Home » Posts tagged 'Networking'

Tag Archives: Networking

The Most Versatile VoIP Provider: FREE PORTING

The Ultimate LTE Modem Router: Introducing Cudy LT500D


It’s hard to get too excited when talking about routers, but the Cudy LT500D is something special. That’s because it’s not just a router. It’s also a 4G LTE modem. That means, when you snap in a SIM card from your favorite cellular provider, it becomes an always-available Internet connection regardless of where you happen to be. Yes, you can get too far out in the wilderness and lose connectivity. But the router requires an electric outlet to work so in virtually all environments with AT&T or T-Mobile access, you’re covered. Whether it’s camping out or a mountain cabin or a beach house, the LT500D is a winner. It provides instant WiFi connectivity to the Internet for your entire family. You also can send and receive SMS messages using the web interface. And there’s an awesome bonus. If you currently have Comcast or Spectrum service which regularly goes out to lunch, the Cudy LT500D is a perfect complement. Why? Because it can be configured as an automatic failover during outages.

After updating the firmware, we tested the router with SIM cards from BoostMobile and T-Mobile. Setup took less than a minute. Simply activate your SIM card in a cell phone, and then pop the card into the LT500D. It automatically configures the router to support your carrier of choice. After a reboot, you simply access the LT500D dashboard by using a browser to connect to 192.168.10.1. You can also configure an OpenVPN client connection on the router and provide VPN access to anyone that makes a WiFi connection to the router.


Choosing a cellphone plan for your router is perhaps the trickiest deployment component. Most providers don’t like devices that let multiple people share a SIM card. The best deal we could find was this current BoostMobile 5GB data plan which costs just $5 a month for the first three months. After that, you can search for another deal, or you can be clever and buy several SIM cards from BoostMobile and register down the road with a different email address. You might also consider MintMobile which sells an introductory unlimited data, 3-month plan for $15 a month. With unlimited plans, some have suggested that you may need to make your router look more like a cellphone to avoid service interruption. We don’t traffic in details for flying under the radar, but Google is your friend.



What we will share is how to configure your router as an OpenVPN client which then gives all of your WiFI users access to all of the OpenVPN clients in your virtual private network. First, create and download an OpenVPN configuration file (cudy.ovpn) from your OpenVPN server. Then, on the Cudy router, choose the General Settings menu and click on the VPN icon. Activate the Enable and Site-to-Site tabs. For the Default Rule, choose Allow All Devices. For the VPN Subnet, choose Remote Subnet. Click Edit Item and add an Allow Listed Only Rule for 10.8.0.0/255.255.255.0. Click Save. For the OpenVPN Config File, click Browse and select the cudy.ovpn file downloaded from your OpenVPN server. It will automatically fill in your OpenVPN server’s FQDN. Now click Save & Apply to bring your OpenVPN client on line. You can test things by logging in via WiFi from a PC and using a browser to access one of the 10.8.0 addresses on your virtual private network.


In conclusion, this is one of the best routers we have ever tested or used. The Advanced Settings Dashboard is in a league of its own. At $129, the Cudy LT500D is a steal. Using our referral link helps pay the bills at Nerd Vittles. Enjoy!

Originally published: Monday, June 19, 2023



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Interconnecting Asterisk Servers with PJsip and OpenVPN


It’s been several years since we discussed interconnecting Asterisk® servers so today we want to do a version refresh using PJsip Trunking. We also want to show you how easy it is to secure the communications path by setting up the trunks using OpenVPN connections. When we’re finished, you’ll have a FREE way to call between sites using FreePBX® Outbound Routes. Because Incredible PBX comes preconfigured with all the components you’ll need, we’ll use that platform to further simplify the deployment. We’ll be interconnecting two Asterisk servers today, but you can use the same methodology to connect numerous sites.

Deploying OpenVPN with Asterisk Servers

To begin, you’ll want to get all of the sites configured with a virtual private network using OpenVPN. Our tutorial will walk you through the process. Keep in mind that all current releases of Incredible PBX are preconfigured to let you drop in your OpenVPN client credentials by naming them incrediblepbx.ovpn and copying the file into the /etc directory. Rebooting your server will bring up the virtual private network with a 10.8.0.x IP address.

Configuring PJsip Trunks on Your Asterisk Servers

If you remember yesteryear’s knuckle drill configuring SIP or IAX trunks for Asterisk connectivity, you’re in for a pleasant surprise using PJsip trunking with FreePBX. Using the GUI, create a new PJsip trunk for every site to which you want to establish a connection. A similar PJsip trunk must be created on the other site as well. If you’re just interconnecting two servers, then using the City locations for the Trunk Names will suffice. But, if there are more than two servers, specify unique names for each end of every PJsip connection, e.g.

NewYork1 <-> London1
NewYork2 <-> Washington1
NewYork3 <-> Miami1
London2 <-> Washington2
London3 <-> Miami2
Washington3 <-> Miami3

For today, we’ll interconnect a server in New York and London, but we’ll plan for the future and use London1 for the Trunk Name on the New York server and NewYork1 for the Trunk Name on the London server.

Let’s begin by configuring the London1 trunk on the New York server. After entering the London1 Trunk Name in the General tab, click on the pjsip Settings tab. In the General tab, leave the defaults in the first four fields. Then change the Registration field to None. For the SIP Server field, enter the OpenVPN IP address of the London server, e.g. 10.8.0.2. Because we’re using Incredible PBX, the PJsip port is 5061 so enter that in the SIP Server Port field. If you’re using a different flavor of FreePBX, enter the appropriate port number for PJsip on your platform. Next, click on the Advanced tab and enter the London server’s OpenVPN address in the Match (Permit) field, e.g. 10.8.0.2. In the Codecs tab, make note of the enabled codecs and make certain that the entries match on all of your servers. Click the Submit button to save your settings and then reload your dialplan.

Now let’s configure the NewYork1 trunk on the London server. After entering the NewYork1 Trunk Name in the General tab, click on the pjsip Settings tab. In the General tab, leave the defaults in the first four fields. Then change the Registration field to None. For the SIP Server field, enter the OpenVPN IP address of the New York server, e.g. 10.8.0.1. Because we’re using Incredible PBX, the PJsip port is 5061 so enter that in the SIP Server Port field. If you’re using a different flavor of FreePBX, enter the appropriate port number for PJsip on your platform. Next, click on the Advanced tab and enter the New York server’s OpenVPN address in the Match (Permit) field, e.g. 10.8.0.1. In the Codecs tab, make certain that the entries match those on your New York server. Click the Submit button to save your settings and then reload your dialplan. Here’s how it looks in the FreePBX GUI:


Use Outbound Routes to Interconnect Extensions

To keep things simple, let’s assume both your New York and London servers have extensions 701-705. To call an extension on the other server, we will simply dial 9 and then the 3-digit extension, e.g. dialing 9701 on the New York server will ring 701 on the London server and dialing 9701 on the London server will ring 701 on the New York server.

Create an Outbound Route on the New York server called London specifying London1 for the Trunk Sequence in the Route Settings tab. In the Dial Patterns tab, enter 9 in the Prefix field and XXX for the Match Pattern. Click Submit to save your settings and then reload dialplan.


Create an Outbound Route on the London server called New York specifying NewYork1 for the Trunk Sequence in the Route Settings tab. In the Dial Patterns tab, enter 9 in the Prefix field and XXX for the Match Pattern. Click Submit to save your settings and then reload dialplan.

If you’re interconnecting more than two sites, then you probably will want to designate a specific Prefix for every City so that users can travel between sites and use the same methodology to reach the same extensions from every location.

You can test things out using softphones by registering 701 to an extension in New York and another to the 701 extension in London. Now you can place secure and FREE calls between the sites by dialing 9701 from each softphone. Enjoy!

Originally published: Monday, May 2, 2022



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Introducing OpenVPN for Incredible PBX

We’ve been wrestling with virtual private networks for more than 22 years now. Here’s a quick walk down memory lane. Our adventure began with the Altiga 3000 series VPN concentrators which we introduced in the federal courts in 1999. It was a near perfect plug-and-play hardware solution for secure communications between remote sites using less than secure Windows PCs. Cisco quickly saw the potential, gobbled up the company, and promptly doubled the price of the rebranded concentrators. Over a decade ago, we introduced Hamachi® VPNs to interconnect Asterisk® and PBX in a Flash servers. At the time, Hamachi was free, but that was short-lived when they were subsequently acquired by LogMeIn®. What followed was a short stint with PPTP VPNs which worked great with Macs, Windows PCs, and many phones but suffered from an endless stream of security vulnerabilities. Finally, in April 2012, we introduced the free NeoRouter® VPN. Version 2 still is an integral component in every Incredible PBX® platform today, and PPTP still is available as well. While easy to set up and integrate into multi-site Asterisk deployments, the Achilles’ Heel of NeoRouter remains its inability to directly interconnect many smartphones and stand-alone SIP phones, many of which now support the OpenVPN platform.

The main reason we avoided OpenVPN® over the years was its complexity to configure and deploy.1 In addition, it was difficult to use with clients whose IP addresses were frequently changing. Thanks to the terrific work of Nyr, Stanislas Angristan, and more than a dozen contributors, OpenVPN now has been tamed. And the new server-based, star topology design makes it easy to deploy for those with changing or dynamic IP addresses. Today we’ll walk you through building an OpenVPN server as well as the one-minute client setup for almost any Asterisk deployment and most PCs, routers, smartphones, and VPN-compatible soft phones and SIP phones including Yealink, Grandstream, Snom, and many more. And the really great news is that OpenVPN clients can coexist with your current NeoRouter VPN.

Finally, a word about the OpenVPN Client installations below. We’ve tested all of these with current versions of Incredible PBX 13-13 and 16-15 as well as Incredible PBX 2020 and Incredible PBX 2021. They should work equally well with other server platforms which have been properly configured. However, missing dependencies on other platforms are, of course, your responsibility.

Building an OpenVPN Server Platform

There are many ways to create an OpenVPN server platform. The major prerequisites are a supported operating system, a static IP address for your server, and a platform that is extremely reliable and always available. If the server is off line, all client connections will also fail. While we obviously have not tested all the permutations and combinations, we have identified a platform that just works™. It’s the CentOS 7, 64-bit cloud offering from Vultr. If you use our referral link at Vultr, you not only will be supporting Nerd Vittles through referral revenue, but you also will be able to take advantage of their $100 free credit for new customers. For home and small business deployments, we have found the $5/month platform more than adequate, and you can add automatic backups for an additional $1 a month. Cheap insurance!

