Each time we release a new version of PBX in a Flash™, I’m reminded of one of my favorite childhood books and one of the best mottos of all time: "I Think I Can!" You can’t really appreciate what goes into an open source product like PBX in a Flash until you try doing it yourself. The sad part is we and the CentOS™ development team are part of a dwindling few non-commercial entities that still are in the open source "business." If you want to actually learn about Asterisk from the ground up using pure source code to customize your VoIP deployment, PBX in a Flash has no competition because your only other option is to roll your own starting with a Linux DVD. So our extra special kudos go to Tom King, who once again has produced a real masterpiece in that it is very simple for a first-time user to deploy and, at the same time, incredibly flexible for the most experienced Asterisk developer. The new PIAF 2.0.6.4.3 ISOs not only provide a choice of Asterisk® and FreePBX® versions to get you started. But now you can build and deploy standalone servers for SugarCRM™, NeoRouter™ VPN, and OpenFire™ XMPP using the 32-bit and 64-bit PIAF™ ISOs. So let’s get started, shall we?

Making a Hardware Selection

We’re going to assume that you need a VoIP telephony solution that will support an office of up to several dozen employees and that you have an Internet connection that will support whatever your simultaneous call volume happens to be. This is above and beyond your normal Internet traffic. To keep it simple, you need 100Kbps of bandwidth in both directions for each call.¹ And you need a router/firewall that can prioritize VoIP traffic so that all your employees playing Angry Birds won’t cause degradation in VoIP call quality. Almost any good home router can now provide this functionality. Remember to disable ALG on your router, and it’s smooth sailing.

For computer hardware, you’ll need a dedicated machine. There are many good choices. Unless you have a burning desire to preserve your ties with Ma Bell, we recommend limiting your Ma Bell lines to your main number. Most phone companies can provide a service called multi-channel forwarding that lets multiple inbound calls to your main number be routed to one or more VoIP DIDs much like companies do with 800-number calls. If this works for you, then any good dual-core Atom computer will suffice. You’ll find lots of suggestions in this thread. And the prices generally are in the $200-$400 range. For larger companies and to increase Asterisk’s capacity with beefier hardware, see these stress test results.

If your requirements involve retention of dozens of Ma Bell lines and complex routing of calls to multiple offices, then we would strongly recommend you spend a couple thousand dollars with one of our consultants. They’re the best in the business, and they do this for a living. They can easily save you the cost of their services by guiding you through the hardware selection process. They also have turnkey phone systems using much the same technology as you’ll find in PBX in a Flash. You won’t hurt our feelings.

Choosing the Right PIAF Platform

We get asked this question about a hundred times a week on the forums so here goes. There are more than two dozen permutations and combinations of CentOS, Asterisk, and FreePBX to choose from when you decide to deploy PBX in a Flash. We always recommend the latest version of CentOS because it tends to be the most stable and also supports the most new hardware. You have a choice to make between a 32-bit OS or 64-bit. Our preference is the 32-bit platform because it is better supported. The performance difference is virtually unnoticeable for most VoIP applications. With Asterisk, we always recommend an LTS release because those have long-term support. That narrows your choices to Asterisk 1.8 or Asterisk 11. If you plan to use Digium® Phones (and we’ll get to that), then you’ll want either Certified Asterisk 1.8 or Asterisk 11. The conventional wisdom in the Asterisk community has been to avoid just released Asterisk versions like the plague. We think we’ve turned the corner on that approach. Asterisk 1.8 is close to end of life, and with Asterisk 11, you’re in great shape from a support standpoint for many years to come. We personally run Asterisk 11 and have yet to find something that functionally would qualify as a show stopper. That’s not to say there aren’t some bugs and security issues from time to time. A pretty serious collection of them was found a few months ago, but it affected all versions of Asterisk. So… our bottom line is that Asterisk 11 is the latest and greatest with the best feature set. If we were building a system for a commercial business, it would be our hands-down choice. In the PBX in a Flash world, we have colors for various versions of PBX in a Flash that support different versions of Asterisk. Asterisk 11 happens to be PIAF-Green, Asterisk 1.8=PIAF-Purple, Asterisk 10=PIAF-Red, Certified Asterisk 1.8=PIAF-Brown.

