Home » Posts tagged 'openvz'

Tag Archives: openvz

The Most Versatile VoIP Provider: FREE PORTING

The 30-Second PBX: Introducing Proxmox 4 for the Intel NUC and Asterisk 13

With the advent of cloud-based computing and desktop virtual machine platforms like VirtualBox, we haven’t played with dedicated hardware for Asterisk® in a couple of years. WOW! It’s just amazing the quantum leaps in miniaturization, price, and performance that have transpired during our absence. Last week, we introduced a dedicated server platform for under $200 that could serve as a small business PBX for almost any 20-30 person organization. Today, meet Big Brother. You’re looking at all the components that make up the $500 Intel® NUC D54250WYK with a Core i5 dual-core processor, a 250GB mSATA drive, and 16GB of RAM. While you install the RAM and disk drive yourself, if you can unscrew 5 screws and have 5 minutes to spare, you can handle this. With the addition of the just released (free) Proxmox 4 virtualization platform, it can run a half dozen powerful stand-alone applications without ever breaking a sweat. Little wonder that Digital Ocean and CloudAtCost are all but giving away server resources. They almost have to given the developments in stand-alone hardware.

Buying Your Hardware

So here’s how we started. Of course, you can adjust the components and the merchant to meet your own requirements. For us, Amazon1 works great, and the prices are competitive. Who else delivers on Sunday? Despite the notice that the computer would be here on Monday, we knew better. And sure enough it was in the box with the other Sunday goodies. Remove the four screws from the bottom feet of the computer, and the case opens easily. Next, unscrew the screw from the bottom of the motherboard that holds the SSD drive in place securely. Snap in the mSATA drive and the two memory sticks, replace the screws, and you’re in business.

Initial Setup of the Intel NUC Platform

Our unit actually came with the latest BIOS preinstalled, but you’ll want to always upgrade the BIOS on any Intel motherboard. Everything generally gets better with each new upgrade. The rest of the firmware is fine as is unless you plan to use the computer as a Windows machine. You’ll find all the downloads here. The firmware you want is version 0041, and the file you want is WY0041.BIO. Copy it to the top level directory of a DOS-formatted USB flash drive using any desktop computer. On the Intel NUC, plug in a USB keyboard and mouse as well as the USB flash drive and a USB CD/DVD drive. Then connect a network cable. Finally, connect a monitor using a microHDMI to HDMI cable, and you’re all set. Once we’re finished configuring the Intel NUC, you can stick it on a shelf that has power and a network connection. No other peripherals are necessary as everything can be managed through SSH or a web browser.

To upgrade the BIOS, boot the computer by plugging it in and pressing the power button on top. Press F7 during the initial POST, choose the USB flash drive, select the .BIO file, and press ENTER. Once the BIOS is loaded, the machine will reboot.

Introducing Proxmox 4.0 Virtual Environment

When it comes to virtualization, we’ve been big fans of Proxmox for a very long time. We introduced Proxmox for VoIP virtualization over six years ago. Things have come a long way since then. And Proxmox VE 4.0 is the culmination of years of hard work by a very talented development team. You can read all about the new feature set and support for KVM and Linux Containers here. Our own take on virtualization is that OpenVZ templates were appealing because they installed and loaded quickly. The downside was they shared a single (proprietary) kernel which often led to security issues and made firewall implementation at the virtual machine level difficult. Of course, any applications such as DAHDI that required kernel implementation were extremely complex to implement and use. Now that almost all of Intel’s and AMD’s processors support virtualization extensions (Intel VT or AMD-V), we were not one to shed tears when Proxmox dropped support for OpenVZ and replaced it with Linux Containers. In fact, for our purposes, they could have left out Linux Containers as well. They suffer from some of the same quirks that made OpenVZ implementations problematic. The platform we’ve chosen for VoIP implementation has full support for virtualization extensions which means you can load and run complex applications such as Windows and Incredible PBX just as if you were using standalone hardware. The only real difference is we’re going to provide a template for building KVM-based Incredible PBX virtual machines in under 30 seconds. So you’ll get the best of both worlds, standalone computer functionality coupled with jaw-dropping implementation speed. For those that train or support multiple independent organizations as well as those that love to tinker and experiment, our solution has no equal.

To begin, download the Proxmox VE 4.0 ISO and burn it to a CD or DVD.

As we mentioned last week, if you don’t happen to have one, LG’s tiny USB-powered DVD Writer is the best $25 you will ever spend. And they keep getting cheaper!

Installing Proxmox VE 4.0 on the Intel NUC

Now we’re ready to get started. Insert the Proxmox VE 4.0 CD into the drive connected to your Intel NUC and boot the machine. Press F10 during POST and choose the CD/DVD drive to start the Proxmox install. Accept the license agreement and fill in the blanks. The important piece is to give your server a hostname. Just be sure it starts with proxmox4, e.g. proxmox4.incrediblepbx.com or use your own domain: proxmox4.yourdomain.com. The actual domain becomes important only if your server will be directly connected to the Internet in which case the FQDN obviously matters. Otherwise, Proxmox needs the hostname to manage things internally. Assign a permanent IP address for your server or use DHCP to obtain an IP address and then reserve that IP address for use by Proxmox in your router’s settings. Either way works fine, but you don’t want the IP address changing down the road.

BIOS Adjustments to Support Proxmox VE 4.0

Once the Proxmox install completes, it’s time to reboot. During the POST, press F2 to access Intel’s Visual BIOS. If you followed along last week, you’ll recall that we made some changes to accommodate Legacy booting of the server in lieu of UEFI. This week we need a different approach because of some quirks in the Proxmox server implementation procedure. We pulled our hair out (what little is left) for a couple days wrestling with this because the server wouldn’t automatically boot in either Legacy boot mode OR UEFI mode. The reason is because Proxmox puts a GPT label on the drive signifying that it’s a UEFI-compatible device whether UEFI is disabled in the BIOS or not. This confuses the Intel NUC bootloader. So you end up with a boot failure and the cryptic message "No boot device found." Proxmox blames Intel for a buggy BIOS even though Intel developed the GPT specification. If you enjoy food fights, break out the popcorn and enjoy the dialog on the Proxmox Forum. Suffice it to say, there’s a difference of opinion about who should fix this. Here’s the easy way to resolve the impasse.

In Visual BIOS, click Advanced tab. Click Boot tab. Click Boot Priority. Make it look like this:

If the BuiltIn EFI Shell option doesn’t appear, don’t worry about it. Just press F10 to save your changes anyway. When your server reboots, it will drop into the EFI shell. Type the following commands pressing ENTER after each entry:

fs0:
echo "fs0:\EFI\proxmox\grubx64.efi" > fs0:\startup.nsh
startup.nsh

At this point, your server should boot into Proxmox. On reboot, the EFI shell will appear momentarily followed by an automatic boot into Proxmox. Solved!

Using Incredible PBX with Proxmox 4.0

You now have a functioning Proxmox server. When you reboot and login as root, the server will tell you how to access the Proxmox GUI with your browser. Before we put the necessary pieces in place to support Incredible PBX, we want to provide a very brief technical overview of how best to use Proxmox virtualization based upon our testing. Using a methodology similar to that demonstrated by AVOXI using Docker at this year’s AstriCon meeting, we use a backup image to instantiate "KVM containers." We hear some of you saying, "There’s no such animal." And right you are. The nomenclature is different, but the concept is similar. In fact, our simulated KVM Containers work exactly like OpenVZ and Linux Containers with none of the drawbacks of a shared kernel. And the good news is Proxmox 4 implements this perfectly through its backup and restore mechanisms. New kernel-based virtual machines can be created in under 30 seconds. Following initial login to a new KVM as root from the console, we individualize the KVM by randomizing passwords, creating new SSH credentials, and setting up a custom whitelist for the Incredible PBX IPtables firewall. The initialization procedure takes less than a minute and is only run the first time you log into your new KVM as root. The bash init script is here: /etc/profile.d/helloworld.sh.

Preliminary Setup Steps with Proxmox 4.0

The most important setup step is to put your Proxmox server behind a hardware-based firewall or configure the built-in firewall to keep out the bad guys. Proxmox has had their share of security vulnerabilities over the years so this is really critical. It’s beyond the scope of this article to walk through the entire firewall setup process, but you’ll find plenty of literature on the Proxmox Wiki and Forum as well as on the Internet. Each of your KVMs will have its own preconfigured whitelist using the IPtables firewall, and any of the Incredible PBX tutorials can walk you through adding and changing entries in those whitelists.

To use the backup and restore functionality of Proxmox, you’ll need to create a backup storage directory in the Proxmox GUI. After logging in as root, click Datacenter in the Server View, click the Storage tab, click the Add button, and choose Directory from the pulldown list. Fill in the blanks like this using VZDump Backup File for the Content type:

If you have access to a Cloud-based or local NFS device, it’s just as easy to create an additional backup directory on your NFS server. Follow the same steps and choose NFS from the Storage pulldown. With NFS, you must first set up a storage directory with NFS permissions for the IP address of your Proxmox server.

Last, but not least, you need to learn your way around in the GUI. proxmox4 is the name of your server if you followed our recommended setup for your hostname. Under the server, you will find entries for each of your KVM, Linux Containers (LXC), and other drives, e.g. local, backup, and synology.

To add a new LXC image to your server, choose local -> Content -> Templates, pick the desired LXC image, and click Download.

To add new ISO images to your server for building KVMs, choose local -> Content -> Upload, pick ISO Image as the Content type, choose the ISO from your desktop by pressing Select File, then click Upload button.

To start up Virtual Machines once you have created them, click on the VM number under proxmox and click Start. To access the virtual machine once it has begun booting, click Console.

To shutdown a KVM, click on the VM number under proxmox and click Shutdown. Or you can type halt after logging into the KVM as root from the KVM’s Console.

For a list of all available content, choose proxmox4 -> local -> Content.

Loading the Incredible PBX 13 Components into Proxmox 4.0

We need to put two pieces into place to get things rolling with Incredible PBX 13. There are two ways to create Incredible PBX 13 KVMs. You can do it manually from the IncrediblePBX13.iso just as you would on a stand-alone machine. Or you can restore from the IncrediblePBX13 KVM backup image to create a new KVM. The first method takes about 30 minutes. The second method takes less than 30 seconds. The choice is all yours. The results are exactly the same.

Before you can create KVMs, we need to put the Incredible PBX 13 backup image and the Incredible PBX 13 ISO in their proper places. To save some time and steps, we’re going to load the backup image by logging into the Proxmox server as root. For the ISO image, we’ll use the GUI.

To install the Incredible PBX 13 backup image, log into your server as root using SSH and issue these commands:

cd /
wget 'http://downloads.sourceforge.net/project/pbxinaflash/IncrediblePBX13-12 with Incredible PBX GUI/IncrediblePBX13-KVM.tar.gz'
tar zxvf IncrediblePBX13-KVM.tar.gz
rm IncrediblePBX13-KVM.tar.gz

To install the Incredible PBX 13 ISO image, first use a web browser to download IncrediblePBX13.iso to your desktop from SourceForge. Next, login to your Proxmox GUI and choose proxmox4 -> local -> Content -> Upload, pick ISO Image as the Content type, choose IncrediblePBX13.iso from your desktop by pressing Select File, then click the Upload button.

Your Incredible PBX 13 backup image should now appear under proxmox4 -> backup -> Content.

Your Incredible PBX 13 ISO image should now appear under proxmox4 -> local -> Content.