A more recent and less costly hosting alternative is the $25/year Crown Cloud offering that we introduced several weeks ago. It includes a free snapshot backup in the $25 annual price.

To get started, create your CentOS 7 instance and login as root using SSH or Putty. Immediately change your password and update and install the necessary CentOS 7 packages. Be sure to turn off SELinux if it is installed by default.

passwd
setenforce 0
# edit /etc/selinux/config
# insert: SELINUX=disabled
# save the SELinux config file
yum -y update
yum -y install net-tools nano wget tar iptables-services
systemctl stop firewalld
systemctl disable firewalld
systemctl enable iptables

We recommend keeping your OpenVPN server platform as barebones as possible to reduce the vulnerability risk. By default, this installer routes all client traffic through the VPN server which wastes considerable bandwidth. The sed commands below modify this design to only route client VPN traffic through the OpenVPN server.


#!/bin/bash
##filename # openvpn-install-mod
echo "      Fix script /root/openvpn-install.sh to ensure internet traffic doesn't use vpn-tunnel."
echo " "
read -p "     Press 'Enter' to continue at your own risk,  or Ctrl+c to abort."
##trap user non root
if [ "$(id -u)" -ne 0 ]; then
echo ""
echo "Must be run as root user: sudo $0" echo ""
exit 1
fi
# cd /root
echo "     Fetching latest copy of install script  /root/openvpn-install.sh from github.com/Angristan"
curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
echo "        running  3 sed commands to ensure only local traffic uses vpn-tunnel :-"
echo '        1st commenting-out line 857'
#### fails to complete with \\"redirect-gateway ## sed -i "s|\\techo 'push \\"redirect-gateway|#\\techo 'push \\"redirect-gateway|" openvpn-install.sh
sed -e '/redirect-gateway d/s/^/#/' -i openvpn-install.sh

echo '2nd commenting-out line 865'
###sed -i "s|push \\"redirect-gateway|#push \\"redirect-gateway|" openvpn-install.sh
sed -e '/redirect-gateway ipv6/s/^/#/' -i openvpn-install.sh

echo '3rd after line 1042 ;  newline 1043   pull-filter ignore redirect-gateway'
###sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' openvpn-install.sh
sed -i 's|tls-client|tls-client\npull-filter ignore "redirect-gateway"|' openvpn-install.sh

Here are the recommended entries in running the OpenVPN installer:

  • Server IP Address: using FQDN strongly recommended to ease migration issues
  • Enabled IPv6 (no): accept default
  • Port (1194): accept default
  • Protocol (UDP): accept default
  • DNS (3): change to 9 (Google)
  • Compression (no): accept default
  • Custom encrypt(no): accept default
  • Generate Server
  • Client name: firstclient
  • Passwordless (1): accept default

NOTE: On CentOS 7 platforms, edit /usr/lib/systemd/system/openvpn@.service. Scroll down to the ExecStart= line and change %i.conf to %I.conf. Then save the file. Special thanks to @mattburris for catching the error.

In the following steps, we will use IPtables to block all server access except via SSH or the VPN tunnel. Then we’ll start your OpenVPN server:

cd /etc/sysconfig
wget http://incrediblepbx.com/iptables-openvpn.tar.gz
tar zxvf iptables-openvpn.tar.gz
rm -f iptables-openvpn.tar.gz
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
systemctl -f enable openvpn@server.service
systemctl start openvpn@server.service
systemctl status openvpn@server.service
systemctl enable openvpn@server.service
systemctl restart iptables

Once OpenVPN is enabled, the server can be reached through the VPN at 10.8.0.1. OpenVPN clients will be assigned by DHCP in the range of 10.8.0.2 through 10.8.0.254. You can list your VPN clients like this: cat /etc/openvpn/ipp.txt. You can list active VPN clients like this: cat /var/log/openvpn/status.log | grep 10.8. And you can add new clients or delete old ones by rerunning /root/openvpn-install.sh.

For better security, change the SSH access port replacing 1234 with desired port number:

PORT=1234
sed -i "s|#Port 22|Port $PORT|" /etc/ssh/sshd_config
systemctl restart sshd
sed -i "s|dport 22|dport $PORT|" /etc/sysconfig/iptables
systemctl restart iptables

We’ve made changes in the Angristan script to adjust client routing. By default, all packets from every client flowed through the OpenVPN server which wasted considerable bandwidth. Our preference is to route client packets destined for the Internet directly to their destination rather than through the OpenVPN server. The sed commands added to the base install above do this; however, if you’ve already installed and run the original Angristan script, your existing clients will be configured differently. Our recommendation is to remove the existing clients, make the change below, and then recreate the clients again by rerunning the script. In the alternative, you can execute the command below to correct future client creations and then run it again on each existing client platform substituting the name of the /root/.ovpn client file for client-template.txt and then restart each OpenVPN client.


cd /etc/openvpn
sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' client-template.txt

Creating OpenVPN Client Templates

In order to assign different private IP addresses to each of your OpenVPN client machines, you’ll need to create a separate client template for each computer. You do this by running /root/openvpn-install.sh again on the OpenVPN server. Choose option 1 to create a new .ovpn template. Give each client machine template a unique name and do NOT require a password for the template. Unless the client machine is running Windows, edit the new .ovpn template and comment out the setenv line: #setenv. Save the file and copy it to the /root folder of the client machine. Follow the instructions below to set up OpenVPN on the client machine and before starting up OpenVPN replace firstclient.ovpn in the command line with the name of .ovpn you created for the individual machine.



Renewing OpenVPN Server’s Expired Certificate

The server certificate will expire after 1080 days, and clients will no longer be able to connect. Here’s what to do next:

systemctl stop openvpn@server.service
cd /etc/openvpn/easy-rsa
./easyrsa gen-crl
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
systemctl start openvpn@server.service


Installing an OpenVPN Client on CentOS/RHEL

cd /root
yum -y install epel-release
yum --enablerepo=epel install openvpn -y
# copy /root/firstclient.ovpn from server to client /root
# and then start up the VPN client
openvpn --config /root/firstclient.ovpn --daemon
# adjust Incredible PBX firewall below
iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
cd /usr/local/sbin
echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom

Running ifconfig should now show the VPN client in the list of network ports:

tun0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
     inet addr:10.8.0.2  P-t-P:10.8.0.2  Mask:255.255.255.0
     UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
     RX packets:9 errors:0 dropped:0 overruns:0 frame:0
     TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:100 
     RX bytes:855 (855.0 b)  TX bytes:17254 (16.8 KiB)

And you should be able to login to the VPN server using its VPN IP address:

# enter actual SSH port replacing 1234
PORT=1234
ssh -p $PORT root@10.8.0.1

Installing an OpenVPN Client on Debian and Ubuntu

cd /root
apt-get update
apt-get install openvpn unzip
dpkg-reconfigure tzdata
# copy /root/firstclient.ovpn from server to client /root
# and then start up the VPN client
openvpn --config /root/firstclient.ovpn --daemon
# adjust Incredible PBX firewall below
iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
cd /usr/local/sbin
echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom

Running ifconfig should now show the VPN client in the list of network ports:

tun0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
     inet addr:10.8.0.2  P-t-P:10.8.0.2  Mask:255.255.255.0
     UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
     RX packets:9 errors:0 dropped:0 overruns:0 frame:0
     TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:100 
     RX bytes:855 (855.0 b)  TX bytes:17254 (16.8 KiB)

And you should be able to login to the VPN server using its VPN IP address:

# enter actual SSH port replacing 1234
PORT=1234
ssh -p $PORT root@10.8.0.1

Installing an OpenVPN Client on Raspbian

The OpenVPN client now is easy to install on the latest Incredible PBX builds for the Raspberry Pi. Log into your server as root and issue the following commands to set your time zone and install the OpenVPN client. pbxstatus should then show the 10.8.0.x VPN address in the Private IP listing.

dpkg-reconfigure tzdata
apt-get install openvpn unzip
# copy your .ovpn template into /root
# edit template and comment out setenv line
# start up the client using actual .ovpn filename
openvpn --config /root/raspi.ovpn --daemon
# adjust Incredible PBX firewall
iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
cd /usr/local/sbin
echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom
iptables-restart
pbxstatus


Installing an OpenVPN Client on a Mac

While there are numerous OpenVPN clients for Mac OS X, none hold a candle to Tunnelblick in terms of ease of installation and use. First, create a new client config on your server and copy it (/root/*.ovpn) to a folder on your Mac where you can find it. Download Tunnelblick and install it. Run Tunnelblick and then open Finder. Click and drag your client config file to the Tunnelblick icon in the top toolbar. Choose Connect when prompted. Done.

Installing an OpenVPN Client for Windows 10

The installation procedure for Windows is similar to the Mac procedure above. Download the OpenVPN Client for Windows. Double-click on the downloaded file to install it. Create a new client config on your server and copy it (/root/*.ovpn) to a folder on your PC where you can find it. Start up the OpenVPN client and click on the OpenVPN client in the activity tray. Choose Import File and select the config file you downloaded from your OpenVPN Server. Right-click on the OpenVPN icon again and choose Connect. Done.

Installing an OpenVPN Client for Android

Our favorite OpenVPN client for Android is called OpenVPN for Android and is available in the Google Play Store. Download and install it as you would any other Android app. Upload a client config file from your OpenVPN server to your Google Drive. Run the app and click + to install a new profile. Navigate to your Google Drive and select the config file you uploaded.

Installing an OpenVPN Client for iOS Devices

The OpenVPN Connect client for iOS is available in the App Store. Download and install it as you would any other iOS app. Before uploading a client config file, open the OpenVPN Connect app and click the 4-bar Settings icon in the upper left corner of the screen. Click Settings and change the VPN Protocol to UDP and IPv6 to IPV4-ONLY Tunnel. Accept remaining defaults.

