IncrediblePBX – Page 37

Introducing the Incredible PBX 13 ISO: A Turnkey Asterisk 13 Server for Everyman

Sunday, September 27, 2015 / 2 Comments on Introducing the Incredible PBX 13 ISO: A Turnkey Asterisk 13 Server for Everyman

Photo Credit: Forbes and thevoiceofaquietgirl.wordpress.com

[iframe-popup id="5″]
11/22/2015: The Incredible PBX 13 ISO has been updated to support USB Flash installers. Click here for the latest tutorial.

We’ve spent much of 2015 developing a new GPL VoIP platform for virtually every Linux flavor in the universe with Incredible PBX installers for CentOS, Ubuntu, Debian, and Raspbian for the Raspberry Pi. Along the way we introduced the first turnkey aggregations for Asterisk® 13, an incredible new platform that’s been under development for several years. Until now, we’ve left the initial deployment of the operating system platform up to you. There were two principal reasons for shifting to this two-step install. First, there was the sale of CentOS to RedHat which set off red flags as to whether RedHat would now raise legal objections to bundling a superset of GPL applications with the base CentOS install, something which the original CentOS developers swore they would never do. Second, we didn’t want to get in the operating system business with maintenance of an independent repository to address security issues and to avoid legal issues from the RedHat folks.

But we heard from more than a few that the two-step process could be tedious especially for those that were new to Linux. Luckily, there’s another derivative of RHEL called Scientific Linux. As the name implies, it is used and was developed primarily to support the worldwide scientific community. Many have contributed to the Scientific Linux build over the years, but its principal sponsor is Fermi Lab which is managed by the Fermi Research Alliance LLC for the U.S. Department of Energy Office of Science. As a National Laboratory funded by the federal government, Fermi Lab’s work products including Scientific Linux constitute U.S. Government Works. As such, in addition to its GPL license, Scientific Linux can be used by others to create derivative works. That’s a long-winded explanation of why we’re now comfortable getting back into the ISO business and building an incredibly powerful unified communications system atop the Scientific Linux GNU platform. For those that have dealt with Asterisk aggregations over the past 10 years, this design is nothing particularly new. What is unique is the mix of features in the Incredible PBX aggregation. We begin with a preconfigured Asterisk 13 platform. Then we’ve added a large collection of FreePBX® GPL modules to create the web-based Incredible GUI for management of your server. Finally, we’ve integrated over three dozen applications for Asterisk as well as a preconfigured, functioning firewall to give you a rock-solid, secure UC VoIP platform with an unrivaled feature set for your home office or small business.

Installing Incredible PBX 13 with Scientific Linux 6.7

The installation procedure with the Incredible PBX 13 ISO couldn’t be easier. Start by downloading the 32-bit ISO from SourceForge to your desktop computer. The file name is IncrediblePBX13.iso. If you prefer a torrent, that’s available as well. The file name is IncrediblePBX13-12.2-SL67-ISO.torrent. After completing the download, if you’ll be using dedicated hardware for your platform, burn the ISO to a DVD using a Mac or Windows machine. Then boot your hardware from the device you just created. If you’re using a virtual machine such as VirtualBox, then designate the ISO as the VM boot device. Then start the virtual machine to begin the install.

When the installation begins, choose your time zone and create a very secure root password. After about 5 minutes, the Scientific Linux platform will be in place and your system will reboot. Agree to the Incredible PBX license agreement and press ENTER to complete the install. After one more reboot, you’ll be in business. Log in as root with your new password. After the Automatic Update Utility brings your system current, press ENTER after reviewing the status display for errors. To install Incredible Fax, issue this command and accept all the defaults by pressing ENTER: /root/incrediblefax11.sh
If you prefer secure OAUTH2 authentication for your Google Voice accounts, follow this tutorial beginning at step #1b.

UPDATE: Today’s build of Incredible PBX is now available in the RentPBX Cloud with your choice of Asterisk 11 or 13 in the following locales: Seattle, Los Angeles, Mountain View, Dallas, Chicago, Atlanta, Tampa, Miami, Ashburn/Washington D.C., New Jersey, Montreal, Toronto, Berlin, and Northern U.K. Use coupon code NOGOTCHAS for $15/month pricing.

To complete the install, perform the following from the Linux CLI while logged in as root:

Change your root password if it’s insecure: passwd
Set your FreePBX admin password: /root/admin-pw-change
Set your web apps admin password: htpasswd /etc/pbx/wwwpasswd admin
Set your admin password for AvantFax: /root/avantfax-pw-change
Set your correct time zone: /root/timezone-setup
Add WhiteList entries to firewall if needed: /root/add-ip or /root/add-fqdn
Store PortKnocker credentials in a safe place: cat /root/knock.FAQ
Login to your NeoRouter VPN server if desired: /root/nrclientcmd

Managing Your Server with Incredible PBX Web-Based Tools

Most of your time initially configuring and managing your server will be spent using the web-based tools provided with Incredible PBX. Using any modern browser, go to the IP address of your server as shown in the status display above. This will bring up the Kennonsoft GUI that provides access to all of the web-based applications. Toggle between User and Admin apps by clicking on the blue tab in the lower left section of the display. This GUI also displays the latest security alerts and bug fixes from the PIAF RSS Feed. We recommend you check it at least once a week.

The other GUI to configure the FreePBX® GPL modules is accessed from the Admin menu in the Kennonsoft menus. Choose Incredible GUI Administration. The default username is admin and the password is what you set during the final installation steps above. Once the Incredible PBX GUI appears, edit extension 701 so you can figure out (or change) the randomized passwords that were set up for your 701 extension and voicemail account: Applications -> Extensions -> 701. If you’re behind a hardware-based firewall, verify the NAT setting is set to YES.

Setting Up a Soft Phone to Use with Incredible PBX

Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

DEMO - Allison's IVR Demo 947 - Weather by ZIP Code 951 - Yahoo News *61 - Time of Day *68 - Wakeup Call TODAY - Today in History

Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to set up a free Google Voice account. Google has threatened to shut this down but as this is written, it still works. Upgrading your server for OAUTH authentication is covered here. Start at step #1b. The safer long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

Call Screening – OFF
Call Presentation – OFF
Caller ID (In) – Display Caller’s Number
Caller ID (Out) – Don’t Change Anything
Do Not Disturb – OFF
Call Options (Enable Recording) – OFF
Global Spam Filtering – ON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to set up your Google Voice trunk in the GUI. After logging in with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!

IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.

Troubleshooting Audio and DTMF Problems

You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in the GUI: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

A Few Words about the Incredible PBX Security Model for SL 6.7

Incredible PBX for Scientific Linux joins our previous builds as our most secure turnkey PBX implementation. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. The latest release also includes Port Knocker for simple, secure access from any remote computer or smartphone. You can get up to speed on how the technology works by reading the Nerd Vittles tutorial. Your Port Knocker credentials are stored in /root/knock.FAQ together with activation instructions for your server and mobile devices. The NeoRouter VPN client also is included for rock-solid, secure connectivity to remote users. Read our previous tutorial for setup instructions. As configured, nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. You can whitelist additional IP addresses by running the command-line utility /root/add-ip. You can remove whitelisted IP addresses by running /root/del-acct. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking. We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. And it’s your phone bill. 😉

The IPtables firewall is a complex piece of software. If you need assistance with configuring it, visit the PIAF Forum for some friendly assistance.

Incredible Backup and Restore

We’re pleased to introduce our latest backup and restore utilities for Incredible PBX. Running /root/incrediblebackup will create a backup image of your server in /tmp. This backup image then can be copied to any other medium desired for storage. To restore it to another Incredible PBX server, simply copy the image to a server running Asterisk 13 and the same version of the Incredible PBX GUI. Then run /root/incrediblerestore. Doesn’t get much simpler than that.

Incredible PBX Automatic Update Utility

Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along.

In the meantime, we encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie.

Incredible PBX Application Users Guide

Your next stop ought to be learning about the three dozen applications included in Incredible PBX. We’ve put together this tutorial to get you started. Enjoy!

And, to our friends at Google, thank you!

Originally published: Sunday, September 27, 2015

Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.

9 Countries Have Never Visited Nerd Vittles. Got a Friend in Any of Them https://t.co/wMfmlhiQ9y #asterisk #freepbx pic.twitter.com/TPFGZbqWB6

— Ward Mundy (@NerdUno) April 22, 2016

Need help with Asterisk? Visit the PBX in a Flash Forum.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

The Call Center Revolution: Introducing VoiceNation’s OpenAnswer (GPL TAS)

Wednesday, September 23, 2015

We confess that Call Centers have never been on our telephony radar primarily because we deal in the open source market, and Telephone Answering Service (TAS) technology always has been at the opposite end of the cost spectrum. Typical call center setups can cost upwards of $1,000 per seat… until now. In addition to its revolutionary AGPLv3 license, two additional things caught our attention with OpenAnswer.

The company behind OpenAnswer, VoiceNation, has been in the Internet telephony and call center business for more than 15 years and is a well-respected industry leader. Their clients read like Who’s Who:

The second facet of OpenAnswer that caught our eye was its GPL platform. If you already have a PBX in a Flash™, Incredible PBX™, or FreePBX® Distro server in production, then you’ve got everything you need to get started. The recommended server should have at least a 2 GHz processor with a minimum 8GB of RAM. At least a 1.5 Mb (T-1 or equivalent) Internet connection is recommended to avoid call quality issues. The software mix will be familiar: Asterisk® 11 (recommended) or 13, FreePBX or Incredible GUI, MySQL, Apache, Linux, PF Sense, PHP, and jQuery. The operator screens run directly in any of the leading web browsers. The operator screens are highly configurable using OpenAnswer’s call types admin screen. Operators can be provided as little or as much information as desired, and reporting is tightly integrated into the software platform. Additional features such as "minders" and messages to each agent can be configured as needed. Particularly impressive were the drag-and-drop agent setup scripts and time-sensitive agent scripts that let you configure different agent scripts based upon date/time ranges. In short, this is not teaser software or crippleware designed to hook you into a paid platform. It is a full-featured Call Center out of the GPL box. The beauty of open source software, of course, is you can try it for yourself. And it doesn’t cost you a dime.

We don’t have to tell most of you that the shortcoming of many open source projects is the lack of documentation. With OpenAnswer, you’re in for a pleasant surprise. A detailed online tutorial walks you through all the steps: installation, configuration, taking calls, outbound calls, dispatcher/minders panel setup, message review, reports, and OpenQview for realtime monitoring. It’s the best open source documentation we’ve seen in a very long time. There’s even a step-by-step tutorial to walk you through installation on the FreePBX Distro platform.

If you are contemplating getting into the Call Center business or if your current Call Center is prohibitively expensive, then you owe it to yourself and your wallet to take a careful look at OpenAnswer. Our special tip of the hat goes to Rick Friesen at DSS Consortium for his terrific discovery.

Originally published: Wednesday, September 23, 2015

Need help with Asterisk? Visit the PBX in a Flash Forum.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

The Return of the 5-Minute PBX: Incredible PBX (Certified Edition) for VirtualBox

Monday, September 14, 2015

Today we’re paying a fresh visit to our favorite virtual machine platform and introducing a turnkey unified communications server for home, SOHO, and small business use. Unlike last week’s platform that required a $35 investment in a Raspberry Pi 2, this week’s offering requires zero hardware investment. And you still get the same software collection at the same great price, totally free… as in beer. The VirtualBox® platform runs atop any Windows PC, Mac, Linux desktop, or Solaris machine and uses a small portion of the desktop computer’s available resources. Other than that, everything works just as if you were running your PBX on standalone hardware.

Today’s release is built atop the new Scientific Linux™ 6.7 platform and features the latest LTS release of Asterisk® 13 and a terrific collection of GPL modules from FreePBX® 12. It also is our first opportunity to showcase one of our new Certified Incredible PBX™ builds. Certification is a new process that involves rigorous testing of the entire Incredible PBX platform to verify that every component is not only reliable but also works in harmony with the rest of the pieces of the unified communications suite. You’ll find all of them here. Think of Incredible PBX as the glue stick that assembles all the necessary VoIP components and holds them together seamlessly. As with all Incredible PBX builds, you also get the full complement of goodies including dozens of text-to-speech apps, voice recognition and dialing, SMS messaging, free fax support, reminders and wakeup calls, and SECURITY! The other major advantage of Incredible PBX on the VirtualBox platform is a turnkey install in less than 5 minutes! Just choose the Windows PC, Mac, Linux desktop, or Solaris machine and off you go.

Is VirtualBox merely a sandbox for experimentation? Absolutely not. With any of the beefier desktop computers available today, running Incredible PBX as a 24/7 VirtualBox image is every bit as feature rich with stellar performance that’s equivalent to using dedicated hardware. And there are some added advantages. Obviously, deploying a turnkey VoIP platform in under 5 minutes is a major plus. But, unlike using a dedicated Linux platform, you also get the ability to take snapshots of your system and do full backups in minutes instead of the hours required to bring down dedicated hardware, load a different backup application using a different operating system, perform a backup, and then reboot your VoIP server. And your backups won’t just run on the one server on which the backup was performed. You can restore the backup to any other computer that can run VirtualBox. For any of you that came from a network management background, you know what a big deal that really is. And there’s one more bonus. With Incredible Backup and Restore, you can move your image to dedicated hardware running the same operating system with Asterisk 13 and the same GUI platform in minutes.

