Tag Archives: vm

Thanks to the terrific work of Darrell Dillman, today we have a new OpenVZ template for PBX in a Flash 2™ to introduce. It features the very latest 64-bit CentOS™ 6.2 with Asterisk® 1.8 and FreePBX® 2.9. Using the new OpenVZ template, you can create unlimited virtual machines in about one minute per server! And you can boot your new virtual machines in about the same time. This new PIAF2-OpenVZ template includes the usual PIAF2™ Feature Set including Google Voice for free calling in the U.S. and Canada. Once installed, you can add Incredible PBX 3™ and Incredible Fax 2™ in a few clicks.

One of the real beauties of hosting your own Proxmox server is the flexibility it gives you to create and load a wide variety of virtual machines that each appear to users to be dedicated servers. This could include a dozen Asterisk servers, or it might be a mix of a dedicated Apache server, a Windows Server, an Asterisk server or two, as well as Joomla, Drupal, Zimbra, and many others from this list. The other obvious advantage is cost. Individual Asterisk servers can be had for $300 or less to host a small branch office. But a Proxmox server such as Dell's current offering can host a dozen dedicated systems for about $50 per server.

If you haven't heard of OpenVZ templates before, you've missed one of the real technological breakthroughs of the last decade. Rather than wading through the usual 30-60 minute ISO installation drill, with an OpenVZ template, all of the work is done for you. And it's quick. You can build a dozen PIAF2-Purple systems using an OpenVZ template in the time it takes to bake a pan of slice-and-bake cookies. And it's incredibly easy to then tie all of these systems together using either SIP or IAX trunks. Just follow our previous tutorial. For developers that want to try various Asterisk configurations before implementation and for trainers and others that want to host dedicated Asterisk systems for students, the OpenVZ platform is a perfect fit.

We'll start with the bad news before we get to the really exciting new Asterisk platform we're introducing today. All of the current Proxmox server software that supports OpenVZ virtual machines has a serious security flaw. For that reason, you would only want to run Proxmox behind a hardware-based firewall with no Internet port exposure. If you fail to heed this warning, you run the very real risk of having not only your Promox server compromised but also all of the virtual machines running on it. The good news is that this security flaw does not appear to affect the PBX in a Flash virtual machines which we are introducing today. Since no direct Internet access is required to have a perfectly functioning PIAF2 server, we still strongly recommend never exposing any server to direct Internet access. MORAL: No Internet port exposure for any of your servers means you can sleep like a baby. We recommend Proxmox 1.8 which is a free download from the Proxmox VE web site. To get optimum use from Proxmox, you'll also want a processor in your server that supports Kernel-based Virtual Machines (KVMs). This full virtualization solution requires an x86 processor containing virtualization extensions (Intel VT¹ or AMD-V CPU² is needed). HINT: Most of Dell's servers are not a problem. Regardless of the server you choose, make certain that you check the CPU specs before you buy. Also be aware that, in addition to Proxmox, there are many other OpenVZ platforms from which to choose.

Installing Proxmox. If you go the Dell route, you'll need an external USB CD or DVD drive to install Proxmox. Dell's optical drives aren't supported in the Proxmox boot image. So begin by downloading the Proxmox VE 1.8 ISO image and create your CD. Then boot your new server from the CD (by pressing F11 for the boot selection screen and choosing your USB external drive on Dell servers). Press Return to begin the install, agree to the license agreement, and click Next on the installer screen to begin. Choose your country, time zone, and keyboard layout. Next choose a secure password and provide a valid email address which is used to send you critical alerts from your Proxmox server. Finally, choose a hostname, specify a fixed IP address, netmask, gateway, and DNS servers and then press Next. Three minutes later, you'll have a new Proxmox server. Log in to your server as root and create a directory for your backups: mkdir /backup.

Enabling IPtables Firewall. IPtables works a little differently in the OpenVZ environment. It actually runs on the Proxmox host. There are just two steps to get it working. First, shut down every running VM on your Proxmox server using the web interface. When you're sure they're all stopped and while logged into your Proxmox server as root carefully enter the following two commands. Note that, because of the length, the sed command stretches to several lines which should be unraveled into a single line for the command to execute properly! Using a block-copy from a desktop machine to your SSH session is the safest method.

Don't forget to set the system time on your server: dpkg-reconfigure tzdata

You're finished with the CLI at this point. Now you'll be able to configure IPtables within each of your OpenVZ virtual machines as explained below.

