Posts tagged: sip

Obivoice = OBi Heaven: Dumping Google Voice for Less Than 10¢ a Day

What a difference a week makes! When we wrote last week’s article about netTALK and their terrific pricing, we were pleased to report that at least one company could offer a drop-in replacement for Google Voice without breaking the bank. But, alas, all is not well in netTALK Land. For openers, the Better Business Bureau revoked their accreditation last June because of failure to respond to or resolve technical complaints. And a recent SEC Filing paints a fairly bleak picture of the company’s financial condition. Special thanks to Gershom1624 for his sleuthing efforts. This merely reinforces the difficulty of providing reliable, unlimited VoIP service at the $2.50 a month price point. But we firmly believe $2.50 is the magic price point, and it is achievable with some safeguards for the provider, i.e. residential service, no call centers, no 10,000 minutes-a-month customers. My mom loved the telephone, but she never spent 5 hours a day on the telephone. There also has to be some tradeoff in the level of support customers can expect. If customers tie up expensive support reps with multiple calls, the pricing matrix falls apart very quickly. And that brings us to this week.


Let’s review the Wish List for those that missed last week’s article. We want a drop-in replacement for Google Voice on both the OBi110 (stand-alone with any POTS telephone) and Asterisk® (PBX) platforms. It needs to provide unlimited (within reason) calling in the U.S. and Canada. It needs a feature set that is fairly comparable to Google Voice. It needs to include E911 service because the federal government says so. We don’t care much about support as long as the setup process is well-documented, the service is reliable, and calls sound great. Charging for support requests to resolve issues that aren’t the company’s fault is perfectly fine with us. But the price point for unlimited calling needs to be $2.50 a month, i.e. $30 a year or $60 every two years for the math-challenged. We’d prefer no tips, taxes, or fees. We want to keep our existing number. And, lest we forget, the company must promise to stay in business and never raise prices… forever.

Suppose we could find you a company that, with a 2-year commitment, could provide all of the above (minus the last sentence) plus fax support including a web page to send outgoing faxes from attachments, free calling and a mobile app for your iOS and Android devices, Visual Voicemail with voicemail transcription as well as email delivery of voicemail messages, call forwarding, call waiting, CallerID spoofing for any number you own, and unbelievable customer service. Not sure about the service? How about a 30-day free trial with 60 free minutes?

Let us introduce you to Obivoice. Don’t be alarmed by the one-year price of $40. The two-year price is just $60. But it doesn’t cost you a nickel to sign up and try the service. Obivoice is a pure SIP provider so the setup with PBX in a Flash™ or an OBi110™ takes only a couple minutes. Here’s the SIP trunk setup for PBX in a Flash using FreePBX®. All you need is your SIP credentials and phone number once you’ve signed up for an account. Plug in your 10-digit phone number in the Outbound CallerID and Register String, replace 1234 with your Account Number in the username, fromuser, and Register String, and replace yourpassword with your real Password in the secret and Register String.

Next, build yourself an Inbound Route with your 10-digit DID and point it to your favorite PBX destination. Finally, create an Outbound Route using obivoice as the Trunk Sequence, and you’re all set. It doesn’t get any easier than that.

We don’t think you will but, if you need assistance setting this up, head over to the PIAF Forum where there’s a lively discussion about Obivoice already.

The OBi110 setup is just as easy. Plug in sms.intelafone.com as the ProxyServer and OutboundProxy in your ITSP Profile, add your SIP credentials in the SP1 Voice Services dialog, and forward (or transfer) your existing Google Voice number to Obivoice. Done! Obivoice’s complete tutorial is available here.

Let us close with our own customer service story. We were so excited about this new service when it was announced yesterday that we actually clicked the wrong button and signed up for the wrong plan. Of course, it only takes a minute to get that sinking feeling in your stomach when you know you’ve screwed up. So late yesterday (Sunday night!) I opened a support ticket and asked to either cancel the wrong plan so that I could reenlist or to transfer to the $60 two-year plan. At 1:30 a.m. this morning, I got an email back from customer service indicating that the plan had been adjusted and that I had been billed for the price difference. WOW!

Run, don’t walk, to sign up for Obivoice. It’s that great!

p.s. The Obivoice jingle in their YouTube video is as good as their calls. We want it for our Music on Hold!

Originally published: Monday, January 13, 2014




Need help with Asterisk? Visit the PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for all of us.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity. 


Some Recent Nerd Vittles Articles of Interest…

Newbie’s SIP Navigation Guide for Asterisk: Is It Safe?

It’s Back to School Time at Nerd Vittles today with a wrap-up of our series exploring the symbiotic relationship between SIP and Asterisk® including the most important consideration of all: SIP Security 101, a quick-and-dirty look at the security implications of using SIP with Asterisk. If you read nothing else before you begin your VoIP adventure, move today’s article to the top of your list. It might save you a personal fortune! Think of it as winning the lottery without even buying a ticket. Then we’ll summarize some safe approaches to using SIP with Asterisk. And finish up with a novel way to implement free SIP calling using almost any telephone: POTS phone, cellphone, or any SIP phone.

Asterisk Boot Camp: SIP Security 101

By default, most Asterisk systems including those relying upon FreePBX® are configured to deny anonymous SIP calls. If your server has a fully-qualified domain name, it means SIP calls to 201@myserver.com will fail. Since SIP URI calls are free from anywhere in the world, that’s a big deal. The million dollar question is why not just enable anonymous SIP calling on your Asterisk server and call it a day. Then anybody can call any extension on your PBX. That’s half of the answer actually: “Then anybody can call any extension on your PBX.” If that were the only exposure by opening up SIP to anonymous callers, many of us could probably live with that. After all, that’s how POTS phones worked for almost 100 years. The difference, of course, is anonymous SIP calls are free and often undetectable regardless of where the calling party happens to actually be. Unlike HTTP requests which preclude users from spoofing the IP address, SIP requests have no such limitation. That means a SIP packet can knock on your door masquerading as a SIP packet initiated from your own server.

Unfortunately, when you expose UDP port 5060 and your Asterisk server to any and all SIP traffic sent your way from the Internet, it means any kind of SIP packet can be sent to your server for processing. That includes login requests to extensions and trunks as well as SIP packets with all sorts of vile code embedded in the SIP headers.

SIP can be used for DDoS attacks from inside or outside of the network, and it is the SBC or other border controller device’s job to handle those types of issues. Common attacks include SIP registration floods, endpoint spoofing, and ENUM attacks.

Without boring you with the details, suffice it to say that SIP vulnerabilities have been discovered regularly in all flavors of Asterisk… as recently as a few weeks ago. And, Asterisk 12 is just around the corner with an entirely new approach to SIP. So, before you open your server to anonymous SIP attacks, ask yourself whether you (and your wallet) believe that we’ve seen the last of the SIP vulnerabilities. Keep in mind that, if an attacker gains access to your server, everything is vulnerable including not only your internal extension credentials but also your account names and passwords with all of your providers. Once they have those, they don’t need access to your server any longer. They can run up phone bills on your nickel using direct connections to your providers.

