Posts tagged: freepbx

Sleep Well: Create a $10.50 Incredible Backup Server in the Cloud with WebDAV

With the impending demise of Copy.com, it seemed like a good time to revisit the subject of backups and to do a little advance preparation for that rainy day when your Incredible PBX™ server decides it’s taken its last breath. We recently documented how to build an Incredible PBX in the Cloud for a one-time cost of $10.50. And we showed you how to build a Linux Sandbox in the Cloud for the same bargain-basement price. Today, we’re adding a third way to spend one day’s lunch money with our new Backup Server in the Cloud at CloudAtCost. And, like the other two, a one-time investment of $10.50 gets you a 10GB cloud repository to store your most important Asterisk® files for life!1 If you’re feeling really adventurous, you can double or quadruple your resources and your storage capacity at the same great 70% off rates with CloudAtCost coupon code: TAKE70. Some have asked us for a referral code to give credit where credit is due. Thanks for thinking of us, but we already have all of the CloudAtCost resources we could ever use. So this one, like the two before it, is on us!



We recommend you start by building an Incredible PBX platform at CloudAtCost using our previous tutorial. Is it production-ready? Probably not. Is it a good standby server which can swing into action when your primary server croaks? Absolutely. Can it be used for off-site storage of backups from your primary Incredible PBX server? You bet. And today we’ll show you how. It’s about a 10-minute process once you have Incredible PBX up and running in the Cloud. We’ll also provide an updated Incredible Backup script to transparently upload backup images to your new CloudAtCost backup server.

Got DAV?It’s been quite a while since we first explored WebDAV back in 2005. Today we’re going to bolt on WebDAV to your existing Incredible PBX platform so that some of that spare storage space in the Cloud can be used to house snapshot images of your Incredible PBX production server. Since this will be a fully-functioning Incredible PBX server in addition to serving as a backup server, it can perform double-duty as a hot standby on a moment’s notice. When disaster strikes, restore the latest backup which happens to be colocated on your Cloud server, and you’ll be back in business.

Overview. As you probably know, WebDAV is an acronym for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac and Linux worlds, WebDAV provides a Disk Volume that “looks and feels” like any other networked hard disk. In the Windows world, WebDAV is called Web Folders. They can be used like any other mapped drive in Network Neighborhood. If you’re still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people with access rights don’t change the same file at the same time.

Initial Setup of WebDAV in the Cloud. For today, we’re assuming you already have a functioning Incredible PBX server at CloudAtCost running under CentOS 6.7. If not, start with our tutorial here. If you’d prefer to use the Linux Sandbox configuration for your WebDAV platform, skip down to the next section. To keep things simple, we’re going to set up a separate dav directory within your existing Incredible PBX cloud server to use for WebDAV storage. This means files and folders managed with WebDAV will appear in /var/www/html/dav on your server. We’ll password-protect the directory using Apache web credentials for the admin user. You first must set up these credentials by issuing the following command while logged into your server as root:

htpasswd /etc/pbx/wwwpasswd admin

To activate WebDAV on your Incredible PBX server at CloudAtCost, while still logged into your server as root, issue the following commands:

mkdir /var/www/html/dav
chown asterisk:asterisk /var/www/html/dav
chown asterisk:asterisk /var/lib/dav
cd /etc/pbx/httpdconf
wget http://incrediblepbx.com/dav.conf
service httpd restart

Keep in mind that WebDAV is running on an Incredible PBX server which means that remote HTTP access will require that your remote IP address be in the IPtables WhiteList. You can add it easily using the add-ip or add-fqdn utilities in /root. Don’t forget, or none of this will work.

Setting Up WebDAV on a CloudAtCost Linux Sandbox. If you’d prefer to set up WebDAV on a Linux Sandbox at CloudAtCost rather than the Incredible PBX platform, begin by installing the sandbox by following along in the Nerd Vittles tutorial. Once you’re up an running, issue the following commands to activate WebDAV:

mkdir /etc/pbx
htpasswd -c /etc/pbx/wwwpasswd admin
mkdir /var/www/html/dav
chown apache:apache /var/www/html/dav
cd /etc/httpd/conf.d
wget http://incrediblepbx.com/dav.conf
service httpd restart

You won’t have to whitelist the IP address of your local Incredible PBX server in the IPtables firewall running on your WebDAV server at CloudAtCost because port 80 already is whitelisted in the default Linux Sandbox setup.

Accessing WebDAV in the Cloud. As installed, you’ll need your username (admin) and your Apache password assigned above to access your WebDAV server in the Cloud. Use a browser for read only access to the dav directory at the IP address of your server, e.g. http://23.45.67.89/dav. Or establish a network share to the WebDAV resource for read and write access.

Configuring a Local CentOS/SL Server for WebDAV Access. Linux needs something special in order to treat remote WebDAV resources as part of your local file system. Fortunately, there is a packaged solution that does all the heavy lifting for you. On every CentOS/Scientific Linux server from which you want to access remote WebDAV resources, issue the following commands while logged into the server as root:

yum -y install davfs2
mkdir /dav
cd /root
wget http://incrediblepbx.com/incrediblebackup-dav
chmod +x incrediblebackup-dav

Configuring a Local Debian/Ubuntu/Raspbian Server for WebDAV Access. The setup drill is much the same as it is for CentOS except the package installation syntax needs to be adjusted. On every Debian, Ubuntu, or Raspbian (Raspberry Pi) server from which you want to access remote WebDAV resources, issue the following commands while logged into the server as root:

apt-get -y install davfs2
mkdir /dav
cd /root
wget http://incrediblepbx.com/incrediblebackup-dav
chmod +x incrediblebackup-dav

Connecting to Your WebDAV Server in the Cloud. The new Incredible Backup script, /root/incrediblebackup-dav, will automatically make a connection to your new WebDAV server in the Cloud once you’ve entered your admin credentials and the IP address of your WebDAV server. Do this by editing incrediblebackup-dav. Just plug in your admin password and the IP address of your WebDAV server in the Cloud. Then save the file.