OpenVZ vs. ISO Images. One of the beauties of Proxmox is that it supports two different types of images to create virtual machines. An OpenVZ template is akin to a snapshot of an existing system while an ISO image is identical to the installer you normally would burn onto a CD in order to install a software application on your server. In short, you still have to go through the installation scenario when you create a virtual machine (KVM) from an ISO image. A virtual machine created from an OpenVZ image is ready for use the moment it is created. If you remember when instant-on televisions first were introduced, you'll also appreciate the difference in boot times between OpenVZ and KVM machines which boot an application installed from an ISO in much the same manner as you would experience on a standalone machine.

As with life, there's a dark cloud lurking behind every silver lining, and this is especially true in the Asterisk environment. OpenVZ containers rely upon a shared kernel, the one that actually boots the Proxmox server. KVM containers created from ISO images are self-contained with their own complete operating system and kernel. Thus, zaptel or dahdi cannot be loaded directly from an OpenVZ container. Instead one must rely upon a shared version of zaptel or dahdi loaded on the Proxmox server itself. As it turns out, this is no small feat and certainly not a task for mere mortals. Bottom Line: If you need conferencing or otherwise need a timing source for your Asterisk deployment, you will not want to use the OpenVZ approach at least for now. If you want to try it later, here is the message thread on the PBX in a Flash Forum. On the other hand, if you have more traditional VoIP requirements for your PBX, then the ease of installation and use of the OpenVZ image makes perfect sense. So let's start there assuming you understand the limitations.

Installing PIAF-OpenVZ Template. Using a web browser, download the new PIAF2-OpenVZ image to your Desktop. Once you have the OpenVZ image in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF2-OpenVZ image on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. You can also do this directly within the Proxmox server by logging in as root and issuing these commands to install the latest PIAF2-OpenVZ template:

Creating OpenVZ Virtual Machines. Once installed, you can build Asterisk 1.8.8.0 virtual machines to your heart's content... in about a minute apiece. Just choose Virtual Machine, Create to create a new virtual machine using the OpenVZ template you just uploaded. In the Configuration section, choose OpenVZ for the Type and pick your new OpenVZ template from the pulldown list. Fill in a Host Name, Disk Space maximum (in GB), Memory Allocation (1024 recommended), and a very secure (root) Password. The other defaults should be fine. In the Network section of the form, change to the Bridged Ethernet (veth) option which means the VM will obtain its IP address from your DHCP server. Make sure your DNS settings are correct for your LAN or use Google's DNS servers: 8.8.8.8 and 8.8.4.4. Here's how a typical OpenVZ creation form will look. Just click on the image to enlarge.

Once the image is created, start up the virtual machine, wait at least 60 seconds for the system to load, and then click on Open VNC Console. Asterisk will be loaded and running. Verify this on the status display. You can safely ignore the status messages pertaining to IPtables assuming iptables -nL shows that IPtables is functioning properly. You now have a PIAF-Purple base platform running Asterisk 1.8.8.0 and FreePBX 2.9. REMINDER: Be sure you always run both Proxmox AND your virtual machines behind a hardware-based firewall with no port exposure to the Internet!

Before you do anything else, log into your virtual machine using SSH and run passwd-master to secure the passwords for FreePBX GUI access to your system. Also be sure to set the correct time zone³ on your virtual machine:⁴

Once you have secured your passwords, you're ready to set up Asterisk to make and receive calls. For the complete 5-minute tutorial, see this Nerd Vittles article. REMINDER: Once you have set up a Google Voice account, created an extension with a secure password, and created an inbound route for your incoming calls, don't forget to reload Asterisk from the CLI or Google Voice calling will fail: amportal restart.

Installing Incredible PBX and Incredible Fax. An alternative before configuring your system is to first install Incredible PBX and Incredible Fax. We recommend it. This gives you a turnkey, full-featured PBX with almost every Asterisk feature available on the planet. While logged into your server as root, issue this command to install Incredible PBX: install-incredpbx3. When the install completes, issue the following command to install Incredible Fax: install-incredfax2. Restart your virtual machine to complete the install.

Asterisk CLI Change. Finally, just a heads up that (once again) the Asterisk Dev Team appears to have changed the default behavior of the Asterisk CLI. With Asterisk 1.8, if you make outbound calls after loading the CLI, you will notice that call progress no longer appears in the CLI. To restore the standard behavior (since Moses), issue the following command: core set verbose 3. 🙄

Securing IPtables with a WhiteList. If you're running your virtual machines behind a hardware-based firewall with no Internet port exposure AND all of those on your private LAN are trusted, you can quit here. Otherwise, you need to lock down the IPtables firewall on your virtual machines to only permit access from trusted IP addresses. As delivered with Incredible PBX, all private IP addresses are authorized and a number of dangerous Internet services also are accessible. Here's how to fix it. Log into each VM and edit /etc/sysconfig/iptables: nano -w iptables. Change the section of entries that look like the following by inserting a # at the beginning of each entry. Once you've added the # characters, your entries should look like this:

