Posts tagged: iax

Midnight Madness: Introducing Incredible PBX 12 with Asterisk 12 and FreePBX

The number “12” always has held mystical prominence in our culture and so it is with Asterisk®. Just over 12 months ago, Digium first introduced Asterisk 12 at AstriCon in Atlanta and heralded a major change in the direction of the product. It was more than a wholesale revamping of the Asterisk feature set. There was a revolutionary new development methodology thanks to the untiring efforts of Matt Jordan and his incredibly talented development team. Unlike Asterisk releases of old, there were no serious breakages in existing applications and, where there were changes, they were carefully documented for all the world to see. Thank you, Matt & Co.

The release of Asterisk 12 also set in motion the development of FreePBX® 12 by the equally talented FreePBX Dev Team. What began as an effort simply to integrate all of the new components in Asterisk 12 quickly evolved into a major rewrite of the graphical user interface for Asterisk, no small feat given its history of starts and stops spanning nearly a decade of development. Just last week, FreePBX 12 was pronounced stable and production ready. If you thought Asterisk 12 was revolutionary, just wait until you try FreePBX 12. Simply amazing work by the FreePBX Development Team. Thank you.

While PBX in a Flash has offered a preview edition of Asterisk 12 and FreePBX 12 for quite a while, we’ve held off releasing the stand-alone Incredible PBX 12 for a number of reasons. First and foremost, we wanted Incredible PBX 12 to remain pure open source to point the way for others that want to enhance Asterisk 12 and FreePBX 12. Second, there were more than a few rough edges with both products that simply needed some time to evolve. The one year anniversary of Asterisk 12 and the stable release of FreePBX 12 seemed a fitting occasion to add our turnkey implementation of Incredible PBX to the mix.

The real beauty of Incredible PBX: there is no smoke and there are no mirrors. What you see is what you get. You begin with a base install of the Linux operating system. And then the open source Incredible PBX installer adds all of the pieces to integrate air-tight security with Asterisk 12, FreePBX 12, text-to-speech technology and dozens of applications for Asterisk into a seamless platform for either experimentation or production use. You can review the source code and embellish it as you see fit! Protecting your deployment is the IPtables firewall with a WhiteList for authorized user access coupled with Fail2Ban to monitor access attempts. This isn’t merely a security toolkit. Your server is actually locked down from the moment you complete the Incredible PBX install. Authorizing additional users is accomplished using simple administrator scripts. Or end-users can employ PortKnocker and Travelin’ Man 4 to simplify remote access. Automatic updates for security fixes and enhancements are an integral component of Incredible PBX. If the security alerts of the past month haven’t convinced you that updates are critically important, you probably should stop hosting your own PBX. Backups and restores also are simple. And the complete open source feature set of both Asterisk and FreePBX is activated to facilitate your development efforts. In short, you gain nothing by installing the individual components yourself, and you may lose a lot. With Incredible PBX, the heavy lifting has all been done for you with documented, open source code that makes it simple to add your own tweaks as desired. That’s what open source is all about!

We’ve chosen Ubuntu 14.04 as the platform on which to begin the Incredible PBX 12 adventure. More releases will follow in due course. But Ubuntu 14.04 is an extremely stable and well-supported LTS release of Linux that warrants a careful look. After all, the primary objective here is a stable telephony platform. The Ubuntu 14.04 LTS platform offers that in spades.

Building an Ubuntu 14.04 Platform for Incredible PBX 12

As a result of the trademark and copyright morass, we’ve steered away from the bundled operating system in favor of a methodology that relies upon you to put in place the operating system platform on which to run PBX in a Flash or Incredible PBX. The good news is it’s easy! With many cloud-based providers1, you can simply click a button to choose your favorite OS flavor and within minutes, you’re ready to go. With many virtual machine platforms such as VirtualBox, it’s equally simple to find a pre-built Ubuntu 14.04 image or roll your own.

If you’re new to VoIP or to Nerd Vittles, here’s our best piece of advice. Don’t take our word for anything! Try it for yourself in the Cloud! You can build an Ubuntu 14.04 image on Digital Ocean in under one minute and install Incredible PBX 12 for Ubuntu 14.04 in under 30 minutes. Then try it out for two full months. It won’t cost you a dime. Use our referral link to sign up for an account. Enter a valid credit card to verify you’re who you say you are. Create an Ubuntu 14.04 (not 14.10!) 512MB droplet of the cheapest flavor ($5/mo.). Go to the Billing section of the site, and enter the following promo code: UBUNTUDROPLET. That’s all there is to it. A $10 credit will be added to your account, and you can play to your heart’s content. Delete droplets, add droplets, and enjoy the free ride!