In case you’re curious, here is the command to access WebDAV as a file system from your local server. Assuming admin:passwd555 were your remote Apache credentials and 23.45.67.89 was the IP address of your CloudAtCost server, the mount command would look like this:

echo passwd555 | mount.davfs http://23.45.67.89/dav /dav -o username=admin

All of the /dav files on the WebDAV server in the Cloud then would be accessible in the /dav directory on your local server until the WebDAV connection was closed/unmounted. You can add, edit, and delete files and directories. All of your local changes will automatically be synchronized with your WebDAV server in the Cloud.

To close the WebDAV connection, issue the following command:

umount.davfs /dav

Making a Backup to Your WebDAV Server in the Cloud. This is the easy part. Once everything is in place and you have configured the Incredible Backup script with your admin credentials and WebDAV server’s IP address, you’re ready to kick off a backup. Just issue the following command while logged into your server as root:

/root/incrediblebackup-dav

Restoring a Backup from Your WebDAV Server in the Cloud. There are two ways to do this. If your local server and Cloud-based server are running identical versions of Incredible PBX, then you can restore the backup image to your Cloud server and run Incredible PBX in the Cloud. Simply move the desired backup file from /var/www/html/dav on the Cloud server to /backup and then run incrediblerestore from the /root folder. Once the restore completes, reboot your Cloud server, reconfigure the IP addresses of your phones, and you’re back in business.

If you’d prefer to restore a backup from the Cloud to a local server, then you would first build a new server to match the one from which the backup was originally made. Next, configure the new server to support WebDAV access to your Cloud-based server following the tutorial above. Then execute the following commands after logging into your local server as root. Use the credentials, IP address, and actual backup filename saved on your Cloud server:

mkdir /backup
cd /root
echo passwd555 | mount.davfs http://23.45.67.89/dav /dav -o username=admin
cp /dav/backupfilename.tar.gz /backup/.
umount.davfs /dav
./incrediblerestore /backup/backupfilename.tar.gz
rm /backup/backupfilename.tar.gz

WebDAV Cautionary Notes and Gotchas. First, WebDAV does a lot of heavy lifting under the covers because its intended for use as a collaboration tool by multiple people accessing and updating the same resources. So synchronization is important. When we’re moving huge files from a local server to the WebDAV cloud, this synchronization activity can give the appearance that your server has hung either during the backup procedure or thereafter. It hasn’t. So, after you run the Incredible Backup script to upload a new backup image, leave your server alone for a while. On your local server, don’t attempt to list /dav or otherwise use it for about an hour to be safe. On a Raspberry Pi, just be patient while the backup procedure completes. After that, you should be good to go. Depending upon the Linux flavor of your local server, the Incredible Backup script may not dismount your WebDAV resource successfully. You can do this manually LATER although it won’t hurt anything to leave the connection in place. As noted above, the dismount command is umount.davfs /dav.

Second, be very careful in configuring Incredible Backup to make certain that you specify the correct IP address for your WebDAV server in the Cloud. WebDAV will try to connect to any IP address, and you don’t want to inadvertently upload your backup files to someone else’s server. Third, ALWAYS use a web browser to access your WebDAV server in the Cloud after your backup completes to make certain that a backup with the current date and time is shown in the directory listing. Particularly with RedHat OS flavors, it may take some time for the entire tarball upload to complete even though the script will indicate it has finished. Again, patience is a virtue. Don’t reboot. Things will get sorted out in due course.

Finally, as with other network connections, if the WebDAV connection fails for some reason, your backup would be stored locally in the /dav folder rather than on WebDAV in the Cloud. That’s obviously not too helpful in the event of a local disk crash. So don’t forget to check your WebDAV server in the Cloud to verify successful completion of the backup.

Enjoy!

Republished: Monday, April 25, 2016





Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. The lifetime promise is, of course, in the eye of the beholder. It may be your lifetime but, more than likely, it’s the lifetime of CloudAtCost. The two are not necessarily the same so plan accordingly. 🙂 []

    Taking a Fresh Look at the Asterisk, FreePBX, and Incredible PBX Security Models

    About once a year, we try to shine the spotlight on Asterisk® security in hopes of saving lots of organizations and individuals a little bit (or a lot) of money. In light of last week’s major security lapse in the Asterisk® dialplan of those using FreePBX® since the Asterisk@Home days, now seemed like a good time for a review. As we’ve noted before, the problem with open source phone systems is they’re open source phone systems. So the bad guys can figure out how they work just like the good guys. Unfortunately, some of the bad guys are paying particular attention to Asterisk and FreePBX so it behooves all of us to remain vigilant and patch vulnerabilities quickly. The FreePBX Devs have done an admirable job in responding quickly to this issue.