To upload a client config file, the easiest way is to use Gmail to send yourself an email with the config file as an attachment. Open the message with the Gmail app on your iPhone or iPad and click on the attachment. Then choose the Upload icon in the upper right corner of the dialog. Next, choose Copy to OpenVPN in the list of apps displayed. When the import listing displays in OpenVPN Connect, click Add to import the new profile. Click ADD again when the Profile has been successfully imported. You’ll be prompted for permission to Add VPN Configurations. Click Allow. Enter your iOS passcode when prompted. To connect, tap once on the OpenVPN Profile. To disconnect, tap on the Connected slider. When you reopen the OpenVPN Connect app, the OVPN Profiles menu will display by default. Simply tap once on your profile to connect thereafter.

Installing a Web Interface to Display Available Clients

One advantage of NeoRouter is a simple way for any VPN client to display a listing of all VPN clients that are online at any given time. While that’s not possible with OpenVPN, we can do the next best thing and create a simple web page that can be accessed using a browser but only from a connected OpenVPN client pointing to http://10.8.0.1.

To set this up, log in to your OpenVPN server as root and issue the following commands:


yum --enablerepo=epel install lighttpd -y
systemctl start lighttpd.service
systemctl enable lighttpd.service
chown root:lighttpd /var/log/openvpn/status.log
chmod 640 /var/log/openvpn/status.log
cd /var/www
rm -rf lighttpd
wget http://incrediblepbx.com/lighttpd.tar.gz
tar zxvf lighttpd.tar.gz
ln -s /var/log/openvpn/status.log /var/www/lighttpd/status.log
sed -i 's|#server.bind = "localhost"|server.bind = "10.8.0.1"|' /etc/lighttpd/lighttpd.conf
systemctl restart lighttpd.service

 
UPDATE: On some cell phones and on Windows PCs, you may observe that you can no longer reach your favorite web sites after enabling the OpenVPN client. Luckily there’s a simple fix that allows 10.8.0.x traffic to be sent through the OpenVPN tunnel while all other traffic is routed out of your standard network connection. Here’s the fix. Make sure the .ovpn client config file includes the following lines:

pull-filter ignore redirect-gateway
route-nopull
route 10.8.0.0 255.255.255.0

Originally published: Monday, July 20, 2020  Updated: Saturday, June 25, 2022



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



  1. Our discussion today is focused on the free, MIT-licensed version of OpenVPN. For details on their commercial offerings, follow this link. []

Interconnecting a Mobile PBX to the Asterisk Mothership

The Holy Grail for a mobile VoIP solution is a simple way to connect back to your primary Asterisk® PBX via Wi-Fi from anywhere in the world to make and receive calls as if you never left. Let’s tick off the potential problems. First, many home-based PBXs are sitting behind NAT-based routers. Second, almost all remote Wi-Fi connections are made through a NAT-based router. Third, chances are the remote hosting platform blocks outgoing email from downstream servers such as a mobile PBX. Fourth, deciphering the IP address of your remote connection can be problematic. Fifth, the chances of experiencing one-way audio or no audio on your VoIP calls is high because of NAT-based routers at both ends of your connection.

Last week we introduced OpenVPN as a solution for those with multiple VoIP sites to interconnect. But there’s a much simpler solution for those that travel regularly and want to avoid the complexity of configuring OpenVPN. Here is a quick thumbnail of the setup we recommend as your mobile companion, and you’ll never have a one-way audio problem again. In terms of hardware, you’ll need a Raspberry Pi 3B+ with its native WiFi support and a Windows or Mac notebook computer for traveling. You’ll also need a NeoRouter VPN server to make this process seamless. If you’ve already set up an OpenVPN server platform, it will work equally well. One advantage of NeoRouter is that clients can be added from the client side without having to create a config file on the VPN server. All you need is a username and password. But the choice of VPN platform is totally a matter of preference. The objective using either OpenVPN or NeoRouter is secure communications to your home base. We don’t want to have to reconfigure either your home PBX or your traveling PBX or your notebook PC based upon changes in your public and private IP addresses.

Today we’ll walk you through the easiest way to set up a (free) NeoRouter server on the Internet. It can be used to connect up to 254 devices on an encrypted private LAN. We’re delighted to have finally found a perfect use for the (free) Google Cloud instance.

Using a RaspberryPi 3B+, build an Incredible PBX 13-13.10 platform by following our previous tutorial. We’ll set this up on your home WiFi network so that you only have to throw the Raspberry Pi and its power supply in your suitcase when you travel. As part of the setup, we’ll download NeoRouter and activate private IP addresses for your notebook computer as well as both of your PBXs (using nrclientcmd). Next, we’ll interconnect the two PBXs using SIP trunks and the NeoRouter private LAN IP addresses. We’ll take advantage of a neat little Raspberry Pi trick by storing a wpa_supplicant.conf template on your PC for the remote WiFi setup even though we don’t yet know anything about the remote LAN. Once we know the SSID and password at the remote destination, we’ll use your notebook computer to edit the template and transfer the file to the /boot folder of your RasPi’s microSD card. When the card then is inserted and the RasPi is booted, it will automatically move the template to the proper /etc/wpa_supplicant folder to successfully activate your WiFi connection. We’ll also load links, a fast text-based browser, just in case you encounter a hotel that requires some sort of acknowledgement or password before establishing your WiFi connection to the Internet.

Setting Up a (free) NeoRouter Server in the Cloud

Because NeoRouter uses a star-based VPN architecture, that means the NeoRouter Server must always be available at the same IP address for all of the NeoRouter Clients (aka Nodes) to talk to. If you already have a cloud-based server that has a static IP address and can handle the traffic cop duties of NeoRouter Server, then that’s an ideal place to install NeoRouter Server. Simply download the Free flavor of NeoRouter Server that matches your existing platform and install it. Add an FQDN for your server’s IP address, and you’re all set. A detailed summary of available management options is included in our previous NeoRouter v2 article.

We devoted a couple weeks to Google Cloud instances last month, and it turned out to be a pretty awful platform for hosting Asterisk. But the free offering looks to be a perfect fit as a hosting platform for NeoRouter Server. You also won’t have to worry about Google going out of business anytime soon. So let us walk you through an abbreviated setup process on the Google Cloud platform. If you’re just getting started with Google Cloud, read our previous article to take advantage of Google’s generous $300 offer to get you started and to generally familiarize yourself with the mechanics of setting up an instance in the Google Cloud.

For NeoRouter Server, navigate to https://console.cloud.google.com. Click the 3-bar image in the upper left corner of your Dashboard. This exposes the Navigation Menu. In the COMPUTE section of the Dashboard, click Compute Engine -> VM Instances. Then click CREATE PROJECT and name it. Now click CREATE INSTANCE and Name it nrserver. The instance name becomes the hostname for your virtual machine. If you want to remain in the Free Tier, choose f1-micro instance as the Machine Type and choose a U.S. Region (us-central1, us-east1 or us-west1). For the Boot Disk, choose CentOS 6 and expand the disk storage to at least 20GB (30GB is available with the Free Tier). For the Firewall setting, leave HTTP and HTTPS disabled. Check your entries carefully and then click the Create button.

When your virtual machine instance comes on line, jot down the assigned public IP address. We’ll need it in a minute. Now click on the SSH pull-down tab and choose Open in a Browser Window. Now we need to set a root password and adjust the SSH settings so that you can login from your desktop computer using SSH or Putty:

sudo passwd root
su root
nano -w /etc/ssh/sshd_config

When the editor opens the SSH config file, add the following entries. Then save the file and restart SSH: service sshd restart

PermitRootLogin yes
PasswordAuthentication yes

You now should be able to log in to your instance as root from your desktop computer using SSH or Putty. Test it to be sure: ssh root@server-IP-address

Before we leave the Google Cloud Dashboard, let’s make the assigned public IP address permanent so that it doesn’t get changed down the road. Keep in mind that, if you ever delete your instance, you also need to remove the assigned static IP address so you don’t continue to get billed for it. From Home on the Dashboard, scroll down to the NETWORKING section and choose VPS Network -> External IP Addresses. Change the Type of your existing address to Static and Name it staticip. Next, choose Firewall Rules in the VPS Network section and click CREATE FIREWALL RULE. Fill in the template like the following leaving the other fields with their default entries. Then click CREATE.

  1. Name: neorouter
  2. Target Tags: neorouter
  3. Source IP Range: 0.0.0.0/0
  4. Protocols/Ports: check tcp: 32976

CAUTION: Before this firewall rule will be activated for your instance, it also must be specified in the Network Tags section for your instance. Shut down your instance and add the neorouter tag by editing your instance. Then restart your instance.

Now we’re ready to install NeoRouter Free v2 Server on your instance. Be sure to choose the Free v2 variety. Log back into your server as root using SSH/Putty and issue these commands:

yum -y update
yum -y install nano
wget http://download.neorouter.com/Downloads/NRFree/Update_2.3.1.4360/Linux/CentOS/nrserver-2.3.1.4360-free-centos-x86_64.rpm
rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm
/etc/rc.d/init.d/nrserver.sh restart
nrserver -setdomain <DOMAINNAME> <DOMAINPASSWORD>
nrserver -adduser <USERNAME> <PASSWORD> admin
nrserver -enableuser <USERNAME>
nrserver -showsettings

Finally, add the following command to /etc/rc.local so that NeoRouter Server gets started whenever your instance is rebooted:

echo "/etc/rc.d/init.d/nrserver.sh start" >> /etc/rc.local

Installing Incredible PBX 13-13.10 on a Raspberry Pi

We won’t regurgitate our Raspberry Pi tutorial. Simply follow the steps outlined there to acquire the necessary components and to get Incredible PBX 13-13.10 installed. We do want to stress the importance of getting WiFi working, configuring SendMail to use your Gmail credentials as a smarthost, and making sure you added the email addition to /etc/rc.local so that you receive IP address information about your PBX whenever it is rebooted. If you skipped any of these steps, stop here and revisit the RasPi tutorial to complete those items.

Configuring NeoRouter Client on Your Computers

All flavors of Incredible PBX come with the NeoRouter client preinstalled. If your Asterisk-based home PBX is of another variety, you can install the NeoRouter Client matching the architecture of your server from here. Be sure to click on the NeoRouter Free v2 tab before making your selection. The other varieties are incompatible with the Free NeoRouter v2 Server installed above and are not free. Also be sure you match both the operating system and architecture of your server platform. Finally, make certain that TCP 32976 is whitelisted in your firewalls.