Choosing the Right Phones

If there is one thing that will kill any new VoIP deployment, it’s choosing the wrong phones. If you value your career, you’ll let that be an organization-driven decision after carefully reviewing at least 6-12 phones that won’t cause you daily heartburn. You and your budget team can figure out the price points that work in your organization keeping in mind that not everyone needs the same type of telephone. Depending upon your staffing, the issue becomes how many different phone sets are you and your colleagues capable of supporting and maintaining on a long term basis.

Schmooze Com has released a public beta of their commercial End Point Manager (EPM) at a price point of $25 per server. They’ve been using the application internally to support their commercial customers for over a year so it is not your typical beta software. Suffice it to say, it’s the best $25 you will ever spend. You can sign up for an account with Schmooze through our commercial support site and purchase the software now. After taking a look at the Admin User Guide, if you’re a true pioneer, drop us a note and we’ll get you a sneak peek. The beauty of this software is it gives you the flexibility to support over 150 different VoIP phones as well as other devices almost effortlessly. Using a browser, you can configure and reconfigure almost any phone on the market in a matter of minutes. So the question becomes which phones should you show your business associates. That again should be a decision by you and your management and budget teams, but collect some information from end-users first. Choose a half dozen representative users in your company and get each of them to fill out a questionnaire documenting their 10 most frequent daily phone calls and listing each step of how they processed those calls. That will give you a good idea about types and variety of phones you need to consider for different groups of users. Cheaper rarely is better. Keep in mind that phones can last a very long time, even lousy ones. So choose carefully.

The phone brands that we would seriously consider include Cisco, Aastra, Snom, Digium, Mitel, Polycom, Yealink, and Grandstream. Do you need BLF, call parking or multiple line buttons, a hold button, conferencing, speakerphone, HD voice, power over Ethernet support, distinctive ringtones for internal and various types of external calls, Bluetooth, WiFi, web, SMS, or email access, an extra network port for a computer, headset support, customizable buttons (how many?), quick dial keys, custom software, XML provisioning, VPN support? How easy is it to transfer a call? Do you need to mimic key telephones? Also consider color screens, touch screens, busy lamp indicators, extension modules (what capacity?). What do we personally use: several Digium phones of various types, a couple of Aastra phones, a Grandstream GXP2200, and a collection of Panasonic cordless DECT phones, a fax machine, and Samsung Galaxy Note II connected through an OBi202 with an OBiBT Bluetooth Adapter to our PIAF server.

Installing PBX in a Flash

With the office politics out of the way, let’s get to the fun stuff.

• Download PIAF 2.0.6.4.3 ISO from SourceForge
• Burn the ISO to a USB Thumb Drive or a DVD using a Mac or Windows machine
• Boot dedicated server using PIAF Flash Drive or DVD

For most deployments, choose the default install by pressing Enter.

Leave the UTC System Clock option unchecked and pick your Time Zone. Tab to OK and press Enter.

Choose a very secure Root Password. Tab to OK and press Enter. Your server will whir away for 5-10 minutes installing CentOS 6.4. When the reboot begins, remove the DVD or USB thumb drive.

For today, we’re installing PBX in a Flash. So leave it highlighted, tab to OK, and press Enter.

Now pick your PIAF flavor, tab to OK, and press Enter.

The PIAF Configuration Wizard will load. Press Enter to begin.

Unlike any other aggregation, PIAF gives you the opportunity to fully configure Asterisk using make menuconfig if you know what you’re doing. For everyone else, type N and then confirm your choice.

Next, you’ll need to choose your Time Zone again for PHP and FreePBX. Don’t worry if yours is missing. A new timezone-setup utility is available in /root to reconfigure this to any worldwide time zone.

Next, choose your version of FreePBX to install. Ignore the screen info regarding Incredible PBX. It’s out of date. The following limitations apply if you plan to also install Incredible PBX and Incredible Fax:

Incredible PBX 3 requires PIAF-Purple and FreePBX 2.9
Incredible PBX 4 requires PIAF-Purple and FreePBX 2.10 (32-bit only)
Incredible PBX 11 requires PIAF-Green and FreePBX 2.11

Finally, you need to choose a very secure maint password for access to FreePBX using a browser. You can pick your own, or the installer will generate one for you. Don’t forget it.

The installer will give you one last chance to make changes. If everything looks correct, press the Enter key and go have lunch. Be sure you have a working Internet connection to your server before you leave.