Building Your First Incredible PBX 13 Virtual Machine

To create a new Incredible PBX Virtual Machine, click the options in the order shown on the image above. Use any VM number desired. In less than 30 seconds, you’ll have your first 10GB Incredible PBX 13 Virtual Machine in place:

Initializing KVM Network Device MAC Address. If you ever create more than one KVM from the same backup image, you must initialize the network device’s MAC address before starting the KVM. Otherwise, you will get a conflicting network connection and a mess. Best practice: ALWAYS initialize the network device MAC address when you first create a new KVM from a backup. Click on the VM number in the left column under proxmox4. Then click the Hardware tab, click Network Device, and Edit. Erase the existing MAC address and click OK. Now it’s safe to start the KVM. The telltale sign that you forgot to do this will be a flaky network connection on one or more of your KVMs. If it happens, just delete the offending KVM and create a new one. You won’t forget but once. 😉

To start your new Incredible PBX Virtual Machine, click on the VM number in the left column under proxmox4. Then click the Start button on the right side of the Proxmox GUI header. The Tasks list at the bottom of the GUI will show it loading. Now click on the Console button at the top of the GUI to open a QEMU console session with your virtual machine. At the login prompt, login in as root with the default password: password. The startup script will complete the customization of your server in less than a minute. Then you’re ready to go. Complete the same configuration steps that you would on any new Incredible PBX server:

Change your root password and make it very secure: passwd
Create admin PW to access Incredible GUI and FreePBX® GPL modules: /root/admin-pw-change
Set your correct time zone: /root/timezone-setup
Create admin PW for web apps: htpasswd /etc/pbx/wwwpasswd admin
Make a copy of your Knock codes: cat /root/knock.FAQ
Decipher IP address and other info about your server: status

Now it’s time to pick up the Incredible PBX 13 tutorial for CentOS and continue on with your adventure if you’ve never done this before. Then take a good look at the Incredible PBX Application User’s Guide to get the most out of your new server.

Building a second, third, and fourth KVM is just as easy as building the first one.

Backing Up Incredible PBX 13 Virtual Machines

The real beauty of virtualization and Proxmox in particular is that you can make instantaneous backups of your virtual machine at any time whether the virtual machine is running or not. Those backups can be copied to off-site storage for safe keeping. The critical component of any server is the reliability of and ease with which you can recover from a catastrophic failure. It doesn’t get any easier than this.

To make a backup of your virtual machine to your backup directory, click on the VM ID number in the left column. Then click Backup -> Backup Now. Fill in the blanks of the backup template.

To make a backup of your virtual machine to a local or off-site NFS device, it’s just as easy. Click on the VM ID number in the left column. Then click Backup -> Backup Now. Fill in the blanks of the backup template. Makes you want to run right out and buy a Synology NAS/NFS device, doesn’t it?

Restoring a virtual machine from a backup is just as easy as it was to create the virtual machine image from our backup above. Just choose your backup image instead of the one we provided.

Backing up your virtual machines is only half the story, of course. It also is important to get a backup of the whole enchilada, i.e. the entire Proxmox server. Luckily, the latest version of Clonezilla works perfectly after you have applied the UEFI BIOS patch as documented above. Enjoy!

Originally published: Monday, October 19, 2015





Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. Some of our purchase links refer users to Amazon and other sites when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from merchants to help cover the costs of our blog. We never recommend particular products solely to generate commissions. However, when pricing is comparable or availability is favorable, we support Amazon and other merchants because they support us. []

The 5-Minute PBX: A Fresh Look at Oracle’s VirtualBox with Incredible PBX

Today we’re paying another visit to our favorite virtual machine platform and introducing four new VoIP images that let you compare features and performance of Asterisk® 11 running atop Ubuntu® 14 or Scientific Linux™ 6.5 with FreePBX® 2.11 or the just-released version 12 release candidate. Think of Incredible PBX™ as the VoIP glue stick that assembles all the necessary VoIP components and holds them together seamlessly. As with all Incredible PBX builds, you also get the full complement of goodies including dozens of text-to-speech apps, voice dialing, SMS messaging, fax support, reminders and wakeup calls, and SECURITY! The difference with the VirtualBox® platform is you get a turnkey install of everything on any desktop computer in less than 5 minutes! That includes Windows PCs, Macs, Linux desktops, and even Solaris machines.

Is VirtualBox merely a sandbox for experimentation? Absolutely not. With any of the beefier desktop computers available today, running Incredible PBX as a 24/7 VirtualBox image is every bit as feature rich with stellar performance that’s equivalent to using dedicated hardware. And there are some added advantages. Obviously, deploying a turnkey VoIP platform in under 5 minutes is a major plus. But, unlike using a dedicated Linux platform, you also get the ability to take snapshots of your system and do full backups in minutes instead of the hours required to bring down dedicated hardware, load a different backup application using a different operating system, perform a backup, and then reboot your VoIP server. And your backups won’t just run on the one server on which the backup was performed. You can restore the backup to any other computer that can run VirtualBox. For any of you that came from a network management background, you know what a big deal that really is. And there’s one more bonus. With Incredible Backup and Restore, you can move your image to dedicated hardware running the same operating system with Asterisk 11 and the same version of FreePBX in minutes.

Need to deploy VoIP servers at dozens of sites around the globe? Not a problem with VirtualBox. Just send a preconfigured VirtualBox image to each site and install VirtualBox on a local desktop computer. In 5 minutes, you have a functional VoIP server including interconnectivity to all of your other VoIP servers with a virtual private network already in place to provide secure VoIP connectivity between all of your sites.

Are there security compromises using the VirtualBox platform? Not at all. Incredible PBX still comes preconfigured with the Linux IPtables firewall that is locked down to a whitelist of local area networks, preferred providers, and your own IP addresses. You can expand the whitelist using the add-ip and add-fqdn scripts or use PortKnocker and Travelin’ Man 4 tools to let remote users gain instant access.

Why four different Incredible PBX images? Glad you asked. Ubuntu and Scientific Linux are a bit like French and Spanish. They’re both languages for communicating, but many of the words are different. Some prefer one or the other so now you have a choice. As for the FreePBX options, let us put in a plug for the FreePBX 12 release candidate. The FreePBX Dev Team has invested thousands of hours in this new software. It shows! Please take it for a spin and give the developers some feedback. To move to Asterisk 12 and 13, you’re going to need FreePBX 12 so you might as well start getting used to it. While there are many similarities in the user interface, the under-the-covers work that the FreePBX team has invested in this new product is nothing short of amazing. There’s very little of the FreePBX 2.11 code that hasn’t been either cleaned up or completely rewritten. We think you’ll like it so give it a try. Those that need a production environment probably should stick with FreePBX 2.11 for the time being. The new Virtual Box images also give you an opportunity to compare performance between the two operating systems and the two FreePBX versions. This isn’t 1999. Take advantage of the opportunity. It only takes a few minutes to spin up a new virtual machine and go for a test drive.

Getting Started. For today, we’ll provide a refresher course on loading VirtualBox and one of the Incredible PBX virtual images. Then we want to spend a little time explaining the secret sauce that goes into building these images so that you can do it yourself either to migrate to a different network or to deploy at multiple sites. When we’re finished, you’ll know everything we’ve learned about deploying VirtualBox machines and, unlike Grandma, we won’t leave an important ingredient out of the recipe just to be sure you never forget how good Grandma’s cookies really were. So let’s get started.

Installing Oracle VM VirtualBox

Oracle’s virtual machine platform inherited from Sun is amazing. It’s not only free, but it’s pure GPL2 code. VirtualBox gives you a virtual machine platform that runs on top of any desktop operating system. In terms of limitations, we haven’t found any. We even tested this on an Atom-based Windows 7 machine with 2GB of RAM, and it worked without a hiccup. So step #1 today is to download one or more of the VirtualBox installers from VirtualBox.org or Oracle.com. Our recommendation is to put all of the 100MB installers on a 4GB thumb drive.1 Then you’ll have everything in one place whenever and wherever you happen to need it. Once you’ve downloaded the software, simply install it onto your favorite desktop machine. Accept all of the default settings, and you’ll be good to go. For more details, here’s a link to the Oracle VM VirtualBox User Manual.

Downloading the Incredible PBX Virtual Machines

A word of warning on the front end. Incredible PBX images featuring Asterisk 11 for VirtualBox are huge! The two Ubuntu images for FreePBX 2.11 and 12 are 1.5GB. The two Scientific Linux 6.5 images for FreePBX 2.11 and 12 are 2.3GB. We’ve added SourceForge hotlinks. So simply click on the desired images and download them to your desktop. Then go to lunch.

Importing & Configuring Incredible PBX Virtual Machines in VirtualBox

You only perform the import step one time. Once imported into VirtualBox, Incredible PBX is ready to use. There’s no further installation required, just like an OpenVZ template… only better. Double-click on the .ova file you downloaded to begin the procedure and load it into VirtualBox. When prompted, be sure to check the Reinitialize the Mac address of all network cards box and then click the Import button. Once the import is finished, you’ll see a new Incredible PBX virtual machine in your VM List on the VirtualBox Manager Window. We need to make a couple of one-time adjustments to the Incredible PBX VM configuration to account for differences in sound and network cards on different host machines.

Click on the Incredible PBX Virtual Machine in the VM List. Then click Settings -> Audio and check the Enable Audio option and choose your sound card. Save your setup by clicking the OK button. Next click Settings -> Network. For Adapter 1, check the Enable Network Adapter option. From the Attached to pull-down menu, choose Bridged Adapter. Then select your network card from the Name list. Then click OK. Finally, click Settings -> System, uncheck Hardware clock in UTC time, and click OK. That’s all the configuration that is necessary for your Incredible PBX Virtual Machine. The rest is automagic.

Running Incredible PBX Virtual Machines in VirtualBox

Once you’ve imported and configured the Incredible PBX Virtual Machine, you’re ready to go. Highlight IncrediblePBX Virtual Machine in the VM List on the VirtualBox Manager Window and click the Start button. The boot procedure with your chosen operating system will begin just as if you had installed Incredible PBX on a standalone machine. You’ll see a couple of dialogue boxes pop up that explain the keystrokes to move back and forth between your host operating system desktop and your virtual machine. Remember, you still have full access to your desktop computer. Incredible PBX is merely running as a task in a VirtualBox window. Always gracefully halt Incredible PBX just as you would on a dedicated computer.

Here’s what you need to know. To work in the Incredible PBX Virtual Machine, just left-click your mouse while it is positioned inside the VM window. To return to your host operating system desktop, press the right Option key on Windows machines or the left Command key on any Mac. For other operating systems, read the dialogue boxes for instructions on moving around. To access the Linux CLI, login as root with the default password: password. To access FreePBX with a browser, point to the IP address of your virtual machine and login as admin with admin password set below. For the security of your server, we recommend that you log in to the Linux CLI at least once a week so that Incredible PBX updates get applied to your server regularly. This is critically important if you care about your phone bill.

When logging in for the first time, Incredible PBX will go through some setup steps and then reboot. Login again to complete the setup. status will always provide a snapshot of your system. To shut down Incredible PBX gracefully, click in the VM window with your mouse, log in as root, and type: halt. Be sure to complete the following setup steps from the Linux CLI:

  • Change your root password: passwd
  • Set your FreePBX admin password: /root/admin-pw-change
  • Set your correct time zone: /root/timezone-setup
  • Add WhiteList entries to firewall if needed: /root/add-ip or /root/add-fqdn
  • Store PortKnocker credentials in a safe place: cat /root/knock.FAQ
  • Enable SAMBA if desired: /root/samba-enable.sh
  • Enable Incredible Fax support if desired: (script in /root)
  • Login to your NeoRouter VPN server if desired: /root/nrclientcmd

Preparing Incredible PBX Virtual Machines for Migration

As the Linux operating systems have become more turnkey, one of the shortcuts that has been implemented on both the RedHat and Debian/Ubuntu platforms is storage of your network setup so that the server reboots more quickly. While that’s fine for rebooting on the same server, it’s a real problem if you attempt to move your setup to different hardware or a new network because eth0 will not load. That means no IP address! Here are two ways to assure that things will actually work after the move. Both assume that you will have a DHCP server at the new location just as you did at your existing site.

The Easy Way. If you have console access after the VM image is restored on the new platform (which means you don’t need a network IP address for the server in order to log in as root), then the easy way to prepare any of the Incredible PBX machines for relocation is to issue the following commands before you halt the system and make a VirtualBox backup:

touch /etc/update_hostconfig
touch /etc/update_serverconfig

Once you have halted the server, edit both the sound card and network card settings and disable both of them in VirtualBox Manager. Then choose File -> Export Appliance from the VirtualBox title bar and create a .ova backup image on your desktop. You now have an image that is similar to the Incredible PBX image that you originally downloaded, except it has all of your data and settings. All you have to do is repeat the install drill above at the new location using the .ova image you created and log in with whatever your current root password happens to be. You’ll get a two-pass automatic setup just as you did when you began today’s adventure.

