Home » Posts tagged 'inum'

Tag Archives: inum

The Most Versatile VoIP Provider: FREE PORTING

Introducing OpenSIPS 3 for Incredible PBX and Debian 10


Today we’re pleased to introduce an updated OpenSIPS installer for Debian 10 featuring the latest release of OpenSIPS. Our previous tutorial with Debian 8 is now obsolete, an all-too-frequent occurrence in the open source world. Today’s open source SIP server lets you connect users to make and receive free as well as commercial calls worldwide. There’s excellent documentation making it easy to integrate into our existing Incredible PBX platform without hiring a consultant. It’s also straight-forward to secure without providing free phone service to every bad guy on the planet.

OpenSIPS is a multi-functional, multi-purpose signaling SIP server used by carriers, telecoms or ITSPs for solutions like Class4/5 Residential Platforms, Trunking / Wholesale, Enterprise / Virtual PBX Solutions, Session Border Controllers, Application Servers, Front-End Load Balancers, IMS Platforms, Call Centers, and many others. Source: opensips.org

We’ve often complained that the problem with many open source projects is that the developers get so focused on making money that they skimp on the documentation to encourage consulting work or participation in expensive conferences. We have found just the opposite with OpenSIPS. In fact, much of today’s implementation is based upon an excellent tutorial by the folks at PowerPBX. Down the road, if you find yourself in need of a consultant, their services would be a good place to start. What we’ve added to the PowerPBX design is security, support for clients behind NAT-based routers, and an integration scheme for Asterisk®, FreePBX®, and Incredible PBX® platforms so that you get the best of all worlds, a public facing SIP server with the UC feature set that most organizations expect. Last but not least, our turnkey GPLv2 installer will get you up and running in about 5 minutes.

Choosing an Appropriate Platform for OpenSIPS

Let’s begin by addressing the appropriate platform for an OpenSIPS server. The server needs to have a public IP address that is static, and the server should not be situated behind a NAT-based router. It only complicates things and is beyond the scope of what we plan to address. For those that are frequent visitors, you already know that we’ve been pushing everyone to kiss their local hardware goodbye and join the cloud revolution. When it comes to public-facing VoIP platforms like OpenSIPS, most of us don’t have a choice. You need a static IP address on the open Internet. And, for the sake of security, a KVM cloud platform is a must since older OpenVZ platforms don’t support the ipset component of IPtables which makes it easy to block hundreds of thousands of IP addresses without a performance hit on your server. Pure whitelist access simply isn’t an option if you wish to retain the functionality of a VoIP application such as OpenSIPS.

Ten to twenty gigabytes of disk space should be more than ample for OpenSIPS. The amount of RAM in your server depends upon the volume of calls your server will be handling. If it’s a dozen simultaneous calls then 1GB of RAM will suffice. If it’s 100,000 calls, then take a look at this article for tips on sizing your server. For today’s implementation, you’ll need a Debian 10 platform so a low-cost KVM provider including Digital Ocean, Vultr, and OVH should be fine.1

Choosing OpenSIPS Components to Deploy

We’ve divided up today’s tutorial into bite-sized pieces so that you can pick and choose where to stop implementing and start using. You do not need to have an Asterisk server to make and receive calls with OpenSIPS. However, OpenSIPS lacks voicemail and AutoAttendant/IVR components so, if those are a requirement, then you either need a VoIP service provider that offers them, or deploy a $50 Incredible PBX for the Raspberry Pi to add the missing pieces.

What OpenSIPS offers is a free server platform for worldwide SIP communications so that you, your friends, and business associates can call or connect from anywhere using freely available SIP softphones or any of dozens of SIP telephone instruments. We’ll stick with softphones for today, but hardware-based SIP telephones are equally simple to deploy.

This is not a criticism because it is one of the best tutorials we’ve ever used but, if you want to see how complex a typical OpenSIPS server deployment is, take a look at the PowerPBX tutorial we used as a starting point with OpenSIPS. We’ve compressed most of those procedures into a turnkey installer that only requires you to enter a MySQL root password of passw0rd (with a zero) once you have your Debian 10/64 platform up and running.

Deploying a Debian 10 Server Platform

Start by choosing a cloud provider that offers the 64-bit Debian 10 minimal platform as a deployment option. Most do. As noted, we recommend a KVM platform with support for ipset making it easy to block entire countries overrun with bad guys. Choose offerings with at least 1GB RAM and a 10GB drive to get started. Configure your Debian 10 server with a fully-qualified domain name (FQDN). This is critically important with our security design because we will assign all OpenSIPS users/extensions to this FQDN and reserve your server’s IP address purely for connections from service providers and Asterisk servers. This makes it all but impossible for anyone to hack into your server since most script kiddies launch attacks on IP addresses, not FQDNs. Using an unusual FQDN adds an extra layer of security, but that’s your call. If you lack the ability to assign FQDN aliases to a domain which you own, you can obtain a free FQDN from numerous sources including ChangeIP and point it to the IP address of your OpenSIPS server.

Installing OpenSIPS on a Debian 10 Server

Now the fun begins. Log into your Debian 8 server as root and issue the following commands to prepare for the OpenSIPS install:

cd /root
wget http://incrediblepbx.com/opensips3.tar.gz
tar zxvf opensips3.tar.gz
rm -f opensips3.tar.gz

Make sure you have logged into your Debian 10 server as root using SSH or Putty from a desktop PC that you will use to manage OpenSIPS with a browser. The reason is because this IP address automatically will be whitelisted in the OpenSIPS firewall as part of the install process. Otherwise, you will need to manually log into SSH and whitelist the IP address of your desktop PC using /root/add-ip each time you wish to access the OpenSIPS Control Panel since TCP port 80 (HTTP) is not exposed to the public Internet as a security precaution.

To begin the install, issue this command: /root/install

As the install progresses, you’ll first be prompted to choose the GRUB install device. Press the spacebar on the first entry. Then press TAB and ENTER. When prompted for the SSH configuration, choose "keep local version" and then press TAB and ENTER. For the MariaDB setup, press ENTER when prompted for the current password. Type N when prompted whether to switch to unix_socket authorization. Then type Y to change the root password. Be sure to use passw0rd (with a zero) as your MySQL password, or the install will fail. This is NOT a security risk unless your Debian 10 root user account is compromised. And, in that case, it won’t matter anyway since the MySQL password could easily be changed. Type Y to remove anonymous users. Type Y to disallow remote root logins. Type Y to reload the MySQL privilege tables.

Next you’ll be prompted to set your timezone and TZ entries. For East Coast U.S., it’s 2,49,1,1 then America/New_York. Later you’ll be prompted twice for the MySQL root password. You must enter passw0rd (with a zero). When the OpenSIPS status screen displays, type Q to exit the display. There are a couple of steps where you will be prompted for input. Correct responses are indicated before the various prompts. Pay particular attention when you are prompted to change the SSH port from TCP 22 to a port number in the 1000-2020 range as a security precaution. We recommend using the year you were born because it will be easy for you to remember. When the install finishes and you log out of your server, the next SSH login will look like this where XXXX is the SSH port you chose and yyy.yyy.yyy.yyy is the OpenSIPS server address: ssh -p XXXX root@yyy.yyy.yyy.yyy


Although most of the configuration of your OpenSIPS server will be handled using a web browser and the OpenSIPS Control Panel GUI, we’ve included a few scripts in /root to assist with maintenance of your server platform. Here’s a brief summary of the script functions:

  • pbxstatus – Status of your OpenSIPS server (image sample above)
  • add-ip – Temporarily WhiteList IP address until next iptables-restart
  • ban-ip – Permanently Ban an IP address
  • unban-ip – Unban a previously banned IP address
  • log-purge – Zero out all of the major Linux log files
  • opensips-check – Assures OpenSIPS and RTPproxy are running (runs automatically)
  • Fail2Ban BlackListsiptables -nL | grep -A100000 "opensips ("
  • IPset BlackList (KVM/OVZ7 platforms only) – ipset list | sort

We secure your server in several ways: (1) by disguising the SSH port, (2) by locking down almost every port on your server with the IPtables firewall with the exception of the SIP ports, (3) by deploying Fail2Ban to scan your OpenSIPS log for errors and lock out attackers for an extended period of time, and (4) by deploying the IPset blacklist for KVM platforms. With this design, there is a symbiotic relationship between IPtables, Fail2Ban, and IPset. Therefore, it is critically important that you only restart these services using the iptables-restart command. NEVER issue other IPtables commands to restart or save your firewall settings.

Activating a SIP Server with OpenSIPS Control Panel

We don’t want to overload you on the first day with your new OpenSIPS 3 platform so we’ll walk you through the preliminary setup steps to create your SIP Domain. Then we’ll show you how to set up user accounts (also known as extensions). Finally we’ll walk you through setting up a trunk to make and receive calls from a commercial SIP provider. When we’re finished today, you’ll be able to make and receive calls using SIP URIs or DIDs which you have purchased from a provider. Then next week we’ll focus on integration of OpenSIPS with an Asterisk platform of your choice using Incredible PBX as an example. Once we’re finished, you’ll be able to handle user account registrations exclusively on your OpenSIPS server while leaving your Asterisk platform completely hidden from public exposure.

Logging into the OpenSIPS Control Panel

As deployed, the OpenSIPS Control Panel is accessible via web browser. As noted previously, HTTP Port 80 access is blocked by default unless the IP address of your desktop PC has been whitelisted either as part of the initial install or using the add-ip script in /root. Once your desktop PC’s IP address is whitelisted, point your browser to http://xxx.xxx.xxx.xxx/cp



The default Username is admin, and the default password is opensips. Once you’re logged in, immediately click on the Users icon in the upper-right corner of the dashboard. Then click the Edit Info pencil icon for user Admin and change your password. Click Save when done.

Creating Domains with OpenSIPS Control Panel

In the Left column of the Dashboard, you’ll see two tabs: Users and System. Click on the System tab to expose the available choices. Then choose the Domains option.



Domains are the essential building blocks in OpenSIPS. You can manage one or a hundred domains on a single OpenSIPS server, and each domain can have its own set of Users, Trunks/Gateways, and Dialplan rules. We’re actually going to create two domains, one for the IP Address of your OpenSIPS server and a second one for the FQDN of your OpenSIPS server. For added security, we will create all User accounts under the FQDN Domain. And we’ll reserve the IP Address Domain for DID Trunks/Gateways from registered, commercial SIP providers. This design allows attackers to attempt to register to accounts on your IP Address Domain until the cows come home, and they will never be successful because there are no existing SIP user accounts there. Keep it that way! With our OpenSIPS design, Fail2Ban will block attackers after a single failed registration attempt. And OpenSIPS itself will identify and block all SIP flood attacks using either Fail2Ban or IPset.

Now that you understand the design, let’s set up your domains. After choosing System -> Domains, enter the IP Address of your OpenSIPS server at the SIP Domain prompt. Then click Add New Domain followed by Reload on Server. Repeat the same steps to enter the fully-qualified domain name (FQDN) of your OpenSIPS server. When finished, you should see:


Creating Users with OpenSIPS Control Panel

We’ve already explained the security implications and reason for creating User accounts with your FQDN Domain only. Click on Users -> User Management -> Add New to get started. You can use Numbers (what we call Extensions in Asterisk) or Names. Our preference is to use Numbers for the User accounts and then to create Alias Names (as desired) for each User account. You can’t dial names from most SIP telephones. This also keeps the design similar to what many are used to in the Asterisk environment. A completed dialog would look something like the following. Use the Domain pull-down to choose your FQDN. Obviously, the passwords must be secure and must match. Then the Register button will be enabled to save. The actual Numbers used for Usernames are completely up to you.



Create at least a couple User accounts so that you can set up two SIP phones to call yourself and verify that everything is working. These User accounts become an integral part of the SIP URI to receive calls from any SIP phone in the world: 7701@opensips.yourdomain.com

Before you can actually answer an incoming call to your SIP URI, you’ll need to register the User account using either a softphone or SIP phone. We’ll do that next. But, first, let’s create an Alias to 7701 User so that folks can reach you by calling joe@opensips.yourdomain.com

Click on Users -> Alias Management -> Add New Alias to get started. Fill in the form using the example below. Make sure that you select your FQDN Domain using the pull-downs for BOTH the Domain and Alias Domain fields. Then click Add to save.


Registering a Softphone to an OpenSIPS User Account

There are literally dozens of free SIP soft phones from which to choose. We covered some of our favorites for every platform in previous articles. For our purposes today, we recommend you choose one of the Linphone softphones which are available for the PC, Mac, Linux, Android, and iOS platforms. We also recommend signing up for a free Linphone.org SIP account which doesn’t cost you anything. For today, we will be configuring the softphone to register to your new OpenSIPS server.

Once you have downloaded and installed the Linphone client, go into the Preferences menu and make the following changes. Some depend upon your calling platform.

  • Audio Codecs: PCMU, G722, PCMA
  • Video Codecs: VP8, H264
  • Call Encryption: None
  • DTMF: RFC2833 only
  • Send InBand DTMF: OFF
  • Send SIP INFO DTMF: OFF
  • SIP UDP 5060: Enabled
  • SIP TCP 5060: Enabled
  • Allow IPv6: Disabled

Then set up a new SIP Proxy account: Username (7701), Password (as defined), Domain: your FQDN not IP address, Transport: UDP, Outbound Proxy: OFF, Stun Server: stun.linphone.org, ICE: ON, AVPF: OFF, Push Notification: ON, Country Code Prefix: 1 (if required by your commercial SIP provider), Register: YES, Account Enabled: YES. HINT: You can call Alias Names via SIP URI, but you can only register to a SIP account using its actual Username.

Avoiding Lockouts with NeoRouter VPN

By design, Fail2Ban is unforgiving when it comes to failed registrations. A single failed registration will get an IP address banned for a full week. The reason is because the new bad guy strategy is to hit your server once to determine whether anybody is home. Then the creep bombards you later with an endless stream of registration attempts. With our design, nobody will be home when they return. The bad news is a single failed registration attempt by you or your users will also trigger a ban. There are several workarounds. The easiest is to set up the NeoRouter client on each of your machines including your OpenSIPS server and use the 10.0.0.x private network for access. These IP addresses never get banned. Our previous tutorial will walk you through setting up a free NeoRouter server and installing the free NeoRouter clients on your machines. The client software already is installed and running on your OpenSIPS server. It only requires that you log in using nrclientcmd and register to your NeoRouter server to obtain a private IP address. The other option is to install OpenVPN. Our previous tutorial will walk you through that process. The advantage of OpenVPN is that it’s supported directly on many SIP telephone instruments. The 10.8.0.x addresses are already whitelisted by our OpenSIPS installer.

