Posts tagged: openvz

The 5-Minute PBX: A Fresh Look at Oracle’s VirtualBox with Incredible PBX

Today we’re paying another visit to our favorite virtual machine platform and introducing four new VoIP images that let you compare features and performance of Asterisk® 11 running atop Ubuntu® 14 or Scientific Linux™ 6.5 with FreePBX® 2.11 or the just-released version 12 release candidate. Think of Incredible PBX™ as the VoIP glue stick that assembles all the necessary VoIP components and holds them together seamlessly. As with all Incredible PBX builds, you also get the full complement of goodies including dozens of text-to-speech apps, voice dialing, SMS messaging, fax support, reminders and wakeup calls, and SECURITY! The difference with the VirtualBox® platform is you get a turnkey install of everything on any desktop computer in less than 5 minutes! That includes Windows PCs, Macs, Linux desktops, and even Solaris machines.

Is VirtualBox merely a sandbox for experimentation? Absolutely not. With any of the beefier desktop computers available today, running Incredible PBX as a 24/7 VirtualBox image is every bit as feature rich with stellar performance that’s equivalent to using dedicated hardware. And there are some added advantages. Obviously, deploying a turnkey VoIP platform in under 5 minutes is a major plus. But, unlike using a dedicated Linux platform, you also get the ability to take snapshots of your system and do full backups in minutes instead of the hours required to bring down dedicated hardware, load a different backup application using a different operating system, perform a backup, and then reboot your VoIP server. And your backups won’t just run on the one server on which the backup was performed. You can restore the backup to any other computer that can run VirtualBox. For any of you that came from a network management background, you know what a big deal that really is. And there’s one more bonus. With Incredible Backup and Restore, you can move your image to dedicated hardware running the same operating system with Asterisk 11 and the same version of FreePBX in minutes.

Need to deploy VoIP servers at dozens of sites around the globe? Not a problem with VirtualBox. Just send a preconfigured VirtualBox image to each site and install VirtualBox on a local desktop computer. In 5 minutes, you have a functional VoIP server including interconnectivity to all of your other VoIP servers with a virtual private network already in place to provide secure VoIP connectivity between all of your sites.

Are there security compromises using the VirtualBox platform? Not at all. Incredible PBX still comes preconfigured with the Linux IPtables firewall that is locked down to a whitelist of local area networks, preferred providers, and your own IP addresses. You can expand the whitelist using the add-ip and add-fqdn scripts or use PortKnocker and Travelin’ Man 4 tools to let remote users gain instant access.

Why four different Incredible PBX images? Glad you asked. Ubuntu and Scientific Linux are a bit like French and Spanish. They’re both languages for communicating, but many of the words are different. Some prefer one or the other so now you have a choice. As for the FreePBX options, let us put in a plug for the FreePBX 12 release candidate. The FreePBX Dev Team has invested thousands of hours in this new software. It shows! Please take it for a spin and give the developers some feedback. To move to Asterisk 12 and 13, you’re going to need FreePBX 12 so you might as well start getting used to it. While there are many similarities in the user interface, the under-the-covers work that the FreePBX team has invested in this new product is nothing short of amazing. There’s very little of the FreePBX 2.11 code that hasn’t been either cleaned up or completely rewritten. We think you’ll like it so give it a try. Those that need a production environment probably should stick with FreePBX 2.11 for the time being. The new Virtual Box images also give you an opportunity to compare performance between the two operating systems and the two FreePBX versions. This isn’t 1999. Take advantage of the opportunity. It only takes a few minutes to spin up a new virtual machine and go for a test drive.

Getting Started. For today, we’ll provide a refresher course on loading VirtualBox and one of the Incredible PBX virtual images. Then we want to spend a little time explaining the secret sauce that goes into building these images so that you can do it yourself either to migrate to a different network or to deploy at multiple sites. When we’re finished, you’ll know everything we’ve learned about deploying VirtualBox machines and, unlike Grandma, we won’t leave an important ingredient out of the recipe just to be sure you never forget how good Grandma’s cookies really were. So let’s get started.

Installing Oracle VM VirtualBox

Oracle’s virtual machine platform inherited from Sun is amazing. It’s not only free, but it’s pure GPL2 code. VirtualBox gives you a virtual machine platform that runs on top of any desktop operating system. In terms of limitations, we haven’t found any. We even tested this on an Atom-based Windows 7 machine with 2GB of RAM, and it worked without a hiccup. So step #1 today is to download one or more of the VirtualBox installers from VirtualBox.org or Oracle.com. Our recommendation is to put all of the 100MB installers on a 4GB thumb drive.1 Then you’ll have everything in one place whenever and wherever you happen to need it. Once you’ve downloaded the software, simply install it onto your favorite desktop machine. Accept all of the default settings, and you’ll be good to go. For more details, here’s a link to the Oracle VM VirtualBox User Manual.

Downloading the Incredible PBX Virtual Machines

A word of warning on the front end. Incredible PBX images featuring Asterisk 11 for VirtualBox are huge! The two Ubuntu images for FreePBX 2.11 and 12 are 1.5GB. The two Scientific Linux 6.5 images for FreePBX 2.11 and 12 are 2.3GB. We’ve added SourceForge hotlinks. So simply click on the desired images and download them to your desktop. Then go to lunch.

Importing & Configuring Incredible PBX Virtual Machines in VirtualBox

You only perform the import step one time. Once imported into VirtualBox, Incredible PBX is ready to use. There’s no further installation required, just like an OpenVZ template… only better. Double-click on the .ova file you downloaded to begin the procedure and load it into VirtualBox. When prompted, be sure to check the Reinitialize the Mac address of all network cards box and then click the Import button. Once the import is finished, you’ll see a new Incredible PBX virtual machine in your VM List on the VirtualBox Manager Window. We need to make a couple of one-time adjustments to the Incredible PBX VM configuration to account for differences in sound and network cards on different host machines.

Click on the Incredible PBX Virtual Machine in the VM List. Then click Settings -> Audio and check the Enable Audio option and choose your sound card. Save your setup by clicking the OK button. Next click Settings -> Network. For Adapter 1, check the Enable Network Adapter option. From the Attached to pull-down menu, choose Bridged Adapter. Then select your network card from the Name list. Then click OK. Finally, click Settings -> System, uncheck Hardware clock in UTC time, and click OK. That’s all the configuration that is necessary for your Incredible PBX Virtual Machine. The rest is automagic.

Running Incredible PBX Virtual Machines in VirtualBox

Once you’ve imported and configured the Incredible PBX Virtual Machine, you’re ready to go. Highlight IncrediblePBX Virtual Machine in the VM List on the VirtualBox Manager Window and click the Start button. The boot procedure with your chosen operating system will begin just as if you had installed Incredible PBX on a standalone machine. You’ll see a couple of dialogue boxes pop up that explain the keystrokes to move back and forth between your host operating system desktop and your virtual machine. Remember, you still have full access to your desktop computer. Incredible PBX is merely running as a task in a VirtualBox window. Always gracefully halt Incredible PBX just as you would on a dedicated computer.

Here’s what you need to know. To work in the Incredible PBX Virtual Machine, just left-click your mouse while it is positioned inside the VM window. To return to your host operating system desktop, press the right Option key on Windows machines or the left Command key on any Mac. For other operating systems, read the dialogue boxes for instructions on moving around. To access the Linux CLI, login as root with the default password: password. To access FreePBX with a browser, point to the IP address of your virtual machine and login as admin with admin password set below. For the security of your server, we recommend that you log in to the Linux CLI at least once a week so that Incredible PBX updates get applied to your server regularly. This is critically important if you care about your phone bill.

When logging in for the first time, Incredible PBX will go through some setup steps and then reboot. Login again to complete the setup. status will always provide a snapshot of your system. To shut down Incredible PBX gracefully, click in the VM window with your mouse, log in as root, and type: halt. Be sure to complete the following setup steps from the Linux CLI:

  • Change your root password: passwd
  • Set your FreePBX admin password: /root/admin-pw-change
  • Set your correct time zone: /root/timezone-setup
  • Add WhiteList entries to firewall if needed: /root/add-ip or /root/add-fqdn
  • Store PortKnocker credentials in a safe place: cat /root/knock.FAQ
  • Enable SAMBA if desired: /root/samba-enable.sh
  • Enable Incredible Fax support if desired: (script in /root)
  • Login to your NeoRouter VPN server if desired: /root/nrclientcmd

Preparing Incredible PBX Virtual Machines for Migration

As the Linux operating systems have become more turnkey, one of the shortcuts that has been implemented on both the RedHat and Debian/Ubuntu platforms is storage of your network setup so that the server reboots more quickly. While that’s fine for rebooting on the same server, it’s a real problem if you attempt to move your setup to different hardware or a new network because eth0 will not load. That means no IP address! Here are two ways to assure that things will actually work after the move. Both assume that you will have a DHCP server at the new location just as you did at your existing site.