For today, we’ll walk you through building your own stand-alone server using the Ubuntu 14.04 mini.iso. If you’re using Digital Ocean in the Cloud, skip down to Installing Incredible PBX 12. If you’re using your own hardware, to get started, download the 32-bit or 64-bit Ubuntu 14.04 “Trusty Tahr” Minimal ISO from here. Then burn it to a CD/DVD or thumb drive and boot your dedicated server from the image. Remember, you’ll be reformatting the drive in your server so pick a machine you don’t need for other purposes.

For those that would prefer to build your Ubuntu 14.04 Wonder Machine using VirtualBox on any Windows, Mac, or existing Linux Desktop, here are the simple steps. Create a new virtual machine specifying either the 32-bit or 64-bit version of Ubuntu. Allocate 1024MB of RAM (512MB also works fine!) and at least 20GB of disk space using the default hard drive setup in all three steps. In Settings, click System and check Enable I/O APIC and uncheck Hardware Clock in UTC Time. Click Audio and Specify then Enable your sound card. Click Network and Enable Network Adapter for Adapter 1 and choose Bridged Adapter. Finally, in Storage, add the Ubuntu 14.04 mini.iso to your VirtualBox Storage Tree as shown below. Then click OK and start up your new virtual machine. Simple!

Here are the steps to get Ubuntu 14.04 humming on your new server or virtual machine once you’ve booted up. If you can bake cookies from a recipe, you can do this:

UBUNTU mini.iso install:
Choose language
Choose timezone
Detect keyboard
Hostname: incrediblepbx < continue >
Choose mirror for downloads
Confirm archive mirror
Leave proxy blank unless you need it
< continue >
** couple minutes of whirring as initial components are loaded **
New user name: incredible
< continue >
Account username: incredible
< continue >
Account password: makeitsecure
< continue >
Encrypt home directory < no >
Confirm time zone < yes >
Partition disks: Guided - use entire disk and set up LVM
Confirm disk to partition
Write changes to disks and configure LVM
Whole volume? < continue>
Write changes to disks < yes> < -- last chance to preserve your disk drive!
** about 15 minutes of whirring during base system install ** < no touchy anything>
** another 5 minutes of whirring during base software install ** < no touchy anything>
Upgrades? Install security updates automatically
** another 5 minutes of whirring during more software installs ** < no touchy anything>
Software selection: *Basic Ubuntu server (only!)
** another couple minutes of whirring during software installs ** < no touchy anything>
Grub boot loader: < yes>
UTC for system clock: < no>
Installation complete: < continue> after removing installation media
** on VirtualBox, PowerOff after reboot and remove [-] mini.iso from Storage Tree & restart VM
login as user: incredible
** enter user incredible's password **
sudo passwd
** enter incredible password again and then create secure root user password **
su root
** enter root password **
apt-get update
apt-get install ssh -y
sed -i 's|without-password|yes|' /etc/ssh/sshd_config
sed -i 's|yes"|without-password"|' /etc/ssh/sshd_config
ifconfig
** write down the IP address of your server from ifconfig results
reboot
** login via SSH to continue **

Installing Incredible PBX 12 on Your Ubuntu 14.04 Server

Adding Incredible PBX 12 to a running Ubuntu 14.04 server is a walk in the park. To restate the obvious, your server needs a reliable Internet connection to proceed. Using SSH (or Putty on a Windows machine), log into your new server as root at the IP address you deciphered in the ifconfig step at the end of the Ubuntu install procedure above.

WARNING: If you’re using a 512MB droplet at Digital Ocean, be advised that their Ubuntu setup does NOT include a swap file. This may cause serious problems when you run out of RAM. Uncomment ./create-swapfile-DO line below to create a 1GB swap file which will be activated whenever you exceed 90% RAM usage on Digital Ocean.

