inbound Rules in your Security Group: TCP 22 (SSH), TCP 80 (Web), TCP 1723 (for PPTP VPN only), and TCP 9001 (for WebMin access). For VoIP services, you’ll need UDP 5060 (SIP), UDP 10000-20000 (RTP), UDP 4569 (IAX), and UDP 69 (TFTP, if desired). EC2 lets you lock down Security Group entries to individual IP addresses. We strongly recommend this for SSH, Web, SIP, IAX, and TFTP services. If you need access from multiple IP addresses, just add additional Security Group rules for each address and service. Finally, you’ll be shown a summary of all your selections. If everything looks OK, click Launch to start the instance. While it’s starting up, click Elastic IPs from the left column of the EC2 Dashboard. Choose Allocate New Address and then Associate Address to connect it with the instance that just launched. Write down the IP address. You’ll need it for SSH access. Finally, click Instances and wait for your virtual machine to come on line with a green check mark.

Your First Login. Now you can log into your EC2 instance via SSH using your key file and the IP address associated with the instance: ssh -i mykey.pem -v ec2-user@54.235.12.34. If you’re using a Windows machine with Putty, use PuttyGen.exe to convert your .pem key into something Putty can understand before attempting to log in. Once you’re logged in, you need to immediately change all the default passwords:

  • sudo passwd (to change your ec2-user password)
  • sudo passwd root (to change your root password)
  • su root (to switch to the root account with your new password)
  • passwd-master (to change your FreePBX and web passwords)
  • cd /root (to switch to the /root directory)

Keep in mind that PBX in a Flash is a little different than a standard Linux install. It has been designed for use as the root user only. So, whenever you log into a PIAF instance in EC2, always execute the following command: su root && cd /root. Most Linux and PBX in a Flash utilities will not work properly if you attempt to execute them as the ec2-user! For web access and management of your server, point your browser to the IP address of your EC2 instance. If you’re new to PBX in a Flash, stop here and read the PBX in a Flash 2.0.6.3 Quick Start Guide. It’ll tell you everything you need to know to get started with PBX in a Flash.

Installing Incredible PBX. We’ve got a few more surprises for you today. First, there are new, GPL2-licensed releases of Incredible PBX: version 10 for FreePBX 2.10 and version 11 for FreePBX 2.11. If you’re new to all of this, Incredible PBX provides some additional layers of security for your server while also giving you dozens of turnkey Asterisk applications including text-to-speech, speech-to-text, SMS messaging, news, weather, stocks, and tide reports, and much more. You can read the Incredible PBX tutorial here. To install Incredible PBX while logged into your EC2 instance as root, issue the following commands and plug in your passwd-master password when prompted. If you’re using the PIAF-Green AMI, replace incrediblepbx10 with incrediblepbx11 below.

cd /root
wget http://incrediblepbx.com/incrediblepbx10.gz
gunzip incrediblepbx10.gz
chmod +x incrediblepbx10
./incrediblepbx10

Installing Incredible Fax. Yes, there’s more. Incredible Fax also works just fine on the EC2 platform. If you want the added convenience of having your Incredible PBX double as a free fax machine, run install-incredfax2 after the Incredible PBX 10 install completes. For Incredible PBX 11, run /root/incrediblefax11.sh. Plug in your email address for delivery of incoming faxes and enter your home area code when prompted. For every other prompt, just press the Enter key. If you’d like to also add the optional OCR utility, just choose it when prompted. For complete documentation, see this Nerd Vittles article. Don’t forget that a REBOOT OF YOUR SERVER is required when the install is finished, or faxing won’t work! Then log in to AvantFax through the PBX in a Flash GUI using maint:password. Be sure to change your password!

Also be sure to set up a second, dedicated Google Voice number if you want support for inbound faxing. Once the Google Voice credentials are configured in FreePBX for the additional Google Voice line, simply add an Inbound Route for this DID to point to the fax destination. Just plug in your 10-digit Google Voice number and other entries shown in the form below. Save your setup and reload FreePBX. Done!

Introducing Incredible Backup and Restore. Last, but not least, we have new GPL2-licensed backup and restore utilities to simplify the task of moving PBX in a Flash setups between Amazon EC2 and other standalone or virtual machine platforms. To complement these new utilities, we’ve also released a new 64-bit PIAF-Purple Virtual Machine image for VirtualBox. PIAF-Purple-64.ova is a free download from SourceForge and will run under VirtualBox on any Windows, Mac, Linux, or Solaris desktop computer. Our VirtualBox tutorial is available here. You also have the option of downloading the current 64-bit PIAF-20631 ISO from SourceForge and building your own server or virtual machine. All three platforms (Amazon EC2 AMI, VirtualBox OVA, or PIAF 64-bit ISO) are 100% compatible with Incredible PBX, Incredible Fax, and the new Incredible Backup. Once you have matching platforms, you can backup your PIAF or Incredible PBX setup on one platform and then restore it to a different platform by simply copying the backup image to the new platform and running Incredible Restore. The entire procedure takes only a couple of minutes.

To install the backup and restore utilities on either of the platforms, simply issue the following commands:

cd /usr/local/sbin
wget http://incrediblepbx.com/incrediblebackup10.tar.gz
tar zxvf incrediblebackup10.tar.gz
rm incrediblebackup10.tar.gz

Because Incredible Backup shuts down Asterisk, MySQL, and Apache, do NOT run this when folks are using your PBX! To make a backup, log into your server as root and type: incrediblebackup.

The restore procedure essentially erases ALL of your existing FreePBX, Asterisk, TFTP, and web data. To restore a backup, copy the backup file to be restored to /tmp on the new server. Make sure the new server has Asterisk, FreePBX, and Incredible PBX versions that match what’s shown in the backup filename. There is NO error checking presently. To restore, log into your server as root, write down the filename of the backup file, and type: incrediblerestore /tmp/filename.tar.gz. If this is a new server and you’re still using your old one as well, then remove the DUNDI secret and secretexpiry entries from the Asterisk DB and restart Asterisk once the restore is completed:

asterisk -rx "database del dundi secret"
asterisk -rx "database del dundi secretexpiry"
amportal restart

For additional usage instructions and tips, see this thread on the PIAF Forum. Enjoy!

Originally published: Monday, February 11, 2013  Updated: Thursday, February 14, 2013


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you.


Need help with Asterisk? Visit the PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Travelin’ Man 3: Securing a PBX in a Flash or VoIP in the Cloud Server

UPDATE: Be sure to read about the latest enhancement to Travelin' Man 3 here.

We're big fans of playing with our own VoIP hardware. It has the advantage of allowing the installation of everything behind a secure, hardware-based firewall thereby eliminating almost all of the security issues associated with VoIP telephony. With PBX in a Flash™ and its Zero Internet Footprint™, you can run a secure VoIP server in your home or office with no port exposure to the Internet. This setup, of course, assumes that you have the necessary bandwidth to support Internet telephony and that you possess the necessary skill set to maintain your own Linux® server running Asterisk®, FreePBX®, Apache®, SendMail®, PHP®, and on and on. Not everyone does. And, of course, there are thousands of organizations in which employees and their phones are not colocated with the home office VoIP communications server. And, believe it or not, there are folks that run their VoIP server on the public Internet without any firewall protection. For all of you, today's your lucky day.

Lest you think that we've bitten off more than we can chew, we want to acknowledge the dozens of thought-provoking comments on the PIAF Forums that ultimately led to today's new release. That is the hidden beauty of open source development. So, thank you dad311, atsak, tbrummell, Hyksos, markieb, Ramblin, darmock, lowno, blanchae, bmore, vcallaway, jroper, mag, briankelly63, mbellot, phonebuff, The Deacon, Astrosmurfer, frontline, ou812, LostTrunk, lgaetz, kh40s, rossiv, and all of our other gurus that make the PIAF Forums a great place to learn something new every day.

Thanks to our good friends at RentPBX, who provide terrific technical and financial support to both Nerd Vittles and the PBX in a Flash project, you don't have to roll your own. And your phones can be anywhere because your communications server sits on the public Internet. If cost is a factor or for those outside the United States that need a U.S. presence to take advantage of services such as Google Voice, the $15 a month price point using the PIAF2012 coupon code makes RentPBX more than competitive with what it would cost you in electricity, Internet bandwidth, and hardware resources to do it yourself... minus the headaches. You get a stable PBX in a Flash or Incredible PBX platform from the git-go. In addition, issues of jitter and latency all but disappear from the VoIP equation because you can choose the site of your hosted PBX from a worldwide list of Internet POPs including five regions in the U.S. as well as Canada and Europe. Many sit within a few milliseconds of the Internet backbone.

What you don't have with a hosted PBX solution is a hardware-based firewall sitting between your server and the Big, Bad Internet. With PBX in a Flash, the risk is lessened because the IPtables Linux Firewall is baked into the fabric of PBX in a Flash. For a comprehensive overview of how IPtables works, read this article. It explains IPtables better than any book you could buy.