Need to deploy VoIP servers at dozens of sites around the globe? Not a problem with VirtualBox. Just send a preconfigured VirtualBox image to each site and install VirtualBox on a local desktop computer. In 5 minutes, you have a functional VoIP server including interconnectivity to all of your other VoIP servers with a virtual private network already in place to provide secure VoIP connectivity between all of your sites.

Are there security compromises using the VirtualBox platform? Not at all. Incredible PBX still comes preconfigured with the Linux IPtables firewall that is locked down to a whitelist of local area networks, preferred providers, and your own IP addresses. You can expand the whitelist using the add-ip and add-fqdn scripts or use PortKnocker and Travelin’ Man 4 tools to let remote users gain instant access.

Getting Started. For today, we’ll provide a refresher course on loading VirtualBox and the new Incredible PBX virtual image. Then we want to spend a little time explaining the secret sauce that goes into building these images so that you can do it yourself either to migrate to a different network or to deploy at multiple sites. When we’re finished, you’ll know everything we’ve learned about deploying VirtualBox machines and, unlike Grandma, we won’t leave an important ingredient out of the recipe just to be sure you never forget how good Grandma’s cookies really were. So let’s get started.

Installing Oracle VM VirtualBox 5

Oracle’s virtual machine platform inherited from Sun is amazing. It’s not only free, but it’s pure GPL2 code. VirtualBox gives you a virtual machine platform that runs on top of any desktop operating system. In terms of limitations, we haven’t found any although VirtualBox 5 can be a little quirky on some platforms. If you have trouble with getting a clean status report with VirtualBox 5, just drop back to the final release of VirtualBox 4. We tested VirtualBox 4 on an Atom-based Windows 7 machine with 2GB of RAM, and it worked without a hiccup. So step #1 today is to download one or more of the VirtualBox installers from VirtualBox.org or Oracle.com. Our recommendation is to put all of the 100MB installers on a 4GB thumb drive.¹ Then you’ll have everything in one place whenever and wherever you happen to need it. Once you’ve downloaded the software, simply install it onto your favorite desktop machine. Accept all of the default settings, and you’ll be good to go. And here’s a link to the latest Oracle VM VirtualBox User Manual.

Downloading the Incredible PBX Virtual Machine

A word of warning on the front end. The Incredible PBX image featuring Asterisk 13 for VirtualBox is huge, about 3GB! There are two ways to grab the .ova image. You can either download the image directly from here or from SourceForge. Or, for better performance, download the torrent and let multiple servers help you get the software quicker. Usually download times are cut by 70% or more. The MD5 checksum is 6037b8319ce9070270474889af76f86d.

Importing & Configuring the Incredible PBX Virtual Machine in VirtualBox

You only perform the import step one time. Once imported into VirtualBox, Incredible PBX is ready to use. There’s no further installation required, just like an OpenVZ template… only better. Double-click on the .ova file you downloaded to begin the procedure and load it into VirtualBox. When prompted, be sure to check the Reinitialize the Mac address of all network cards box and then click the Import button. Once the import is finished, you’ll see a new Incredible PBX virtual machine in your VM List on the VirtualBox Manager Window. We need to make a couple of one-time adjustments to the Incredible PBX VM configuration to account for differences in sound and network cards on different host machines.

Click on the Incredible PBX Virtual Machine in the VM List. Then click Settings -> Audio and check the Enable Audio option and choose your sound card. Save your setup by clicking the OK button. Next click Settings -> Network. For Adapter 1, check the Enable Network Adapter option. From the Attached to pull-down menu, choose Bridged Adapter. Then select your network card from the Name list. Then click OK. That’s all the configuration that is necessary for your Incredible PBX Virtual Machine. The rest is automagic.

Running Incredible PBX Virtual Machine in VirtualBox

Once you’ve imported and configured the Incredible PBX Virtual Machine, you’re ready to go. Highlight IncrediblePBX Virtual Machine in the VM List on the VirtualBox Manager Window and click the Start button. The SL67 OS boot procedure will begin just as if you had installed Incredible PBX on a standalone machine. You’ll see a couple of dialogue boxes pop up that explain the keystrokes to move back and forth between your host operating system desktop and your virtual machine. Remember, you still have full access to your desktop computer. Incredible PBX is merely running as a task in a VirtualBox window. Always gracefully halt Incredible PBX just as you would on a dedicated computer.

Here’s what you need to know. To work in the Incredible PBX Virtual Machine, just left-click your mouse while it is positioned inside the VM window. To return to your host operating system desktop, press the right Option key on Windows machines or the left Command key on any Mac. For other operating systems, read the dialogue boxes for instructions on moving around. To access the Linux CLI, login as root with the default password: password.

When logging in for the first time, Incredible PBX will go through some setup steps and then reboot. Login again to complete the setup. status will always provide a snapshot of your system. To shut down Incredible PBX gracefully, click in the VM window with your mouse, log in as root, and type: halt. Be sure to complete the following setup steps from the Linux CLI:

Change your root password: passwd
Set your FreePBX admin password: /root/admin-pw-change
Set your admin password and email address for AvantFax: /root/avantfax-pw-change
Set your web apps admin password: htpasswd /etc/pbx/wwwpasswd admin
Set your correct time zone: /root/timezone-setup
Add WhiteList entries to firewall if needed: /root/add-ip or /root/add-fqdn
Store PortKnocker credentials in a safe place: cat /root/knock.FAQ
Login to your NeoRouter VPN server if desired: /root/nrclientcmd

To access the Incredible PBX GUI with a browser, point to the IP address of your virtual machine and login as admin with admin password set above. We recommend that you log in to the Linux CLI at least once a week so that Incredible PBX updates get applied to your server regularly. This is critically important if you care about your phone bill.

Preparing Incredible PBX Virtual Machine for Migration

As the Linux operating systems have become more turnkey, one of the shortcuts that has been implemented on both the RedHat and Debian/Ubuntu platforms is storage of your network setup so that the server reboots more quickly. While that’s fine for rebooting on the same server, it’s a real problem if you attempt to move your setup to different hardware or a new network because eth0 will not load. That means no IP address! Here are two ways to assure that things will actually work after the move. Both assume that you will have a DHCP server at the new location just as you did at your existing site.

The Easy Way. If you have console access after the VM image is restored on the new platform (which means you don’t need a network IP address for the server in order to log in as root), then the easy way to prepare any of the Incredible PBX machines for relocation is to issue the following commands before you halt the system and make a VirtualBox backup:

touch /etc/update_hostconfig
touch /etc/update_serverconfig

Once you have halted the server, edit both the sound card and network card settings and disable both of them in VirtualBox Manager. Then choose File -> Export Appliance from the VirtualBox title bar and create a .ova backup image on your desktop. You now have an image that is similar to the Incredible PBX image that you originally downloaded, except it has all of your data and settings. All you have to do is repeat the install drill above at the new location using the .ova image you created and log in with whatever your current root password happens to be. You’ll get a two-pass automatic setup just as you did when you began today’s adventure.

The only drawback to this procedure is the fact that the extension 701 and default DISA passwords will be initialized when you first boot from your .ova image at the other location. Aside from that, you’ll have a clean platform with new SSH and DUNDI credentials as well as mostly sanitized log files.

The Hard Way. The other alternative is to manually prepare your existing system for migration before you shut it down. The primary reason for doing this would be to assure that you can log in with an SSH client at the other end as soon as the server is booted. The steps differ a bit depending upon whether you’re on the Ubuntu or Scientific Linux platform. But on both platforms you need to enter the IP address from which you will log in at the new site unless it is on one of the private LAN subnets that already is whitelisted in IPtables. Just issue the command /root/add-ip and choose 0 option to enable all services for the new IP address. Then…

On the Scientific Linux platform, issue the following commands:

touch /etc/update_hostconfig
touch /etc/update_serverconfig
rm -f /var/lib/dhcpd/*
rm -f /var/lib/dhclient/*
rm -f /etc/udev/rules.d/70*
halt

On the Ubuntu platform, issue the following commands:

touch /etc/update_hostconfig
touch /etc/update_serverconfig
rm -f /var/lib/dhcp/*
rm -f /etc/udev/rules.d/70*
halt

Once you have halted the server, edit both the sound card and network card settings and disable both of them in VirtualBox Manager. Then choose File -> Export Appliance from the VirtualBox title bar and create a .ova backup image on your desktop. Now you’re an expert. Enjoy!

Originally published: Monday, September 14, 2014

Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Our forum is extremely friendly and is supported by literally hundreds of Asterisk gurus.

Need help with Asterisk? Visit the PBX in a Flash Forum.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. [↩]

VoIP at Your Fingertips: Incredible PBX GUI for Raspberry Pi 2 with Asterisk 13

Monday, September 7, 2015 / 6 Comments on VoIP at Your Fingertips: Incredible PBX GUI for Raspberry Pi 2 with Asterisk 13

Photo Credit: Jared Alden/Getty Images. Downloading, republication, retransmission, reproduction or other use of the licensed image as a stand-alone file is prohibited.

[iframe-popup id="3″]
NEWS FLASH: New Incredible PBX release with Raspbian 8 Jessie supports BOTH the Raspberry Pi 3 and the Raspberry Pi 2. Much improved installer and overall performance! Check out the new tutorial and download the new image here.

07/01/2019 NEWS FLASH: Just released Incredible PBX LITE for the Raspberry Pi 2, 3, and 4 featuring Raspbian 10 Buster. Tutorial here.

Today we’re pleased to introduce the ultimate hobbyist platform to learn about and then to deploy and use VoIP and unified communications in your home, home office, or small business. You’ll need a couple hours and a $35 Raspberry Pi 2 with its quad-core processor and gig of RAM.¹ Everything else is free… as in beer. And what a collection it is. You’ll get the very latest, production-ready version of Asterisk® 13, the new Incredible PBX GUI featuring a superset of FreePBX®-compatible modules, the newest Google Voice refinements with secure OAUTH 2 authentication for free calling and faxing in the U.S. and Canada, a rock-solid, preconfigured, Linux firewall, a free virtual private network client for NeoRouter that’s ready for your credentials, preconfigured trunks for the very best SIP providers in the world, a turnkey GPL fax solution featuring a HylaFax/AvantFax combination that delivers incoming faxes in PDF format using the included SendMail email server, free SMS messaging, a free conference bridge, SCCP encrypted communications support, and literally dozens of free applications for Asterisk including a news service, weather reports, the world’s best on-line almanac, telephone reminders, voice recognition for hands-free calling, and more. Do you need to be a Linux, network, or communications engineer? Not at all. If you can read, you’ve met the only prerequisite to implement Incredible PBX. The sky’s the limit on where to go next. Enjoy!

Target Audience: Home or SOHO/SBO seeking a GPL PBX with a web-based Graphical User Interface

Default Configuration: Asterisk 13 with Incredible PBX GUI, Kennonsoft GUI, and NANPA dialplan

Platform: Raspbian 7 running on a Raspberry Pi 2

Standard Memory: 1024MB

Recommended Disk: 16GB+

Default Trunks: Google Voice, CallCentric, DIDlogic, Future-Nine, IPcomms, Les.net, Vitelity, VoIP.ms²

Feature Set: SMS messaging, VPN, Reminders, ConfBridge Conferencing, AsteriDex, Voicemail, Email, IVR, News, Weather, Voice Dialer, Wolfram Alpha, Today in History, TM3 Firewall WhiteList, Speed Dialer, iNUM and SIP URI (free) worldwide calling, OpenCNAM CallerID lookups, DISA, Call Forwarding, SCCP, CDRs

Administrator Utilities: Incredible Backup/Restore, Automatic Updater, Asterisk Upgrader, phpMyAdmin, Timezone Config, Plug-and-Play Trunk Configurator, WebMin, External IP Setup, Firewall WhiteList Tools

As with all Incredible PBX products, your server is protected out of the box by our 10-Layer Network Security Model:

Preconfigured IPtables Linux Firewall (IPv4)

Preconfigured Travelin’ Man 3 WhiteLists

Randomized Port Knocker for Remote Access

TM4 WhiteListing by Telephone (optional)

Fail2Ban Log Monitoring for SSH, Apache, Asterisk

Randomized Ultra-Secure Passwords

Automatic Security Updates & Bug Fixes

Asterisk Manager Lockdown to localhost

Apache htaccess Security for Vulnerable Web Apps

Security Alerts via RSS Feeds in Kennonsoft and Incredible PBX GUIs

Getting Started with Incredible PBX and Incredible PBX GUI (RasPi 2 Edition)

Here’s a quick overview of the installation and setup process for Incredible PBX featuring the Incredible PBX GUI:

Install the Raspberry Pi 2 OS in text mode (No GUI) – Raspbian Wheezy

Configure Raspbian 7 – Optimize Raspbian Wheezy for Incredible PBX

Download and Install Incredible PBX + Incredible PBX GUI

Install Incredible Fax with HylaFax/AvantFax (optional)

Set Up Passwords for Incredible PBX

Configure Trunks using Incredible PBX GUI

Connect a Softphone using Incredible PBX GUI

1. Install Raspbian 7 Platform for Raspberry Pi 2

For those with Raspberry Pi experience, this is the same drill you’ve performed a dozen times before. For newbies, here’s the procedure. You’ll need a microSD card of at least 8GB, and we strongly recommend a 16GB or 32GB Type 10 card for Incredible PBX. We’ve tested both the SanDisk and Transcend cards, and they both work great.