#-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT
#-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
#-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT
#-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT

Now scroll down a bit in the file and find the entries that look like the following. NOTE: If you didn't install Incredible PBX, you'll need to manually add these entries:

-A INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT
-A INPUT -s 172.16.0.0/255.240.0.0 -j ACCEPT
-A INPUT -s 10.0.0.0/255.0.0.0 -j ACCEPT
-A INPUT -s 127.0.0.0/255.0.0.0 -j ACCEPT

Immediately below these private network entries, add additional entries using the actual IP addresses that are needed to administer your virtual machine. Also include the IP addresses of any remote telephones that are not covered by the private LAN entries above. Each entry should look like the following using the actual IP addresses needed:

-A INPUT -s 111.222.111.222 -j ACCEPT

IMPORTANT: Save your changes after making sure you've included an entry for the IP address from which you currently are accessing your server. Otherwise, you will lock yourself out of your server. Then restart IPtables: service iptables restart. Verify that the entries are the way you expect: iptables -nL. Now, with a browser, attempt to access the IP address of your virtual machine from an untrusted IP address, e.g. your cellphone. Then repeat from a trusted IP address. If all is well, you're done.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. There are similar settings in gtalk.conf that can be activated although we've never had to use them. In fact, we've never had to use any of these settings. After making these changes, save the file(s) and restart Asterisk: amportal restart.

Quirks, Gotchas, and Updates. The only quirk you will notice in the current virtual machines is that IP6tables may not be running. We're working on it. For the latest breaking news and updates about PIAF2-OpenVZ, visit this thread on the PIAF Forum. Don't forget your Valentine tomorrow. Enjoy!

Originally published: Monday, February 13, 2012

Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.

whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 

Some Recent Nerd Vittles Articles of Interest...

1. Be very careful choosing Intel processors. Even some high-end processors do not support Intel Virtualization Technology. Here's the official list. [↩]
2. And here is a useful reference for AMD-compatible processors. The AMD WIKI provides the following list of AMD-V compatible processors: "AMD's x86 virtualization extension to the 64-bit x86 architecture is named AMD Virtualization, also known by the abbreviation AMD-V, and is sometimes referred to by the code name 'Pacifica'. AMD processors using Socket AM2, Socket S1, and Socket F include AMD Virtualization support. AMD Virtualization is also supported by release two (8200, 2200 and 1200 series) of the Opteron processors. The third generation (8300 and 2300 series of Opteron processors) will see an update in virtualization technology..." [↩]
3. Look in /usr/share/zoneinfo for correct time zone name for your closest city. [↩]
4. Getting the correct time in your VMs can be problematic with Proxmox. If you continually see the wrong time when you issue the date command after starting up your VMs, try this. Log into the Proxmox host and issue the following commands using the correct container number and your local time zone city for your virtual machine:
   

   vzctl stop 108
   vzctl set 108 --capability sys_time:on --save
   vzctl start 108
   vzctl enter 108
   mv /etc/localtime /etc/localtime.old
   ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
   exit

   [↩]

We are pleased to announce the release of new 32-bit and 64-bit versions of PBX in a Flash. The new PIAF-17571 ISOs are available now for free download from SourceForge. In addition to an updated release of our new 64-bit CentOS 5.7 OpenVZ virtual machine template available on SourceForge, we now have a 32-bit Thumb Drive installer up on SourceForge as well.

So PBX in a Flash continues to bring you the best of all worlds: a hardware-based bare metal install using either our 32-bit or 64-bit ISOs to build a bootable CD-ROM installer, a 32-bit thumb drive installer for use with any 1GB USB flash drive to create PIAF systems on machines that lack an optical drive, or a 1-minute install of a virtual machine using our new 64-bit OpenVZ template. Nobody else provides this flexibility much less support for CentOS 5.7 as well as every current and experimental flavor of Asterisk. So why wait? The price is definitely right!

Today's step-by-step guide will walk you through installing PIAF-Purple with Asterisk 1.8.6.0 on a dedicated machine with a CD/DVD drive using the new CentOS 5.7 ISOs. Instructions for installation of the OpenVZ template on a virtual machine are provided in this updated Nerd Vittles article. Instructions for use of the flash drive installer are available in this updated Nerd Vittles article. As always, we recommend installation of any new PIAF server or virtual host behind a secure, hardware-based firewall (such as dLink's Gaming Router) with NO INTERNET PORT EXPOSURE to your PIAF box!

Atom-based PC Platform. For the least expensive hardware alternative, pick up an Atom-based PC, preferably not an EEE PC because of the network driver incompatibility with CentOS. The refurbished Revos work fine. Someone has actually tested them! They can easily support a business with dozens of phones.