In about an hour, your server will reboot. You should be able to log in as root using your root password. Write down the IP address of your server from the status display (above) and verify that everything installed properly. Note that Samba is disabled by default. If you want to use your server with Windows Networking, run configure-samba once your server is up and running and you’ve logged in.

Configuring PBX in a Flash

Most PIAF Configuration is accomplished using the FreePBX Web GUI. Point your browser to the IP address shown in the status display above to display your PIAF Home Page. Click on the Users tab. Click FreePBX Administration. When prompted for your username and password, the username is maint. The password will be the FreePBX master password you chose in the Config Module phase of the PBX in a Flash installation procedure above.

If you’re new to Asterisk and FreePBX, here’s the one paragraph primer on what needs to happen before you can make free calls with Google Voice. You’ll obviously need a free Google Voice account. This gets you a phone number for people to call you and a vehicle to place calls to plain old telephones throughout the U.S. and Canada at no cost. You’ll also need a softphone or SIP phone to actually place and receive calls. YATE makes a free softphone for PCs, Macs, and Linux machines so download your favorite and install it on your desktop. Phones connect to extensions in FreePBX to work with PBX in a Flash. Extensions talk to trunks (like Google Voice) to make and receive calls. FreePBX uses outbound routes to direct outgoing calls from extensions to trunks, and FreePBX uses inbound routes to route incoming calls from trunks to extensions to make your phones ring. In a nutshell, that’s how a PBX works. There are lots of bells and whistles that you can explore down the road. FreePBX now has some of the best documentation in the business. Start here.

To get a minimal system functioning to make and receive calls, here’s the 2-minute drill. You’ll need to set up at least one extension with voicemail, and we’ll configure a free Google Voice account for free calls in the U.S. and Canada. Next, we’ll set up inbound and outbound routes to manage incoming and outgoing calls. Finally, we’ll add a phone with your extension credentials.

A Few Words About Security. PBX in a Flash has been engineered to run on a server sitting safely behind a hardware-based firewall with NO port exposure from the Internet. Leave it that way! It’s your wallet and phone bill that are at stake. If you’re running PBX in a Flash in a hosted environment with no hardware-based firewall, then immediately read and heed our setup instructions for Securing Your VoIP in the Cloud Server. We would encourage you to visit your PIAF Home Page regularly. It’s our primary way of alerting you to security issues which arise. You’ll see them posted (with links) in the RSS Feed shown above. If you prefer, you can subscribe to the PIAF RSS Feed or follow us on Twitter. For late-breaking enhancements, you also should regularly visit the Bug Reporting & Fixes Topic on the PIAF Forum.

Extension Setup. Now let’s set up an extension to get you started. A good rule of thumb for systems with less than 50 extensions is to reserve the IP addresses from 192.x.x.201 to 192.x.x.250 for your phones. Then you can create extension numbers in FreePBX to match those IP addresses. This makes it easy to identify which phone on your system goes with which IP address and makes it easy for end-users to access the phone’s GUI to add bells and whistles. In FreePBX 2.10 or 2.11, to create extension 201 (don’t start with 200), click Applications, Extensions, Generic SIP Device, Submit. Then fill in the following blanks USING VERY SECURE PASSWORDS and leaving the defaults in the other fields for the time being.

User Extension … 201
Display Name … Home
Outbound CID … [your 10-digit phone number if you have one; otherwise, leave blank]
Emergency CID … [your 10-digit phone number for 911 ID if you have one; otherwise, leave blank]

Device Options
secret … 1299864Xyz [randomly generated]
dtmfmode … rfc2833
Voicemail Status … Enabled
voicemail password … 14332 [make this unique AND secure!]
email address … yourname@yourdomain.com [if you want voicemail messages emailed to you]
pager email address … yourname@yourdomain.com [if you want to be paged when voicemail messages arrive]
email attachment … yes [if you want the voicemail message included in email]
play CID … yes [if you want the CallerID played when you retrieve message]
play envelope … yes [if you want date/time of the message played before the message]
delete Vmail … yes [if you want the voicemail message deleted after it's emailed to you]
vm options … callback=from-internal [to enable automatic callbacks by pressing 3,2 after playing a voicemail message]
vm context … default

Write down the passwords. You’ll need them to configure your SIP phone.