The only drawback to this procedure is the fact that the extension 701 and default DISA passwords will be initialized when you first boot from your .ova image at the other location. Aside from that, you’ll have a clean platform with new SSH and DUNDI credentials as well as mostly sanitized log files.

The Hard Way. The other alternative is to manually prepare your existing system for migration before you shut it down. The primary reason for doing this would be to assure that you can log in with an SSH client at the other end as soon as the server is booted. The steps differ a bit depending upon whether you’re on the Ubuntu or Scientific Linux platform. But on both platforms you need to enter the IP address from which you will log in at the new site unless it is on one of the private LAN subnets that already is whitelisted in IPtables. Just issue the command /root/add-ip and choose 0 option to enable all services for the new IP address. Then…

On the Ubuntu platform, issue the following commands:

touch /etc/update_hostconfig
touch /etc/update_serverconfig
rm -f /var/lib/dhcp/*
rm -f /etc/udev/rules.d/70*
halt

On the Scientific Linux platform, issue the following commands:

touch /etc/update_hostconfig
touch /etc/update_serverconfig
rm -f /var/lib/dhcpd/*
rm -f /var/lib/dhclient/*
rm -f /etc/udev/rules.d/70*
halt

Once you have halted the server, edit both the sound card and network card settings and disable both of them in VirtualBox Manager. Then choose File -> Export Appliance from the VirtualBox title bar and create a .ova backup image on your desktop. Now you’re an expert. Enjoy!

Originally published: Monday, September 22, 2014


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Our forum is extremely friendly and is supported by literally hundreds of Asterisk gurus.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. []

Virtual Utopia: 1-Minute Asterisk Installs with PIAF2-OpenVZ

Thanks to the terrific work of Darrell Dillman, today we have a new OpenVZ template for PBX in a Flash 2™ to introduce. It features the very latest 64-bit CentOS™ 6.2 with Asterisk® 1.8 and FreePBX® 2.9. Using the new OpenVZ template, you can create unlimited virtual machines in about one minute per server! And you can boot your new virtual machines in about the same time. This new PIAF2-OpenVZ template includes the usual PIAF2™ Feature Set including Google Voice for free calling in the U.S. and Canada. Once installed, you can add Incredible PBX 3™ and Incredible Fax 2™ in a few clicks.

One of the real beauties of hosting your own Proxmox server is the flexibility it gives you to create and load a wide variety of virtual machines that each appear to users to be dedicated servers. This could include a dozen Asterisk servers, or it might be a mix of a dedicated Apache server, a Windows Server, an Asterisk server or two, as well as Joomla, Drupal, Zimbra, and many others from this list. The other obvious advantage is cost. Individual Asterisk servers can be had for $300 or less to host a small branch office. But a Proxmox server such as Dell's current offering can host a dozen dedicated systems for about $50 per server.

If you haven't heard of OpenVZ templates before, you've missed one of the real technological breakthroughs of the last decade. Rather than wading through the usual 30-60 minute ISO installation drill, with an OpenVZ template, all of the work is done for you. And it's quick. You can build a dozen PIAF2-Purple systems using an OpenVZ template in the time it takes to bake a pan of slice-and-bake cookies. And it's incredibly easy to then tie all of these systems together using either SIP or IAX trunks. Just follow our previous tutorial. For developers that want to try various Asterisk configurations before implementation and for trainers and others that want to host dedicated Asterisk systems for students, the OpenVZ platform is a perfect fit.

We'll start with the bad news before we get to the really exciting new Asterisk platform we're introducing today. All of the current Proxmox server software that supports OpenVZ virtual machines has a serious security flaw. For that reason, you would only want to run Proxmox behind a hardware-based firewall with no Internet port exposure. If you fail to heed this warning, you run the very real risk of having not only your Promox server compromised but also all of the virtual machines running on it. The good news is that this security flaw does not appear to affect the PBX in a Flash virtual machines which we are introducing today. Since no direct Internet access is required to have a perfectly functioning PIAF2 server, we still strongly recommend never exposing any server to direct Internet access. MORAL: No Internet port exposure for any of your servers means you can sleep like a baby. We recommend Proxmox 1.8 which is a free download from the Proxmox VE web site. To get optimum use from Proxmox, you'll also want a processor in your server that supports Kernel-based Virtual Machines (KVMs). This full virtualization solution requires an x86 processor containing virtualization extensions (Intel VT1 or AMD-V CPU2 is needed). HINT: Most of Dell's servers are not a problem. Regardless of the server you choose, make certain that you check the CPU specs before you buy. Also be aware that, in addition to Proxmox, there are many other OpenVZ platforms from which to choose.

Installing Proxmox. If you go the Dell route, you'll need an external USB CD or DVD drive to install Proxmox. Dell's optical drives aren't supported in the Proxmox boot image. So begin by downloading the Proxmox VE 1.8 ISO image and create your CD. Then boot your new server from the CD (by pressing F11 for the boot selection screen and choosing your USB external drive on Dell servers). Press Return to begin the install, agree to the license agreement, and click Next on the installer screen to begin. Choose your country, time zone, and keyboard layout. Next choose a secure password and provide a valid email address which is used to send you critical alerts from your Proxmox server. Finally, choose a hostname, specify a fixed IP address, netmask, gateway, and DNS servers and then press Next. Three minutes later, you'll have a new Proxmox server. Log in to your server as root and create a directory for your backups: mkdir /backup.

Enabling IPtables Firewall. IPtables works a little differently in the OpenVZ environment. It actually runs on the Proxmox host. There are just two steps to get it working. First, shut down every running VM on your Proxmox server using the web interface. When you're sure they're all stopped and while logged into your Proxmox server as root carefully enter the following two commands. Note that, because of the length, the sed command stretches to several lines which should be unraveled into a single line for the command to execute properly! Using a block-copy from a desktop machine to your SSH session is the safest method.

sed -i 's|ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length|ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp|' /etc/vz/vz.conf

/etc/init.d/vz restart

Don't forget to set the system time on your server: dpkg-reconfigure tzdata

You're finished with the CLI at this point. Now you'll be able to configure IPtables within each of your OpenVZ virtual machines as explained below.

OpenVZ vs. ISO Images. One of the beauties of Proxmox is that it supports two different types of images to create virtual machines. An OpenVZ template is akin to a snapshot of an existing system while an ISO image is identical to the installer you normally would burn onto a CD in order to install a software application on your server. In short, you still have to go through the installation scenario when you create a virtual machine (KVM) from an ISO image. A virtual machine created from an OpenVZ image is ready for use the moment it is created. If you remember when instant-on televisions first were introduced, you'll also appreciate the difference in boot times between OpenVZ and KVM machines which boot an application installed from an ISO in much the same manner as you would experience on a standalone machine.

As with life, there's a dark cloud lurking behind every silver lining, and this is especially true in the Asterisk environment. OpenVZ containers rely upon a shared kernel, the one that actually boots the Proxmox server. KVM containers created from ISO images are self-contained with their own complete operating system and kernel. Thus, zaptel or dahdi cannot be loaded directly from an OpenVZ container. Instead one must rely upon a shared version of zaptel or dahdi loaded on the Proxmox server itself. As it turns out, this is no small feat and certainly not a task for mere mortals. Bottom Line: If you need conferencing or otherwise need a timing source for your Asterisk deployment, you will not want to use the OpenVZ approach at least for now. If you want to try it later, here is the message thread on the PBX in a Flash Forum. On the other hand, if you have more traditional VoIP requirements for your PBX, then the ease of installation and use of the OpenVZ image makes perfect sense. So let's start there assuming you understand the limitations.

Installing PIAF-OpenVZ Template. Using a web browser, download the new PIAF2-OpenVZ image to your Desktop. Once you have the OpenVZ image in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF2-OpenVZ image on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. You can also do this directly within the Proxmox server by logging in as root and issuing these commands to install the latest PIAF2-OpenVZ template:

cd /var/lib/vz/template/cache/
wget http://nerd.bz/zwU8zb
mv zwU8zb centos-6.2-purple1.8.8-piaf_2.0.6.2-5_amd64.tar.gz

Creating OpenVZ Virtual Machines. Once installed, you can build Asterisk 1.8.8.0 virtual machines to your heart's content... in about a minute apiece. Just choose Virtual Machine, Create to create a new virtual machine using the OpenVZ template you just uploaded. In the Configuration section, choose OpenVZ for the Type and pick your new OpenVZ template from the pulldown list. Fill in a Host Name, Disk Space maximum (in GB), Memory Allocation (1024 recommended), and a very secure (root) Password. The other defaults should be fine. In the Network section of the form, change to the Bridged Ethernet (veth) option which means the VM will obtain its IP address from your DHCP server. Make sure your DNS settings are correct for your LAN or use Google's DNS servers: 8.8.8.8 and 8.8.4.4. Here's how a typical OpenVZ creation form will look. Just click on the image to enlarge.

Once the image is created, start up the virtual machine, wait at least 60 seconds for the system to load, and then click on Open VNC Console. Asterisk will be loaded and running. Verify this on the status display. You can safely ignore the status messages pertaining to IPtables assuming iptables -nL shows that IPtables is functioning properly. You now have a PIAF-Purple base platform running Asterisk 1.8.8.0 and FreePBX 2.9. REMINDER: Be sure you always run both Proxmox AND your virtual machines behind a hardware-based firewall with no port exposure to the Internet!

Before you do anything else, log into your virtual machine using SSH and run passwd-master to secure the passwords for FreePBX GUI access to your system. Also be sure to set the correct time zone3 on your virtual machine:4

mv /etc/localtime /etc/localtime.bak
ln -s /usr/share/zoneinfo/America/Indianapolis /etc/localtime
date

Once you have secured your passwords, you're ready to set up Asterisk to make and receive calls. For the complete 5-minute tutorial, see this Nerd Vittles article. REMINDER: Once you have set up a Google Voice account, created an extension with a secure password, and created an inbound route for your incoming calls, don't forget to reload Asterisk from the CLI or Google Voice calling will fail: amportal restart.

Installing Incredible PBX and Incredible Fax. An alternative before configuring your system is to first install Incredible PBX and Incredible Fax. We recommend it. This gives you a turnkey, full-featured PBX with almost every Asterisk feature available on the planet. While logged into your server as root, issue this command to install Incredible PBX: install-incredpbx3. When the install completes, issue the following command to install Incredible Fax: install-incredfax2. Restart your virtual machine to complete the install.

Asterisk CLI Change. Finally, just a heads up that (once again) the Asterisk Dev Team appears to have changed the default behavior of the Asterisk CLI. With Asterisk 1.8, if you make outbound calls after loading the CLI, you will notice that call progress no longer appears in the CLI. To restore the standard behavior (since Moses), issue the following command: core set verbose 3. 🙄

Securing IPtables with a WhiteList. If you're running your virtual machines behind a hardware-based firewall with no Internet port exposure AND all of those on your private LAN are trusted, you can quit here. Otherwise, you need to lock down the IPtables firewall on your virtual machines to only permit access from trusted IP addresses. As delivered with Incredible PBX, all private IP addresses are authorized and a number of dangerous Internet services also are accessible. Here's how to fix it. Log into each VM and edit /etc/sysconfig/iptables: nano -w iptables. Change the section of entries that look like the following by inserting a # at the beginning of each entry. Once you've added the # characters, your entries should look like this:

#-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT
#-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
#-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT
#-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT

Now scroll down a bit in the file and find the entries that look like the following. NOTE: If you didn't install Incredible PBX, you'll need to manually add these entries:

-A INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT
-A INPUT -s 172.16.0.0/255.240.0.0 -j ACCEPT
-A INPUT -s 10.0.0.0/255.0.0.0 -j ACCEPT
-A INPUT -s 127.0.0.0/255.0.0.0 -j ACCEPT

Immediately below these private network entries, add additional entries using the actual IP addresses that are needed to administer your virtual machine. Also include the IP addresses of any remote telephones that are not covered by the private LAN entries above. Each entry should look like the following using the actual IP addresses needed:

-A INPUT -s 111.222.111.222 -j ACCEPT

IMPORTANT: Save your changes after making sure you've included an entry for the IP address from which you currently are accessing your server. Otherwise, you will lock yourself out of your server. Then restart IPtables: service iptables restart. Verify that the entries are the way you expect: iptables -nL. Now, with a browser, attempt to access the IP address of your virtual machine from an untrusted IP address, e.g. your cellphone. Then repeat from a trusted IP address. If all is well, you're done.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. There are similar settings in gtalk.conf that can be activated although we've never had to use them. In fact, we've never had to use any of these settings. After making these changes, save the file(s) and restart Asterisk: amportal restart.