PIAF ISO Setup. Once you have your hardware connected to a reliable Internet source, you'll need to choose the appropriate ISO for your hardware. If you have a CD-ROM or DVD drive on your server, we'd recommend the 32-bit PIAF 1.7.5.7.1 ISO. Just download it from SourceForge or one of the PIAF mirror sites, burn it to a CD, and then boot your server from the CD. If your server lacks a CD-ROM and DVD drive, then download the brand new 32-bit PIAF 1.7.5.7.1 Flash-Only ISO from SourceForge and copy it to a 1GB or larger thumb drive following the instructions in this Nerd Vittles tutorial. Then boot your server from the thumb drive.

PIAF Installation. Once you've booted the PIAF installer, you'll be prompted to choose an installation method. For most users, simply pressing the Enter key will get things started. Choose a keyboard and time zone when prompted and then enter a very secure root password for your new server. The installer then will load CentOS 5.7 onto your server. When complete, your server will reboot. Remove the CD or Flash Drive at this point, and you'll be prompted to choose the version of Asterisk to install. If you don't get the CD out in time, the install process will start from scratch. At the first prompt, just reboot after removing the CD and everything will be fine. We recommend PIAF-Purple. It loads Asterisk 1.8.6.0, the only current version of Asterisk with long-term support.

During the final phase of the install, you will be prompted to choose a master password for FreePBX® and the other VoIP web utilities. Once your server reboots, log into the Linux CLI using your root password and write down the IP address of your server from the status display.

FreePBX Setup. Most of your life with PBX in a Flash will be spent using the FreePBX web GUI (click on image below to enlarge) and your favorite browser. To access the FreePBX GUI, point your browser at the IP address you wrote down. Read the RSS Feed in the PIAF GUI for late-breaking security alerts. Any alerts older than September, 2011 already are included in current PIAF builds. Now click on the Users button which will toggle to the Admin menu. Click the FreePBX icon. When prompted for your username and password, the username is maint. The password will be the FreePBX master password you chose during the PIAF install.

Got That Pioneer Spirit? If you like living on the wild side, it's a simple process to upgrade the default FreePBX 2.8 install to FreePBX 2.9. Here's a 5-minute video that will walk you through the process. If you should get stumped, don't worry! Just visit this thread on the PIAF Forum.
With either FreePBX 2.8 or 2.9, getting a minimal system operational is a 5-minute drill. You'll need to set up at least one extension with voicemail, configure a free Google Voice account for free calls in the U.S. and Canada, configure inbound and outbound routes to manage incoming and outgoing calls, and plug your maint password into CallerID Superfecta so that names arrive with your incoming calls. Now add a phone with your extension credentials and you're done.

Extension Setup. Let's start by setting up an extension. A good rule of thumb for systems with less than 50 extensions is to reserve the IP addresses from 192.x.x.201 to 192.x.x.250 for your phones. Then you can create extension numbers in FreePBX to match those IP addresses. This makes it easy to identify which phone on your system goes with which IP address and makes it easy for end-users to access the phone's GUI to add bells and whistles. To create extension 201 (don't start with 200), click Setup, Extensions, Generic SIP Device, Submit. Then fill in the following blanks USING VERY SECURE PASSWORDS and leaving the defaults in the other fields for the time being.

Write down the passwords. You'll need them to configure your SIP phone.

Extension Security. We cannot overstress the need to make your extension passwords secure. All the firewalls in the world won't protect you from malicious phone calls on your nickel if you use your extension number or something like 1234 for your extension password if your SIP or IAX ports happen to be exposed to the Internet. Incredible PBX automatically randomizes all of the extension passwords for you. PBX in a Flash does not!

In addition to making up secure passwords, the latest versions of FreePBX also let you define the IP address or subnet that can access each of your extensions. Use it!!! Once the extensions are created, edit each one and modify the permit field to specify the actual IP address or subnet of each phone on your system. A specific IP address entry should look like this: 192.168.1.142/255.255.255.255. If most of your phones are on a private LAN, you may prefer to use a subnet entry in the permit field like this: 192.168.1.0/255.255.255.0 using your actual subnet.

Adding a Google Voice Trunk. There are lots of trunk providers, and one of the real beauties of having your own PBX is that you don't have to put all of your eggs in the same basket... unlike the AT&T days. We would encourage you to take advantage of this flexibility. With most providers, you don't pay anything except when you actually use their service so you have nothing to lose.

For today, we're going to take advantage of Google's current offer of free calling in the U.S. and Canada through the end of this year. You also get a free phone number in your choice of area codes. PBX in a Flash now installs a Google Voice module for FreePBX that lets you set up your Google Voice account with PBX in a Flash in just a few seconds once you have your credentials.