Believe it or not, there was actually a SIP exploit several years ago where the bad guys embedded some code in a SIP packet that crashed the server when anyone happened to look at the SIP entry in their call logs or CDR reports using a browser. And, before the crash, it relayed some of your most prized Asterisk secrets to the attacker. Remember, many Asterisk passwords are stored in plain text on your server. If you don’t believe it, try these commands after logging into your server and switching to the asterisk user (the user account that runs Asterisk and your Apache web server):1

su asterisk
cat /etc/asterisk/manager.conf
asterisk -rx "database show"
mysql -uroot -ppassw0rd asterisk -e "SELECT keyword,data FROM sip"

If that last one doesn’t scare the crap out of you, then Let Me Google That For You. The simple answer would have been to cleanse SIP headers before writing the contents to the logs. But the “purists” won that battle maintaining that such action would bastardize the call logs by failing to document everything in exactly the way it was received.

So much for security!

As long as we have very secure passwords for trunks and extensions, doesn’t Fail2Ban block hacking attacks after several unsuccessful login attempts? Unfortunately, that depends on the performance of your server and the one being used by the attacker. Remember, neither Asterisk nor the Linux kernel, scans SIP traffic for malware. Fail2Ban operates on the data after the fact by scanning entries in your server logs for matching patterns which you define. And these entries are written to the logs only after Asterisk or your web server has processed the packets. If it turns out the attacker is using a gazillion-horsepower server in the cloud, then your poor little server never gets enough processing time with Linux to actually scan the Asterisk log for failed login attempts. What that means is the attacker can execute thousands, if not tens of thousands, of SIP attempts before Fail2Ban ever springs into action even when you’ve set the threshold for blocking an IP address to as few as three failed login attempts.

We want to stress that this isn’t a diatribe against the developers with regard to security. The point is some of the fundamental design choices made with regard to Asterisk and FreePBX do not lend themselves to safe deployment on a public-facing server without additional layers of security. In the case of PBX in a Flash™, it’s the reason we have implemented Apache-level security on the FreePBX web assets in addition to an IPtables firewall and Fail2Ban. For history lovers, keep in mind that, when Asterisk@Home and trixbox® were in their heyday, none of these safeguards were provided.

We’re going to postpone discussion of SIP encryption and SRTP because of its complexity. Suffice it to say, it’s just coming into its own with Asterisk 11, and it raises new problems of its own, e.g. finding compatible phones. You can try it out using our PBX in a Flash WebRTC Virtual Machine. And here is today’s must-read article on the subject.

What’s the bottom line with SIP exposure of your Asterisk server to the Internet? The short answer is DON’T especially if you’re new to the VoIP and Asterisk world. You’re simply asking for a $100,000 phone bill. Ma Bell & Friends don’t really care who makes calls on your nickel. And, remember, keeping your server behind a hardware-based firewall with no Internet port exposure does not affect your ability to make or receive calls using registered providers. That includes SIP, IAX2, Google Voice, and PSTN calls. It also doesn’t affect your ability to make free outbound SIP URI calls to anywhere in the world even with no provider registrations.

Safely Integrating SIP URIs into Asterisk

The long answer is there is a relatively safe way to implement SIP access to your server from the Internet. First, you can use registered trunks with reputable providers to provide SIP connectivity to your server. This includes PSTN calls to DIDs as well as SIP URI calls in many cases. Let the providers worry about SIP attacks while your server sits safely behind a hardware-based firewall with NO Internet port exposure! There are better tools than Asterisk to avoid SIP disasters and protect against malicious SIP attacks. You can protect yourself by keeping a minimal amount of money in your provider accounts with no automatic replenishment from a credit card. Second, for those that need to connect remote phones to your Asterisk server, you can use Firewall WhiteLists with IPtables to restrict access to only the good guys. Travelin’ Man 3 sets up WhiteLists for PBX in a Flash servers in a couple of minutes.

What you can’t do is rely upon BlackLists of IP addresses to keep the bad guys out. If you’ve ever played Whac-A-Mole, you can appreciate the difficulty of using BlackLists to secure your server. The bad guys can change their identity by simply using different IP addresses or by using the IP address of a compromised PC such as the one sitting in your grandma’s kitchen. In addition, the bad guys have become experts in inserting important (safe) IP addresses in BlackLists which, of course, is extremely problematic if one of those IP addresses happens to be one of your SIP providers.

The silver lining of Asterisk is the ability to make and receive free calls to and from anywhere in the world using SIP URIs. They look like email addresses, but SIP URIs actually connect calls via SIP between SIP servers and endpoints regardless of where they may be on the Internet. In the “old days,” advertising a SIP URI for inbound call access to your server meant exposing Asterisk to anonymous SIP traffic. Not any more! Simply sign up for a (pre-paid) account on VoIP.ms or a FREE account at either sip2sip.info or Anveo.com, follow one of our tutorials to register your account, and you’ll automatically have a free SIP URI for your Asterisk server. No Internet port exposure of your Asterisk server is ever required!

Instead of using some-account-number@atlanta.voip.ms or some-account-number@sip2sip.info as your SIP URI, most folks will prefer a SIP URI that matches your existing domain, if you happen to have one. This Nerd Vittles article will walk you through the process of converting your VoIP.ms or Sip2Sip URI into something more manageable: yourname@yourdomain.com. And, thanks to RentPBX, everyone is more than welcome to use the PBX in a Flash cloaking servers on the east and west coast to manage the SIP URI translation magic. If you happen to be (or would like to become) a PBX in a Flash Forum Guru, there’s another option. We’ll host your vanity SIP URI @pbxinaflash.com using your forum name. Just drop us a note on the forum for details. We’re always looking for subject matter experts on the forum. You don’t have to be an expert in everything, just one topic. If you qualify, please let us know and WELCOME!

Dialing SIP URI Calls with iNUM Using Any Telephone

We’ve saved the best for last again. The only problem with SIP URIs is how to dial them. Most phones don’t have a full keyboard. While you can certainly create a few Speed Dial (Custom) Extensions in FreePBX using sip/joe@schmo.com as the SIP URI dial string for the extension, this isn’t feasible on a bigger scale. What makes more sense is to actually use a phone number to connect the call. We previously have documented the iNum solution that’s available through a number of providers including VoIP.ms and LocalPhone. These calls used to be free with Google Voice until Google changed their mind. Now they’re 3¢ a minute. But they’re still free calls with most providers. The only real drawback is the length of the phone number. 883510009901997 is a little hard to remember, even to call Lenny. And, with RentPBX, you need a prefix of 011 to add insult to injury. But, hey, the calls are free to anywhere.

There’s a better way that actually uses your SIP URI to make the call. It’s John Todd’s brainchild, FreeNUM with ISN. As the image shows, ISN numbers are easy to remember and easy to dial. Instead of an @ symbol for email, you use an * symbol for you know what. And you still get Lenny! The trick to ISN dialing is that we pass a number such as 1234*1061 to a DNS server that knows how to translate the numeric sequence into a SIP URI that looks like this: 1234@pbxinaflash.com. It takes the number after the asterisk and resolves it to a fully-qualified domain name which is preconfigured at freenum.org. And the result is inter-domain numeric SIP addressing using ordinary telephone instruments.