Now let’s begin the Incredible PBX 12 install. Log back in as root and issue the following commands:

cd /root
wget http://incrediblepbx.com/incrediblepbx12.tar.gz
tar zxvf incrediblepbx12.tar.gz
rm incrediblepbx12.tar.gz
#./create-swapfile-DO
./IncrediblePBX12.sh

The installer will first upgrade your Ubuntu 14.04 build to the latest modules. Then it will reboot. Rerun the installer again to kick off the Incredible PBX 12 installation process. Once you have agreed to the license agreement and terms of use, press Enter and go have a 30-minute cup of coffee. The Incredible PBX 12 installer runs unattended so find something to do for a bit unless you just like watching code compile. When you see “Have a nice day”, your installation is complete. Write down your your three “knock” ports for PortKnocker. You can retrieve your PortKnocker setup like this: cat /root/knock.FAQ. Next, set your admin password for FreePBX 12 by running /root/admin-pw-change. Set your correct time zone by running /root/timezone-setup.

Log out and back in as root and the automatic update utility will bring your system current with security fixes and enhancements. Then you will be greeted with a status display shown at the top of this article.

You can access the Asterisk 12 CLI by typing: asterisk -rvvvvvvvvvv

You can access the FreePBX 12 GUI using your favorite web browser to configure your server. Just enter the IP address shown in the status display. The default username is admin with the admin password you set up above. If desired, you also can change it in FreePBX Administration by clicking Admin -> Administrators -> admin. Enter a new password and click Submit Changes then Apply Config. Now edit extension 701 so you can figure out (or change) the randomized passwords that were set up for default 701 extension and voicemail: Applications -> Extensions -> 701.

Setting Up a Soft Phone to Use with Incredible PBX

Now you’re ready to set up a telephone so that you can play with Incredible PBX 12. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

123 - Reminders
222 - ODBC Demo (use acct: 12345)
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History

Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to use an existing (free) Google Voice account. Google has threatened to shut this down but as this is written, it still works with previously set up Google Voice accounts. The more desirable long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX 12. If you want to use the inbound fax capabilities of Incredible Fax, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using FreePBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Google Voice account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Use a previously configured and dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX 12.

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you’re probably out of luck. Google has disabled the option in newly created accounts as well as some old ones that had Google Chat disabled. Now go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to set up your Google Voice trunk in FreePBX 12. After logging into FreePBX with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. If you want unanswered calls to be routed to Google Voice for transcription, check the box. Be advised that IVR calls typically are not “answered” so check that box as well if you plan to use an IVR to respond to incoming Google Voice calls.

IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems.

Troubleshooting Audio and DTMF Problems

You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in FreePBX: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

Adding Speech Recognition to Incredible PBX 12

To support many of our applications, Incredible PBX has included Google’s speech recognition service for years. These applications include Weather Reports by City (949), AsteriDex Voice Dialing by Name (411), and Wolfram Alpha for Asterisk (4747), all of which use Lefteris Zafiris’ terrific speech-recog AGI script. Unfortunately (for some), Google now has tightened up the terms of use for their free speech recognition service. Now you can only use it for “personal and development use.” If you meet those criteria, keep reading. Here’s how to activate speech recognition on Incredible PBX. Don’t skip any steps!

1. Using an existing Google/Gmail account to join the Chrome-Dev Group.

2. Using the same account, create a new Speech Recognition Project.

3. Click on your newly created project and choose APIs & auth.

4. Turn ON Speech API by clicking on its Status button in the far right margin.

5. Click on Credentials in APIs & auth and choose Create New Key -> Server key. Leave the IP address restriction blank!

6. Write down your new API key or copy it to the clipboard.

7. Log into your server as root and issue the following commands:

# for Ubuntu and Debian platforms
apt-get clean
apt-get install libjson-perl flac -y
# for RedHat and CentOS platforms
# yum -y install perl-JSON
# for all Linux platforms
cd /var/lib/asterisk/agi-bin
mv speech-recog.agi speech-recog.last.agi
wget --no-check-certificate https://raw.githubusercontent.com/zaf/asterisk-speech-recog/master/speech-recog.agi
chown asterisk:asterisk speech*
chmod 775 speech*
nano -w speech-recog.agi

8. When the nano editor opens, go to line 70 of speech-recog.agi: my $key = "". Insert your API key from Step #6 above between the quotation marks and save the file: Ctrl-X, Y, then Enter.

Now you’re ready to try out the speech recognition apps. Dial 949 and say the name of a city and state/province/country to get a current weather forecast from Yahoo. Dial 411 and say “American Airlines” to be connected to American.

To use Wolfram Alpha by phone, you first must install it. Obtain your free Wolfram Alpha APP-ID here. Then run the one-click installer: /root/wolfram/wolframalpha-oneclick.sh. Insert your APP-ID when prompted. Now dial 4747 to access Wolfram Alpha by phone and enter your query, e.g. “What planes are overhead.” Read the Nerd Vittles tutorial for additional examples and tips.