The Easy Way. If you have console access after the VM image is restored on the new platform (which means you don’t need a network IP address for the server in order to log in as root), then the easy way to prepare any of the Incredible PBX machines for relocation is to issue the following commands before you halt the system and make a VirtualBox backup:

touch /etc/update_hostconfig
touch /etc/update_serverconfig

Once you have halted the server, edit both the sound card and network card settings and disable both of them in VirtualBox Manager. Then choose File -> Export Appliance from the VirtualBox title bar and create a .ova backup image on your desktop. You now have an image that is similar to the Incredible PBX image that you originally downloaded, except it has all of your data and settings. All you have to do is repeat the install drill above at the new location using the .ova image you created and log in with whatever your current root password happens to be. You’ll get a two-pass automatic setup just as you did when you began today’s adventure.

The only drawback to this procedure is the fact that the extension 701 and default DISA passwords will be initialized when you first boot from your .ova image at the other location. Aside from that, you’ll have a clean platform with new SSH and DUNDI credentials as well as mostly sanitized log files.

The Hard Way. The other alternative is to manually prepare your existing system for migration before you shut it down. The primary reason for doing this would be to assure that you can log in with an SSH client at the other end as soon as the server is booted. The steps differ a bit depending upon whether you’re on the Ubuntu or Scientific Linux platform. But on both platforms you need to enter the IP address from which you will log in at the new site unless it is on one of the private LAN subnets that already is whitelisted in IPtables. Just issue the command /root/add-ip and choose 0 option to enable all services for the new IP address. Then…

On the Ubuntu platform, issue the following commands:

touch /etc/update_hostconfig
touch /etc/update_serverconfig
rm -f /var/lib/dhcp/*
rm -f /etc/udev/rules.d/70*
halt

On the Scientific Linux platform, issue the following commands:

touch /etc/update_hostconfig
touch /etc/update_serverconfig
rm -f /var/lib/dhcpd/*
rm -f /var/lib/dhclient/*
rm -f /etc/udev/rules.d/70*
halt

Once you have halted the server, edit both the sound card and network card settings and disable both of them in VirtualBox Manager. Then choose File -> Export Appliance from the VirtualBox title bar and create a .ova backup image on your desktop. Now you’re an expert. Enjoy!

Originally published: Monday, September 22, 2014


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Our forum is extremely friendly and is supported by literally hundreds of Asterisk gurus.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. []

Virtual Utopia: 1-Minute Asterisk Installs with PIAF2-OpenVZ

Thanks to the terrific work of Darrell Dillman, today we have a new OpenVZ template for PBX in a Flash 2™ to introduce. It features the very latest 64-bit CentOS™ 6.2 with Asterisk® 1.8 and FreePBX® 2.9. Using the new OpenVZ template, you can create unlimited virtual machines in about one minute per server! And you can boot your new virtual machines in about the same time. This new PIAF2-OpenVZ template includes the usual PIAF2™ Feature Set including Google Voice for free calling in the U.S. and Canada. Once installed, you can add Incredible PBX 3™ and Incredible Fax 2™ in a few clicks.

One of the real beauties of hosting your own Proxmox server is the flexibility it gives you to create and load a wide variety of virtual machines that each appear to users to be dedicated servers. This could include a dozen Asterisk servers, or it might be a mix of a dedicated Apache server, a Windows Server, an Asterisk server or two, as well as Joomla, Drupal, Zimbra, and many others from this list. The other obvious advantage is cost. Individual Asterisk servers can be had for $300 or less to host a small branch office. But a Proxmox server such as Dell's current offering can host a dozen dedicated systems for about $50 per server.

If you haven't heard of OpenVZ templates before, you've missed one of the real technological breakthroughs of the last decade. Rather than wading through the usual 30-60 minute ISO installation drill, with an OpenVZ template, all of the work is done for you. And it's quick. You can build a dozen PIAF2-Purple systems using an OpenVZ template in the time it takes to bake a pan of slice-and-bake cookies. And it's incredibly easy to then tie all of these systems together using either SIP or IAX trunks. Just follow our previous tutorial. For developers that want to try various Asterisk configurations before implementation and for trainers and others that want to host dedicated Asterisk systems for students, the OpenVZ platform is a perfect fit.

We'll start with the bad news before we get to the really exciting new Asterisk platform we're introducing today. All of the current Proxmox server software that supports OpenVZ virtual machines has a serious security flaw. For that reason, you would only want to run Proxmox behind a hardware-based firewall with no Internet port exposure. If you fail to heed this warning, you run the very real risk of having not only your Promox server compromised but also all of the virtual machines running on it. The good news is that this security flaw does not appear to affect the PBX in a Flash virtual machines which we are introducing today. Since no direct Internet access is required to have a perfectly functioning PIAF2 server, we still strongly recommend never exposing any server to direct Internet access. MORAL: No Internet port exposure for any of your servers means you can sleep like a baby. We recommend Proxmox 1.8 which is a free download from the Proxmox VE web site. To get optimum use from Proxmox, you'll also want a processor in your server that supports Kernel-based Virtual Machines (KVMs). This full virtualization solution requires an x86 processor containing virtualization extensions (Intel VT1 or AMD-V CPU2 is needed). HINT: Most of Dell's servers are not a problem. Regardless of the server you choose, make certain that you check the CPU specs before you buy. Also be aware that, in addition to Proxmox, there are many other OpenVZ platforms from which to choose.

Installing Proxmox. If you go the Dell route, you'll need an external USB CD or DVD drive to install Proxmox. Dell's optical drives aren't supported in the Proxmox boot image. So begin by downloading the Proxmox VE 1.8 ISO image and create your CD. Then boot your new server from the CD (by pressing F11 for the boot selection screen and choosing your USB external drive on Dell servers). Press Return to begin the install, agree to the license agreement, and click Next on the installer screen to begin. Choose your country, time zone, and keyboard layout. Next choose a secure password and provide a valid email address which is used to send you critical alerts from your Proxmox server. Finally, choose a hostname, specify a fixed IP address, netmask, gateway, and DNS servers and then press Next. Three minutes later, you'll have a new Proxmox server. Log in to your server as root and create a directory for your backups: mkdir /backup.

Enabling IPtables Firewall. IPtables works a little differently in the OpenVZ environment. It actually runs on the Proxmox host. There are just two steps to get it working. First, shut down every running VM on your Proxmox server using the web interface. When you're sure they're all stopped and while logged into your Proxmox server as root carefully enter the following two commands. Note that, because of the length, the sed command stretches to several lines which should be unraveled into a single line for the command to execute properly! Using a block-copy from a desktop machine to your SSH session is the safest method.

sed -i 's|ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length|ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp|' /etc/vz/vz.conf

/etc/init.d/vz restart

Don't forget to set the system time on your server: dpkg-reconfigure tzdata

You're finished with the CLI at this point. Now you'll be able to configure IPtables within each of your OpenVZ virtual machines as explained below.

OpenVZ vs. ISO Images. One of the beauties of Proxmox is that it supports two different types of images to create virtual machines. An OpenVZ template is akin to a snapshot of an existing system while an ISO image is identical to the installer you normally would burn onto a CD in order to install a software application on your server. In short, you still have to go through the installation scenario when you create a virtual machine (KVM) from an ISO image. A virtual machine created from an OpenVZ image is ready for use the moment it is created. If you remember when instant-on televisions first were introduced, you'll also appreciate the difference in boot times between OpenVZ and KVM machines which boot an application installed from an ISO in much the same manner as you would experience on a standalone machine.

As with life, there's a dark cloud lurking behind every silver lining, and this is especially true in the Asterisk environment. OpenVZ containers rely upon a shared kernel, the one that actually boots the Proxmox server. KVM containers created from ISO images are self-contained with their own complete operating system and kernel. Thus, zaptel or dahdi cannot be loaded directly from an OpenVZ container. Instead one must rely upon a shared version of zaptel or dahdi loaded on the Proxmox server itself. As it turns out, this is no small feat and certainly not a task for mere mortals. Bottom Line: If you need conferencing or otherwise need a timing source for your Asterisk deployment, you will not want to use the OpenVZ approach at least for now. If you want to try it later, here is the message thread on the PBX in a Flash Forum. On the other hand, if you have more traditional VoIP requirements for your PBX, then the ease of installation and use of the OpenVZ image makes perfect sense. So let's start there assuming you understand the limitations.