Extension Security. We cannot overstress the need to make your extension passwords secure. All the firewalls in the world won’t protect you from malicious phone calls on your nickel if you use your extension number or something like 1234 for your extension password if your SIP or IAX ports happen to be exposed to the Internet.

In addition to making up secure passwords, the latest versions of FreePBX also let you define the IP address or subnet that can access each of your extensions. Use it!!! Once the extensions are created, edit each one and modify the permit field to specify the actual IP address or subnet of each phone on your system. A specific IP address entry should look like this: 192.168.1.142/255.255.255.255. If most of your phones are on a private LAN, you may prefer to use a subnet entry in the permit field like this: 192.168.1.0/255.255.255.0 using your actual subnet.

Adding a Google Voice Trunk. There are lots of trunk providers, and one of the real beauties of having your own PBX is that you don’t have to put all of your eggs in the same basket… unlike the AT&T days. We would encourage you to take advantage of this flexibility. With most providers, you don’t pay anything except when you actually use their service so you have nothing to lose.

For today, we’re going to take advantage of Google’s current offer of free calling in the U.S. and Canada through the end of 2013. You also get a free phone number in your choice of area codes. PBX in a Flash now installs a Google Voice module under FreePBX -> Connectivity that lets you set up your Google Voice account with PBX in a Flash in just a few seconds once you have your credentials.

A Word to the Wise: All good things come to an end… especially those that are free. So plan ahead with some alternate providers that keep your phones working should Google decide to pull the plug or change the terms with Google Voice.

Signing Up for Google Voice. You’ll need a dedicated Google Voice account to support PBX in a Flash. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account rather than creating a separate account. Take our word for it. Inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So… set up a dedicated Gmail and Google Voice account², and use it exclusively with PBX in a Flash. Google Voice no longer is by invitation only. If you’re in the U.S. or have a friend that is, head over to the Google Voice site and register. If you’re living on another continent, see MisterQ’s posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for PBX in a Flash to function with Google Voice! Otherwise, inbound and/or outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings and enable it. Be sure to try one call each way from Google Chat in Gmail. Then disable Google Chat in GMail for this account. Otherwise, it won’t work with PIAF.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

• Call Screening – OFF
• Call Presentation – OFF
• Caller ID (In) – Display Caller’s Number
• Caller ID (Out) – Don’t Change Anything
• Do Not Disturb – OFF
• Call Options (Enable Recording) – OFF
• Global Spam Filtering – ON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Configuring Google Voice Trunk in FreePBX. All trunk configurations now are managed within FreePBX, including Google Voice. This makes it easy to customize PBX in a Flash to meet your specific needs. Click the Connectivity tab in FreePBX 2.11 and choose Google Voice [Motif]. To Add a new Google Voice account, just fill out the form. NOTE: The form has changed from prior releases of FreePBX. Do NOT check the last box: Send Unanswered to GoogeVoice Voicemail, or you’ll have problems receiving incoming calls.

Google Voice Username is your Google Voice account name without @gmail.com. Password is your Google Voice password. NOTE: Don’t use 2-stage password protection in this Google Voice account! Phone Number is your 10-digit Google Voice number. Next, check only the first two boxes: Add Trunk and Add Outbound Routes. Then click Submit Changes and reload FreePBX. Down the road, you can add additional Google Voice numbers by clicking Add GoogleVoice Account option in the right margin and repeating the drill. For Google Apps support, see this post on the PIAF Forum.

Outbound Routes. The idea behind multiple outbound routes is to save money. Some providers are cheaper to some places than others. It also provides redundancy which costs you nothing if you don’t use the backup providers. The Google Voice module actually configures an Outbound Route for 10-digit Google Voice calling as part of the automatic setup. If this meets your requirements, then you can skip this step for today.

Inbound Routes. An Inbound Route tells PBX in a Flash how to route incoming calls. The idea here is that you can have multiple DIDs (phone numbers) that get routed to different extensions or ring groups or departments. For today, we’ll build a simple route that directs your Google Voice calls to extension 201. Choose Connectivity -> Inbound Routes, leave all of the settings at their default values except enter your 10-digit Google Voice number in the DID Number field. Enable CallerID lookups by choosing CallerID Superfecta in the CID Lookup Source pulldown. Then move to the Set Destination section and choose Extensions in the left pull-down and 201 in the extension pull-down. Now click Submit and save your changes. That will assure that incoming Google Voice calls are routed to extension 201.