The Asterisk setup using FreePBX is simple. The FreeNUM trunk should look like this:

The Outbound Route should look like this:

The dialplan context to tack on the end of /etc/asterisk/extensions_custom.conf looks like this:

[freenum]
exten => _X.,1,Set(TIMEOUT(absolute)=10800)
exten => _X.,2,NoOp(Number to Call: ${EXTEN})
exten => _X.,3,Set(isnresult=${ENUMLOOKUP(${EXTEN},sip,,1,freenum.org)})
exten => _X.,4,GotoIf($["${isnresult}"=""]?6:5)
exten => _X.,5,Dial(SIP/${isnresult},40,r)
exten => _X.,6,Background(ss-noservice)
exten => _X.,7,Congestion
exten => _X.,8,Hangup
exten => h,1,Hangup
exten => i,1,Hangup
exten => T,1,Hangup

For those using Incredible PBX™, the good news is you already have it. Just pick up an extension on your system and dial 1234*1061 to give Lenny a piece of your mind. It works exactly like this SIP URI: sip/1234*1061@freenum.org. For everyone else, believe it or not, we’ve already written about this back when some of you still were in diapers. So read the article for all the details and ISN registration instructions. You will note that in more recent versions of Incredible PBX (including what we’ve shown above), the ** prefix for ISN calls has been eliminated. Now you can dial ISN calls just as described in the FreeNUM literature. We’ve also migrated our ISN domain from sip.pbxinaflash.com to pbxinaflash.com to simplify DNS administration. For PBX in a Flash Forum Gurus, we’ll be happy to set you up with your own free ISN number in the pbxinaflash.com domain as well.

Dialing SIP URI Calls with IPKall Using Any Telephone

There’s yet another option. With an IPKall DID from one of several Seattle area codes, you can interconnect your SIP URI with every PSTN phone in the world. And it’s free. Just make at least one inbound call a month, and the phone number is yours to keep. Here’s the easy way to do it. Just sign up for a free DID at www.ipkall.com. After choosing an area code for your free number, you’ll be prompted for the following information.

Here’s what you’d enter using your free Sip2Sip URI:

  • Phone Number: 323XXXXXXX
  • SIP Proxy: sip2sip.info
  • Email Address: your-email-address
  • Password: some-password-to-get-back-into-your-account

Here’s what you’d enter using your free Anveo SIP URI:

  • Phone Number: 1555ACCOUNTNUMBER
  • SIP Proxy: sip.anveo.com:5010
  • Email Address: your-email-address
  • Password: some-password-to-get-back-into-your-account

Once you’ve completed the form, submit it and wait for your new phone number to be delivered in your email. You should get it within a couple minutes so check your spam folder if you don’t see it. Congratulations! You’ve done everything you need to do for anyone to call you using either your SIP URI or your new DID from IPkall.

It’s worth noting that IPKall recycles DIDs that aren’t used for 30 days. If you use Incredible PBX, the easiest way to assure you don’t lose your number is to set up a weekly recurring Telephone Reminder that calls your IPkall number.

But How Do I Make VoIP Calls to Plain Old Telephones?

We’ve spent a lot of time on free SIP solutions for inbound calls, but inevitably you’re going to need a way to call Plain Old Telephones whether they be customers or friends and family. To make outbound calls or terminations in VoIP parlance, you’re going to need an account with a VoIP provider. If you’re in the United States, you still can get one or more free Google Voice accounts. These accounts let you make unlimited calls to anywhere in the U.S. and Canada. Both PBX in a Flash and Incredible PBX come preconfigured to support Google Voice calling. The scuttlebutt is this may be the last year of the free ride so it’s probably a good idea to try some other alternatives. It’s a good idea anyway because Google has made an art form of “improving” things and breaking VoIP calling periodically. Here’s our “Best of the Best” list of pay-by-the-minute VoIP providers for US48 calls. Lower cost providers are available to call some destinations, but the vendors below provide flat-rate per minute pricing to all US48 destinations. Trunks to support most of these providers also come preconfigured in Incredible PBX. With most of these providers, you set up an account and deposit a small pot of money. When you make calls, the cost of the call is debited from your account. When you run out of money, you can’t make any more calls. For the sake of redundancy, having multiple providers is a very good idea. It costs you nothing to have multiple providers until you actually make calls. Enjoy!

* Free iNUM DID and free worldwide iNUM calling. Tutorial here.


Don’t forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. And add your new number to the Do Not Call Registry to block telemarketing calls. Or just call 888-382-1222 from your new number.
 

 

Deals of the Week. There’s still an amazing deal on the street, but you’d better hurry. A new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage which will help avoid another PIAF Forum disaster.

Originally published: Monday, September 9, 2013




Need help with Asterisk? Visit the PBX in a Flash Forum.


 

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. On the Raspberry Pi platform, substitute “raspberry” for “passw0rd” in the MySQL example. []

A Second Look at Grandstream’s UCM6100 Asterisk PBX & Some SIP Surprises

What a difference a couple months make! For those that are keeping an eye on the UCM6100 Asterisk® PBX from Grandstream, we wanted to provide some additional insights based upon two firmware updates that Grandstream has released since the PBX was first introduced earlier this summer. The short version of this story is Grandstream has addressed most of the open source issues and they’ve resolved well over a hundred bugs. In addition, they’ve published excellent documentation on the PBX in addition to a tutorial on how to interconnect the UCM6100 with other devices including FreePBX®-based Asterisk servers such as PBX in a Flash. So we are pleasantly surprised by Grandstream’s efforts to address many of the concerns that were raised by some of us in the open source community.

Let’s talk about functionality. While the system is still closed in the sense that you can’t add your own Asterisk dialplan code, there’s a lot to like about an under $300 turnkey PBX platform that offers 2 FXO and 2 FXS ports plus most of the feature set you’d find in a $5,000 to $10,000 PBX. And, yes, it even does faxing. The device is especially appealing for organizations that have numerous satellite offices with minimal technical expertise on site. Did we mention you also can backup and restore or even clone multiple units in a matter of minutes using the web-based GUI and an SD card.

We’ve saved the best for last. The silver lining may very well be the functionality boost you’ll get from the addition of a $100 OBi202 device with a Bluetooth adapter.1 This dynamic duo provides turnkey Google Voice support plus Bluetooth cellphone integration which means your cellphone becomes a transparent component in your PBX. When you’re in the office, calls to your cellphone can be managed through the PBX. When the Internet dies, outbound calls from users of the PBX can be routed out through your cellphone. And there’s support for up to three more SIP trunks from many of your favorite providers. Here’s a quick tutorial on how to integrate sip2sip.info and free SIP URIs.

If you glance up at the status screen shot, you’ll see that we have a SIP trunk registered to our primary PBX in a Flash server for transparent calling between extensions on both systems, a Google Voice trunk registered with the OBi202 for free calling in the U.S. and Canada, a second analog trunk registered to the Bluetooth port on the OBi202 to handle cellphone connectivity, a SIP extension registered to a Yealink T46G desktop SIP phone, and an analog extension registered to a collection of Panasonic analog (DECT) cordless phones. We have a Conference Room preconfigured and a Parking Lot to support 5 calls. In addition, there’s voicemail for each extension and an IVR setup (shown below) with virtually the same options you’d have with FreePBX. This is not some half-baked, crippled PBX. Mark Spencer & Co. developed the Asterisk-GUI which is what lies under the UCM6100 covers… and it shows.

Are we switching and dumping PBX in a Flash, Incredible PBX, and FreePBX? Of course not. But, having supported dozens of remote sites staffed with a handful of employees and no technical staff in a prior life, all I can say is this device would have been a godsend. It’s worth a careful look as a supplement to a full-featured central office Asterisk PBX.