Today we're pleased to introduce Travelin' Man 3™, a completely new security methodology based upon FQDN Whitelists and DDNS. In a nutshell, you get set-it-and-forget-it convenience and rock-solid VoIP security for your Cloud-based PBX or any PBX in a Flash server that's lacking a hardware-based firewall and you get both transparent connectivity and security for your mobile or remote workforce. We'll quickly cover the mechanics of this new IPtables methodology that allows you to secure your hosted PBX without compromising flexibility. The nitty gritty details of IPtables and firewalls we'll leave for you to explore at your leisure.

And, speaking of leisure, we always get the question: "Have you tested it?" For frequent readers of Nerd Vittles, you already know the answer. We eat our own dog food! In the case of Travelin' Man 3, we gave it a healthy workout just last week from the deck of the Carnival Fantasy as we passed by Cape Canaveral and in Key West with 4G service, and finally in several ports with WiFi access in the Bahamas. The beauty of the new design is you'll know instantly if it's not working because you'll never get your VoIP SIP phone to connect back to your VoIP server. We had zero problems using nothing more than an Android phone for both DynDNS updates and Bria SIP phone service. Being a pioneer isn't always easy, but... Somebody's gotta do it™. :wink:

Unlike previous iterations of Travelin' Man, version 3 lets you configure remote phone access from the server and keep one or hundreds of phones in sync even with changing IP addresses using dynamic DNS update software at the sites of the remote phones. Whether the site is a remote office or a floating hotel room, any PC or Mac whether it's a desktop or netbook can automatically manage the dynamic DNS updates while keeping all of the local phones securely connected to the VoIP Cloud. And any jail-broken iPhone can manage the updates as well. With Android phones, it's even better. You have your pick of several great apps: DynDNS Client, Dynamic DNS Client, or Dynamic DNS Updater. We've found the DynDNS Client to be nearly perfect. As we'll explain in a minute, this version of Travelin' Man is not compatible with prior versions so you'll need to choose either the manual methodology of previous iterations or version 3 which does it automagically.

A New Approach to WhiteLists. Our new approach to IPtables is to lock down your server using a WhiteList of safe IP addresses and fully-qualified domain names (FQDNs) that should be given access to your hosted VoIP server. Then we'll periodically check to see if the IP addresses associated with the FQDNs have changed and make the necessary adjustments automatically. If any intruder attempts to access any port on your PBX, their packets are simply discarded by IPtables so the bad guys never know your server exists.

We've experimented with BlackLists for VoIP security, and the bottom line is they just don't work because of inherent problems with reliability and completeness. You spend your entire day updating lists of the bad guys only to discover that they've morphed to thousands of new IP addresses. Think Whack-A-Mole. IP addresses can easily be changed, and zombies have made attacks from third-party PCs a daily occurrence. Earlier this month, Nerd Vittles was hit with a denial of service attack from 30,000+ zombie PCs. This was in spite of the fact that we already block well over 100,000 IP addresses with the world's finest blacklists. Now it's 130,000. :roll: Of course, none of the owners of these PCs had any idea how their computers were being used. I'm reminded of a famous judge's secretary who received a knock at her door one Sunday morning from the FBI. They informed her that she was using her computer to host porno movie downloads. I won't offend your tender sensibilities by repeating what she actually told those "young men."

There's also the problem of dynamic IP addresses which means an address that was used by a bad guy yesterday may be handed out by the same ISP to your grandma tomorrow. And it didn't take the bad guys long to poison blacklists with IP addresses that you actually need for services such as DNS or network time services. If you've ever had an IP address that ended up on one of the major blacklists, you know what a hassle it is to get your IP address unBlacklisted. The Soup Nazi has nothing on these folks.

Bottom Line: Public web sites are pretty much forced to use BlackLists because they want their sites to be generally accessible. With a VoIP server, we have the luxury of choice, and WhiteLists are much more effective for server security.

Overview. Our recommended design works like this. Block everything. Then permit packets from known hosts and non-routable IP addresses only, and limit known hosts to only the services they actually need. For example, a VoIP provider such as Vitelity that is providing a DID for your inbound calls doesn't need web access to your server. They need SIP and RTP access. Nothing more. The same goes for a remote user: SIP and RTP access so their SIP phone works. Nothing more. You, as Administrator, need complete access to the server but only from a specific, defined IP address. We, of course, don't want IPtables to have to inspect and filter every single packet flowing into and out of your server because that would bog things down. And we don't want users on your private LAN and remote users with dynamic IP addresses to have to wrestle with updating their phones just to stay connected. So, we've opened up all non-routable IP addresses and, once we've verified that a remote site is authorized access, then subsequent packets flowing into and out of the server for that IP address will be passed along without additional packet inspection. And once we set up the FQDN for a remote user, local dynamic DNS update clients can be used to automate the process of keeping IP addresses current. Then, every few minutes, we'll let your server check whether there's been a change in any users' dynamic IP addresses. If so, we'll simply refresh the IP addresses of all FQDNs using an IPtables restart to bring the phones back to life. To end users, The Phones Just Work™.

Finally, a word about security for VoIP in the Cloud servers. If you run a virtual machine from any hosting provider with wide open access to SIP, IAX, and web services, it's just a matter of time before your server is going to be compromised, period! If you foolishly use credit card auto-replenishment for one or more of your hosting providers then you might as well mail a blank check to the bad guys and wait for them to cash it. Today's tools will take you less than a minute to permanently lock down your server. So... JUST DO IT™.

To give you some idea of how far the Android platform has come, here are a couple screenshots of our Samsung 4G Skyrocket smartphone running three simultaneous VoIP apps all day, every day: Bria SIP extension to our PIAF2 server in Charleston, CSipSimple extension to our RentPBX VM in California, and GrooveIP session with Google Voice. Try that on your 3G iPhone 4S. :wink:

We're officially releasing this for RentPBX users running PBX in a Flash or Incredible PBX 3™. These folks have been our pioneers for a very long time, and we like to take care of them first. Properly installed, Travelin' Man 3 should work fine on any PIAF™ or Incredible PBX system. We'll make a backup of /etc/sysconfig/iptables before replacing your IPtables setup with the PIAF default setup. It assumes ALL of your traffic is flowing on eth0. If that's not the case, don't use it without major modifications! We would hasten to add that Travelin' Man 3 is licensed as GPL2 open source software. So it's available NOW to everyone to use or to embellish as they see fit. We hope every provider of VoIP services offering virtual machines in the cloud as well as those without a hardware-based firewall to protect your Asterisk server will take advantage of the opportunity to customize and deploy this code for their particular IPtables environment. To paraphrase Bill Clinton: "It's your phone bill, stupid!"

Deploying Travelin' Man 3. Here's how to deploy Travelin' Man 3 on your server. In Step #1, we run secure-iptables. This locks down virtually all IP ports and services in the original IPtables configuration for PBX in a Flash to either the IP address or the FQDN of the administrator. Be advised that this setup uses the default ports for all PIAF services, e.g. SSH, WebMin, HTTP, etc. If you use custom ports, you'll need to modify the script accordingly. If the administrator is on the move or has a dynamic IP address on his or her desktop or notebook PC/Mac that will be used to administer the cloud server, then use an FQDN, not a static IP address, when you run secure-iptables.

Step #2 is automatic and is part of secure-iptables. It opens SIP and IAX port access for "trusted providers" such as Google, Vitelity, etc. This is covered in detail below. We also open accessibility from non-routable IP addresses. You obviously can close or limit private LAN access, if desired. We included it for the benefit of those running and administering PBX in a Flash on private LANs where internal security is not a concern.

In Step #3, we'll let you set up additional access for other providers, users, and phones. You get your choice of up to 9 separate services in addition to the whole enchilada, and each account gets a name and a file to keep track of the latest IP address entry: somename.iptables. These are stored in /root. Don't delete them! New accounts can be added using either a static IP address (add-ip) or an FQDN (add-fqdn). These accounts also can be deleted whenever necessary (del-acct). You can rerun secure-iptables whenever you like, but it automatically deletes all custom user accounts. Here's the list of services from which to choose. Mix and match as desired to meet your own requirements.

0 - All Services
1 - SIP (UDP)
2 - SIP (TCP)
3 - IAX
4 - Web
5 - WebMin
6 - FTP
7 - TFTP
8 - SSH
9 - FOP

Just a word of caution. IPtables stores its setup in /etc/sysconfig/iptables, but it actually runs from an image in memory on your Linux server. As part of the load process, IPtables converts all FQDNs stored on disk to static IP addresses. This speeds up firewall processing enormously. While it's possible to add IPtables rules in memory without writing them to disk (as in the original Travelin' Man design), don't do it with Travelin' Man 3! You will lose these settings whenever IPtables is restarted by running any of the above scripts or whenever a refresh of FQDN IP addresses becomes necessary. Whatever you do, never ever run the command: service iptables save. This command is used to write the IPtables entries in memory to disk. In doing so it writes only static IP addresses to disk. This will erase (a.k.a. ruin) your Travelin' Man 3 FQDN setup and force you to start over with Step #1. Otherwise, none of your FQDN's would ever get refreshed because they've all disappeared and become static IP addresses.

IPtables also has a major shortcoming IMHO. We support FQDNs in IPtables to make it more flexible. However, a failed FQDN during an IPtables restart will cause IPtables not to load at all. We have worked around this by adding our own restart command which you should always use: iptables-restart. You've been warned.