There are other options to unban an IP address which has accidentally been snagged. First, almost all of the cloud providers include a Console option in their web portals. Second, you can log into your server via SSH from any non-blacklisted IP address to remove the banned IP address. Once you’re logged in, simply run this command using the IP address you wish to unban: /root/unban-ip xxx.xxx.xxx.xxx

Choosing Commercial SIP Providers

Recall that you cannot register to a SIP alias on your OpenSIPS server. We’ll take advantage of this restriction in setting up incoming calls from commercial providers’ DIDs. To set up Trunks from commercial providers so that you can not only receive incoming calls but also make outbound calls over their PSTN network connections, you must use providers that support IP address authentication rather than a SIP registration. Many providers support this including our platinum sponsor, Skyetel, as well as providers such as VoIP.ms, Anveo Direct, V1VoIP, and many others. In our OpenSIPS design, you also can use DIDs from providers that support SIP URI forwarding such as CallCentric and LocalPhone; however, you are limited to receiving inbound calls only. VoIP communications really shines here because you don’t have to choose a single provider to meet all of your communications requirements.

Skyetel is by far the easiest provider to set up with OpenSIPS. See our earlier tutorial for a special offer that will get you half-price calling for up to $500. Effective 10/1/2023, $25/month minimum spend required. Once you’re registered on the Skyetel site, add a new EndPoint Group using the IP address of your OpenSIP server and designate UDP 5060 as the access port. Sign up for a DID and map it to the OpenSIPS Endpoint Group. Done. In the OpenSIPS Control Panel, navigate to System -> Dynamic Routing and click Add Gateway. Using the template below, create 5 Proxy gateways for the following Skyetel data centers:

  • skyetel-NW 52.41.52.34
  • skyetel-SW 52.8.201.128
  • skyetel-NE 52.60.138.31
  • skyetel-SE 50.17.48.216
  • skyetel-EU 35.156.192.164

Begin by whitelisting the IP addresses of your SIP providers in /etc/iptables/rules.v4 just below the existing 10.8.0.0/24 rule. The entries should look like this:

-I INPUT -s 52.41.52.34 -j ACCEPT

Once you’ve entered IP addresses for your providers, issue the command: iptables-restart

Next, we need to create what Asterisk users know as an Outbound Route. This tells OpenSIPS to send dialed numbers in 11-digit format to Skyetel for termination. We’ve already created the Dial Plan rule for calling out by dialing 1 plus a 10-digit number. So, while you’re still in the Dynamic Routing section of the OpenSIPS Control Panel, click on the Rules tab at the top of the template. Then click Add Rule. Begin by clicking Add ID button and choosing Group ID 0. In the Prefix field, type 1. Now click the Add GW button 3 times after choosing the Skyetel gateways in the following order from the GW pull-down list: skyetel-nw, skyetel-sw, and skyetel-se. Those are the three currently operational Skyetel gateways. When you’re finished, your template should look like the following. Then click the Add button to save the new rule. Click Reload Server to load the new rule into OpenSIPS. Then repeat this procedure leaving the Prefix field blank so that you can make 10-digit calls as well.

Finally, we need to create what Asterisk users know as an Inbound Route. This tells OpenSIPS where to send incoming calls from our Skyetel DID. OpenSIPS handles inbound routes by defining a User Alias for the Username to which you want to route the incoming DID calls. Click on Users -> Alias Management -> Add New Alias to get started. Fill in the form using the following template and then click Add.

  • Username: 7701 (the extension to which to route the incoming calls)
  • Domain: opensips.xyz.com (the FQDN of your OpenSIPS server)
  • Alias Username: 18435551212 (the 11-digit Skyetel DID)
  • Alias Domain: 11.12.13.14 (the IP address of your OpenSIPS server)
  • Alias Type: dbaliases

Introducing the VoIP Blacklist

We’ve always dreamed of an effective VoIP Blacklist, and many have tried. But the crowd-sourced VoIP Blacklist at voipbl.org is the real deal. Everybody can post entries (including the bad guys) and, magically, most of the illegitimate entries get sifted out before the next day’s list is released. The list gets populated every night while you sleep. Here are the steps to install the VoIP Blacklist with IPset:

apt update && apt install ipset iptables netfilter-persistent ipset-persistent iptables-persistent
cd /usr/local/sbin
wget http://incrediblepbx.com/voipbl-update
chmod +x voipbl-update
sed -i 's|fail2ban restart|fail2ban restart\n/usr/local/sbin/voipbl-update|' iptables-restart
iptables-restart
ipset list voipbl
ipset list voipbl | wc -l

Then create a cron job in /etc/crontab to run /usr/local/sbin/voipbl-update every day to update the VoIP blacklist.

1 4 * * * root /usr/local/sbin/voipbl-update > /dev/null 2>&1

Congratulations! You now have a functioning OpenSIPS 3 server that can process incoming calls from SIP URIs as well as DIDs. And you can make SIP URI and 11-digit PSTN calls using your SIP softphone that’s registered to your OpenSIPS server. See you next week. Enjoy!

Continue Reading: Best of Both Worlds: Safely Marrying Asterisk to OpenSIPS

Originally published: Monday, October 4, 2021



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



  1. Nerd Vittles receives referral fees from some VoIP service providers to help cover the costs of our blog. We never recommend particular companies solely to generate commissions. We also test all services that we recommend. []

Lessons Learned: Circling Back for a Second Look at OpenSIPS



Whenever we tackle a new VoIP platform especially for deployment on the open Internet, we think it’s prudent to circle back after a few weeks to review lessons learned and tie up all the loose ends. Today we’ll introduce a number of new KVM cloud providers around the globe at rock-bottom prices plus some new additions to enhance our OpenSIPS firewall design. If you’re just getting started with OpenSIPS, check out the new KVM offerings below and then hop over to our original article which now incorporates all of today’s enhancements. For those that already have deployed OpenSIPS using our previous tutorial, continue reading, and we’ll show you how to deploy the latest and greatest additions.

While we were in the midst of deploying OpenSIPS, Netflix also disclosed four TCP networking kernel vulnerabilities which are especially important to those of us using hosted cloud platforms. Depending upon your provider, these may or may not be patched promptly.

We were reminded this month that reinventing the wheel isn’t always the best solution when it comes to VoIP security. While we’re not throwing in the towel on our BadGuys list, we do want to show you how to supplement it with the VoIP Blacklist from voipbl.org. It adds over 80,000 crowd-sourced IP addresses from around the world. The other lesson learned was that blacklists invariably include some IP addresses of good guys that you actually depend upon. These typically are added to the blacklist by, you guessed it, the bad guys.

With IPtables, the first matching rule always wins so it’s important in structuring firewall rules to insert whitelisted IP addresses BEFORE the blacklist entries so you don’t inadvertently block yourself or some other resource that you actually need. This whitelist should include the IP addresses of your server and workstations as well as the IP addresses of VoIP providers upon whom you rely for communications services. With our OpenSIPS design, the firewall order of preference looks like this: (1) whitelisted IP addresses get full access, (2) blacklisted IP addresses are blocked and get no access, (3) everybody else gets SIP access.

Rather than attempting to patch the Linux kernel on all of the platforms that are being deployed, we think the prudent first step is to narrow the TCP footprint of all public-facing servers. As part of the original OpenSIPS deployment, we already had hidden web access behind the firewall except for specifically enumerated IP addresses. The second most likely TCP vulnerability would be the TCP SIP ports. While we prefer to use UDP ports for SIP access, some prefer TCP. Until the “SACK Panic” vulnerability is patched, we would strongly recommend at least temporarily discontinuing use of TCP as your SIP transport. After all, OpenSIPS is a SIP server, and the TCP SIP port would be the most likely target for mischief.

Turning back to blacklists for a moment, we’ve put together a few simple bash scripts which make it easy to deploy and update your VoIP blacklists. We’ve also developed a script that lets you move IP addresses flagged by Fail2Ban into the ipset SIPFLOOD blacklist while easing the pain of uploading your own blacklisted IP addresses to the voipbl.org site for inclusion in their list. In this way, they will be added in the next day’s blacklist collection for everyone to use. To give you a point of reference, on our half dozen, publicly-exposed honey pot servers, today’s additions to the OpenSIPS firewall have reduced attacks to less than one a day.

Choosing a KVM Platform for OpenSIPS

For those that are frequent visitors, you already know that we’ve been pushing everyone to kiss their local hardware goodbye and join the cloud revolution. When it comes to public-facing VoIP platforms like OpenSIPS, most of us don’t have a choice. You need a static IP address on the open Internet. And, for the sake of security, a KVM cloud platform is a must since OpenVZ platforms don’t support the ipset component of IPtables which makes it easy to block hundreds of thousands of IP addresses without a performance hit on your server. While we previously have identified OpenVZ providers for our Incredible PBX platforms protected by the Travelin’ Man 3 firewall, pure whitelist access simply isn’t an option if you wish to retain the functionality of a VoIP application such as OpenSIPS. So we went on the hunt to identify KVM cloud providers around the world that could offer a KVM VPS with 1GB RAM, 20GB storage, and 1TB of monthly bandwidth for about $25 a year. No small feat! But our friends at LowEndTalk have come through. Read the message thread and find an offer with a site that best meets your requirements. Many of the KVM offers require you to open a ticket to get the special pricing and configuration outlined above. Here’s a short list of our favorites, but remember to only use the KVM offerings below for OpenSIPS!

ProviderRAMDiskBandwidthPerformance as of 12/1/19Cost
CrownCloud KVM (LA)1GB20GB +
Snapshot
1TB/month598Mb/DN 281Mb/UP
2CPU Core
$25/year
Best Buy!
Naranjatech KVM (The Netherlands)1GB20GB1TB/monthHosting since 2005
VAT: EU res.
20€/year w/code:
SBF2019
BudgetNode KVM (LA)1GB40GB RAID101TB/monthAlso available in U.K PM @Ishaq on LET before payment$24/year
FreeRangeCloud KVM (Ashburn VA, Winnipeg, Freemont CA)1GB20GB SSD3TB/monthPick EGG loc'n
Open ticket for last 5GB SSD
$30/year w/code:
LEBEGG30

Introducing the VoIP Blacklist

We’ve always dreamed of an effective VoIP Blacklist, and many have tried. But the crowd-sourced VoIP Blacklist at voipbl.org is the real deal. Everybody can post entries (including the bad guys) and, magically, most of the illegitimate entries get sifted out before the next day’s list is released. We’ve made this easy in two ways. First, the list gets populated every night while you sleep. At last count, there were 84,504 IP addresses. And, second, to contribute to the blacklist, run iptables -nL weekly to see if Fail2Ban has snagged any bad guys. If so, simply run the new /root/blacklist utility which will move them into your local blacklist and also format the entries for easy submission to voip.bl whenever you feel the urge. Simply issue the command cat /root/blcklist.txt to display the entries you just blacklisted. Then cut-and-paste the results and post them to the VoIP Blacklist. The whole process takes less than a minute, and you’ll be contributing to a very valuable VoIP resource while also using it.

Upgrading Existing OpenSIPS KVM/OVZ7 Platforms

If you already have installed OpenSIPS using the previous Nerd Vittles tutorial on a KVM or OVZ7 platform, then the rest of today’s article is for you. If you’re just getting started, hop over to our original article which now incorporates all of today’s enhancements including the VoIP Blacklist.

We’ve made today’s upgrade easy. Just download the OpenSIPS upgrade tarball, untar it, and run the included installer. In less than a minute, you’ll have all the new pieces without disturbing your existing configuration.

To get started, log into your KVM or OVZ7 server as root using SSH or Putty and issue these commands:

cd /
wget http://incrediblepbx.com/opensips-upgrade1.tar.gz
tar zxvf opensips-upgrade1.tar.gz
rm -f opensips-upgrade1.tar.gz
/root/opensips-upgrade1

Originally published: Monday, June 24, 2019



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Best of Both Worlds: Safely Marrying Asterisk to OpenSIPS




Last week we introduced OpenSIPS, the multi-functional, multi-purpose signaling SIP server which can fulfill almost any communications function one can dream up except the unified communications tasks typically performed with a PBX such as Asterisk®. Today we want to marry the two platforms to give you the best of both worlds. For Incredible PBX® users, the primary advantage of adding an OpenSIPS front end is the elimination of the complexities associated with interacting with your PBX from remote sites with ever changing, dynamic IP addresses coupled with NAT firewalls over which you have no control. While there are many approaches to interconnecting the two platforms, we’re not comfortable with the exposure that a simple registration passthrough design introduces for many Asterisk users. Instead we prefer a model that lets everybody contact you and your users without providing the world the access necessary to allow anonymous strangers a platform from which to launch endless attempts to compromise your Asterisk server and individual Asterisk accounts.

Not all users on an Asterisk PBX need anonymous lurkers to have worldwide, public access to their individual phones. For most, DIDs suffice for public access. For users that do need such access, we will begin by creating a SIP account on your OpenSIPS server that is separate and apart from your Asterisk user account or extension. Also keep in mind that anonymous SIP calls require a match on the SIP URI to reach the person or function desired. You can enable and disable these SIP URI-accessible functions on your OpenSIPS server as desired. And you can determine how obscure to make each of the SIP URIs. Security through obscurity works and deters many SIP attacks. Now let’s address what you can and cannot do with this setup.

Using a SIP phone from anywhere in the world, any SIP user CAN:

  • Make SIP URI calls to authorized extensions and ring groups on your Asterisk PBX
  • Make SIP URI calls to authorized clients registered to a 3CX PBX with a SIP UUID
  • With a legitimate password, make DISA-like calls with Asterisk trunks, if enabled
  • With an invalid DISA password, converse with Lenny
  • With a legitimate password, check and manage authorized Asterisk voicemail accounts
  • With a legitimate password, participate in authorized Asterisk conferences
  • Access other authorized Asterisk applications available from Asterisk extensions

Using a SIP phone from anywhere in the world, an OpenSIPS-registered User also CAN:

  • Make PSTN calls from OpenSIPS-registered SIP phones, if enabled
  • Receive calls from Asterisk forwarded to any OpenSIPS-registered SIP phone
  • Receive calls from Asterisk forwarded to any 3CX-registered client or SIP phone

Using any SIP phone registered to a SIP proxy, you CANNOT:

  • Log into any Asterisk user account without whitelist permission and credentials
  • Make 911 calls

Prerequisites: To complete today’s setup, we’re assuming you have (1) an Incredible PBX server running Asterisk 13, (2) an OpenSIPS server built with version 1.2.0 or later of the Incredible PBX for OpenSIPS installer, and (3) either a registered SIP account and SIP URI on your OpenSIPS PBX or a SIP account with a provider such as a free linphone.org account.