    Last week’s vulnerability involves the call transfer methodology that has been incorporated into FreePBX-based Asterisk servers for at least a decade. In a nutshell, it allows an internal or outside caller or called party to transfer a call using touchtones instead of a dedicated transfer button or hook flash. ## performs a blind transfer while *2 sets up an attended transfer where the person transferring the call can actually talk to the transfer recipient before executing the call transfer. Some of our foreign friends used this *2 methodology to initiate calls to Asterisk servers and then to transfer those calls to expensive destinations while the other party to the call listened to music on hold. Worse yet, it could be performed within an answering IVR on some servers so the administrator never knew the call transfer took place other than reviewing the call detail records. As with some previous vulnerabilities, this one had lain dormant since the inception of call transfer technology in Asterisk. The default settings in FreePBX permitted outside calling or called parties to initiate transfers using these feature codes. We’re reminded of a similar vulnerability that used to exist in many Asterisk voicemail systems that allowed callers to dialout to another number from within the voicemail system.

    We hope to persuade you today that allowing transfer of calls using touch tones is a very bad idea to begin with. Even when you don’t get a surprise phone bill, it often results in unanticipated consequences such as depicted in this video shared on DSL Reports:



    Here’s how you can protect any server that uses all or some of the FreePBX GUI. First, be aware that the FreePBX developers are working on a rewrite of the Core component in versions 13 and 12. The fix would limit use of this technology to those on the internal side of a PBX. In other words, remote callers would be blocked from calling into an Asterisk server and transferring themselves to a phone on a cruise ship sailing in the Indian Ocean. In the meantime, issuing the following commands will patch things up:

    mysql -uroot -ppassw0rd asterisk -e "update freepbx_settings set value = 'tr' where keyword = 'DIAL_OPTIONS' limit 1"
    mysql -uroot -ppassw0rd asterisk -e "update freepbx_settings set value = '' where keyword = 'TRUNK_OPTIONS' limit 1"
    amportal a r
    

    For those using Incredible PBX™, the Automatic Update Utility will patch your server the next time you log in as root.

    Olle Johansson has been one of the primary shakers and movers when it comes to educating folks on Asterisk security and inspiring developers to do a better job designing these systems. If you didn’t attend AstriCon 2013 and haven’t watched the Security Master Class, put these videos on your Bucket List. They’re all free and well worth your time.

    When we began building out Incredible PBX on other platforms several years ago, we decided it was an opportune time to revisit our Asterisk security model and make it as bullet-proof as possible given the number of people now deploying Asterisk servers in the cloud. As a practical matter, there are no hardware-based firewalls to protect you with many of the cloud-based systems. So you literally live or die based upon the strength of your own software-based security model.

    As in the past, security is all about layers of protection. A bundle of sticks is harder to break than a single stick. There now are Incredible PBX builds for CentOS, Scientific Linux, Ubuntu 14, and the latest Raspbian 8 for the Raspberry Pi 2 and 3. All of these releases include the new Incredible PBX security model. Here’s how it works…

    The 7 Security Layers include the following, and we will go into the details below:

    1. Preconfigured IPtables Linux Firewall
    2. Preconfigured Travelin’ Man 3 WhiteLists
    3. Randomized Port Knocker for Remote Access
    4. TM4 WhiteListing by Telephone (optional)
    5. Fail2Ban
    6. Randomized Ultra-Secure Passwords
    7. Automatic Security Updates & Bug Fixes

    1. IPtables Linux Firewall. Yes, we’ve had IPtables in place with PBX in a Flash for many years. And, yes, it was partially locked down in previous Incredible PBX releases if you chose to deploy Travelin’ Man 3. Now it’s automatically installed AND locked down, period. As installed, the new Incredible PBX limits login access to your server to those on your private LAN (if any) and anyone logging in from the server’s public or private IP address and the public IP address of the desktop machine used to install the Incredible PBX software. If you or your users need access from other computers or phones, those addresses can be added quickly using either the Travelin’ Man 3 tools (add-ip and add-fqdn) or using the Port Knocker application running on your desktop or smartphone. All you need is your randomized 3 codes for the knock. You can also enable a remote IP address by telephone. Keep reading!

    2. Travelin’ Man 3 WhiteLists. As in the past, many of the major SIP providers have been whitelisted in the default setup so that you can quickly add new service without worrying about firewall access. These are providers that we’ve used over the years. The preconfigured providers include Vitelity (outbound1.vitelity.net and inbound1.vitelity.net), Google Voice (talk.google.com), VoIP.ms (city.voip.ms), DIDforsale (209.216.2.211), CallCentric (callcentric.com), and also VoIPStreet.com (chi-out.voipstreet.com plus chi-in.voipstreet.com), Les.net (did.voip.les.net), Future-Nine, AxVoice (magnum.axvoice.com), SIP2SIP (proxy.sipthor.net), VoIPMyWay (sip.voipwelcome.com), Obivoice/Vestalink (sms.intelafone.com), Teliax, and IPkall. You are, of course, free to add other providers or users using the whitelist tools being provided. add-ip lets you add an IP address to your whitelist. add-fqdn lets you add a fully-qualified domain name to your whitelist. del-acct lets you remove an entry from your whitelist. Because FQDNs cause problems with IPtables if the FQDN happens to be invalid or non-functional, we’ve provided a customized iptables-restart tool which will filter out bad FQDNs and start up IPtables without the problematic entries.

    Be advised that whitelist entries created with PortKnocker are stored in RAM, not in your IPtables file. These RAM entries will get blown out of the water whenever your system is restarted OR if IPtables is restarted. Stated another way, PortKnocker should be used as a stopgap tool to get new IP addresses qualified quickly. If these addresses need access for more than a few hours, then the Travelin’ Man 3 tools should be used to add them to your IPtables whitelist. If your whitelist setup includes dynamic IP addresses, be aware that using ipchecker in a cron job to test for changing dynamic IP addresses will remove PortKnocker whitelist RAM entries whenever an IP address change triggers an iptables-restart.