Locking Down Your Server. While there's still time, let's spend a minute and lock down your server to the public IP address of the PC that you use to administer the system. If you don't know the public IP address of the desktop machine you use to manage your server, then click on this link using a browser on that machine, and our web site will tell you the IP address.

Now log into your virtual machine as root using SSH and issue the following commands:

cd /root
wget http://incrediblepbx.com/travelinman3.tar.gz
tar zxvf travelinman3.tar.gz
yum -y install bind-utils
./secure-iptables

When prompted for the FQDN or IP address of your Administrator PC, use the FQDN if you have one. Otherwise, type in the IP address and press the Enter key. Agree to the terms of service and license agreement by pressing Enter. When the IPtables file displays, verify that you have typed your FQDN or IP address correctly, or you will lock yourself out of your own server. Press Ctrl-X to exit the editor, and then press Enter to update IPtables and save your new configuration.

NOTE: If you are running PBX in a Flash in a cloud environment, be sure to add an entry to Travelin' Man 3 with the IP address of your cloud server. ifconfig will tell you what the IP address is. To add the entry, issue the command: /root/add-ip cloud 12.34.56.78 using your actual cloud IP address.

WARNING: If you use an FQDN for your Administrator PC and it points to a dynamic IP address, be sure to also add this same FQDN using add-fqdn. Otherwise, IP address changes will not be detected, and you may lock yourself out of your own server.

Nobody can access your server except someone seated at your PC or on your private LAN with your login credentials. You can repeat this process as often as you like because each time the script is run, it automatically restores your original IPtables configuration. Now let's grant access to your SIP providers and those using remote SIP or IAX phones.

Using DynDNS to Manage FQDNs. The key ingredient with Travelin' Man 3 is automatic management of dynamic IP addresses. When a user or even the administrator moves to a different location or IP address, we don't want to have to manually adjust anything. So what you'll first need is a DynDNS account. For $20 a year, you can set up 30 FQDNs and keep the IP addresses for these hostnames current 24-7. For $30 a year, you can manage 75 hostnames using your own domain and execute up to 600,000 queries a month. That's more than ample for almost any small business but, if you need more horsepower, DynDNS.com can handle it. What we recommend is setting up a separate FQDN for each phone on your system that uses a dynamic IP address. This can include the administrator account if desired because it works in exactly the same way. When the administrator extension drops off the radar, a refresh of IPtables will bring all FQDNs back to life including the administrator's account. Sounds simple? It is.

Preparation. Before we make further modifications to IPtables in Step #3, let's make a list of all the folks that will need access to your VoIP Server in the Cloud. For each entry, write down the name of the person, server, or phone as well as the type of entity which needs server access. Then provide either the static IP address or FQDN for each entry. If one or more of your IP addresses are dynamic (meaning the ISP changes them from time to time), we'll cover managing dynamic IP addresses in a minute. For now, just make up a fully-qualified domain name (FQDN) for each dynamic IP address using one of the available DynDNS domains. For static IP addresses, use the FQDN or the IP address. HINT: FQDNs make it easy to remember which entry goes with which provider.

Make a list of your providers NOT in this list: Vitelity (outbound1.vitelity.net and inbound1.vitelity.net), Google Voice (talk.google.com), VoIP.ms (city.voip.ms), DIDforsale (209.216.2.211), CallCentric (callcentric.com), and also VoIPStreet.com (chi-out.voipstreet.com plus chi-in.voipstreet.com), Les.net (did.voip.les.net), Future-Nine, AxVoice (magnum.axvoice.com), SIP2SIP (proxy.sipthor.net), VoIPMyWay (sip.voipwelcome.com), Obivoice/Vestalink (sms.intelafone.com), Teliax, and IPkall. The providers listed above are already enabled in the secure-iptables setup script. We call them Trusted Providers only because we trust them and have personally used all of them. We consider them reliable folks with whom to do business. It doesn't mean others aren't. It simply means these are ones we have tested with good results over the years. The only providers you'll need to add are ones we haven't provided. Also be sure to check whether the FQDNs of the providers above cover the server for your account. If not, you'll need to manually add those FQDNs as well. Keep in mind that trusted providers will have full SIP and IAX access to your server so stick with tried-and-true providers for your own safety. The PBX in a Flash Forum and DSL Reports are good sources of information on The Good, The Bad, and The Ugly.

Finally, list with a name each phone that will be connected to an extension on your server. If you have 10 traveling salesmen, then you might want to name them all by last name and also provide FQDNs with their last names, e.g. smith.dyndns.org and jones.dyndns.org. No spaces or punctuation in names or FQDNs! We strongly recommend using FQDNs wherever you can because it means zero work for you when a provider changes an IP address. Here's the table we use:

Name
Type: Person, Provider, Server, Phone
IP Address Type: Static or Dynamic
FQDN or IP Address
Services Desired: SIP, IAX, Web, FTP, SSH, etc.

Step #3: Adding Authorized Users. Now take your list and add each account to your server while logged in as root and positioned in the /root directory. For static IP addresses, use add-ip. For dynamic IP addresses and FQDNs, run add-fqdn and plug in the FQDN for each account. When one of your accounts needs to be removed, just run del-acct from the /root folder on your server and plug in the name of the account to delete. If a user changes from a static IP address to a dynamic IP address or vice versa, just delete the user and then add them again with the new IP address or FQDN. All of the accounts are stored in /root and have names like this: name.iptables.

Step #4: Setting Up DynDNS Client Updates. There are actually two pieces in the Dynamic DNS update puzzle. At the end-user side, you need to deploy a DynDNS update client on the same subnet as the phone of your user. See the links above to download the update software you prefer. In the case of cellphones with SIP phone capability, this could be as simple as installing the DynDNS update client directly on the phone itself. Plug in your DynDNS credentials as well as the FQDN associated with the particular phone, and the rest is automatic.

Step #5: Setting Up IPtables Auto-Refresh. Finally, we need a way for your server to discover when a refresh of FQDNs becomes necessary because someone's IP address has changed. The simplest way to do this is to automatically run a simple script (ipchecker) that polls the DNS authoritative server to determine whether the dynamic IP address associated with an FQDN has changed. If so, we'll update the account.iptables file to reflect the new IP address and then restart IPtables. This will refresh all IP addresses associated with FQDNs. If all or most of your users spend time sleeping each day, you may wish to run the script only during certain (waking) hours of the day so your server has less of a load. The other consideration is how often to check. The guideline here is how long can any user live without their SIP phone being connected to your server. 10 minutes may be reasonable for some. 60 minutes may suffice for others. For us, it's 3 minutes. It's your choice. The way Travelin' Man 3 works is, whenever at least one account has an IP address change, it will trigger a restart of IPtables to do an IP address refresh for all of the FQDNs.

The top of the ipchecker script in /root looks like this:

#!/bin/bash

# Insert the account filenames to be checked below
# Remember to increment the account[#] for new entries

account[0]=larry.iptables
account[1]=curly.iptables
account[2]=moe.iptables

# ipchecker (c) Copyright 2012, Ward Mundy & Associates LLC.

You'll need to edit the script (nano -w /root/ipchecker) and modify the section in bold to reflect the actual FQDN account names you've created on your server that are associated with dynamic IP addresses only. You don't want to monitor accounts with static IP addresses or FQDNs that never get updated. When those extensions are off-line, it's not because their IP address changed, and restarting IPtables won't really help to improve the situation. Be sure to increment the account[n] array for each new account that you want to monitor and use the exact format shown in the example above. Before you enter an account in the script, display the contents of the file using cat /root/accountname.iptables. Make certain that the file includes BOTH an FQDN, then a space, and then an IP address. If not, delete the account (del-acct) and add it again using add-fqdn.

Once you've entered all of your accounts with dynamic IP addresses, save the script: Ctl-X, Y, then Enter. Run the script manually now to be sure it works as you intended: /root/ipchecker. Be advised that typos that list accounts that don't exist will cause problems. Error checking consumes processing cycles by requiring additional queries so we've left it out. That means it's solely up to you to check your account names for accuracy. And, remember, only include accounts that have dynamic IP addresses with FQDNs.

Step #6: Automating FQDN Refreshes with Cron. Finally, you'll need to add an entry to the bottom of /etc/crontab using nano. If you wanted the script to run 24 hours a day at 10 minute intervals, here's the command:

*/10 * * * * root /root/ipchecker > /dev/null

If you wanted the script to only run between the hours of 8 a.m. and 9 p.m. (server time zone) at 10 minute intervals, then you'd use something like this:

*/10 8-21 * * * root /root/ipchecker > /dev/null

On our RentPBX complimentary account which we use while traveling, we actually set the interval to 3 minutes. Since the DNS lookups use dig, changes on Android phones using the DynDNS client are almost instantaneous even with automatic switching between WiFi and cellular service. Finally, be sure to type date on your server and verify which time zone your cloud server thinks it's in! Adjust the times in /etc/crontab accordingly.

Be sure to check back here periodically for updates and follow the latest happenings about Travelin' Man 3 in this thread on the PIAF Forums. Enjoy!