Running pbxstatus on your OpenSIPS server will tell you which version you have. If you don’t have pbxstatus or the version is below 1.2.0, please initialize your Debian 8 platform, download the latest release, and reinstall following the our OpenSIPS tutorial here. There were major changes in the OpenSIPS configuration to support Asterisk connectivity which made an in place upgrade too complex. Our apologies.

Before creating user accounts on your OpenSIPS server, give some thought to a numbering scheme that won’t conflict with extension registrations on your Asterisk server. For example, if your Asterisk server uses extensions 701 through 750, then you may wish to consider using 7701 through 7750 on your OpenSIPS server. The one-to-one match keeps things simple without running into conflicts between the Asterisk extension numbers and the OpenSIPS user accounts. We’ll use the 700 (Asterisk) and 7700 (OpenSIPS) extension ranges in our examples which follow. And we’ve reworked the original OpenSIPS tutorial in keeping with this design to simplify Asterisk integration for new readers just joining the party.

We want to express our sincere appreciation to Bill Simon for his patient tutelage in walking us through some of the potential landmines in marrying an OpenSIPS server with Asterisk. Should your organization ever need professional help with a SIP deployment, there is no finer SIP authority than Simon Telephonics.


1. Configuring Asterisk for Inbound OpenSIPS Calls

Assuming you have an Incredible PBX 13 platform, open the GUI as admin using a browser from your desktop. First, let’s create a Trunk for the OpenSIPS server. Choose Connectivity -> Trunks -> Add SIP (chan_sip) Trunk. For Trunk Name, use opensips. Next, click on the SIP Settings tab in the dialog. For Trunk Name, again use opensips. In PEER DETAILS, enter the following and replace xxx.xxx.xxx.xxx twice with the actual IP address of your OpenSIPS server. Then click Submit and Reload Dialplan when prompted.

type=peer
host=xxx.xxx.xxx.xxx
context=from-opensips
insecure=port,invite
disallow=all
allow=ulaw
deny=0.0.0.0/0.0.0.0
permit=xxx.xxx.xxx.xxx/255.255.255.255

Next, using SSH or Putty, login to your Asterisk server as root and issue these commands replacing xxx.xxx.xxx.xxx with the IP address of your OpenSIPS server (choose option 0 when prompted for access type):

cd /root
./add-ip opensips xxx.xxx.xxx.xxx
wget http://incrediblepbx.com/from-opensips.tar.gz
tar zxvf from-opensips.tar.gz
rm -f from-opensips.tar.gz
nano -w from-opensips.txt

When the editor opens, scroll down to line 16 and enter a very secure PIN (up to 10 digits) for access to the DISA-like service to make outbound calls via SIP URI. It’s your phone bill so make it long (up to 10 digits) and something that is not easily guessed. On line 20, we have configured DISA for numbers up to 11 digits. If your dialplan requires international dialing support, you can adjust 11 to the desired number of digits. Then save the file and copy the dialplan code into extensions_custom.conf and reload your dialplan:

cd /etc/asterisk
cat /root/from-opensips.txt >> extensions_custom.conf
asterisk -rx "dialplan reload"

IMPORTANT NOTE: Just because you have configured this DISA option on your Asterisk server does not mean it is available via SIP URI. In fact, no SIP URI access to your Asterisk server is enabled at this juncture. You still must set up the SIP URI connections on your OpenSIPS server. Whether to do that and which features to activate are completely up to you.

2. Configuring OpenSIPS for Asterisk Connectivity

Beginning with version 1.2.0 of the Incredible PBX installer for OpenSIPS, the server itself is preconfigured to support Asterisk connectivity using AVPs. Implementation only requires command line execution of an AVP script to enable each feature you wish to activate. A similar script can be used to deactivate any AVP feature previously activated. To install the scripts on your OpenSIPS server, log in as root using SSH or Putty and issue these commands:

cd /root
wget http://incrediblepbx.com/asterisk-features-for-opensips.tar.gz
tar zxvf asterisk-features-for-opensips.tar.gz
rm -f asterisk-features-for-opensips.tar.gz

The function of each of the Asterisk scripts is self-explanatory from the script names:

  • asterisk-add-forward
  • asterisk-delete-forward
  • asterisk-list-forwards

Three pieces of information are required to add a SIP URI forward from OpenSIPS to your Asterisk server using the AVP asterisk-add-forward script:

  • UUID of SIP URI (from any SIP phone, dial UUID@opensips.yourdomain.com to connect)
  • Asterisk Extension (destination where incoming OpenSIPS call should be forwarded)
  • Asterisk Public IP Address

To add a SIP URI for extension 701 on your Asterisk server at xx.xx.xx.xx reachable at 701@opensips.yourdomain.com, the command would look like this where xx.xx.xx.xx is the public IP address of your Asterisk server and opensips.yourdomain.com is the FQDN of your OpenSIPS server: /root/asterisk-add-forward 701 701 xx.xx.xx.xx

CAUTION: Other than for forwards like this, do NOT set up User accounts in the OpenSIPS Control Panel using the same numbers as existing extensions on your Asterisk server. Otherwise, if your SIP phone is registered to a 701 user account on your OpenSIPS server, you lose the ability to connect to any extension on your Asterisk server if a 701 account requiring registration also existed on the Asterisk platform.

To use a name in the SIP URI or enable a second SIP URI for the same Asterisk 701 extension (jdoe@opensips.yourdomain.com): /root/asterisk-add-forward jdoe 701 xx.xx.xx.xx

Simply repeat the steps above for every SIP URI you wish to enable for an Asterisk extension.

To enable DISA-like access via SIP URI using dial as UUID (dial@opensips.yourdomain.com): /root/asterisk-add-forward dial *1 xx.xx.xx.xx

Keep in mind that you need not use "dial" as the UUID. You can make up any name you like. So long *1 is the DISA extension, the UUID can be as obscure as desired e.g. disa5038now.

For voicemail access via SIP URI, you can do it in two ways. For generic access triggering prompts for both the voice mailbox number and the mailbox PIN, use the following: /root/asterisk-add-forward vm *98 xx.xx.xx.xx

For voicemail access to a specific mailbox (701) with only a prompt for the mail PIN, use: /root/asterisk-add-forward vm701 *98701 xx.xx.xx.xx

For access to a specified conference (2663) with a prompt for the conference PIN, use: /root/asterisk-add-forward conf2663 2663 xx.xx.xx.xx

For access to Weather Reports (947) with a prompt for the ZIP Code, use something like this: /root/asterisk-add-forward weather 947 xx.xx.xx.xx

For News Headlines (951), use: /root/asterisk-add-forward news 951 xx.xx.xx.xx

To delete any previously created UUID forward: /root/asterisk-delete-forward

To list existing UUID forwards for SIP URIs: /root/asterisk-list-forwards

Calling Tip: If your softphone is registered to an OpenSIPS User account, you can call any of the enabled forwarding entries by entering the UUID without @opensips.yourdomain.com, e.g. dialing vm would connect to the Asterisk voicemail system with a prompt for mailbox.

3. Enabling Inbound Calls from Asterisk to a SIP Phone

In today’s design, incoming calls to your Asterisk PBX can be forwarded to a user account on your OpenSIPS server or a free linphone.org user account by (1) creating a free User account in the OpenSIPS Control Panel or at linphone.org, (2) logging into that user account with a SIP phone or softphone, (3) creating a custom extension in the Incredible PBX GUI that points to the SIP URI of your user account on the OpenSIPS server or your free linphone.org SIP user account or a 3CX client, and (4) adding that custom extension to either a Ring Group that includes your Asterisk extension or enabling FindMe/FollowMe for your Asterisk extension and designating the custom extension as the No Answer Destination. Need support for multiple Asterisk users? Not a problem. Repeat the drill for each user.

The procedure for adding a User Account in the OpenSIPS Control Panel was covered in last week’s article. The procedure for creating a free Linphone User Account was covered in an earlier article so we won’t repeat it here. Another obvious SIP URI destination is any 3CX Client if you’ve previously set up a free 3CX server following our 3CX tutorial. Refer back to those articles if you need a refresher.

On the Asterisk side, login to the Incredible PBX GUI as admin with your favorite browser. Then choose Applications -> Extensions -> Add Custom Extension. For the User Extension and Display Name, we recommend using the 7701 numbering scheme for remote accounts. Then click on the Advanced tab and enter the SIP URI of your OpenSIPS, Linphone, or 3CX User account as the Dial option, e.g. SIP/yourname@sip.linphone.org or SIP/7701@opensips.yourdomain.com. Click Submit and Apply Config to reload dialplan.

To assure that incoming calls ring on both your Asterisk phone (701) and your registered SIP phone, we recommend setting up a Ring Group on the Asterisk side that includes both the 701 extension and the new 7701 custom extension. Then adjust your Inbound Routes to point to the number of this Ring Group instead of to 701. In this way, you can preserve the voicemail functionality associated with your 701 extension. FYI: None of these servers proxy audio and video of your calls. They provide a SIP registration service only.

The other alternative to a Ring Group is to enable FindMe/FollowMe in the 701 extension settings and then specify Extension:701 as the No Answer Destination. With this approach, voicemail will never be triggered on calls sent to extension 701 on your PBX. Since OpenSIPS lacks voicemail, you would lose calls not answered on your registered SIP phone or softphone.

TIP: We use 3CX clients exclusively for inbound calls on iPhones and Android devices because we have found they are far superior in dealing with both push notifications and NAT routing. 3CX clients actually ring when someone calls AND you can hear both sides of every call.

4. Outbound PSTN Calling from OpenSIPS

The DISA setup documented above allows your existing Trunks to continue to be managed and secured exclusively on your Asterisk server with no trunk exposure on the OpenSIPS platform at all. Thus, if either your public-facing OpenSIPS server or Linphone is ever compromised, nobody will be able to make any calls on your nickel because there will be no trunks available to process the outbound calls. Your DISA password is never exposed.

For some (like us), a two-step outbound calling procedure is just too painful. In that case, with providers such as Skyetel, you can deploy a PSTN calling platform on both your Asterisk server and on OpenSIPS. We documented the Skyetel trunk setup for OpenSIPS in our tutorial last week. The good news is nothing precludes deployment of Skyetel at multiple sites even if you only use Skyetel on the OpenSIPS platform for outbound calling. And this completely avoids implementing a DISA solution which has security implications of its own. Effective 10/1/2023, $25/month minimum spend at Skyetel is required.

Enabling direct PSTN calling with OpenSIPS means nobody can ever make PSTN calls merely by guessing a SIP URI. It requires an actual SIP registration to OpenSIPS, and you have Fail2Ban to assist with securing that process. So the outbound calling design is completely up to you. Direct PSTN calling from OpenSIPS is no less safe so long as none of your OpenSIPS User account passwords are compromised.

5. Enabling Calls from Asterisk to OpenSIPS Users

For OpenSIPS AVP forwards that have been enabled to Asterisk extensions, you probably will also want to provide a way for Asterisk users to return those calls directly to OpenSIPS users since that will be the CallerID that displays when an OpenSIPS user places a call directly to a forwarded Asterisk extension. Assuming a SIP phone has been registered to User account 7709, when that OpenSIPS user places a call to a forwarded Asterisk extension 701, it means the Asterisk user will see 7709 displayed as the CallerID for the incoming call even though the User of the OpenSIPS 7709 extension may also be associated with extension 709 on the Asterisk side. If the Asterisk callee attempts to return the call by dialing 7709 instead of 709, the call would fail. To avoid confusion by Asterisk users, the simple solution is to add an additional Custom SIP extension for every OpenSIPS User account.

For example, on the Asterisk side, login to the Incredible PBX GUI as admin with your favorite browser. Then choose Applications -> Extensions -> Add Custom Extension. For the User Extension, enter 7709. For the Display Name, enter the name of the person using that OpenSIPS user account. Next, click on the Advanced tab and enter the SIP URI for this OpenSIPS User account as the Dial option, e.g. SIP/7709@opensips.yourdomain.com. Click Submit and Apply Config to reload dialplan.

FYI: Matching Custom Extension numbers on the Asterisk platform to identical extensions on your OpenSIPS server does not create the registration problems we cautioned against earlier. Only Asterisk extensions requiring actual SIP registration need to remain unique from accounts on your OpenSIPS platform.

6. A Few Words About Security

If you’ve been using Incredible PBX with its Travelin’ Man 3 firewall, it’s not unlike living in a gated community where most of the outside world doesn’t even know you exist. Adding a "second home" with OpenSIPS is not unlike buying a summer place next door to Fred Sanford in Watts. You might as well have set up shop in the middle of Russia because, for all intents and purposes, you have. Anybody in the world can guess your IP address and spend the day trying to break into your server. So the name of the game is vigilance. Especially for the first few weeks, you need to run iptables -nL regularly and see how quickly your Fail2Ban blacklist is filling up. If you heeded our advice and set up your OpenSIPS server on a KVM platform (instead of OpenVZ), we’ve got a handy little script that will let you move bad guys snagged by Fail2Ban to the permanent IPset blacklist. Just download the script and run it daily to move the Fail2Ban entries to permanent block status in the IPset blacklist:

cd /root
wget http://incrediblepbx.com/move-fail2bans-to-ipset.tar.gz
tar zxvf move-fail2bans-to-ipset.tar.gz
rm -f move-fail2bans-to-ipset.tar.gz
./move-fail2bans-to-ipset

Once you have verified that the IP addresses actually are being populated in the IPset blacklist table (ipset list | sort), you can add the script to /etc/crontab to run automatically each night:

echo "2 4 * * * root /root/move-fail2bans-to-ipset > /dev/null 2>&1" >> /etc/crontab

If you’d like a head start on your IPset blacklist, simply download our latest list and then reboot your server:

cd /etc
wget http://incrediblepbx.com/badguys.tar.gz
tar zxvf badguys.tar.gz
rm -f badguys.tar.gz 

Another potential vulnerability is SSH. This command will tell you who has attempted to login to your server as root: cat /var/log/auth.log | grep password. If you ever see a failed login and it wasn’t a mistake on your part, change your SSH access port immediately if not sooner: nano -w /etc/ssh/sshd_config. Then restart SSH: /etc/init.d/ssh restart. Better yet, set up SSH public key authentication.