Some SIP Surprises to Celebrate the End of Summer

Cloak & Dapper. If you like the clothes, then you’ll love this addition for your PBX. We’ve been exploring SIP URIs and free calling recently, and the one addition that many were clamoring for was an easy way to translate a SIP URI from sip2sip.info or voip.ms into an address using your own domain. By cloaking the address, your email and your “phone address” actually can match. So you can use joe@schmo.com for your email address and joe@schmo.com for your SIP URI as well. Unfortunately, DNS doesn’t speak SIP directly so it takes a little data manipulation to make this work. @w1ve, one of the PIAF resident gurus, actually discovered the sipcloak.org service in New Zealand. But, because of geographical limitations and the fact that it’s not open source, we preferred a home-grown solution. Thanks to the genius of Bill Simon, the magic of YATE, and the hosting generosity of RentPBX2, we now have redundant SIP cloaking servers on the east and west coasts of the United States. To use the service, just add the following records to DNS substituting your own domain and user entries. Once installed, you can receive SIP URI calls using bert@schmo.com or ernie@schmo.com. The PHP source code customized for YATE is available on GitHub. Our extra special thanks to Bill, Diana, and Iman who made this possible!

_sip._udp.schmo.com. IN SRV 10 10 5060 east.pbxinaflash.com.
_sip._udp.schmo.com. IN SRV 10 10 5060 west.pbxinaflash.com.
sip-bert.schmo.com. IN TXT "123@sip2sip.info"
sip-ernie.schmo.com. IN TXT "456@sip2sip.info"

Introducing SIP.US. We’re delighted to introduce a new SIP trunking provider and supporter for the PBX in a Flash project. While Vitelity3 remains the perfect choice for those wanting stellar reliability and pay-as-you-go convenience at rock-bottom pricing, there are organizations that actually need dedicated SIP trunks with an unlimited calling option. And, of course, in the VoIP world, redundancy is a good thing. With today’s special offer for PBX in a Flash users, SIP.US finally hits the $20 magic price point that many of us have clamored for. They also have an incredibly simple and secure module for FreePBX that makes setup a breeze. Here are some of the other advantages the SIP.US service offers:

The signup process couldn’t be easier. Sign up at our link using the PIAF promo code. Choose a free DID and obtain your security PIN for the FreePBX module from SIP.US. Finally, download the SIP.US module for FreePBX to your desktop and install it using Module Admin. Activate the module and enter your security PIN when prompted. That’s it! SIP.US handles the rest of the FreePBX setup process automagically. Give them a try. We think you’ll be delighted.


Deals of the Week. There are a couple amazing deals on the street, but you’d better hurry. ObiHai has all of their telephone adapters on sale at Amazon this week. Click on the Obi110 link in the sidebar to check out the latest pricing. A new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage which will help avoid another PIAF Forum disaster.

Originally published: Tuesday, August 27, 2013




Need help with Asterisk? Visit the PBX in a Flash Forum.


 

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. Some of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. []
  2. The $15 a month RentPBX hosting special for PBX in a Flash servers in the Cloud is still available through the link in the right sidebar of Nerd Vittles. Better hurry! []
  3. Vitelity has been and remains a loyal financial backer of the Nerd Vittles and PBX in a Flash projects. We appreciate Vitelity’s continuing support and encourage all of our readers to try out their service with the special pricing included toward the end of this article. []

Practicing Safe SIP: Adding SIP URI and Free DID Connectivity to Asterisk

Last year, we began our exploration of safe SIP options for Asterisk® by introducing a hybrid solution using VoIP.ms for a registered SIP trunk and IPkall for a free DID. Today, in addition to a free IPkall DID to accept incoming PSTN calls, we have a slightly different approach that provides a direct SIP URI address from Sip2Sip.info for your server. As with the original tutorial, today’s implementation preserves our Zero Internet Footprint™ design for total SIP insulation of your server from the Internet. And all of the components to deploy today’s solution are completely free.

PBX in a Flash™ has a long (safe) history in the VoIP community, and the major reason is that we constantly preach never directly exposing any ports on your Asterisk server to the Internet without implementing a WhiteList of safe IP addresses. This Zero Internet Footprint™ design keeps everybody out except a trusted, defined group on your WhiteList. For everyone else, they never see your server. So how do you receive calls?

You do it with phone numbers (DIDs) or SIP URIs tied to registered Google Voice, SIP, and IAX trunks from reputable providers. Because these trunks have constant registrations with safe service providers on the Internet, calls to these DIDs and SIP URIs can flow in and out of your server without exposing your server directly to the Internet. Callers still can contact you, but they do it through an intermediary with whom you have a registered SIP trunk. Thus, the SIP vulnerability (if there is any) remains with the SIP provider and never with your server directly.

For today’s tutorial, we’ll be using the latest and greatest PIAF-Green™ Virtual Machine featuring Asterisk 11 and FreePBX® 2.11. We also recommend installation of Incredible PBX™ 11 which includes Travelin’ Man™ 3 to provide secure WhiteList management for your Asterisk firewall. Here are links to the PIAF-Green VM with Incredible PBX 11 as well as the Travelin’ Man 3 tutorial to get you started. We recommend you configure this using a VirtualBox® virtual machine on your favorite desktop computer just to get comfortable with the setup. Then you can repeat the drill using a dedicated or cloud-based server once you’ve mastered the basics. All of today’s setup will work without making any adjustments to your hardware-based firewall which should be sitting between your desktop computer and the Internet.

Registering for a Sip2Sip Account. Once you have the VoIP platform in place with Asterisk 11, FreePBX 2.11, Incredible PBX 11, and Travelin’ Man 3, you’re ready to add a SIP trunk from Sip2Sip.info. Just sign up for a free account on their site leaving the Account Name field blank. They will email you your credentials. Click on the provided link in the email to access your new account at http://x.sip2sip.info. Your account name will consist of a 10-digit-number@sip2sip.info. To log in, use the default SIP address as shown and leave the password field blank. Then click Login Now. Immediately click on the settings tab, choose an 8-digit numeric password, disable your Voice Mailbox, and click the SAVE button. Your Sip2Sip account is now secure unless someone is lucky enough to guess your password from the 100 million possibilities. You’ll need your 10-digit SIP account number and password to set up your SIP trunk on your Asterisk 11 server in the next step so write them down and then log out of your Sip2Sip account!

FreePBX and Asterisk Configuration Overview. Using a web browser, log into FreePBX® on your server. We’ll need to create several items to get everything working. First, we’ll add a new SIP trunk with your Sip2Sip credentials to handle incoming calls. Second, we’ll add a Custom Trunk to handle outbound calls to Sip2Sip. Third, we’ll add an Inbound Route to process incoming calls. Fourth, we’ll add an Outbound Route so that you can make calls using your outbound Sip2Sip trunk. Calls to other Sip2Sip numbers are free. For the rest, you’ll pay a per minute fee. Whether to use the pay service is completely up to you! Finally, we’ll log into your server as root and add Sip2Sip to your IPtables WhiteList and make two manual adjustments to the Asterisk dialplan to accommodate Sip2Sip’s way of handling SIP calls. Then we’ll restart Asterisk, and you’re done.

  1. Connectivity -> Trunks -> Add SIP Trunk
  2. Connectivity -> Trunks -> Add Custom Trunk
  3. Connectivity -> Inbound Routes -> Add Incoming Route
  4. Connectivity -> Outbound Routes -> Add Route
  5. Enable Sip2Sip in your IPtables WhiteList
  6. Add srvlookup=yes in sip_general_custom.conf
  7. Set enable=yes in dnsmgr.conf
  8. Restart Asterisk: amportal restart

Adding Sip2Sip SIP Trunk. While logged into FreePBX 2.11, choose Connectivity -> Trunks -> Add SIP Trunk. Fill out the form like this using your Sip2Sip 10-digit number and password. Unlike some trunk setups, entering your actual 10-digit Sip2Sip number as the Outbound Caller ID is mandatory, or inbound calls will be rejected by your server. Replace 223XXXXXXX with your actual 10-digit Sip2Sip number in the five places shown below. Replace 12345678 with your actual Sip2Sip password in the two places shown below.