Originally published: Thursday, March 29, 2012   Updated: April 19, 2014

UNLESS YOU DISCONTINUE USING FQDN'S WITH IPTABLES, IT IS ABSOLUTELY ESSENTIAL THAT YOU MONITOR YOUR SERVER DAILY IF YOU ARE RELYING EXCLUSIVELY UPON IPTABLES AS YOUR FIREWALL PROTECTION MECHANISM AND YOU ARE USING FQDN'S AS PART OF YOUR CENTOS SECURITY METHODOLOGY!




Need help with Asterisk? Visit the NEW PBX in a Flash Forum.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

Coming to a Cloud Near You: Incredible PBX in the Cloud

Cloud Computing is all the rage today. And we’ve scoured the Earth looking for the best deal over or under the rainbow to host Incredible PBX in the Cloud. Here it is! For $14.99 a month with RentPBX.com, say goodbye to dedicated hardware, expensive Internet service, and a hefty electricity bill each month just to host your own Asterisk®-based VoIP server. After signing up for a free Google Voice account, just run the Incredible PBX installer on your custom configured PBX in a Flash virtual machine at RentPBX, and you’re ready to go with a free local phone number in your choice of U.S. area codes plus free long distance calling in the U.S. and Canada. Now plug in a SIP phone or softphone of your choice and start making calls. We insisted that all of the cloud savings be passed on directly to you. There’s no middleman and no commission. In fact, we don’t make a nickel, just the satisfaction of knowing you’ll be using our baby. Now that’s incredible! For those outside the U.S., it’s an ideal way to take advantage of free Google Voice calling. Here’s the $14.99 coupon code: PIAF2011.

News Flash: Be sure to read our latest article introducing Travelin’ Man 3, a completely new security methodology based upon FQDN Whitelists and DDNS. In a nutshell, you get set-it-and-forget-it convenience and rock-solid VoIP security for your Cloud-based PBX or any PBX in a Flash server that’s lacking a hardware-based firewall and you get both transparent connectivity and security for your mobile or remote workforce.

Of course, price is only part of the story. RentPBX also assures you the lowest possible latency for your VoIP calls. The RentPBX cloud gives you a choice of server locations including New Jersey, Baltimore, Atlanta, Tampa, Chicago, Dallas, Los Angeles, and Seattle. So you can set up your Incredible PBX within milliseconds of your favorite VoIP provider. For example, the Tampa cloud is less than a millisecond away from VoIP.ms. Under 10 millisecond connectivity is available to numerous hosts from almost all RentPBX cloud locations. You’ll also get the best support in the industry. And RentPBX also happens to be one of the very finest contributors on the PIAF Forum! There are no long-term contracts so check out this incredible offer before it’s gone. RentPBX does most of the heavy lifting for you by setting up your PBX in a Flash virtual machine with Asterisk 1.8 so it’s ready to go. Your part takes less than 10 minutes, and you’ll be making your first call. In the VoIP World, it doesn’t get any easier than that.

The Incredible PBX Inventory. For those that have never heard of The Incredible PBX, here’s a feature list of components you get in addition to the base install of PBX in a Flash the latest CentOS 5.x, Asterisk 1.8, FreePBX 2.8, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Cepstral TTS, Fax, Hamachi VPN, and Mondo Backups are just one command away and may be installed using some of the PBX in a Flash-provided scripts.

Installing Incredible PBX in the Cloud. To get everything working today, there are only three quick steps:

1. Set Up Your Google Voice Account
2. Create Your New Account on RentPBX.com
3. Run the Incredible PBX in the Cloud Installer

Then you’ll be ready to configure a softphone or SIP phone and start making free calls.

Google Voice Setup. You’ll need a dedicated Google Voice account to support The Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So why take the chance. Keep this account a secret!

We’ve also attempted setting this up using an existing Gmail account, and what we found was that inbound calls never ring through to Asterisk unless you sign out of Google Chat inside Gmail and leave it that way. The reason is because Google always delivers inbound calls exclusively to your Gmail Chat client if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with The Incredible PBX. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register. If you’re living on another continent, see MisterQ’s posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

RentPBX Setup. Once you have your Google Voice credentials, you’re ready to get your virtual machine at RentPBX set up. First, you’ll need an account. So visit RentPBX.com and sign up for an account using the coupon code above to get your discount. Pick a cloud server to host your new system, choose the PIAF-Purple 1.7.5.6 install option, set up a username and very secure password, and you’re done. Once your account is established and you receive your credentials, here’s the 5-minute procedure to install the special RentPBX-edition of Incredible PBX to begin making free calls in the U.S. and Canada through Google Voice.

Log into your RentPBX account using SSH and the port assigned to your account. For Windows users, download Putty from here. The SSH command will look something like this:

ssh -p 21422 root@209.249.149.108

Running The Incredible PBX in the Cloud Installer. While logged into your virtual machine as root, issue the following commands to set up Incredible PBX in the Cloud:

cd /root
wget http://incrediblepbx.com/incrediblepbx18-rentpbx.x
chmod +x incredible*
./incrediblepbx18-rentpbx.x

When the install begins, accept the license agreement and you’ll be prompted for the following:

Google Voice Account Name
Google Voice Password
Google Voice 10-digit Phone Number
Gmail Notification Address
FreePBX maint Password

The Google Voice Account Name is the Gmail address for your new dedicated account, e.g. joeschmo@gmail.com. Don’t forget @gmail.com! The Google Voice Password is the password for this dedicated account. The Google Voice Phone Number is the 10-digit DID for this dedicated account. We need this if we ever need to go back to the return call methodology for outbound calling. For now, it’s not necessary. But who knows what the future holds. :roll: The Gmail Notification Address is the email address where you wish to receive alerts when incoming and outgoing Google Voice calls are placed using The Incredible PBX. And your FreePBX maint Password is the very secure password you want to use to access FreePBX using a web browser. We need this password to properly configure the CallerID Superfecta for you. By the way, none of this confidential information ever leaves your machine… just in case you were wondering.

Now have another 5-minute cup of coffee, and consider a modest donation to Nerd Vittles… for all of our hard work. :wink: You’ll find a link at the top of the page. When the installer finishes, READ THE SCREEN just for grins.

Remember that Incredible PBX in the Cloud is sitting directly on the Internet! So choose very strong passwords for everything including your extensions and trunks. Incredible PBX automatically randomizes extension passwords and locks access to the extensions down to the subnet of your cloud server. You’ll have to adjust this IP address to make connections from any external phone.

Here’s a short 4-minute video demonstration of the Incredible PBX installer process. Yes, even a monkey could do it…

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Securing Your RentPBX Server. The WhiteList application is not yet supported in the cloud. So you’ll need to secure your system to avoid endless hack attempts on your SIP resources. Here’s how. First, write down the IP addresses of your RentPBX server and your home network. Second, print out your existing IPtables configuration. The file to print is /etc/sysconfig/iptables. Third, make a backup copy of the file. While logged into your server with SSH, the easiest way is like this:

cd /etc/sysconfig
cp iptables iptables.bak

Now we need to edit the iptables file itself: nano -w iptables. Then search for the line that contains 5060: Ctrl-W, 5060, Enter. At the beginning of this line, add # to comment out the line. With the cursor still on this line, press Ctrl-K then Ctrl-U twice. This will duplicate the line. Move to the second commented line and remove #. Use the right cursor to move across the line to –dport. Then insert the following using the IP address of your RentPBX server, e.g.

-s 229.149.129.248

Be sure there’s at least one space before and after the new text. Now duplicate that line with Ctrl-K and Ctrl-U twice. Change the IP address on the second line to the public IP address of your home or office network. Repeat this process for every IP address where you intend to use a SIP phone connected to your RentPBX server. Make additional entries for your SIP providers as well. If you want to sleep better, you can make similar changes to the SSH port entry to restrict it to your home/office IP address. It’s the line immediately above the 5060 entry. Ditto for port 80 which is web access. Be very careful here. A typo will lock you out of your own server! When you’re finished, save the changes: Ctrl-X, Y, Enter. Then restart IPtables: service iptables restart.

As always, we strongly recommend that you not put all of your VoIP eggs in one basket. Google Voice does go down from time to time. Vitelity is a perfect complement because the costs are low and you only pay for the service you use. A discount sign up link is below. And Vitelity has contributed generously to both the Nerd Vittles and PBX in a Flash projects. So please support them.

Logging in to FreePBX. Using a web browser, you access the FreePBX GUI by pointing your browser to the IP address of Incredible PBX in the Cloud. Click on the Admin tab and choose FreePBX. When prompted for a username, it’s maint. When prompted for the password, it’s whatever you set up as your maint password when you installed Incredible PBX in the Cloud. If you forget it, you can always reset it by logging into your server as root and running passwd-master.