Quirks, Gotchas, and Updates. The only quirk you will notice in the current virtual machines is that IP6tables may not be running. We're working on it. For the latest breaking news and updates about PIAF2-OpenVZ, visit this thread on the PIAF Forum. Don't forget your Valentine tomorrow. Enjoy!

Originally published: Monday, February 13, 2012



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

  1. Be very careful choosing Intel processors. Even some high-end processors do not support Intel Virtualization Technology. Here's the official list. []
  2. And here is a useful reference for AMD-compatible processors. The AMD WIKI provides the following list of AMD-V compatible processors: "AMD's x86 virtualization extension to the 64-bit x86 architecture is named AMD Virtualization, also known by the abbreviation AMD-V, and is sometimes referred to by the code name 'Pacifica'. AMD processors using Socket AM2, Socket S1, and Socket F include AMD Virtualization support. AMD Virtualization is also supported by release two (8200, 2200 and 1200 series) of the Opteron processors. The third generation (8300 and 2300 series of Opteron processors) will see an update in virtualization technology..." []
  3. Look in /usr/share/zoneinfo for correct time zone name for your closest city. []
  4. Getting the correct time in your VMs can be problematic with Proxmox. If you continually see the wrong time when you issue the date command after starting up your VMs, try this. Log into the Proxmox host and issue the following commands using the correct container number and your local time zone city for your virtual machine:

    vzctl stop 108
    vzctl set 108 --capability sys_time:on --save
    vzctl start 108
    vzctl enter 108
    mv /etc/localtime /etc/localtime.old
    ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
    exit

    []

PBX in a Flash Rolls Out New CentOS 5.7 Releases

We are pleased to announce the release of new 32-bit and 64-bit versions of PBX in a Flash. The new PIAF-17571 ISOs are available now for free download from SourceForge. In addition to an updated release of our new 64-bit CentOS 5.7 OpenVZ virtual machine template available on SourceForge, we now have a 32-bit Thumb Drive installer up on SourceForge as well.

So PBX in a Flash continues to bring you the best of all worlds: a hardware-based bare metal install using either our 32-bit or 64-bit ISOs to build a bootable CD-ROM installer, a 32-bit thumb drive installer for use with any 1GB USB flash drive to create PIAF systems on machines that lack an optical drive, or a 1-minute install of a virtual machine using our new 64-bit OpenVZ template. Nobody else provides this flexibility much less support for CentOS 5.7 as well as every current and experimental flavor of Asterisk. So why wait? The price is definitely right!

Today's step-by-step guide will walk you through installing PIAF-Purple with Asterisk 1.8.6.0 on a dedicated machine with a CD/DVD drive using the new CentOS 5.7 ISOs. Instructions for installation of the OpenVZ template on a virtual machine are provided in this updated Nerd Vittles article. Instructions for use of the flash drive installer are available in this updated Nerd Vittles article. As always, we recommend installation of any new PIAF server or virtual host behind a secure, hardware-based firewall (such as dLink's Gaming Router) with NO INTERNET PORT EXPOSURE to your PIAF box!

Atom-based PC Platform. For the least expensive hardware alternative, pick up an Atom-based PC, preferably not an EEE PC because of the network driver incompatibility with CentOS. The refurbished Revos work fine. Someone has actually tested them! They can easily support a business with dozens of phones.

PIAF ISO Setup. Once you have your hardware connected to a reliable Internet source, you'll need to choose the appropriate ISO for your hardware. If you have a CD-ROM or DVD drive on your server, we'd recommend the 32-bit PIAF 1.7.5.7.1 ISO. Just download it from SourceForge or one of the PIAF mirror sites, burn it to a CD, and then boot your server from the CD. If your server lacks a CD-ROM and DVD drive, then download the brand new 32-bit PIAF 1.7.5.7.1 Flash-Only ISO from SourceForge and copy it to a 1GB or larger thumb drive following the instructions in this Nerd Vittles tutorial. Then boot your server from the thumb drive.

PIAF Installation. Once you've booted the PIAF installer, you'll be prompted to choose an installation method. For most users, simply pressing the Enter key will get things started. Choose a keyboard and time zone when prompted and then enter a very secure root password for your new server. The installer then will load CentOS 5.7 onto your server. When complete, your server will reboot. Remove the CD or Flash Drive at this point, and you'll be prompted to choose the version of Asterisk to install. If you don't get the CD out in time, the install process will start from scratch. At the first prompt, just reboot after removing the CD and everything will be fine. We recommend PIAF-Purple. It loads Asterisk 1.8.6.0, the only current version of Asterisk with long-term support.

During the final phase of the install, you will be prompted to choose a master password for FreePBX® and the other VoIP web utilities. Once your server reboots, log into the Linux CLI using your root password and write down the IP address of your server from the status display.

FreePBX Setup. Most of your life with PBX in a Flash will be spent using the FreePBX web GUI (click on image below to enlarge) and your favorite browser. To access the FreePBX GUI, point your browser at the IP address you wrote down. Read the RSS Feed in the PIAF GUI for late-breaking security alerts. Any alerts older than September, 2011 already are included in current PIAF builds. Now click on the Users button which will toggle to the Admin menu. Click the FreePBX icon. When prompted for your username and password, the username is maint. The password will be the FreePBX master password you chose during the PIAF install.

Got That Pioneer Spirit? If you like living on the wild side, it's a simple process to upgrade the default FreePBX 2.8 install to FreePBX 2.9. Here's a 5-minute video that will walk you through the process. If you should get stumped, don't worry! Just visit this thread on the PIAF Forum.
With either FreePBX 2.8 or 2.9, getting a minimal system operational is a 5-minute drill. You'll need to set up at least one extension with voicemail, configure a free Google Voice account for free calls in the U.S. and Canada, configure inbound and outbound routes to manage incoming and outgoing calls, and plug your maint password into CallerID Superfecta so that names arrive with your incoming calls. Now add a phone with your extension credentials and you're done.

Extension Setup. Let's start by setting up an extension. A good rule of thumb for systems with less than 50 extensions is to reserve the IP addresses from 192.x.x.201 to 192.x.x.250 for your phones. Then you can create extension numbers in FreePBX to match those IP addresses. This makes it easy to identify which phone on your system goes with which IP address and makes it easy for end-users to access the phone's GUI to add bells and whistles. To create extension 201 (don't start with 200), click Setup, Extensions, Generic SIP Device, Submit. Then fill in the following blanks USING VERY SECURE PASSWORDS and leaving the defaults in the other fields for the time being.

User Extension ... 201
Display Name ... Home
Outbound CID ... [your 10-digit phone number if you have one; otherwise, leave blank]
Emergency CID ... [your 10-digit phone number for 911 ID if you have one; otherwise, leave blank]

Device Options
secret ... 1299864Xyz [make this unique AND secure!]
dtmfmode ... rfc2833
Voicemail & Directory ... Enabled
voicemail password ... 14332 [make this unique AND secure!]
email address ... yourname@yourdomain.com [if you want voicemail messages emailed to you]
pager email address ... yourname@yourdomain.com [if you want to be paged when voicemail messages arrive]
email attachment ... yes [if you want the voicemail message included in the email message]
play CID ... yes [if you want the CallerID played when you retrieve a message]
play envelope ... yes [if you want the date/time of the message played before the message is read to you]
delete Vmail ... yes [if you want the voicemail message deleted after it's emailed to you]
vm options ... callback=from-internal [to enable automatic callbacks by pressing 3,2 after playing a voicemail message]
vm context ... default

Write down the passwords. You'll need them to configure your SIP phone.

Extension Security. We cannot overstress the need to make your extension passwords secure. All the firewalls in the world won't protect you from malicious phone calls on your nickel if you use your extension number or something like 1234 for your extension password if your SIP or IAX ports happen to be exposed to the Internet. Incredible PBX automatically randomizes all of the extension passwords for you. PBX in a Flash does not!

In addition to making up secure passwords, the latest versions of FreePBX also let you define the IP address or subnet that can access each of your extensions. Use it!!! Once the extensions are created, edit each one and modify the permit field to specify the actual IP address or subnet of each phone on your system. A specific IP address entry should look like this: 192.168.1.142/255.255.255.255. If most of your phones are on a private LAN, you may prefer to use a subnet entry in the permit field like this: 192.168.1.0/255.255.255.0 using your actual subnet.

Courtesy of wordle.net

Adding a Google Voice Trunk. There are lots of trunk providers, and one of the real beauties of having your own PBX is that you don't have to put all of your eggs in the same basket... unlike the AT&T days. We would encourage you to take advantage of this flexibility. With most providers, you don't pay anything except when you actually use their service so you have nothing to lose.

For today, we're going to take advantage of Google's current offer of free calling in the U.S. and Canada through the end of this year. You also get a free phone number in your choice of area codes. PBX in a Flash now installs a Google Voice module for FreePBX that lets you set up your Google Voice account with PBX in a Flash in just a few seconds once you have your credentials.

Signing Up for Google Voice. You'll need a dedicated Google Voice account to support PBX in a Flash. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We've tested this extensively using an existing Gmail account rather than creating a separate account. Take our word for it. Inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So... set up a dedicated Gmail and Google Voice account, and use it exclusively with PBX in a Flash. Google Voice no longer is by invitation only. If you're in the U.S. or have a friend that is, head over to the Google Voice site and register. If you're living on another continent, see MisterQ's posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work... in either direction. You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don't skip this step either. Just enter the provided confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you'd like in Settings, Voice Setting, Phones. But...

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That's the destination we need for PBX in a Flash to function with Google Voice! Otherwise, inbound and/or outbound calls will fail. If you don't see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings and enable it. Be sure to try one call each way from Google Chat in Gmail. Then disable Google Chat in GMail for this account. Otherwise, it won't work with PIAF.

While you're still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call Screening - OFF
  • Call Presentation - OFF
  • Caller ID (In) - Display Caller's Number
  • Caller ID (Out) - Don't Change Anything
  • Do Not Disturb - OFF
  • Call Options (Enable Recording) - OFF
  • Global Spam Filtering - ON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Configuring Google Voice Trunk in FreePBX. All trunk configurations now are managed within FreePBX, including Google Voice. This makes it easy to customize PBX in a Flash to meet your specific needs. Click the Setup tab and choose Google Voice in the Third Party Addons. To Add a new Google Voice account, just fill out the form:

Phone number is your 10-digit Google Voice number. Username is your Google Voice account name without @gmail.com. NOTE: You must use a Gmail.com address in the current version of this module! Password is your Google Voice password. NOTE: Don't use 2-stage password protection in this Google Voice account! Be sure to check all three boxes: Add trunk, Add routes, and Agree to TOS. Then click Submit Changes and reload FreePBX. Down the road, you can add additional Google Voice numbers by clicking Add GoogleVoice Account option in the right margin and repeating the drill. For Google Apps support, see this post on the PIAF Forum.

Outbound Routes. The idea behind multiple outbound routes is to save money. Some providers are cheaper to some places than others. It also provides redundancy which costs you nothing if you don't use the backup providers. The Google Voice module actually configures an Outbound Route for 10-digit Google Voice calling as part of the automatic setup. If this meets your requirements, then you can skip this step for today.