Begin by downloading the latest RASPBIAN Wheezy image from RaspberryPi.org to your desktop. For the time being, DO NOT USE Raspbian Jessie! After you’ve unzipped the image, you need to get it moved to your microSD card. RaspberryPi.org has excellent tutorials that will walk you through the process using a Linux, Mac, or Windows desktop platform. Don’t forget to unmount the card before removing it. Building the SD card with Raspbian 7 takes about 30 minutes.

Once you have your microSD card ready to go, plug it into the slot on the back of the Raspberry Pi 2 and then plug in the power cord. On your attached monitor, you can follow the boot up process. If a login prompt appears, log in as user pi with the password raspberry and run: raspi-config. Usually this isn’t necessary.

2. Optimizing Raspbian 7 for Incredible PBX

The first time you boot up your Raspberry Pi 2 with Raspbian 7, it will run the raspi-config script. This allows you to make a number of changes to your Raspberry Pi environment to maximize performance. Let’s take advantage of it. Choose text mode for the bootup since we don’t need the RasPi GUI at all.

Advanced Options. Enable Remote SSH access to your Raspberry Pi 2.

Option 1. Expand the File System to fill your SD card. Otherwise, there’s insufficient disk space to complete the install.

Tab to the Finish option and press ENTER. Then choose Reboot and NO.

At the Linux command prompt, set a very secure root password: sudo passwd root. Decipher your IP address so that you can log in as root via SSH: ifconfig. Now reboot the system: sudo reboot.

We strongly recommend completing the rest of the install by logging in as root using a desktop computer via SSH or Putty (for Windows). This gives you the ability to scroll back up and find errors if something happens to come unglued during the install. It also assures that your desktop computer will be whitelisted in the automated setup of the IPtables firewall for IPv4.

3. Install Incredible PBX on Your Raspberry Pi 2

Adding Incredible PBX to the Raspberry Pi 2 is easy. To restate the obvious, your server needs a reliable Internet connection to proceed. Using SSH (or Putty on a Windows machine), log into your Raspberry Pi 2 as root at the IP address you deciphered in the ifconfig step at the end of the Raspbian install procedure above.

Now let’s begin the Incredible PBX install. After logging in as root, issue the following commands. The install takes an hour or more and runs unattended so there’s no need to watch unless you’re curious about how sausage is made. Remember, as part of the build process, we compile all of the major components for Incredible PBX from source. That takes some time. If you’re curious, you can review the open source GPL script to see how it’s done or to embellish it. Incredible PBX is GPL open source, 100% Gotcha-Free code so go for it and share your discoveries. That’s what open source is all about!

cd /root
wget http://incrediblepbx.com/incrediblepbx13-12.3.raspbian.tar.gz
tar zxvf incrediblepbx13-12.3.raspbian.tar.gz
rm -f incrediblepbx13-12.3.raspbian.tar.gz
./IncrediblePBX13-12.3-raspbian.sh

4. Install Incredible Fax for Incredible PBX (optional)

Administrators have been trying to stomp out faxing for at least two decades. Here’s a hint. It ain’t gonna happen. So go with the flow and add Gotcha-Free Faxing to your server. It’ll be there when you need it. And sooner or later, you’ll need it. This install script is simple enough for any monkey to complete. Run the script and enter the email address for delivery of your faxes. Then, press the Enter key to accept every default entry during the HylaFax and AvantFax installation steps.

cd /root
./incrediblefax11_raspi2.sh

When the installation finishes, reboot your server to bring faxing on line. After rebooting, you can access the AvantFax GUI with your browser by logging in as admin with the default password: password. Follow the prompts to update your admin password. You also can log into AvantFax from within the Incredible PBX GUI itself by clicking on the Other tab and choosing AvantFax.

Outgoing faxes using standard document attachments can be created using the AvantFax GUI. The faxes will be sent out using your default outbound dial rules. You can add a dial prefix for sending a fax with AvantFax to force the call out a particular trunk that has been preconfigured in the Incredible PBX GUI.

Incoming faxes will be delivered to the email address you specified when installing Incredible Fax; however, incoming faxes will be ignored until you configure a destination DID to accept the faxes. You’ll want a dedicated line for incoming faxes! A free Google Voice trunk works fine. Keep reading for DID setup instructions. For the incoming route of the destination DID for your faxes, specify:

If you ever forget your admin password for AvantFax, you can reset it by running the script: /root/avantfax-pw-change.

5. Initial Configuration of Incredible PBX

Incredible PBX is installed with the preconfigured IP4tables Linux firewall already in place. It implements WhiteList Security to limit server access to private LANs, your server’s IP address, your desktop computer’s IP address, and a few of our favorite SIP providers. You can add additional entries to this WhiteList whenever you like using the add-ip and add-fqdn tools in /root. There’s also an Apache security layer for our web applications. And the Incredible PBX GUI has its own security methodology. Finally, we randomize extension and DISA passwords as part of the initial install process. Out of the starting gate, you won’t find a more secure VoIP server implementation anywhere. After all, it’s your phone bill.

Even with all of these layers of security, here are 10 Quick Steps to better safeguard your server. You only do this once, but failing to do it may lead to security issues you don’t want to have to deal with down the road. So DO IT NOW!

First, log into your server as root with your root password and do the following:

Make your root password very secure: passwd
Set your correct time zone: /root/timezone-setup
Restart Asterisk: amportal restart
Create admin password for Incredible GUI: /root/admin-pw-change
Create admin password for web apps: htpasswd -b /etc/pbx/wwwpasswd admin newpassword
Make a copy of your Knock codes: cat /root/knock.FAQ
Decipher IP address and other info about your server: status

Second, use a web browser pointed to your server’s IP address. Click on the Users tab (bottom left below RSS Feed in Main Menu) to bring up the Administrator Menu. Click the Incredible GUI Administration button (bottom left). When the Incredible GUI Menu appears (shown above), click the Server Administration icon on the left. Login as admin with the password you set using admin-pw-change above. Now change your extension 701 extension and voicemail passwords.

Click Applications tab
Choose Extensions from the pull-down menu
Click on 701 in the far-right Extensions list

Don’t forget to click Submit and then Apply Settings to save your new entries.

Last but not least, Incredible PBX includes an Automatic Update Utility which downloads important updates whenever you log into your server as root. We recommend you log in once a week to keep your server current. Now would be a good time to log out and back into your server at the Linux command line to bring your Raspberry Pi 2 up to current specs.

6. Configure Trunks with Incredible PBX

Now for the fun part. If this is your first VoIP adventure, be advised that this ain’t your grandma’s phone system. You need not and should not put all your eggs in one basket when it comes to telephone providers. In order to connect to Plain Old Telephones, you still need at least one provider. But there is nothing wrong with having several. And a provider that handles an outbound call (termination) need not be the same one that handles an incoming call (origination) and provides your phone number (DID). We cannot recommend Vitelity highly enough, and it’s not just because they have financially supported our projects for almost a decade. They’re as good as VoIP providers get, and we use lots of them. If you’re lucky enough to live in the U.S., you’d be crazy not to set up a Google Voice account. It’s free as are all phone calls to anywhere in the U.S. and Canada. The remaining preconfigured providers included in Incredible PBX are equally good, and we’ve used and continue to use almost all of them. So pick a few and sign up. You only pay for the calls you make with each provider so you have little to lose by choosing several. The PIAF Forum includes dozens of recommendations on VoIP providers if you want additional information.

With the preconfigured trunks in Incredible PBX, all you need are your credentials for each provider and the FQDN of their server. Log into Incredible PBX GUI Administration as admin using a browser. From the System Status menu, click Connectivity -> Trunks. Click on each provider you have chosen and fill in your credentials including the host entry. Be sure to uncheck the Disable Trunk checkbox! Fill in the appropriate information for the Register String. Save your settings by clicking Submit Changes. Then click the red Apply Config button.

7. Configure a Softphone for Incredible PBX

We’re in the home stretch now. You can connect virtually any kind of telephone to your new PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.

We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Applications _> Extensions -> 701 and write down your SIP/IAX Password. You can also find it in /root/passwords.FAQ. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password is assigned to the extension. Click OK to save your entries.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

DEMO - Apps Demo 123 - Reminders 947 - Weather by City and State or Country* 951 - Yahoo News *61 - Time of Day TODAY - Today in History

* Voice recognition apps require Google credentials. Keep reading.

If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.

8. Configuring Google Voice on the Google Side

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

IMPORTANT: Do NOT under any circumstances take Google’s bait to switch from Google Chat to Hangouts, or you will forever lose the ability to use Google Chat with Incredible PBX. Also be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. Good News! You’re in luck. Google has apparently had a change of heart on discontinuing Google Chat support so it’s enabled by default in all new Google Voice accounts. Once you’ve created a Gmail and Google Voice account, go to Google Voice Settings and click on the Calls tab. Make sure your settings match these:

Call Screening – OFF
Call Presentation – OFF
Caller ID (In) – Display Caller’s Number
Caller ID (Out) – Don’t Change Anything
Do Not Disturb – OFF
Call Options (Enable Recording) – OFF
Global Spam Filtering – ON

Click Save Changes once you’ve adjusted your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

This release of Incredible PBX implements OAUTH2 authentication for Google Voice trunks. Even though it’s a bit more work on the front end, the good news is you won’t have to worry about your Google Voice trunks failing when Google phases out plain-text passwords. The other good news is you won’t be passing your plain-text Google Voice credentials across the open Internet for everyone in the world to see.

While you’re still logged into your Google Voice account, you need to obtain a refresh_token which is what you’ll use instead of a password when setting up your Google Voice account in the GUI. Here’s how.

1. Be sure you are still logged into your Google Voice account. If not, log back in at https://www.google.com/voice.

2. Go to the Google OAUTH Playground using your browser while still logged into your Google Voice account.

3. Once logged in to Google OAUTH Playground, click on the Gear icon in upper right corner (as shown below).

3a. Check the box: Use your own OAuth credentials
3b. Enter Incredible PBX OAuth Client ID:

466295438629-prpknsovs0b8gjfcrs0sn04s9hgn8j3d.apps.googleusercontent.com

3c. Enter Incredible PBX OAuth Client secret: 4ewzJaCx275clcT4i4Hfxqo2
3d. Click Close

4. Click Step 1: Select and Authorize APIs (as shown below)

4a. In OAUTH Scope field, enter: https://www.googleapis.com/auth/googletalk
4b. Click Authorize APIs (blue) button.

5. Click Step 2: Exchange authorization code for tokens

5a. Click Exchange authorization code for tokens (blue) button

5b. When the tokens have been generated, Step 2 will close.

6. Reopen Step 2 and copy your Refresh_Token. This is the "password" you will need to enter (together with your Gmail account name and 10-digit GV phone number) when you add your GV trunk in the Incredible PBX GUI. Store this refresh_token in a safe place. Google doesn’t permanently store it!

7. Authorization tokens NEVER expire! If you ever need to remove your authorization tokens, go here and delete Incredible PBX Google Voice OAUTH entry by clicking on it and choosing DELETE option.

Yes, this is a convoluted process. Setting up a secure computing environment often is. Just follow the steps and don’t skip any. It’s easy once you get the hang of it. And you’ll sleep better.

9. Configuring Google Voice in the Incredible PBX GUI

Now you’re ready to configure your Google Voice account in Incredible PBX. You do it from within the Incredible PBX GUI by choosing Connectivity -> Google Voice. Just plug in your Google Voice Username, enter your refresh_token from Step #6 above as your Google Voice Password, enter your 10-digit Google Voice Phone Number, and check the first two boxes: Add Trunk and Add Outbound Routes. Then click Submit and Apply Settings to save your new entries.

IMPORTANT: Once you’ve entered your credentials, you MUST restart Asterisk from the Linux command line, or Google Voice calls will fail: amportal restart

10. Troubleshooting Google Voice Connectivity Problems

If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.

If you have difficulty finding the Google Chat option after setting up a new Google Voice account, follow this tutorial.

Another option is to use one of the inexpensive SIP Gateways to Google Voice. HINT: The Simonics trunk in the Incredible PBX GUI is preconfigured. All you’ll need are your credentials.

SIP Gateways for Google Voice — GVsip and Simonics

Adding Speech Recognition Support to Incredible PBX

To support many of our applications, Incredible PBX has included Google’s speech recognition service for years. These applications include Weather Reports by City (949), AsteriDex Voice Dialing by Name (411), and Wolfram Alpha for Asterisk (4747), all of which use Lefteris Zafiris’ terrific speech-recog AGI script. Unfortunately (for some), Google now has tightened up the terms of use for their free speech recognition service. Now you can only use it for "personal and development use." If you meet those criteria, keep reading. Here’s how to activate speech recognition on Incredible PBX. Don’t skip any steps!

To use Wolfram Alpha by phone, you first must obtain a free Wolfram Alpha APP-ID. Then issue the following command replacing APP-ID with your actual ID. Do NOT change the yourID portion of the command:

sed -i "s|yourID|APP-ID|" /var/lib/asterisk/agi-bin/4747

Now you’re ready to try out the speech recognition apps. Dial 949 and say the name of a city and state/province/country to get a current weather forecast from Yahoo. Dial 411 and say "American Airlines" to be connected to American.