Extension Security Setup. For each remote phone you wish to set up, there are two preliminary steps before you can connect to your virtual machine from the remote phone. First, you must authorize the remote IP address of your phone in IPtables as we outlined above. Second, you must authorize the same remote IP address in FreePBX for the extension to which you will connect. Once you access the FreePBX GUI with your browser, choose Setup, Extensions, and click on the extension number you plan to use with the phone. Make a note of the secret which is the password for this extension. Also write down the Voicemail Password which you’ll need to retrieve your voicemail. Finally, move down to the permit field and change the entry to the public IP address of your remote phone followed by /255.255.255.255. Submit your changes and reload FreePBX when promoted. A typical entry would look like this:

permit: 123.456.123.456/255.255.255.255

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you’ll want a real SIP telephone such as the $50 Nortel color videophone we’ve recommended previously. You’ll also find lots of additional recommendations on Nerd Vittles and in the PBX in a Flash Forum. If you’re like us, we want to make damn sure this stuff works before you shell out any more money. So, for today, let’s download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using your actual password for extension 701 (or whatever extension you plan to use) and the actual IP address of your Incredible PBX in the Cloud server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

PBX on a Flash

Astricon 2011. Astricon 2011 will be in the Denver area beginning Tuesday, October 25, through Thursday, October 27. We hope to see many of you there. Be sure to mention you’d like a free PIAF thumb drive. We hope to have a bunch of them to pass out to our loyal supporters. Nerd Vittles readers also can save 15% on your registration by using this coupon code. Register by July 10 to save an additional $170.

Originally published: Monday, June 27, 2011




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Incredible PBX 1.8: New OpenVZ and Cloud Editions

Another exciting week in the Asterisk® community with the introduction of Asterisk 1.8.2 last Friday. It's now the official PIAF-Purple payload so you can simply download the current ISO to take it for a spin. Most of the pesky bugs in Asterisk 1.8.0 and 1.8.1 now have been addressed. Let us know if you find some new ones.

While the Asterisk Dev Team has been hard at work on Asterisk 1.8.2, we've turned our attention to the cloud and VoIP virtualization. We have three new products to introduce today. The first lets you install PIAF-Purple with Asterisk 1.8.2 using a new OpenVZ template. The second lets you run Incredible PBX 1.8 as a virtual machine using the new PIAF-Purple 1.8.2 OpenVZ template. Finally, we'll show you how to run Incredible PBX 1.8 in the cloud with hosted VoIP service from RentPBX.com for $15 a month with a free local phone number and free Google Voice calling in the U.S. and Canada. So let's get started.

Using the OpenVZ PIAF-Purple Template. If you haven't heard of OpenVZ templates before, you've missed one of the real technological breakthroughs of the last decade. Rather than wading through the usual 30-minute ISO installation drill, with an OpenVZ template, all of the work is done for you. And it's quick. You can build a dozen PIAF-Purple systems using an OpenVZ template in about 15 minutes with a per system cost of less than $50. See Comment #2 below for an extra special Dell half-price server deal this week. And it's incredibly easy to then tie all of these systems together using either SIP or IAX trunks. Just follow our previous tutorial. For resellers and developers that want to try various Asterisk configurations before implementation and for trainers and others that want to host dedicated Asterisk systems for customers, the OpenVZ platform is a perfect fit. Read our original two-part article to get up to speed on Proxmox, virtualization, and IPtables with OpenVZ. Then continue on here.

Thanks to Darrell Dillman (aka dad311 on the PIAF Forums), there already is a 64-bit OpenVZ template of PIAF-Purple with Asterisk 1.8.2. Just download the template to your Desktop and then, using the Proxmox console, choose Appliance Templates, Upload File to upload the OpenVZ template into your Proxmox server platform. Once installed, you can build Asterisk 1.8.2 virtual machines to your heart's content... in less than a minute apiece. Just choose Virtual Machine, Create to create a new virtual machine using the OpenVZ template you just uploaded. In the Configuration section, choose OpenVZ for the Type and pick your new OpenVZ template from the pulldown list. Fill in a Host Name, Disk Space maximum (in GB), and (root) Password. The other defaults should be fine. In the Network section of the form, change to the Bridged Ethernet (veth) option which means the VM will obtain its IP address from your DHCP server. Make sure your DNS settings are correct for your LAN. Here's how a typical OpenVZ creation form will look:

Once the image is created, start up the virtual machine, wait about 70 seconds for the system to load, and then click on Open VNC Console. Asterisk will be loaded and running. You can verify this on the status display. You can safely ignore the status messages pertaining to IPtables assuming iptables -nL shows that IPtables is functioning properly. With the exception of text-to-speech (TTS), you now have a PIAF-Purple base platform running Asterisk 1.8.2 and FreePBX 2.8. Be sure you always run it behind a hardware-based firewall with no port exposure to the Internet.

Before you do anything else, run passwd-master to secure the passwords for FreePBX GUI access to your system. Don't forget!

If you're planning to install Incredible PBX below or if you don't need text-to-speech on your system, you can skip this next step which gets 64-bit TTS installed. Otherwise, here are the commands to get it working:

cd /root
./install-flite

Note to Our Pioneers. To those that tested the new OpenVZ template this past week, THANK YOU! Be advised that we now have incorporated several of the recommended tweaks which were documented in the PIAF Forums. The install procedure outlined above explains the new behavior of the slightly improved OpenVZ template which now is available for download. We recommend you switch.

Asterisk CLI Change. Finally, just a heads up that (once again) the Asterisk Dev Team appears to have changed the default behavior of the Asterisk CLI. With Asterisk 1.8.2, if you make outbound calls after loading the CLI, you will notice that call progress no longer appears in the CLI. To restore the standard behavior (since Moses), issue the following command: core set verbose 3. :roll:

 


Installing Incredible PBX on OpenVZ Systems. We won't repeat the entire Incredible PBX article here. If you want the background on the product, read the latest article. To get everything working with an OpenVZ system, there are only three steps:

1. Set Up Your Google Voice Account
2. Run the Incredible PBX VM Installer
3. Configure a Softphone

Configuring Google Voice. You'll need a dedicated Google Voice account to support The Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So why take the chance. Keep this account a secret!

We've tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with The Incredible PBX. Google Voice no longer is by invitation only so, if you're in the U.S. or have a friend that is, head over to the Google Voice site and register. If you're living on another continent, see MisterQ's posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work... in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it's over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don't skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you'd like in Settings, Voice Setting, Phones. But...

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That's the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don't see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you're still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call Screening - OFF
  • Call Presentation - OFF
  • Caller ID (In) - Display Caller's Number
  • Caller ID (Out) - Don't Change Anything
  • Do Not Disturb - OFF

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Running The Incredible PBX Installer. Log into your server as root and issue the following commands to set up The Incredible PBX:

cd /root
rm incrediblepbx18-vm.x
wget http://incrediblepbx.com/incrediblepbx18-vm.x
chmod +x incredible*
./incrediblepbx18-vm.x
passwd-master

When The Incredible PBX install begins, you'll be prompted for the following:

Google Voice Account Name
Google Voice Password
Google Voice 10-digit Phone Number
Gmail Notification Address
FreePBX maint Password

The Google Voice Account Name is the Gmail address for your new dedicated account, e.g. joeschmo@gmail.com. Don't forget @gmail.com! The Google Voice Password is the password for this dedicated account. The Google Voice Phone Number is the 10-digit DID for this dedicated account. We need this if we ever need to go back to the return call methodology for outbound calling. For now, it's not necessary. But who knows what the future holds. :roll: The Gmail Notification Address is the email address where you wish to receive alerts when incoming and outgoing Google Voice calls are placed using The Incredible PBX. And your FreePBX maint Password is the password you'll use to access FreePBX. You'll actually set it by running passwd-master after The Incredible PBX completes. We need this password to properly configure the CallerID Superfecta for you. By the way, none of this confidential information ever leaves your machine... just in case you were wondering.

Now have another 5-minute cup of coffee, and consider a modest donation to Nerd Vittles... for all of our hard work. :wink: You'll find a link at the top of the page. While you're waiting (and so you don't forget), go ahead and configure your hardware-based firewall to support Google Voice. See the next section for what's required. Without completing this firewall configuration step, no calls will work! When the installer finishes, READ THE SCREEN just for grins.

Here's a short video demonstration of the original Incredible PBX installer process. It still works just about the same way except there's no longer a second step to get things working.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Before you do anything else, run passwd-master again to resecure the passwords for FreePBX GUI access to your system. Don't forget!

Firewall Configuration. We hope you've taken our advice and installed a hardware-based firewall in front of The Incredible PBX. It's your phone bill. You'll need to make one adjustment on the firewall. Map UDP 5222 traffic to the internal IP address of The Incredible PBX. This is the port that Google Voice uses for phone calls and Google chat. You can decipher the IP address of your server by logging into the server as root and typing status.

Extension Password Discovery. If you're too lazy to look up your extension 701 password using the FreePBX GUI, you can log into your server as root and issue the following command to obtain the password for extension 701 which we'll need to configure your softphone or color videophone in the next step:

mysql -uroot -ppassw0rd -e"select id,data from asterisk.sip where id='701' and keyword='secret'"

The result will look something like the following where 701 is the extension and 18016 is the randomly-generated extension password exclusively for your Incredible PBX:

+-----+-------+
id         data
+-----+-------+
701      18016
+-----+-------+

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you'll want a real SIP telephone such as the $50 Nortel color videophone we've recommended above. You'll also find lots of additional recommendations on Nerd Vittles and in the PBX in a Flash Forum. If you're like us, we want to make damn sure this stuff works before you shell out any money. So, for today, let's download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using your actual password for extension 701 and the actual IP address of your Incredible PBX server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

Incredible PBX Test Flight. The proof is in the pudding as they say. So let's try two simple tests. First, let's place an outbound call. Using the softphone, dial your 10-digit cellphone number. Google Voice should transparently connect you. Answer the call and make sure you can send and receive voice on both phones. Second, from another phone, call the Google Voice number that you've dedicated to The Incredible PBX. Your softphone should begin ringing shortly. If not, make certain you are not logged into Google Chat on a Gmail account with these same credentials. If everything is working, congratulations!