On Linux-based (non-GUI) platforms, setting up the NeoRouter Client is done by issuing the command: nrclientcmd. You’ll be prompted for your NeoRouter Server FQDN as well as your username and password credentials. Perform this procedure on both your home PBX and the Raspberry Pi.

To add your Windows or Mac notebook to the NeoRouter VPN, download the appropriate client and run the application which will prompt for your NeoRouter Server FQDN as well as your NeoRouter credentials. Once completed, you should see all three machines in your NeoRouter Free Client Dashboard: your PC as well as your home PBX and Raspberry Pi-based Incredible PBX. Make note of the private VPN addresses (10.0.0.X) of both your home PBX and your Raspberry Pi. These VPN addresses never change, and we’ll need them to interconnect your PBXs and to set up a softphone on your notebook computer.

Admininistrative Tools to Manage NeoRouter

Here are a few helpful commands for monitoring and managing your NeoRouter VPN.

To access your NeoRouter Linux client: nrclientcmd

To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart

To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart

To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword

For a list of client devices: nrserver -showcomputers

For a list of existing user accounts: nrserver -showusers

For the settings of your NeoRouter VPN: nrserver -showsettings

To add a user account: nrserver -adduser username password user

To add admin account: nrserver -adduser username password admin

For a complete list of commands: nrserver –help


Interconnecting Your Raspberry Pi and Home PBX

To keep things simple, our setup examples below assume the following NeoRouter VPN addresses: Home PBX (10.0.0.1) and Raspberry Pi (10.0.0.2). Using a browser, you’ll need to login to the GUI of your Home PBX and Raspberry Pi and add a Trunk to each PBX. Be sure to use the same secret on BOTH trunk setups. We don’t recommend forwarding incoming calls from your Home PBX to your Raspberry Pi because most folks won’t be sitting in their hotel room all day to answer incoming calls. Instead, add the number of your smartphone to a Ring Group on the Home PBX and don’t forget the # symbol at the end of the number. On the Raspberry Pi side, we are assuming that whenever a call is dialed from a registered softphone with the 9 prefix, the call will be sent to the Home PBX for call processing (without the 9). For example, 98005551212 would send 800-555-1212 to the Home PBX for outbound routing and 9701 would send 701 to the Home PBX for routing to the 701 extension. You can obviously adjust your dialplan to meet your own local requirements.

On the Home PBX, the chan_sip trunk entries should look like this:

Trunk Name: raspi-remote

PEER DETAILS

host=10.0.0.2
type=friend
context=from-internal
username=home-pbx
fromuser=home-pbx
secret=some-password
canreinvite=no
insecure=port,invite
qualify=yes
nat=yes

On the Raspberry Pi, the chan_sip trunk entries should look like this:

Trunk Name: home-pbx

PEER DETAILS

host=10.0.0.1
type=friend
context=from-internal
username=raspi-remote
fromuser=raspi-remote
secret=some-password
canreinvite=no
insecure=port,invite
qualify=yes
nat=yes

On the Raspberry Pi, add an Outbound Route named Out9-home-pbx pointed to home-pbx Trunk with the following Dial Patterns. For each Dial Pattern, prepend=blank and prefix=9:

dial string: 1NXXNXXXXXX  
dial string: NXXNXXXXXX  
dial string: *98X.
dial string: XXX
dial string: XXXX
dial string: XXXXX
  

Tweaking Your Raspberry Pi for WiFi Mobility

Typically, you don’t know the WiFi SSID or password of your destination location before you travel. Because you won’t be traveling with a monitor and keyboard for your Raspberry Pi, we needed some way to adjust the WiFi credentials on the microSD card to accommodate the destination WiFi network when you arrive. Luckily, the Raspberry Pi folks thought of a clever way to handle this. You can simply plug your microSD card into your notebook PC (Mac ALERT: Don’t forget your SD card dongle!) and add a wpa_supplicant.conf config file to the /boot directory on the card once you arrive at your destination and know the SSID and password of the local WiFi network. When the Raspberry Pi is subsequently booted, the operating system will move the config file to the /etc/wpa_supplicant directory so that your WiFi network will come on line. Here’s what a typical wpa_supplicant.conf file should look like using your actual credentials. The last network section handles open WiFi network connections (think: McDonald’s) if you want to enable them:

country=US
update_config=1

network={
 ssid="your-SSID"
 psk="your-SSID-password"
 key_mgmt=WPA-PSK
 scan_ssid=1
 priority=5
}

network={
 key_mgmt=NONE
 priority=1
}

The other gotcha is that some public WiFi networks require some type of web login procedure before you can actually access the Internet even though an IP address may have been assigned to your Raspberry Pi. To handle this situation, you’ll need a text-based web browser on the Raspberry Pi that can be accessed through your notebook PC using SSH and your Raspberry Pi’s VPN address. Our favorite is links which can be installed on your Raspberry Pi before you pack up.

apt-get install links -y

Once you arrive at your destination, connect both your notebook PC and Raspberry Pi to the same WiFi network, login to the RasPi with SSH at the VPN address assigned to your RasPi, and run links to start the browser. Press <esc> to access the links menu options. If you can’t access your RasPi at the VPN IP address, try its WiFi-assigned local IP address.

Adding a Softphone to Your Notebook PC

Last, but not least, you obviously need a way to make and receive calls once your Raspberry Pi is up and running at the remote site. We recommend installing a softphone on your Mac or PC notebook that connects to an extension on your Raspberry Pi using the VPN IP address of the Raspberry Pi. Using the VPN address assures that the connection will always be available regardless of the WiFi network’s local IP addresses. Everyone has their own favorite softphone, but here are some suggestions.

We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for an extension on your Raspberry Pi. Then enter the VPN IP address of your server plus your extension’s password. Click OK to save your entries.

If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.

Adding a Softphone to Your Smartphone

We actually prefer adding a free softphone app to our smartphone. There are a number of alternatives on both the iOS and Android platforms. With iPhones and iPads, we’ve had great success with Acrobits Softphone, Grandstream Wave, Linphone, and Zoiper Lite. All are available in the App Store. For Android devices, Acrobits Groundwire is our favorite. But Grandstream Wave, Linphone, and Zoiper Lite also are available. Keep in mind that Zoiper also supports IAX connections to simplify NAT connections. And, on both platforms, don’t forget that Google now lets you make and receive calls using the new Google Voice app using your old Google Voice numbers that no longer work directly with Asterisk.

Enjoy your pain-free traveling!

Originally published: Monday, April 22, 2019



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



A New VPN for All Seasons: Introducing OpenVPN for Asterisk


This month marks our twentieth anniversary wrestling with virtual private networks. Here’s a quick walk down memory lane. Our adventure began with the Altiga 3000 series VPN concentrators which we introduced in the federal courts in 1999. It was a near perfect plug-and-play hardware solution for secure communications between remote sites using less than secure Windows PCs. Cisco quickly saw the potential, gobbled up the company, and promptly doubled the price of the rebranded concentrators. About 10 years ago, we introduced Hamachi® VPNs to interconnect Asterisk® and PBX in a Flash servers. At the time, Hamachi was free, but that was short-lived when they were subsequently acquired by LogMeIn®. What followed was a short stint with PPTP VPNs which worked great with Macs, Windows PCs, and many phones but suffered from an endless stream of security vulnerabilities. Finally, in April 2012, we introduced the free NeoRouter® VPN. Version 2 still is an integral component in every Incredible PBX® platform today, and PPTP still is available as well. While easy to set up and integrate into multi-site Asterisk deployments, the Achilles’ Heel of NeoRouter remains its inability to directly interconnect many smartphones and stand-alone SIP phones, some of which support the OpenVPN platform and nothing else.

The main reason we avoided OpenVPN® over the years was its complexity to configure and deploy.1 In addition, it was difficult to use with clients whose IP addresses were frequently changing. Thanks to the terrific work of Nyr, Stanislas Angristan, and more than a dozen contributors, OpenVPN now has been tamed. And the new server-based, star topology design makes it easy to deploy for those with changing or dynamic IP addresses. Today we’ll walk you through building an OpenVPN server as well as the one-minute client setup for almost any Asterisk deployment and most PCs, routers, smartphones, and VPN-compatible soft phones and SIP phones including Yealink, Grandstream, Snom, and many more. And the really great news is that OpenVPN clients can coexist with your current NeoRouter VPN.

Finally, a word about the OpenVPN Client installations below. We’ve tested all of these with current versions of Incredible PBX 13-13, 16-15, and Incredible PBX 2020. They should work equally well with other server platforms which have been properly configured. However, missing dependencies on other platforms are, of course, your responsibility.

Building an OpenVPN Server Platform

There are many ways to create an OpenVPN server platform. The major prerequisites are a supported operating system, a static IP address for your server, and a platform that is extremely reliable and always available. If the server is off line, all client connections will also fail. While we obviously have not tested all the permutations and combinations, we have identified a platform that just works™. It’s the CentOS 7, 64-bit cloud offering from Vultr. If you use our referral link at Vultr, you not only will be supporting Nerd Vittles through referral revenue, but you also will be able to take advantage of their $50 free credit for new customers. For home and small business deployments, we have found the $5/month platform more than adequate, and you can add automatic backups for an additional $1 a month. Cheap insurance!

To get started, create your CentOS 7 Vultr instance and login as root using SSH or Putty. Immediately change your password and update and install the necessary CentOS 7 packages:

passwd
yum -y update
yum -y install net-tools nano wget tar iptables-services
systemctl stop firewalld
systemctl disable firewalld
systemctl enable iptables

We recommend keeping your OpenVPN server platform as barebones as possible to reduce the vulnerability risk. By default, this installer routes all client traffic through the VPN server which wastes considerable bandwidth. The sed commands below modify this design to only route client VPN traffic through the OpenVPN server.


cd /root
curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
sed -i "s|\\techo 'push \\"redirect-gateway|#\\techo 'push \\"redirect-gateway|" openvpn-install.sh
sed -i "s|push \\"redirect-gateway|#push \\"redirect-gateway|" openvpn-install.sh
sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' openvpn-install.sh
./openvpn-install.sh

Here are the recommended entries in running the OpenVPN installer:

  • Server IP Address: using FQDN strongly recommended to ease migration issues
  • Enabled IPv6 (no): accept default
  • Port (1194): accept default
  • Protocol (UDP): accept default
  • DNS (3): change to 9 (Google)
  • Compression (no): accept default
  • Custom encrypt(no): accept default
  • Generate Server
  • Client name: firstclient
  • Passwordless (1): accept default

In the following steps, we will use IPtables to block all server access except via SSH or the VPN tunnel. Then we’ll start your OpenVPN server:

cd /etc/sysconfig
wget http://incrediblepbx.com/iptables-openvpn.tar.gz
tar zxvf iptables-openvpn.tar.gz
rm -f iptables-openvpn.tar.gz
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
systemctl -f enable openvpn@server.service
systemctl start openvpn@server.service
systemctl status openvpn@server.service
systemctl enable openvpn@server.service
systemctl restart iptables

Once OpenVPN is enabled, the server can be reached through the VPN at 10.8.0.1. OpenVPN clients will be assigned by DHCP in the range of 10.8.0.2 through 10.8.0.254. You can list your VPN clients like this: cat /etc/openvpn/ipp.txt. You can list active VPN clients like this: cat /var/log/openvpn/status.log | grep 10.8. And you can add new clients or delete old ones by rerunning /root/openvpn-install.sh.