To access Wolfram Alpha by phone, dial 4747 and enter your query, e.g. "What planes are overhead." Read the Nerd Vittles tutorial for additional examples and tips.

Implementing WiFi on the Raspberry Pi 2

You don’t need to rely upon a wired network connection once you get your Raspberry Pi 2. WiFi works just as well. You’ll need a compatible USB WiFi Dongle. We recommend the AirLink 101 from Amazon or the Adafruit 814. Insert it into a free USB slot on your RasPi and boot up. Log in as root and edit /etc/wpa_supplicant/wpa_supplicant.conf. Add the following lines to the bottom of the file using your actual SSID and password. Then reboot after disconnecting your LAN cable.

network={
 ssid="your-SSID"
 psk="SSID-password"
}

You can test the performance of your WiFi connection by installing speedtest-cli and then running it:

easy_install speedtest-cli
speedtest-cli

Implementing SCCP for Secure, Encrypted Communications with Asterisk

Today marks our first effort to include and support the extended SCCP Channel Driver for Asterisk 13. All you’ll need to do is add the SCCP and device configuration files, and the rest should work. For a good overview of SCCP, start here. For excellent documentation on SCCP setup, go here. For PIAF Forum support, start here.

Homework Assignment: Mastering the Incredible PBX Feature Set

Now would be a good time to explore the Incredible PBX applications. Continue reading there. If you have questions, join the PBX in a Flash Forums and take advantage of our awesome collection of gurus. There’s an expert available on virtually any topic, and the price is right. As with Incredible PBX, it’s absolutely free.

Originally published: Monday, September 7, 2015

Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.

Need help with Asterisk? Visit the PBX in a Flash Forum.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

If you don’t have an HDMI-compatible monitor, you now can add the official Raspberry Pi 7″ touch display for $60. [↩]
Vitelity and Google provide financial support to Nerd Vittles and the Incredible PBX projects. [↩]

Asterisk Server Troubleshooting: Finding and Fixing Bugs & Gremlins in Your PBX

Wednesday, September 2, 2015

View image | gettyimages.com

Ashton-Tate of dBASE® fame used to call them anomalies. Sheer arrogance kept them from ever quite admitting there was an actual bug in their software. We don’t claim to be quite so perfect. If you use any software for very long, you’re going to encounter bugs. But not all reported problems turn out to be bugs. Many turn out to be errors generated by users that don’t quite know what they’re doing because they never bothered to RTFM. Whether they’re bugs or self-inflicted wounds, the result is still pretty much the same. The code doesn’t work as advertised.

As part of our Back to School series, today we’re going to introduce you to a methodology to keep your Asterisk® server running smoothly… warts and all. That process begins by your clicking the Getting Started Guide at the top of the Nerd Vittles page, identifying your particular platform, and reading the applicable tutorial from front to back. About nine times out of ten, that will tell you whether you’ve encountered a bug or just a feature that you haven’t quite mastered.

Unlike the other Asterisk aggregations, Incredible PBX™ includes an Automatic Update Utility. It gets run whenever you log into your server as root and is there primarily to address security issues. Depending upon the severity of the bug, we address some non-security related bugs as well. The problem from our perspective is that we’re dealing with a moving target with almost a dozen different versions and platforms. On each of those platforms, there are literally hundreds of software applications that are maintained and "improved" by various developers around the world. Sometimes things break. The other fact of life is there are only so many hours in the day and about 95% of all users of open source software never contribute a dime toward any open source project. Translation: We depend upon volunteers rather than paid staff to report and fix our bugs and those of other projects upon which we depend.

We’re happy to provide the latest software with the latest bug fixes at no cost. The rest is pretty much up to you. If the bugs in your current version become intolerable, then install a newer release and chances are that most of the problems will have been resolved. Yes, you will have to manually reconfigure your extensions and trunks and routes, but everything else will pretty much be the same. That’s the only real cost of using free software.

We want to identify the most common reported problems with Incredible PBX today and show you how to fix some of these issues yourself. After all, this is supposed to be a learning experience. And learning to fix things for yourself or at least knowing where to turn to get the answers is the best thing you can do to assure you have a stable platform for years to come. There are two terrific sources of information to keep your system current and stable. The first is the RSS Feeds for Asterisk, FreePBX®, and PBX in a Flash/Incredible PBX. The second is the Forums for these three platforms: Asterisk, FreePBX, and PBX in a Flash/Incredible PBX, especially the Bug Thread. If you’re going to use open source software, then you owe it to yourself and your server to check all of these sources at least once a week and address any new issues that have been identified. The downside of not heeding this advice is you are exposing your server to potential attacks that may compromise not only your server but the servers of others as well once your system has been transmogrified into a Zombie.

1. Login Failures: Linux CLI, Incredible PBX GUI, Web Apps, AvantFax, WebMin

There are four different passwords that cause problems for new users. On the Incredible PBX platform, these get set in different ways. The confusion typically arises when the user attempts to access a server resource and a password prompt appears. Fixing the problem depends upon which password is being requested. Be advised that more than two attempts to guess a password may get you locked out of your server for several hours because of Fail2Ban. Then you have two problems to contend with rather than one.

Linux CLI Root Password. Regardless of the Linux platform, the root password gets set when you install the operating system. If you can’t log in as root from the server console, chances are pretty good that you’ve forgotten the password or typed it incorrectly. Fixing this problem is major surgery and often you will be better served by reinstalling your server. If you’d prefer to reset the password, then follow the steps in this Linux Gazette article. While it doesn’t apply to Incredible PBX builds, you may encounter a failed root login using SSH or Putty if the server has been configured to deny root SSH access or to require an SSH key to log in. This can be remedied by logging in from the console and reconfiguring the login parameters for either the CentOS/Scientific Linux or Ubuntu/Debian/Raspbian OS.

Incredible PBX GUI’s admin Password. If you’re using a browser to access the Incredible PBX GUI and you’ve chosen the GUI Administration option from the Incredible GUI Main Menu (shown immediately above), then you arrived at a screen that looks something like what’s shown above. Clicking on Incredible PBX Administration will generate a prompt requesting your username and password. There can be any number of account names to access various Incredible PBX GUI resources, but there will always be an admin account. Reset this password by logging into your server as root and running the script: /root/admin-pw-change

If you’ve gotten fancy and added a password to the Incredible PBX Main Menu (shown at the top of this Top 10 List) using Admin -> Menu Configuration, then it won’t be too long until you forget what it was. You’ll need it to get back into the Admin options on the Main Menu. To retrieve the password, display the contents of the following file and look at the entry between the first two commas:

Incredible PBX User Control Panel Access. Also shown above is an icon to access the User Control Panel (UCP). This typically is used to allow end-users to manage one or more extensions on your PBX. Account names and passwords for UCP access are created in the Incredible PBX GUI by choosing: Admin -> User Management -> Add New User

Incredible PBX Web Application Access. From the Incredible PBX Main Menu and/or from the Maintenance tab in Incredible PBX GUI, users and administrators can gain access to a number of Incredible PBX web applications including AsteriDex, Telephone Reminders, phpMyAdmin, AvantFax, and others. All of these web applications require Apache login credentials consisting of a username and password. In the case of AvantFax, you will also need an AvantFax username and password that is requested after your Apache credentials have been provided. All of these applications can be accessed using the admin Apache account. To set the admin password: htpasswd -b /etc/pbx/wwwpasswd admin newpassword
Separate end-user accounts also can be created for applications such as AsteriDex and Telephone Reminders. To set up each of these accounts, use the following syntax: htpasswd -b /etc/pbx/wwwpasswd acctname acctpassword
The admin account and password are required to access phpMyAdmin and other administrator applications.

AvantFax Web Admin Access. As noted above, you first must enter any valid Apache web credentials to access AvantFax from the Incredible PBX Main Menu or from the AvantFax tab within the Incredible PBX GUI. After successfully entering your web credentials, you will be prompted for an AvantFax username and password. The admin user account for AvantFax can be set by logging into your server as root and issuing the command: /root/avantfax-pw-change

Once you gain admin access to AvantFax, you can create additional user accounts and passwords by clicking the Dashboard icon shown above and choosing: Menu -> New User

WebMin GUI Access. WebMin is a tool for use by skilled Linux administrators only. You can seriously and irreparably damage your PBX by making changes within WebMin. You’ve been warned. To access WebMin on Incredible PBX servers, click on the icon in the Main Administrator Menu. Or you can access WebMin using https://ServerIPaddress:9001. The username must be root, and the password is your Linux root password.

2. Emails/Voicemails Don’t Get Sent/Delivered

Identifying the Problem. 99% of the problems with delivery of emails with voicemail attachments from your server have little to do with your server. They are the result of one of two things. Either your email client has placed the incoming email messages in its SPAM or JUNK folder, or your Internet Service Provider (ISP) is blocking downstream SMTP mail servers from sending email. The ISPs claim this is a security precaution to reduce SPAM generated from compromised servers.

Testing Email Delivery. Try this: echo "test" | mail -s testmessage yourname@emailserver.com

Fixing the SPAM problem. If you find the test email message in your SPAM or JUNK folder, there are two ways to go about fixing the problem. The simplest is to mark the sending email address (whatever it happens to be in the email message) as NOT SPAM in your email client. For Gmail, simply create a filter for the email sender and specify "Never send it to SPAM" and "Mark it important." The alternative is to assign a Fully-Qualified Domain Name (FQDN) to your server. This could be done using a Dynamic DNS Server such as dyndns.org. Once you’ve set up your FQDN, this thread on the PIAF Forum will walk you through assignment of the FQDN to your server.

Fixing ISP Blocking of Downstream SMTP Traffic. If your ISP happens to be one of those that blocks emails from downstream SMTP servers (e.g. Comcast), you will first need the FQDN of your ISP’s SMTP gateway. We will reconfigure SendMail to use your ISP’s mail gateway as the SmartHost for your server and send emails out using their SMTP gateway instead of yours. This usually means they will tack on some hidden information to the email messages so that they can identify the sender if a SPAM problem is reported. Once you have the name of your ISP’s SMTP gateway, log in as root and edit /etc/mail/sendmail.cf. Search for DS and append your ISP’s SMTP FQDN with no space, e.g. DSsmtp.comcast.net
Save the file and restart SendMail: service sendmail restart.

3. Asterisk Won’t Start/Restart

Identifying the Problem. This part is easy. Restart Asterisk and see what happens: amportal restart

The Fix. This part isn’t. Keep in mind that, on FreePBX-enabled Asterisk servers, FreePBX actually starts up Asterisk as part of its initialization process. Unfortunately, the error messages are cryptic. The causes can be just as obscure. If you’ve recently made changes to an Asterisk config file in /etc/asterisk, start there. The next thing to test is whether MySQL is functioning properly. Without MySQL, FreePBX won’t start. Here’s the simple test: /etc/init.d/mysqld restart

If MySQL fails to start, have you changed your passwords for MySQL? If so, change the root password back to passw0rd. Then test access from the Linux CLI: mysql -u root -ppassw0rd. Next, find your asteriskuser password in /etc/freepbx.conf. Now test MySQL access again using the password you deciphered: mysql -u asteriskuser -p

The other critical piece for a successful startup is PHP. If it isn’t functioning properly, Asterisk with FreePBX won’t start. From the Linux CLI, issue this command and look for errors: echo "< ?php phpinfo(); ?>" | php

If all else fails, Google is your friend.

4. IPtables Firewall Testing

There’s one component of Incredible PBX that separates the men from the boys. That’s a secure and functioning firewall with a WhiteList of those authorized any type of access to your server. Obviously, if it’s not functioning, you’re not secure. Running the status command from the Linux CLI should tell you whether IPtables is working properly. To be doubly sure, issue the following command: iptables -nL. If the result looks like this, you’re missing the IPtables config file and need to head to the PIAF Forum for some help:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Next, issue the restart command and fix any reported errors: iptables-restart

Finally, there’s one more configuration setting that should be checked. Because the Travelin’ Man 3 WhiteList feature allows you to enter either IP addresses or FQDNs, we need to be sure IPtables is started up after DNS services are enabled on your server, or IPtables startup will fail. By default on many servers, IPtables startup occurs first. That means a manual configuration change is required to be sure IPtables startup is successful. Issue the following command to display the custom startup for your CentOS server: cat /etc/rc.d/rc.local. On Ubuntu/Debian/Raspbian platforms, issue the command: cat /etc/rc.local. The results should include: /usr/local/sbin/iptables-restart. If not, add it before exit 0.

5. Fail2Ban Log Scanner Testing

Fail2Ban is a log scanner that searches for certain text strings which indicate failed attempts to access your server. It is NOT failsafe because these text strings change from time to time and because your server must have sufficient horsepower to scan complete logs before the bad guys find a hole in your security. That often is difficult if the bad guys are using high-powered servers such as Amazon EC2. Nevertheless, it’s another layer of security that is worth having, and we need to make sure it’s functioning properly. Whenever IPtables is restarted, Fail2Ban needs to be restarted. This should be handled in the iptables-restart script. To be sure, issue the following command: grep fail2ban /usr/local/sbin/iptables-restart. It should return the following result: service fail2ban restart. If not, add it to the script by issuing the following command after logging into your server as root:

echo "service fail2ban restart" >> /usr/local/sbin/iptables-restart

To verify that Fail2Ban is functioning, issue the command: iptables -nL

The final lines of the listing should look something like this:
Chain fail2ban-ASTERISK (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0


Chain fail2ban-BadBots (1 references)

target     prot opt source               destination

RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
Chain fail2ban-SSH (1 references)

target     prot opt source               destination

RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-asterisk-udp (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0

6. HylaFax/AvantFax in Limbo.

For those using Incredible Fax, there are two main problems: not being able to log in to AvantFax and the dreaded "IAXmodem please wait" message once you get there. On the CentOS platform, the most important fix is making sure you’re using the latest Incredible Fax install script. If you’ve already encountered the problem on CentOS servers, just download the new script, tar zxvf incrediblefax11-centos*, and run the installer again. We know: you’re not supposed to. If that doesn’t address your problem and you’ve already reset your admin password as documented in section 1, see this PIAF Forum thread for some helpful hints.