    For more detail on Travelin’ Man 3, review our original tutorial.

    3. PortKnocker WhiteListing. We’ve previously written about PortKnocker so we won’t repeat the article here. Simply stated, it lets you knock on three ports on a host machine in the proper order to gain access. If you get the timing and sequence right, the IP address from which you knocked gets whitelisted for access to the server… with appropriate admin or root passwords, of course. The knocking can be accomplished with either a command line tool or an iOS or Android app using your smartphone or tablet. As noted above, it’s a terrific stopgap tool to let you or your users gain quick access to your server. For the reasons we’ve documented, don’t forget that it’s a stopgap tool. Don’t use it as a replacement for Travelin’ Man 3 whitelists unless you don’t plan to deploy dynamic IP address automatic updating. Just to repeat, PortKnocker whitelists get destroyed whenever IPtables is restarted or your server is rebooted. You’ve been warned.

    4. TM4 WhiteListing by Telephone. Newer releases of Incredible PBX are preconfigured with ODBC support for telephony applications. One worth mentioning is our new Travelin’ Man 4 utility which lets a remote user dial into a dedicated DID and register an IP address to be whitelisted on the server. Within a couple minutes, the user will be sent an email confirming that the IP address has been whitelisted and remote access is now enabled. For phone systems and administrators supporting hundreds of remote users, this new feature will be a welcome addition. It can be configured in a couple minutes by following the Installation instructions in the Travelin’ Man 4 tutorial. Unlike PortKnocker, whitelisted IP addresses added with TM4 are permanent until modified by the remote user or deleted by the administrator.

    5. Fail2Ban. We’ve never been a big fan of Fail2Ban which scans your logs and blacklists IP addresses after several failed attempts to log in or register with SSH or Apache or Asterisk. The reason is because of documented cases where attacks from powerful servers (think: Amazon) completely overpower a machine and delay execution of Fail2Ban log scanning until tens of thousands of registration attempts have been launched. The FreePBX folks are working on a methodology to move failed login attempts to a separate (smaller) log which would go a long way toward eliminating the log scanning bottleneck. In the the meantime, Fail2Ban is included, and it works when it works. But don’t count on it as your only security layer.

    6. Randomized Passwords. With the new security model described above, we’ve dispensed with Apache security to protect FreePBX® access. These new Incredible PBX releases rely upon the FreePBX security model which uses encrypted passwords stored in MySQL or MariaDB. As part of the installation process, Incredible PBX randomizes ALL FreePBX passwords including those for the default 701 extension as well as the admin password. When your new Incredible PBX install completes, the most important things to remember are your (randomized) FreePBX admin password AND the (randomized) 3 ports required for Port Knocker access. Put them in a safe place. Sooner or later, you’ll need them. You can review your PortKnocker settings in /root/knock.FAQ. We’ve also included admin-pw-change in the /root folder for those that are too lazy to heed our advice. With the new security model, there is no way to look up your admin password. All you can do is change it… assuming you haven’t also forgotten your root password. 😉

    7. Automatic Update Service. All new Incredible PBX builds include an automatic update service to provide security patches and bug fixes whenever you log into your server as root. It saved you just last week! If you don’t want the updates for some reason, you can delete the /root/update* file from your server. If the cost of maintaining this service becomes prohibitive, we may implement a pay-for-service fee, but it presently is supported by voluntary contributions from our users. It has worked extremely well and provided a vehicle for pushing out updates that affect the reliability and security of your server.

    A Word About IPv6. Sooner or later Internet Protocol version 6 will be upon us because of the exhaustion of IPv4 IP addresses. Incredible PBX is IPv6-aware and IPtables has been configured to support it as well. As deployed, outbound IPv6 is not restricted. Inbound access is limited to localhost. You, of course, are free to modify it in any way desired. Be advised that disabling IPv6 localhost inbound access will block access to the FreePBX GUI. Don’t ask us how we know. 🙂

    Originally published: Monday, April 18, 2016





    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    Chasing the Asterisk Rainbow: An Incredible PBX for Everyman… and Woman

    The one thing we’ve learned over the past decade is that everyone’s telecommunications needs are different. We began the Incredible PBX™ project by offering a script for PBX in a Flash™ that enhanced its functionality by adding three dozen applications for Asterisk® plus a rock-solid, preconfigured firewall. We expanded on that initial design by offering installers to support both Elastix® 4.0 and even the FreePBX® Distro and AsteriskNOW. But many asked for something more. Some wanted a turnkey install on inexpensive hardware so we now have a Raspberry Pi® 3 image that configures itself in under a minute. Others wanted and we provided an ISO image that could be loaded onto a USB thumb drive and used to install Incredible PBX on virtually any standalone hardware platform including the $200 Intel NUC. Then there were the enthusiasts that insisted upon virtual machines for virtually everything. So we built Incredible PBX images for Proxmox, and VirtualBox, and VMware. All of these builds could be set up about as quick as you can snap your fingers. Still others believed that all computing should be handled with Cloud-based servers. So we created a $10.50 solution for lifetime Cloud computing with CloudAtCost, a $5/month solution with Digital Ocean, and a $15/month rock-solid reliable PBX with RentPBX. Finally, there were operating system purists. Some preferred RedHat/CentOS/Scientific Linux while others swore by Debian or Ubuntu or Raspbian 8. So we added Incredible PBX builds for every conceivable operating system.