For better security, change the SSH access port replacing 1234 with desired port number:

PORT=1234
sed -i "s|#Port 22|Port $PORT|" /etc/ssh/sshd_config
systemctl restart sshd
sed -i "s|dport 22|dport $PORT|" /etc/sysconfig/iptables
systemctl restart iptables

04/16 UPDATE: We’ve made changes in the Angristan script to adjust client routing. By default, all packets from every client flowed through the OpenVPN server which wasted considerable bandwidth. Our preference is to route client packets destined for the Internet directly to their destination rather than through the OpenVPN server. The sed commands added to the base install above do this; however, if you’ve already installed and run the original Angristan script, your existing clients will be configured differently. Our recommendation is to remove the existing clients, make the change below, and then recreate the clients again by rerunning the script. In the alternative, you can execute the command below to correct future client creations and then run it again on each existing client platform substituting the name of the /root/.ovpn client file for client-template.txt and then restart each OpenVPN client.


cd /etc/openvpn
sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' client-template.txt

Creating OpenVPN Client Templates

In order to assign different private IP addresses to each of your OpenVPN client machines, you’ll need to create a separate client template for each computer. You do this by running /root/openvpn-install.sh again on the OpenVPN server. Choose option 1 to create a new .ovpn template. Give each client machine template a unique name and do NOT require a password for the template. Unless the client machine is running Windows, edit the new .ovpn template and comment out the setenv line: #setenv. Save the file and copy it to the /root folder of the client machine. Follow the instructions below to set up OpenVPN on the client machine and before starting up OpenVPN replace firstclient.ovpn in the command line with the name of .ovpn you created for the individual machine.



Renewing OpenVPN Server’s Expired Certificate

The server certificate will expire after 1080 days, and clients will no longer be able to connect. Here’s what to do next:

systemctl stop openvpn@server.service
cd /etc/openvpn/easy-rsa
./easyrsa gen-crl
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
systemctl start openvpn@server.service


Installing an OpenVPN Client on CentOS/RHEL

cd /root
yum -y install epel-release
yum --enablerepo=epel install openvpn -y
# copy /root/firstclient.ovpn from server to client /root
# and then start up the VPN client
openvpn --config /root/firstclient.ovpn --daemon
# adjust Incredible PBX 13-13 firewall below
iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
cd /usr/local/sbin
echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom

Running ifconfig should now show the VPN client in the list of network ports:

tun0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
     inet addr:10.8.0.2  P-t-P:10.8.0.2  Mask:255.255.255.0
     UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
     RX packets:9 errors:0 dropped:0 overruns:0 frame:0
     TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:100 
     RX bytes:855 (855.0 b)  TX bytes:17254 (16.8 KiB)

And you should be able to login to the VPN server using its VPN IP address:

# enter actual SSH port replacing 1234
PORT=1234
ssh -p $PORT root@10.8.0.1

Installing an OpenVPN Client on Ubuntu 18.04.2

cd /root
apt-get update
apt-get install openvpn unzip
dpkg-reconfigure tzdata
# copy /root/firstclient.ovpn from server to client /root
# and then start up the VPN client
openvpn --config /root/firstclient.ovpn --daemon
# adjust Incredible PBX 13-13 firewall below
iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
cd /usr/local/sbin
echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom

Running ifconfig should now show the VPN client in the list of network ports:

tun0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
     inet addr:10.8.0.2  P-t-P:10.8.0.2  Mask:255.255.255.0
     UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
     RX packets:9 errors:0 dropped:0 overruns:0 frame:0
     TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:100 
     RX bytes:855 (855.0 b)  TX bytes:17254 (16.8 KiB)

And you should be able to login to the VPN server using its VPN IP address:

# enter actual SSH port replacing 1234
PORT=1234
ssh -p $PORT root@10.8.0.1

Installing an OpenVPN Client on Raspbian

Good news and bad news. First the bad news. Today’s OpenVPN server won’t work because of numerous unavailable encryption modules on the Raspberry Pi side. The good news is that NeoRouter is a perfect fit with Raspbian, and our upcoming article will show you how to securely interconnect a Raspberry Pi with any Asterisk server in the world… at no cost.

04/16 Update: We now have OpenVPN working with Incredible PBX for the Raspberry Pi. The trick is that you’ll need to build the latest version of OpenVPN from source before beginning the client install. Here’s how. Login to your Raspberry Pi as root and issue these commands:

apt-get remove openvpn
apt-get update
apt-get install libssl-dev liblzo2-dev libpam0g-dev build-essential -y
cd /usr/src
wget https://swupdate.openvpn.org/community/releases/openvpn-2.4.7.tar.gz
tar zxvf openvpn-2.4.7.tar.gz
cd openvpn-2.4.7
./configure --prefix=/usr
make
make install
openvpn --version

Now you should be ready to install a client config file, start up OpenVPN, and adjust firewall:

cd /root
dpkg-reconfigure tzdata
# copy /root/firstclient.ovpn from server to client /root
# and then start up the VPN client
openvpn --config /root/firstclient.ovpn --daemon
# adjust Incredible PBX 13-13 firewall below
iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
cd /usr/local/sbin
echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom

Installing an OpenVPN Client on a Mac

While there are numerous OpenVPN clients for Mac OS X, none hold a candle to Tunnelblick in terms of ease of installation and use. First, create a new client config on your server and copy it (/root/*.ovpn) to a folder on your Mac where you can find it. Download Tunnelblick and install it. Run Tunnelblick and then open Finder. Click and drag your client config file to the Tunnelblick icon in the top toolbar. Choose Connect when prompted. Done.

Installing an OpenVPN Client for Windows 10

The installation procedure for Windows is similar to the Mac procedure above. Download the OpenVPN Client for Windows. Double-click on the downloaded file to install it. Create a new client config on your server and copy it (/root/*.ovpn) to a folder on your PC where you can find it. Start up the OpenVPN client and click on the OpenVPN client in the activity tray. Choose Import File and select the config file you downloaded from your OpenVPN Server. Right-click on the OpenVPN icon again and choose Connect. Done.

Installing an OpenVPN Client for Android

Our favorite OpenVPN client for Android is called OpenVPN for Android and is available in the Google Play Store. Download and install it as you would any other Android app. Upload a client config file from your OpenVPN server to your Google Drive. Run the app and click + to install a new profile. Navigate to your Google Drive and select the config file you uploaded.

Installing an OpenVPN Client for iOS Devices

The OpenVPN Connect client for iOS is available in the App Store. Download and install it as you would any other iOS app. Before uploading a client config file, open the OpenVPN Connect app and click the 4-bar Settings icon in the upper left corner of the screen. Click Settings and change the VPN Protocol to UDP and IPv6 to IPV4-ONLY Tunnel. Accept remaining defaults.

To upload a client config file, the easiest way is to use Gmail to send yourself an email with the config file as an attachment. Open the message with the Gmail app on your iPhone or iPad and click on the attachment. Then choose the Upload icon in the upper right corner of the dialog. Next, choose Copy to OpenVPN in the list of apps displayed. When the import listing displays in OpenVPN Connect, click Add to import the new profile. Click ADD again when the Profile has been successfully imported. You’ll be prompted for permission to Add VPN Configurations. Click Allow. Enter your iOS passcode when prompted. To connect, tap once on the OpenVPN Profile. To disconnect, tap on the Connected slider. When you reopen the OpenVPN Connect app, the OVPN Profiles menu will display by default. Simply tap once on your profile to connect thereafter.

Installing a Web Interface to Display Available Clients

One advantage of NeoRouter is a simple way for any VPN client to display a listing of all VPN clients that are online at any given time. While that’s not possible with OpenVPN, we can do the next best thing and create a simple web page that can be accessed using a browser but only from a connected OpenVPN client pointing to http://10.8.0.1.

To set this up, log in to your OpenVPN server as root and issue the following commands:


yum --enablerepo=epel install lighttpd -y
systemctl start lighttpd.service
systemctl enable lighttpd.service
chown root:lighttpd /var/log/openvpn/status.log
chmod 640 /var/log/openvpn/status.log
cd /var/www
rm -rf lighttpd
wget http://incrediblepbx.com/lighttpd.tar.gz
tar zxvf lighttpd.tar.gz
ln -s /var/log/openvpn/status.log /var/www/lighttpd/status.log
sed -i 's|#server.bind = "localhost"|server.bind = "10.8.0.1"|' /etc/lighttpd/lighttpd.conf
systemctl restart lighttpd.service

Latest VPN Security Alerts

Security weakness in popular VPN clients

Originally published: Monday, April 15, 2019  Updated: Saturday, February 29, 2020



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 




 

  1. Our discussion today is focused on the free, MIT-licensed version of OpenVPN. For details on their commercial offerings, follow this link. []

A VPN for All Seasons: Introducing NeoRouter v2

Today, we want to revisit our favorite client-server VPN, NeoRouter. It’s included with all versions of Incredible PBX® and eases the pain of setting up air-tight firewalls as well as High Availability (HA) redundant servers with VoIP. NeoRouter relies upon a central server and uses a star topology to connect remote nodes. The major difference between NeoRouter and PPTP VPNs is that only registered devices participate in the virtual private network so there is no direct access to other machines on the LANs of the registered devices. If you have servers or users scattered all over the countryside, NeoRouter is an excellent (and free) way to manage and interconnect them. All data and communications between the nodes can then be routed through the encrypted VPN tunnel for rock-solid security.