A Few Words about the Incredible PBX 12 Security Model for Ubuntu

Incredible PBX 12 for Ubuntu 14.04 is an extremely secure turnkey PBX implementation. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. As installed, nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. Incredible PBX 12 is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking.

You can whitelist additional IP addresses for remote access in several ways. First, you can use the command-line utilities: /root/add-ip and /root/add-fqdn. You can also remove whitelisted IP addresses by running /root/del-acct. Second, you can dial into extension 864 (or use a DID pointed to extension 864 aka TM4) and enter an IP address to whitelist. Before Travelin’ Man 4 will work, you’ll need to add credentials for each caller using the tools in /root/tm4. You must add at least one account before dial-in whitelisting will be enabled. Third, you can temporarily whitelist an IP address by successfully executing the PortKnocker 3-knock code established for your server. You’ll find the details and the codes in /root/knock.FAQ. Be advised that IP addresses whitelisted with PortKnocker (only!) go away whenever your server is rebooted or the IPtables firewall is restarted. For further information on the PortKnocker technology and available clients for iOS and Android devices, review the Nerd Vittles tutorial.

HINT: The reason that storing your PortKnocker codes in a safe place is essential is because it may be your only available way to gain access to your server if your IP address changes. You obviously can’t use the command-line tools to whitelist a new IP address if you cannot gain access to your server at the new IP address.

We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. If you use a hardware-based firewall, be sure to map the three PortKnocker ports to the internal IP address of your server!

The NeoRouter VPN client also is included for rock-solid, secure connectivity for remote users. Read our previous tutorial for setup instructions.

As one would expect, the IPtables firewall is a complex piece of software. If you need assistance configuring it, visit the PIAF Forum for some friendly assistance.

Incredible Backup and Restore

We’re pleased to introduce our latest backup and restore utilities for Incredible PBX. Running /root/incrediblebackup will create a backup image of your server in /tmp. This backup image then can be copied to any other medium desired for storage. To restore it to another Incredible PBX 12 server, simply copy the image to a server running Asterisk 12 and FreePBX 12 and run /root/incrediblerestore. Doesn’t get much simpler than that.

A Word About FreePBX Module Signatures

FreePBX 12 has implemented a new checksum mechanism to assure that FreePBX-developed modules are intact. As of this writing, there is not yet a procedure in place to register non-FreePBX modules and check their validity. Because Incredible PBX adds a number of unsigned modules, you will need to change Enable Module Signature Checking to False in Advanced Settings from time to time until we get this sorted out with the FreePBX Development Team. Otherwise, you will get an ugly message in System Status alerting you to the fact that a number of modules are not signed. The default Incredible PBX install has signature checking disabled. Don’t be alarmed if it changes after adding new FreePBX modules or updates. The affected Incredible PBX modules include AsteriDex, ConfigEdit, Reminders, SysInfo, and phpMyAdmin. If other modules (other than ODBC configuration files) show invalid or missing signatures, you should do some investigating promptly! Otherwise, simply disable signature checking again, and all will be well. You will need to do this if you install Incredible Fax in the next step.

Adding Incredible Fax to Your Server

Once you’ve completed the Incredible PBX install, log out and log back in to load the latest automatic updates. Then reboot. Now you’re ready to continue your adventure by installing Incredible Fax for Ubuntu. Special thanks to Josh North for all his hard work on this!

cd /root
./incrediblefax11_ubuntu14.sh

Just plug in your email address for delivery of your incoming faxes in PDF format. Then accept all of the defaults during the installation process. Once you complete the install, reboot your server. Then log in as root again and set your AvantFax admin password: /root/avantfax-pw-change. Now you can access both FreePBX 12 and AvantFax by pointing your browser to the IP address of your server. Please note that we’ve had problems logging into AvantFax with some versions of the Chrome browser. Works great with Firefox!

Next, log into FreePBX and set an Inbound Route for incoming faxes to Custom Destination: Fax (hylafax). Then try sending a fax to the phone number and be sure it arrives in your email.

You also can try enabling fax detection with any Google Voice number. Just edit the inbound route for the DID and make it look like this:

Incredible PBX 12 Automatic Update Utility

Every time you log into your server as root, Incredible PBX 12 will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along (again).

Where To Go Next?

Once you get Incredible PBX installed, you’ll want to read up on the dozens of applications for Asterisk which are included in the Incredible PBX feature set. We’ve previously covered this in a separate article for the Raspberry Pi platform, but the applications are the same. Here’s a link to the tutorials.