    What remained consistent through all of these Incredible PBX iterations was our absolute commitment to providing a secure computing environment out of the box with a feature set unmatched in both the open source and commercial PBX communities. But, of course, there is always someone that doesn’t want features and prefers a secure platform on which to build their own servers. We’ve even accommodated that request with the Lean, Mean Edition of Incredible PBX.

    So, today while we work on taxes, you can take a leisurely stroll through all of the available Incredible PBX links above and choose a platform that best meets your needs. Our other uncompromising feature is price. Incredible PBX is and always will be free with NoGotchas. If you’re still confused about choosing a favorite build, try our Decision Tree below. It’ll give you suggestions in less than a minute. Come join the party!



    Originally published: Monday, April 11, 2016





    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    TrueCNAM: A Breath of Fresh Air for CNAM Lookups and CallerID Superfecta



    It’s always nice to see your baby grow up. Nearly a decade ago, we introduced an AGI script for Asterisk@Home known as CallerID Trifecta for FreePBX® 2.2.0. As sources of CNAM lookups expanded, a number of other individuals contributed code to support those lookups. When we added a fourth CNAM lookup source, the original application morphed into CallerID Superfecta. Then we gave up. The source lookups became too numerous to mention much less name. But all of the original code still resided in a difficult-to-maintain PHP/AGI script.

    Tony Shiffer picked up the ball and converted the application into a FreePBX module which made it incredibly easy to add new providers and to configure the ones you wished to use. Then Jeremy Jacobs with help from other members of the PBX in a Flash™ Forum community released a real masterpiece, CallerID Superfecta 2.0. Thanks to the efforts of Lorne Gaetz and POSSA, CallerID Superfecta became a truly collaborative, open source project. The number of CNAM sources continued to expand with support for international sources around the world. Then came additional functionality to allow Asterisk® interfaces to XBMC, SqueezeBox, MythTV, and Growl among others. Finally, additions were added to assist in dealing with annoying SPAM calls. Even though CallerID Superfecta has continued to flourish, the number of free and almost free lookup sources particularly in the United States has dwindled as more and more providers cashed in to make their VoIP fortunes.

    Introducing TrueCNAM: The Spammer’s Worst Nightmare

    Today, we’re pleased to introduce a new CNAM service, TrueCNAM, that strikes what we believe is a fair balance between free and incredibly affordable commercial tiers with appeal to a broad cross-section of the VoIP community. In addition, James Finstrom has introduced a CallerID Superfecta module for TrueCNAM making it easy to implement and configure.

    What Do It Do? Let’s start with the basics for those just learning about CallerID. Ma Bell in her infinite wisdom designed a scheme for looking up a Caller Name (CNAM) to match a phone number whenever an incoming call arrived at your home or office. Instead of sending both the phone number and the CNAM down the wire, virtually all providers throw the CNAM portion of the CallerID sent by the calling party in the bit bucket. On the receiving end, the CallerID number is looked up in a proprietary directory to retrieve the matching CallerID name. The problem, of course, is gaining access to these proprietary directories which are maintained by various providers that make a tidy sum charging fees for access. What TrueCNAM does is to access data from carriers and service providers to retrieve a best match for the phone number that is presented. In addition, TrueCNAM has developed its own CNAM repository so that customers can enter names for unpublished numbers such as cellphones.

    In addition to CNAM lookups, TrueCNAM has another awesome feature. TrueCNAM adds a SPAM scoring mechanism called TrueSpam which assigns a numerical score (0-100%) assessing the likelihood that the incoming caller is a spammer. We’re not huge fans of blacklists because typically the bad guys are smarter than those managing the blacklist. But this is a new kind of “revolving blacklist.” TrueSpam scores can increase, decrease, or become “0” again in the future depending on the data-points seen for them over time. The data sources used for calculating TrueSpam scores include:

    • Live traffic flows from carriers, service providers, and end-users utilizing the service.
    • A network of hundreds of thousands of honeypot numbers primarily in North America. Honeypot numbers are telephone numbers that are not connected to an end-user that TrueSpam receives real-time data on. This helps identify many of the most infamous RoboCallers.
    • Feedback from end-users indicating a number is or is not spam.
    • Public and private complaint data feeds from multiple government agencies. Additional sources are actively being negotiated.
    • Other third-party sources found to be highly accurate.

    All of these sources then are aggregated and weighted via an algorithm to produce and update TrueSpam scores in real-time. Most importantly, telemarketing and robocalling numbers frequently are identified and scored within minutes of the first calls.

    We believe that coupling TrueSpam with CNAM lookups is a terrific addition particularly for business users. And some providers such as CallCentric have integrated TrueSpam reporting directly into their VoIP offerings to block robocalls. Hopefully, others will follow.

    TrueCNAM was kind enough to offer us a Business account so that we could more easily run TrueCNAM through its paces. In a word, it PASSED with flying colors. If you live in the United States, TrueCNAM will become your primary lookup tool based upon both functionality and cost. And Mr. Finstrom’s module for CallerID Superfecta makes TrueCNAM downright irresistible.

    Installing TrueCNAM with CallerID Superfecta

    There are any number of ways to integrate TrueCNAM into a VoIP server. The TrueCNAM web site will walk you through using the TrueCNAM API for those that are interested. For today, we’ll show you the easiest way to deploy it using an existing CallerID Superfecta module on any Incredible PBX™ or FreePBX server platform. Unless you’re using Incredible PBX, you may have to manually install the CallerID Superfecta module using Module Admin or GitHub. Once you’ve gotten that far, the next step is to add the TrueCNAM module to your CallerID Superfecta platform. This can be done from GitHub, or you can log into your server and issue the following commands:

    cd /
    wget http://incrediblepbx.com/TrueCNAM.tar.gz
    tar zxvf TrueCNAM.tar.gz
    rm -f TrueCNAM.tar.gz
    

    Establishing a TrueCNAM Account and Obtaining Credentials

    To get started, sign up for the Free account on the TrueCNAM site. Note that you’ll have to add a phone number to the TrueCNAM directory to take advantage of the free account, a small price to pay. 😉

    Once your account is established, log in with your credentials and choose MyAccount -> Account Settings -> API Keys. Click on the Add API Key button to generate your API credentials. Write them down. You’ll need them below. Now log out.