With NeoRouter’s latest 2.3 (free) software, you can set up your VPN server using a PC, a Mac, a Linux or FreeBSD machine, OpenWrt Backfire, Tomato, or even a Raspberry Pi. With all versions of Incredible PBX, the NeoRouter Free Client is automatically installed. To bring up NeoRouter, all you need to do is install the NeoRouter Free Server on one of your machines and then login to the server from each NeoRouter Client using your server credentials. VPN clients also are available for PCs, Macs, Linux and FreeBSD machines, Raspberry Pi, OpenWrt, Tomato as well as Android and iOS phones and tablets. There’s even an HTML5 web application in addition to a Chrome browser plug-in. With the OpenWrt and Tomato devices or if you’re an extreme techie, you can broaden your NeoRouter star configuration and bridge remote LANs. See pp. 58-63 of the NeoRouter User’s Manual.



You can interconnect up to 256 devices to the NeoRouter Free Server at no cost. For $999, you can enlarge your VPN to support 1,000 devices. Screen sharing, remote desktop connections, HTTP, and SSH access all work transparently using private IP addresses of the VPN nodes which are automatically assigned in the 10.0.0.0 private network.

Today we are introducing the second generation of the NeoRouter VPN solution. It’s suitable for use on a dedicated server or running as a virtual machine. Whether to run NeoRouter Free server on a dedicated machine is your call. We never do. And NeoRouter never requires exposure of your entire server to the Internet. Only a single TCP port needs to be opened in your hardware-based firewall or IPtables Linux firewall. The only real requirement is a dedicated IP address for your server so that the client nodes can always find the mothership. We typically run the NeoRouter server component on our failover VoIP server with Wazo HA. We’ll finish up today by showing you how to back up the critical components of NeoRouter Server so that, if your server platform ever should fail, it only takes a few minutes to get back in business on a new server platform. Let’s get started.

Creating Your NeoRouter Server Platform

We’re assuming you already have an Incredible PBX server of some flavor running on a dedicated IP address with the IPtables firewall. If not, start there.

First, on your IPtables firewall, make certain that TCP port 32976 has been whitelisted for public access. On Incredible PBX platforms, this is automatic. You can double-check by running iptables -nL and searching for an entry that looks like this:

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:32976

Second, we need to download and install the NeoRouter Free Server for your platform. Be sure you choose the version that matches your operating system, CPU architecture, and type. Debian and Ubuntu servers use the same code. We do not recommend Raspberry Pi as a suitable platform for your NeoRouter server!

For RedHat/CentOS 64-bit platforms, here’s the download link. While logged into your server as root, issue the following command using the downloaded 64-bit RPM:

rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm

For Ubuntu/Debian 64-bit platforms, use this link. While logged into your server as root, issue the following command using the downloaded 64-bit .deb image:

dpkg -i nrserver-2.3.1.4360-free-ubuntu-amd64.deb

Third, each administrator (admin) and user is going to need a username to access your NeoRouter VPN. You can use the same credentials to log in from multiple client machines, something you may or may not want to do. Here are the commands to create admin and user accounts. Don’t use any special characters in the username and password!

nrserver -adduser username password admin
nrserver -adduser username password user

You’re done. Now let’s register your NeoRouter server with the mothership.

After your NeoRouter Free Server is installed, you can optionally go to the NeoRouter web site and register your new VPN by clicking Create Standalone Domain. Make up a name you can easily remember with no periods or spaces. You’ll be prompted for the IP address of your server in the second screen. FQDNs are NOT permitted.

When a VPN client attempts to login to your server, the server address is always checked against this NeoRouter database first before any attempt is made to resolve an IP address or FQDN using DNS. If no matching entry is found, it will register directly to your server using a DNS lookup of the FQDN. Whether to register your VPN is totally up to you. Logins obviously occur quicker using this registered VPN name, but logins won’t happen at all if your server’s dynamic IP address changes and you’ve hard-coded a different IP address into your registration at neorouter.com.

Configuring and Connecting Your NeoRouter Client

As mentioned previously, there are NeoRouter clients available for almost every platform imaginable, including iPhones, iPads, and our beloved Raspberry Pi. NeoRouter Client software is included in all Incredible PBX builds. If you’re using some other platform, Step #1 is to download whatever client is appropriate to meet your requirements. Here’s the NeoRouter Download Link. Make sure you choose a client for the Free version of NeoRouter. Obviously, the computing platform needs to match your client device. The clients can be installed in the traditional way with Windows machines, Macs, etc. Once enabled, you can use your NeoRouter Client to create a VPN tunnel to connect to any other resource in your virtual private network using SSH, VoIP clients, and web browsers.

To activate the NeoRouter client while logged in as root, type: nrclientcmd. You’ll be prompted for your Domain, Username, and Password. You can use the registered domain name from neorouter.com if you completed that step above. Otherwise, be sure to use the FQDN assigned to your NeoRouter Server. Once you’re logged in, you will be presented with the names and private IP addresses of all of your connected nodes.

To exit from NeoRouter Explorer, type: quit. The NeoRouter client will continue to run so you can use the displayed private IP addresses to connect to any other online devices in your NeoRouter VPN. All traffic from connections to devices in the 10.0.0.0 network will flow through NeoRouter’s encrypted VPN tunnel. This includes inter-office SIP and IAX communications between Asterisk® endpoints. These private IP addresses can also be used to create a High Availability (HA) platform with Wazo even if the servers are not colocated.

Admininistrative Tools to Manage NeoRouter

Here are a few helpful commands for monitoring and managing your NeoRouter VPN.

Browser access to NeoRouter Configuration Explorer (requires user with Admin privileges)

Browser access to NeoRouter Remote Access Client (user with Admin or User privileges)

Manage your account on line at this link

To access your NeoRouter Linux client: nrclientcmd

To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart

To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart

To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword

For a list of client devices: nrserver -showcomputers

For a list of existing user accounts: nrserver -showusers

For the settings of your NeoRouter VPN: nrserver -showsettings

To add a user account: nrserver -adduser username password user

To add admin account: nrserver -adduser username password admin

Test VPN access: http://www.neorouter.com/checkport.php

For a complete list of commands: nrserver –help

To change client name from default pbx.local: rename-server OR…

  • Edit /etc/hosts
  • Edit /etc/sysconfig/network
  • Edit /etc/sysconfig/network-scripts/ifcfg-eth0
  • Edit /etc/asterisk/vm_general.inc
  • reboot

For the latest NeoRouter happenings, visit the NeoRouter blog and forum.

Backing Up NeoRouter Server for That Rainy Day

Yes, servers fail sooner or later. So it’s best to plan ahead and avoid having to recreate your NeoRouter VPN from scratch. Backing up your server is easy. Log into your server as root and issue the following command:

tar cvzf nr-server-db.tar.gz /usr/local/ZebraNetworkSystems/NeoRouter/NeoRouter_0_0_1.db /usr/local/ZebraNetworkSystems/NeoRouter/Feature.ini

Copy nr-server-db.tar.gz and your NeoRouter Server installer to a safe place!

When that sad day arrives, be sure that your original NeoRouter Server is off line. Then reinstall NeoRouter Server on a new server platform using your original NeoRouter Server installer. If necessary, change the DNS entry for your original NeoRouter server to the new IP address. Then shut down new NeoRouter Server, load your backup, and restart server:

/etc/rc.d/init.d/nrserver.sh stop
cd /
tar zxvf nr-server-db.tar.gz
/etc/rc.d/init.d/nrserver.sh start

Published: Monday, August 21, 2017  



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Rolling Your Own: Creating a Custom Incredible PBX ISO for Asterisk

We promised to provide the Incredible PBX 13.2 ISO build environment for those of you that wanted to learn how to roll your own ISO. Why would you want to do such thing? Well, we can think of a number of reasons. First, you may just want to learn how sh*t works. Or you may want to impress your boss by building a custom ISO with the corporate logo splattered all over the place. Then there are those that want to add a feature or function that we haven’t included yet so you can share your creation with your friends. For us, the motivation was to provide an Asterisk® aggregation that others could build upon without legal hassles about copyrights and trademarks… you know, a real open source project based upon the GPL license.

Regardless of your motivation, today’s your lucky day. We’re providing an exact duplicate of the build environment that was used to create the Incredible PBX 13.2 ISO. It’s released under the same GPL license that applies to the ISO itself. Copy it, enhance it, give it to your friends, and share your additions so that all of us can learn from you. In addition to the code, we’re actually going to document how to modify it and use it… you know, real instructions.


The Schmoozers were back in full force last week with one accusing us of "stealing" their code and another with this gem:


For the record, we use GPL code of others with full credit to the authors. That’s what the GPL and Asterisk aggregations have always been about. Let’s compare that to our Sangoma® friends who rip the covers off RedHat’s GPL ISO, brand it as their own, and then have the balls to distribute it as closed source code. Repeating a lie over and over doesn’t make it come true!


Getting Started. Before you can use today’s code, you’ll need a suitable platform on which to play. You’ve got a couple of choices. First, you can actually install Incredible PBX 13.2 using last week’s ISO. A second option is to build yourself a virtual machine or a cloud-based server with Scientific Linux 6.7 or even CentOS 6.7 minimal. We recommend 32-bit architecture because the Incredible PBX 3.2 ISO build environment as configured is 32-bit to assure maximum hardware compatibility. The server hardware platform doesn’t really matter. Cheaper means it takes a little longer, but you’ll get the same results.