7. Asterisk Server Log Rotation

Identifying the Problem. Some Incredible PBX servers were missing the script required to rotate the Asterisk logs which means your /var/log/asterisk/full file continues to grow. To test whether your server is missing the log rotator, run this command: if [ ! -f /etc/logrotate.d/asterisk ]; then echo "Missing"; fi

The Fix. If the test above reports Missing, then issue the following commands as root to fix the problem:
cd /etc/logrotate.d wget http://incrediblepbx.com/asterisk-logrotate.tar.gz tar zxvf asterisk-logrotate* rm -f asterisk-logrotate*

8. Detecting Trunk Failures

One of our most requested utilities is a script to notify administrators when a trunk goes off-line. Just issue the following commands to install it. Then edit /root/trunkcheck.sh and insert your email address. Works for SIP, IAX, and GV trunks.
cd /root wget http://incrediblepbx.com/trunkcheck.tar.gz tar zxvf trunkcheck.tar.gz rm -f trunkcheck.tar.gz echo "5 * * * * root /root/trunkcheck.sh > /dev/null 2>&1" >> /etc/crontab nano -w /root/trunkcheck.sh

9. Detecting Whether Asterisk Is Running As Root

Don’t ask us why but on some servers Asterisk ends up running as the root user rather than the asterisk user. Given the current design of FreePBX which assigns almost all privileges to the asterisk user anyway, it’s more an academic problem than a real one. If an intruder gains asterisk user access to your server, your system is toast whether the intruder has root privileges or not.

Identifying the Problem. To test whether the main Asterisk program is running as root, just issue the following command: ps aux | grep sbin/asterisk. If the first column of the first entry in the list shows root, then apply the fix.

The Fix. Issue the following commands to reset the Asterisk application to run as the asterisk user:
amportal kill chown -R asterisk:asterisk /var/run/asterisk sed -i '/END INIT INFO/a AST_USER="asterisk"\nAST_GROUP="asterisk"' /etc/init.d/asterisk amportal restart

10. Inability to Activate Repository Tabs in Module Admin

Identifying the Problem. Some users have reported a problem activating the various repository tabs within the GUI’s Module Admin component.

The Fix. Issue the following commands from the Linux CLI to correct the problem:

amportal a ma uninstall digium_phones
gui-fix

Special thanks to Lorne Gaetz and Andrew Nagy for the fix.

Originally published: Wednesday, September 2, 2015

Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.

Need help with Asterisk? Visit the PBX in a Flash Forum.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

Why Reinvent the Wheel: Incredible PBX GUI Application User’s Guide

Wednesday, August 26, 2015

We’ve spent the last two months introducing a half dozen new flavors of Incredible PBX™ featuring the new GPL-compliant Incredible PBX GUI. We hope you’re enjoying the new builds. But it’s Back-to-School Time in the United States so today we’re shifting gears and providing a refresher course on the three dozen or so applications for Asterisk® that accompany every Incredible PBX install.

For those just beginning your Incredible PBX adventure, start here and choose your favorite platform. There are plenty of choices featuring Asterisk 11 or 13, FreePBX® GPL-compatible modules for versions 2.11 and 12, plus your favorite operating system: CentOS 6.7 and 7.0, Ubuntu 14, and Raspbian for the Raspberry Pi 2. There’s even an installer for the AsteriskNOW and FreePBX Distro proprietary platforms.

Once your system is up and running, you’ll be ready to kick the tires and discover all of the hidden goodies that await. Today we’ll cover all of the applications for Asterisk® that are included in the new Incredible PBX GUI platforms. After reading this tutorial, if you have specific questions, by all means post them on the PIAF Forum for some quick and friendly help.

Table of Contents to the Incredible PBX Applications

Checking System Status
Enabling Speech Recognition
Wolfram Alpha for Siri-like queries by phone*
Automatic Update Utility
Asterisk Upgrade Utility
Apache Authentication for Apps
IPtables Firewall WhiteList
PortKnocker Remote Access
Travelin’ Man 4 Remote Access by Phone
Conference Bridge
CallerID Name (CNAM) Lookups
Faxing with Incredible PBX
Voicemail 101 with Incredible PBX
Email Delivery of MP3 Voicemails
Reconfiguring SendMail for SmartHosts
SMS Blasting with Google Voice
SMS Voice Messaging with Google Voice*
SMS Messaging with VoIP.ms
SIP URI Calling with Speed Dials
IVR Demo of Incredible PBX Applications*
Backup and Restore Options
AsteriDex – The Poor Man’s Rolodex®
Voice Dialing with AsteriDex*
Speed Dialing with AsteriDex
Scheduling Reminders by Phone or Web
DISA Access with Incredible PBX
Yahoo! News Headlines
Weather Forecasts with Incredible PBX*
ODBC Application Support
Today in History
Time of Day
WebMin: The Linux Swiss Army Knife
phpMyAdmin: The MySQL Swiss Army Knife
SIP Gateways for Secure (and Free) Google Voice Calling
User Control Panel for Extension Management

* Requires Voice Recognition implementation. See #2 above.

1. Checking Current Status of Incredible PBX

There are several ways to check the status of your server. First, log in as root and type: status or pbxstatus

The second option is to use a browser to access your server. Choose the Admin menu. Then click Incredible PBX Administration. Log in as admin with the password you set in the Linux CLI: /root/admin-pw-change. Once you log in with your Incredible GUI admin password, the System Status menu will be displayed.

Once you roam through the GUI options, you can redisplay the System Status screen by clicking Reports -> System Status.

2. Adding Speech Recognition to Incredible PBX

Google changed the licensing of their speech recognition engine last year and now restricts use to "personal and development use." Assuming you qualify, the very first order of business is to enable speech recognition for your new PBX. Once enabled, the Incredible PBX feature set grows exponentially. You’ll have access to the Voice Dialer for AsteriDex, Worldwide Weather Reports where you can say the name of a city and state or province to get a weather forecast for almost anywhere, Wolfram Alpha for a Siri-like encyclopedia for your PBX, and Lefteris Zafiris’ speech recognition software to build additional Asterisk apps limited only by your imagination.

Here’s how to activate speech recognition on Incredible PBX. Don’t skip any steps!

3. Using Wolfram Alpha with Incredible PBX

Ever wished your Asterisk server could harness the power of a 10,000 CPU Supercomputer to answer virtually any question you can dream up about the world we live in? Well, so long as it’s for non-commercial use, today’s your lucky day. Apple demonstrated with Siri™ just how amazing this technology can be by coupling Wolfram Alpha® to a speech-to-text engine on the iPhone. Now you can do much the same thing using voice recognition with Incredible PBX.

Before using Wolfram Alpha from any phone connected to your PBX, you first must configure it by obtaining and adding a Wolfram Alpha application ID to Incredible PBX. Here are the simple steps:

1. Obtain your free Wolfram Alpha APP-ID here.

2. Log into your server as root and issue the following command:

nano -w /var/lib/asterisk/agi-bin/4747

3. When the nano editor opens, the top line of the file will look like this:

APPID="Your-Wolfram-Alpha-App-ID-Goes-Here"

4. Replace the text between the quotes with your APP_ID key from Step #1 above. Then save the file: Ctrl-X, Y, then Enter.

To use Wolfram Alpha, dial 4747 (that’s S-I-R-I backwards) from any extension.

Here are some sample queries to get you started:

Weather in Charleston South Carolina
Weather forecast for Washington D.C.
Next solar eclipse
Otis Redding
Define politician
Who won the 1969 Superbowl? (Broadway Joe)
What planes are overhead? (flying over your server’s location)
Ham and cheese sandwich (nutritional information)
Holidays 2015 (summary of all holidays for 2015 with dates and DOW)
Medical University of South Carolina (history of MUSC)
Star Trek (show history, air dates, number of episodes, and more)
Apollo 11 (everything you ever wanted to know)
Cheapest Toaster (brand and price)
Battle of Gettysburg (sad day 🙂 )
Daylight Savings Time 2015 (date ranges and how to set your clocks)
Tablets by Samsung (pricing, models, and specs)
Doughnut (you don’t wanna know)
Snickers bar (ditto)
Weather (local weather at your server’s location)

4. Automatic Update Utility for Incredible PBX

A key security component of Incredible PBX is its Automatic Update Utility. Each time you log into your server as root, the Automatic Update Utility is run. It installs the latest fixes and security patches for your server. Don’t disable it! In fact, don’t delete anything from the /root folder. You’ll need all of it sooner or later.

We recommend you log into your server as root at least once a week to keep your server current. Ditto for the web interface to Incredible PBX. Insofar as security is concerned, we make a best effort to keep the components of Incredible PBX up to date. The Linux operating system was installed by you before the Incredible PBX install began. That’s a nice way of saying Linux security is primarily your responsibility. When an egregious Linux vulnerability comes along that we know about, we will try to notify you of the issue on the PIAF Forum and on the RSS Feed that is part of the Incredible PBX Main Menu shown at the top of this article. Check the RSS Feed with a browser at least once a week. As a condition of use of the free Incredible PBX, you accepted ultimate responsibility for the security and reliability of your server. None of this discussion changes any of that.

5. Asterisk Upgrade Utility for Incredible PBX

We’ve developed a script to upgrade Asterisk to the latest version whenever you feel the urge. This brings you current in your existing release, e.g. Asterisk 11 or 13. It does NOT upgrade Asterisk 11 to 13! Before beginning the upgrade, log into your server as root using SSH and maximize the window. Otherwise, Asterisk may not compile properly. Then execute these commands:
cd /root wget http://incrediblepbx.com/upgrade-asterisk-to-current.tar.gz tar zxvf upgrade-asterisk-to-current.tar.gz rm -f upgrade-asterisk-to-current.tar.gz ./upgrade-asterisk-to-current

6. Implementing Apache Authentication with Incredible PBX

With the exception of the Incredible GUI and WebMin, all web-based applications included in Incredible PBX require successful authentication with the Apache admin password to gain access. When you installed Incredible PBX, you should have created an Apache admin account. If not, issue the following command using a secure password after logging in as root:

htpasswd -b /etc/pbx/wwwpasswd admin newpassword

With the exception of AsteriDex and Reminders, you gain access to other Incredible PBX applications with the Apache admin account. For the remaining apps, you may wish to (but don’t have to) assign different account names and passwords to various departments in your organization. To set up these accounts, use the syntax above substituting the name of the department for "admin" and the department password for "newpassword."

7. Managing the IPtables Linux Firewall and WhiteList

As installed, Incredible PBX includes a preconfigured, locked-down Linux firewall that restricts incoming IPv6 traffic to localhost and, via a WhiteList, limits incoming IPv4 traffic to your server’s public and private IP addresses, your desktop computer’s IP address (that was used for the install), private LAN and NeoRouter VPN traffic, and a collection of our favorite SIP providers. You can WhiteList additional IP addresses for additional providers or for SIP and IAX phones located outside your firewall. The following firewall management scripts are mostly installed in the /root directory:

./add-ip — WhiteList an additional IP address or IP address range (CIDR)
./add-fqdn — WhiteList a site using a fully-qualified domain name (FQDN)
./del-acct — Remove previously designated entry from the WhiteList
./ipchecker — Check whether specified FQDNs have changed & update IPtables
iptables-restart — Used exclusively to restart IPtables and test for failed FQDNs
iptables -nL — Check the current status of your IPtables firewall

IPtables can be manually configured (if you know what you’re doing) by editing iptables and ip6tables in /etc/sysconfig (CentOS) or rules.v4 and rules.v6 in /etc/iptables (Ubuntu/Debian/Raspbian). NEVER use traditional iptables commands such as service iptables save to update your IPtables configuration, or you will permanently delete all of your FQDN entries! Instead, edit the files directly and then restart IPtables using iptables-restart. This protects the FQDN entries in your setup while also checking for invalid FQDN entries and removing them temporarily so that IPtables will successfully restart. If you use service iptables restart to restart IPtables and there happens to be an FQDN entry for a host that is either down or has disappeared, IPtables will fail to restart and your server will be left with NO firewall protection! The reason for this is the IPtables design which converts all FQDN entries to fixed IP addresses when it starts up. It’s also the reason we have to periodically check for changed FQDN entries using the ipchecker script with cron. For this to work properly, you will need to manually add your FQDN setups to the top of /root/ipchecker by inserting the filenames of any add-fqdn entries you have created. For additional details, read our Travelin’ Man 3 tutorial.