    Configuring TrueCNAM with CallerID Superfecta

    Once you have the TrueCNAM module installed and after you’ve set up your TrueCNAM account and obtained your credentials, fire up your favorite Incredible PBX or FreePBX GUI and choose Admin -> CID Superfecta -> Default. Now follow these steps to set up TrueCNAM with your credentials.

    (1) Find TrueCNAM in the listing of Superfecta modules and click the Enabled button.

    (2) Use the UP icon beside TrueCNAM to drag it up near the top priority slot for CallerID Superfecta. Personal directories should still take precedence.

    (3) Click on the TrueCNAM label to open the Settings menu for the Module and enter your APIkey and Password from your TrueCNAM registration.

    (4) Unless you know what you’re doing, leave TrueSPAM checked with the Threshold set at 80.

    (5) Click the Submit button to save your credentials.

    (6) Drop down to the end of Superfecta Template and (1) enable SPAM Interception, (2) change the SPAM Send Threshold from 3 to 1, and (3) choose a Destination for SPAM calls:

    (7) Click Agree and Save to store your Default Superfecta setup.

    Activating CallerID Superfecta for Desired Inbound Routes

    Both Incredible PBX and the FreePBX GUI manage CNAM lookups as part of the Inbound Route setup. If you have multiple inbound routes, then you have to enable CallerID Superfecta on each route on which you want it activated. It’s important to note that you do NOT want to activate a CID Lookup Source AND Superfecta CID Lookup on the same route! So the CNAM setup for each inbound route should look something like the following. Enjoy!

    Originally published: Monday, April 4, 2016





    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    Smartphone Trifecta: 2016’s Very Best Cellphones with Two Awesome Surprises


    Every year we try to check out the latest and greatest smartphones with emphasis on finding those that are the best fit with Asterisk®. So this year is really special because our three favorite new phones all come with a couple of surprises. First, monthly cellular service can be FREE on all of them! Second, all of the phone numbers associated with the three phones can be used as free SIP trunks with Incredible PBX™ or your favorite Asterisk server.

    If you’ve been following Nerd Vittles since early February of this year, then you already know that RingPlus, a Sprint MVNO, is the best bargain on the planet. Over the past six weeks of weekly specials from RingPlus, we’ve managed to update all of our free RingPlus accounts to either unlimited calling, texting, and 2GB of monthly data or 3,000 minutes of calling, 3,000 text messages, and 3GB of data. For anybody (except teenagers) that’s sufficient monthly capacity to do almost anything you’d like to do with a smartphone except stream movies all day.

    We initially showed how to take dirt cheap Boost Mobile and Virgin Mobile prepaid phones and repurpose them for use with RingPlus. Sprint apparently read our article as well because that loophole is going away on April 17. However, you still have time to find one and activate it on RingPlus following our previous tutorial. The only catch is that, if you ever deactivate it, you will lose the ability to reactivate it without first using it with Boost or Virgin for a full year. The landfills will be so happy with all these cellphone bricks because of Sprint’s latest attempt to shoot itself in the foot. We think there also are some legal issues that the FCC needs to address. These phones are sold as “contract-free” when, in fact, there is a very specific and undisclosed contractual requirement. If you don’t keep service with the provider for a year, your phone becomes a brick. In antitrust terminology, it’s called tying. And some would argue that it also constitutes false advertising. We plan to file a complaint and would urge all of our readers to do the same. Here’s a link.

    But enough about the Sprint mentality. It really is legendary, and it’s been the same for 20+ years. We doubt it will ever change unless the entire Sprint management team is replaced. So where do we go from here? Well we decided to upgrade most of our phones to the latest and greatest postpaid phones available, and we wanted to try out our 2016 favorites (pictured above). Here’s some really great news. Samsung’s new Galaxy S7 and S7 Edge as well as Apple’s new iPhone SE work swimmingly with RingPlus as long as you purchase the Sprint-branded models at full retail price from either Best Buy or an Apple Store. Sprint and Target will refuse to sell you one unless you activate it with Sprint in the store. You also can’t buy the Sprint-branded iPhones on line from Apple without activating Sprint service, but that restriction doesn’t apply if you visit an Apple Store.

    It took a week to chase down a Galaxy S7 and almost two weeks to find a Galaxy S7 Edge at a Best Buy store. Don’t believe the store inventory on their web site. Neither of the phones we purchased was shown as available at the locations where we bought them. So you’ll need to call or visit a store at least while the new Galaxy phones remain a scarce commodity. As for the iPhone SE, it went on sale at Apple Stores this morning at 10 a.m. At the Charleston store, I was third in line and both of the people in front of me also were buying the Sprint-branded iPhone SE to use with RingPlus. The Apple sales folks said they had never before seen a run on Sprint phones. Guess why?