Signing Up for Google Voice. You'll need a dedicated Google Voice account to support PBX in a Flash. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We've tested this extensively using an existing Gmail account rather than creating a separate account. Take our word for it. Inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So... set up a dedicated Gmail and Google Voice account, and use it exclusively with PBX in a Flash. Google Voice no longer is by invitation only. If you're in the U.S. or have a friend that is, head over to the Google Voice site and register. If you're living on another continent, see MisterQ's posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work... in either direction. You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don't skip this step either. Just enter the provided confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you'd like in Settings, Voice Setting, Phones. But...

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That's the destination we need for PBX in a Flash to function with Google Voice! Otherwise, inbound and/or outbound calls will fail. If you don't see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings and enable it. Be sure to try one call each way from Google Chat in Gmail. Then disable Google Chat in GMail for this account. Otherwise, it won't work with PIAF.

While you're still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Configuring Google Voice Trunk in FreePBX. All trunk configurations now are managed within FreePBX, including Google Voice. This makes it easy to customize PBX in a Flash to meet your specific needs. Click the Setup tab and choose Google Voice in the Third Party Addons. To Add a new Google Voice account, just fill out the form:

Phone number is your 10-digit Google Voice number. Username is your Google Voice account name without @gmail.com. NOTE: You must use a Gmail.com address in the current version of this module! Password is your Google Voice password. NOTE: Don't use 2-stage password protection in this Google Voice account! Be sure to check all three boxes: Add trunk, Add routes, and Agree to TOS. Then click Submit Changes and reload FreePBX. Down the road, you can add additional Google Voice numbers by clicking Add GoogleVoice Account option in the right margin and repeating the drill. For Google Apps support, see this post on the PIAF Forum.

Outbound Routes. The idea behind multiple outbound routes is to save money. Some providers are cheaper to some places than others. It also provides redundancy which costs you nothing if you don't use the backup providers. The Google Voice module actually configures an Outbound Route for 10-digit Google Voice calling as part of the automatic setup. If this meets your requirements, then you can skip this step for today.

Inbound Routes. An Inbound Route tells PBX in a Flash how to route incoming calls. The idea here is that you can have multiple DIDs (phone numbers) that get routed to different extensions or ring groups or departments. For today, we'll build a simple route that directs your Google Voice calls to extension 201. Choose Inbound Routes, leave all of the settings at their default values except enter your 10-digit Google Voice number in the DID Number field. Enable CallerID lookups by choosing CallerID Superfecta in the CID Lookup Source pulldown. Then move to the Set Destination section and choose Extensions in the left pull-down and 201 in the extension pull-down. Now click Submit and save your changes. That will assure that incoming Google Voice calls are routed to extension 201.

IMPORTANT: Before Google Voice calling will actually work, you must restart Asterisk from the Linux command line interface. Log into your server as root and issue this command: amportal restart.

CallerID Superfecta Setup. CallerID Superfecta needs to know your maint password in order to access the necessary modules to retrieve CallerID information for inbound calls. Just click Setup, CID Superfecta, and click on Default in the Scheme listings in the right column. Scroll down to the General Options section and insert your maint password in the Password field. You may also want to enable some of the other providers and adjust the order of the lookups to meet your local needs. Click Agree and Save once you have the settings adjusted. One terrific feature of CID Superfecta is the ability to test a phone number and see what results are returned by different services. It also tells you how long the various lookups are taking. Use this tool to narrow down the number of services you need and minimize the delay in answering inbound calls.

General Settings. Last, but not least, we need to enter an email address for you so that you are notified when new FreePBX updates are released. Scroll to the bottom of the General Settings screen after selecting it from the left panel. Plug in your email address, click Submit, and save your changes. Done!

Adding Plain Old Phones. Before your new PBX will be of much use, you're going to need something to make and receive calls, i.e. a telephone. For today, you've got several choices: a POTS phone, a softphone, or a SIP phone. Option #1 and the best home solution is to use a Plain Old Telephone or your favorite cordless phone set (with 8-10 extensions) if you purchase a little device known as a Sipura SPA-3102. It's under $70. Be sure you specify that you want an unlocked device, meaning it doesn't force you to use a particular service provider. This device also supports connection of your PBX to a standard office or home phone line as well as a telephone.