Inbound Routes. An Inbound Route tells PBX in a Flash how to route incoming calls. The idea here is that you can have multiple DIDs (phone numbers) that get routed to different extensions or ring groups or departments. For today, we'll build a simple route that directs your Google Voice calls to extension 201. Choose Inbound Routes, leave all of the settings at their default values except enter your 10-digit Google Voice number in the DID Number field. Enable CallerID lookups by choosing CallerID Superfecta in the CID Lookup Source pulldown. Then move to the Set Destination section and choose Extensions in the left pull-down and 201 in the extension pull-down. Now click Submit and save your changes. That will assure that incoming Google Voice calls are routed to extension 201.

IMPORTANT: Before Google Voice calling will actually work, you must restart Asterisk from the Linux command line interface. Log into your server as root and issue this command: amportal restart.

CallerID Superfecta Setup. CallerID Superfecta needs to know your maint password in order to access the necessary modules to retrieve CallerID information for inbound calls. Just click Setup, CID Superfecta, and click on Default in the Scheme listings in the right column. Scroll down to the General Options section and insert your maint password in the Password field. You may also want to enable some of the other providers and adjust the order of the lookups to meet your local needs. Click Agree and Save once you have the settings adjusted. One terrific feature of CID Superfecta is the ability to test a phone number and see what results are returned by different services. It also tells you how long the various lookups are taking. Use this tool to narrow down the number of services you need and minimize the delay in answering inbound calls.

General Settings. Last, but not least, we need to enter an email address for you so that you are notified when new FreePBX updates are released. Scroll to the bottom of the General Settings screen after selecting it from the left panel. Plug in your email address, click Submit, and save your changes. Done!

Adding Plain Old Phones. Before your new PBX will be of much use, you're going to need something to make and receive calls, i.e. a telephone. For today, you've got several choices: a POTS phone, a softphone, or a SIP phone. Option #1 and the best home solution is to use a Plain Old Telephone or your favorite cordless phone set (with 8-10 extensions) if you purchase a little device known as a Sipura SPA-3102. It's under $70. Be sure you specify that you want an unlocked device, meaning it doesn't force you to use a particular service provider. This device also supports connection of your PBX to a standard office or home phone line as well as a telephone.

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you'll want a real SIP telephone such as the $50 Nortel color videophone we've recommended previously. You'll also find lots of additional recommendations on Nerd Vittles and in the PBX in a Flash Forum. If you're like us, we want to make damn sure this stuff works before you shell out any money. So, for today, let's download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using 201 for your extension and your actual password for extension 201. Then plug in the actual IP address of your PBX in a Flash server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

Enabling Google Voicemail. Some have requested a way to retain Google's voicemail system for unanswered calls in lieu of using Asterisk voicemail. The advantage is that Google offers a free transcription service for voicemail messages. To activate this, you'll need to edit the [googlein] context in extensions_custom.conf in /etc/asterisk. Just modify the last four lines in the context so that they look like this and then restart Asterisk: amportal restart

;exten => s,n(regcall),Answer
;exten => s,n,SendDTMF(1)
exten => s,n(regcall),Set(DIAL_OPTIONS=${DIAL_OPTIONS}aD(:1))
exten => s,n,Goto(from-trunk,gv-incoming,1)

But I Don't Want to Use Google Voice. If you'd prefer not to use Google Voice at all with PBX in a Flash, that's okay, too. Here's how to disable it and avoid the chatter in the Asterisk CLI. Log into your server as root and edit /etc/asterisk/modules.conf. Change the first three lines in the [modules] context so that they look like this. Then restart Asterisk: amportal restart.

autoload=yes
noload => res_jabber.so
noload => chan_gtalk.so

Where To Go From Here. We've barely scratched the surface of what you can do with your new PBX in a Flash system. If you're new to all of this, then your next step probably should be the latest Incredible PBX 2.0 tutorial. It's a 5-minute addition that installs nearly 50 Asterisk applications that will keep you entertained for the rest of the year. If you'd prefer to do it yourself, that's okay, too. We'd also recommend you set up an alternate VoIP provider. You can't beat Vitelity, and they also happen to provide financial support to both Nerd Vittles and the PBX in a Flash projects. See the special pricing in the section below. Enjoy!

Originally published: Tuesday, September 27, 2011


Great News! Google Plus is available to everyone. Sign up here and circle us. Click these links to view the Asterisk feed or PBX in a Flash feed on Google+.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

Virtual Paradise: 1-Minute Asterisk Installs with PIAF-OpenVZ

One of the real beauties of hosting your own Proxmox server is the flexibility it gives you to create and load a wide variety of virtual machines that each appear to users to be dedicated servers. This could include a dozen Asterisk servers, or it might be a mix of a dedicated Apache server, a Windows Server, an Asterisk server or two, as well as Joomla, Drupal, Zimbra, and many others from this list. The other obvious advantage is cost. Individual Asterisk servers can be had for $300 or less to host a small branch office. But a Proxmox server such as Dell's current offerings can host a dozen dedicated systems for about $50 per server.

Today we have two really terrific OpenVZ templates for PBX in a Flash to introduce. One features CentOS 5.5, and the other includes the just released CentOS 5.7. The choice is yours! Both allow you to create unlimited PIAF virtual machines in exactly 1 minute per server! And you can boot your new virtual machines in less than 90 seconds apiece. These new PIAF-OpenVZ templates include the usual PBX in a Flash Feature Set with some extra bells and whistles: Asterisk 1.8.6.0, FreePBX 2.8, Google Voice for free calling in the U.S. and Canada, Tom King's latest Apache, PHP, PHPMyAdmin security updates, Andrew Nagy's EndPoint Manager and CallerID Superfecta, as well as AsteriDex, Telephone Reminders, and Hotel WakeUp Call modules for FreePBX.

If you haven't heard of OpenVZ templates before, you've missed one of the real technological breakthroughs of the last decade. Rather than wading through the usual 30-60 minute ISO installation drill, with an OpenVZ template, all of the work is done for you. And it's quick. You can build a dozen PIAF-Purple systems using an OpenVZ template in the time it takes to bake a pan of slice-and-bake cookies. And it's incredibly easy to then tie all of these systems together using either SIP or IAX trunks. Just follow our previous tutorial. For resellers and developers that want to try various Asterisk configurations before implementation and for trainers and others that want to host dedicated Asterisk systems for customers, the OpenVZ platform is a perfect fit.

We'll start with the bad news before we get to the really exciting new Asterisk platform we're introducing today. All of the current Proxmox server software that supports OpenVZ virtual machines has a serious security flaw. For that reason, you would only want to run Proxmox behind a hardware-based firewall with no Internet port exposure. If you fail to heed this warning, you run the very real risk of having not only your Promox server compromised but also all of the virtual machines running on it. The good news is that this security flaw does not appear to affect the PBX in a Flash virtual machines which we are introducing today. Since no direct Internet access is required to have a perfectly functioning PIAF server, we still strongly recommend never exposing any server to direct Internet access. MORAL: No Internet port exposure for any of your servers means you can sleep like a baby. We recommend Proxmox 1.8 which is a free download from the Proxmox VE web site. To get optimum use from a Proxmox, you'll also want a processor in your server that supports Kernel-based Virtual Machines (KVMs). This full virtualization solution requires an x86 processor containing virtualization extensions (Intel VT1 or AMD-V CPU2 is needed). HINT: Most of Dell's servers are not a problem. Regardless of the server you choose, make certain that you check the CPU specs before you buy. Also be aware that, in addition to Proxmox, there are many other OpenVZ platforms from which to choose.

Installing Proxmox. If you go the Dell route, you'll need an external USB CD or DVD drive to install Proxmox. Dell's optical drives aren't supported in the Proxmox boot image. So begin by downloading the Proxmox VE 1.8 ISO image and create your CD. Then boot your new server from the CD (by pressing F11 for the boot selection screen and choosing your USB external drive on Dell servers). Press Return to begin the install, agree to the license agreement, and click Next on the installer screen to begin. Choose your country, time zone, and keyboard layout. Next choose a secure password and provide a valid email address which is used to send you critical alerts from your Proxmox server. Finally, choose a hostname, specify a fixed IP address, netmask, gateway, and DNS servers and then press Next. Three minutes later, you'll have a new Proxmox server. Log in to your server as root and create a directory for your backups: mkdir /backup.

Enabling IPtables Firewall. IPtables works a little differently in the OpenVZ environment. It actually runs on the Proxmox host. There are just two steps to get it working. First, shut down every running VM on your Proxmox server using the web interface. When you're sure they're all stopped and while logged into your Proxmox server as root carefully enter the following two commands. Note that, because of the length, the sed command stretches to several lines which should be unraveled into a single line for the command to execute properly! Using a block-copy from a desktop machine to your SSH session is the safest method.

sed -i 's|ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length|ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp|' /etc/vz/vz.conf

/etc/init.d/vz restart

Don't forget to set the system time on your server: dpkg-reconfigure tzdata

You're finished on the CLI at this point. Now you'll be able to configure IPtables within each of your OpenVZ virtual machines as explained below.

OpenVZ vs. ISO Images. One of the beauties of Proxmox is that it supports two different types of images to create virtual machines. An OpenVZ template is akin to a snapshot of an existing system while an ISO image is identical to the installer you normally would burn onto a CD in order to install a software application on your server. In short, you still have to go through the installation scenario when you create a virtual machine (KVM) from an ISO image. A virtual machine created from an OpenVZ image is ready for use the moment it is created. If you remember when instant-on televisions first were introduced, you'll also appreciate the difference in boot times between OpenVZ and KVM machines which boot an application installed from an ISO in much the same manner as you would experience on a standalone machine.

As with life, there's a dark cloud lurking behind every silver lining, and this is especially true in the Asterisk environment. OpenVZ containers rely upon a shared kernel, the one that actually boots the Proxmox server. KVM containers created from ISO images are self-contained with their own complete operating system and kernel. Thus, zaptel or dahdi cannot be loaded directly from an OpenVZ container. Instead one must rely upon a shared version of zaptel or dahdi loaded on the Proxmox server itself. As it turns out, this is no small feat and certainly not a task for mere mortals. Bottom Line: If you need conferencing or otherwise need a timing source for your Asterisk deployment, you will not want to use the OpenVZ approach at least for now. If you want to try it later, here is the message thread on the PBX in a Flash Forum. On the other hand, if you have more traditional VoIP requirements for your PBX, then the ease of installation and use of the OpenVZ image makes perfect sense. So let's start there assuming you understand the limitations.

Installing PIAF-OpenVZ Template. Using a web browser, download one of the new PIAF-OpenVZ images to your Desktop. Once you have the OpenVZ image in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF-OpenVZ image on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. You can also do this directly within the Proxmox server by logging in as root and issuing the following commands to install the latest CentOS 5.7 PIAF-OpenVZ template:

cd /var/lib/vz/template/cache/
wget http://nerd.bz/p8UjwY

To install the CentOS 5.5 PIAF-OpenVZ template, here are the commands:

cd /var/lib/vz/template/cache/
wget http://nerd.bz/p45qzi

Creating OpenVZ Virtual Machines. Once installed, you can build Asterisk 1.8.6.0 virtual machines to your heart's content... in about a minute apiece. Just choose Virtual Machine, Create to create a new virtual machine using the OpenVZ template you just uploaded. In the Configuration section, choose OpenVZ for the Type and pick your new OpenVZ template from the pulldown list. Fill in a Host Name, Disk Space maximum (in GB), and a very secure (root) Password. The other defaults should be fine. In the Network section of the form, change to the Bridged Ethernet (veth) option which means the VM will obtain its IP address from your DHCP server. Make sure your DNS settings are correct for your LAN. Here's how a typical OpenVZ creation form will look. Just click on the image to enlarge.

Once the image is created, start up the virtual machine, wait about 90 seconds for the system to load, and then click on Open VNC Console. Asterisk will be loaded and running. You can verify this on the status display. You can safely ignore the status messages pertaining to IPtables assuming iptables -nL shows that IPtables is functioning properly. You now have a PIAF-Purple base platform running Asterisk 1.8.6.0 and FreePBX 2.8.1. REMINDER: Be sure you always run both Proxmox AND your virtual machines behind a hardware-based firewall with no port exposure to the Internet!