8. PortKnocker Remote Access to Incredible PBX

IPtables is a powerful firewall that keeps the bad guys out. It also will keep legitimate users (including you) from gaining remote access to your server unless you had the forethought to WhiteList your remote IP address before you left on that family vacation. Unfortunately, you don’t always know your IP address in advance. And dynamic IP addresses assigned with hotel WiFi frequently change. To address this problem, Incredible PBX includes a preconfigured PortKnocker utility. This lets you send three secret "knocks" on random TCP ports to your server to tell it to let you in temporarily (until IPtables is again restarted or the access window time expires).

For PortKnocker to work, you obviously need to know the secret knocks. You’ll find them in /root/knock.FAQ. Record them in your wallet or inside your suitcase for that rainy day! There are PortKnocker apps for almost all smartphones as well as for Windows, Mac, and Linux computers. Install your favorite AND test access before you leave town.

Finally, be aware that PortKnocker does not need any special access to your server to work; however, if your server is behind a hardware-based firewall, then you must map the three PortKnocker TCP ports to the private IP address of your server, or the knocks obviously will never get delivered to your server.

Review our PortKnocker tutorial for additional configuration tips.

9. Travelin’ Man 4 Remote Access to Incredible PBX (Dial TM4)

In addition to PortKnocker, Incredible PBX also includes a telephone-based solution to temporarily gain remote access to your server. This does require a bit of preplanning since you must create account credentials for the person to whom you wish to give remote access via a phone call. The complete tutorial for Travelin’ Man 4 is available on the PIAF Forum. All of the pieces already are in place on your server so skip down to the Configuration & Operation sections for details on implementation. The tutorial also covers the Administrator Utilities in /root/tm4 which let you set up remote user accounts.

10. Using the Conference Bridge in Incredible PBX (Dial C-O-N-F)

A new turnkey Asterisk Conference Bridge has been added to Incredible PBX. A conference bridge allows a group of people to participate in a joint phone call. Typically, participants dial into a virtual meeting room from their own phone. This virtual meeting room supports dozens or even hundreds of participants depending upon server capacity.

You do not need a timing source for conferencing with Incredible PBX! Old-style Asterisk MeetMe Conference Rooms which required a timing source are disabled.

To access the Conference Bridge, dial C-O-N-F (2663) from any phone connected to your server. Remote users can be added to a conference by providing a DID that points to an IVR which includes Conference Bridge access. Once connected to the conference bridge, a caller is prompted for the Conference Bridge PIN and his or her name.

To display Conference Bridge PINs, open Incredible GUI with a browser. Choose Applications -> Conferences -> 2663 and your Conference Bridge PINs will be shown. Reset them as desired.

11. CallerID Name (CNAM) Lookups with Incredible PBX

By default, Incredible PBX is configured to automatically provide CallerID Name lookups using CallerID Superfecta, an application initially developed on Nerd Vittles almost a decade ago. You also have the option of using free OpenCNAM CallerID name lookups for the first ten calls received each hour. These lookups are only from cached entries in the OpenCNAM database; however, you can enable the commercial lookup service if desired. The cost is four tenths of a cent per successful query.

12. Free Faxing with Incredible PBX

If you added Incredible Fax to your server by running incrediblefax script in the /root folder, then you’re in for a treat. As part of the install, you provided an email address for delivery of incoming faxes. That’s all the setup that is required to have incoming faxes delivered via email in PDF format. The best way to figure out whether a particular provider supports fax technology on their DIDs is to send a test fax to yourself. FaxZERO lets you send 5 free faxes of up to 3 pages every day. Give it a whirl.

You also can send faxes using standard document types with the AvantFax web application. Log into AvantFax from the main Incredible PBX page by clicking on the AvantFax icon. Choose the Send a Fax option from the main menu, fill in the blanks, and attach your document. AvantFax uses the default dialplan so use the prefix desired to send the fax using your preferred provider. HINT: Google Voice does an excellent job with both incoming and outgoing faxes, and the calls are free in the U.S. and Canada.

Copies of all incoming faxes also are available for retrieval within AvantFax.

13. Voicemail 101 for Incredible PBX

Voicemail functionality is enabled on an extension-by-extension basis as part of the Extension setup under the Applications tab in the GUI. Once enabled, you can set up your mailbox and retrieve your messages by dialing *98. You can leave a message for any extension without actually calling the extension. Just prepend * to any extension number before dialing, e.g. *701. A number of the system settings for voicemail can be tweaked under the Voicemail Admin option under the Settings tab.

14. Email Delivery of MP3 Voicemails with Incredible PBX

Speaking of email delivery, your voicemails also can be delivered to any email address of your choosing. For every Extension, simply add an Email Address in the Voicemail section of the form. With Incredible PBX, the voicemail message will be attached to the email in MP3 format so it’s suitable for playback with most email clients on desktop PCs, Macs, and smartphones. Be advised that some Internet service providers (such as Comcast) block downstream SMTP servers. You can check whether your outbound email is flowing by accessing WebMin (below) and choosing Servers -> SendMail Mail Server -> Mail Queue. If you find outbound mail is accumulating, then you’ll need to add your ISP’s SMTP server address as a SmartHost for SendMail as documented in the next section.

15. Reconfiguring SendMail for SmartHost SMTP Delivery Of Outgoing Emails

Many residential Internet service providers block downstream SMTP servers such as the SendMail server running with Incredible PBX. If you’re sending emails but they never arrive and you’ve checked your SPAM folder, then chances are your ISP is the culprit. The simple solution is to add your ISP’s SMTP server as a SmartHost for SendMail. This means outbound emails will be forwarded to your ISP for actual email transmission over the Internet. Here’s how. Edit /etc/mail/sendmail.cf and search for DS. Immediately after DS, add the FQDN of your ISP’s SMTP server, e.g. DSsmtp.comcrap.net (no spaces!). Save the file and then restart SendMail: service sendmail restart. Your email and voicemail messages with attachments should begin flowing without further delay.

Email from: Asterisk PBX asterisk@pbx.local...
"Nerd Vittles" at 8001234567 left a new voicemail message 1 for extension 6002 on Thursday, January 29, 2015 at 01:42:33 PM.

You can test email delivery by sending yourself a message from the Linux CLI:

echo "test" | mail -s testmessage yourname@somedomain.com

16. SMS Blasting with Google Voice and Incredible PBX

Out of the box, Incredible PBX supports SMS Message Blasting if you have a functioning Google Voice account set up. Before first use, you must add your credentials, address list, and text message to the SMS Blaster scripts in the /root folder.

In smsblast, insert your credentials:

GVACCT="yourname@gmail.com"
GVPASS="yourpassword"
MSGSUBJECT="Little League Alert"

In smslist.txt, insert one or more recipients for your message. These can be a combination of SMS addresses and email addresses and will be delivered accordingly.

NOTE: For most cellphone providers, you also can send an email message for SMS delivery by the provider. The complete list of providers is available here. Email messaging for SMS requires that you know the cellphone provider for your recipient while standard SMS messaging does not.

# In lieu of SMS number, email is also OK
8431234567 Doe John
mary@doe.com Doe Mary
8435551212@txt.att.net Mr T

In smsmsg.txt, enter the text message to be sent.

Once you have all three files configured, run the script: /root/smsblast.

17. Voice-Activated SMS Messaging with Incredible PBX (Dial S-M-S)

In addition to message blasting, you also can dial 767 from any extension and dictate an SMS message to send through your Google Voice account. When prompted for the destination, simply enter the 10-digit SMS number of the recipient.

18. SMS Messaging with VoIP.ms and Incredible PBX

Incredible PBX also supports SMS messaging through VoIP.ms if you have an account and an SMS-enabled DID. See the VoIP.ms wiki for setup info on the VoIP.ms side.

To install the VoIP.ms SMS scripts, follow these steps:

cd /root
mkdir sms-voip.ms
cd sms-voip.ms
wget http://incrediblepbx.com/voipms-SMS.tar.gz
tar zxvf voipms-SMS.tar.gz

Edit voipms-sms.php and insert your VoIP.ms number that supports SMS messaging (no spoofing allowed!):

$SMSsender="8005551212";

Edit class.voipms.php and insert your VoIP.ms API credentials:

    /*******************************************\
     *  VoIPms - API Credentials
    \*******************************************/
    var $api_username   = 'yourname@youremail.com';
    var $api_password   = 'yourpassword';

Send an SMS message through VoIP.ms with the following command where smsnumber is the 10-digit number of the SMS recipient and "sms message" is the text message surrounded by quotes:

/root/sms-voip.ms/voipms-sms.php smsnumber "sms message"

NOTE: VoIP.ms has indicated that sooner or later there will be a penny per message charge for SMS messages; however, they’re still free as of now.

19. SIP URI Calling with Incredible PBX (Demo: Dial L-E-N-N-Y)

With one line of dialplan code, you can add Speed Dials for free SIP URI calling worldwide. Just create an Other (Custom) Device Extension. Provide an extension number for the SIP URI and enter the SIP URI in the following format in the dial field: SIP/2233435945@sip2sip.info

20. IVR Demo of Incredible PBX Applications (Dial 7001)

The easiest way to try out a number of the Incredible PBX applications is to take the IVR Demo for a spin. Just pick up any phone and dial D-E-M-O (3366). The sample code for the IVR is available for review and modification in extensions_custom.conf. Just search for 3366. You can create your own IVRs and AutoAttendants using the IVR option under the Applications tab in the GUI.

21. Incredible Backup & Restore with Incredible PBX

Incredible Backup and Restore scripts are included in the /root folder. These scripts make and restore snapshots of the settings on your server and should be used in conjunction with a full system backup solution. The GUI includes its own backup snapshots by choosing Backup & Restore under the Admin tab.

22. AsteriDex – The Poor Man’s Rolodex

AsteriDex is a web-based phonebook application for Incredible PBX. You can access it from the main web menu. Scripts are also available to import your contacts from Outlook and Google Contacts.

23. Voice Dialing with AsteriDex (Dial 411)

If you have voice recognition enabled on your server, you can call anyone in your AsteriDex database by dialing 411.

24. Speed Dialing with AsteriDex (Dial 412 or 000+)

For those without voice recognition, Incredible PBX includes two speed dialing utilities. The first is accessed by dialing 412. Then enter any 3-digit dialcode from your AsteriDex database to complete the call.

For a complete listing of your AsteriDex dial codes, execute this query:

mysql -u root -ppassw0rd asteridex -e "select name,dialcode from user1 order by name"

25. Telephone Reminders (Dial 123)

Incredible PBX includes a sophisticated reminders system that lets you schedule individual or recurring reminders using your phone by dialing 123 or a web browser. A complete tutorial is available here. For phone reminders, a password is required to access the reminder system. You’ll find or can set your Reminders password by searching for 123 in extensions_custom.conf. Typically, these reminders set up a return call at a scheduled time that then plays back either a recorded message or a TTS message generated from the text you entered in the browser application. Incredible PBX also includes a new addition that lets you schedule web reminders that are delivered by email or SMS message. Links to the web-based reminders applications are in the main Incredible PBX web menu.

26. DISA Access with Incredible PBX

Direct Inward System Access (aka DISA) is one of the great PBX inventions of the last 50 years. It’s also one of the most dangerous. It lets someone connect to your PBX and obtain dial tone to place an outbound call using your trunks… on your nickel. Typically, it is offered as an option with an IVR or AutoAttendant. DISA extensions can be added using the DISA option under the Applications tab. Make sure you assign a very secure password. It’s your phone bill.

27. Yahoo! News (Dial 951)

Yahoo! news headlines are available by dialing 951. The news option also is included in the sample IVR application.

28. Weather Forecasts by Phone (Dial 949 or Z-I-P)

If you have voice recognition enabled on your server, you can retrieve a weather report for most cities in the world by dialing 949 and saying the name of the city plus the state, province, or country. For PBXs without voice recognition, you can obtain a weather forecast for most zip codes by dialing 947 (Z-I-P) and entering the 5-digit zip code.

29. ODBC Application Support for Asterisk

ODBC/MySQL application support for Asterisk is included in Incredible PBX. You can try out a few sample applications that are included to get you started. Dial 222 and enter 12345 for the employee number. This retrieves an employee name from the MySQL timeclock database using Asterisk. Dial 223 to retrieve an AsteriDex name and phone number by entering the 3-character dialcode. You then have the option of placing the call by pressing 1. Once you have created accounts for Travelin’ Man 4, you can dial 864 (T-M-4) to WhiteList an IP address for that account after entering the account number and matching PIN. Use the * key for periods in the IP address. The code for all of the samples is in the following files in /etc/asterisk: odbc.conf and func_odbc.conf. If you create new MySQL databases, remember to add corresponding entries in res_odbc.conf and /etc/odbc.ini. Then restart Asterisk: amportal restart.

30. Today in History (Dial T-O-D-A-Y)

It’s always interesting to find out what happened Today in History. And Incredible PBX now delivers it by phone. Just dial 86329 (T-O-D-A-Y) for a walk down memory lane.

31. Time of Day

Speaking of yesteryear, if you grew up dialing TI-4-1212 for the time of day, Ma Bell may have discontinued the service, but we haven’t. Now you can do it on your very own PBX. Just dial into the DEMO IVR and choose option 4.

But suppose you want your users to be able to dial in for the time. Just dial *61 for a time update.