Installing PIAF-OpenVZ Template. Using a web browser, download the new PIAF2-OpenVZ image to your Desktop. Once you have the OpenVZ image in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF2-OpenVZ image on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. You can also do this directly within the Proxmox server by logging in as root and issuing these commands to install the latest PIAF2-OpenVZ template:

cd /var/lib/vz/template/cache/
wget http://nerd.bz/zwU8zb
mv zwU8zb centos-6.2-purple1.8.8-piaf_2.0.6.2-5_amd64.tar.gz

Creating OpenVZ Virtual Machines. Once installed, you can build Asterisk 1.8.8.0 virtual machines to your heart's content... in about a minute apiece. Just choose Virtual Machine, Create to create a new virtual machine using the OpenVZ template you just uploaded. In the Configuration section, choose OpenVZ for the Type and pick your new OpenVZ template from the pulldown list. Fill in a Host Name, Disk Space maximum (in GB), Memory Allocation (1024 recommended), and a very secure (root) Password. The other defaults should be fine. In the Network section of the form, change to the Bridged Ethernet (veth) option which means the VM will obtain its IP address from your DHCP server. Make sure your DNS settings are correct for your LAN or use Google's DNS servers: 8.8.8.8 and 8.8.4.4. Here's how a typical OpenVZ creation form will look. Just click on the image to enlarge.

Once the image is created, start up the virtual machine, wait at least 60 seconds for the system to load, and then click on Open VNC Console. Asterisk will be loaded and running. Verify this on the status display. You can safely ignore the status messages pertaining to IPtables assuming iptables -nL shows that IPtables is functioning properly. You now have a PIAF-Purple base platform running Asterisk 1.8.8.0 and FreePBX 2.9. REMINDER: Be sure you always run both Proxmox AND your virtual machines behind a hardware-based firewall with no port exposure to the Internet!

Before you do anything else, log into your virtual machine using SSH and run passwd-master to secure the passwords for FreePBX GUI access to your system. Also be sure to set the correct time zone3 on your virtual machine:4

mv /etc/localtime /etc/localtime.bak
ln -s /usr/share/zoneinfo/America/Indianapolis /etc/localtime
date

Once you have secured your passwords, you're ready to set up Asterisk to make and receive calls. For the complete 5-minute tutorial, see this Nerd Vittles article. REMINDER: Once you have set up a Google Voice account, created an extension with a secure password, and created an inbound route for your incoming calls, don't forget to reload Asterisk from the CLI or Google Voice calling will fail: amportal restart.

Installing Incredible PBX and Incredible Fax. An alternative before configuring your system is to first install Incredible PBX and Incredible Fax. We recommend it. This gives you a turnkey, full-featured PBX with almost every Asterisk feature available on the planet. While logged into your server as root, issue this command to install Incredible PBX: install-incredpbx3. When the install completes, issue the following command to install Incredible Fax: install-incredfax2. Restart your virtual machine to complete the install.

Asterisk CLI Change. Finally, just a heads up that (once again) the Asterisk Dev Team appears to have changed the default behavior of the Asterisk CLI. With Asterisk 1.8, if you make outbound calls after loading the CLI, you will notice that call progress no longer appears in the CLI. To restore the standard behavior (since Moses), issue the following command: core set verbose 3. :roll:

Securing IPtables with a WhiteList. If you're running your virtual machines behind a hardware-based firewall with no Internet port exposure AND all of those on your private LAN are trusted, you can quit here. Otherwise, you need to lock down the IPtables firewall on your virtual machines to only permit access from trusted IP addresses. As delivered with Incredible PBX, all private IP addresses are authorized and a number of dangerous Internet services also are accessible. Here's how to fix it. Log into each VM and edit /etc/sysconfig/iptables: nano -w iptables. Change the section of entries that look like the following by inserting a # at the beginning of each entry. Once you've added the # characters, your entries should look like this:

#-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT
#-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
#-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT
#-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT

Now scroll down a bit in the file and find the entries that look like the following. NOTE: If you didn't install Incredible PBX, you'll need to manually add these entries:

-A INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT
-A INPUT -s 172.16.0.0/255.240.0.0 -j ACCEPT
-A INPUT -s 10.0.0.0/255.0.0.0 -j ACCEPT
-A INPUT -s 127.0.0.0/255.0.0.0 -j ACCEPT

Immediately below these private network entries, add additional entries using the actual IP addresses that are needed to administer your virtual machine. Also include the IP addresses of any remote telephones that are not covered by the private LAN entries above. Each entry should look like the following using the actual IP addresses needed:

-A INPUT -s 111.222.111.222 -j ACCEPT

IMPORTANT: Save your changes after making sure you've included an entry for the IP address from which you currently are accessing your server. Otherwise, you will lock yourself out of your server. Then restart IPtables: service iptables restart. Verify that the entries are the way you expect: iptables -nL. Now, with a browser, attempt to access the IP address of your virtual machine from an untrusted IP address, e.g. your cellphone. Then repeat from a trusted IP address. If all is well, you're done.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. There are similar settings in gtalk.conf that can be activated although we've never had to use them. In fact, we've never had to use any of these settings. After making these changes, save the file(s) and restart Asterisk: amportal restart.

Quirks, Gotchas, and Updates. The only quirk you will notice in the current virtual machines is that IP6tables may not be running. We're working on it. For the latest breaking news and updates about PIAF2-OpenVZ, visit this thread on the PIAF Forum. Don't forget your Valentine tomorrow. Enjoy!

Originally published: Monday, February 13, 2012




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

  1. Be very careful choosing Intel processors. Even some high-end processors do not support Intel Virtualization Technology. Here's the official list. []
  2. And here is a useful reference for AMD-compatible processors. The AMD WIKI provides the following list of AMD-V compatible processors: "AMD's x86 virtualization extension to the 64-bit x86 architecture is named AMD Virtualization, also known by the abbreviation AMD-V, and is sometimes referred to by the code name 'Pacifica'. AMD processors using Socket AM2, Socket S1, and Socket F include AMD Virtualization support. AMD Virtualization is also supported by release two (8200, 2200 and 1200 series) of the Opteron processors. The third generation (8300 and 2300 series of Opteron processors) will see an update in virtualization technology..." []
  3. Look in /usr/share/zoneinfo for correct time zone name for your closest city. []
  4. Getting the correct time in your VMs can be problematic with Proxmox. If you continually see the wrong time when you issue the date command after starting up your VMs, try this. Log into the Proxmox host and issue the following commands using the correct container number and your local time zone city for your virtual machine:

    vzctl stop 108
    vzctl set 108 --capability sys_time:on --save
    vzctl start 108
    vzctl enter 108
    mv /etc/localtime /etc/localtime.old
    ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
    exit

    []

PBX in a Flash Rolls Out New CentOS 5.7 Releases

We are pleased to announce the release of new 32-bit and 64-bit versions of PBX in a Flash. The new PIAF-17571 ISOs are available now for free download from SourceForge. In addition to an updated release of our new 64-bit CentOS 5.7 OpenVZ virtual machine template available on SourceForge, we now have a 32-bit Thumb Drive installer up on SourceForge as well.

So PBX in a Flash continues to bring you the best of all worlds: a hardware-based bare metal install using either our 32-bit or 64-bit ISOs to build a bootable CD-ROM installer, a 32-bit thumb drive installer for use with any 1GB USB flash drive to create PIAF systems on machines that lack an optical drive, or a 1-minute install of a virtual machine using our new 64-bit OpenVZ template. Nobody else provides this flexibility much less support for CentOS 5.7 as well as every current and experimental flavor of Asterisk. So why wait? The price is definitely right!

Today's step-by-step guide will walk you through installing PIAF-Purple with Asterisk 1.8.6.0 on a dedicated machine with a CD/DVD drive using the new CentOS 5.7 ISOs. Instructions for installation of the OpenVZ template on a virtual machine are provided in this updated Nerd Vittles article. Instructions for use of the flash drive installer are available in this updated Nerd Vittles article. As always, we recommend installation of any new PIAF server or virtual host behind a secure, hardware-based firewall (such as dLink's Gaming Router) with NO INTERNET PORT EXPOSURE to your PIAF box!

Atom-based PC Platform. For the least expensive hardware alternative, pick up an Atom-based PC, preferably not an EEE PC because of the network driver incompatibility with CentOS. The refurbished Revos work fine. Someone has actually tested them! They can easily support a business with dozens of phones.

PIAF ISO Setup. Once you have your hardware connected to a reliable Internet source, you'll need to choose the appropriate ISO for your hardware. If you have a CD-ROM or DVD drive on your server, we'd recommend the 32-bit PIAF 1.7.5.7.1 ISO. Just download it from SourceForge or one of the PIAF mirror sites, burn it to a CD, and then boot your server from the CD. If your server lacks a CD-ROM and DVD drive, then download the brand new 32-bit PIAF 1.7.5.7.1 Flash-Only ISO from SourceForge and copy it to a 1GB or larger thumb drive following the instructions in this Nerd Vittles tutorial. Then boot your server from the thumb drive.