The FreePBX login credentials are username: maint and password: password11. This is anything but secure. Before you do anything else, log into your virtual machine using SSH and run passwd-master to secure the passwords for FreePBX GUI access to your system. Also be sure to set the correct time zone on your virtual machine: system-config-date.3 Don't forget!

Once you have secured your passwords, you're ready to set up Asterisk to make and receive calls. For the complete 5-minute tutorial, see this Nerd Vittles article. The steps are identical with Asterisk 1.8.6.0 and Asterisk 10. REMINDER: Once you have set up a Google Voice account, created an extension with a secure password, and created an inbound route for your incoming calls, don't forget to reload Asterisk from the CLI or Google Voice calling will fail: amportal restart.

Asterisk CLI Change. Finally, just a heads up that (once again) the Asterisk Dev Team appears to have changed the default behavior of the Asterisk CLI. With Asterisk 1.8, if you make outbound calls after loading the CLI, you will notice that call progress no longer appears in the CLI. To restore the standard behavior (since Moses), issue the following command: core set verbose 3. 🙄

Securing IPtables with a WhiteList. If you're running your virtual machines behind a hardware-based firewall with no Internet port exposure AND all of those on your private LAN are trusted, you can quit here. Otherwise, you need to lock down the IPtables firewall on your virtual machines to only permit access from trusted IP addresses. As delivered, all private IP addresses are authorized and a number of dangerous Internet services also are accessible. Here's how to fix it. Log into each VM and edit /etc/sysconfig/iptables: nano -w iptables. Change the section of entries that look like the following by inserting a # at the beginning of each entry. Once you've added the # characters, your entries should look like this:

#-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT
#-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
#-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT
#-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT

Now scroll down a bit in the file and find the entries that look like the following:

-A INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT
-A INPUT -s 172.16.0.0/255.240.0.0 -j ACCEPT
-A INPUT -s 10.0.0.0/255.0.0.0 -j ACCEPT
-A INPUT -s 127.0.0.0/255.0.0.0 -j ACCEPT

Immediately below these private network entries, enter the actual IP addresses that are needed to administer your virtual machine. Also include the IP addresses of any remote telephones that are not covered by the private LAN entries above. Each entry should look like the following using the actual IP addresses needed:

-A INPUT -s 111.222.111.222 -j ACCEPT

IMPORTANT: Make sure you've included an entry for the IP address from which you currently are accessing your server, or you will lock yourself out of your server. Then restart IPtables: service iptables restart. Verify that the entries are the way you expect: iptables -nL. Now, with a browser, attempt to access the IP address of your virtual machine from an untrusted IP address, e.g. your cellphone. Then repeat from a trusted IP address. If all is well, you're done.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. There are similar settings in gtalk.conf that can be activated although we've never had to use them. In fact, we've never had to use any of these settings. After making these changes, save the file(s) and restart Asterisk: amportal restart.

Quirks, Gotchas, and Updates. The only quirk you will notice in the current virtual machines is that the status display incorrectly shows IPtables is not running. This is because it actually is hosted on the Proxmox host. For the latest breaking news and updates about PIAF-OpenVZ, visit this thread on the PIAF Forum. Enjoy!

Originally published: Tuesday, September 20, 2011


Breaking News. Google Plus is now available to everyone. Sign up here and join us. And wait 'til you read the Google Hangouts News. Now it's easy to view the Asterisk feed or PBX in a Flash feed on Google+.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

  1. Be very careful choosing Intel processors. Even some high-end processors do not support Intel Virtualization Technology. Here's the official list. []
  2. And here is a useful reference for AMD-compatible processors. The AMD WIKI provides the following list of AMD-V compatible processors: "AMD's x86 virtualization extension to the 64-bit x86 architecture is named AMD Virtualization, also known by the abbreviation AMD-V, and is sometimes referred to by the code name 'Pacifica'. AMD processors using Socket AM2, Socket S1, and Socket F include AMD Virtualization support. AMD Virtualization is also supported by release two (8200, 2200 and 1200 series) of the Opteron processors. The third generation (8300 and 2300 series of Opteron processors) will see an update in virtualization technology..." []
  3. Getting the correct time in your VMs can be problematic with Proxmox. If you continually see the wrong time when you issue the date command after starting up your VMs, try this. Log into the Proxmox host and issue the following commands using the correct container number and your local time zone city for your virtual machine:

    vzctl stop 108
    vzctl set 108 --capability sys_time:on --save
    vzctl start 108
    vzctl enter 108
    mv /etc/localtime /etc/localtime.old
    ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
    exit

    []

Incredible PBX 1.8: New OpenVZ and Cloud Editions

Another exciting week in the Asterisk® community with the introduction of Asterisk 1.8.2 last Friday. It's now the official PIAF-Purple payload so you can simply download the current ISO to take it for a spin. Most of the pesky bugs in Asterisk 1.8.0 and 1.8.1 now have been addressed. Let us know if you find some new ones.

While the Asterisk Dev Team has been hard at work on Asterisk 1.8.2, we've turned our attention to the cloud and VoIP virtualization. We have three new products to introduce today. The first lets you install PIAF-Purple with Asterisk 1.8.2 using a new OpenVZ template. The second lets you run Incredible PBX 1.8 as a virtual machine using the new PIAF-Purple 1.8.2 OpenVZ template. Finally, we'll show you how to run Incredible PBX 1.8 in the cloud with hosted VoIP service from RentPBX.com for $15 a month with a free local phone number and free Google Voice calling in the U.S. and Canada. So let's get started.

Using the OpenVZ PIAF-Purple Template. If you haven't heard of OpenVZ templates before, you've missed one of the real technological breakthroughs of the last decade. Rather than wading through the usual 30-minute ISO installation drill, with an OpenVZ template, all of the work is done for you. And it's quick. You can build a dozen PIAF-Purple systems using an OpenVZ template in about 15 minutes with a per system cost of less than $50. See Comment #2 below for an extra special Dell half-price server deal this week. And it's incredibly easy to then tie all of these systems together using either SIP or IAX trunks. Just follow our previous tutorial. For resellers and developers that want to try various Asterisk configurations before implementation and for trainers and others that want to host dedicated Asterisk systems for customers, the OpenVZ platform is a perfect fit. Read our original two-part article to get up to speed on Proxmox, virtualization, and IPtables with OpenVZ. Then continue on here.

Thanks to Darrell Dillman (aka dad311 on the PIAF Forums), there already is a 64-bit OpenVZ template of PIAF-Purple with Asterisk 1.8.2. Just download the template to your Desktop and then, using the Proxmox console, choose Appliance Templates, Upload File to upload the OpenVZ template into your Proxmox server platform. Once installed, you can build Asterisk 1.8.2 virtual machines to your heart's content... in less than a minute apiece. Just choose Virtual Machine, Create to create a new virtual machine using the OpenVZ template you just uploaded. In the Configuration section, choose OpenVZ for the Type and pick your new OpenVZ template from the pulldown list. Fill in a Host Name, Disk Space maximum (in GB), and (root) Password. The other defaults should be fine. In the Network section of the form, change to the Bridged Ethernet (veth) option which means the VM will obtain its IP address from your DHCP server. Make sure your DNS settings are correct for your LAN. Here's how a typical OpenVZ creation form will look:

Once the image is created, start up the virtual machine, wait about 70 seconds for the system to load, and then click on Open VNC Console. Asterisk will be loaded and running. You can verify this on the status display. You can safely ignore the status messages pertaining to IPtables assuming iptables -nL shows that IPtables is functioning properly. With the exception of text-to-speech (TTS), you now have a PIAF-Purple base platform running Asterisk 1.8.2 and FreePBX 2.8. Be sure you always run it behind a hardware-based firewall with no port exposure to the Internet.

Before you do anything else, run passwd-master to secure the passwords for FreePBX GUI access to your system. Don't forget!

If you're planning to install Incredible PBX below or if you don't need text-to-speech on your system, you can skip this next step which gets 64-bit TTS installed. Otherwise, here are the commands to get it working:

cd /root
./install-flite

Note to Our Pioneers. To those that tested the new OpenVZ template this past week, THANK YOU! Be advised that we now have incorporated several of the recommended tweaks which were documented in the PIAF Forums. The install procedure outlined above explains the new behavior of the slightly improved OpenVZ template which now is available for download. We recommend you switch.

Asterisk CLI Change. Finally, just a heads up that (once again) the Asterisk Dev Team appears to have changed the default behavior of the Asterisk CLI. With Asterisk 1.8.2, if you make outbound calls after loading the CLI, you will notice that call progress no longer appears in the CLI. To restore the standard behavior (since Moses), issue the following command: core set verbose 3. 🙄

 


Installing Incredible PBX on OpenVZ Systems. We won't repeat the entire Incredible PBX article here. If you want the background on the product, read the latest article. To get everything working with an OpenVZ system, there are only three steps:

1. Set Up Your Google Voice Account
2. Run the Incredible PBX VM Installer
3. Configure a Softphone

Configuring Google Voice. You'll need a dedicated Google Voice account to support The Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So why take the chance. Keep this account a secret!

We've tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with The Incredible PBX. Google Voice no longer is by invitation only so, if you're in the U.S. or have a friend that is, head over to the Google Voice site and register. If you're living on another continent, see MisterQ's posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work... in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it's over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don't skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you'd like in Settings, Voice Setting, Phones. But...

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That's the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don't see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you're still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call Screening - OFF
  • Call Presentation - OFF
  • Caller ID (In) - Display Caller's Number
  • Caller ID (Out) - Don't Change Anything
  • Do Not Disturb - OFF

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Running The Incredible PBX Installer. Log into your server as root and issue the following commands to set up The Incredible PBX:

cd /root
rm incrediblepbx18-vm.x
wget http://incrediblepbx.com/incrediblepbx18-vm.x
chmod +x incredible*
./incrediblepbx18-vm.x
passwd-master

When The Incredible PBX install begins, you'll be prompted for the following:

Google Voice Account Name
Google Voice Password
Google Voice 10-digit Phone Number
Gmail Notification Address
FreePBX maint Password

The Google Voice Account Name is the Gmail address for your new dedicated account, e.g. joeschmo@gmail.com. Don't forget @gmail.com! The Google Voice Password is the password for this dedicated account. The Google Voice Phone Number is the 10-digit DID for this dedicated account. We need this if we ever need to go back to the return call methodology for outbound calling. For now, it's not necessary. But who knows what the future holds. 🙄 The Gmail Notification Address is the email address where you wish to receive alerts when incoming and outgoing Google Voice calls are placed using The Incredible PBX. And your FreePBX maint Password is the password you'll use to access FreePBX. You'll actually set it by running passwd-master after The Incredible PBX completes. We need this password to properly configure the CallerID Superfecta for you. By the way, none of this confidential information ever leaves your machine... just in case you were wondering.

Now have another 5-minute cup of coffee, and consider a modest donation to Nerd Vittles... for all of our hard work. 😉 You'll find a link at the top of the page. While you're waiting (and so you don't forget), go ahead and configure your hardware-based firewall to support Google Voice. See the next section for what's required. Without completing this firewall configuration step, no calls will work! When the installer finishes, READ THE SCREEN just for grins.

Here's a short video demonstration of the original Incredible PBX installer process. It still works just about the same way except there's no longer a second step to get things working.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Before you do anything else, run passwd-master again to resecure the passwords for FreePBX GUI access to your system. Don't forget!

Firewall Configuration. We hope you've taken our advice and installed a hardware-based firewall in front of The Incredible PBX. It's your phone bill. You'll need to make one adjustment on the firewall. Map UDP 5222 traffic to the internal IP address of The Incredible PBX. This is the port that Google Voice uses for phone calls and Google chat. You can decipher the IP address of your server by logging into the server as root and typing status.