Installing the Incredible PBX 13.2 ISO Build Environment. Once you have your server up and running, log in as root. This usually isn’t a good idea for a build environment, by the way. We’re doing it because we’re assuming you have a machine dedicated to just building ISOs on which to experiment. Issue these commands to put the ISO build platform in place:

cd /root
setenforce 0
yum -y install wget nano
wget http://incrediblepbx.com/create-ISO-new.tar.gz
tar zxvf create-ISO-new.tar.gz
rm -f create-ISO-new.tar.gz

Creating Your First ISO. Why waste time? Let’s actually build an Incredible PBX ISO to show you how easy it is. Issue the following command to kick off the process: /root/create-ISO-new. Depending upon your server’s specs, the whole build procedure should take a minute or two to complete. When it’s finished, you’ll have a shiny new ISO that can be burned to a DVD or USB thumb drive following the steps documented in our previous tutorial:

ls -all /root/kickstart_build/*.iso

-rw-r--r-- 1 root root 890241024 Nov 24 12:45 /root/kickstart_build/IncrediblePBX13.2.iso

ISO Design Overview. There are lots of ways to design an ISO architecture. We’ve chosen a hybrid approach with a two-phase install. When you first boot from the ISO installer, you get the operating system platform. The server then reboots, and Phase II downloads and then runs the latest Incredible PBX installer. Our main reason for choosing this design is that you don’t have to create a new ISO every time you make changes in the Incredible PBX installer. For those of you that remember the Asterisk@Home and trixbox days, this was a major shortcoming. The ISOs were released about every three to six months, and invariably a major glitch was discovered about a week after the new ISO was introduced. With our two-phase installer, slipstream changes are easy to implement by simply adding a line to the Incredible PBX install script. The ISO itself never has to be updated until a major operating system refresh is necessary.

Adding Packages to Your ISO. With Incredible PBX, RHEL 6.7-compatible packages are added to new servers in a couple of ways. First, there are packages actually included within the ISO itself that are loaded during Phase I of the install, i.e. when Scientific Linux 6.7 platform is installed. These packages must include all necessary dependencies. The kickstart process actually resolves and loads package dependencies as part of the Phase I ISO install procedure. Once the base install is completed, the end-user’s server reboots and then the Phase II install kicks off by downloading and running the Incredible PBX 13-12R installer. Additional RPM packages and a number of other applications in tarball format are downloaded and installed during this Phase II process. Today, we’ll show you how to modify both pieces of the ISO install procedure.

To add RPMs to the ISO itself, keep in mind that the new RPMs must match the architecture of the default build environment. In the case of Incredible PBX, it’s a 32-bit architecture which means you’ll need 32-bit versions of RPMs you wish to add. Otherwise, you will need to replace all of the packages in the build environment with their 64-bit cousins.

There are 3 steps to adding new packages to the ISO build environment.

First, create a temporary directory (/tmp/packages) to use for gathering up the RPMs to be added. This is so you can check your work without screwing up your build environment. To add an RPM, you first need to download it from a repository to your temporary directory. The syntax looks like this where NetworkManager is the name of the RPM you wish to install:

yum -y install --downloadonly --downloaddir=/tmp/packages NetworkManager

Second, move the RPMs from /tmp/packages into your build environment. This must include RPM package dependencies (as was the case when adding NetworkManager):

mv /tmp/packages/*.rpm /root/kickstart_build/isolinux/Packages/.

Third, add the names of your new RPMs to the kickstart config files (ks*.cfg) in /root/kickstart_build/isolinux. The package names go in the section of each kickstart file labeled %packages.

NOTE: You do not have to add the names of RPMs being added because of dependencies in step 3. You DO have to add the actual RPMs and RPM dependencies in step 2. For example, with NetworkManager, only NetworkManager itself needed to be added to the %packages list in the ks*.cfg config files. But the collection of NetworkManager RPMs and its dependencies for step 2 looked like this:

avahi-autoipd-0.6.25-15.el6.i686.rpm
dnsmasq-2.48-14.el6.i686.rpm
libdaemon-0.14-1.el6.i686.rpm
mobile-broadband-provider-info-1.20100122-4.el6.noarch.rpm
ModemManager-0.4.0-5.git20100628.el6.i686.rpm
NetworkManager-0.8.1-99.el6.i686.rpm
NetworkManager-glib-0.8.1-99.el6.i686.rpm
ppp-2.4.5-10.el6.i686.rpm
rp-pppoe-3.10-11.el6.i686.rpm
wpa_supplicant-0.7.3-6.el6.i686.rpm

Changing the ISO Default Boot Menu. Once you have burned the ISO to a DVD-ROM or USB flash drive and booted your server-to-be, a default kickstart menu will be presented: /root/kickstart_build/isolinux/isolinux.cfg. Edit it to customize the splash screen and make any desired changes in the screen title and options displayed to those using your ISO. WARNING: If you modify the ks*.cfg options in the file, you also will need to make similar modifications in the create-ISO-new build script as well as adding new matching ks config files in /root/kickstart_build/isolinux.

Modifying the Phase II ISO Install Procedure. The Phase I install setup already provided in the Incredible PBX ISO will work for any number of ISO requirements you might have because it provides a robust Scientific Linux 6.7 base platform. Now for the fun part. You can modify the Phase II install in any way you like by simply adjusting the download script and hosting it on your own public server.

The Phase II magic is housed in the %post section of the kickstart config files (ks*.cfg). The initial setup in this section will work for almost any setup. It addresses the quirks of getting a working network connection functioning on most server platforms. This got much more complicated with the introduction of UEFI on newer Intel-based servers. But we’ve addressed all of that. To customize the install to run your own Phase II script, you need only modify the last few lines of the %post section:

/bin/echo "cd /root" >> /tmp/firstboot
/bin/echo "/usr/bin/wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "/bin/tar zxvf incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "/bin/rm -f incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "./Inc*" >> /tmp/firstboot
/bin/chmod +x /tmp/firstboot
eject
%end

These last few lines tell the ISO installer where to find your Phase II script and manage the procedure for downloading it, untarring it, and then running it. To deploy your own Phase II install script, simply modify lines 2, 3, 4, and 5 above. In line 2, provide the public server location of your script in .tar.gz format. In line 3, untar the script in the /root folder of the new server. In line 4, remove the .tar.gz file after it’s been decompressed. In line 5, run the shell script included in your tarball. The remaining lines shown above should be preserved as shown. Once you finish making changes in ks.cfg, copy the %post section to your other kickstart config files and then rerun /root/create-ISO-new to build your new ISO. Enjoy!

Originally published: Friday, December 11, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

The 30-Second PBX: Introducing Proxmox 4 for the Intel NUC and Asterisk 13

With the advent of cloud-based computing and desktop virtual machine platforms like VirtualBox, we haven’t played with dedicated hardware for Asterisk® in a couple of years. WOW! It’s just amazing the quantum leaps in miniaturization, price, and performance that have transpired during our absence. Last week, we introduced a dedicated server platform for under $200 that could serve as a small business PBX for almost any 20-30 person organization. Today, meet Big Brother. You’re looking at all the components that make up the $500 Intel® NUC D54250WYK with a Core i5 dual-core processor, a 250GB mSATA drive, and 16GB of RAM. While you install the RAM and disk drive yourself, if you can unscrew 5 screws and have 5 minutes to spare, you can handle this. With the addition of the just released (free) Proxmox 4 virtualization platform, it can run a half dozen powerful stand-alone applications without ever breaking a sweat. Little wonder that Digital Ocean and CloudAtCost are all but giving away server resources. They almost have to given the developments in stand-alone hardware.

Buying Your Hardware

So here’s how we started. Of course, you can adjust the components and the merchant to meet your own requirements. For us, Amazon1 works great, and the prices are competitive. Who else delivers on Sunday? Despite the notice that the computer would be here on Monday, we knew better. And sure enough it was in the box with the other Sunday goodies. Remove the four screws from the bottom feet of the computer, and the case opens easily. Next, unscrew the screw from the bottom of the motherboard that holds the SSD drive in place securely. Snap in the mSATA drive and the two memory sticks, replace the screws, and you’re in business.

Initial Setup of the Intel NUC Platform

Our unit actually came with the latest BIOS preinstalled, but you’ll want to always upgrade the BIOS on any Intel motherboard. Everything generally gets better with each new upgrade. The rest of the firmware is fine as is unless you plan to use the computer as a Windows machine. You’ll find all the downloads here. The firmware you want is version 0041, and the file you want is WY0041.BIO. Copy it to the top level directory of a DOS-formatted USB flash drive using any desktop computer. On the Intel NUC, plug in a USB keyboard and mouse as well as the USB flash drive and a USB CD/DVD drive. Then connect a network cable. Finally, connect a monitor using a microHDMI to HDMI cable, and you’re all set. Once we’re finished configuring the Intel NUC, you can stick it on a shelf that has power and a network connection. No other peripherals are necessary as everything can be managed through SSH or a web browser.

To upgrade the BIOS, boot the computer by plugging it in and pressing the power button on top. Press F7 during the initial POST, choose the USB flash drive, select the .BIO file, and press ENTER. Once the BIOS is loaded, the machine will reboot.

Introducing Proxmox 4.0 Virtual Environment

When it comes to virtualization, we’ve been big fans of Proxmox for a very long time. We introduced Proxmox for VoIP virtualization over six years ago. Things have come a long way since then. And Proxmox VE 4.0 is the culmination of years of hard work by a very talented development team. You can read all about the new feature set and support for KVM and Linux Containers here. Our own take on virtualization is that OpenVZ templates were appealing because they installed and loaded quickly. The downside was they shared a single (proprietary) kernel which often led to security issues and made firewall implementation at the virtual machine level difficult. Of course, any applications such as DAHDI that required kernel implementation were extremely complex to implement and use. Now that almost all of Intel’s and AMD’s processors support virtualization extensions (Intel VT or AMD-V), we were not one to shed tears when Proxmox dropped support for OpenVZ and replaced it with Linux Containers. In fact, for our purposes, they could have left out Linux Containers as well. They suffer from some of the same quirks that made OpenVZ implementations problematic. The platform we’ve chosen for VoIP implementation has full support for virtualization extensions which means you can load and run complex applications such as Windows and Incredible PBX just as if you were using standalone hardware. The only real difference is we’re going to provide a template for building KVM-based Incredible PBX virtual machines in under 30 seconds. So you’ll get the best of both worlds, standalone computer functionality coupled with jaw-dropping implementation speed. For those that train or support multiple independent organizations as well as those that love to tinker and experiment, our solution has no equal.

To begin, download the Proxmox VE 4.0 ISO and burn it to a CD or DVD.

As we mentioned last week, if you don’t happen to have one, LG’s tiny USB-powered DVD Writer is the best $25 you will ever spend. And they keep getting cheaper!