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you'll want a real SIP telephone such as the $50 Nortel color videophone we've recommended previously. You'll also find lots of additional recommendations on Nerd Vittles and in the PBX in a Flash Forum. If you're like us, we want to make damn sure this stuff works before you shell out any money. So, for today, let's download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using 201 for your extension and your actual password for extension 201. Then plug in the actual IP address of your PBX in a Flash server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

Enabling Google Voicemail. Some have requested a way to retain Google's voicemail system for unanswered calls in lieu of using Asterisk voicemail. The advantage is that Google offers a free transcription service for voicemail messages. To activate this, you'll need to edit the [googlein] context in extensions_custom.conf in /etc/asterisk. Just modify the last four lines in the context so that they look like this and then restart Asterisk: amportal restart

But I Don't Want to Use Google Voice. If you'd prefer not to use Google Voice at all with PBX in a Flash, that's okay, too. Here's how to disable it and avoid the chatter in the Asterisk CLI. Log into your server as root and edit /etc/asterisk/modules.conf. Change the first three lines in the [modules] context so that they look like this. Then restart Asterisk: amportal restart.

autoload=yes
noload => res_jabber.so
noload => chan_gtalk.so

Where To Go From Here. We've barely scratched the surface of what you can do with your new PBX in a Flash system. If you're new to all of this, then your next step probably should be the latest Incredible PBX 2.0 tutorial. It's a 5-minute addition that installs nearly 50 Asterisk applications that will keep you entertained for the rest of the year. If you'd prefer to do it yourself, that's okay, too. We'd also recommend you set up an alternate VoIP provider. You can't beat Vitelity, and they also happen to provide financial support to both Nerd Vittles and the PBX in a Flash projects. See the special pricing in the section below. Enjoy!

Originally published: Tuesday, September 27, 2011

Great News! Google Plus is available to everyone. Sign up here and circle us. Click these links to view the Asterisk feed or PBX in a Flash feed on Google+.

Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.

whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 

Some Recent Nerd Vittles Articles of Interest...

One of the real beauties of hosting your own Proxmox server is the flexibility it gives you to create and load a wide variety of virtual machines that each appear to users to be dedicated servers. This could include a dozen Asterisk servers, or it might be a mix of a dedicated Apache server, a Windows Server, an Asterisk server or two, as well as Joomla, Drupal, Zimbra, and many others from this list. The other obvious advantage is cost. Individual Asterisk servers can be had for $300 or less to host a small branch office. But a Proxmox server such as Dell's current offerings can host a dozen dedicated systems for about $50 per server.

Today we have two really terrific OpenVZ templates for PBX in a Flash to introduce. One features CentOS 5.5, and the other includes the just released CentOS 5.7. The choice is yours! Both allow you to create unlimited PIAF virtual machines in exactly 1 minute per server! And you can boot your new virtual machines in less than 90 seconds apiece. These new PIAF-OpenVZ templates include the usual PBX in a Flash Feature Set with some extra bells and whistles: Asterisk 1.8.6.0, FreePBX 2.8, Google Voice for free calling in the U.S. and Canada, Tom King's latest Apache, PHP, PHPMyAdmin security updates, Andrew Nagy's EndPoint Manager and CallerID Superfecta, as well as AsteriDex, Telephone Reminders, and Hotel WakeUp Call modules for FreePBX.

If you haven't heard of OpenVZ templates before, you've missed one of the real technological breakthroughs of the last decade. Rather than wading through the usual 30-60 minute ISO installation drill, with an OpenVZ template, all of the work is done for you. And it's quick. You can build a dozen PIAF-Purple systems using an OpenVZ template in the time it takes to bake a pan of slice-and-bake cookies. And it's incredibly easy to then tie all of these systems together using either SIP or IAX trunks. Just follow our previous tutorial. For resellers and developers that want to try various Asterisk configurations before implementation and for trainers and others that want to host dedicated Asterisk systems for customers, the OpenVZ platform is a perfect fit.

We'll start with the bad news before we get to the really exciting new Asterisk platform we're introducing today. All of the current Proxmox server software that supports OpenVZ virtual machines has a serious security flaw. For that reason, you would only want to run Proxmox behind a hardware-based firewall with no Internet port exposure. If you fail to heed this warning, you run the very real risk of having not only your Promox server compromised but also all of the virtual machines running on it. The good news is that this security flaw does not appear to affect the PBX in a Flash virtual machines which we are introducing today. Since no direct Internet access is required to have a perfectly functioning PIAF server, we still strongly recommend never exposing any server to direct Internet access. MORAL: No Internet port exposure for any of your servers means you can sleep like a baby. We recommend Proxmox 1.8 which is a free download from the Proxmox VE web site. To get optimum use from a Proxmox, you'll also want a processor in your server that supports Kernel-based Virtual Machines (KVMs). This full virtualization solution requires an x86 processor containing virtualization extensions (Intel VT¹ or AMD-V CPU² is needed). HINT: Most of Dell's servers are not a problem. Regardless of the server you choose, make certain that you check the CPU specs before you buy. Also be aware that, in addition to Proxmox, there are many other OpenVZ platforms from which to choose.