PIAF Installation. Once you've booted the PIAF installer, you'll be prompted to choose an installation method. For most users, simply pressing the Enter key will get things started. Choose a keyboard and time zone when prompted and then enter a very secure root password for your new server. The installer then will load CentOS 5.7 onto your server. When complete, your server will reboot. Remove the CD or Flash Drive at this point, and you'll be prompted to choose the version of Asterisk to install. If you don't get the CD out in time, the install process will start from scratch. At the first prompt, just reboot after removing the CD and everything will be fine. We recommend PIAF-Purple. It loads Asterisk 1.8.6.0, the only current version of Asterisk with long-term support.

During the final phase of the install, you will be prompted to choose a master password for FreePBX® and the other VoIP web utilities. Once your server reboots, log into the Linux CLI using your root password and write down the IP address of your server from the status display.

FreePBX Setup. Most of your life with PBX in a Flash will be spent using the FreePBX web GUI (click on image below to enlarge) and your favorite browser. To access the FreePBX GUI, point your browser at the IP address you wrote down. Read the RSS Feed in the PIAF GUI for late-breaking security alerts. Any alerts older than September, 2011 already are included in current PIAF builds. Now click on the Users button which will toggle to the Admin menu. Click the FreePBX icon. When prompted for your username and password, the username is maint. The password will be the FreePBX master password you chose during the PIAF install.

Got That Pioneer Spirit? If you like living on the wild side, it's a simple process to upgrade the default FreePBX 2.8 install to FreePBX 2.9. Here's a 5-minute video that will walk you through the process. If you should get stumped, don't worry! Just visit this thread on the PIAF Forum. It'll cover everything you'll see in the video and more.

With either FreePBX 2.8 or 2.9, getting a minimal system operational is a 5-minute drill. You'll need to set up at least one extension with voicemail, configure a free Google Voice account for free calls in the U.S. and Canada, configure inbound and outbound routes to manage incoming and outgoing calls, and plug your maint password into CallerID Superfecta so that names arrive with your incoming calls. Now add a phone with your extension credentials and you're done.

Extension Setup. Let's start by setting up an extension. A good rule of thumb for systems with less than 50 extensions is to reserve the IP addresses from 192.x.x.201 to 192.x.x.250 for your phones. Then you can create extension numbers in FreePBX to match those IP addresses. This makes it easy to identify which phone on your system goes with which IP address and makes it easy for end-users to access the phone's GUI to add bells and whistles. To create extension 201 (don't start with 200), click Setup, Extensions, Generic SIP Device, Submit. Then fill in the following blanks USING VERY SECURE PASSWORDS and leaving the defaults in the other fields for the time being.

User Extension ... 201
Display Name ... Home
Outbound CID ... [your 10-digit phone number if you have one; otherwise, leave blank]
Emergency CID ... [your 10-digit phone number for 911 ID if you have one; otherwise, leave blank]

Device Options
secret ... 1299864Xyz [make this unique AND secure!]
dtmfmode ... rfc2833
Voicemail & Directory ... Enabled
voicemail password ... 14332 [make this unique AND secure!]
email address ... yourname@yourdomain.com [if you want voicemail messages emailed to you]
pager email address ... yourname@yourdomain.com [if you want to be paged when voicemail messages arrive]
email attachment ... yes [if you want the voicemail message included in the email message]
play CID ... yes [if you want the CallerID played when you retrieve a message]
play envelope ... yes [if you want the date/time of the message played before the message is read to you]
delete Vmail ... yes [if you want the voicemail message deleted after it's emailed to you]
vm options ... callback=from-internal [to enable automatic callbacks by pressing 3,2 after playing a voicemail message]
vm context ... default

Write down the passwords. You'll need them to configure your SIP phone.

Extension Security. We cannot overstress the need to make your extension passwords secure. All the firewalls in the world won't protect you from malicious phone calls on your nickel if you use your extension number or something like 1234 for your extension password if your SIP or IAX ports happen to be exposed to the Internet. Incredible PBX automatically randomizes all of the extension passwords for you. PBX in a Flash does not!

In addition to making up secure passwords, the latest versions of FreePBX also let you define the IP address or subnet that can access each of your extensions. Use it!!! Once the extensions are created, edit each one and modify the permit field to specify the actual IP address or subnet of each phone on your system. A specific IP address entry should look like this: 192.168.1.142/255.255.255.255. If most of your phones are on a private LAN, you may prefer to use a subnet entry in the permit field like this: 192.168.1.0/255.255.255.0 using your actual subnet.

Courtesy of wordle.net

Adding a Google Voice Trunk. There are lots of trunk providers, and one of the real beauties of having your own PBX is that you don't have to put all of your eggs in the same basket... unlike the AT&T days. We would encourage you to take advantage of this flexibility. With most providers, you don't pay anything except when you actually use their service so you have nothing to lose.

For today, we're going to take advantage of Google's current offer of free calling in the U.S. and Canada through the end of this year. You also get a free phone number in your choice of area codes. PBX in a Flash now installs a Google Voice module for FreePBX that lets you set up your Google Voice account with PBX in a Flash in just a few seconds once you have your credentials.

Signing Up for Google Voice. You'll need a dedicated Google Voice account to support PBX in a Flash. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We've tested this extensively using an existing Gmail account rather than creating a separate account. Take our word for it. Inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So... set up a dedicated Gmail and Google Voice account, and use it exclusively with PBX in a Flash. Google Voice no longer is by invitation only. If you're in the U.S. or have a friend that is, head over to the Google Voice site and register. If you're living on another continent, see MisterQ's posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work... in either direction. You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don't skip this step either. Just enter the provided confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you'd like in Settings, Voice Setting, Phones. But...

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That's the destination we need for PBX in a Flash to function with Google Voice! Otherwise, inbound and/or outbound calls will fail. If you don't see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings and enable it. Be sure to try one call each way from Google Chat in Gmail. Then disable Google Chat in GMail for this account. Otherwise, it won't work with PIAF.

While you're still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call Screening - OFF
  • Call Presentation - OFF
  • Caller ID (In) - Display Caller's Number
  • Caller ID (Out) - Don't Change Anything
  • Do Not Disturb - OFF
  • Call Options (Enable Recording) - OFF
  • Global Spam Filtering - ON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Configuring Google Voice Trunk in FreePBX. All trunk configurations now are managed within FreePBX, including Google Voice. This makes it easy to customize PBX in a Flash to meet your specific needs. Click the Setup tab and choose Google Voice in the Third Party Addons. To Add a new Google Voice account, just fill out the form:

Phone number is your 10-digit Google Voice number. Username is your Google Voice account name without @gmail.com. NOTE: You must use a Gmail.com address in the current version of this module! Password is your Google Voice password. NOTE: Don't use 2-stage password protection in this Google Voice account! Be sure to check all three boxes: Add trunk, Add routes, and Agree to TOS. Then click Submit Changes and reload FreePBX. Down the road, you can add additional Google Voice numbers by clicking Add GoogleVoice Account option in the right margin and repeating the drill. For Google Apps support, see this post on the PIAF Forum.

Outbound Routes. The idea behind multiple outbound routes is to save money. Some providers are cheaper to some places than others. It also provides redundancy which costs you nothing if you don't use the backup providers. The Google Voice module actually configures an Outbound Route for 10-digit Google Voice calling as part of the automatic setup. If this meets your requirements, then you can skip this step for today.

Inbound Routes. An Inbound Route tells PBX in a Flash how to route incoming calls. The idea here is that you can have multiple DIDs (phone numbers) that get routed to different extensions or ring groups or departments. For today, we'll build a simple route that directs your Google Voice calls to extension 201. Choose Inbound Routes, leave all of the settings at their default values except enter your 10-digit Google Voice number in the DID Number field. Enable CallerID lookups by choosing CallerID Superfecta in the CID Lookup Source pulldown. Then move to the Set Destination section and choose Extensions in the left pull-down and 201 in the extension pull-down. Now click Submit and save your changes. That will assure that incoming Google Voice calls are routed to extension 201.

IMPORTANT: Before Google Voice calling will actually work, you must restart Asterisk from the Linux command line interface. Log into your server as root and issue this command: amportal restart.

CallerID Superfecta Setup. CallerID Superfecta needs to know your maint password in order to access the necessary modules to retrieve CallerID information for inbound calls. Just click Setup, CID Superfecta, and click on Default in the Scheme listings in the right column. Scroll down to the General Options section and insert your maint password in the Password field. You may also want to enable some of the other providers and adjust the order of the lookups to meet your local needs. Click Agree and Save once you have the settings adjusted. One terrific feature of CID Superfecta is the ability to test a phone number and see what results are returned by different services. It also tells you how long the various lookups are taking. Use this tool to narrow down the number of services you need and minimize the delay in answering inbound calls.

General Settings. Last, but not least, we need to enter an email address for you so that you are notified when new FreePBX updates are released. Scroll to the bottom of the General Settings screen after selecting it from the left panel. Plug in your email address, click Submit, and save your changes. Done!