The other major consideration is the number of holes you punch into the security of your Asterisk server using the OpenSIPS asterisk-add-forward script. Every time you add an extension to this list, you open another (read-only) window into your Asterisk communications world. And anybody can connect to these extensions using either the FQDN of your OpenSIPS server or its IP address. Even though we don’t practice what we preach, we strongly recommend using alphanumeric UUIDs instead of numbers for these access points. That at least avoids random calls from bad guys that are accustomed to numeric numbers only in SIP URIs. Regularly review your OpenSIPS log for unusual strings of forwarded calls and adjust your forwarding UUIDs accordingly: cat /var/log/opensips.log | grep forwarded.

In our previous article, we’ve already addressed how important it is to limit User accounts to your FQDN and never the IP address of your OpenSIPS server. In this way, you limit OpenSIPS registration exposure to your FQDN and never the IP address of your server. Fail2Ban also assists here by blocking failed login attempts after a single failure unless you have whitelisted the IP address in Fail2ban’s ignoreip list in /etc/fail2ban/jail.conf and restarted Fail2Ban with this command: /etc/init.d/fail2ban restart. These are the only entry points that offer the ability to actually register to your server. AVPs never do. Obviously, a successful SIP registration is much more dangerous than a random phone call on a SIP URI set up using AVP extension forwarding.

Finally, passwords now matter on your Asterisk PBX for any port forward you’ve established with OpenSIPS. For example, if you’ve set up a generic forward to access voicemail, then it means anybody guessing the SIP URI you created can spend the day (at no cost) attempting to break into ANY voicemail account on your Asterisk server by guessing the PIN. Fail2Ban will not protect you here. If you’ve set up DISA-like access to your Asterisk server on OpenSIPS, then the same applies except now the attacker gets a blank check to make commercial calls if they can guess your access PIN. Worried yet? We hope so. Sure beats a $100,000 phone bill.

7. Taking OpenSIPS for a Test Drive

We usually provide a Demo Line for readers to try out our latest creations. For obvious reasons, we prefer not to disclose our OpenSIPS FQDN to the general public. But we have set up a port forward from a DID that we temporarily configured on our OpenSIPS server. So, if you’d like to sample the voice quality of placing a call to a DID in Atlanta forwarded to an OpenSIPS server in New York forwarded to an Asterisk server in Miami and then back to you, try calling 843-606-0555 for a weather report in your favorite ZIP code. We’re betting you will be dumbfounded by the quality of the call. Enjoy!

Originally published: Monday, May 20, 2019



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



The 5-Minute Wonder: OpenSIPS Server Takes the Cake


We covered Kamailio in our Part I article. And we’ve skipped writing about SIP server contestants two, three, and four because they each had a healthy dose of insurmountable problems… at least for us. So today we’re pleased to present Part V in our SIP server series. And, as the headline exclaims, with OpenSIPS we’ve found a platform that finally is worthy of your attention. Our requirements were fairly straightforward. We wanted an open source SIP server to which we could connect users to make and receive free as well as commercial calls worldwide. We also wanted a SIP server with good documentation that was simple to install and to integrate into our existing Asterisk platforms without hiring a consultant. And finally we were searching for a SIP server that could be secured easily without providing free phone service to every bad guy on the planet. OpenSIPS has it all.

OpenSIPS is a multi-functional, multi-purpose signaling SIP server used by carriers, telecoms or ITSPs for solutions like Class4/5 Residential Platforms, Trunking / Wholesale, Enterprise / Virtual PBX Solutions, Session Border Controllers, Application Servers, Front-End Load Balancers, IMS Platforms, Call Centers, and many others. Source: opensips.org

We’ve often complained that the problem with many open source projects is that the developers get so focused on making money that they skimp on the documentation to encourage consulting work or participation in expensive conferences. We have found just the opposite with OpenSIPS. In fact, much of today’s implementation is based upon an excellent tutorial by the folks at PowerPBX. Down the road, if you find yourself in need of a consultant, their services would be a good place to start. What we’ve added to the PowerPBX design is security, support for clients behind NAT-based routers, and an integration scheme for Asterisk®, FreePBX®, and Incredible PBX® platforms so that you get the best of both worlds, a public facing SIP server with the UC feature set that most organizations expect. Last but not least, our turnkey GPL installer will get you up and running in about 5 minutes.

Choosing a KVM/OVZ7 Platform for OpenSIPS

Let’s begin by addressing the appropriate platform for an OpenSIPS server. The server needs to have a public IP address that is static, and the server should not be situated behind a NAT-based router. It only complicates things and is beyond the scope of what we plan to address. For those that are frequent visitors, you already know that we’ve been pushing everyone to kiss their local hardware goodbye and join the cloud revolution. When it comes to public-facing VoIP platforms like OpenSIPS, most of us don’t have a choice. You need a static IP address on the open Internet. And, for the sake of security, a KVM or OVZ7 cloud platform is a must since older OpenVZ platforms don’t support the ipset component of IPtables which makes it easy to block hundreds of thousands of IP addresses without a performance hit on your server. While we previously have identified older OpenVZ providers for our Incredible PBX platforms protected by the Travelin’ Man 3 firewall, pure whitelist access simply isn’t an option if you wish to retain the functionality of a VoIP application such as OpenSIPS.

Ten to twenty gigabytes of disk space should be more than ample for OpenSIPS. The amount of RAM in your server depends upon the volume of calls your server will be handling. If it’s a dozen simultaneous calls then 1GB of RAM will suffice. If it’s 100,000 calls, then take a look at this article for tips on sizing your server. For today’s implementation, we’ll be using Debian 8 so any low-cost provider or KVMs at Digital Ocean, Vultr, and OVH should be fine.1

We recently went on the hunt to identify KVM or OVZ7 cloud providers around the world that could offer a KVM VPS with 1GB RAM, 20GB storage, and 1TB of monthly bandwidth for about $25 a year. No small feat! But our friends at LowEndTalk have come through. Read the message thread and find an offer with a site that best meets your requirements. Many of the KVM offers require you to open a ticket to get the special pricing and configuration outlined above. Here’s a short list of our favorites, but remember to only use the KVM or OVZ7 offerings below for OpenSIPS!

ProviderRAMDiskBandwidthPerformance as of 12/1/19Cost
CrownCloud KVM (LA)1GB20GB +
Snapshot
1TB/month598Mb/DN 281Mb/UP
2CPU Core
$25/year
Best Buy!
Naranjatech KVM (The Netherlands)1GB20GB1TB/monthHosting since 2005
VAT: EU res.
20€/year w/code:
SBF2019
BudgetNode KVM (LA)1GB40GB RAID101TB/monthAlso available in U.K PM @Ishaq on LET before payment$24/year
FreeRangeCloud KVM (Ashburn VA, Winnipeg, Freemont CA)1GB20GB SSD3TB/monthPick EGG loc'n
Open ticket for last 5GB SSD
$30/year w/code:
LEBEGG30

Choosing OpenSIPS Components to Deploy

We’ve divided up today’s tutorial into bite-sized pieces so that you can pick and choose where to stop implementing and start using. You do not need to have an Asterisk server to make and receive calls with OpenSIPS. However, OpenSIPS lacks voicemail and AutoAttendant/IVR components so, if those are a requirement, then you either need a VoIP service provider that offers them, or deploy a $50 Incredible PBX for the Raspberry Pi to add the missing pieces.

What OpenSIPS offers is a free server platform for worldwide SIP communications so that you, your friends, and business associates can call or connect from anywhere using freely available SIP softphones or any of dozens of SIP telephone instruments. We’ll stick with softphones for today, but hardware-based SIP telephones are equally simple to deploy.

This is not a criticism because it is one of the best tutorials we’ve ever used but, if you want to see how complex a typical OpenSIPS server deployment is, take a look at the PowerPBX tutorial we used as a starting point with OpenSIPS. We’ve compressed most of those procedures into a turnkey installer that only requires you to enter a MySQL root password of passw0rd (with a zero) once you have your Debian 8/64 platform up and running.

Deploying a Debian 8 Server Platform

Start by choosing a cloud provider that offers the 64-bit Debian 8 minimal platform as a deployment option. Most do. As noted, we recommend a KVM or OVZ7 platform, but older OpenVZ platforms perform equally well minus support for ipset which makes it easy to block entire countries overrun with bad guys. Choose offerings with at least 1GB RAM and a 10GB drive to get started. Configure your Debian 8 server with a fully-qualified domain name (FQDN). This is critically important with our security design because we will assign all OpenSIPS users/extensions to this FQDN and reserve your server’s IP address purely for connections from service providers and Asterisk servers. This makes it all but impossible for anyone to hack into your server since most script kiddies launch attacks on IP addresses, not FQDNs. Using an unusual FQDN adds an extra layer of security, but that’s your call. If you lack the ability to assign FQDN aliases to a domain which you own, you can obtain a free FQDN from numerous sources including ChangeIP and point it to the IP address of your OpenSIPS server.

Installing OpenSIPS on a Debian 8 Server

Now the fun begins. Log into your Debian 8 server as root and issue the following commands to prepare for the OpenSIPS install:

cd /root
wget http://incrediblepbx.com/opensips.tar.gz
tar zxvf opensips.tar.gz
rm -f opensips.tar.gz

After untarring opensips.tar.gz above, there’s one extra step for those using KVM or OVZ7 platforms. Do NOT make this change if you’re on an older OpenVZ-based server (not recommended!) that shares its kernel with the host machine. Otherwise, the firewall startup will always fail. For KVM and OVZ7 platforms only, issue the following command: cp -p /root/kvm/* /root

Make sure you have logged into your Debian 8 server as root using SSH or Putty from a desktop PC that you will use to manage OpenSIPS with a browser. The reason is because this IP address automatically will be whitelisted in the OpenSIPS firewall as part of the install process. Otherwise, you will need to manually log into SSH and whitelist the IP address of your desktop PC using /root/add-ip each time you wish to access the OpenSIPS Control Panel since TCP port 80 (HTTP) is not exposed to the public Internet as a security precaution.




 

To begin the install, issue this command: /root/install

As the install progresses, you’ll be prompted several times to assign and then to use the MySQL root password. Please use passw0rd (with a zero) as your MySQL password, or the install will fail. This is NOT a security risk unless your Debian 8 root user account is compromised. And, in that case, it won’t matter anyway since the MySQL password could easily be changed. The rest of the install is self-explanatory. There are a couple of steps where you will be prompted for input. Correct responses are indicated before the various prompts. Pay particular attention when you are prompted to change the SSH port from TCP 22 to a port number in the 1000-2020 range as a security precaution. We recommend using the year you were born because it will be easy for you to remember. When the install finishes and you log out of your server, the next SSH login will look like this where XXXX is the SSH port you chose and yyy.yyy.yyy.yyy is the OpenSIPS server address: ssh -p XXXX root@yyy.yyy.yyy.yyy


Although most of the configuration of your OpenSIPS server will be handled using a web browser and the OpenSIPS Control Panel GUI, we’ve included a few scripts in /root to assist with maintenance of your server platform. Here’s a brief summary of the script functions:

  • pbxstatus – Status of your OpenSIPS server (image sample above)
  • add-ip – Temporarily WhiteList IP address until next iptables-restart
  • ban-ip – Permanently Ban an IP address
  • unban-ip – Unban a previously banned IP address
  • log-purge – Zero out all of the major Linux log files
  • opensips-check – Assures OpenSIPS and RTPproxy are running (runs automatically)
  • Fail2Ban BlackListsiptables -nL | grep -A100000 "opensips ("
  • IPset BlackList (KVM/OVZ7 platforms only) – ipset list | sort

We secure your server in several ways: (1) by disguising the SSH port, (2) by locking down almost every port on your server with the IPtables firewall with the exception of the SIP ports, (3) by deploying Fail2Ban to scan your OpenSIPS log for errors and lock out attackers for an extended period of time, and (4) by deploying the IPset blacklist on KVM/OVZ7 platforms. With this design, there is a symbiotic relationship between IPtables, Fail2Ban, and IPset. Therefore, it is critically important that you only restart these services using the iptables-restart command. NEVER issue other IPtables commands to restart or save your firewall settings.

Activating a SIP Server with OpenSIPS Control Panel

We don’t want to overload you on the first day with your new OpenSIPS platform so we’ll walk you through the preliminary setup steps to create your SIP Domain. Then we’ll show you how to set up user accounts (also known as extensions). Finally we’ll walk you through setting up a trunk to make and receive calls from a commercial SIP provider. When we’re finished today, you’ll be able to make and receive calls using SIP URIs or DIDs which you have purchased from a provider. Then next week we’ll focus on integration of OpenSIPS with an Asterisk platform of your choice using Incredible PBX and FreePBX as an example. Once we’re finished, you’ll be able to handle user account registrations exclusively on your OpenSIPS server while leaving your Asterisk platform completely hidden from public exposure.

Logging into the OpenSIPS Control Panel

As deployed, the OpenSIPS Control Panel is accessible via web browser. As noted previously, HTTP Port 80 access is blocked by default unless the IP address of your desktop PC has been whitelisted either as part of the initial install or using the add-ip script in /root. Once your desktop PC’s IP address is whitelisted, point your browser to http://xxx.xxx.xxx.xxx/cp



The default Username is admin, and the default password is opensips. Once you’re logged in, immediately click on the Users icon in the upper-right corner of the dashboard. Then click the Edit Info pencil icon for user Admin and change your password. Click Save when done.

Creating Domains with OpenSIPS Control Panel

In the Left column of the Dashboard, you’ll see two tabs: Users and System. Click on the System tab to expose the available choices. Then choose the Domains option.