Installing Proxmox VE 4.0 on the Intel NUC

Now we’re ready to get started. Insert the Proxmox VE 4.0 CD into the drive connected to your Intel NUC and boot the machine. Press F10 during POST and choose the CD/DVD drive to start the Proxmox install. Accept the license agreement and fill in the blanks. The important piece is to give your server a hostname. Just be sure it starts with proxmox4, e.g. proxmox4.incrediblepbx.com or use your own domain: proxmox4.yourdomain.com. The actual domain becomes important only if your server will be directly connected to the Internet in which case the FQDN obviously matters. Otherwise, Proxmox needs the hostname to manage things internally. Assign a permanent IP address for your server or use DHCP to obtain an IP address and then reserve that IP address for use by Proxmox in your router’s settings. Either way works fine, but you don’t want the IP address changing down the road.

BIOS Adjustments to Support Proxmox VE 4.0

Once the Proxmox install completes, it’s time to reboot. During the POST, press F2 to access Intel’s Visual BIOS. If you followed along last week, you’ll recall that we made some changes to accommodate Legacy booting of the server in lieu of UEFI. This week we need a different approach because of some quirks in the Proxmox server implementation procedure. We pulled our hair out (what little is left) for a couple days wrestling with this because the server wouldn’t automatically boot in either Legacy boot mode OR UEFI mode. The reason is because Proxmox puts a GPT label on the drive signifying that it’s a UEFI-compatible device whether UEFI is disabled in the BIOS or not. This confuses the Intel NUC bootloader. So you end up with a boot failure and the cryptic message "No boot device found." Proxmox blames Intel for a buggy BIOS even though Intel developed the GPT specification. If you enjoy food fights, break out the popcorn and enjoy the dialog on the Proxmox Forum. Suffice it to say, there’s a difference of opinion about who should fix this. Here’s the easy way to resolve the impasse.

In Visual BIOS, click Advanced tab. Click Boot tab. Click Boot Priority. Make it look like this:

If the BuiltIn EFI Shell option doesn’t appear, don’t worry about it. Just press F10 to save your changes anyway. When your server reboots, it will drop into the EFI shell. Type the following commands pressing ENTER after each entry:

fs0:
echo "fs0:\EFI\proxmox\grubx64.efi" > fs0:\startup.nsh
startup.nsh

At this point, your server should boot into Proxmox. On reboot, the EFI shell will appear momentarily followed by an automatic boot into Proxmox. Solved!

Using Incredible PBX with Proxmox 4.0

You now have a functioning Proxmox server. When you reboot and login as root, the server will tell you how to access the Proxmox GUI with your browser. Before we put the necessary pieces in place to support Incredible PBX, we want to provide a very brief technical overview of how best to use Proxmox virtualization based upon our testing. Using a methodology similar to that demonstrated by AVOXI using Docker at this year’s AstriCon meeting, we use a backup image to instantiate "KVM containers." We hear some of you saying, "There’s no such animal." And right you are. The nomenclature is different, but the concept is similar. In fact, our simulated KVM Containers work exactly like OpenVZ and Linux Containers with none of the drawbacks of a shared kernel. And the good news is Proxmox 4 implements this perfectly through its backup and restore mechanisms. New kernel-based virtual machines can be created in under 30 seconds. Following initial login to a new KVM as root from the console, we individualize the KVM by randomizing passwords, creating new SSH credentials, and setting up a custom whitelist for the Incredible PBX IPtables firewall. The initialization procedure takes less than a minute and is only run the first time you log into your new KVM as root. The bash init script is here: /etc/profile.d/helloworld.sh.

Preliminary Setup Steps with Proxmox 4.0

The most important setup step is to put your Proxmox server behind a hardware-based firewall or configure the built-in firewall to keep out the bad guys. Proxmox has had their share of security vulnerabilities over the years so this is really critical. It’s beyond the scope of this article to walk through the entire firewall setup process, but you’ll find plenty of literature on the Proxmox Wiki and Forum as well as on the Internet. Each of your KVMs will have its own preconfigured whitelist using the IPtables firewall, and any of the Incredible PBX tutorials can walk you through adding and changing entries in those whitelists.

To use the backup and restore functionality of Proxmox, you’ll need to create a backup storage directory in the Proxmox GUI. After logging in as root, click Datacenter in the Server View, click the Storage tab, click the Add button, and choose Directory from the pulldown list. Fill in the blanks like this using VZDump Backup File for the Content type:

If you have access to a Cloud-based or local NFS device, it’s just as easy to create an additional backup directory on your NFS server. Follow the same steps and choose NFS from the Storage pulldown. With NFS, you must first set up a storage directory with NFS permissions for the IP address of your Proxmox server.

Last, but not least, you need to learn your way around in the GUI. proxmox4 is the name of your server if you followed our recommended setup for your hostname. Under the server, you will find entries for each of your KVM, Linux Containers (LXC), and other drives, e.g. local, backup, and synology.

To add a new LXC image to your server, choose local -> Content -> Templates, pick the desired LXC image, and click Download.

To add new ISO images to your server for building KVMs, choose local -> Content -> Upload, pick ISO Image as the Content type, choose the ISO from your desktop by pressing Select File, then click Upload button.

To start up Virtual Machines once you have created them, click on the VM number under proxmox and click Start. To access the virtual machine once it has begun booting, click Console.

To shutdown a KVM, click on the VM number under proxmox and click Shutdown. Or you can type halt after logging into the KVM as root from the KVM’s Console.

For a list of all available content, choose proxmox4 -> local -> Content.

Loading the Incredible PBX 13 Components into Proxmox 4.0

We need to put two pieces into place to get things rolling with Incredible PBX 13. There are two ways to create Incredible PBX 13 KVMs. You can do it manually from the IncrediblePBX13.iso just as you would on a stand-alone machine. Or you can restore from the IncrediblePBX13 KVM backup image to create a new KVM. The first method takes about 30 minutes. The second method takes less than 30 seconds. The choice is all yours. The results are exactly the same.

Before you can create KVMs, we need to put the Incredible PBX 13 backup image and the Incredible PBX 13 ISO in their proper places. To save some time and steps, we’re going to load the backup image by logging into the Proxmox server as root. For the ISO image, we’ll use the GUI.

To install the Incredible PBX 13 backup image, log into your server as root using SSH and issue these commands:

cd /
wget 'http://downloads.sourceforge.net/project/pbxinaflash/IncrediblePBX13-12 with Incredible PBX GUI/IncrediblePBX13-KVM.tar.gz'
tar zxvf IncrediblePBX13-KVM.tar.gz
rm IncrediblePBX13-KVM.tar.gz

To install the Incredible PBX 13 ISO image, first use a web browser to download IncrediblePBX13.iso to your desktop from SourceForge. Next, login to your Proxmox GUI and choose proxmox4 -> local -> Content -> Upload, pick ISO Image as the Content type, choose IncrediblePBX13.iso from your desktop by pressing Select File, then click the Upload button.

Your Incredible PBX 13 backup image should now appear under proxmox4 -> backup -> Content.

Your Incredible PBX 13 ISO image should now appear under proxmox4 -> local -> Content.

Building Your First Incredible PBX 13 Virtual Machine

To create a new Incredible PBX Virtual Machine, click the options in the order shown on the image above. Use any VM number desired. In less than 30 seconds, you’ll have your first 10GB Incredible PBX 13 Virtual Machine in place:

Initializing KVM Network Device MAC Address. If you ever create more than one KVM from the same backup image, you must initialize the network device’s MAC address before starting the KVM. Otherwise, you will get a conflicting network connection and a mess. Best practice: ALWAYS initialize the network device MAC address when you first create a new KVM from a backup. Click on the VM number in the left column under proxmox4. Then click the Hardware tab, click Network Device, and Edit. Erase the existing MAC address and click OK. Now it’s safe to start the KVM. The telltale sign that you forgot to do this will be a flaky network connection on one or more of your KVMs. If it happens, just delete the offending KVM and create a new one. You won’t forget but once. 😉

To start your new Incredible PBX Virtual Machine, click on the VM number in the left column under proxmox4. Then click the Start button on the right side of the Proxmox GUI header. The Tasks list at the bottom of the GUI will show it loading. Now click on the Console button at the top of the GUI to open a QEMU console session with your virtual machine. At the login prompt, login in as root with the default password: password. The startup script will complete the customization of your server in less than a minute. Then you’re ready to go. Complete the same configuration steps that you would on any new Incredible PBX server:

Change your root password and make it very secure: passwd
Create admin PW to access Incredible GUI and FreePBX® GPL modules: /root/admin-pw-change
Set your correct time zone: /root/timezone-setup
Create admin PW for web apps: htpasswd /etc/pbx/wwwpasswd admin
Make a copy of your Knock codes: cat /root/knock.FAQ
Decipher IP address and other info about your server: status

Now it’s time to pick up the Incredible PBX 13 tutorial for CentOS and continue on with your adventure if you’ve never done this before. Then take a good look at the Incredible PBX Application User’s Guide to get the most out of your new server.

Building a second, third, and fourth KVM is just as easy as building the first one.

Backing Up Incredible PBX 13 Virtual Machines

The real beauty of virtualization and Proxmox in particular is that you can make instantaneous backups of your virtual machine at any time whether the virtual machine is running or not. Those backups can be copied to off-site storage for safe keeping. The critical component of any server is the reliability of and ease with which you can recover from a catastrophic failure. It doesn’t get any easier than this.

To make a backup of your virtual machine to your backup directory, click on the VM ID number in the left column. Then click Backup -> Backup Now. Fill in the blanks of the backup template.

To make a backup of your virtual machine to a local or off-site NFS device, it’s just as easy. Click on the VM ID number in the left column. Then click Backup -> Backup Now. Fill in the blanks of the backup template. Makes you want to run right out and buy a Synology NAS/NFS device, doesn’t it?

Restoring a virtual machine from a backup is just as easy as it was to create the virtual machine image from our backup above. Just choose your backup image instead of the one we provided.

Backing up your virtual machines is only half the story, of course. It also is important to get a backup of the whole enchilada, i.e. the entire Proxmox server. Luckily, the latest version of Clonezilla works perfectly after you have applied the UEFI BIOS patch as documented above. Enjoy!

Originally published: Monday, October 19, 2015





Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. Some of our purchase links refer users to Amazon and other sites when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from merchants to help cover the costs of our blog. We never recommend particular products solely to generate commissions. However, when pricing is comparable or availability is favorable, we support Amazon and other merchants because they support us. []