Adding Plain Old Phones. Before your new PBX will be of much use, you're going to need something to make and receive calls, i.e. a telephone. For today, you've got several choices: a POTS phone, a softphone, or a SIP phone. Option #1 and the best home solution is to use a Plain Old Telephone or your favorite cordless phone set (with 8-10 extensions) if you purchase a little device known as a Sipura SPA-3102. It's under $70. Be sure you specify that you want an unlocked device, meaning it doesn't force you to use a particular service provider. This device also supports connection of your PBX to a standard office or home phone line as well as a telephone.

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you'll want a real SIP telephone such as the $50 Nortel color videophone we've recommended previously. You'll also find lots of additional recommendations on Nerd Vittles and in the PBX in a Flash Forum. If you're like us, we want to make damn sure this stuff works before you shell out any money. So, for today, let's download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using 201 for your extension and your actual password for extension 201. Then plug in the actual IP address of your PBX in a Flash server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

Enabling Google Voicemail. Some have requested a way to retain Google's voicemail system for unanswered calls in lieu of using Asterisk voicemail. The advantage is that Google offers a free transcription service for voicemail messages. To activate this, you'll need to edit the [googlein] context in extensions_custom.conf in /etc/asterisk. Just modify the last four lines in the context so that they look like this and then restart Asterisk: amportal restart

;exten => s,n(regcall),Answer
;exten => s,n,SendDTMF(1)
exten => s,n(regcall),Set(DIAL_OPTIONS=${DIAL_OPTIONS}aD(:1))
exten => s,n,Goto(from-trunk,gv-incoming,1)

But I Don't Want to Use Google Voice. If you'd prefer not to use Google Voice at all with PBX in a Flash, that's okay, too. Here's how to disable it and avoid the chatter in the Asterisk CLI. Log into your server as root and edit /etc/asterisk/modules.conf. Change the first three lines in the [modules] context so that they look like this. Then restart Asterisk: amportal restart.

autoload=yes
noload => res_jabber.so
noload => chan_gtalk.so

Where To Go From Here. We've barely scratched the surface of what you can do with your new PBX in a Flash system. If you're new to all of this, then your next step probably should be the latest Incredible PBX 2.0 tutorial. It's a 5-minute addition that installs nearly 50 Asterisk applications that will keep you entertained for the rest of the year. If you'd prefer to do it yourself, that's okay, too. We'd also recommend you set up an alternate VoIP provider. You can't beat Vitelity, and they also happen to provide financial support to both Nerd Vittles and the PBX in a Flash projects. See the special pricing in the section below. Enjoy!

Originally published: Tuesday, September 27, 2011


Great News! Google Plus is available to everyone. Sign up here and circle us. Click these links to view the Asterisk feed or PBX in a Flash feed on Google+.




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

Virtual Paradise: 1-Minute Asterisk Installs with PIAF-OpenVZ

One of the real beauties of hosting your own Proxmox server is the flexibility it gives you to create and load a wide variety of virtual machines that each appear to users to be dedicated servers. This could include a dozen Asterisk servers, or it might be a mix of a dedicated Apache server, a Windows Server, an Asterisk server or two, as well as Joomla, Drupal, Zimbra, and many others from this list. The other obvious advantage is cost. Individual Asterisk servers can be had for $300 or less to host a small branch office. But a Proxmox server such as Dell's current offerings can host a dozen dedicated systems for about $50 per server.

Today we have two really terrific OpenVZ templates for PBX in a Flash to introduce. One features CentOS 5.5, and the other includes the just released CentOS 5.7. The choice is yours! Both allow you to create unlimited PIAF virtual machines in exactly 1 minute per server! And you can boot your new virtual machines in less than 90 seconds apiece. These new PIAF-OpenVZ templates include the usual PBX in a Flash Feature Set with some extra bells and whistles: Asterisk 1.8.6.0, FreePBX 2.8, Google Voice for free calling in the U.S. and Canada, Tom King's latest Apache, PHP, PHPMyAdmin security updates, Andrew Nagy's EndPoint Manager and CallerID Superfecta, as well as AsteriDex, Telephone Reminders, and Hotel WakeUp Call modules for FreePBX.

If you haven't heard of OpenVZ templates before, you've missed one of the real technological breakthroughs of the last decade. Rather than wading through the usual 30-60 minute ISO installation drill, with an OpenVZ template, all of the work is done for you. And it's quick. You can build a dozen PIAF-Purple systems using an OpenVZ template in the time it takes to bake a pan of slice-and-bake cookies. And it's incredibly easy to then tie all of these systems together using either SIP or IAX trunks. Just follow our previous tutorial. For resellers and developers that want to try various Asterisk configurations before implementation and for trainers and others that want to host dedicated Asterisk systems for customers, the OpenVZ platform is a perfect fit.

We'll start with the bad news before we get to the really exciting new Asterisk platform we're introducing today. All of the current Proxmox server software that supports OpenVZ virtual machines has a serious security flaw. For that reason, you would only want to run Proxmox behind a hardware-based firewall with no Internet port exposure. If you fail to heed this warning, you run the very real risk of having not only your Promox server compromised but also all of the virtual machines running on it. The good news is that this security flaw does not appear to affect the PBX in a Flash virtual machines which we are introducing today. Since no direct Internet access is required to have a perfectly functioning PIAF server, we still strongly recommend never exposing any server to direct Internet access. MORAL: No Internet port exposure for any of your servers means you can sleep like a baby. We recommend Proxmox 1.8 which is a free download from the Proxmox VE web site. To get optimum use from a Proxmox, you'll also want a processor in your server that supports Kernel-based Virtual Machines (KVMs). This full virtualization solution requires an x86 processor containing virtualization extensions (Intel VT1 or AMD-V CPU2 is needed). HINT: Most of Dell's servers are not a problem. Regardless of the server you choose, make certain that you check the CPU specs before you buy. Also be aware that, in addition to Proxmox, there are many other OpenVZ platforms from which to choose.

Installing Proxmox. If you go the Dell route, you'll need an external USB CD or DVD drive to install Proxmox. Dell's optical drives aren't supported in the Proxmox boot image. So begin by downloading the Proxmox VE 1.8 ISO image and create your CD. Then boot your new server from the CD (by pressing F11 for the boot selection screen and choosing your USB external drive on Dell servers). Press Return to begin the install, agree to the license agreement, and click Next on the installer screen to begin. Choose your country, time zone, and keyboard layout. Next choose a secure password and provide a valid email address which is used to send you critical alerts from your Proxmox server. Finally, choose a hostname, specify a fixed IP address, netmask, gateway, and DNS servers and then press Next. Three minutes later, you'll have a new Proxmox server. Log in to your server as root and create a directory for your backups: mkdir /backup.

Enabling IPtables Firewall. IPtables works a little differently in the OpenVZ environment. It actually runs on the Proxmox host. There are just two steps to get it working. First, shut down every running VM on your Proxmox server using the web interface. When you're sure they're all stopped and while logged into your Proxmox server as root carefully enter the following two commands. Note that, because of the length, the sed command stretches to several lines which should be unraveled into a single line for the command to execute properly! Using a block-copy from a desktop machine to your SSH session is the safest method.

sed -i 's|ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length|ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp|' /etc/vz/vz.conf

/etc/init.d/vz restart

Don't forget to set the system time on your server: dpkg-reconfigure tzdata

You're finished on the CLI at this point. Now you'll be able to configure IPtables within each of your OpenVZ virtual machines as explained below.

OpenVZ vs. ISO Images. One of the beauties of Proxmox is that it supports two different types of images to create virtual machines. An OpenVZ template is akin to a snapshot of an existing system while an ISO image is identical to the installer you normally would burn onto a CD in order to install a software application on your server. In short, you still have to go through the installation scenario when you create a virtual machine (KVM) from an ISO image. A virtual machine created from an OpenVZ image is ready for use the moment it is created. If you remember when instant-on televisions first were introduced, you'll also appreciate the difference in boot times between OpenVZ and KVM machines which boot an application installed from an ISO in much the same manner as you would experience on a standalone machine.

As with life, there's a dark cloud lurking behind every silver lining, and this is especially true in the Asterisk environment. OpenVZ containers rely upon a shared kernel, the one that actually boots the Proxmox server. KVM containers created from ISO images are self-contained with their own complete operating system and kernel. Thus, zaptel or dahdi cannot be loaded directly from an OpenVZ container. Instead one must rely upon a shared version of zaptel or dahdi loaded on the Proxmox server itself. As it turns out, this is no small feat and certainly not a task for mere mortals. Bottom Line: If you need conferencing or otherwise need a timing source for your Asterisk deployment, you will not want to use the OpenVZ approach at least for now. If you want to try it later, here is the message thread on the PBX in a Flash Forum. On the other hand, if you have more traditional VoIP requirements for your PBX, then the ease of installation and use of the OpenVZ image makes perfect sense. So let's start there assuming you understand the limitations.