Domains are the essential building blocks in OpenSIPS. You can manage one or a hundred domains on a single OpenSIPS server, and each domain can have its own set of Users, Trunks/Gateways, and Dialplan rules. We’re actually going to create two domains, one for the IP Address of your OpenSIPS server and a second one for the FQDN of your OpenSIPS server. For added security, we will create all User accounts under the FQDN Domain. And we’ll reserve the IP Address Domain for DID Trunks/Gateways from registered, commercial SIP providers. This design allows attackers to attempt to register to accounts on your IP Address Domain until the cows come home, and they will never be successful because there are no existing SIP user accounts there. Keep it that way! With our OpenSIPS design, Fail2Ban will block attackers after a single failed registration attempt. And OpenSIPS itself will identify and block all SIP flood attacks using either Fail2Ban or IPset (on KVM and OVZ7 platforms only).

Now that you understand the design, let’s set up your domains. After choosing System -> Domains, enter the IP Address of your OpenSIPS server at the SIP Domain prompt. Then click Add New Domain followed by Reload on Server. Repeat the same steps to enter the fully-qualified domain name (FQDN) of your OpenSIPS server. When finished, you should see:


Creating Users with OpenSIPS Control Panel

We’ve already explained the security implications and reason for creating User accounts with your FQDN Domain only. Click on Users -> User Management -> Add New to get started. You can use Numbers (what we call Extensions in Asterisk) or Names. Our preference is to use Numbers for the User accounts and then to create Alias Names (as desired) for each User account. You can’t dial names from most SIP telephones. This also keeps the design similar to what many are used to coming from the Asterisk environment. A completed dialog would look something like the following. Use the Domain pull-down to choose your FQDN. Obviously, the passwords must be secure and must match. Then the Register button will be enabled to save. The actual Numbers used for Usernames are completely up to you.



Create at least a couple User accounts so that you can set up two SIP phones to call yourself and verify that everything is working. These User accounts become an integral part of the SIP URI to receive calls from any SIP phone in the world: 7701@opensips.yourdomain.com

Before you can actually answer an incoming call to your SIP URI, you’ll need to register the User account using either a softphone or SIP phone. We’ll do that next. But, first, let’s create an Alias to 7701 User so that folks can reach you by calling joe@opensips.yourdomain.com

Click on Users -> Alias Management -> Add New Alias to get started. Fill in the form using the example below. Make sure that you select your FQDN Domain using the pull-downs for BOTH the Domain and Alias Domain fields. Then click Add to save.


Registering a Softphone to an OpenSIPS User Account

There are literally dozens of free SIP soft phones from which to choose. We covered some of our favorites for every platform in previous articles. For our purposes today, we recommend you choose one of the Linphone softphones which are available for the PC, Mac, Linux, Android, and iOS platforms. We also recommend signing up for a free Linphone.org SIP account which doesn’t cost you anything. For today, we will be configuring the softphone to register to your new OpenSIPS server.

Once you have downloaded and installed the Linphone client, go into the Preferences menu and make the following changes. Some depend upon your calling platform.

  • Audio Codecs: PCMU, G722, PCMA
  • Video Codecs: VP8, H264
  • Call Encryption: None
  • DTMF: RFC2833 only
  • Send InBand DTMF: OFF
  • Send SIP INFO DTMF: OFF
  • SIP UDP 5060: Enabled
  • SIP TCP 5060: Enabled
  • Allow IPv6: Disabled

Then set up a new SIP Proxy account: Username (7701), Password (as defined), Domain: your FQDN not IP address, Transport: UDP, Outbound Proxy: OFF, Stun Server: stun.linphone.org, ICE: ON, AVPF: OFF, Push Notification: ON, Country Code Prefix: 1 (if required by your commercial SIP provider), Register: YES, Account Enabled: YES. HINT: You can call Alias Names via SIP URI, but you can only register to a SIP account using its actual Username.

Avoiding Lockouts with NeoRouter VPN

By design, Fail2Ban is unforgiving when it comes to failed registrations. A single failed registration will get an IP address banned for a full week. The reason is because the new bad guy strategy is to hit your server once to determine whether anybody is home. Then the creep bombards you later with an endless stream of registration attempts. With our design, nobody will be home when they return. The bad news is a single failed registration attempt by you or your users will also trigger a ban. There are several workarounds. The easiest is to set up the NeoRouter client on each of your machines including your OpenSIPS server and use the 10.0.0.x private network for access. These IP addresses never get banned. Our previous tutorial will walk you through setting up a free NeoRouter server and installing the free NeoRouter clients on your machines. The client software already is installed and running on your OpenSIPS server. It only requires that you log in using nrclientcmd and register to your NeoRouter server to obtain a private IP address.

There are other options to unban an IP address which has accidentally been snagged. First, almost all of the cloud providers include a Console option in their web portals. Second, you can log into your server via SSH from any non-blacklisted IP address to remove the banned IP address. Once you’re logged in, simply run this command using the IP address you wish to unban: /root/unban-ip xxx.xxx.xxx.xxx

Choosing Commercial SIP Providers

Recall that you cannot register to a SIP alias on your OpenSIPS server. We’ll take advantage of this restriction in setting up incoming calls from commercial providers’ DIDs. To set up Trunks from commercial providers so that you can not only receive incoming calls but also make outbound calls over their PSTN network connections, you must use providers that support IP address authentication rather than a SIP registration. Many providers support this including our platinum sponsor, Skyetel, as well as providers such as VoIP.ms, Anveo Direct, V1VoIP, and many others. In our OpenSIPS design, you also can use DIDs from providers that support SIP URI forwarding such as CallCentric and LocalPhone; however, you are limited to receiving inbound calls only. VoIP communications really shines here because you don’t have to choose a single provider to meet all of your communications requirements.

Skyetel is by far the easiest provider to set up with OpenSIPS. See our earlier tutorial for a special offer that will get you half-price calling for up to $500. Effective 10/1/2023, $25/month minimum spend required. Once you’re registered on the Skyetel site, add a new EndPoint Group using the IP address of your OpenSIP server and designate UDP 5060 as the access port. Sign up for a DID and map it to the OpenSIPS Endpoint Group. Done. In the OpenSIPS Control Panel, navigate to System -> Dynamic Routing and click Add Gateway. Using the template below, create 5 Proxy gateways for the following Skyetel data centers:

  • skyetel-NW 52.41.52.34
  • skyetel-SW 52.8.201.128
  • skyetel-NE 52.60.138.31
  • skyetel-SE 50.17.48.216
  • skyetel-EU 35.156.192.164

The latest installer will automatically whitelist the Skyetel IP addresses in /etc/iptables/rules.v4 just below the existing 10.8.0.0/24 rule. This will protect you in the event that one or more of the Skyetel IP addresses gets blacklisted inadvertently. You should also add the IP addresses of any other providers you need and then issue the command: iptables-restart

Next, we need to create what Asterisk users know as an Outbound Route. This tells OpenSIPS to send dialed numbers in 11-digit format to Skyetel for termination. We’ve already created the Dial Plan rule for calling out by dialing 1 plus a 10-digit number. So, while you’re still in the Dynamic Routing section of the OpenSIPS Control Panel, click on the Rules tab at the top of the template. Then click Add Rule. Begin by clicking Add ID button and choosing Group ID 0. In the Prefix field, type 1. Now click the Add GW button 3 times after choosing the Skyetel gateways in the following order from the GW pull-down list: skyetel-nw, skyetel-sw, and skyetel-se. Those are the three currently operational Skyetel gateways. When you’re finished, your template should look like the following. Then click the Add button to save the new rule. Click Reload Server to load the new rule into OpenSIPS. Then repeat this procedure leaving the Prefix field blank so that you can make 10-digit calls as well.

Finally, we need to create what Asterisk users know as an Inbound Route. This tells OpenSIPS where to send incoming calls from our Skyetel DID. OpenSIPS handles inbound routes by defining a User Alias for the Username to which you want to route the incoming DID calls. Click on Users -> Alias Management -> Add New Alias to get started. Fill in the form using the following template and then click Add.

  • Username: 7701 (the extension to which to route the incoming calls)
  • Domain: opensips.xyz.com (the FQDN of your OpenSIPS server)
  • Alias Username: 18435551212 (the 11-digit Skyetel DID)
  • Alias Domain: 11.12.13.14 (the IP address of your OpenSIPS server)
  • Alias Type: dbaliases

Introducing the VoIP Blacklist

We’ve always dreamed of an effective VoIP Blacklist, and many have tried. But the crowd-sourced VoIP Blacklist at voipbl.org is the real deal. Everybody can post entries (including the bad guys) and, magically, most of the illegitimate entries get sifted out before the next day’s list is released. We’ve made this easy in two ways. First, the list gets populated every night while you sleep. At last count, there were 84,504 IP addresses. And, second, to contribute to the blacklist, run iptables -nL weekly to see if Fail2Ban has snagged any bad guys. If so, simply run the new /root/blacklist utility which will move them into your local blacklist and also format the entries for easy submission to voip.bl whenever you feel the urge. Simply issue the command cat /root/blcklist.txt to display the entries you just blacklisted. Then cut-and-paste the results and post them to the VoIP Blacklist. The whole process takes less than a minute, and you’ll be contributing to a very valuable VoIP resource while also using it.

Congratulations! You now have a functioning OpenSIPS server that can process incoming calls from SIP URIs as well as DIDs. And you can make SIP URI and 11-digit PSTN calls using your SIP softphone that’s registered to your OpenSIPS server. See you next week. Enjoy!

Continue Reading: Best of Both Worlds: Safely Marrying Asterisk to OpenSIPS

Originally published: Monday, May 13, 2019  Updated: Monday, June 24, 2019



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



  1. Nerd Vittles receives referral fees from some VoIP service providers to help cover the costs of our blog. We never recommend particular companies solely to generate commissions. We also test all services that we recommend. []

Meet Linphone: Free Worldwide Calling to Anybody with SIP

Earlier this year we demonstrated how to set up a publicly-accessible Asterisk® server to enable free worldwide calling using SIP URIs which are email-like addresses for VoIP and video calls. But not everyone has an Asterisk server so today’s tutorial extends free calling to everyone with a Windows or Linux PC, a Mac, or any smartphone or tablet. All you need is a desktop computer with wired or wireless Internet access or, on a smartphone or tablet, a cell data plan or WiFi connection will suffice. When friends sign up, their calls also will be free.

The secret sauce on all of these platforms is the Linphone app (shown above) which can be downloaded and used at no cost. Source code is available for those that want it. Use it as often and for as long as you like. Here are the Linphone download links for each of the platforms:

The only other piece you’ll need to get started is a free Linphone SIP account. Sign up here. Once you’ve signed up, simply respond to the confirmation email to activate your account. Your registration gets you credentials to plug into your Linphone app that you downloaded above. In addition, it gets you a free Linphone SIP URI which looks something like this: yourname@sip.linphone.org. This is the SIP URI address that anyone in the world can use to contact you. Here are the pieces you’ll need to plug into your desktop or smartphone app:

  • Account Name
  • Account Password
  • Domain: sip.linphone.org

Be very careful not to lose your password. You can’t retrieve it, and you can’t change it without knowing the original password. All you can do is delete your account and start over.

The Linphone feature set is downright impressive. Here’s what you and your friends will be using at zero cost:

IMPORTANT TIP: Missing audio or one-way audio is a common problem on SIP calls. For best results, configure your account in the Linphone app to use UDP for the Transport, disable the Outbound Proxy, configure stun.linphone.org as the Stun Server, and enable ICE. In Network settings, turn off IPv6 and Media Encryption. In Audio settings, enable Opus, G.722, PCMU, and PCMA only. In Video settings, enable both VP8 and H.264. Then close the app and reopen it.

Once you have your Linphone credentials, another option in addition to using one of the SIP clients above is to acquire a stand-alone SIP telephone which can easily be connected to your Linphone SIP account. While there are literally hundreds of SIP telephones from which to choose, here’s a $35 offering from Grandstream that we use. It’s available from Amazon.1

Unlike other proprietary communications apps, the beauty of using Linphone with its native SIP URI support is you can call any SIP phone in the world for free whether the recipient uses Linphone or not. For example, to annoy your friends and spammers, you can transfer their calls to Lenny: 2233435945@sip2sip.info or 883510001198938@sip.inum.net. And here are some other SIP URI calls you might want to try. Store them in your Linphone Phonebook.

Yahoo News Headlines - news@demo.nerdvittles.com
Yahoo News Headlines - 951@demo.nerdvittles.com
Weather by Zip Code  - weather@demo.nerdvittles.com
Weather by Zip Code  - 947@demo.nerdvittles.com
Directory Assistance - information@demo.nerdvittles.com
Directory Assistance - 411@demo.nerdvittles.com
Lenny for Spammers   - 53669@demo.nerdvittles.com
Technical Support    - 0@sip.incrediblepbx.com
Call Any TollFree #  - **1800XXXXXXX@tollfree.future-nine.com

There are now more than 2,000 VoIP networks worldwide that support SIP URI access. Any person or organization with an account on any of these networks can be reached at no cost via SIP URI or via several hundred PSTN numbers. Using a SIP URI dialing prefix, you can call any referenced network@sipbroker.com. For example, *656news@sipbroker.com would reach the Nerd Vittles News Headlines from Yahoo. Or choose a local access number from the SipBroker worldwide directory, e.g. 702-789-0530 and then dial *656951 at the prompt.

Of course, every 3CX platform provides dedicated SIP URIs for every extension on the PBX. Our recent article covers adding SIP URI access to any Asterisk PBX.

If you want to associate a phone number with your Linphone SIP URI, you can do it in a couple of ways. First, using a smartphone, you can link your cell number to Linphone within the Linphone app itself. If you have a free DID from IPComms, you can point it to your Linphone SIP URI. If you have a $1/month CallCentric DID, it can also be pointed to your Linphone SIP URI. A 25¢/month iNum DID from LocalPhone.com also can be pointed to your SIP URI. LocalPhone supports Nerd Vittles through referral revenue from your 25¢ investment. 🙂

Speaking of iNUMs, you can reach anyone with an iNUM DID by dialing the iNUM number in SIP URI format: 8835100xxxxxxxx@sip.inum.net. One of the real beauties of signing up for an iNUM number as well is that it can be reached in most places around the globe by dialing a local number from any telephone. As part of the iNum initiative, local access numbers have been established in more than 50 countries around the globe. By placing a local call from any telephone to one of these local access numbers, any individual with an iNum phone number anywhere in the world can be reached without further cost. Here is a current list of the local access numbers. If the link is down (frequently), try here or here or the iNUM listing here. Once your call is answered, simply enter the 15-digit iNum phone number you wish to reach, and you will be connected. It’s worth pointing out that iNUMs aren’t as unwieldy as they may appear. The numbers always begin with 8835100 followed by 8 digits starting with a zero.