  1. Trunk Name: Sip2Sip
  2. Outbound Caller ID: 223XXXXXXX
  3. Dial Pattern: leave blank
  4. Trunk Name: sip2sip
  5. Trunk Details:
    • type=peer
    • canreinvite=no
    • nat=yes
    • qualify=yes
    • domain=sip2sip.info
    • fromdomain=sip2sip.info
    • outboundproxy=proxy.sipthor.net
    • fromuser=223XXXXXXX
    • defaultuser=223XXXXXXX
    • secret=12345678
    • insecure=invite
    • context=from-trunk
    • host=sip2sip.info&81.23.228.129&81.23.228.150&85.17.186.7
  6. Register String: 223XXXXXXX:12345678@sip2sip.info/223XXXXXXX

Adding Sip2Sip Custom Trunk for Outbound Calling. While logged into FreePBX 2.11, choose Connectivity -> Trunks -> Add Custom Trunk. Fill out the form like this using the entries below:

  1. Trunk Name: sip2sip-out
  2. Dialed Number Matched Pattern: 223NXXXXXX
  3. Custom Dial String: SIP/$OUTNUM$@sip2sip.info

Adding Inbound Route. Next you need to tell FreePBX how to process incoming calls from your Sip2Sip number. Choose Connectivity -> Inbound Routes -> Add Incoming Route and fill out the form to look like this. Change the destination to match whatever you prefer: an extension, ring group, IVR, etc. If you followed last week’s tutorial to install Lenny Encore, then you can choose Lenny as your destination as well.

Adding Outbound Route. Next you need to tell FreePBX how to process outbound calls to your Sip2Sip account. Choose Connectivity -> Outbound Routes -> Add Route and fill out the form to look like this. After you have saved your entries, make certain that you drag the sip2sip-out route to the top of your Outbound Route List (on the right side). Otherwise, 10-digit Sip2Sip calls may inadvertently be processed by one of your other trunks that handles 10-digit numbers. The 3333 and 4444 numbers are test accounts at Sip2Sip to enable you to try out connectivity.

Adding Sip2Sip to Your IPtables WhiteList. We’re assuming you already have installed Travelin’ Man 3 and secured your server by running /root/secure-iptables. If not, start there. Now we need to enable UDP SIP connectivity for Sip2Sip in your WhiteList by running the following commands while logged in as root:

/root/add-fqdn sip2sip sip2sip.info
/root/add-ip sip2sip1 81.23.228.129
/root/add-ip sip2sip2 81.23.228.150
/root/add-ip sip2sip3 85.17.186.7

Making Asterisk Dialplan Adjustments. While still logged into your server as root, issue the following commands to finish up enabling Sip2Sip URI support in Asterisk. The last command verifies that your Sip2Sip trunk is actually registered.

echo "enable=yes" >> /etc/asterisk/dnsmgr.conf
echo "srvlookup=yes" >> /etc/asterisk/sip_general_custom.conf
amportal restart
asterisk -rx "sip show registry"

Adding an IPkall DID for Your SIP URI. We’ve now completed all the steps necessary to receive incoming SIP URI calls using your new Sip2Sip URI: 323XXXXXXX@sip2sip.info. Anyone in the world can dial that SIP URI from a SIP phone, and the calls will be answered by your server. But suppose we’d also like folks to be able to pick up a Plain Old Telephone and call using Sip2Sip.info to route the incoming call through the SIP URI. Here’s the easy way to do it. Just sign up for a free DID at www.ipkall.com. After choosing an area code for your free number, you’ll be prompted for the following information. Here’s what you’d enter using today’s example:

  • Sip2Sip Phone Number: 323XXXXXXX
  • SIP Proxy: sip2sip.info
  • Email Address: your-email-address
  • Password: some-password-to-get-back-into-your-account

Once you’ve completed the form, submit it and wait for your new phone number to be delivered in your email. You should get it within a couple minutes so check your spam folder if you don’t see it. Congratulations! You’ve done everything you need to do for anyone to call you using either your Sip2Sip URI or your new DID number from IPkall.

It’s worth noting that IPkall recycles DIDs that aren’t used for 30 days. If you use Incredible PBX, the easiest way to assure you don’t lose your number is to set up a weekly recurring Telephone Reminder that calls your IPkall number.

Adding SIP URI Dialing with Your Own Domain. Thanks to a great tip from @w1ve on the PIAF Forum, you now can create free SIP URIs using your own domain. Here’s how.

Troubleshooting. If you experience intermittent congestion issues with attempted connections to your SIP URI, try the [from-sip-external] trick outlined in our PIAF Forum posting.

Add Free Calls to 40 Million Asterisk Servers with e164.org. While we’re on a roll of free calling, here’s a simple way to add free calling to 40 million Asterisk servers around the world. Just add your name and phone numbers to the e164.org registry at no cost and configure FreePBX with ENUM support. Then outbound calls to numbers in the e164 registry will always be free as well. The whole setup takes less than 10 minutes. Here’s how.

You already have a SIP URI for your Asterisk server from the Sip2Sip setup above. Now let’s get you signed up with an account on e164.org. Go to the web site and click the Sign Up tab. Go through the sign up drill and then log into your new account. Then click the Phone Numbers tab and add your IPkall phone number to e164. If you have additional DIDs, enter the area code and number for each of them. Then click the Next button. You’ll be warned about not having the number you’ve specified redirected to an IVR. If you already have this DID redirected to an IVR, change the routing temporarily to an extension that you can answer to obtain your PIN before you press Next to proceed. You’ll then be prompted for the SIP address to contact your server. Leave the default SIP protocol and plug in the address you were assigned by Sip2Sip. As soon as you click the Next button, your phone should start to ring, but there may not be a message when you answer. Hang up and wait for the second call within 15 minutes. It will include your PIN. Now click on the Phone Numbers tab and update your phone entry by choosing Enter PIN and typing your assigned PIN. Your phone number now has been activated with the e164 service. To complete the setup, you’ll want to click on the Do Not Call option and make your selections. You also can decide whether to list yourself in the ENUM White Pages directory.

Remember that the real purpose of this drill is to avoid charges when you place outbound calls to numbers in the ENUM directory. We merely added your numbers to e164.org so that others could benefit as well. So the final step before you can start saving money is to configure FreePBX to handle ENUM lookups for outbound calls from your server. One more observation may be helpful. You’ll recall that one of the limitations of FreePBX has always been that once an outbound route was chosen for a call, if the call was completed using the first destination trunk in that route, then the call processing ended there. ENUM adds a new wrinkle because we basically want to connect to ENUM to check for a free route and, if no matching entry is found, then we want the next trunk to process the call. As luck would have it, FreePBX has been tweaked to allow this scenario. All you have to do is create an ENUM trunk and then place it first in your sequence of trunks for each of your outbound routes. If an ENUM entry is found for the number you’re calling, the call will be routed as a free call with a direct SIP connection. Otherwise, the call processing will continue and the call will be routed using the next trunk specified in your outbound route.

There are two steps in FreePBX to implement ENUM. First, create a special ENUM trunk. Second, adjust your Outbound Routes to process outbound calls using the ENUM trunk first. Then the series of trunks you already have specified in each outbound route will be triggered if there is no ENUM path for your call. NOTE: You obviously wouldn’t do this for an emergency 911 outbound route.