Installing Proxmox. If you go the Dell route, you'll need an external USB CD or DVD drive to install Proxmox. Dell's optical drives aren't supported in the Proxmox boot image. So begin by downloading the Proxmox VE 1.8 ISO image and create your CD. Then boot your new server from the CD (by pressing F11 for the boot selection screen and choosing your USB external drive on Dell servers). Press Return to begin the install, agree to the license agreement, and click Next on the installer screen to begin. Choose your country, time zone, and keyboard layout. Next choose a secure password and provide a valid email address which is used to send you critical alerts from your Proxmox server. Finally, choose a hostname, specify a fixed IP address, netmask, gateway, and DNS servers and then press Next. Three minutes later, you'll have a new Proxmox server. Log in to your server as root and create a directory for your backups: mkdir /backup.

Enabling IPtables Firewall. IPtables works a little differently in the OpenVZ environment. It actually runs on the Proxmox host. There are just two steps to get it working. First, shut down every running VM on your Proxmox server using the web interface. When you're sure they're all stopped and while logged into your Proxmox server as root carefully enter the following two commands. Note that, because of the length, the sed command stretches to several lines which should be unraveled into a single line for the command to execute properly! Using a block-copy from a desktop machine to your SSH session is the safest method.

Don't forget to set the system time on your server: dpkg-reconfigure tzdata

You're finished on the CLI at this point. Now you'll be able to configure IPtables within each of your OpenVZ virtual machines as explained below.

OpenVZ vs. ISO Images. One of the beauties of Proxmox is that it supports two different types of images to create virtual machines. An OpenVZ template is akin to a snapshot of an existing system while an ISO image is identical to the installer you normally would burn onto a CD in order to install a software application on your server. In short, you still have to go through the installation scenario when you create a virtual machine (KVM) from an ISO image. A virtual machine created from an OpenVZ image is ready for use the moment it is created. If you remember when instant-on televisions first were introduced, you'll also appreciate the difference in boot times between OpenVZ and KVM machines which boot an application installed from an ISO in much the same manner as you would experience on a standalone machine.

As with life, there's a dark cloud lurking behind every silver lining, and this is especially true in the Asterisk environment. OpenVZ containers rely upon a shared kernel, the one that actually boots the Proxmox server. KVM containers created from ISO images are self-contained with their own complete operating system and kernel. Thus, zaptel or dahdi cannot be loaded directly from an OpenVZ container. Instead one must rely upon a shared version of zaptel or dahdi loaded on the Proxmox server itself. As it turns out, this is no small feat and certainly not a task for mere mortals. Bottom Line: If you need conferencing or otherwise need a timing source for your Asterisk deployment, you will not want to use the OpenVZ approach at least for now. If you want to try it later, here is the message thread on the PBX in a Flash Forum. On the other hand, if you have more traditional VoIP requirements for your PBX, then the ease of installation and use of the OpenVZ image makes perfect sense. So let's start there assuming you understand the limitations.

Installing PIAF-OpenVZ Template. Using a web browser, download one of the new PIAF-OpenVZ images to your Desktop. Once you have the OpenVZ image in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF-OpenVZ image on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. You can also do this directly within the Proxmox server by logging in as root and issuing the following commands to install the latest CentOS 5.7 PIAF-OpenVZ template:

cd /var/lib/vz/template/cache/
wget http://nerd.bz/p8UjwY

To install the CentOS 5.5 PIAF-OpenVZ template, here are the commands:

cd /var/lib/vz/template/cache/
wget http://nerd.bz/p45qzi

Creating OpenVZ Virtual Machines. Once installed, you can build Asterisk 1.8.6.0 virtual machines to your heart's content... in about a minute apiece. Just choose Virtual Machine, Create to create a new virtual machine using the OpenVZ template you just uploaded. In the Configuration section, choose OpenVZ for the Type and pick your new OpenVZ template from the pulldown list. Fill in a Host Name, Disk Space maximum (in GB), and a very secure (root) Password. The other defaults should be fine. In the Network section of the form, change to the Bridged Ethernet (veth) option which means the VM will obtain its IP address from your DHCP server. Make sure your DNS settings are correct for your LAN. Here's how a typical OpenVZ creation form will look. Just click on the image to enlarge.

Once the image is created, start up the virtual machine, wait about 90 seconds for the system to load, and then click on Open VNC Console. Asterisk will be loaded and running. You can verify this on the status display. You can safely ignore the status messages pertaining to IPtables assuming iptables -nL shows that IPtables is functioning properly. You now have a PIAF-Purple base platform running Asterisk 1.8.6.0 and FreePBX 2.8.1. REMINDER: Be sure you always run both Proxmox AND your virtual machines behind a hardware-based firewall with no port exposure to the Internet!