Extension Password Discovery. If you're too lazy to look up your extension 701 password using the FreePBX GUI, you can log into your server as root and issue the following command to obtain the password for extension 701 which we'll need to configure your softphone or color videophone in the next step:

mysql -uroot -ppassw0rd -e"select id,data from asterisk.sip where id='701' and keyword='secret'"

The result will look something like the following where 701 is the extension and 18016 is the randomly-generated extension password exclusively for your Incredible PBX:

+-----+-------+
id         data
+-----+-------+
701      18016
+-----+-------+

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you'll want a real SIP telephone such as the $50 Nortel color videophone we've recommended above. You'll also find lots of additional recommendations on Nerd Vittles and in the PBX in a Flash Forum. If you're like us, we want to make damn sure this stuff works before you shell out any money. So, for today, let's download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using your actual password for extension 701 and the actual IP address of your Incredible PBX server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

Incredible PBX Test Flight. The proof is in the pudding as they say. So let's try two simple tests. First, let's place an outbound call. Using the softphone, dial your 10-digit cellphone number. Google Voice should transparently connect you. Answer the call and make sure you can send and receive voice on both phones. Second, from another phone, call the Google Voice number that you've dedicated to The Incredible PBX. Your softphone should begin ringing shortly. If not, make certain you are not logged into Google Chat on a Gmail account with these same credentials. If everything is working, congratulations!

Here's a brief video demonstration showing how to set up a softphone to use with your Incredible PBX, and it also walks you through several of the dozens of Asterisk applications included in your system.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. There are similar settings in gtalk.conf that can be activated although we've never had to use them. In fact, we've never had to use any of these settings. After making these changes, save the file(s) and restart Asterisk: amportal restart.

 


 

Running Incredible PBX in the Cloud. We've saved the best for last today. For many folks, you may want to experiment with VoIP technology without making a hardware investment and without having to master the intricacies of managing your own server and network. That's what Cloud Computing is all about. And we've searched far and wide to find you the perfect platform. As with many of you, one of our top priorities is always cost. While many providers were willing to provide Nerd Vittles with a few sheckles for pitching their product, only one stepped forward with a price point that we think is irresistible. And, for the record, we waived any compensation other than a few test accounts to get things working properly, so that all of the savings could be passed on to you! So here's the deal. $15 a month gets you your own PIAF-Purple server in the cloud at RentPBX.com. Just use this coupon code: BACK10, pick an east coast or west coast server to host your new system, choose the PIAF-Purple 1.7.5.5.4 install option, set up a username and very secure password, and you're off to the races. Once your account is established, here's the 5-minute procedure to install the special RentPBX-edition of Incredible PBX to begin making free calls in the U.S. and Canada through Google Voice.

Begin by Configuring Google Voice as outlined above. Then log into your RentPBX account using SSH and the port assigned to your account. For Windows users, download Putty from here. The SSH command will look something like this:

ssh -p 21422 root@209.249.149.108

Issue the following commands to download and run The Incredible PBX installer for RentPBX:

cd /root
wget http://incrediblepbx.com/incrediblepbx18-rentpbx.x
chmod +x incrediblepbx18-rentpbx.x
./incrediblepbx18-rentpbx.x
passwd-master

Now just follow along in the Incredible PBX virtual machine tutorial which we've included above. Remember that your new Incredible PBX is sitting directly on the Internet! So don't forget to run passwd-master when you finish the install, or your system is vulnerable. Ours was attacked within minutes!

Securing Your RentPBX Server. With the exception of our WhiteList application, everything is working on your RentPBX server. While we continue to work on the WhiteList component (reread this section of the article in a week or so to get the latest updates), you need to secure your system to avoid endless hack attempts on your SIP resources. Here's how. First, write down the IP addresses of your RentPBX server and your home network. Second, print out your existing IPtables configuration. The file to print is /etc/sysconfig/iptables. Third, make a backup copy of the file. While logged into your server with SSH, the easiest way is like this:

cd /etc/sysconfig
cp iptables iptables.bak

Now we need to edit the iptables file itself: nano -w iptables. Then search for the line that contains 5060: Ctrl-W, 5060, Enter. At the beginning of this line, add # to comment out the line. With the cursor still on this line, press Ctrl-K then Ctrl-U twice. This will duplicate the line. Move to the second commented line and remove #. Use the right cursor to move across the line to --dport. Then insert the following using the IP address of your RentPBX server, e.g.

-s 229.149.129.248

Be sure there's at least one space before and after the new text. Now duplicate that line with Ctrl-K and Ctrl-U twice. Change the IP address on the second line to the public IP address of your home or office network. Repeat this process for every IP address where you intend to use a SIP phone connected to your RentPBX server. Make additional entries for your SIP providers as well. If you want to sleep better, you can make similar changes to the SSH port entry to restrict it to your home/office IP address. It's the line immediately above the 5060 entry. Ditto for port 80 which is web access. Be very careful here. A typo will lock you out of your own server! When you're finished, save the changes: Ctrl-X, Y, Enter. Then restart IPtables: service iptables restart.

As always, we strongly recommend that you not put all of your VoIP eggs in one basket. Google Voice does go down from time to time. Vitelity is a perfect complement because the costs are low and you only pay for the service you use. A discount sign up link is below. And Vitelity has contributed generously to both the Nerd Vittles and PBX in a Flash projects. So please support them. Enjoy!

Originally published: Monday, January 17, 2011



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

Asterisk Virtual PBX Perfection: PiaF + Proxmox, Part II

Taming the OpenVZ beast to support Asterisk® virtualization has been interesting. Reminds me of laying track in front of a steaming locomotive. The demand for a solid, stable Asterisk-based Virtual PBX is overwhelming based upon the visitor count we've recorded. So we wanted to get it right! If you haven't visited the original article in a few days or if you've just landed here, start there. Then come back.

Security WARNING: Always run Proxmox behind a secure, hardware-based firewall with no port exposure to the Internet. Review this message thread for the reasons why.

If you're new to the virtualization world, the beauty of OpenVZ templates running on a Proxmox VE server is that you can create a fully-functional PBX in a Flash system in just under 15 seconds. If you want a dozen fully functional PBXs, the creation time jumps to a whopping 3 minutes. And OpenVZ images load almost instantly with a choice of either dynamic or static IP addresses. Add another 5 minutes to run the new Orgasmatron V installer, and you've got a turnkey, state-of-the-art PBX with dozens of preconfigured Asterisk applications plus free calling in the U.S. and Canada courtesy of Google Voice.

For normal PBX operations, last week's 32-bit PBX in a Flash OpenVZ template was just about perfect. But there were two wrinkles. First, conferencing didn't work because there was no timing source (aka Zaptel/DAHDI). You'll recall that both Zaptel and DAHDI are tied to the Linux kernel. And, with OpenVZ templates, the kernel lives on the Proxmox server. Because Proxmox is a 64-bit native application, its kernel wasn't accessible to 32-bit apps such as last week's template. Second, there's a Denial of Service security issue with the version of IAX2 installed in the default build of PBX in a Flash which you already know about if you've been following us on Twitter or if you subscribe to the PIAF RSS Feed.

So we had our work cut out for us this week. We wanted to kill two birds with one stone by delivering a 64-bit version of PBX in a Flash with conferencing support that also addressed the IAX2 security issue. The nice part of IAX is that you really only need to expose the IAX port through your firewall on one server. Then all of your remaining servers can register to the new safe server (using any version of Asterisk) while remaining safely ensconced behind hardware- based firewalls to avoid DOS attacks.

Overview. There are five pieces to this week's puzzle. First, you need a functioning Proxmox VE 1.3 server. Second, you need to install the new 64-bit PBX in a Flash OpenVZ template on your Proxmox server. Third, you need to create at least one OpenVZ virtual machine (VM) using the new PIAF 64-bit template. Fourth, you need to install and activate DAHDI on your Proxmox server. And finally, you need to enable DAHDI on each of the virtual machines created in step #3.

Installing Proxmox. We're assuming you've already purchased an appropriate hardware platform for Proxmox and have your Proxmox VE 1.3 server up and running. If not, start with last week's article. Be sure to read the footnotes to make certain you purchase hardware that actually can run Proxmox! NOTE: The new Proxmox VE 1.4 beta does not yet have all of the tools necessary to enable conferencing so make certain you install the current 1.3 release.

Installing PIAF 64-bit OpenVZ Template. Using a web browser, download the new PBX in a Flash 64-bit OpenVZ template to your Desktop. Our special thanks to Wolf Paul for his continuing help in teaching us how to build these templates. Once you have the OpenVZ template in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF 64-bit OpenVZ template on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. And, as Joe Roper has pointed out, you can do this directly within the Proxmox server by logging in as root and issuing the following commands.

cd /var/lib/vz/template/cache/
wget http://nerd.bz/dnlkWr


Creating a PIAF 64-bit Virtual Machine. Now you're ready to create your 64-bit virtual machine. Click on Virtual Machines and then the Create tab. Accept the default OpenVZ Container type. For the Template, choose centos-5.0-pbxinaflash_1.4.0-3_x86_64. Now give your virtual machine a host name that will help you distinguish it from other VMs on your Proxmox server. Create a secure root password for your new VM. We recommend a minimum memory and swap memory size of 512MB and a minimum disk size of 20GB. You can experiment with these to find the best fit on your server. It only takes about 15 seconds to create an OpenVZ virtual machine so trial-and-error isn't painful.

You have a choice of Network Types. With Virtual Networks (venet), you need to designate a static IP for your virtual machine. With Bridged Ethernet (veth), an IP address is assigned by your DHCP server. Be aware that our status app currently won't display venet-assigned IP addresses, but ifconfig will. There are some other significant differences including network security that you may wish to review. To keep things simple, choose Bridged Ethernet as shown in the screen shot above. As mentioned, we'll depend upon your DHCP server to assign a dynamic IP address. You can lock it down on your router to assure that the same IP address always is assigned to this virtual machine. Finally, provide a DNS domain for the new VM and assign at least one DNS server. The IP of your gateway router/firewall usually will suffice. Click create when you have filled in all the blanks.

To start the OpenVZ virtual machine, click on the List tab. Then click on the 64-bit VM you wish to run. When the details display, click the Start button. Within a couple seconds, your VM will start up. Now click on the Open VNC Console link which provides you a command line interface to the now running virtual machine. Type ifconfig several times until you get a display showing your network interfaces. If no IP address is shown for eth0, type: service network restart. You only need to do this the first time your new virtual machine is started. Once the network reloads, you should be good to go. Type status and the IP address of your new VM should display.

Before you do anything else, change the web passwords for your virtual machine to something that is really secure. Just type passwd-master and answer the prompts. You now can close the VNC window after writing down the IP address and VM ID of your new virtual machine.

NOTE: Unlike the 32-bit version from last week, it is not necessary to generate new SSH server keys for PIAF 64-bit virtual machines. These will be generated automatically the first time you start up the VM.

Installing DAHDI on the Proxmox Server. At the outset, we want to express our deep appreciation to Joe Roper, one of the founders of the PBX in a Flash project, for his work in putting together a simple script to install and activate DAHDI on the Proxmox server. In addition, the script spawns another script which makes it easy to activate DAHDI for any PIAF 64-bit virtual machines desired. For our European friends that ever have the need for an Asterisk consultant, you can do no better than Joe Roper. Thanks, Joe!

To begin, log into your Proxmox server as root and issue the following commands:

cd /root
wget http://nerd.bz/dahdi
apt-get -y update
apt-get -y install zip
unzip install-dahdi.zip
rm install-dahdi.zip
chmod +x install-dahdi.sh
./install-dahdi.sh

Activating DAHDI for Designated Virtual Machines. By default, DAHDI is not activated on any of the virtual machines you create. To activate it and enable conferencing, log into your Proxmox server as root and issue the following command: pabx-enable-conference. When prompted to enter the VM ID of the virtual machine to be activated, type in the number (e.g. 101) and press Enter. After activation is complete, use a web browser to access the Proxmox GUI. Start up the virtual machine if it is not already running. Then, either log into the VM with SSH as root or choose Open VNC Console. From the CLI, type amportal restart to reload Asterisk. Once you have created at least one extension and one conference using the FreePBX GUI, you should be able to dial into the conference successfully. If you get an error about a missing TUN device, see comment #1 below for the fix. Enjoy!