32. WebMin: The Linux Swiss Army Knife

There is no finer Linux application than WebMin. There is no more dangerous Linux application than WebMin. You’ve been warned. We heartily recommend WebMin as a tool to LOOK at your server’s settings. We strongly discourage changing anything in WebMin unless you totally know what you are doing. This is especially true with management of Linux applications that make up the core of Incredible PBX: the Linux kernel, SendMail, IPtables, Apache, MySQL, PHP, and…

To access WebMin, click on the WebMin link in the main Incredible PBX web menu. The username is root. The password is your root password. WebMin has root privileges to your server. Reread paragraph 1 and act accordingly.

For an exhaustive tutorial on WebMin, download The Book of WebMin by Joe Cooper. For a more recent commercial offering, take a look at Michal Karzyński’s WebMin Administrator’s Cookbook.

33. phpMyAdmin: The MySQL Swiss Army Knife

The same caveats we expressed regarding WebMin apply to phpMyAdmin. It is a powerful tool for managing MySQL databases in the right hands. It is a dangerous tool in the wrong hands. There should be little need to use phpMyAdmin unless you are developing a customized database solution for your business. We’ve included phpMyAdmin just in case.

To access phpMyAdmin, click on the phpMyAdmin link in the main Incredible PBX web menu. For tutorials on phpMyAdmin, see the phpMyAdmin wiki. For an excellent commercial offering focused on the version of phpMyAdmin installed on your server, consider Mastering phpMyAdmin 3.4 for Effective MySQL Management by Marc Delisle.

34. SIP Gateways for Secure (and Free) Google Voice Calling

If you have difficulty finding the Google Chat option after setting up a new Google Voice account, follow this tutorial. If you’d prefer a secure, pain-free method of accessing Google Voice via SIP for a modest one-time fee, there are some other options:

SIP Gateways for Google Voice — GVsip and Simonics

35. User Control Panel for Extension Management

For those that have clamored for a safe way to permit end-users to manage their extensions and voicemails, your ship has arrived. Meet the User Control Panel (UCP) which now is part of the Incredible PBX GUI. First, set up accounts for your users with the User Management option under the Admin tab. Specify account names, passwords, and extensions to be managed. Other entries for email addresses are optional. Then choose the UCP option in the GUI, login with one of the accounts you’ve created, and follow your nose.

Originally published: Wednesday, August 26, 2015

Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.

Need help with Asterisk? Visit the PBX in a Flash Forum.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

Introducing Incredible PBX GUI for AsteriskNOW and the FreePBX Distro

Wednesday, August 19, 2015 / 2 Comments on Introducing Incredible PBX GUI for AsteriskNOW and the FreePBX Distro

Before we get started today, let’s clear the air on a few things that have been brought to our attention. We’re not opposed to any organization making money. That includes Digium® and Sangoma®. And we fully appreciate that both of these companies need to make money to continue to deliver first rate products like Asterisk® and FreePBX®. Our fundamental disagreement with SchmoozeCom and now Sangoma stems from their sales methodology. In a nutshell, they’ve taken what purports to be an open source GPL product and turned it into a marketing tool for a whole host of commercial, closed source, time-restricted add-ons. If this were done in keeping with the GPL requirement for clear separation between the GPL components and the commercial ones, we would have no objection at all. As it stands, the Sangoma commercial bundling approach is functionally identical to distributing commercial components tied to the Linux GPL kernel, a practice that is specifically prohibited by the GPL. The prohibition stems from hooking commercial components to any GPL component, not merely the Linux kernel. Hence, hooking commercial FreePBX components to the open source GPL FreePBX and Linux ISO platforms is just as problematic as hooking a commercial driver to the Linux kernel. You’re profiting off the free work of others while confusing consumers on what’s free software and what’s not.

Sangoma’s decision to commingle and intertwine the GPL and commercial components in such a way that end-users have no choice but to install the entire bundle including the NagWare and CrippleWare hooks is problematic in another way as well. It also means users cannot legally redistribute the SHMZ ISO (even though it includes the functionally identical components found in the RedHat Enterprise Linux GPL ISO) because consumers also would be redistributing non-GPL software without a license to do so.

If you really want to have some fun (on a non-production machine, of course), try setting the clock up about 26 years and experience time bomb software in all its glory. And we thought this disappeared in the shareware days. Heh.

Last, but not least, Sangoma has shrouded the essential Cloud components of the FreePBX distribution in secrecy with encrypted signatures to prevent others from adding to the GPL-advertised project without encountering nasty error messages suggesting that your server has been compromised. Issuing keys while keeping exclusive control over issuance and rescission of those keys doesn’t help. That is a textbook example of PROPRIETARY software.

Until these issues are addressed, we believe everyone is better served by converting your GUI platform to the Incredible PBX GUI which offers GPL-compatible modules and an open source, GPL-based Cloud platform for all to see. That’s what FREEDOM really means, Sangoma. And that’s our objective for today, no more and no less.

Installing the SHMZ Base Operating System

If you’ve installed Incredible PBX on another operating system platform, today’s exercise isn’t that different. You’ll start by downloading and installing a fresh copy of AsteriskNOW or FreePBX Distro 6.12. You need a fresh install because all of your setup will be modified as part of the Incredible PBX install anyway. Both the 32-bit and 64-bit platforms are supported. Once the install begins, we recommend choosing the NO RAID setup because upgrading to FreePBX 13 down the road reportedly leaves you with a kernel that does not support RAID.

Begin by installing the 32-bit or 64-bit version of your choice on your favorite hardware or Desktop. Or you may prefer to use a Cloud provider¹ that already offers a preconfigured image. In the latter case, you can skip this section.

For those using a dedicated hardware platform or wishing to install as a virtual machine, the drill is the same. Start by downloading the ISO. Then burn the ISO to a DVD unless you’ll be booting from the ISO on a virtual machine platform such as VirtualBox. On virtual platforms, we recommend at least 1GB RAM and a 20GB dedicated drive. For VirtualBox, here are the settings:

Type: Linux
Version: RedHat 64-bit or 32-bit
RAM: 1024MB
Default Drive Options with 20GB+ space
Create
Settings->System: Enable IO APIC and Disable HW Clock (leave rest alone)
Settings->Audio: Enable
Settings->Network: Enable, Bridged
Settings->Storage: Far right CD icon (choose your ISO)
Start

Boot your server with the ISO, and start the install. Here are the simplest installation steps:

Choose NO-RAID install and Click Continue
Choose Whether to Enable IPv6 Support
Choose Time Zone and Uncheck System Clock Uses UTC
Create Root Password: somepassword, somepassword, Click Done
Wait for Install and Setup to finish (about 30 minutes)

Installing Incredible PBX for SHMZ 6.5

Unlike other Linux operating systems, today’s ISOs will leave you with a functioning Asterisk platform with the FreePBX GUI. Both are built from RPMs rather than being compiled on the fly from source. We’ve chosen to leave the Asterisk platform in place for those that prefer the ease of use of an RPM solution. Be advised that this means adjustments to Asterisk modules are extremely difficult should you ever decide you need some functionality that is not provided in the default build. The FreePBX GUI platform will be replaced with the Incredible PBX GUI using GPL-compatible modules from version 12.

To begin, log in to your server as root and issue the following commands:

cd /root
wget http://incrediblepbx.com/incrediblepbx11-12.1.shmz.tar.gz
tar zxvf incrediblepbx*
./IncrediblePBX*

Once you have agreed to the license agreement and terms of use, press Enter and go have a long cup of coffee. The Incredible PBX installer runs unattended so find something to do for the next 30-60 minutes unless you just like watching code compile. When the installation is complete, run /root/admin-pw-change to set the admin password for GUI access using a browser. Log out and back into your server. After the Automatic Update Utility runs, you’ll be greeted by the status display:

Press ENTER and perform at least the first 5 steps below:

Make your root password very secure: passwd
Set an admin GUI password: ./admin-pw-change
Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin
Set your correct time zone: ./timezone-setup
Restart Asterisk: amportal restart
Reload the GUI: amportal a r
Clean Up GUI Module Signature Mess: gui-fix
Make a copy of your Knock codes: cat knock.FAQ
Decipher IP address and other info about your server: status

Incredible PBX includes an Automatic Update Utility which downloads important updates whenever you log into your server as root. We recommend you log in once a week to keep your server current. If you haven’t done so already, now would be a good time to log out and back into your server at the Linux command line to bring your server up to current specs.

You can access the Incredible PBX GUI using your favorite web browser to configure your server. Just enter the IP address shown in the status display.

Choose Incredible GUI Administration from the Admin menu of the Kennonsoft GUI (shown above). The default username is admin and the password is what you set above. Now edit extension 701 so you can figure out (or change) the randomized passwords that were set up for your 701 extension and voicemail account: Applications -> Extensions -> 701. If you’re behind a hardware-based firewall, change the NAT setting to: YES. NOTE: The fax option will not appear until you’ve run the Incredible FAX installation script in /root.

Setting Up a Soft Phone to Use with Incredible PBX

Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

947 - Weather by ZIP Code 951 - Yahoo News *61 - Time of Day *68 - Wakeup Call TODAY - Today in History

Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to set up a free Google Voice account. Google has threatened to shut this down but as this is written, it still works. The more desirable long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax 11, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

Call Screening – OFF
Call Presentation – OFF
Caller ID (In) – Display Caller’s Number
Caller ID (Out) – Don’t Change Anything
Do Not Disturb – OFF
Call Options (Enable Recording) – OFF
Global Spam Filtering – ON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to set up your Google Voice trunk in the GUI. After logging in with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!

IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.

Troubleshooting Audio and DTMF Problems

You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in the GUI: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

A Few Words about the Incredible PBX Security Model

Today’s Incredible PBX install joins our previous builds as our most secure turnkey PBX implementation, ever. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. The latest release also includes Port Knocker for simple, secure access from any remote computer or smartphone. You can get up to speed on how the technology works by reading the Nerd Vittles tutorial. Your Port Knocker credentials are stored in /root/knock.FAQ together with activation instructions for your server and mobile devices. The NeoRouter VPN client also is included for rock-solid, secure connectivity to remote users. Read our previous tutorial for setup instructions. As configured, nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. You can whitelist additional IP addresses by running the command-line utility /root/add-ip. You can remove whitelisted IP addresses by running /root/del-acct. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking. We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. And it’s your phone bill. 😉

The IPtables firewall is a complex piece of software. If you need assistance with configuring it, visit the PIAF Forum for some friendly assistance.

Incredible Backup and Restore

We’re pleased to introduce our latest backup and restore utilities for Incredible PBX. Running /root/incrediblebackup will create a backup image of your server in /tmp. This backup image then can be copied to any other medium desired for storage. To restore it to another Incredible PBX server on the same platform, simply copy the image to a server running Asterisk 11 and the same version of the Incredible PBX GUI. Then run /root/incrediblerestore. Doesn’t get much simpler than that.

Switching Major Versions of Asterisk

One of the unique features of this aggregation is the ability to quickly switch from one major version of Asterisk to another, e.g. from Asterisk 11 to 13 or from Asterisk 13 back to 11. It will also bring your particular Asterisk version up to the current release. This functionality has been retained in the Incredible PBX implementation.

WARNING: You will lose your free faxing capability with HylaFax/AvantFax if you deployed it before switching Asterisk versions! You may be able to restore the fax functionality by running the incrediblefax installer again. No guarantees.

To switch versions, issue the following commands after logging into your server as root:

sed -i 's|enabled=0|enabled=1|' /etc/yum.repos.d/FreePBX.repo
asterisk-version-switch
sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/FreePBX.repo

Incredible PBX Automatic Update Utility

Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along.

A Word to the Wise: yum update can be a very dangerous tool. We have disabled the FreePBX repositories as part of the Incredible PBX install. We recommend you keep it that way. Security updates, if necessary, are distributed through the Automatic Update Utility. This puts an additional layer of protection between your server and yum repos. Keep it that way!

In the meantime, we encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie.

Originally published: Wednesday, August 19, 2015

Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.

NEWS FLASH: There’s a message thread to handle Bugs & Fixes for this new release. If you have issues with your install, start there.

Need help with Asterisk? Visit the PBX in a Flash Forum.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

Some of our links refer users to Amazon or other service providers when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from these providers to help cover the costs of our blog. We never recommend particular products solely to generate commissions. However, when pricing is comparable or availability is favorable, we support these providers because they support us. [↩]

Introducing the FUD-Free Firewall for FreePBX Distro and AsteriskNOW

Monday, August 10, 2015

View image | gettyimages.com

After frequent complaints from our FreePBX® users, we introduced a firewall application for the PBX in a Flash™ and Incredible PBX™ platforms that protected FreePBX resources. That was over 5 years ago. The product became Travelin’ Man™ 3, an IPtables-based WhiteList that totally eliminated access to your Asterisk® server unless a WhiteList entry had been authorized by the administrator. The application was further embellished over the years to facilitate access by remote users. First, we introduced PortKnocker™ for Asterisk® and later we introduced Travelin’ Man 4 to let users call in with a passcode to authorize server access. For the past several years, a preconfigured firewall has been an integral component in what has become the 7-Layer Security Model included in all Incredible PBX builds. TIP: Security is not a new idea for us.

During this evolution, the FreePBX developers introduced their own distribution, the FreePBX Distro™. Conspicuously absent was a functioning firewall. We believed that the shortcoming would be remedied quickly. Hasn’t happened! In the meantime, a number of serious security vulnerabilities arose in the FreePBX product that compromised numerous servers running their distribution because of the absence of a functioning firewall. Digium® recently reintroduced AsteriskNOW™ as a clone of the FreePBX Distro. But still no firewall.