You can follow updates to Incredible PBX 12 in this thread on the PIAF Forum.

We would also encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie. Come join us!

Originally published: Monday, November 3, 2014


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. With some providers including ones linked in this article, Nerd Vittles receives referral fees which assist in keeping the Nerd Vittles lights burning brightly. []

VoIP Softphone Shootout for iPhone, iPad, & iPod Touch

We interrupt our Incredible PBX coverage this week to bring you a summer roundup of the best and worst VoIP softphones for use with an iPhone, iPad, or iPod Touch in conjunction with Asterisk®. We’ve tested all of these products with Asterisk sitting behind a NAT-based firewall/router which introduces some additional wrinkles unless your softphone and server are connected through a virtual private network. We’ll leave the VPN discussion for another day. None of these products has native support for the iPad although all will work with any iPad as will any standard iPhone app in either 1X or 2X mode.

The three four products we’ll be evaluating are Acrobits SIP Softphone, the WiFone from Snizmo.com Ltd., the Media5-fone, and CounterPath’s just-released Bria softphone. All support SIP dialing, and the WiFone provides IAX connectivity as well. We were a bit surprised that, despite their reliance on SIP to connect calls, SIP URI support was minimal to non-existent in all but the Bria product. Before diving into the individual products, we should note that, in conjunction with our product evaluations, we received no compensation or discounted/free software from any source. We are a beta site for CounterPath’s next Bria release.

Acrobits Softphone. The Acrobits Softphone requires iPhone OS 3.0 or later and was recently updated on June 3, 2010. The softphone only supports SIP but works with both WiFi and 3G connections which makes it a perfect complement to current generation iPhones as well as the iPad-3G. The softphone also supports push notifications for inbound calls until multitasking is available with iOS 4.0. Multiple SIP accounts can be registered, and the softphone has SIP proxy, VPN, and STUN server support, a must with Asterisk sitting behind most NAT-based routers. G.711, GSM, and iLBC audio codecs are supported in the standard configuration, and we experienced excellent call quality using WiFi with no DTMF issues. As with all of these VoIP phones, 3G call quality was all over the map depending upon the reliability of your nearest cell tower. SIP URI’s can be called by cutting-and-pasting dial strings from entries in the Contacts list email address fields provided the SIP URI destination name is numeric. Quirky but it works. There’s also a speed dial feature for your 12 favorite contacts. Flexible dial strings are supported to smooth the path for international calling. With iOS 3.1, a bluetooth headset can also be used. The application sells for $7.99 in the App Store, and G.729 support can be added for an additional $9.99. G.729 is a must-have if you’ll be using a 3G network for most of your VoIP calls.

While call quality is obviously subjective, the Acrobits Softphone was our personal favorite for daily use. We routinely use it on an iPad to check Asterisk voicemails and to make outbound calls through our home Asterisk server while traveling. Setup is as simple as entering the IP address or FQDN1 of your Asterisk server and an extension number and password to handle the calls. We added a public STUN server entry because of our NAT-based Asterisk setup.

Snizmo’s WiFone. A very close runner-up in voice quality was the WiFone from Snizmo.com Ltd. This softphone has the added advantage of supporting both SIP and IAX2 connections to Asterisk. If security and ease of use matter most to you, then you can’t go wrong with this softphone. IAX2 connections are much less vulnerable to attack from the Internet and are considerably easier to configure because of the elimination of thorny NAT issues. If we had found this softphone first, we probably would have looked no further. As you can see from the screenshot, this softphone supports multiple SIP and IAX connections and is easily set up using the configuration menu. For our European friends, it also supports SMS using a dozen different providers. Echo cancellation and STUN support are available, and G.711 and GSM codecs can be individually configured for SIP and IAX connections. An Outbound Proxy is also available as well as support for international dial strings and prefixes if you need it.

For SIP accounts, simply provide the server address, a username, and password. Authorization name, SIP port, and proxy server settings are optional. For IAX accounts, server address, username, and password are the only required entries. Each account can be toggled ON and OFF to meet your individual requirements. SMS Settings provides a listing of a dozen SMS providers. Simply add your username, password, and a CallerID and SMS just works. The contacts list also synchronizes with your Mac Address Book as well as MobileMe. The call quality of both SIP and IAX connections using WiFi was excellent. 3G support is not yet available. The web-based tutorial is excellent, and the application is available in the App Store for $6.99. An international version also is available.