Installing PIAF-OpenVZ Template. Using a web browser, download one of the new PIAF-OpenVZ images to your Desktop. Once you have the OpenVZ image in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF-OpenVZ image on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. You can also do this directly within the Proxmox server by logging in as root and issuing the following commands to install the latest CentOS 5.7 PIAF-OpenVZ template:

cd /var/lib/vz/template/cache/
wget http://nerd.bz/p8UjwY

To install the CentOS 5.5 PIAF-OpenVZ template, here are the commands:

cd /var/lib/vz/template/cache/
wget http://nerd.bz/p45qzi

Creating OpenVZ Virtual Machines. Once installed, you can build Asterisk 1.8.6.0 virtual machines to your heart's content... in about a minute apiece. Just choose Virtual Machine, Create to create a new virtual machine using the OpenVZ template you just uploaded. In the Configuration section, choose OpenVZ for the Type and pick your new OpenVZ template from the pulldown list. Fill in a Host Name, Disk Space maximum (in GB), and a very secure (root) Password. The other defaults should be fine. In the Network section of the form, change to the Bridged Ethernet (veth) option which means the VM will obtain its IP address from your DHCP server. Make sure your DNS settings are correct for your LAN. Here's how a typical OpenVZ creation form will look. Just click on the image to enlarge.

Once the image is created, start up the virtual machine, wait about 90 seconds for the system to load, and then click on Open VNC Console. Asterisk will be loaded and running. You can verify this on the status display. You can safely ignore the status messages pertaining to IPtables assuming iptables -nL shows that IPtables is functioning properly. You now have a PIAF-Purple base platform running Asterisk 1.8.6.0 and FreePBX 2.8.1. REMINDER: Be sure you always run both Proxmox AND your virtual machines behind a hardware-based firewall with no port exposure to the Internet!

The FreePBX login credentials are username: maint and password: password11. This is anything but secure. Before you do anything else, log into your virtual machine using SSH and run passwd-master to secure the passwords for FreePBX GUI access to your system. Also be sure to set the correct time zone on your virtual machine: system-config-date.3 Don't forget!

Once you have secured your passwords, you're ready to set up Asterisk to make and receive calls. For the complete 5-minute tutorial, see this Nerd Vittles article. The steps are identical with Asterisk 1.8.6.0 and Asterisk 10. REMINDER: Once you have set up a Google Voice account, created an extension with a secure password, and created an inbound route for your incoming calls, don't forget to reload Asterisk from the CLI or Google Voice calling will fail: amportal restart.

Asterisk CLI Change. Finally, just a heads up that (once again) the Asterisk Dev Team appears to have changed the default behavior of the Asterisk CLI. With Asterisk 1.8, if you make outbound calls after loading the CLI, you will notice that call progress no longer appears in the CLI. To restore the standard behavior (since Moses), issue the following command: core set verbose 3. :roll:

Securing IPtables with a WhiteList. If you're running your virtual machines behind a hardware-based firewall with no Internet port exposure AND all of those on your private LAN are trusted, you can quit here. Otherwise, you need to lock down the IPtables firewall on your virtual machines to only permit access from trusted IP addresses. As delivered, all private IP addresses are authorized and a number of dangerous Internet services also are accessible. Here's how to fix it. Log into each VM and edit /etc/sysconfig/iptables: nano -w iptables. Change the section of entries that look like the following by inserting a # at the beginning of each entry. Once you've added the # characters, your entries should look like this:

#-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT
#-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
#-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT
#-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT

Now scroll down a bit in the file and find the entries that look like the following:

-A INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT
-A INPUT -s 172.16.0.0/255.240.0.0 -j ACCEPT
-A INPUT -s 10.0.0.0/255.0.0.0 -j ACCEPT
-A INPUT -s 127.0.0.0/255.0.0.0 -j ACCEPT

Immediately below these private network entries, enter the actual IP addresses that are needed to administer your virtual machine. Also include the IP addresses of any remote telephones that are not covered by the private LAN entries above. Each entry should look like the following using the actual IP addresses needed:

-A INPUT -s 111.222.111.222 -j ACCEPT

IMPORTANT: Make sure you've included an entry for the IP address from which you currently are accessing your server, or you will lock yourself out of your server. Then restart IPtables: service iptables restart. Verify that the entries are the way you expect: iptables -nL. Now, with a browser, attempt to access the IP address of your virtual machine from an untrusted IP address, e.g. your cellphone. Then repeat from a trusted IP address. If all is well, you're done.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. There are similar settings in gtalk.conf that can be activated although we've never had to use them. In fact, we've never had to use any of these settings. After making these changes, save the file(s) and restart Asterisk: amportal restart.

Quirks, Gotchas, and Updates. The only quirk you will notice in the current virtual machines is that the status display incorrectly shows IPtables is not running. This is because it actually is hosted on the Proxmox host. For the latest breaking news and updates about PIAF-OpenVZ, visit this thread on the PIAF Forum. Enjoy!

Originally published: Tuesday, September 20, 2011


Breaking News. Google Plus is now available to everyone. Sign up here and join us. And wait 'til you read the Google Hangouts News. Now it's easy to view the Asterisk feed or PBX in a Flash feed on Google+.




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

  1. Be very careful choosing Intel processors. Even some high-end processors do not support Intel Virtualization Technology. Here's the official list. []
  2. And here is a useful reference for AMD-compatible processors. The AMD WIKI provides the following list of AMD-V compatible processors: "AMD's x86 virtualization extension to the 64-bit x86 architecture is named AMD Virtualization, also known by the abbreviation AMD-V, and is sometimes referred to by the code name 'Pacifica'. AMD processors using Socket AM2, Socket S1, and Socket F include AMD Virtualization support. AMD Virtualization is also supported by release two (8200, 2200 and 1200 series) of the Opteron processors. The third generation (8300 and 2300 series of Opteron processors) will see an update in virtualization technology..." []
  3. Getting the correct time in your VMs can be problematic with Proxmox. If you continually see the wrong time when you issue the date command after starting up your VMs, try this. Log into the Proxmox host and issue the following commands using the correct container number and your local time zone city for your virtual machine:

    vzctl stop 108
    vzctl set 108 --capability sys_time:on --save
    vzctl start 108
    vzctl enter 108
    mv /etc/localtime /etc/localtime.old
    ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
    exit

    []

Incredible PBX 1.8: New OpenVZ and Cloud Editions

Another exciting week in the Asterisk® community with the introduction of Asterisk 1.8.2 last Friday. It's now the official PIAF-Purple payload so you can simply download the current ISO to take it for a spin. Most of the pesky bugs in Asterisk 1.8.0 and 1.8.1 now have been addressed. Let us know if you find some new ones.

While the Asterisk Dev Team has been hard at work on Asterisk 1.8.2, we've turned our attention to the cloud and VoIP virtualization. We have three new products to introduce today. The first lets you install PIAF-Purple with Asterisk 1.8.2 using a new OpenVZ template. The second lets you run Incredible PBX 1.8 as a virtual machine using the new PIAF-Purple 1.8.2 OpenVZ template. Finally, we'll show you how to run Incredible PBX 1.8 in the cloud with hosted VoIP service from RentPBX.com for $15 a month with a free local phone number and free Google Voice calling in the U.S. and Canada. So let's get started.

Using the OpenVZ PIAF-Purple Template. If you haven't heard of OpenVZ templates before, you've missed one of the real technological breakthroughs of the last decade. Rather than wading through the usual 30-minute ISO installation drill, with an OpenVZ template, all of the work is done for you. And it's quick. You can build a dozen PIAF-Purple systems using an OpenVZ template in about 15 minutes with a per system cost of less than $50. See Comment #2 below for an extra special Dell half-price server deal this week. And it's incredibly easy to then tie all of these systems together using either SIP or IAX trunks. Just follow our previous tutorial. For resellers and developers that want to try various Asterisk configurations before implementation and for trainers and others that want to host dedicated Asterisk systems for customers, the OpenVZ platform is a perfect fit. Read our original two-part article to get up to speed on Proxmox, virtualization, and IPtables with OpenVZ. Then continue on here.