    Here’s the drill. Purchase your favorite phone after you read our mini-reviews below. Don’t open the box just yet. Instead, look on the bottom of the box and decipher the IMEI/MEID of your phone. Immediately run that number through the RingPlus Device Checker to be sure it will work on the Sprint network using a RingPlus account. There shouldn’t be a problem with any of these three phones, and all of them come with a Sprint SIM card so you won’t have to worry about obtaining one from RingPlus. Some have reported that the Best Buy phones were locked. We can only surmise that the customer delayed activating the phone with RingPlus which gave Sprint time to block the serial number which Best Buy reported. If this happens to you, we are told that Sprint will unlock the phone once you provide proof that it was purchased at full retail price. If all else fails, Best Buy has a 14-day return policy. Remember, anything is possible when dealing with Sprint.

    Once your phone passes the compatibility check, sign up for a new free RingPlus plan. These plans change weekly and sometimes are only offered for a couple of hours so you may want to hold off on signing up until a deal comes along that meets your requirements. Update: There are a number of excellent promotions at the moment which run through April 5. Our previous article explained in detail how these free plans work. Switching plans typically is limited to those that buy into the annual Member+ program. You can read all about the plans and programs on the RingPlus Community Forum. If you already have a RingPlus account with a registered phone, you can swap out the phone with one of these three new ones for a one-time charge of $1.99. All you’ll need is your new MEID and ICC ID numbers. The entire phone swap only takes a minute or two. Once it’s complete, turn on your phone. The rest is automagic!

    Comparing the Phones. We don’t often glow about reviews, but the TechRadar review of the Galaxy S7 Edge is a must-read. There has never been a better phone than this one. And, only an inch behind it is the Galaxy S7 which bears an uncanny resemblance to the new iPhone SE except for its 50% larger screen size. We actually are more comfortable carrying the Galaxy S7 with its all-metal construction. For whatever reason, the S7 Edge always feels like its about a millisecond away from slipping out of your hand. You will most definitely want a case for the S7 Edge.

    In terms of performance and camera quality, the new Galaxy phones are in a league of their own. Here’s a photo hurriedly snapped through a restaurant window with our Galaxy S7 earlier this week. If you’ve ever tried to take sunset pictures with an iPhone or cheapo Android device, you’ll appreciate what a challenge these shots can be. We’ll annotate this article with an iPhone SE photo if and when the opportunity presents itself. The other good news with the new Galaxy phones is they are at least waterproof for a few minutes. If you live near the water, that will come as a welcome addition as well. Finally, Samsung has closed the gap with Apple’s iPhones on backing up and restoring everything on your phone. For years, this has been Apple’s best feature in our humble opinion. Now Samsung goes Apple one better. If you happen to have two Samsung devices that you want clone, simply choose Backup and Reset from Settings. Then Open Smart Switch on both devices and hold the two phones back to back. It’s that easy. Or you can opt for the more traditional restore method that works precisely as it does with an iPhone using the Samsung Cloud. For some additional tips and tricks, visit the PCMag.com site and watch the video “Exploring the Galaxy S7” which includes a number of comparisons with Apple iPhone devices including the iPhone SE. Enjoy!

    We previously covered the SIP setup for RingPlus devices using their WiFi Fluidcall feature. It provides a free SIP trunk for Asterisk at a cost of zero dollars. For the complete tutorial, take a look at the original article. Enjoy!

    Originally published: Thursday, March 31, 2016





    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    The Best of Both Worlds: Taking Incredible PBX from the Cloud to the Ocean

    We’ve spent a good bit of time documenting a dirt cheap way to learn about VoIP in the Cloud with our Incredible PBX offering using a $10.50 virtual machine at CloudAtCost. Is it production ready? Probably not. But we’re reminded of the old saying that pizza is a lot like sex: “When it’s good, it’s really good. And, when it’s bad, it’s still pretty good.” That pretty much sums up CloudAtCost. And it’s not like a one-time investment for the cost of a pizza lunch is going to break the bank.

    Today we turn our attention to a more reliable, long term Cloud solution with a fresh look at Incredible PBX with Digital Ocean. This setup runs about $5 a month after a free $10 trial using our referral link. If you continue to use the service, it also generates a little revenue for Nerd Vittles to keep the lights on.

    It’s been about two years since we first introduced the Digital Ocean platform. Back then, it was the experimental platform. But a lot has changed, and it’s all for the better. First, you get a Cloud Server on which you can create virtually any Linux platform you like including CentOS, Fedora, Debian, Ubuntu, and more. Second, you get your choice of seven datacenters all around the world: New York, San Francisco, Toronto, London, Frankfurt, Amsterdam, and Singapore. Third, you get enormous scalability. You can start with the $5/month flavor with 512MB of RAM and a single CPU, 20GB of SSD storage, and 1TB of bandwidth. As your requirements grow and with a couple clicks, you can scale up through 8 multiples of capacity to a whopping 64GB of RAM with 20 CPUs, 640GB of storage, and 9TB of bandwidth for less than a dollar an hour. Just make a Snapshot of any off-line Droplet, and then use that Snapshot as the image for your new server in lieu of a Linux Distribution.

    For our purposes today and for home and SOHO business users, the $5/month Digital Ocean platform is a perfect fit for both the CentOS 6.7 and Ubuntu 14.04 flavors of Incredible PBX. Once you’ve created your Digital Ocean Droplet with your choice of operating system, the Incredible PBX install procedure takes about 25 minutes. This includes the time necessary to compile and install the latest release of Asterisk® 13 from source code. When you’re finished, you’ll have a rock-solid PBX that is fully secured using the Linux firewall. For out-of-the-gate security, no other PBX comes close… at any price. Incredible PBX is and always will be pure open source GPL code and, of course, it’s FREE!