The FreePBX login credentials are username: maint and password: password11. This is anything but secure. Before you do anything else, log into your virtual machine using SSH and run passwd-master to secure the passwords for FreePBX GUI access to your system. Also be sure to set the correct time zone on your virtual machine: system-config-date.³ Don't forget!

Once you have secured your passwords, you're ready to set up Asterisk to make and receive calls. For the complete 5-minute tutorial, see this Nerd Vittles article. The steps are identical with Asterisk 1.8.6.0 and Asterisk 10. REMINDER: Once you have set up a Google Voice account, created an extension with a secure password, and created an inbound route for your incoming calls, don't forget to reload Asterisk from the CLI or Google Voice calling will fail: amportal restart.

Asterisk CLI Change. Finally, just a heads up that (once again) the Asterisk Dev Team appears to have changed the default behavior of the Asterisk CLI. With Asterisk 1.8, if you make outbound calls after loading the CLI, you will notice that call progress no longer appears in the CLI. To restore the standard behavior (since Moses), issue the following command: core set verbose 3. 🙄

Securing IPtables with a WhiteList. If you're running your virtual machines behind a hardware-based firewall with no Internet port exposure AND all of those on your private LAN are trusted, you can quit here. Otherwise, you need to lock down the IPtables firewall on your virtual machines to only permit access from trusted IP addresses. As delivered, all private IP addresses are authorized and a number of dangerous Internet services also are accessible. Here's how to fix it. Log into each VM and edit /etc/sysconfig/iptables: nano -w iptables. Change the section of entries that look like the following by inserting a # at the beginning of each entry. Once you've added the # characters, your entries should look like this:

#-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT
#-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
#-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT
#-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT

Now scroll down a bit in the file and find the entries that look like the following:

-A INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT
-A INPUT -s 172.16.0.0/255.240.0.0 -j ACCEPT
-A INPUT -s 10.0.0.0/255.0.0.0 -j ACCEPT
-A INPUT -s 127.0.0.0/255.0.0.0 -j ACCEPT

Immediately below these private network entries, enter the actual IP addresses that are needed to administer your virtual machine. Also include the IP addresses of any remote telephones that are not covered by the private LAN entries above. Each entry should look like the following using the actual IP addresses needed:

-A INPUT -s 111.222.111.222 -j ACCEPT

IMPORTANT: Make sure you've included an entry for the IP address from which you currently are accessing your server, or you will lock yourself out of your server. Then restart IPtables: service iptables restart. Verify that the entries are the way you expect: iptables -nL. Now, with a browser, attempt to access the IP address of your virtual machine from an untrusted IP address, e.g. your cellphone. Then repeat from a trusted IP address. If all is well, you're done.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. There are similar settings in gtalk.conf that can be activated although we've never had to use them. In fact, we've never had to use any of these settings. After making these changes, save the file(s) and restart Asterisk: amportal restart.

Quirks, Gotchas, and Updates. The only quirk you will notice in the current virtual machines is that the status display incorrectly shows IPtables is not running. This is because it actually is hosted on the Proxmox host. For the latest breaking news and updates about PIAF-OpenVZ, visit this thread on the PIAF Forum. Enjoy!

Originally published: Tuesday, September 20, 2011

Breaking News. Google Plus is now available to everyone. Sign up here and join us. And wait 'til you read the Google Hangouts News. Now it's easy to view the Asterisk feed or PBX in a Flash feed on Google+.

Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.

whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.

Special Thanks to Our Generous Sponsors

FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 

Some Recent Nerd Vittles Articles of Interest...

1. Be very careful choosing Intel processors. Even some high-end processors do not support Intel Virtualization Technology. Here's the official list. [↩]
2. And here is a useful reference for AMD-compatible processors. The AMD WIKI provides the following list of AMD-V compatible processors: "AMD's x86 virtualization extension to the 64-bit x86 architecture is named AMD Virtualization, also known by the abbreviation AMD-V, and is sometimes referred to by the code name 'Pacifica'. AMD processors using Socket AM2, Socket S1, and Socket F include AMD Virtualization support. AMD Virtualization is also supported by release two (8200, 2200 and 1200 series) of the Opteron processors. The third generation (8300 and 2300 series of Opteron processors) will see an update in virtualization technology..." [↩]
3. Getting the correct time in your VMs can be problematic with Proxmox. If you continually see the wrong time when you issue the date command after starting up your VMs, try this. Log into the Proxmox host and issue the following commands using the correct container number and your local time zone city for your virtual machine:
   

   vzctl stop 108
   vzctl set 108 --capability sys_time:on --save
   vzctl start 108
   vzctl enter 108
   mv /etc/localtime /etc/localtime.old
   ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
   exit

   [↩]