Thanks to Darrell Dillman (aka dad311 on the PIAF Forums), there already is a 64-bit OpenVZ template of PIAF-Purple with Asterisk 1.8.2. Just download the template to your Desktop and then, using the Proxmox console, choose Appliance Templates, Upload File to upload the OpenVZ template into your Proxmox server platform. Once installed, you can build Asterisk 1.8.2 virtual machines to your heart's content... in less than a minute apiece. Just choose Virtual Machine, Create to create a new virtual machine using the OpenVZ template you just uploaded. In the Configuration section, choose OpenVZ for the Type and pick your new OpenVZ template from the pulldown list. Fill in a Host Name, Disk Space maximum (in GB), and (root) Password. The other defaults should be fine. In the Network section of the form, change to the Bridged Ethernet (veth) option which means the VM will obtain its IP address from your DHCP server. Make sure your DNS settings are correct for your LAN. Here's how a typical OpenVZ creation form will look:

Once the image is created, start up the virtual machine, wait about 70 seconds for the system to load, and then click on Open VNC Console. Asterisk will be loaded and running. You can verify this on the status display. You can safely ignore the status messages pertaining to IPtables assuming iptables -nL shows that IPtables is functioning properly. With the exception of text-to-speech (TTS), you now have a PIAF-Purple base platform running Asterisk 1.8.2 and FreePBX 2.8. Be sure you always run it behind a hardware-based firewall with no port exposure to the Internet.

Before you do anything else, run passwd-master to secure the passwords for FreePBX GUI access to your system. Don't forget!

If you're planning to install Incredible PBX below or if you don't need text-to-speech on your system, you can skip this next step which gets 64-bit TTS installed. Otherwise, here are the commands to get it working:

cd /root
./install-flite

Note to Our Pioneers. To those that tested the new OpenVZ template this past week, THANK YOU! Be advised that we now have incorporated several of the recommended tweaks which were documented in the PIAF Forums. The install procedure outlined above explains the new behavior of the slightly improved OpenVZ template which now is available for download. We recommend you switch.

Asterisk CLI Change. Finally, just a heads up that (once again) the Asterisk Dev Team appears to have changed the default behavior of the Asterisk CLI. With Asterisk 1.8.2, if you make outbound calls after loading the CLI, you will notice that call progress no longer appears in the CLI. To restore the standard behavior (since Moses), issue the following command: core set verbose 3. :roll:

 


Installing Incredible PBX on OpenVZ Systems. We won't repeat the entire Incredible PBX article here. If you want the background on the product, read the latest article. To get everything working with an OpenVZ system, there are only three steps:

1. Set Up Your Google Voice Account
2. Run the Incredible PBX VM Installer
3. Configure a Softphone

Configuring Google Voice. You'll need a dedicated Google Voice account to support The Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So why take the chance. Keep this account a secret!

We've tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with The Incredible PBX. Google Voice no longer is by invitation only so, if you're in the U.S. or have a friend that is, head over to the Google Voice site and register. If you're living on another continent, see MisterQ's posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work... in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it's over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don't skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you'd like in Settings, Voice Setting, Phones. But...

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That's the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don't see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you're still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call Screening - OFF
  • Call Presentation - OFF
  • Caller ID (In) - Display Caller's Number
  • Caller ID (Out) - Don't Change Anything
  • Do Not Disturb - OFF

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Running The Incredible PBX Installer. Log into your server as root and issue the following commands to set up The Incredible PBX:

cd /root
rm incrediblepbx18-vm.x
wget http://incrediblepbx.com/incrediblepbx18-vm.x
chmod +x incredible*
./incrediblepbx18-vm.x
passwd-master

When The Incredible PBX install begins, you'll be prompted for the following:

Google Voice Account Name
Google Voice Password
Google Voice 10-digit Phone Number
Gmail Notification Address
FreePBX maint Password

The Google Voice Account Name is the Gmail address for your new dedicated account, e.g. joeschmo@gmail.com. Don't forget @gmail.com! The Google Voice Password is the password for this dedicated account. The Google Voice Phone Number is the 10-digit DID for this dedicated account. We need this if we ever need to go back to the return call methodology for outbound calling. For now, it's not necessary. But who knows what the future holds. :roll: The Gmail Notification Address is the email address where you wish to receive alerts when incoming and outgoing Google Voice calls are placed using The Incredible PBX. And your FreePBX maint Password is the password you'll use to access FreePBX. You'll actually set it by running passwd-master after The Incredible PBX completes. We need this password to properly configure the CallerID Superfecta for you. By the way, none of this confidential information ever leaves your machine... just in case you were wondering.

Now have another 5-minute cup of coffee, and consider a modest donation to Nerd Vittles... for all of our hard work. :wink: You'll find a link at the top of the page. While you're waiting (and so you don't forget), go ahead and configure your hardware-based firewall to support Google Voice. See the next section for what's required. Without completing this firewall configuration step, no calls will work! When the installer finishes, READ THE SCREEN just for grins.

Here's a short video demonstration of the original Incredible PBX installer process. It still works just about the same way except there's no longer a second step to get things working.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Before you do anything else, run passwd-master again to resecure the passwords for FreePBX GUI access to your system. Don't forget!

Firewall Configuration. We hope you've taken our advice and installed a hardware-based firewall in front of The Incredible PBX. It's your phone bill. You'll need to make one adjustment on the firewall. Map UDP 5222 traffic to the internal IP address of The Incredible PBX. This is the port that Google Voice uses for phone calls and Google chat. You can decipher the IP address of your server by logging into the server as root and typing status.

Extension Password Discovery. If you're too lazy to look up your extension 701 password using the FreePBX GUI, you can log into your server as root and issue the following command to obtain the password for extension 701 which we'll need to configure your softphone or color videophone in the next step:

mysql -uroot -ppassw0rd -e"select id,data from asterisk.sip where id='701' and keyword='secret'"

The result will look something like the following where 701 is the extension and 18016 is the randomly-generated extension password exclusively for your Incredible PBX:

+-----+-------+
id         data
+-----+-------+
701      18016
+-----+-------+

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you'll want a real SIP telephone such as the $50 Nortel color videophone we've recommended above. You'll also find lots of additional recommendations on Nerd Vittles and in the PBX in a Flash Forum. If you're like us, we want to make damn sure this stuff works before you shell out any money. So, for today, let's download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using your actual password for extension 701 and the actual IP address of your Incredible PBX server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

Incredible PBX Test Flight. The proof is in the pudding as they say. So let's try two simple tests. First, let's place an outbound call. Using the softphone, dial your 10-digit cellphone number. Google Voice should transparently connect you. Answer the call and make sure you can send and receive voice on both phones. Second, from another phone, call the Google Voice number that you've dedicated to The Incredible PBX. Your softphone should begin ringing shortly. If not, make certain you are not logged into Google Chat on a Gmail account with these same credentials. If everything is working, congratulations!

Here's a brief video demonstration showing how to set up a softphone to use with your Incredible PBX, and it also walks you through several of the dozens of Asterisk applications included in your system.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. There are similar settings in gtalk.conf that can be activated although we've never had to use them. In fact, we've never had to use any of these settings. After making these changes, save the file(s) and restart Asterisk: amportal restart.

 


 

Running Incredible PBX in the Cloud. We've saved the best for last today. For many folks, you may want to experiment with VoIP technology without making a hardware investment and without having to master the intricacies of managing your own server and network. That's what Cloud Computing is all about. And we've searched far and wide to find you the perfect platform. As with many of you, one of our top priorities is always cost. While many providers were willing to provide Nerd Vittles with a few sheckles for pitching their product, only one stepped forward with a price point that we think is irresistible. And, for the record, we waived any compensation other than a few test accounts to get things working properly, so that all of the savings could be passed on to you! So here's the deal. $15 a month gets you your own PIAF-Purple server in the cloud at RentPBX.com. Just use this coupon code: BACK10, pick an east coast or west coast server to host your new system, choose the PIAF-Purple 1.7.5.5.4 install option, set up a username and very secure password, and you're off to the races. Once your account is established, here's the 5-minute procedure to install the special RentPBX-edition of Incredible PBX to begin making free calls in the U.S. and Canada through Google Voice.

Begin by Configuring Google Voice as outlined above. Then log into your RentPBX account using SSH and the port assigned to your account. For Windows users, download Putty from here. The SSH command will look something like this:

ssh -p 21422 root@209.249.149.108

Issue the following commands to download and run The Incredible PBX installer for RentPBX:

cd /root
wget http://incrediblepbx.com/incrediblepbx18-rentpbx.x
chmod +x incrediblepbx18-rentpbx.x
./incrediblepbx18-rentpbx.x
passwd-master

Now just follow along in the Incredible PBX virtual machine tutorial which we've included above. Remember that your new Incredible PBX is sitting directly on the Internet! So don't forget to run passwd-master when you finish the install, or your system is vulnerable. Ours was attacked within minutes!

Securing Your RentPBX Server. With the exception of our WhiteList application, everything is working on your RentPBX server. While we continue to work on the WhiteList component (reread this section of the article in a week or so to get the latest updates), you need to secure your system to avoid endless hack attempts on your SIP resources. Here's how. First, write down the IP addresses of your RentPBX server and your home network. Second, print out your existing IPtables configuration. The file to print is /etc/sysconfig/iptables. Third, make a backup copy of the file. While logged into your server with SSH, the easiest way is like this:

cd /etc/sysconfig
cp iptables iptables.bak

Now we need to edit the iptables file itself: nano -w iptables. Then search for the line that contains 5060: Ctrl-W, 5060, Enter. At the beginning of this line, add # to comment out the line. With the cursor still on this line, press Ctrl-K then Ctrl-U twice. This will duplicate the line. Move to the second commented line and remove #. Use the right cursor to move across the line to --dport. Then insert the following using the IP address of your RentPBX server, e.g.