About a month ago, we decided to close the loophole for everyone’s security and develop a firewall for the only FreePBX-based distributions without a firewall, the FreePBX Distro and AsteriskNOW. Last week we began the rollout with a Nerd Vittles article explaining why this was essential, as if an explanation were necessary. Today, you get the GPL code.

Suffice it to say, our article was not well received. The usual Sangoma® players went into Damage Control Mode with what has become a predictable scenario whenever security issues are raised concerning the FreePBX design or vulnerabilities.

Meet The Sangoma 7.

The Good Cop: If only you’d purchase Genuine Sangoma Hardware, all of your security problems would disappear
The Bad Cop: Enjoy this nice Cup of FUD about your own distro which proves we’re all just alike
The Techie Cop: We thought of developing an open source firewall just the other day, and now you’re complaining
The Rest of "The Team": Let the Astroturfing Begin… Retweet, favorite, and cheer for the brilliance of My 3 Cops

The Good Cop offered to solve all your security woes if you’d just buy (some more Sangoma) hardware.

The Bad Cop suggested that, with "cookie cutter security, you might as well hand out your password." Just in case you have any doubts about whose approach has stood the test of time, let’s Google the FreePBX Security Vulnerability Track Record.

The Techie Cop claimed we had stolen his 2-day old idea to create an Open Source Firewall. Really?
Earth to Techie Cop: Where have you been for the past five years??

Funny stuff… if it weren’t so damaging to the Asterisk community and those trying to decide whether to put their faith in open source communications software.

Firewall Basics.

We’ve written dozens of articles on Asterisk security and firewall approaches so we won’t repeat all of the information. Here’s what you need to know. Software-based firewalls on Linux servers need to be integrated into the Linux kernel to be secure. IPtables is kernel-based and extremely reliable. Blacklist-based firewall designs, i.e. those that seek to identify the IP addresses of every bad guy on the planet don’t work very well. Bad guys aren’t stupid. They can do their damage by commandeering a little old lady’s Windows machine so you’re never going to collect all of the necessary "bad" IP addresses. They’re also smart enough to poison the blacklists with Internet resources you need such as DNS servers. So don’t waste your time with blacklists. WhiteLists work very well. You identify the IP addresses and FQDNs of all the Internet sites you need to support and all the SIP providers you wish to use. Nobody else even sees your server on the Internet. If the bad guys can’t see your server, they can’t attack it. Simple as that.

Travelin’ Man 3 WhiteList Tutorial.

Here are the fundamentals of the Travelin’ Man 3 design. We allow access from anybody and everybody on your private LAN. They still need a password to access FreePBX or to gain root access, but they can "see" your server. Private LAN addresses are non-routable over the Internet which means the bad guys can’t access your 192.168.0.4 IP address if you’re sitting behind a NAT-based hardware firewall. All of your internal phones will work with no firewall modifications. You may need to adjust these settings if you’re using a Cloud resource such as Amazon because they actually route non-routable IP addresses which would leave your server vulnerable without removing these entries (especially the 172 subnet for Amazon):

#-A INPUT -s 10.0.0.0/8 -j ACCEPT
#-A INPUT -s 172.16.0.0/12 -j ACCEPT
#-A INPUT -s 192.168.0.0/16 -j ACCEPT

Travelin’ Man 3 also authorizes access for certain mandatory services that are needed to keep your server operating properly. In addition, during installation, Travelin’ Man 3 whitelists localhost and the public and private IP addresses of your server as well as your PC or workstation. You obviously don’t want to lock yourself out of your own server.

As of today, Travelin’ Man 3 is primarily an IPv4 whitelist toolkit. IPv6 addresses are only supported to allow localhost access to your server. Any other IPv6 addresses must be added manually in /etc/sysconfig/ip6tables. We recommend not using FQDNs with IPv6 for the time being. And always restart IP6tables after adding new entries: service ip6tables restart.

You have the option of enabling the Incredible PBX collection of IP addresses used by many of the leading SIP providers around the world. Just run the enable-trusted-providers script in /root. The list of included providers is available here. You also have the option of adding (whitelisting) or deleting users’ and providers’ IP addresses and FQDNs yourself. Use the included scripts in the /root folder: add-ip, add-fqdn, and del-acct. For each account you set up, you get to define which access permission or combination of permissions will be available:

0 – ALL Services
1 – SIP (UDP)
2 – SIP (TCP)
3 – IAX
4 – Web
5 – WebMin
6 – FTP
7 – TFTP
8 – SSH
9 – FOP

Once you have made your selection, a user account will be created in /root with the name of the account and an extension of .iptables. Do NOT delete these files. They keep track of current IP addresses and accounts authorized for server access.

If you have remote users on the Internet, e.g. traveling salespeople, you can individually authorize access for them using a dynamic FQDN (add-fqdn) coupled with a dynamic DNS server that keeps IP addresses current as folks move around. Just load a dynamic DNS updater on their smartphone. Then plug the user entries into the included ipchecker script and execute a cron job on your server every few minutes to keep the FQDN entries refreshed. Simple.

echo "*/10 * * * * root /root/ipchecker > /dev/null 2>&1" >> /etc/crontab

IPtables does not directly support FQDN rules through the kernel. However, IPtables lets you configure your firewall rules using FQDNs which get translated into IP addresses whenever IPtables is restarted. The gotcha here is that, if an FQDN is not resolvable, IPtables fails to load, and you’re left with a vulnerable server. Travelin’ Man 3 takes care of this by employing a special restart script that temporarily disables unresolvable IP addresses.

The moral of the story:

ALWAYS USE iptables-restart TO RELOAD IPTABLES OR YOUR SERVER MAY END UP WITH NO FIREWALL!

We’ve also included support for a neat little trick that lets you whitelist remote SIP access to your server using a special FQDN. No further firewall adjustments are necessary. This is supported on most platforms except OpenVZ containers. The way this works is you first assign an obscure FQDN to your server’s IP address. It needs to be obscure because anyone with the FQDN gains SIP access to your server. But chances are pretty good that the bad guys will have a hard time figuring out that xq356jq.dyndns.org points to your server. You then can embed this FQDN in the SIP phone credentials for all of your remote users. The final step is to uncomment the last few lines in /etc/sysconfig/iptables after plugging in your obscure FQDN. Then restart IPtables: iptables-restart.

-A INPUT -p udp --dport 5060:5061 -m string --string "REGISTER sip:xq356jq.dyndns.org" --algo bm -j ACCEPT
-A INPUT -p udp --dport 5060:5061 -m string --string "REGISTER sip:" --algo bm -j DROP
-A INPUT -p udp --dport 5060:5061 -m string --string "OPTIONS sip:" --algo bm -j DROP

Finally, a word of caution about deploying Travelin’ Man 3 on the FreePBX Distro and AsteriskNOW platforms. We currently don’t have a vehicle in place to push security updates out to you as we do with Incredible PBX. This means you will have to remain vigilant to what’s happening in the telecommunications world and load updates yourself. You can stay current in a number of ways. We will post updates to this article in comments below so you can simply check back here periodically. An easier way to keep up with the latest security alerts and updates is to subscribe to the PBX in a Flash RSS Feed. This can be added to the FreePBX Status page by editing RSS Feeds in Settings -> Advanced Settings and adding:

http://pbxinaflash.com/rssfeed.xml

As you can see, there’s nothing "cookie cutter" about Travelin’ Man 3. It’s totally customizable to meet your own unique requirements. All we have done is tame IPtables and eliminate much of its complexity so that you can get a functional firewall up and running quickly. Now it’s deployment time!

Installing Travelin’ Man 3 for the FreePBX Distro & AsteriskNOW.

Log into your server as root from a desktop PC using SSH or Putty. This assures that you will have access from a device other than the console when you are finished. Then issue the following commands:

cd /root
wget http://incrediblepbx.com/tm3-firewall.tar.gz
tar zxvf tm3-firewall.tar.gz
./enable-iptables-whitelist

If you wish to enable the Incredible PBX trusted providers whitelist, issue the following command:

./enable-trusted-providers

ALWAYS use the following command to start or restart IPtables:

iptables-restart

NEVER use the following syntax with Travelin’ Man 3:

service iptables...

CHECK the status of your server at any time:

/root/status

The GPL Is NOT Dead: Coming Soon to FreePBX Distro and AsteriskNOW…

Stay tuned for Incredible PBX GUI, all of the GPL modules you know and love with NO NAGWARE and NO GOTCHAS. This also will assist users that got duped by the Sangoma offer to convert PBX in a Flash into a proprietary FreePBX Distro. After reading the Sangoma disclaimer about the script being donated by an anonymous user, ask yourself this question. When was the last time Sangoma republished code that they did not own or create themselves? Try NEVER.

BEFORE:

AFTER:

Originally published: Monday, August 10, 2015

Need help with Asterisk? Visit the PBX in a Flash Forum.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.

Some Recent Nerd Vittles Articles of Interest…

Tag Archives: IncrediblePBX

The Most Versatile VoIP Provider: FREE PORTING

Links

Follow us

Recent Posts

Installing Incredible PBX 13 with Scientific Linux 6.7

Managing Your Server with Incredible PBX Web-Based Tools

Setting Up a Soft Phone to Use with Incredible PBX

Configuring Google Voice

Troubleshooting Audio and DTMF Problems

A Few Words about the Incredible PBX Security Model for SL 6.7

Incredible Backup and Restore

Incredible PBX Automatic Update Utility

Incredible PBX Application Users Guide

Special Thanks to Our Generous Sponsors

Special Thanks to Our Generous Sponsors

Installing Oracle VM VirtualBox 5

Downloading the Incredible PBX Virtual Machine

Importing & Configuring the Incredible PBX Virtual Machine in VirtualBox

Running Incredible PBX Virtual Machine in VirtualBox

Preparing Incredible PBX Virtual Machine for Migration

Special Thanks to Our Generous Sponsors

Getting Started with Incredible PBX and Incredible PBX GUI (RasPi 2 Edition)

1. Install Raspbian 7 Platform for Raspberry Pi 2

2. Optimizing Raspbian 7 for Incredible PBX

3. Install Incredible PBX on Your Raspberry Pi 2

4. Install Incredible Fax for Incredible PBX (optional)

5. Initial Configuration of Incredible PBX

6. Configure Trunks with Incredible PBX

7. Configure a Softphone for Incredible PBX

8. Configuring Google Voice on the Google Side

9. Configuring Google Voice in the Incredible PBX GUI

10. Troubleshooting Google Voice Connectivity Problems

Adding Speech Recognition Support to Incredible PBX

Implementing WiFi on the Raspberry Pi 2

Implementing SCCP for Secure, Encrypted Communications with Asterisk

Homework Assignment: Mastering the Incredible PBX Feature Set

Special Thanks to Our Generous Sponsors

Top 10 List of Problems Encountered by New Asterisk Users

1. Login Failures: Linux CLI, Incredible PBX GUI, Web Apps, AvantFax, WebMin

2. Emails/Voicemails Don’t Get Sent/Delivered

3. Asterisk Won’t Start/Restart

4. IPtables Firewall Testing

5. Fail2Ban Log Scanner Testing

6. HylaFax/AvantFax in Limbo.

7. Asterisk Server Log Rotation

8. Detecting Trunk Failures

9. Detecting Whether Asterisk Is Running As Root

10. Inability to Activate Repository Tabs in Module Admin

Special Thanks to Our Generous Sponsors

Table of Contents to the Incredible PBX Applications

1. Checking Current Status of Incredible PBX

2. Adding Speech Recognition to Incredible PBX

3. Using Wolfram Alpha with Incredible PBX

4. Automatic Update Utility for Incredible PBX

5. Asterisk Upgrade Utility for Incredible PBX

6. Implementing Apache Authentication with Incredible PBX

7. Managing the IPtables Linux Firewall and WhiteList

8. PortKnocker Remote Access to Incredible PBX

9. Travelin’ Man 4 Remote Access to Incredible PBX (Dial TM4)

10. Using the Conference Bridge in Incredible PBX (Dial C-O-N-F)

11. CallerID Name (CNAM) Lookups with Incredible PBX

12. Free Faxing with Incredible PBX

13. Voicemail 101 for Incredible PBX

14. Email Delivery of MP3 Voicemails with Incredible PBX

15. Reconfiguring SendMail for SmartHost SMTP Delivery Of Outgoing Emails

16. SMS Blasting with Google Voice and Incredible PBX

17. Voice-Activated SMS Messaging with Incredible PBX (Dial S-M-S)

18. SMS Messaging with VoIP.ms and Incredible PBX

19. SIP URI Calling with Incredible PBX (Demo: Dial L-E-N-N-Y)

20. IVR Demo of Incredible PBX Applications (Dial 7001)

21. Incredible Backup & Restore with Incredible PBX

22. AsteriDex – The Poor Man’s Rolodex

23. Voice Dialing with AsteriDex (Dial 411)

24. Speed Dialing with AsteriDex (Dial 412 or 000+)

25. Telephone Reminders (Dial 123)

26. DISA Access with Incredible PBX

27. Yahoo! News (Dial 951)

28. Weather Forecasts by Phone (Dial 949 or Z-I-P)

29. ODBC Application Support for Asterisk