In FreePBX, click Connectivity -> Trunks, Add ENUM Trunk. Enter your desired CallerID for these calls. Set a maximum number of channels, if desired, and then leave the other entries blank in most cases. Save your settings and reload your dialplan. Now click Connectivity -> Outbound Routes and adjust the sequence of trunks for each of your existing routes. Be sure to put ENUM in the top position of each desired route. Also make certain that all calls are dialed with a dial string of 1NXXNXXXXXX or NXXNXXXXXX with a Prepend entry of 1 as shown below. Enjoy!


Don’t forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. And add your new number to the Do Not Call Registry to block telemarketing calls. Or just call 888-382-1222 from your new number.
 

 

Deals of the Week. There’s still one amazing deal on the street, but you’d better hurry. A new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage which will help avoid another PIAF Forum disaster.

Originally published: Monday, August 19, 2013




Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Don’t miss the first-ever FreePBX World on August 27-28 at the Mandalay Bay in Las Vegas. For complete details, see this post on the FreePBX blog.


 

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

The SIPaholic’s Dream Come True: Introducing Anveo Direct

We’re incredibly happy with the current list of providers that we recommend to PBX in a Flash™ users for VoIP trunking. At the top of our list is Vitelity, a leading VoIP provider that has been a major contributor to the Nerd Vittles and PBX in a Flash projects for many years. But, as often happens, one of our gurus on the PIAF Forum comes up with a terrific discovery that we just can’t wait to pass along. This week it was @w1ve who stumbled upon a new Anveo® Direct service for end-users with a special DID and SIP trunk offer. While the sub-account flexibility of Vitelity and some of the other providers is sorely missing, Anveo Direct does provide end-users with many of the same routing tools and SIP feature set that previously were reserved for use by major carriers. If you don’t believe some of the competition is less than thrilled, read this message thread on dslreports.com. And, until June 1, you can order DIDs in almost any U.S. region for 50¢ a month per DID with no setup fee. With Anveo Direct Value, that 50¢ buys you two trunks with 400 free incoming minutes a day. Outbound calls are pay-as-you-go and vary depending upon where you’re calling. Typical U.S. rates are $.001 to $.0055 per minute with least cost routing and automatic failover when a particular carrier’s route is having problems. As a point of reference, sending a one-page fax using Incredible Fax costs less than a penny and worked flawlessly using Anveo’s least costly routes.

DIDs also are available in more than 50 countries around the world, and all setup fees are waived until June 1. Most European DIDs are $1 or less per month. You’ll find the complete price list here. It’s worth mentioning that the 400 free incoming minutes a day applies collectively to all of your DIDs, not individually to each one. Additional incoming calls each day are billed at a penny a minute. The alternative is to purchase dedicated Anveo Direct trunks which provide unlimited inbound calling (one call at a time) for a monthly charge of $17 per trunk (worldwide), $11.25 per trunk (U.S. and Canada), or $6.50 per trunk (most of Europe). Monthly DID prices then are roughly 50% less.

Another nice surprise is that most of the DIDs include SMS messaging support. Incoming SMS messages are billed at a penny per message. Outbound SMS messages are routed through Europe and are billed at 4.4¢ per message. Unlike most providers, Anveo gives you the flexibility to configure your carriers and routes in almost any way you like. And there’s no proxy media so voice calls are passed directly from the carrier to your SIP endpoint. Anveo actually began as a wholesale provider of Voxbone services. With Anveo Direct, virtually all of the functions offered to commercial providers are now available to everybody. Along with fully redundant architecture and automatic SIP failover, Anveo offers you a choice of POPs in New York and Los Angeles as well as in Germany, Belgium, and China.

I know. I hear some of you saying, “Why would I want to pay good money for a DID when U.S. and Canadian calls plus the DIDs that Google Voice currently provides are all free?” Setting aside the ups and downs of Google Voice with Asterisk® over the years, it’s worth remembering that good things don’t last forever, and the word on the street is that Google’s generosity ship may be about to sail. In fact, it already has with worldwide iNum calls which Google originally handled for free. Now they’re 3¢ a minute even when calling across the street. Also keep in mind that, with VoIP, it costs you almost nothing to have a number of backup providers in place for that rainy day.

If you’ve used IPkall that provides free DIDs in the Seattle area with call routing to any SIP URI, then you will be generally familiar with the setup process for Anveo DIDs. There is no registration facility with Anveo Direct. Incoming calls to your DID are routed to SIP URIs of your choice. Outbound calls are sent to a SIP URI with a 6-character alphanumeric passcode of your choice. If this is all Greek to you, keep reading or stick with Vitelity. :wink:

Configuring a Destination SIP Trunk for Use with Anveo Direct

Before you can successfully configure a DID at Anveo Direct, you’ll first need to set up a SIP URI on your PIAF™ server. There are four initial steps: (1) enabling SIP URI access in your IPtables firewall, (2) mapping UDP 5060 to the IP address of your Asterisk server in your hardware-based firewall, (3) creating a SIP trunk for Anveo in FreePBX®, and (4) creating a custom context for incoming SIP URI calls from Anveo Direct.

Step #1: Just a couple of words of warning before we begin. You’ll need to open port 5060 on your hardware-based firewall and point it to your Asterisk server to use a SIP URI. Before you do that, make certain that you’ve installed Travelin’ Man 3 for PBX in a Flash which blocks inbound SIP connections except from trusted providers. Once Travelin’ Man 3 is installed, you’ll need to add Anveo Direct to your list of trusted providers for SIP connections (UDP 5060) with this command:

/root/add-ip anveo1 50.22.101.14
/root/add-ip anveo2 67.212.84.21
/root/add-ip anveo3 176.9.39.206
/root/add-ip anveo4 72.9.149.25
/root/add-ip anveo5 50.22.102.242

If you’re generally familiar with IPtables, you can add the following block of code directly:

-A INPUT -s 50.22.101.14/32 -p udp -m udp --dport 5060:5069 -j ACCEPT
-A INPUT -s 67.212.84.21/32 -p udp -m udp --dport 5060:5069 -j ACCEPT
-A INPUT -s 176.9.39.206/32 -p udp -m udp --dport 5060:5069 -j ACCEPT
-A INPUT -s 72.9.149.25/32 -p udp -m udp --dport 5060:5069 -j ACCEPT
-A INPUT -s 50.22.102.242/32 -p udp -m udp --dport 5060:5069 -j ACCEPT

Once you’ve completed this step, restart IPtables: service iptables restart. Then run: iptables -nL. Make certain that all of the above IP addresses are in the trusted providers list. Do NOT proceed until you’re sure your server is protected! It’s your phone bill.

Step #2: Now access your hardware-based firewall and map incoming UDP port 5060 traffic to the IP address of your PBX in a Flash server. The exact steps vary slightly depending upon the type of router you have. Look for a tab that deals with redirecting Internet traffic through your router to destination IP addresses.

Step #3: Using a web browser, open the FreePBX Administration GUI by pointing to the IP address of your server. In FreePBX 2.10 and 2.11, choose Connectivity -> Trunks -> Add SIP Trunk. Create an entry that looks like the following removing any other entries in the User Details section of the form. Then save your settings and update the dialplan. If you don’t have success with our settings, try the ones recommended by @w1ve.

Repeat this process by creating four additional SIP trunks named anveo-2, anveo-3, anveo-4, and anveo-5 using the other four IP addresses that Anveo uses to route SIP calls: 67.212.84.21, 176.9.39.206, 72.9.149.25, and 50.22.102.242.