Here's a brief video demonstration showing how to set up a softphone to use with your Incredible PBX, and it also walks you through several of the dozens of Asterisk applications included in your system.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. There are similar settings in gtalk.conf that can be activated although we've never had to use them. In fact, we've never had to use any of these settings. After making these changes, save the file(s) and restart Asterisk: amportal restart.

 


 

Running Incredible PBX in the Cloud. We've saved the best for last today. For many folks, you may want to experiment with VoIP technology without making a hardware investment and without having to master the intricacies of managing your own server and network. That's what Cloud Computing is all about. And we've searched far and wide to find you the perfect platform. As with many of you, one of our top priorities is always cost. While many providers were willing to provide Nerd Vittles with a few sheckles for pitching their product, only one stepped forward with a price point that we think is irresistible. And, for the record, we waived any compensation other than a few test accounts to get things working properly, so that all of the savings could be passed on to you! So here's the deal. $15 a month gets you your own PIAF-Purple server in the cloud at RentPBX.com. Just use this coupon code: BACK10, pick an east coast or west coast server to host your new system, choose the PIAF-Purple 1.7.5.5.4 install option, set up a username and very secure password, and you're off to the races. Once your account is established, here's the 5-minute procedure to install the special RentPBX-edition of Incredible PBX to begin making free calls in the U.S. and Canada through Google Voice.

Begin by Configuring Google Voice as outlined above. Then log into your RentPBX account using SSH and the port assigned to your account. For Windows users, download Putty from here. The SSH command will look something like this:

ssh -p 21422 root@209.249.149.108

Issue the following commands to download and run The Incredible PBX installer for RentPBX:

cd /root
wget http://incrediblepbx.com/incrediblepbx18-rentpbx.x
chmod +x incrediblepbx18-rentpbx.x
./incrediblepbx18-rentpbx.x
passwd-master

Now just follow along in the Incredible PBX virtual machine tutorial which we've included above. Remember that your new Incredible PBX is sitting directly on the Internet! So don't forget to run passwd-master when you finish the install, or your system is vulnerable. Ours was attacked within minutes!

Securing Your RentPBX Server. With the exception of our WhiteList application, everything is working on your RentPBX server. While we continue to work on the WhiteList component (reread this section of the article in a week or so to get the latest updates), you need to secure your system to avoid endless hack attempts on your SIP resources. Here's how. First, write down the IP addresses of your RentPBX server and your home network. Second, print out your existing IPtables configuration. The file to print is /etc/sysconfig/iptables. Third, make a backup copy of the file. While logged into your server with SSH, the easiest way is like this:

cd /etc/sysconfig
cp iptables iptables.bak

Now we need to edit the iptables file itself: nano -w iptables. Then search for the line that contains 5060: Ctrl-W, 5060, Enter. At the beginning of this line, add # to comment out the line. With the cursor still on this line, press Ctrl-K then Ctrl-U twice. This will duplicate the line. Move to the second commented line and remove #. Use the right cursor to move across the line to --dport. Then insert the following using the IP address of your RentPBX server, e.g.

-s 229.149.129.248

Be sure there's at least one space before and after the new text. Now duplicate that line with Ctrl-K and Ctrl-U twice. Change the IP address on the second line to the public IP address of your home or office network. Repeat this process for every IP address where you intend to use a SIP phone connected to your RentPBX server. Make additional entries for your SIP providers as well. If you want to sleep better, you can make similar changes to the SSH port entry to restrict it to your home/office IP address. It's the line immediately above the 5060 entry. Ditto for port 80 which is web access. Be very careful here. A typo will lock you out of your own server! When you're finished, save the changes: Ctrl-X, Y, Enter. Then restart IPtables: service iptables restart.

As always, we strongly recommend that you not put all of your VoIP eggs in one basket. Google Voice does go down from time to time. Vitelity is a perfect complement because the costs are low and you only pay for the service you use. A discount sign up link is below. And Vitelity has contributed generously to both the Nerd Vittles and PBX in a Flash projects. So please support them. Enjoy!

Originally published: Monday, January 17, 2011




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

Introducing PogoPlug: Cloud Computing for $100 per Terabyte

Introducing PogoPlug

Ever wished you could build and manage your own Cloud Computing Center with minimal cost and no recurring charges… ever? Well, today’s your lucky day.

It takes a lot to get us excited about a new product offering. But this one is a real winner! For under $130, Cloud Engines provides you your very own PogoPlug 2.0 device that connects to your router and shares up to four USB drives over the Internet. At today’s prices and ignoring sales tax, that means you can put eight terabytes of Cloud Storage on line for a one-time cost of about $100/terabyte. To give you a point of reference, Google will rent you the same space for $256/terabyte… per year. And Google is one of the least expensive Cloud Computing resources out there. Here’s the math for naysayers:

4 – WalMart1 2TB WD MyBook Drives @ $169 each = $676
1 – PogoPlug 2.0 Device @ $129 each = $129
ONE-TIME, NON-RECURRING COST: $805/8TB or $100/TB

For those that don’t need 8 terabytes, the 2 terabyte setup including the drive and PogoPlug device is still just over half the one-year rental rate of equivalent storage from Google. And, just to be clear, this isn’t merely a storage device (like Amazon S3) requiring downloads before the files can actually be used. PogoPlug’s software makes these USB drives an integral part of your Desktop just like any other attached storage devices. Think WebDAV! So it makes a perfect home for your music, movie, and photo collections. There also are loads of Open Source applications for PogoPlug for those that like to tinker. And you can use PogoPlug to keep synchronized backups of your important files.

Other Options. Be aware that for about $50 less, you can purchase the Seagate FreeAgent DockStar Network Adapter which includes a single year of PogoPlug Internet support. After that, it’s $30 annually. Translation: By the end of the second year, you’re better off with the PogoPlug. So the choice is a No-Brainer in our book. But, the fact that Seagate is also standing behind the PogoPlug design should make everyone sleep more soundly.

Deployment. After a one-minute, one-time setup over the Internet, you can securely access all of your USB drive resources via PogoPlug using either a web browser or one of several free desktop applications that are available for Windows, Mac OS X, Linux as well as Android phones, iPhones, and (earlier today) Blackberrys. And you get free support and a terrific forum. The device works flawlessly behind either a DSL or cable modem AND a NAT-based router so there are no firewall issues to address. Just enter the serial number on the bottom of your device when you access the PogoPlug web site, and configuration is automatic.

Uploading Files. One of PogoPlug’s slickest features is its automatic cataloging of files which are uploaded. Once uploaded, you can view your Music, Movies, and Pictures by simply clicking on one of the buttons. Photos are cataloged into directories by the month in which the photos were taken. Music is indexed by artist, album, and genre. In addition, music by artist, album and genre as well as photo albums can be shared by entering email addresses for those that can access the materials, by enabling public viewing (assuming you have legal rights to do so), or by sharing items using your Twitter, Facebook, and MySpace credentials. We’ve shared a photo album just to give you an idea of how this works. The security and logistical nuts and bolts all are managed by Cloud Engines’ servers. You can review and modify the materials you’re sharing by clicking on the Files I Share link in your browser. Finally you can automatically alert those with share privileges when folder content is updated. Very slick!

Give PogoPlug a try. By clicking on one of our links, you also help support the Nerd Vittles project. We think you’ll be as thrilled as we are with this terrific new creation. Enjoy!




Need help with Asterisk®? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. The in-store pricing at WalMart is actually cheaper than on line for these particular drives. []

Surfing the Google Wave

Original image courtesy of Squidoo.com... with apologies We’ve spent a week getting to know Google Wave using Chrome along with 100,000 of our closest friends. We wanted to give you a status report. Hype aside, Google Wave is an incredible tool when used for the right purpose. If you’ve been asleep or hiding under a rock for the past two weeks and missed the party, here’s a quick summary of Google’s latest invention. It’s a bird, it’s a plane… actually it’s a collaboration and communications platform that brings the full richness of Web 2.0 to your desktop. Some have suggested that it’s what email would look like if it were invented today. Our discussion focuses on the web-based Wave client, but Google Wave also is an open source development toolkit, and we’ll get to that one day soon.

Much has been written about Google Wave’s capabilities, and we won’t repeat that here. Instead, we want to address Google Wave’s potential and what we see as some of the present shortcomings of the product. We fully appreciate that this is a preview, and many of our concerns may yet be addressed before Google Wave becomes available to the general public. We can’t help chuckling at the realization that, in less than 30 years, we’ve now come full circle in data processing. What began as mainframe computing evolved into personal computing. And now Google Wave brings us much closer to being back where we started except for a state-of-the-art user interface and a new name: Cloud Computing. If IBM had addressed the user interface issues with mainframe computing, they probably never would have lost their market in the first place.