    Creating Your First Digital Ocean Droplet

    CentOS 6.7 remains our Gold Standard of Linux operating systems. We’ll start there and walk you through the Incredible PBX install procedure. Begin by signing up for a Digital Ocean account and creating a 512MB $5 droplet in your choice of data centers. Choose the CentOS 6.7 x32 platform just to keep things simple, and pick a hostname such as centos.incrediblepbx.com. It doesn’t matter if it is not resolvable, but it does need to be in FQDN format.

    By the way, you only pay for the time your droplet actually exists so build several and play for a couple hours. Your total cost will be about 5¢. And, as we noted, your first $10 of server charges are actually free. So you have nothing to lose by experimenting. If you make a mistake, delete your droplet and start over. No big deal. Once your droplet has been created, Digital Ocean will send you an email with your root user credentials and the IP address of your new server. Login with SSH or Putty, and you’ll be prompted to immediately change your root password. Make it secure… as if your bank account depended upon it. 😉

    Installing Incredible PBX 13 for CentOS 6.7

    Now we’re ready to begin the Incredible PBX install. It’s a two-step procedure. First, we’ll get CentOS up to date and reboot. Then we’ll kick off the actual install. Just cut-and-paste the following commands while logged into your droplet as root:

    setenforce 0
    yum -y upgrade --skip-broken
    yum -y install net-tools nano wget tar
    reboot
    

    Once your server reboots, login again as root and cut-and-paste the following commands. Take a 30-minute break while the installer does its thing. If you’re one that likes to watch, don’t worry if you see some error messages. They all get sorted out before the installation finishes.

    cd /root
    wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz
    tar zxvf incrediblepbx*
    ./create-swapfile-DO
    ./IncrediblePBX*
    reboot
    

    Let’s login to your server one more time to get the latest Incredible PBX updates and set up your passwords and time zone. Then you’ll be ready to handle future server admin using your browser:

    Make your root password very secure: passwd
    Create admin password for GUI access: /root/admin-pw-change
    Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin
    Set your correct time zone: /root/timezone-setup
    Make a copy of your Knock codes: cat /root/knock.FAQ
    Review current info about your server: status OR pbxstatus (depends on release)
    

    If you want to add fax support to your PBX, we’ve got one more installer to run, and you’ll be all set. Just run the following command and press the ENTER key each time you are prompted for input (about 21 times):

    cd /root
    ./incrediblefax11.sh
    

    Success!

    It’s a GUI, GUI World Out There

    Most management of Incredible PBX will be handled using your favorite browser and one of two GUIs: the Kennonsoft menu which appears when you access the IP address of your server using a browser AND the Incredible GUI which is available on the Admin page of the Kennonsoft menu.

    Choose Incredible GUI Administration from the Admin menu of the Kennonsoft GUI (shown above) by clicking on User to switch. The default username is admin and the password is what you set in the preceding step. Now edit extension 701 so you can decipher or change the randomized passwords that was assigned to the 701 extension and its voicemail account: Applications -> Extensions -> 701.

    Setting Up a Soft Phone to Use with Incredible PBX

    Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension
    701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension. Click OK.

    Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:


    DEMO - Allison's IVR Demo
    947 - Weather by ZIP Code
    951 - Yahoo News
    *61 - Time of Day
    *68 - Wakeup Call
    TODAY - Today in History

    Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to set up a free Google Voice account. Google has threatened to shut this down but as this is written, it still works. An update supporting Google Voice OAUTH 2 authentication is available here with a complete tutorial. Just start at step #1b. A better long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started. You’ll also find an incredible deal from our platinum sponsor, Vitelity, at the end of this article.

    Configuring Google Voice

    If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

    We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

    You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

    IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

    While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

    • Call ScreeningOFF
    • Call PresentationOFF
    • Caller ID (In)Display Caller’s Number
    • Caller ID (Out)Don’t Change Anything
    • Do Not DisturbOFF
    • Call Options (Enable Recording)OFF
    • Global Spam FilteringON

    Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

    One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

    Now you’re ready to set up your Google Voice trunk in the GUI. After logging in with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!

    IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

    If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.

    Troubleshooting Audio and DTMF Problems

    You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in the GUI: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

    A Few Words about the Incredible PBX Security Model for CentOS

    Incredible PBX for CentOS joins our previous Ubuntu build as our most secure turnkey PBX implementation. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. The latest release also includes Port Knocker for simple, secure access from any remote computer or smartphone. You can get up to speed on how the technology works by reading the Nerd Vittles tutorial. Your Port Knocker credentials are stored in /root/knock.FAQ together with activation instructions for your server and mobile devices. The NeoRouter VPN client also is included for rock-solid, secure connectivity to remote users. Read our previous tutorial for setup instructions. As configured, nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. You can whitelist additional IP addresses by running the command-line utility /root/add-ip. You can remove whitelisted IP addresses by running /root/del-acct. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking. We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. And it’s your phone bill. 😉

    The IPtables firewall is a complex piece of software. If you need assistance with configuring it, visit the PIAF Forum for some friendly assistance.

    Incredible Backup and Restore

    We’re also pleased to offer our latest backup and restore utilities for Incredible PBX. Running /root/incrediblebackup will create a backup image of your server in /tmp. This backup image then can be copied to any other medium desired for storage. To restore it to another Incredible PBX server, simply copy the image to a server running Asterisk 13 and the same version of the Incredible PBX GUI. Then run /root/incrediblerestore. Doesn’t get much simpler than that.

    Incredible PBX Automatic Update Utility

    Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along.

    In the meantime, we encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie.

    Originally published: Thursday, March 17, 2016


    Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.






    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…