Step #4: Log into your server as root with SSH, and edit /etc/asterisk/extensions_custom.conf. Add the following code to the bottom of the file and save your changes. Then restart Asterisk: amportal restart.

[from-anveo]
exten => _.,1,Ringing
exten => _.,n,Goto(from-trunk,${SIP_HEADER(X-anveo-e164)},1)

Just a word of explanation about why we’re using a custom trunk context for Anveo rather than using the standard from-trunk entry. Because of its environment, Anveo doesn’t pass the DID of the trunk in the traditional way.1 Instead, it passes the DID in a customized SIP header as shown above. If you used from-trunk as the destination for the incoming calls, then FreePBX would process the call using the Default Inbound Route which most sane people map to Hangup or Congestion. By using the custom context above, we can grab the actual DID and use it for FreePBX routing purposes. For Anveo purposes, the actual SIP URI we’ll be using is serverDID@serverIPaddress where the 1904… number in the example is your actual DID which we’ll obtain in the next section. If you have a fully-qualified domain name for your server, you can use that after the @ symbol instead of your server’s public IP address.

Configuring a DID in Anveo Direct

Now that we have almost everything in place on your server, we’re ready to begin today’s adventure with Anveo. For openers, you’ll need to register for an account at Anveo Direct. It’s a simple process. Just click on the Get Started icon on the website and follow your nose. Once you’ve registered and confirmed your email address, login to your account and you’ll find a 60¢ credit for experimentation. Since you can purchase a DID for 50¢ and because it’s prorated to the 15th of this month, you’ll have plenty of money to test out the service without spending a dime.

There are three steps to complete on the Anveo site: (1) purchase a DID, (2) create a SIP URI which will be used to route the calls from a specific DID to your server, and (3) configure the DID to route calls using the SIP URI created in the previous step.

Step #1: If you haven’t already done so, log into your Anveo Direct account. Then purchase a DID in your favorite town. From the Inbound Service pulldown, choose Order Anveo Direct DID. Just fill in the blanks after choosing your desired DID.

Step #2: Choose Inbound Service -> Configure Destination SIP Trunks -> Add a New SIP Trunk. Fill in the blanks as shown below using the DID you created in step #1. Be sure to use the complete DID number. Either an IP address or FQDN is fine after the @ symbol. Then click SAVE.

If you read the “hint” in the form, you will note that you can replace the actual DID number (1904… in our example) with $[E164]$ to make the SIP URI generic. Then you don’t have to create separate SIP URI entries for every DID you purchase. We’re pleased to report that it works as advertised, and we’re using it in our sample trunk so you can try it for yourself.

Step 3: From the Inbound Service pulldown, choose Configure Anveo DIDs. Click on the EDIT tab beside the DID you wish to configure. You’ll get a form that looks like the following:

Choose the Call Options tab and select the SIP URI that you configured in Step #2. Click SAVE.

Choose the Geo. Pop tab and select the POP server closest to you. Click SAVE.

Choose the Codecs tab and select the codecs you wish to enable. We recommend using only G.711u until you’re sure everything is working correctly. Click SAVE.

Completing the FreePBX Setup for Anveo Direct

We’re almost finished. The last step is to create an Inbound Route in FreePBX for the DID you just purchased from Anveo Direct. So jump back over to FreePBX in your browser. Choose Connectivity -> Inbound Routes -> Add Incoming Route. Fill out the form using the complete DID Number, e.g. 1904… Choose a Destination for Incoming Calls that works on your server. It could be an extension, a ring group, an IVR, or any other resource that’s available. In our example, we’ve chosen the Weather Underground application from Incredible PBX. Save your settings and update the dialplan.

Now you’re ready to place your first call, or you can call the number shown above to try out our demo system using Anveo. Ignore the + symbol when dialing calls. It’s not necessary.

Making Outbound Calls with Anveo Direct

If you also want to use Anveo to place outbound calls, all of the rates are per minute. The rate tables can be downloaded from here. Before you can place outbound calls, you’ll need to create a Call Termination Trunk under Outbound Service. In the form, you set up a 6-character code for access to the SIP URI and also specify the IP addresses from which calls can be placed. A sample is shown below. You obviously need to create a VERY secure access code. The code must begin with a zero and may contain any number as well as A-Z and a-z for each character. Once you’re finished, SAVE your settings. This is the area where Anveo’s Least Cost Routing methodology really shines. If you’re cheap (like us), use the settings shown. If you prefer higher quality trunks, change the Carriers to All Carriers. It gets more complicated if you want it to, but these settings will get you started with incredible rates.

The final step is to define a Custom Trunk (AnveoOut) and Outbound Route (AnveoSIP) in FreePBX to send outbound calls to Anveo. Typically, you would specify a dialing prefix (555 in the example) to force certain calls to use the Anveo Direct route. Here’s a sample Custom SIP Trunk to handle the calls. The custom dial string should look like this using your own 6-character code, of course: SIP/012345$OUTNUM$@sbc.anveo.com.

Once you’ve saved your settings, create an Outbound Route for the calls that looks something like what’s shown below. Be sure to add the CallerID number you wish to use for the outbound calls and make the 555 prefix match what you used when you created the Custom Trunk in the last step. When you Save your setup, be sure to move the Outbound Route up the priority list on the right so that these calls get evaluated before your other calling routes.

Receiving SMS Messages with Anveo Direct

To receive SMS messages from Anveo, there’s an SMS tab in the DID configuration menu for each of your DIDs. You must have a web server with PHP 4 or 5 to manage the incoming messages. It’s important to use a file name for the web link that is difficult for people to guess. Otherwise, anybody can bombard you with SMS messages if they happen to guess the web link. Here’s a sample to get you started. In the Anveo SMS tab for your DID, you’d insert something like the following and check the Forward to URL box:

http://myserver.org/smsmessenger.php?from=$[from]$&to=$[to]$&message=$[message]$

On your web server using whatever filename you chose for the smsmessenger.php file, insert the following code replacing the $deliverto contents with your actual email address:


<?php
$deliverto = "youremailname@gmail.com";
$from = $_REQUEST['from'];
$to = $_REQUEST['to'];
$message = $_REQUEST['message'];
$subject="SMS Message from $from to $to";
$comment="SMS Message\n\n FROM: $from\n\nTO: $to\n\nMSG: $message\n\n";
mail("$deliverto", "$subject", "$comment", "$from");
?>

Once this is in place, people can simply send an SMS message to your 11-digit DID, and it will be delivered to the email address you inserted for $deliverto. Incoming SMS messages are a penny apiece.

Sending SMS Messages with Anveo Direct

Sending SMS messages through Anveo Direct is similar to the key procedure used for placing outbound calls. Before you can send SMS messages, however, you’ll need to activate an API account which is free. This gets you an API key. Once you have a key, SMS messages are sent using API requests to https://www.anveo.com/api/v2.asp. Sample PHP scripts to handle the details are available on the Anveo Direct web site. The procedure works well, but the messaging rates are not cheap at 4.4¢ per message. In addition, there appears to be a glitch in the “sent from” feature of the API which results in outbound SMS messages always appearing to come from an international number in the United Kingdom. But, again, the functionality is there, if you need it. For the time being, the SMS messaging functionality built into Incredible PBX is free and much easier to use. See the SMS Dictator article on Nerd Vittles for details. Enjoy!

Originally published: Monday, May 6, 2013




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. As an added bonus for PIAF users, Vitelity is offering free porting of all domestic local and Toll Free DIDs through May 18. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity. 