-s 229.149.129.248

Be sure there's at least one space before and after the new text. Now duplicate that line with Ctrl-K and Ctrl-U twice. Change the IP address on the second line to the public IP address of your home or office network. Repeat this process for every IP address where you intend to use a SIP phone connected to your RentPBX server. Make additional entries for your SIP providers as well. If you want to sleep better, you can make similar changes to the SSH port entry to restrict it to your home/office IP address. It's the line immediately above the 5060 entry. Ditto for port 80 which is web access. Be very careful here. A typo will lock you out of your own server! When you're finished, save the changes: Ctrl-X, Y, Enter. Then restart IPtables: service iptables restart.

As always, we strongly recommend that you not put all of your VoIP eggs in one basket. Google Voice does go down from time to time. Vitelity is a perfect complement because the costs are low and you only pay for the service you use. A discount sign up link is below. And Vitelity has contributed generously to both the Nerd Vittles and PBX in a Flash projects. So please support them. Enjoy!

Originally published: Monday, January 17, 2011




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

Asterisk Virtual PBX Perfection: PiaF + Proxmox, Part II

Taming the OpenVZ beast to support Asterisk® virtualization has been interesting. Reminds me of laying track in front of a steaming locomotive. The demand for a solid, stable Asterisk-based Virtual PBX is overwhelming based upon the visitor count we've recorded. So we wanted to get it right! If you haven't visited the original article in a few days or if you've just landed here, start there. Then come back.

Security WARNING: Always run Proxmox behind a secure, hardware-based firewall with no port exposure to the Internet. Review this message thread for the reasons why.

If you're new to the virtualization world, the beauty of OpenVZ templates running on a Proxmox VE server is that you can create a fully-functional PBX in a Flash system in just under 15 seconds. If you want a dozen fully functional PBXs, the creation time jumps to a whopping 3 minutes. And OpenVZ images load almost instantly with a choice of either dynamic or static IP addresses. Add another 5 minutes to run the new Orgasmatron V installer, and you've got a turnkey, state-of-the-art PBX with dozens of preconfigured Asterisk applications plus free calling in the U.S. and Canada courtesy of Google Voice.

For normal PBX operations, last week's 32-bit PBX in a Flash OpenVZ template was just about perfect. But there were two wrinkles. First, conferencing didn't work because there was no timing source (aka Zaptel/DAHDI). You'll recall that both Zaptel and DAHDI are tied to the Linux kernel. And, with OpenVZ templates, the kernel lives on the Proxmox server. Because Proxmox is a 64-bit native application, its kernel wasn't accessible to 32-bit apps such as last week's template. Second, there's a Denial of Service security issue with the version of IAX2 installed in the default build of PBX in a Flash which you already know about if you've been following us on Twitter or if you subscribe to the PIAF RSS Feed.

So we had our work cut out for us this week. We wanted to kill two birds with one stone by delivering a 64-bit version of PBX in a Flash with conferencing support that also addressed the IAX2 security issue. The nice part of IAX is that you really only need to expose the IAX port through your firewall on one server. Then all of your remaining servers can register to the new safe server (using any version of Asterisk) while remaining safely ensconced behind hardware- based firewalls to avoid DOS attacks.

Overview. There are five pieces to this week's puzzle. First, you need a functioning Proxmox VE 1.3 server. Second, you need to install the new 64-bit PBX in a Flash OpenVZ template on your Proxmox server. Third, you need to create at least one OpenVZ virtual machine (VM) using the new PIAF 64-bit template. Fourth, you need to install and activate DAHDI on your Proxmox server. And finally, you need to enable DAHDI on each of the virtual machines created in step #3.

Installing Proxmox. We're assuming you've already purchased an appropriate hardware platform for Proxmox and have your Proxmox VE 1.3 server up and running. If not, start with last week's article. Be sure to read the footnotes to make certain you purchase hardware that actually can run Proxmox! NOTE: The new Proxmox VE 1.4 beta does not yet have all of the tools necessary to enable conferencing so make certain you install the current 1.3 release.

Installing PIAF 64-bit OpenVZ Template. Using a web browser, download the new PBX in a Flash 64-bit OpenVZ template to your Desktop. Our special thanks to Wolf Paul for his continuing help in teaching us how to build these templates. Once you have the OpenVZ template in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF 64-bit OpenVZ template on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. And, as Joe Roper has pointed out, you can do this directly within the Proxmox server by logging in as root and issuing the following commands.

cd /var/lib/vz/template/cache/
wget http://nerd.bz/dnlkWr


Creating a PIAF 64-bit Virtual Machine. Now you're ready to create your 64-bit virtual machine. Click on Virtual Machines and then the Create tab. Accept the default OpenVZ Container type. For the Template, choose centos-5.0-pbxinaflash_1.4.0-3_x86_64. Now give your virtual machine a host name that will help you distinguish it from other VMs on your Proxmox server. Create a secure root password for your new VM. We recommend a minimum memory and swap memory size of 512MB and a minimum disk size of 20GB. You can experiment with these to find the best fit on your server. It only takes about 15 seconds to create an OpenVZ virtual machine so trial-and-error isn't painful.

You have a choice of Network Types. With Virtual Networks (venet), you need to designate a static IP for your virtual machine. With Bridged Ethernet (veth), an IP address is assigned by your DHCP server. Be aware that our status app currently won't display venet-assigned IP addresses, but ifconfig will. There are some other significant differences including network security that you may wish to review. To keep things simple, choose Bridged Ethernet as shown in the screen shot above. As mentioned, we'll depend upon your DHCP server to assign a dynamic IP address. You can lock it down on your router to assure that the same IP address always is assigned to this virtual machine. Finally, provide a DNS domain for the new VM and assign at least one DNS server. The IP of your gateway router/firewall usually will suffice. Click create when you have filled in all the blanks.

To start the OpenVZ virtual machine, click on the List tab. Then click on the 64-bit VM you wish to run. When the details display, click the Start button. Within a couple seconds, your VM will start up. Now click on the Open VNC Console link which provides you a command line interface to the now running virtual machine. Type ifconfig several times until you get a display showing your network interfaces. If no IP address is shown for eth0, type: service network restart. You only need to do this the first time your new virtual machine is started. Once the network reloads, you should be good to go. Type status and the IP address of your new VM should display.

Before you do anything else, change the web passwords for your virtual machine to something that is really secure. Just type passwd-master and answer the prompts. You now can close the VNC window after writing down the IP address and VM ID of your new virtual machine.

NOTE: Unlike the 32-bit version from last week, it is not necessary to generate new SSH server keys for PIAF 64-bit virtual machines. These will be generated automatically the first time you start up the VM.

Installing DAHDI on the Proxmox Server. At the outset, we want to express our deep appreciation to Joe Roper, one of the founders of the PBX in a Flash project, for his work in putting together a simple script to install and activate DAHDI on the Proxmox server. In addition, the script spawns another script which makes it easy to activate DAHDI for any PIAF 64-bit virtual machines desired. For our European friends that ever have the need for an Asterisk consultant, you can do no better than Joe Roper. Thanks, Joe!

To begin, log into your Proxmox server as root and issue the following commands:

cd /root
wget http://nerd.bz/dahdi
apt-get -y update
apt-get -y install zip
unzip install-dahdi.zip
rm install-dahdi.zip
chmod +x install-dahdi.sh
./install-dahdi.sh

Activating DAHDI for Designated Virtual Machines. By default, DAHDI is not activated on any of the virtual machines you create. To activate it and enable conferencing, log into your Proxmox server as root and issue the following command: pabx-enable-conference. When prompted to enter the VM ID of the virtual machine to be activated, type in the number (e.g. 101) and press Enter. After activation is complete, use a web browser to access the Proxmox GUI. Start up the virtual machine if it is not already running. Then, either log into the VM with SSH as root or choose Open VNC Console. From the CLI, type amportal restart to reload Asterisk. Once you have created at least one extension and one conference using the FreePBX GUI, you should be able to dial into the conference successfully. If you get an error about a missing TUN device, see comment #1 below for the fix. Enjoy!


Article of the Week. Justin West's Free Homebrew VoIP with Google Voice and Intel Atom


Enhanced Google Maps. In case you haven't noticed, we've added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We'll show you how to add something similar to any LAMP-based Linux system in coming weeks. It's a powerful technology that has enormous potential. If you're unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

Ringbinder theme by Themocracy