We could not get the SIP URI functionality to work because the Contacts list phone numbers do not support SIP URI syntax, and there’s no way to manually enter or cut-and-paste a dial string from an email address in the Contacts list. While the polish of the application was not quite up to the Acrobits Softphone, the call quality was uniformly excellent with the SIP URI limitation that we’ve noted.

Media5-fone. Our final softphone in today’s roundup is Media5-fone from Media5 Corporation. It can be downloaded from the App Store for $4.99. While the application is exclusively a SIP phone, it does have preconfigured setups for dozens of providers in the event your requirements extend beyond the Asterisk universe. Unfortunately, there is no STUN support in the current version which makes it unsuitable for use with Asterisk implementations that sit behind NAT-based routers. Multiple SIP connections are supported as are second call, call waiting, and call toggle. In the current version, both SIP over WiFi and 3G are supported using iLBC, G.711, Enhanced G.711, G.722, and iSAC codecs. SIP Info, RFC 2833, and RTP Inband DTMF methods are configurable for each SIP account. Dialing prefixes are flexible and the phone has language support for English, Arabic, French, German, Italian and Spanish which facilitates international use. The phone also includes a nice implementation of visual voicemail; however, the SIP password and voicemail password would have to be the same to function properly with Asterisk. Automatic gain control and echo cancellation also are supported. With the addition of STUN and SIP URI support, Media5-fone would be a worthy competitor.

Update: CounterPath’s Bria. As luck would have it, CounterPath released their new Bria softphone for the iPhone today. It also is iPod Touch and iPad-compatible and supports both WiFi and 3G. The softphone is available at an introductory price of $3.99 in the App Store. It’s the best bargain in the softphone market. G.729 support can be added for an additional $8.99. G.722 wideband support reportedly is coming in August. You may recall CounterPath’s terrific and free X-Lite offerings for Windows, Macs, and Linux. They’ve been one of our favorite developers ever since, and we are actually serving as a beta tester for their next release. As usual, the Bria interface offers what is hands-down the best UI in the business. The voice quality of the calls is impeccable. Our only criticism is that out-of-the-box, Bria doesn’t work for placing outbound calls with Asterisk. Registration of credentials works fine, inbound calling works great, but outbound calls to either an extension, a phone number in the Address Book, or a SIP URI all just hang with no error message or notation in the log. Only after tracing down an obscure link on their web site did we discover the problem. It turns out that one simple change of a single default setting gets things working as they should. To make the change to support Asterisk, click Settings, Advanced Settings, Network Traversal Strategy, User Specified. Then change ICE:ON to ICE:OFF. Click the Advanced button, and then Apply Changes. Aside from this one default configuration glitch, the Bria softphone would be our Editor’s Choice. We highly recommend you make your purchase while the softphone still is available at the introductory price. For an excellent review, see Alec Saunder’s Blog today.




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. FQDN = Fully-Qualified Domain Name []

The Incredible PBX: Adding Remotes, Preserving Security

Unlike most Asterisk®-based PBXs which are insecure as installed and leave it to you to implement sufficient safeguards to preserve the integrity of your system, the Incredible PBX is delivered with rock-solid, air-tight security already in place. Because it is designed to operate behind a hardware- based firewall, what you'll be doing when you want to add functionality with the Incredible PBX is loosening security rather than tightening it. The trick, of course, is to do it in a way that doesn't compromise the overall integrity of your system. As delivered, the Incredible PBX relies upon four layers of network security: a hardware-based firewall of your choice1, a preconfigured IPtables software-based Linux firewall, preconfigured Fail2Ban to monitor your logs for suspicious activity and to block specific IP addresses when abuse is detected, and random passwords for all extensions and DISA connections.

If you installed the Incredible PBX using SIPgate as the intermediate provider with Google Voice, then your hardware-based firewall should have no ports opened and forwarded to your server. If you used IPkall, then only UDP 4569 has been opened and forwarded to your server. And the Incredible PBX IPtables setup for IAX restricts access to just a few IP addresses to support IPkall.

There are obviously situations in which you will want or need additional connectivity. The most likely one involves activation of SIP telephones at remote locations, such as a branch office, or Grandma's house or a relative in college. The other obvious use is with cellphones and PDAs that support SIP clients such as Android phones, iPhones, and iPads.2

What we'd recommend you not do is open the SIP floodgate to your PBX by providing unrestricted inbound SIP access, but we'll show you how if you really want or need this functionality. As desirable as this can be, it is accompanied by an array of security issues that really are not worth the risks unless you know what you're doing and you're willing to stay on top of security updates and keep your system patched.