Article of the Week. Justin West's Free Homebrew VoIP with Google Voice and Intel Atom


Enhanced Google Maps. In case you haven't noticed, we've added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We'll show you how to add something similar to any LAMP-based Linux system in coming weeks. It's a powerful technology that has enormous potential. If you're unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

Asterisk Virtualization: PiaF + Proxmox, It Just Works

We've invested weeks and months over the years wrestling with virtualization technologies searching for the perfect fit for the Asterisk® PBX platform and especially for the turnkey solutions provided by PBX in a Flash and our latest Orgasmatron V installer. Why virtualization you might be asking? As with most computer applications, it comes down to flexibility and, of course, cost savings.

For the latest article on PBX in a Flash 2 with OpenVZ, follow this link.

In the flexibility department, VoIP virtualization lets you choose options such as Cloud Computing and hosted solutions from various providers. It also provides a terrific training platform as well as your own managed Cloud Computing solution. You can build and host a dozen or more virtual Asterisk systems on a single $500 to $1,000 server and have a transportable solution ready to deploy in a couple of hours. And then there are those of us in the technology business that need to test all sorts of new operating systems and applications without having to dedicate a standalone machine to each experiment.

Security WARNING: Always run Proxmox behind a secure, hardware-based firewall with no port exposure to the Internet. Review this message thread for the reasons why.

Our virtualization platform of choice is Proxmox, a lightweight Debian-based distribution that includes kernel support for both KVM and OpenVZ. As Martin Maurer from Proxmox put it in a recent interview:

This means you get the best of both virtualization worlds... containers (OS Virtualization) and fully-virtualized machines (Machine Virtualization). Proxmox VE also includes a very powerful yet easy to use web-based management system with clustering features. Boot the Proxmox VE install media, answer a few simple questions, and within 10 minutes you have a very powerful virtualization platform you can manage from a web browser. Install it on one or more additional machines that are networked together and use Proxmox VE's cluster management tool to create a virtualization cluster that allows for centralized management, automated backups, iso media and OS Template syncing, as well as migration features. Proxmox VE really is a time saving turnkey solution... and it is freely available under a GPL license."

As far as cost savings, $500 to $1,000 says it all. When you can run a dozen dedicated systems on such a hardware platform, it reduces the individual cost of each turnkey system deployment to well under $100. And the performance penalty for implementing this multitasking solution is only a 1 to 3 per cent performance hit compared to using comparable standalone systems for similar computing tasks. Om Malik recently noted that:

More than half of new servers in 2009 will be virtualized, compared with 30 percent in 2008, according to a new survey by TheInfoPro."

Comparing 2009 to 2008 deployments, that's a 70% increase in just one year. When there is comparable performance, 90% cost savings, and greatly enhanced deployment flexibility, you have to ask yourself why wouldn't you deploy virtualized solutions. With the solution we're providing today, you get some other benefits as well: snapshot backups and cluster computing, both of which actually work. And the cost of this virtualization technology... it's FREE!

Hardware Requirements. For full KVM virtualization support, you'll need either an Intel-VT1 or AMD-V2 capable CPU/Mainboard. Also strongly recommended are a multi-core CPU and as much RAM as your budget can afford. Our favorites (primarily because of cost) are the Dell T105 (with either dual or quad core AMD Athlon processor) or the Dell T300 (with quad core Intel Xeon processor). Both are on sale for the next few days starting at $249 up to about $1,000 with $350-$549 off the retail prices. You can save more by using our Dell coupon in the right margin. We recommend purchasing larger hard disks from other suppliers so stick with the default setup in drives. Dell has gotten more competitive on RAM pricing so that's your call. For a point of reference, a dual core AMD with 8GB of RAM can support about 8 simultaneous Asterisk servers.

Installing Proxmox. If you go the Dell route, you'll need an external USB CD or DVD drive to install Proxmox. Dell's optical drives aren't supported in the Proxmox boot image. So begin by downloading the Proxmox VE 1.3 ISO image and create your CD. Then boot your new server from the CD (by pressing F11 for the boot selection screen and choosing your USB external drive on Dell servers). Press Return to begin the install, agree to the license agreement, and click Next on the installer screen to begin. Choose your country, time zone, and keyboard layout. Next choose a secure password and provide a valid email address which is used to send you critical alerts from your Proxmox server. Finally, choose a hostname, specify a fixed IP address, netmask, gateway, and DNS servers and then press Next. Three minutes later, you'll have a new Proxmox server. Log in to your server as root and create a directory for your backups: mkdir /backup. You're finished on the CLI at this point.

OpenVZ vs. ISO Images. One of the beauties of Proxmox is that it supports two different types of images to create virtual machines. An OpenVZ template is akin to a snapshot of an existing system while an ISO image is identical to the installer you normally would burn onto a CD in order to install a software application on your server. In short, you still have to go through the installation scenario when you create a virtual machine (KVM) from an ISO image. A virtual machine created from an OpenVZ image is ready for use the moment it is created. If you remember when instant-on televisions first were introduced, you'll also appreciate the difference in boot times between OpenVZ and KVM machines which boot an application installed from an ISO in much the same manner as you would experience on a standalone machine.

As with life, there's a dark cloud lurking behind every silver lining, and this is especially true in the Asterisk environment. OpenVZ containers rely upon a shared kernel, the one that actually boots the Proxmox server. KVM containers created from ISO images are self-contained with their own complete operating system and kernel. Thus, zaptel and dahdi cannot be loaded directly from an OpenVZ container. Instead one must rely upon a shared version of zaptel or dahdi loaded on the Proxmox server itself. As it turns out, this is no small feat and certainly not a task for mere mortals. Bottom Line: If you need conferencing or otherwise need a timing source for your Asterisk deployment, you will not want to use the OpenVZ approach at least for now. We hope to more fully document the zaptel/dahdi hurdles that need to be addressed in coming weeks. You can follow our progress in this message thread on the PBX in a Flash Forum. On the other hand, if you have more traditional VoIP requirements for your PBX, then the ease of installation and use of the OpenVZ image makes perfect sense. So let's start there assuming you understand the limitations.

Installing PIAF OpenVZ. Using a web browser, download the new PBX in a Flash OpenVZ image to your Desktop. Our special thanks to Wolf Paul, who did most of the work in putting this together. Once you have the OpenVZ image in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF OpenVZ image on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. And, as Joe Roper has pointed out, you can do this directly within the Proxmox server by logging in as root and issuing the following commands. Thanks, Joe.

cd /var/lib/vz/template/cache/
wget http://tr.im/piaf1506

If you really want to walk on the wild side, here's a third method from Ap.Mathu. After logging into your server as root and issuing the following commands, you can download PBX in a Flash as well as Joomla!, eyeOS, BlueOnyx, Moodle, and FrontAccounting directly through the Proxmox web interface (Appliance Templates, Download):

cd ~
wget http://mundy.org/piaf1506
cat piaf1506 >> /var/lib/pve-manager/apl-available

NOTE: You'll need to use the third option above only after you enable IPtables below because the apl-available file gets regenerated from "headquarters" each time Proxmox restarts.

Enabling IPtables Firewall. IPtables works a little differently in the OpenVZ environment. It actually runs on the Proxmox host. There are three steps to get it working. First, be sure you have downloaded PIAF OpenVZ template 15.04 or later. Second, shut down every running VM on your Proxmox server using the web interface. When you're sure they're all stopped, log into your Proxmox server as root using SSH and carefully enter the following two commands. Note that, because of the length, the sed command stretches to several lines which should be unraveled into a single line for the command to execute properly! Using a block-copy from a desktop machine to your SSH session is the safest method.

sed -i 's|ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length|ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp|' /etc/vz/vz.conf

/etc/init.d/vz restart


Now you're ready to create your first virtual machine. Click on Virtual Machines and then the Create tab. Accept the default OpenVZ container type and give your virtual machine a host name that will help you distinguish it from other VMs on your Proxmox server. Create a secure root password for your new VM. We recommend a minimum memory and swap memory size of 512MB and a minimum disk size of 20GB. You can experiment with these to find the best fit on your server. It only takes about 30 seconds to create an OpenVZ virtual machine so trial-and-error isn't painful.

You have a choice of Network Types. With Virtual Networks (venet), you need to designate a static IP for your virtual machine. With Bridged Ethernet (veth), an IP address is assigned by your DHCP server. Be aware that our status app currently won't display venet-assigned IP addresses, but ifconfig will. There are some other significant differences including network security that you may wish to review. Our special thanks to Martin Maurer from the Proxmox Dev Team for the hand-holding in getting both options working. To keep things simple, choose Bridged Ethernet as shown in the screen shot above. As mentioned, we'll depend upon your DHCP server to assign a dynamic IP address. You can lock it down on your router to assure that the same IP address always is assigned to this virtual machine. Finally, provide a DNS domain for the new VM and assign at least one DNS server. The IP of your gateway router/firewall usually will suffice. Click create when you have filled in all the blanks. Your new virtual machine will be ready to run in less than a minute.

To start the OpenVZ virtual machine, click on the List tab. Then click on the VM you wish to run. When the details display, click the Start button. Within a couple seconds, your VM will start up. Now click on the Open VNC Console link which provides you a command line interface to the now running virtual machine. Type ifconfig several times until you get a display showing your network interfaces. If no IP address is shown for eth0, type: service network restart. You only need to do this the first time your new virtual machine is started. Once the network reloads, you should be good to go. Type status and the IP address of your new VM should display. Type service iptables status to verify that IPtables is running. It currently does not show properly with status. If it's not running, type service iptables restart, and then check it again. The safest test is to attempt to log into your new server with a phone using the wrong extension password. After three tries, it should lock out that IP address temporarily.

Now it's time to secure your new virtual machine. We need to change the master password (not the root password) that is used to gain web access to your server. We also need to change the server's SSH keys to make them unique. Just run the following three commands making certain that you choose to overwrite your existing SSH keys when prompted to do so:

passwd-master
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa

Finally, you can type rasterisk to load the Asterisk CLI. You now have a functional PBX which is ready for configuration. See our knol for step-by-step instructions if you're new to all of this. Or, better yet, you can transform your new virtual machine into a turnkey PBX in less than 10 minutes with free calling in the U.S. and Canada with our Orgasmatron V Installer.

We strongly encourage (actually we're begging) you to read our Primer on Asterisk Security before doing anything else. It could save you an astronomical phone bill down the road.

Where To Go From Here. Until our next chapter, you might want to experiment with some of the other OpenVZ appliances which are available for Proxmox. Many can be installed within the Proxmox GUI (Appliance Templates, Download). Here's the short list: Proxmox Mail Gateway, CYAN Secure Web, Trouble Ticket Tracking, Zenoss Core IT Monitoring, CentOS 4 and 5, Debian 4 and 5, Fedora 9, Ubuntu Hardy, Drupal Content Management, Joomla Content Management, MediaWiki, SugarCRM, and WordPress. Enjoy!

Continue reading Part II for the 64-bit version with DAHDI conferencing...


Enhanced Google Maps. In case you haven't noticed, we've added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We'll show you how to add something similar to any LAMP-based Linux system in coming weeks. It's a powerful technology that has enormous potential. If you're unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

  1. Be very careful choosing Intel processors. Even some high-end processors do not support Intel Virtualization Technology. Here's the official list. []
  2. And here is a useful reference for AMD-compatible processors. The AMD WIKI provides the following list of AMD-V compatible processors: "AMD's x86 virtualization extension to the 64-bit x86 architecture is named AMD Virtualization, also known by the abbreviation AMD-V, and is sometimes referred to by the code name 'Pacifica'. AMD processors using Socket AM2, Socket S1, and Socket F include AMD Virtualization support. AMD Virtualization is also supported by release two (8200, 2200 and 1200 series) of the Opteron processors. The third generation (8300 and 2300 series of Opteron processors) will see an update in virtualization technology..." []