And another iNUM listing from DSL Reports:

Country             City                     Access Number
------------------- ------------------------ ---------------
Argentina           Buenos Aires             +54 1159839500
Australia           Sydney                   +61 280148200
Austria                                      +43 720880500
Bahrain                                      +973 16199200
Belgium             Brussels                 +32 28081771
Brazil              Brasilia                 +556135500791
Brazil              Florianopolis            +554840420809
Brazil              Rio De Janeiro           +552135006959
Brazil              Sao Paulo                +551146803621
Bulgaria            Sofia                    +359 24917555
Canada              Calgary                  (403) 775-1446
Canada              Edmonton                 (780) 669-9257
Canada              Halifax                  (902) 982-6937
Canada              London                   (519) 488-9336
Canada              Montreal                 (514) 907-7500
Canada              Ottawa                   (613) 686-4519
Canada              Quebec City              (418) 800-0384
Canada              St. Johns, Newfoundland  (709) 757-0060
Canada              Regina                   (306) 988-1600
Canada              Toronto                  (416) 800-4303
Canada              Toronto                  (647) 724-8777
Canada              Vancouver                (778) 786-3497
Canada              Winnipeg                 (204) 272-8182
Chile               Santiago                 +56 25813444
Croatia             Zagreb                   +385 17776363
Cyprus              Nicosia                  +357 22030500
Czech Republic      Prague                   +420 246019777
Denmark                                      +45 69918686
Dominican Republic  Santiago                 (829) 947-9610
El Salvador                                  +503 21131899
Estonia                                      +372 6681881
Finland             Helsinki                 +358 942419200
France              Paris                    +33 170619800
Germany             Frankfurt                +4969257385876
Germany             Frankfurt                +4969257380439
Greece              Athens                   +30 2111768444
Hungary             Budapest                 +36 14088951
Ireland             Dublin                   +353 15262600
Israel              Tel Aviv                 +972 37219555
Italy               Rome                     +39 0662207777
Japan               Tokyo                    +81 345209777
Latvia              Vilnius                  +370 52059090
Lithuania                                    +371 67652500
Luxembourg                                   +352 20880108
Malta                                        +35627780107
Mexico              Guadalajara              +52 3346242977
Mexico              Mexico City              +52 5511678222
Mexico              Monterrey                +52 8141703540
Netherlands         Amsterdam                +31 208080808
New Zealand         Auckland                 +64 99250499
Norway              Oslo                     +47 21031306
Panama                                       +507 8322488
Peru                Lima                     +51 17085500
Poland              Warsaw                   +48 223982688
Portugal            Lisbon                   +351 308803219
Puerto Rico         Bayamon Norte            (787) 395-7140
Romania                                      +40 318103500
Singapore                                    +65 31581212
Slovakia            Bratislava               +421 233002555
Slovenia            Ljubljana                +386 16001422
South Africa        Johannesburg             +27105002854
South Africa        Pretoria                 +27120042701
Spain               Barcelona                +34 931815653
Spain               Madrid                   +34 911883777
Sweden              Stockholm                +46 852500111
Switzerland         Zurich                   +41 435006262
United Kingdom      London                   +44 2033556363
United States       Albuquerque              (505) 225-8243
United States       Charlotte                (980) 202-0283
United States       Charlotte                (980) 236-0398
United States       Kansas City              (913) 951-0932
United States       Chicago                  (312) 253-4880
United States       Houston                  (713) 474-2323
United States       Los Angeles              (213) 221-3799
United States       New York                 (646) 843-6969
United States       Phoenix                  (602) 354-9444
United States       San Diego                (619) 330-9640
United States       San Francisco            (650) 360-0999
United States       Santa Barbara            (805) 308-9649
United States       Seattle                  (206) 420-5904
United States       Spokane, WA              (509) 931-0459
United States       Tacoma, WA               (253) 343-1529

More iNUM details are available here. If sip.inum.net is down, try 81.201.82.50.

Let’s tie all the pieces together now. Linphone gives you and your friends a free SIP URI as well as a SIP client for any platform to make and receive SIP voice and video calls. You can associate this SIP URI with your cellphone number as well as a free or almost free phone number (DID) that’s available from IPComms, CallCentric, and other providers. If you sign up for a LocalPhone iNUM number, you also can associate it with your Linphone SIP URI. So you can be reached on your Linphone client by SIP URI, by iNUM, and by regular phone numbers. You can place unlimited calls to any SIP URI or iNUM worldwide at no cost. What’s not to like?

Deploying Linphone as an Asterisk Trunk

If you don’t have an Asterisk PBX, you can stop reading here. The good news is you can also use a Linphone SIP account as a SIP trunk on your Asterisk PBX. Once configured, you can add an Incoming Route and send the incoming Linphone SIP URI calls to any destination desired: an extension, a ring group, an IVR, or even a Conference Room. Using the FreePBX® or Incredible PBX® GUI, create a chan_SIP Trunk and name it linphone. In the PEER DETAILS, enter the following using your actual Linphone username and password:

type=friend
qualify=yes
insecure=port,invite
host=sip.linphone.org
disallow=all
context=from-trunk
dtmfmode=rfc2833
allow=g722&ulaw
fromuser=your-username
defaultuser=your-username
secret=your-password

For the Registration String: your-username:your-password@sip.linphone.org/99999

Next, create an Inbound Route using 99999 as the DID entry. Route the call to your desired destination, SAVE your settings, and you’re in business.

There’s one more nice surprise. Linphone accounts work much like the old key telephones and Google Voice setup that we all knew and loved. What that means is you can register the same Linphone account in multiple places, e.g. as an Asterisk trunk and elsewhere using one of the Linphone softphone apps. When incoming calls to your SIP URI arrive, they will ring on both your Asterisk PBX and your Linphone softphone as long as you haven’t routed the Linphone trunk to a destination that automatically answers the calls such as an IVR.

HINT: If you’re using dual registrations and routing the Linphone trunk to an extension, we recommend disabling voicemail on that extension so that Asterisk doesn’t automatically answer the call and send it to voicemail when the extension is not registered or answered.

To make outbound calls from extensions on your PBX using the Linphone trunk, the easiest way is to create custom extensions in the [from-internal-custom] context in /etc/asterisk/ extensions_custom.conf. Make up an unused extension number (90210 in this example), enter the Linphone account name you wish to call (acctname in this example), save the file, and reload your dialplan: exten => 90210,1,Dial(SIP/acctname@linphone).

Another way to create a Custom Extension is using the FreePBX or Incredible PBX GUI. Under Applications -> Extensions -> Add Custom Extension, assign an extension number for the extension. Click on the Advanced tab and enter SIP/acctname@linphone in the Dial field. Click Submit button and reload the dialplan at the prompt. Enjoy your worldwide free calling.

Originally published: Monday, April 29, 2019



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



  1. This phone requires a wired network connection. Some of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. []

FusionPBX on Steroids: Text-to-Speech Apps Have Arrived


SECURITY ALERT: https://securityboulevard.com/2019/06/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx/

And you thought you needed an Asterisk® PBX for your users to enjoy FREE text-to-speech applications such as current News Headlines and Weather reports from the convenience of their telephone. Well, move over Asterisk. FusionPBX™ for FreeSWITCH™ now offers virtually identical functionality with all of the terrific advantages that FusionPBX provides: reliability, updates, performance, security and an unmatched UC platform with no rivals. To get started, make sure you have completed the steps in our FusionPBX introductory tutorial.

Intuitive support in FusionPBX for interactive TTS or STT applications is not (yet) available. So we’re doing the next best thing. Once or more a day, we will use cron jobs to retrieve the latest News Headlines and Weather reports for your local area. Then anyone using your PBX can pick up a phone and listen to the News Headlines by dialing 951 or U.S. weather forecasts by dialing 947, or worldwide weather forecasts from ApiXU by dialing 949.1 We’ll be using IBM’s awesome TTS engine to handle the text-to-speech chores. We think you will agree that IBM’s offering is the best in the business. And you can’t beat the price. After your first free month, you get a million characters of FREE text-to-speech synthesis every month forever! For ApiXU worldwide weather data, your first 2,500 queries are also FREE every month.

Here’s a sample from the 3CX implementation of these identical applications:


[soundcloud url="https://api.soundcloud.com/tracks/364353344″ params="auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true" width="80%" height="350″ iframe="true" /]

 

Getting Started with IBM Bluemix TTS Service

NOV. 1 UPDATE: IBM has moved the goal posts effective December 1, 2018:

You can start your free, 30-day trial of IBM Bluemix services without providing a credit card. Just sign up here. Once your account is activated, here’s how to obtain credentials for the TTS service to use with FusionPBX. Start by logging in to your IBM Bluemix account. Once you’re logged in, click on your account name (1) in the upper right corner of your web page to reveal the pull-down to select your Region, Organization, and Space. Follow the blue links at the bottom of the pull-down menu to create an Organization and Space for your TTS service.



Next, click the Menu icon which is displayed as three horizontal bars on the left side of the web page. Choose Watson. Click Create Watson Service and select Text to Speech from the applications listing. Watson will generate a new TTS service template and display it. Make certain that your Region, Organization, and Space are shown correctly. Then verify that the Standard Pricing Plan is selected. When everything is correct, click the Create button.

When your Text to Speech application displays, click Service Credentials and then click New Credential (+). When the Add New Credential dialog appears, leave the default settings as they are and click Add. Your Credentials Listing then will appear. Click View Credentials beside the new entry you just created. Write down your URL, username, and password. You’ll need these in Step #4 below to configure the IBM Bluemix TTS service. Logout of the IBM Cloud by clicking on the little face in the upper right corner of your browser window and choose Log Out. Confirm that you do, indeed, wish to log out.

Getting Started with ApiXU Weather

Finding free worldwide weather forecasts has been a difficult nut to crack. So we’re pleased to introduce ApiXU. Your first 5,000 API calls every month are free, but our Worldwide Weather application for FusionPBX actually makes two API calls to retrieve the latest weather conditions AND the weather forecast. What that means is you can make 2,500 free queries a month with the Nerd Vittles application. One or two a day should suffice. While the U.S. weather reports are retrieved by ZIP code, the ApiXU queries are retrieved by city. So long as you don’t choose small towns, the city names should be sufficiently unique to work well with the WorldWide Weather application. HINT: Nicosia in Cyprus (home of 3CX) works great! 😉




Before you can obtain worldwide weather reports, you’ll need to sign up for an account at ApiXU.com. Once you’re registered, log into your account and copy down your API Key. You’ll need it in a minute.

5 Steps to TTS Paradise with FusionPBX

Once you have your IBM TTS credentials in hand, there are only five simple steps to get everything set up for TTS application support on FusionPBX. When we’re finished, anyone on your PBX can pick up a phone and listen to the News Headlines by dialing 951, a U.S. Weather Forecast by dialing 947, or Worldwide Weather for most international cities by dialing 949.

  1. Download WAV file placeholders to FusionPBX
  2. Set up TTS Extensions in FusionPBX
  3. Install the Linux components to support TTS Applications
  4. Insert IBM and ApiXU Credentials, Email Address and Weather Locations
  5. Run the News Headlines and Weather Update Scripts

1. Downloading WAV File Placeholders

Login to your FusionPBX server as root using SSH or Putty. Change to /var/lib/freeswitch/recordings directory. List its contents to decipher the names of any subdirectories that have been created for your various FusionPBX domains. Change to each subdirectory under /var/lib/freeswitch/recordings and issue the following commands to install the TTS placeholders:

wget http://incrediblepbx.com/freeswitch/placeholders.tar.gz
tar zxvf placeholders.tar.gz
rm -f placeholders.tar.gz

IMPORTANT: Once you’ve copied the placeholders into position, use a browser to open the FusionPBX Dashboard for each of your domains. Navigate to Apps then Recordings and play each of the three placeholder files that were uploaded: News-update, Weather-forecast, and Weather-zip. Otherwise, they won’t be available for use in the next step of the setup.

2. Setting Up TTS Apps in FusionPBX

Before you can implement the Nerd Vittles TTS Apps for News Headlines, Weather by ZIP Code, and Worldwide Weather, we first need to create the proper environment on the FusionPBX side to support the new applications. We’ll be using the FusionPBX Dialplan Manager for this purpose. We need to set up three extensions to handle the calls: one for the News Headlines and one for each of the Weather applications.

Login to your FusionPBX Dashboard with a browser.

News Headlines: From the FusionPBX Dashboard, navigate to DialPlan, then Dialplan Manager, and click the Add (+) icon. Using your default Context, insert the following new entry into the Dialplan for News Headlines (951) by filling in the Name, Condition1, Action1, and Description fields as shown below. Leave the other defaults. Then click SAVE.



When the Dialplan listing reappears, find the NewsHeadlines entry in the list and click the pencil icon to Edit the entry. Add 951 in the Number field as shown below. Then click SAVE and BACK.



Now let’s add the Dialplan entries to support the two Weather applications.

Weather by ZIP Code: From the FusionPBX Dashboard, navigate to DialPlan, then Dialplan Manager, and click the Add (+) icon. Using your default Context, insert the following new entry into the Dialplan for Weather by ZIP Code (947) by filling in the Name, Condition1, Action1, and Description fields as shown below. Leave the other defaults. Then click SAVE.



When the Dialplan listing reappears, find the WeatherZIP entry in the list and click the pencil icon to Edit the entry. Add 947 in the Number field as shown below. Then click SAVE and BACK.



Worldwide Weather: From the FusionPBX Dashboard, navigate to DialPlan, then Dialplan Manager, and click the Add (+) icon. Using your default Context, insert the following new entry into the Dialplan for Worldwide Weather (949) by filling in the Name, Condition1, Action1, and Description fields as shown below. Leave the other defaults. Then click SAVE.



When the Dialplan listing reappears, find the WorldwideWeather entry in the list and click the pencil icon to Edit the entry. Add 949 in the Number field as shown below. Then click SAVE and BACK.



Try things out by dialing 947, 949, and 951 from any FusionPBX extension. Be sure these work before proceeding!