IMPORTANT: Before Google Voice calling will actually work, you must restart Asterisk from the Linux command line interface. Log into your server as root and issue this command: amportal restart.

Eliminating Audio and DTMF Problems. You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in FreePBX: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

General Settings. Last, but not least, we need to enter an email address for you so that you are notified when new FreePBX updates are released. In FreePBX 2.11, choose Admin -> Module Admin and click on the Upgrade Notifications shield on the right. Plug in your email address, click Submit, and save your changes. Done!

Setting Up a Desktop Softphone. PBX in a Flash supports all kinds of telephones, but we’ll start with the easy (free) one today. You can move on to "real phones" once you’re smitten with the VoIP bug. For today, you’ll need to download a softphone to your desktop PC or Mac.

The easiest way to get started is to set up a YATE softphone on your Desktop computer. Versions are available at no cost for Macs, PCs, and Linux machines. Just download the appropriate one and install it from this link. Once installed, it’s a simple matter to plug in your extension credentials and start making calls. Run the application and choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 201 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 201, close the Account window. Then click on YATE’s Telephony Tab and place your first call. It’s that easy!

Monitoring Call Progress with Asterisk. That about covers the basics. We’ll leave you with a tip on how to monitor what’s happening with your PBX. There are several good tools within the FreePBX GUI. You’ll find them under the Reports tab. In addition, Asterisk has its own Command Line Interface (CLI) that is accessible from the Linux command prompt. Just execute the following command while logged in as root: asterisk -rvvvvvvvvvv.

What’s Next? We’ve barely scratched the surface of what you can do with PBX in a Flash. Log into your server as root and type help-pbx for a list of simple install scripts that can add almost any function you can imagine. And Incredible PBX 11 and Incredible Fax can be installed in under 2 minutes to provide you almost every Asterisk application on the planet. You can read the complete tutorial here.

New App of the Week. We’re pleased to introduce Trunk Failure Email Alerts for Asterisk supporting SIP, IAX2, and Google Motif trunks. Just insert your email address in this little script and run it every hour as a cron job. You’ll get an email alert whenever any of your VoIP trunks fail. Enjoy!

Tweet

Originally published: Friday, April 19, 2013

---

Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.

---

whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. As an added bonus for PIAF users, Vitelity is offering free porting of all domestic local and Toll Free DIDs through May 18. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity. 

---

Some Recent Nerd Vittles Articles of Interest…

We’ve spent considerable effort exploring and enhancing the VoIP cloud offerings for our followers, and today we’re delighted to introduce another terrific service: Amazon’s Elastic Compute Cloud (EC2). This is one of several Amazon Web Service (AWS) offerings that provides resizable compute capacity in the cloud and is designed to make web-scale computing easier for developers. That’s the Amazon pitch for their service. Ours is a bit different. For anyone with mission-critical operations or that has ever given a moment’s thought to business continuity planning (THINK: hurricanes, tornados, earthquakes, blizzards, fires, floods, bombs), you need an EC2 backup plan for VoIP communications. It really doesn’t matter whether your organization uses a proprietary phone system, or Asterisk®, or good ol’ black telephones, the point is simply this. When your lights go out and you still need a communications system for your employees and your customers, what’s your plan? Staying home in bed isn’t a choice for most folks. So our focus is not to persuade anybody to move their primary communications platform to Amazon EC2 although it’s certainly worth considering. For today, let’s tackle emergency planning and Disaster Recovery 101 for that dreadful day when you really don’t have a choice. And D-Day is a really bad day to start thinking about communications alternatives. You’ll have plenty of other things to do.

We’re going to make this fun today and provide all the tools you’ll need to set up shop in Amazon’s EC2 Cloud. The good news is that EC2 is almost free for your first year so getting started isn’t going to be a financial burden. Once you have everything built, you can turn it off and hope you never have to use it. On the other hand, it’s dirt cheap for an entire year so enjoy yourself and learn why VoIP communications can revolutionize your business at a fraction of the cost of a proprietary communications system. For our Asterisk aficionados that have already discovered the beauty of free VoIP communications, we’ve got some additional goodies today, Incredible Backup and Incredible Restore, that will let you quickly move your communications platform back and forth between EC2 and a local server or virtual machine effortlessly.