Let's first tackle how to provide limited inbound SIP functionality without selling the farm. If the remote site has a fixed IP address, the procedure to allow remote access to your server is fairly straight-forward: just map the SIP ports on the hardware-based firewall to your server (UDP 5000:5082 and UDP 10000:20000) and then restrict SIP access using IPtables to the remote IP address as well as the subnet of your private LAN. You can decipher your private subnet by running status. If your server's IP address is 192.168.0.123, then your private subnet would be 192.168.0.0. The IPtables firewall settings are stored in /etc/sysconfig/iptables. Edit that file and find the line that looks like this:

-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT

Delete or comment out this entry with a leading # and insert new entries that look like the following using the public IP address(es) you wish to add plus the private subnet:

-A INPUT -p udp -m udp -s 141.146.20.10 --dport 5000:5082 -j ACCEPT
-A INPUT -p udp -m udp -s 141.146.20.11 --dport 5000:5082 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/255.255.0.0 --dport 5000:5082 -j ACCEPT


After making the changes, save the file: Ctrl-X, Y, then Enter. Then restart IPtables: service iptables restart.

Unfortunately, in many situations, the remote phone or cellphone uses an Internet connection with a dynamic IP address. So we don't know the actual IP address that will be assigned. There are a number of solutions to this problem, and we'll rank them in our order of preference. First, spend the $200 and install another Incredible PBX at the remote site. Then the two servers can be linked with IAX connections between the servers making connectivity between the systems totally transparent. Second, install VPN routers at both sites and use a private IP address to establish connectivity with the host system. In this situation, you will have the equivalent of a fixed IP address for the remote device which makes it the equivalent of the fixed IP address solution above. Third, install OpenVPN on your host system and purchase a SIP phone or cellphone that supports VPN connectivity. Most of the high-end SNOM SIP phones have this functionality as do Android phones, iPhones, and iPads. With this setup you also have the equivalent of a fixed IP address, even though it's on a virtual private network. Fourth, talk to the Internet service provider at your remote site and obtain the range of IP addresses that DHCP hands out to those using their services... or just make an educated guess.3

BEFORE Activating Full SIP Connectivity. OK. We hear you. You travel for a living, and the IP address of your cellphone changes hourly, all day, every day of the year. Then, yes, you are a candidate for a full-fledged Asterisk server with unlimited SIP access. Before covering how, let's review what responsibilities go with running such a server. Bear in mind that one compromised SIP password or otherwise vulnerable application on your server (including Asterisk, FreePBX, SSH, and hundreds of others), and you may very well be the proud owner of a whopping phone bill. And we're not talking hundreds of dollars. It could very well be tens of thousands of dollars. And it doesn't take weeks or months. It could be a few hours.

Baker's Dozen SIP Security Checklist

1. Keep Asterisk Current & Patched
2. Keep FreePBX Current & Patched
3. Make Frequent Backups
4. Visit PBX in a Flash Forums Regularly
5. Subscribe to PBX in a Flash RSS Feed
6. Secure Alphanumeric Extension Passwords
7. Secure DISA, VMail, Root, FreePBX Passwords
8. Lock Down Extensions with Deny/Permit
9. Turn Off Recurring Payments with Providers
10. Restrict Trunks to 1-2 Simultaneous Calls
11. Tighten Dialplan by Removing Wildcards
12. Eliminate Intl & Toll Calls With Providers
13. Check FreePBX Call Logs Daily for Abuse