3. Installing Linux Components for TTS

First, we need to get the missing pieces in place to support TTS applications using IBM Bluemix TTS and the Nerd Vittles scripts. We want to add PHP support from the Linux CLI only so there will be no security issues. And we want to add support for SQLite 3 so we can look up latitude and longitude data for U.S. zip codes. Just issue the following commands to get everything set up:

apt-get update
apt-get -y install php-fpm php-curl php-cli php-pear php-db php-gd sqlite3 libsqlite3-dev
apt-get -y install sox lame libsox-fmt-mp3
sed -i 's|;cgi.fix_pathinfo=1|cgi.fix_pathinfo=0|' /etc/php/7.1/fpm/php.ini
systemctl restart php7.1-fpm

Next, we need to put the Nerd Vittles scripts and ZIP code database for SQLite 3 in place:

cd /
wget http://incrediblepbx.com/freeswitch/fusionpbx-tts-linux.tar.gz
tar zxvf fusionpbx-tts-linux.tar.gz
rm -f fusionpbx-tts-linux.tar.gz

Finally, we need to add cron jobs to run the three update scripts at least once a day. You can run them more often depending upon your needs. We have these configured to run at 6:15 am and 6:20 am every day. Adjust to meet your own requirements. On a busy PBX, you probably don’t want to run them during the workday.

echo "15 6 * * * root /root/nv-weather-update.sh >/dev/null 2>&1" >> /etc/crontab
echo "20 6 * * * root /root/nv-news-update.sh >/dev/null 2>&1" >> /etc/crontab
echo "25 6 * * * root /root/nv-wwweather-update.sh >/dev/null 2>&1" >> /etc/crontab

4. Adding TTS Credentials to FusionPBX

Now we need to add your IBM TTS and ApiXU credentials, email address, a local ZIP code for Weather by ZIP code reports, and a city for Worldwide Weather reports. Edit the credentials file and save it with your information:

cd /root
nano -w ibm-credentials.php

5. Running the News & Weather Update Scripts

Finally, we need to run the News Headlines and two Weather update scripts once to put current data in place for FusionPBX callers. After the initial setup, the cron jobs will update the News Headlines and Weather reports every day moving forward. Press ENTER as each of the scripts finishes to get back to a command prompt.

cd /root
./nv-news-update.sh
./nv-weather-update.sh
./nv-wwweather-update.sh

Taking the News & Weather Apps for a Spin

Now you’re ready to try things out. From any phone connected to your PBX, dial 951 for current News Headlines. Then dial 947 for a local Weather Report matching your zip code. Finally, dial 949 to retrieve a worldwide weather forecast for most international cities.

If you don’t yet have a FusionPBX server set up but would like to sample the voice quality of the TTS applications running on our FusionPBX server in New York, here are several ways to try them out using an IVR we set up using an IBM voice prompt from last week’s tutorial. Airport codes reflect (PROVIDER LOCATION-SERVER LOCATION-DID LOCATION).

  • Skyetel DID: 843-970-9997 (SEA-BUF-CHS)
  • Vitelity DID: 646-666-5997 (DEN-BUF-NYC)
  • VoIPms DID: 843-606-0444 (ATL-BUF-CHS)
  • Free iNUM Call: 883510009901997 (ATL-BUF-ATL)
  • Free SIP Call: 883510009901997@sip.inum.net (ATL-BUF-ATL)

Originally published: Monday, September 24, 2018


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. The included applications are licensed pursuant to GPL2 with the exception of nv-worldwide-weather.php which is licensed pursuant to The MIT License. Terms and conditions of both licenses are included in /root/COPYING. []

Integrating SIP URIs into XiVO for Free Worldwide Calling

It’s been a while since we’ve explored SIP URIs and all of the advantages that SIP URI calling brings to your PBX. Number one on that list is FREE calling to and from anyone on the planet so long as both of you have an Internet connection with a SIP phone or a VoIP server such as Incredible PBX for XiVO. SIP URIs are the fundamental building blocks for VoIP technology. Consider this. If everyone in the world had a SIP address instead of a phone number, every call to every person in the world via the Internet would be free. That pretty much sums up why SIP URIs are important. The syntax for SIP URIs depends upon your platform. With Asterisk® they look like this: SIP/somebody@FQDN.yourdomain.com. On SIP phones, SIP URIs look like this: sip:somenameORnumber@FQDN.yourdomain.com. Others use somenameORnumber@FQDN.yourdomain.com. Assuming you have a reliable Internet connection, once you have “dialed” a SIP URI, the destination SIP device will ring just as if the called party had a POTS phone. Asterisk® processes SIP URIs in much the same way as other calls originating from trunks and, as noted, SIP URI calls of any duration to anywhere are free. Today we’ll show you how to set things up on your XiVO PBX without exposing any ports to the Internet in a way that would jeopardize your server’s security.

Placing Outbound SIP URI Calls with a SIP Softphone

There are two ways to place outbound SIP calls. You can use a SIP phone or softphone that supports SIP URI calling to dial SIP URIs directly. If you have a Mac, the best free softphone for SIP URI calling is Telephone which you can download from the App Store. On other platforms as well as Macs, Zoiper is a great no-cost option. Both of these softphones support the sip:someone@FQDN.yourdomain.com syntax. An excellent way to test this is to call our friend Lenny and strike up a conversation: sip:2233435945@sip2sip.info.

Configuring Outbound SIP URIs with XiVO

The major drawback of SIP URIs is they’re difficult both to remember and to dial. It’s much simpler to dial a short number using a traditional phone. And, with Incredible PBX for XiVO, it’s easy to create custom extensions that can be accessed simply by dialing a few digits from any phone connected to your server. Here’s how to set it up in the XiVO GUI.

1. Create a User and assign the Customized Protocol and an Extension Number to that user:

TIP: If you’d prefer to use a different series of numbers for speeddials so you don’t get them mixed up with your standard extension numbers, just add a new range of numbers for XiVO: IPX Configuration → Contexts → Default → Users. Then choose one of them above.

2. Access the new Line that was generated for the new User:

3. Replace the Interface entry for the Line with the desired SIP URI for your speeddial, e.g. SIP/2233435945@sip2sip.info. Then SAVE your new Line settings.

4. Dial 750 from an Extension on your XiVO PBX to try out Lenny using your new SIP URI.

A Better Way to Create SpeedDials with XiVO

We’ve gone through the XiVO GUI approach to demonstrate that it is indeed possible to create speeddials for SIP URIs. However, there is a better way unless you’re one of the naysayers that believes everything is better in a GUI. If you have dozens or even hundreds of speeddials to create, you may change your mind. The GUI approach could obviously become tedious. Instead, with one line of Asterisk dialplan code, you can create as many speeddials as you like keeping in mind that it’s your responsibility to assure that SIP URI extension numbers don’t conflict with existing extensions on your server. Insert a new section of code at the bottom of /etc/asterisk/extensions_extra.d/xivo-extrafeatures.conf and reload your dialplan: asterisk -rx "dialplan reload".

You can also insert this code from within the XiVO GUI itself: IPX Configuration → Configuration Files. Edit xivo-extrafeatures.conf and insert the following code snippet at the end of the file and Save your entries. The dialplan will be reloaded automatically.

Some of our favorites include the following:

;# // BEGIN SpeedDials
exten = 882,1,Dial(SIP/200901@login.zipdx.com)     ; V-U-C on Fridays at noon EST
exten = 8378,1,Dial(SIP/thetestcall@getonsip.com)  ; T-E-S-T everything VoIP
exten = 53669,1,Dial(SIP/2233435945@sip2sip.info)  ; L-E-N-N-Y
exten = 68742,1,Dial(SIP/0289304@zero-nine.biz)    ; M-U-S-I-C
exten = 3733411,1,Dial(SIP/411@ideasip.com)        ; F-R-E-E-4-1-1 Directory Asst
;# // END SpeedDials

Creating a SIP URI Address for Your XiVO PBX

Free calls to other folks is only half of the story, of course. You’re also going to want a way for people to call you without incurring charges for the calls. There are many SIP URI approaches for inbound calls. Most of them are not safe with Asterisk. Let me say that again. Most of them are not safe with Asterisk. The reason is because most of them force you to open SIP access to your server for everybody in the world. Unfortunately, that means they can not only call you, but they can also attempt to use your extensions and trunks to place very expensive calls to others. Don’t even think about opening the SIP floodgate by exposing port 5060 unless Bill Gates sends you a check every week. You’ve been warned!

Setting Up an iNum SIP URI Trunk with XiVO

The better and safer way to add SIP URI connectivity to your XiVO server is to first obtain a freely available iNum DID from one of the many providers that support iNum and then use that provider as a SIP intermediary. All SIP calls pass only over your registered trunk with your provider. Our favorites in no particular order are VoIP.ms, LocalPhone and CallCentric. There are many, many others. In order to obtain a free iNum DID, you will need an account with one of these providers. All require some sort of minimal deposit, but you usually can get back unused funds if you decide to close your account down the road. Our XiVO tutorials for VoIP.ms, LocalPhone, and CallCentric will walk you through creating your SIP account and registering it with your XiVO server. Then verify that your SIP account is registered:

asterisk -rx "sip show registry"

Configuring an iNum DID with VoIP.ms

Our trunk tutorials for LocalPhone and CallCentric will walk you through their setup procedures for iNUM DIDs. VoIP.ms provides more flexibility in redirecting trunks so let us quickly walk you through their procedure. Log in to your VoIP.ms account and then order your free iNum DID at this link. Your iNum DID then will appear in your DID Listing here. Write down your iNum DID which you’ll need in a minute to configure the XiVO side of things. Then click on the Edit DID icon beside your iNum DID and assign the DID to your registered Main Account or the SubAccount that you’ve already registered with XiVO. Be sure to use the same DID POP that you used when you registered your VoIP.ms account with XiVO. Don’t enable VoiceMail and set the ring time to 60 seconds just to keep things simple.

Configuring XiVO to Support Your iNum DID

Now for the XiVO part. Using a browser, log into the XiVO GUI. Navigate to IPX Configuration → Contexts → Default → Users. For VoIP.ms and LocalPhone, add a new Number Range starting and ending with your iNum DID. Then click Save. For CallCentric, do the same thing but substitute your CallCentric username which will be an 11-digit number starting with 1777.

Repeat the above in IPX Configuration → Contexts → from-extern (Incalls) → Users.

For CallCentric only, also click on the Incoming Calls tab and add a new Number Range. For the Starting value, use your 11-digit LocalPhone username. For the DID length, set it to 11. You do NOT need to include a Number Range ending value. Click Save when you’re finished.

For VoIP.ms, navigate to IPX Settings → Users. Then Add a new User for your iNum DID. In the General tab, name the User VoIP.ms iNum. In the Lines tab, provide your actual iNum DID number. This must be the same number you added to the Number Range in the Default context above. In the No Answer tab, set the Fail option to the Destination of your choice, e.g. an extension, a ring group, an IVR, etc. Then click Save.

For LocalPhone, navigate to Call Management → Incoming Calls and Add a new Inbound Route for your DID specifying the destination for the calls using your iNum DID number:

For CallCentric, navigate to Call Management → Incoming Calls and Add a new Inbound Route using your 11-digit CallCentric username as the DID. Then specify the destination for the calls and click Save.

Calling Your XiVO PBX Using Your iNum SIP URI

To receive SIP URI calls safely on your iNum DID, your SIP URI is your iNum DID number followed by @sip.inum.net, e.g. 883510012345678@sip.inum.net. Neither the identity of your XiVO PBX or your SIP service provider is ever exposed. Enjoy your safe, free calling!

Originally published: Monday, September 26, 2016





Need help with Asterisk? Come join the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Gotcha-Free PBX: GIT-R-Done with Incredible PBX for Asterisk-GUI (CentOS)


[iframe-popup id="4″]
For the die-hard developers out there, we are pleased to introduce a new version of Incredible PBX™ for Asterisk-GUI that uses GIT repos to build both Asterisk® and Asterisk-GUI with the same feature set of applications as our previous releases. You still get a Gotcha-Free PBX with pure and honest open source GPL code. No patent, trademark, or copyright minefields to trip you up. But this time around you’ll have an Asterisk platform that can be updated in seconds by running a simple upgrade script: upgrade-asterisk-to-current. Special thanks to Matt Jordan & Co. for the new GIT implementation. And our extra special thanks to Denver sports cartoonist, Drew Litton, for letting us share his GIT-R-DONE creation as well.

This time around you’ll need a 64-bit CentOS 6.5/6.6 base platform. When you complete the 30-minute install procedure, you’ll have the very latest version of Asterisk 11 and Asterisk-GUI. Both are compiled from source on your hardware platform to maximize performance. The end result is the VoIP Trifecta… better, cheaper, and faster.

Since the early Windows® days, we haven’t been big fans of GUI-only interfaces. Let’s face it. Some things can be configured more efficiently with less chance for error using other tools. Incredible PBX takes advantage of this hybrid technology by offering the best of all worlds. Administrators can use a GUI where it makes sense and use a text editor or simple web form where it doesn’t. There’s no MySQL middleware to obfuscate your Asterisk settings. So you can configure 8 VoIP trunks from 8 great providers in under 5 minutes. And there’s so much more…

Target Audience: Home or SOHO/SBO in need of a turnkey, Gotcha-Free PBX Development Platform

Default Configuration: Asterisk 11 with enhanced Asterisk-GUI, Kennonsoft GUI, and NANPA dialplan

Platform: 64-bit CentOS 6.5/6.6 running on Dedicated Server, Cloud-Based Server, or Virtual Machine

Minimum Memory: 512MB

Recommended Disk: 20GB+

Default Trunks: Google Voice, CallCentric, DIDlogic, Future-Nine, IPcomms, Les.net, Vitelity, VoIP.ms1

Feature Set: Fax, SMS messaging, VPN, Reminders, ConfBridge Conferencing, AsteriDex, Voicemail, Email, IVR, News, Weather, Voice Dialer, Wolfram Alpha, Today in History, TM3 Firewall WhiteList, Speed Dialer, iNUM and SIP URI (free) worldwide calling, OpenCNAM CallerID lookups, DISA, Call Forwarding, CSV CDRs

Administrator Utilities: Incredible Backup/Restore, Automatic Updater, Asterisk Upgrader, phpMyAdmin, Timezone Config, Plug-and-Play Trunk Configurator, WebMin, External IP Setup, Firewall WhiteList Tools

Getting Started with Incredible PBX for Asterisk-GUI (GIT Edition)

Here’s a quick overview of the installation and setup process for Incredible PBX for Asterisk-GUI:

  1. Choose a Hardware Platform – Dedicated PC, Cloud, or Virtual Machine
  2. Install Linux – 64-bit CentOS 6.5 or Scientific Linux Minimal ISO
  3. Download and Install Incredible PBX for Asterisk-GUI
  4. Install Incredible Fax for Asterisk-GUI (optional)
  5. Set Up Passwords for Incredible PBX for Asterisk-GUI
  6. Configure Trunks with Incredible PBX for Asterisk-GUI
  7. Connect a Softphone to Incredible PBX for Asterisk-GUI

1. Choose a Platform for Incredible PBX for Asterisk-GUI

Incredible PBX for Asterisk-GUI works equally well on dedicated hardware or a virtual machine. Just be sure you’ve met the minimum requirements outlined above and that you have a sufficiently robust Internet connection to support 100Kb of download and upload bandwidth for each simultaneous call you wish to handle with your new PBX.