Some Recent Nerd Vittles Articles of Interest…

Interconnecting Asterisk Servers with Incredible PBX and the $35 Raspberry Pi

We’ve spent the last couple months perfecting Incredible PBX™ as a full-featured VoIP platform for deployment on the $35 Raspberry Pi®. And, with the recent addition of 512MB RAM on the main system board, the Raspberry Pi not only is a great platform for home or SOHO use, but now it’s an ideal server for remote deployment in organizations with small satellite offices scattered around the countryside or for those with a loved one stationed in a faraway place. It’s especially important for those that want to take advantage of free interoffice communications or perhaps low-cost communications facilities that are only available through the main office headquarters. Our project for today is to show you how easy it is to interconnect these satellite offices, traveling salesmen, and troops stationed on the other side of the globe to provide system-wide, transparent Asterisk® communications at no cost. Using Raspberry Pi devices for the remote office or employee, you can set this up with FreePBX® in less than 5 minutes per site! Once configured, everyone in the organization can call everyone else by simply dialing their extension or a prefix with the local extension number. And finally we’ll show you how to securely share communications trunks at one site with your other locations.

There’s a little advance planning that needs to take place before you actually deploy today’s setup. First, you’ll need to adjust your hardware-based firewalls at each location to allow communications between the various sites. You’ll also need to authorize SIP access for each site in the Linux iptables firewalls. If some or all of the remote sites have dynamic IP addresses, then you’ll either need to deploy a PPTP VPN for your servers or use a service such as DynDNS.com to create fully-qualified domain names for each site. Dynamic IP addresses can be kept current at each site using a dynamic update app such as ddclient. And ipchecker can be run periodically to update IP address changes in iptables. Both apps are available for Incredible PBX on the Raspberry Pi. Finally, some thought needs to go into the extension numbering scheme at each site. The simplest way to is reserve extensions in the 1000 range for the home office, 2000-2999 for office #2, etc. If your organization already has an existing numbering system, then Plan B is to devise a dialing prefix that can be used to access extensions at various sites. For example, you might dial 1-2345 to reach extension 2345 in the main office or 2-2345 to reach extension 2345 in office 2 and so on. Either way works, and Asterisk with FreePBX supports both dialing schemes.

Hardware-Based Firewall Setup. For each site to which you wish to interconnect, you’ll need to add an entry to your hardware-based firewall using the FQDN or IP address of the site with the following ports mapped to your Asterisk server at that site: UDP 5060 and UDP 10000-20000.

IPtables Configuration and Dynamic IP Address Setup. If you have one or more sites whose servers have dynamic IP addresses, then you’ll need fully-qualified domain names for those sites that can be kept current using ddclient on the remote server and ipchecker on the main server. For background, start by reading the Nerd Vittles article on Travelin’ Man 3. You’ll need to deploy this on your main server. It’s already incorporated into the Incredible PBX builds for PBX in a Flash and the Raspberry Pi.

You’ll first need a DynDNS account. For $20 a year, you can set up 30 FQDNs and keep the IP addresses for these hostnames current 24-7. For $30 a year, you can manage 75 hostnames using your own domain and execute up to 600,000 queries a month. That’s more than ample for almost any small business but, if you need more horsepower, DynDNS.com can handle it.

Our Travelin’ Man 3 article will walk you through the steps in setting up iptables entries for your new FQDNs on your main server. On the Raspberry Pi devices, you’ll need to install ddclient: apt-get install ddclient. The installer will walk you through the setup process to keep your dynamic IP addresses synced with your FQDN. You’ll also need to add iptables entries for your main site and any other sites to which you wish to directly connect. In the /root folder, you’ll find scripts to add-fqdn or add-ip entries to iptables. The setup is covered in detail in the Travelin’ Man 3 article so we won’t repeat it here.

Interconnecting Servers with SIP Trunks. For our example today, we’re going to simplify things a bit and show how to interconnect a Main server and a Remote server where both servers are on the same private LAN. The only difference from real life is that you typically would use the public IP addresses of both servers when they are housed in different locations and accessible via the Internet. To avoid the hassle of wrestling with dynamic IP addresses and for added security and encrypted communications, you can interconnect your servers using a PPTP VPN. It’s included in Incredible PBX on all platforms. In configuring your SIP trunks, just substitute the PPTP IP addresses of each server in lieu of public IP addresses. Then you don’t have to worry about dynamic IP addressing issues. And, to add support for additional remote servers, just create separate SIP trunk pairs at the Main and Remote sites with a naming scheme like this: Main1 and Remote1 for adding the first remote site, Main2 and Remote2 for adding the second one, and so on.

Adding a Remote SIP Trunk on Your Main Server. Let’s begin by adding a SIP trunk to your Main Server to support the Remote Raspberry Pi device. We’ll refer to the Remote SIP trunk as remote for our example. Using FreePBX 2.10, choose Connectivity -> Trunks -> Add SIP Trunk. Make up a very secure password to interconnect your two servers. We’ll use it as the secret at both ends. Then fill out the template using the example below. In the Registration String, use the actual IP address or FQDN of your remote server:

Adding the Main SIP Trunk to Your Remote Server. On your Remote Server using FreePBX 2.10, choose Connectivity -> Trunks -> Add SIP Trunk. Use the same password as the secret you set up on the main server. Then fill out the template using the example below. In the Registration String, use the IP address or FQDN of your main server:

Adding an Outbound Route from Remote Server to Main Server. To allow calls from the Remote Server to your Main Server, we’ll create an Outbound Route on the Remote Server: main-out. In FreePBX 2.10, choose Connectivity -> Outbound Routes -> Add Route. For our example, let’s assume that we want Remote users to dial 9 as a prefix to connect back to extensions on the Main server. And let’s also assume that all extensions on the Main server are either three or four digits long. Just fill out the template using the example below and, for Trunk Sequence 0, choose main from the pull-down list. If you wanted to allow Remote users to place calls using the Outbound U.S./Canada trunks available on the Main server, just add an additional Dial Pattern with 9 as the prefix and NXXNXXXXXX as the Match.

Adding an Outbound Route from Main Server to Remote Server. To set up something similar on the Main Server to allow users to make calls to the Remote Server, you’d create an Outbound Route similar to the one above. Call it remote-out. Use whatever dial prefix you’d like and make the rest of the Dial Pattern match the length of the extension numbers at the Remote site. Then choose remote as Trunk Sequence 0 from the pull-down list.

Congratulations! You now have unlimited free calling between all of the extensions registered to your two servers, regardless of where those servers happen to be located. You can follow your nose to add as many additional servers as you like. So long as there is a reliable Internet connection, your total, non-recurring cost to add each additional site is a $35 Raspberry Pi and a few accessories. Got a family member stationed in Afghanistan? Send them a Raspberry Pi with Incredible PBX for Christmas. They not only can call you, but they can make calls to anyone else using your outbound trunks without incurring any toll charges for the communications link between Afghanistan and your server. Enjoy!

Security ALERT! For those running Incredible PBX on the Raspberry Pi, there have been some security patches released in the last few days. First, be sure you’re running Incredible PBX 3.5. Second, log into your server as root and issue the following command: /root/update-my-pi. Done.

Where To Go From Here: Getting Started with Incredible PBX for the Raspberry Pi and The ‘Fab 35′ Apps Tutorial

Originally published: Monday, November 5, 2012  



Need help with Asterisk? Visit the PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Ringbinder theme by Themocracy