Baker's Dozen SIP Security Checklist. Before opening the floodgates, let's review what you need to do. First, you'll need to run the very latest version of Asterisk... all the time. This means you need to monitor asterisk.org, and keep your system up to date by running update-scripts, update-source, and update-fixes regularly. The default version of Asterisk on current PBX in a Flash and Incredible PBX builds is extremely reliable, but it contains SIP and IAX vulnerabilities which should not be exposed directly to the Internet! Second, you need to run the latest version of FreePBX and apply all patches as they are released. Third, you need to make frequent backups appreciating that sometimes the Asterisk and FreePBX developers get things horribly wrong, and stuff that used to work no longer does. Believe it or not, they're human! Fourth, you need to visit the PBX in a Flash Forums daily and keep abreast of security alerts and bug reports on CentOS, Asterisk, and FreePBX. Fifth, you need to subscribe to the PBX in a Flash RSS Feed which provides regular security alerts when there are reported problems. Sixth, you need to really secure your extension passwords with very long, complex alphanumeric passwords. Ditto for your root and FreePBX passwords! Seventh, for DISA and voicemail, these passwords need to be numeric, complex, and extra long. Eighth, you need to lock down as many of your extensions as possible with deny/permit settings to restrict the IP addresses of those extensions. If you only have one or two remote SIP extensions with dynamic IP addresses, then all of the rest should have deny/permit entries! Ninth, turn off recurring payments with all of your telephony providers and keep minimal funds available in all of your accounts. This means you'll have to monitor these accounts to make sure they are not deactivated for lack of funds. Tenth, restrict all of your trunks to one or at most two simultaneous calls to reduce your call exposure in the event someone breaks into your system. Eleventh, tighten up your Trunk Dial Rules and eliminate any entries that would permit calls to anywhere in the world! If you don't regularly make international calls, there's absolutely no reason to have such entries in your dialplan. If you still have Ma Bell PSTN lines, this is even more important. In fact, consider eliminating long distance access to all of these trunks. Twelfth, where possible, configure your provider accounts to eliminate international and toll calls of all varieties. Finally, check your FreePBX call log every day to make certain no one is making calls on your nickel.

If you are unwilling or unable to perform these Baker's Dozen steps while continuing to monitor the sites provided and recheck your setup regularly (at least every week), don't activate unrestricted SIP access to your server.

Other Options. Consider using an intermediate provider such as voip.ms to provide SIP URI access to your server. Keep in mind that having a registered connection between your server and a VoIP provider alleviates the need to punch a hole in your firewall. So the idea here is to sign up for an inexpensive voip.ms account and set up the trunk connection with your server as either an IAX or SIP account with an always-on connection. Then voip.ms gives you the option of activating a SIP URI as part of a subaccount setup. Just create an internal extension on their server, and this will generate a SIP URI, e.g. 123456666@sip.us4.voip.ms where 12345 is your voip.ms account number and 6666 is the internal extension you created. This lets you connect directly with your server through the SIP URI from anywhere once you map this subaccount to an extension or IVR on your server. The charge for SIP URI calls is only $.001 per minute. The last step is to use this SIP URI in your remote SIP phone to connect back to your server. You can take advantage of the full range of Asterisk functions once these calls reach your server including IVRs and DISA. The approach is not only simple to implement, but it's also safe and economical.

There are some other alternatives as well. Use something like Google Voice or Ooma to redirect calls to your cellphone when you're traveling. Or buy an Ooma for Grandma or a MagicJack for Joe College. These options also are safe, secure, and quite inexpensive.

Just Released: Remote Phone Meets Travelin' Man

Activating Inbound SIP on Your Server. If you still are hell-bent on opening SIP access to your server, the Incredible PBX already is preconfigured to support it. Just map the SIP ports on your hardware- based firewall to your server (UDP 5000:5082 and UDP 10000:20000). Once activated, anyone can reach you through the following SIP URI using the actual public IP address of your server: mothership@12.34.56.78. You also can adjust the e164 trunk in FreePBX to route inbound calls to any destination desired. Then register your phone number on e164.org and others can call you at no cost using your traditional phone number. Enjoy!


The Incredible PBX: Basic Installation Guide

Adding Skype to The Incredible PBX

Adding Incredible Backup... and Restore to The Incredible PBX

Adding Multiple Google Voice Trunks to The Incredible PBX

Remote Phone Meets Travelin' Man with The Incredible PBX

Continue reading Basic Installation Guide, Part II.

Continue reading Basic Installation Guide, Part III.

Continue reading Basic Installation Guide, Part IV.

Support Issues. With any application as sophisticated as this one, you're bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It's the best Asterisk tech support site in the business, and it's all free! We maintain a thread with the latest Patches and Bug Fixes for Incredible PBX. Please have a look. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of ordinary users just like you. So you won't have to wait long for an answer to your questions.




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

  1. We, of course, continue to recommend a dLink Router/Firewall. Low Cost: $35 WBR-2310  Better: DIR-825  Best: DGL-4500 []
  2. We recommend the free SipAgent client for Android devices and the commercial Acrobits Softphone for iPods and iPads. []
  3. Adding an entry like the following would dramatically reduce the likelihood of a SIP attack: -A INPUT -p udp -m udp -s 141.146.0.0/255.255.0.0 --dport 5000:5082 -j ACCEPT []

Ringbinder theme by Themocracy