For Dedicated Hardware, we recommend an Atom-based PC of recent vintage with at least a 30GB drive and 4GB of RAM. That will take care of an office with 10-20 extensions and a half dozen or more simultaneous calls if you have the Internet bandwidth to support it.

For Cloud-Based Implementations, this time around we recommend Digital Ocean because the GIT edition is designed to be a development platform with bleeding edge Asterisk 11 code.

For Virtual Machine Installs, we recommend Oracle’s VirtualBox platform which runs atop almost any operating system including Windows, Macs, Linux, and Solaris. Here’s a link to our original VirtualBox tutorial to get you started. We suggest allocating 1GB of RAM and at least a 20GB disk image to your virtual machine for best performance.

2. Install a Linux Flavor for Incredible PBX for Asterisk-GUI

To be clear, we plan to support many Linux flavors other than RedHat. But Rome wasn’t built in a day so hang in there. We’re flippin’ burgers as fast as we can. For today, you’ll need a 64-bit version of CentOS or Scientific Linux 6.5/6.6. On some platforms, you install 6.5. After the initial update and upgrade steps, you’ll end up with 6.6. There are many flavors of CentOS and Scientific Linux. For Incredible PBX, a minimal install is all you need.

With dedicated hardware, begin by downloading the 64-bit CentOS 6.6 minimal ISO. Boot your server with the ISO, and begin the install. Here are the simplest installation steps:

Choose Language and Click Continue
Click: Install Destination (do not change anything!)
Click: Done
Click: Network & Hostname
Click: ON
Click: Done
Click: Begin Installation
Click: Root Password: password, password, Click Done twice
Wait for Minimal Software Install and Setup to finish
Click: Reboot

With most cloud-based providers, you simply choose the CentOS 6.5 platform in creating your initial image. 512MB of RAM is plenty so long as you have a swap file. Within a minute or two, you’re ready to boot up the server.

For VirtualBox, download the Scientific Linux 6.6 minimal install .ova image from SourceForge. Then double-click on the image to load it into VirtualBox. Enable Audio and configure Network with Bridge Adapter in Settings. Then start the virtual machine. Default password for root is password.

With VirtualBox, you can skip this step. For everyone else, log into your server as root and issue the following commands to put the basic pieces in place and to reconfigure your Ethernet port as eth0. On some platforms, some of the commands may generate errors. Don’t worry about it! Just make a note of your IP address so you can log back in with SSH from a desktop computer to begin the Incredible PBX install.

For CentOS/Scientific Linux 6.5 minimal install:

setenforce 0
yum -y upgrade
yum -y install net-tools nano wget
ifconfig
sed -i 's|quiet|quiet net.ifnames=0 biosdevdame=0|' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
wget http://incrediblepbx.com/update-kernel-devel
chmod +x update-kernel-devel
./update-kernel-devel
reboot

For CentOS/Scientific Linux 6.6 minimal install:

setenforce 0
yum -y upgrade
yum -y install net-tools nano wget
ifconfig
reboot

3. Install GIT-R-Done Edition of Incredible PBX for Asterisk-GUI

cd /root
yum -y install wget
wget http://incrediblepbx.com/incrediblepbx11gui-git.tar.gz
tar zxvf incrediblepbx11gui-git.tar.gz
#./create-swapfile-DO  #add this step for Digital Ocean droplets
rm -f incrediblepbx11gui-git.tar.gz
sed -i 's|pbxinaflash.com|incrediblepbx.com|' IncrediblePBX11-GUI-git.sh
./IncrediblePBX11-GUI-git.sh
./IncrediblePBX11-GUI-git.sh

4. Install Incredible Fax for Asterisk-GUI (optional)

Administrators have been trying to stomp out faxing for at least two decades. Here’s a hint. It ain’t gonna happen. So go with the flow and add Gotcha-Free Faxing to your server. It’ll be there when you need it. And sooner or later, you’ll need it. This install script is simple enough for any monkey to complete. Run the script and enter the email address for delivery of your faxes. Then, if you’re in the U.S. or Canada, press the Enter key to accept every default entry during the HylaFax and AvantFax installation steps. For other countries, read the prompts and answer accordingly. When the installation finishes, reboot your server to bring faxing on line. Be sure to change your AvantFax admin password. By default, it is password. You can use the script included in the /root folder: avantfax-pw-change. REMINDER: Don’t forget to reboot your server!

cd /root
./incrediblefax11-GUI.sh
./avantfax-pw-change
reboot

Troubleshooting: If your IAXmodems don’t display with a green IDLE notation in the AvantFax GUI, you may need to restart them once more. After a second reboot, all should be well. The restart command is /root/iaxmodem-restart.

5. Initial Configuration of Incredible PBX for Asterisk-GUI

Incredible PBX is installed with the preconfigured IPtables Linux firewall already in place. It implements WhiteList Security to limit server access to connected LANs, your server’s IP address, your desktop computer’s IP address, and a few of our favorite SIP providers. You can add additional entries to this WhiteList whenever you like using the add-ip and add-fqdn tools in /root. There’s also an Apache security layer for our web applications. And, of course, Asterisk-GUI has its own security methodology using Asterisk’s manager.conf. Finally, we randomize extension and DISA passwords as part of the initial install process. Out of the starting gate, you won’t find a more secure VoIP server implementation anywhere. After all, it’s your phone bill.

Even with all of these layers of security, here are 10 Quick Steps to better safeguard your server. You only do this once, but failing to do it may lead to security issues you don’t want to have to deal with down the road. So DO IT NOW!

First, log into your server as root with your root password and do the following:

Make your root password very secure: passwd
Set your correct time zone: ./timezone-setup
Create admin password for web apps: htpasswd -b /etc/pbx/wwwpasswd admin newpassword
Make a copy of your other passwords: cat passwords.FAQ
Make a copy of your Knock codes: cat knock.FAQ
Decipher IP address and other info about your server: status

Second, log into your server as admin using a web browser pointed to your server’s IP address:

Click USERS tab in Incredible PBX GUI
Click Asterisk-GUI Administration
Log in as user: admin with password: password
Immediately change your admin password and login again

Log in to Asterisk-GUI again with your new password. Expand the options available in the GUI:

Options -> Advanced Options -> Show Advanced Options

Last but not least, Incredible PBX includes an automatic update utility which downloads important updates whenever you log into your server as root. We recommend you log in once a week to keep your server current. Now would be a good time to log out and back into your server at the Linux command line to bring your server up to current specs.

6. Configure Trunks with Incredible PBX for Asterisk-GUI

Now for the fun part. If this is your first VoIP adventure, be advised that this ain’t your grandma’s phone system. You need not and should not put all your eggs in one basket when it comes to telephone providers. In order to connect to Plain Old Telephones, you still need at least one provider. But there is nothing wrong with having several. And a provider that handles an outbound call (termination) need not be the same one that handles an incoming call (origination) and provides your phone number (DID). We cannot recommend Vitelity highly enough, and it’s not just because they have financially supported our projects for almost a decade. They’re as good as VoIP providers get, and we use lots of them. If you’re lucky enough to live in the U.S., you’d be crazy not to set up a Google Voice account. It’s free as are all phone calls to anywhere in the U.S. and Canada. The remaining preconfigured providers included in Incredible PBX for Asterisk-GUI are equally good, and we’ve used and continue to use almost all of them. So pick a few and sign up. You only pay for the calls you make with each provider so you have little to lose by choosing several. The PIAF Forum includes dozens of recommendations on VoIP providers if you want additional information.

With the preconfigured trunks in Incredible PBX for Asterisk-GUI, all you need are your credentials for each provider and the FQDN of their server. Log into Asterisk-GUI Administration as admin using a browser. From the System Status screen, click Incredible PBX Apps. Click on each provider you have chosen and fill in the blanks with your credentials. When you’ve saved all of your settings, log into your server as root via SSH and type: service asterisk restart or asterisk-restart. You can also issue the command in the Asterisk-GUI by choosing the Asterisk CLI tab2 in the left column. Doesn’t get any simpler!

Update: It should be noted that Incredible PBX for Asterisk-GUI also supports Anveo Direct trunks; however, they are configured differently because of the way Anveo handles the calls. You’ll need the PIN provided by Anveo to set up your trunk, and Anveo supports CallerID spoofing so you can enter any CallerID number for the trunk that you are authorized to use. You’ll find the Anveo Direct setup link in the Incredible PBX Apps tab. To route an outgoing call through Anveo trunk, dial 2 + any desired 10-digit number.

Here is the complete list of dialing prefixes and the trunks to which they are associated:

  • 1 – Google Voice
  • 2 – Anveo Direct
  • 3 – Future Nine
  • 4 – CallCentric
  • 5 – DIDlogic
  • 6 – IPcomms
  • 7 – Les.net
  • 8 – Vitelity
  • 9 – VoIP.ms

For free iNUM calling worldwide, the following dialing prefixes are supported in conjunction with the last seven digits of any destination iNUM DID. Free iNUM DIDs for your own PBX are available from both of these providers as well.

  • 0XXXXXXX – CallCentric
  • 90XXXXXXX – VoIP.ms

Finally, in addition to the native Asterisk motif implementation of Google Voice (covered below) which uses insecure authentication with Google Voice, we also support the new Simonics SIP gateway to Google Voice using OAUTH authentication. Just click this link for the installation script and tutorial.

7. Configure a Softphone with Incredible PBX for Asterisk-GUI

We’re in the home stretch now. You can connect virtually any kind of telephone to your new Gotcha-Free PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.

We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 6002 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 6002 password. Choose Users -> 6002 and write down your SIP/IAX Password. You can also find it in /root/passwords.FAQ. Fill in the blanks using the IP address of your server, 6002 for your account name, and whatever password is assigned to the extension. Click OK to save your entries.

Once you are registered to extension 6002, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

7001 - IVR Demo
123 - Reminders
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
TODAY - Today in History

If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail.

If you have difficulty finding the Google Chat option after setting up a new Google Voice account, follow this tutorial.

Once you’ve created your Gmail and Google Voice accounts, go to Google Voice Settings and click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you’ve adjusted your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to configure your Google Voice account in Incredible PBX. You can do it from within Asterisk-GUI by choosing Google Voice within the Incredible PBX Apps tab. Once you entered your credentials, don’t forget to restart Asterisk, or Google Voice calls will fail. If you still have trouble placing or receiving calls, try these tips.

OK, Smarty Pants: Show Me the Beef!

We know what some of you are thinking. "What does a fast food worker really know about VoIP and Gotcha-Free PBXs?? Before I waste a bunch of time on this, show me the beef!" Fair enough. Sit by your phone and click the Call Me icon below. Type in a fake name and your real phone number. Click the Connect button, answer your phone when it rings, and press 1. You’ll be connected to the Incredible PBX IVR for Asterisk-GUI. Pick an option from the menu of choices and take the Incredible PBX apps for a spin on our dime… actually it’s Google’s dime. Everything you see and hear is part of what you get with Incredible PBX for Asterisk-GUI including the ability to set up your own click-to-dial web interface exactly like this one. The demo just happens to be running on our Mac desktop instead of yours. So… what are you waiting for? Click away and try Incredible PBX for yourself. And, by the way, nobody besides the NSA and Google will be monitoring your call. 😉



Nerd Vittles Demo IVR Options
1 – Call by Name (say “Delta Airlines” or “American Airlines” to try it out)
2 – MeetMe Conference (password is 1234)
3 – Wolfram Alpha (say “What planes are overhead?”)
4 – Lenny (The Telemarketer’s Worst Nightmare)
5 – Today’s News Headlines
6 – Weather Forecast (say the city and state, province, or country)
7 – Today in History
8 – Speak to a Real Person (or maybe just voicemail if we’re out)

Homework Assignment: Mastering the Asterisk-GUI

We’ll have more to say about the Incredible PBX applications next week. In the meantime, you have some homework. You need to learn all about Asterisk-GUI and how to make the best use of its powerful feature set. Here’s one word of warning. We mentioned that Incredible PBX was a hybrid system that combines some customized settings with the standard Asterisk-GUI interface. Before modifying existing settings for the default trunks, extensions, and default routes, take a look at the credentials* files in /etc/asterisk. If you modify any of these trunk entries or the Outgoing or Incoming Call Rules in Asterisk-GUI, you may break the Incredible PBX setup. So steer clear of that minefield until you know what you’re doing. Adding new extensions and additional trunks is perfectly fine and will not break anything.

Rather than reinvent the wheel, we’ll point you to some excellent tutorials that already have been written. Start with Chapter 3 of Digium’s Asterisk Appliance™ Administrator Manual. Next, review Chapter 11 of The Asterisk Book (Second Edition). Finally, take a look at a couple of the tutorials that have been written by other companies that incorporated Asterisk-GUI into their hardware products, e.g. Yeastar’s MyPBX SOHO User Manual and Grandstream’s UCM6100 User Manual. Then check back with us next week for Chapter 2.

In the meantime, if you have questions, join the PBX in a Flash Forums and take advantage of our awesome collection of gurus. There’s an expert available on virtually any topic, and the price is right. As with Incredible PBX, it’s absolutely free.

We also are quickly building a collection of tutorials tailored specifically for Incredible PBX for Asterisk-GUI:

Enjoy your new Gotcha-Free PBX!

Now Available: The Gotcha-Free Incredible PBX Application User’s Guide

Originally published: Monday, April 20, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. Vitelity and Google provide financial support to Nerd Vittles and the Incredible PBX project. []
  2. If, for some reason, the Asterisk CLI tab does not appear on your server, click Options -> Advanced Options -> Show Advanced Options. []