The screenshot above really can’t do justice to the richness of the client interface because you truly need a monitor as wide as your desk to get the most out of Google Wave. No, you won’t be using this on your cellphone or PDA… at least not well. For openers, Google Wave provides real-time collaboration so you actually see folks typing into various message threads (called waves) in the Land of Google. When you create a new wave, you “invite” other people in your Contacts to the wave. This puts the wave at the top of their Inbox in bold-faced type, akin to what Gmail would do with an incoming email.

There’s another frame to the right of your Inbox which actually displays the complete wave that you have selected so you’re never really jumping back and forth between selecting waves and reading them. What takes a bit of getting used to is the fact that both your Inbox and the wave you are currently reading may be changing every second with input from literally dozens of your associates or strangers if the wave you’re reading happened to be designated as public.

There’s one other dramatic difference in waves and threads of email messages. Other folks can change your stuff. As a collaboration tool with close associates, this might be desirable. With public waves, it would be a nightmare in the real world. And we don’t consider the 100,000 Google Wave previewers the real world. They are for the most part well-behaved probably out of fear that they’d be booted out if they behaved badly. That isn’t the real world as we all know. And the current Google Wave design would let a single creep destroy virtually every public wave in minutes using bots and malicious changes to documents. As presently designed, there would be little recourse other than replaying what your wave used to look like. You really can’t put Humpty back together again as some have already discovered.

Richard Nixon learned the hard way that tape recorders can be a blessing and a curse. Much has been made of the capability Google Wave offers to replay a wave so that you can playback the development of a thread of messages and see who added or deleted what and when. Google has touted the fact that everything is preserved. Well, not quite. First, there’s no capability at least presently to scroll back to a certain place in the timeline and recreate a new wave up to there. The most you can retrieve is a single posting. Second, anybody with access to the wave can use this timeline feature so wave restoration wouldn’t necessarily be desirable unless it were restricted to the original author of the wave. And, third, at least at Google someone knows how to cheat the system and delete stuff from the timeline. We only discovered this in reviewing the first public porn wave which started out prim and proper enough but quickly gathered steam when someone posted a collection of NSFW (or anywhere else) photos from their favorite collection. Within a few minutes, the postings quietly disappeared. Being the careful reviewer that we are, we immediately reached for the Playback button to check the history of the wave. Sure enough, the raunchy photos were still there. But, by the next morning, they had completely vanished from the chronology. So much for the official stance that nothing ever disappears. The real disappointment with the replay function is the lack of any capability to restore an entire wave. Because only individual messages (known as blips) can be recovered, this would prove to be next to worthless in a complex wave with hundreds of postings.

That brings us to the issue of whether public waves really make sense given the world in which we live. The good news is it works much better than IRC because of the richness of the content with attachments and hyperlinks. But, at least for public waves, the ability to edit someone else’s stuff would have to go. We try not to focus on legal nightmares in reviewing new software, but one can’t help wondering what would happen if one were to post something complimentary about a neighbor in a public wave and then another neighbor altered your posting by falsely accusing the individual of sleeping around with half of the neighborhood. Obviously, there’s still a good bit of work to do on the security front and in deciding whether allowing others to amend someone else’s postings is a good idea. Whether Google gets the security piece right will ultimately determine the success of Google Wave.

For public waves, it’s a no-brainer. You just can’t! And, to be honest, in reviewing hundreds of public waves in the preview, we can’t recall a single instance where this functionality would have been necessary. In a true (private) collaborative project, it would be wonderful but color-coding of text or some other method of identifying who wrote what would be absolutely essential from both a practical and legal standpoint. Both Microsoft Word and WordPerfect have had this capability forever. The simple way in Google Wave would be to add user’s pictures with a colored border and matching colored text whenever they make changes to someone else’s posting. With this addition, Google Wave could become a wonderful collaborative tool in both legal and technical environments.

And, speaking of word processing, Google Wave falls a bit short on the word processing scale. Despite the richness of Google’s knol platform, some of that functionality still is not available in Google Wave. The text editing and formatting is much akin to what’s available in a typical email client. You can change fonts, adjust color, indent, add hyperlinks and images, but that’s about as far as it goes. There are no headers, footers, footnotes, etc. So you can’t easily transform a wave into a formatted document for printing at this juncture. But that may come as development continues.

There are a few other things still on our Wish List. First, we’d love for Google Wave to evolve into a tool that can replace today’s forums which are not much more functional than BBS software was two decades ago. Once there is administrator control of rollback and protection of waves by granular access rights to functions, bots, and gadgets as well as the ability to block users and ranges of IP addresses, this should happen. Second, we obviously want the ability to include either read-only or read-write access to waves in a blog or web site. We already have the web site functionality working (see below for a sample), but you currently need a Google Wave account to access it. Third, we really want to assimilate all of the tools we use into the Google Wave Desktop so that everything is accessible in one place. That’s what Cloud Computing is all about, and Google Wave comes closer than anything else in meeting that need. You already can access Gmail on your Google Wave desktop and any web site that can be framed can be included in a wave as an iFrame. That doesn’t leave much once the security feature set is in place to protect all the components.

Finally, we’ll close with a brief mention of the coolest feature of Google Wave. That is its expandability which is enabled by incorporating bots and gadgets into any wave. As you might imagine, these extensions can do almost anything… good or bad. Here’s a short list of what has been developed and what’s already on the radar in just a few short weeks:

Chatbots
Eliza – ogenex@appspot.com – An implementation of the Eliza chatbot borrowed from the NLTK.
Elize – elizarobot@appspot.com – Is one of the first robots that was created by non Googler and is very useful if you are feeling alone in your Google Wave client.
Rude chatbot – notatory@appspot.com – An obnoxious chatbot borrowed from the Natural Language Processing Toolkit.
TooAngel Wave – In Progress – tooangel-wave@appspot.com – A self learning robot, that will respond to a reply in a more humanoid way

Conversion
BotURL – boturl@appspot.com – A URL Linker that replaces full URLs with hyperlinks.
Calcbot – calcbot@appspot.com – This bot will do in place calculations for simple mathematical expressions and allow you to use user defined variables.
Cartoony – cartoonybot@appspot.com – Replaces the text of every submitted blip with a cartoon balloon that contains the text instead. Colors the balloons based on username.
Dice Bot – dice-bot@appspot.com – Dice-rolling bot. Dice Bot will replace XdY (X is the number of dice; Y is the number of sides) with the results of those rolls.
Flippy – flippy-wave@appspot.com – Turns text upside-down.
Fnordlinky – fnordlinks@appspot.com – Replaces “PMID <number>” with article information from PubMed.
Hearty Emobot – hearty-emobot@appspot.com – Replaces ASCII art with wingding characters.
i-cron – i-cron@appspot.com – Evaluates Python expressions. Looks at blips in event, searches for CALC() macros and executes Python code using exec().
Insulty – megabytemb123@appspot.com – Information Needed
IPA Bot – ipa-bot@appspot.com – Changes normal letters into special characters used for phonetics.
Piratify
– piratify@appspot.com – Turns whatever you type into “Pirate Speak” .. Arrrr.
Plotzie – plotzie@appspot.com – Plots sparklines from your data.
Shortee – Wish – Change “c u l8r” to “see you later” etc.
Swedish Chef – borkforceone@appspot.com – Changes english into Swedish-Chef Speak. Bork! Bork!
Syntaxy – kasyntaxy@appspot.com – Syntaxy does blip-by-blip syntax highlighting for a variety of languages including Python, Java, C, C++, html, css and javascript.
Watexy – watexy@appspot.com – Use LaTeX mathematical language in your Waves!
Wikify – wikifier@appspot.com – Replaces specific marked up text with a link to Wikipedia or a description relevant to the marked text.

Games
Hangman – wavehangman@appspot.com – Play Hangman.
Roshambo – roshambowave@appspot.com – Play Roshambo (Rock / Paper / Scissors).
Speedy – Wish – Track the words per minute of all participants, competitive typing!

Groups
Groupy – groupy-robot@appspot.com – Robot to manage groups.

Integration
drop.io – mikeswaverobot@appspot.com – Creates a drop and puts the info into the wave whenever the robot is added as a participant.
OpenAustralia – In Progress – A robot to allow interaction with the OpenAustralia web site.
PlonieBot – In Progress – ploniebot@appspot.com – Brings wave document editing capabilities to the Plone CMS
Poppy – In Progress – poppywave@appspot.com – Helps bridge Google Wave conversations to email users outside the Wave.
Rssybot – rssybot@appspot.com – Turn google wave into an RSS reader!
Starify – starifybot@appspot.com – Lets you star waves, in sort of bookmarking style.
Tweety the Twitbot – tweety-wave@appspot.com – You can access your Twitter account.
Twiliobot – twiliobot@appspot.com – Transforms phone numbers into click-to-call links. If user clicks a link, a call is placed to his phone and to the number in the link. The call can be transcribed and inserted into the wave as text with a link to the audio.
Wave-Email – In Progress – wave-email@appspot.com – Provide an extension to Google Wave which will allow the integration of both sending and receiving emails.
Wave Live Messenger – wavelivemessenger@appspot.com – Allows you to chat to your windows live messenger contacts from inside a wave.

Language
PhilBot – Wish – A suggested solution to the problem of waves with languages you can’t read.
Rosy Etta – rosy@wavesandbox.com – Translator (40 Languages).

Polling
Polly the Pollster – polly-wave@appspot.com – Poll Bot.

Search / Aggregation
Dr Maps – dr-maps@appspot.com – Updates a wave by inserting a map associated to an address.
Dr Weather – shiny-sky@appspot.com – Gives the weather for a City
Embedded Search Results – wave-sandbox@appspot.com – Web and Image searches inline.
FML Blipper – fmlblipper@appspot.com – displays random FML story from www.fmylife.com
Grauniady – grauniady@appspot.com – Searches the latest items from The Guardian for a given phrase.
Stocky – stocky-wave@appspot.com – Detects stock symbols from a wave and updates it with the live stock price.
Wavethingy – wavethingy@appspot.com – Searches Amazon for DVDs and books, and gives the author a cut of any purchases made off the links.
Yelpy – yelpful@appspot.com – Searches Yelp with a user defined location and category.

Utilities
AmazonBot – amazon-withwaves-com@appspot.com – Enables social product research and shopping on Amazon.com. Wave participants can share products & reviews with contacts in real-time thanks to automatic queries by the AmazonBot against conversation keywords. The AmazonBot gadget can detect products and return inline product links or a custom full product browser.
Bloggy
– blog-wave@appspot.com – Information Needed
Bit.ly Bot – bitly-bot@appspot.com – Shortens the url using bitly.
Botty – Wish – Will automatically add a set of useful bots to a wave according to a collection of bots (so they don’t have to individually be added when you use them all the time.
CountColon – countcolon@appspot.com – Adds text statistics to your blips (words, lines, etc.)
Companion Sphere – companionsphere@appspot.com – Collection of geek utils, first working verb is “lookup” for wikipedia/wiktionary one-line descriptions.
Databot – Wish – Will start as soon as the GData interface is published.
Emoticony – emoticonbot@appspot.com – Replaces text representations of emoticons with the relevant image.
JBREAKOUT – jbreakout@appspot.com – Debug utility that reports event triggers.
Maison – maison@appspot.com – Makes blips public at http://maison.appspot.com.
Multi – multi-wave@appspot.com – A quote collector. Reply a blip you want to quote with ‘quote this’ and randomly display a quote with ‘quote <wave @account.com>’. The bot is still being under development but you can try playing with it.
Natural Language Processing – knowledge-books@appspot.com – Adds blips with NLP analysis.
Nokar – lab2market@appspot.com – Has many features such as translations, image insertion, insert last tweets etc.
Posterous – posterous-robot@appspot.com – A robot for posterous.com user to post blog in Google Wave. Here is how to write a blog using Google Wave Robot for Posterous.
Publisher – wave-publisher@appspot.com – Information Needed
Skimmy – wave-skimmy@appspot.com – Converts text emoticons, from : ) to img. Has a bookmarklet which creates a popup menu to insert emoticons for which the code is unknown.
Smiley – smiley-bot@appspot.com – Changes the smiley symbols to smiley images.
Smiley – In Progress – smiley-robot@appspot.com – Changes the smiley symbols to smiley images.
Style Chart – stylechart@appspot.com – Inserts a chart into a wave.

Wave Management
Bouncy – bouncy-wave@appspot.com – Allows you to remove robots from a wave. Doesn’t seem to work on real people though, and laughs if you try to ask it to kick itself out. To get it to kick a bot out, type “bounce:name@domain.com”
Linear – Wish – Enforce all replies to be to the main wave. If a user replies to a reply, remove it and place it as a reply to the main wavelet.
Read Onlie – readonliebot@appspot.com – Records the original wave content. Whenever it’s edited, the content is replaced with the original. Simple as that.
Seekdroid – seekdroid@appspot.com – You can list Robots, add them and find them out, easy to use. In continuous development. Website with all the information seekdroid.appspot.com.
Sweepy – sweepy-wave@appspot.com – Remove empty, whitespace-only blips.
Taggy – taggy-wave@appspot.com – Recognize #hashtags and add them as tags to the wave.
Tocgen – tocgen@appspot.com – Table of Contents auto-generated and updated based on the h1,h2,h3,h4 in a wave.
Twitusernames – twitusernames@appspot.com – Replaces all Twitter @username with links to the Twitter accounts.

Gadget Utilities
Ajax Animator – In Progress – http://antimatter15.com/ajaxanimator/wave/manifest.xml – A fully integrated multi-user web based vector graphic animation authoring environment.
AmazonBot Gadgett – http://amazon-withwaves-com.appspot.com/gadgets/AmazonProductList.xml – The AmazonBot gadget can detect products and return inline product links or a custom full product browser.
Bidder – http://wave-api.appspot.com/public/gadgets/bidder.xml – Simple Auction.
Checky – http://wave-gadgets.appspot.com/checky.xml – Basecamp-like checklists with drag-and-drop.
Click me – http://wave-api.appspot.com/public/gadgets/hellowave.xml – Shows a button with a counter. Each time the button gets clicked, the counter is incremented by one. Shows off how the state interaction works.
HTML – http://wave-ide.appspot.com/html.xml – Embed any HTML into a wave.
iFrame – http://wave-ide.appspot.com/iframe.xml – Embed any web page into a wave.
iWave – http://gadget.wave.to/iWave/iWave.xml – Allows you to create a profile on wave to make wave just a little more personal. Uses facebook connect to retrieve your details if you sign in.
Licensing – In Progress – http://wave-license.appspot.com/license_gadget.xml – Creative Commons RDF Embedding – Planning Stage.
Maps – http://hosting.gmodules.com/ig/gadgets/file/101415471413908368316/mappy.xml -Embed Google Map.
Napkin – http://my-wave-gadgets.appspot.com/wave/NapkinGadget.xml – Example of Flash/Flex Wave Gadget, similar to Whiteboard gadget above – source on Google Code.
QuakeBot – In Progress – Server information on the Quake 3 protocol.
Raffly – http://raffly.googlecode.com/svn/trunk/sandbox/raffly-xml1/raffly.xml – Insert this gadget to select a random participant from your wave to be the winner. The winner of what? Well that’s up to you :-)
Ratings – http://google-wave-resources.googlecode.com/svn/trunk/samples/extensions/gadgets/ratings/ratings.xml – Lets participants rate and review a topic (movie, restaurant, etc) in a wave and shows a tally of the result.
Slashdot Gadget – http://www.m1cr0sux0r.com/slashdot.xml – Loads latest Headlines from Slashdot.
Troco – An experimental peer-to-peer currency – http://troco.ourproject.org/gadget/org.ourproject.troco.client.TrocoWaveGadget.gadget.xml – Aims to provide a decentralized complementary community currency system, that is, a peer-to-peer currency system. Also you can see it as an IOU or promissory note based system. More info click here.
Vector Editor – http://jsvectoreditor.googlecode.com/svn/trunk/wave/vectoreditor.xml – A cross platform collaborative real time vector graphics editor.
Whiteboard – http://vps.michaelrose.id.au/canvas.xml – Draw on a virtual whiteboard.
Who is Coming? – http://wave-api.appspot.com/public/gadgets/areyouin/gadget.xml -Show a list of all people that have said whether they will come or not.

Gadget Games
Backgammon – Wish – Remove all of one’s own checkers from the board before one’s opponent can do the same. [Wikipedia]
Battleship – Wish – Displays different board based on user.
Boxes – In Progress – Connect lines to make boxes and win.
Connect 4/Four-in-a-row – In Progress – sdunster@wavesandbox.com – http://www.sdunster.com/wave/four.xml – 2 users + observers, turn locking, just waiting to write win-detection code.
Floodit – http://gadget.wave.to/floodit/game.xml – 2 player race to fill a board with colors.
Magnetic Poetry – http://hosting.gmodules.com/ig/gadgets/file/107558585548952247431/fridge-11.xml – Re-arrange random words to form poetry.
Match them colors! – In Progress – Match 3 / gem matching game.
Othello – Wish – Play Reversi.
Sudoku – http://blah.appspot.com/wave/sudoku/sudoku.xml – Play Sudoku.
The Button – http://hyperthese.net/wave-gadgets/the-button.xml – A useless (I mean USELESS) game.

Hooks
CVS integration – Wish – CVS history can be converted into a wave with playback.
GIT integration – Wish – GIT history can be imported and played back (dffs).
SVN integration – Wish – SVN History can be converted into a wave with playback.

Appearance
Google Wave Scrollbars – http://www.uniformedopinion.com/google-wave-native-scrollbars-extension/google-wave.crx – Changes the wave scrollbars to the default system scrollbars.


Enhanced Google Maps. In case you haven’t noticed, we’ve added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We’ll show you how to add something similar to any LAMP-based Linux system in coming weeks. It’s a powerful technology that has enormous potential. If you’re unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.



Need help with Asterisk®? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…


For those of you that already have Google Wave accounts, here’s a sample of how a wave will look in a WordPress posting. You can even add content to the wave! This works in Safari and Chrome most of the time, Firefox some of the time (if you turn on Accept 3d Party Cookies), and IE almost never. For those of you that are not part of the Google Wave preview, you’ll just have to wait patiently until Google turns on at least read-only access to this functionality:

Ringbinder theme by Themocracy