For those just getting started, the real beauty of VoIP communications is that, once your server platform is operational, you can bring up communications services for your employees without any hardware investment. A notebook computer and a free SIP softphone will let you make and receive calls through your EC2 communications system. By adding trunks from Google Voice or any SIP service provider, you complete the communications circle to connect to any phone in the world. We do this for a living so, if your business needs some hand-holding to get started, drop us a note. We like to travel.

The Choice is Yours: PIAF-Purple with Asterisk 1.8 or PIAF-Green with Asterisk 11

Getting Started. For your communications platform, we’ve built two new versions of PBX in a Flash™ for Amazon EC2: PIAF-Purple and PIAF-Green. You can’t beat the price. Both are free! These two builds are based upon the two long-term support (LTS) releases of Asterisk: 1.8 and 11. In our testing, both are rock solid and production-ready. If tried and true is your cup of tea, then PIAF-Purple with Asterisk 1.8 and FreePBX 2.10 is your baby. If you want to get a jump on the future, then PIAF-Green with Asterisk 11 and FreePBX 2.11 is worth a careful look. But, to use either one, you first need to get set up with an Amazon EC2 account. So head over to Amazon and click on Sign Up Now. A word to the wise here. You don’t want the bad guys breaking into your account unless you have an unlimited budget. There are lots of non-free Amazon EC2 services that could max out your credit card quickly. So, in addition to signing up for your Amazon account, also activate Multi-Factor Authentication. It’s your bank account!

Once your account is activated, sign in to the Amazon Management Console. After entering both your passwords, the AWS Management Console will appear. Click on EC2 to bring up the EC2 Dashboard (shown above). This is home base in EC2. The Launch Instance button is used to start a new virtual machine. We’ll walk you through that process in a minute. In the left margin are the functions you’ll be using most often. Instances displays your existing virtual machines, both running and stopped. Volumes are the virtual hard disks associated with your virtual machines or instances in Amazon-speak. A volume gets created as part of the VM launching process. When you delete instances, it’s important to also delete the associated volume, or you get billed for it separately. Elastic IPs lets you assign an IP address to an Instance using Amazon’s DHCP servers. You access your virtual machines using SSH and, without an IP address, you can’t gain access. For SSH security, EC2 uses Key Pairs. As part of launching a new virtual machine, we’ll walk you through creating one. Amazon EC2 also has its own firewalls called Security Groups. Basically, all services are blocked until you open them up. We’ll also walk you through that process as well. Once you’ve created your Key Pair and Security Group, you can use them with multiple instances. Now you’re an expert so let’s Launch a New Instance.

Creating a New Virtual Machine. Click on the blue Launch Instance button in the EC2 Dashboard to begin. Choose Classic Wizard. You build a new instance by starting with one that someone else has already built. Be careful here. There are literally thousands to choose from and, unless you know the creator, use Name Brand, trusted instances only. Anybody can hide anything in an instance that they’ve made publicly available. Think of your worst Trojan Horse horror story, and there’s probably a public Amazon instance to match it. For our purposes, the magic number you need to know is 399149154715. That’s our Amazon EC2 account number, and it means any instances prefixed with that number were created by us. So click on the Community AMIs tab and search for PIAF. In about a minute, both PIAF 2.0.6.3 AMIs will appear. Pick your favorite but be sure the file name begins with 399149154715. Then click Select. For the Instance Type, make sure T1 Micro is chosen. That’s the only free option during your first year. Leave the Availability Zone at No Preference and Number of Instances set to 1. Click Continue. In Advanced Instance Options, accept all of the defaults and click Continue. For Storage Device Configuration, accept the defaults by clicking Continue. Next, you’ll be prompted to add Tags to your Instance. This is a short-hand description to help you distinguish one instance from another. For the Name Value, enter something like PIAF-Purple-64 or PIAF-Green-64 and click Continue. Next, you’ll be prompted to create a Key Pair to use with the instance. If you don’t already have one, click Create New Key Pair and Continue. Once the key pair is created, the .pem file will be downloaded to your desktop computer. Change the permissions on the .pem file to what SSH requires: chmod 700 mykey.pem. You’ll need this key file to log into your instance with SSH so move it to a safe place. Next, you’ll create or use an existing Security Group. This sets up the firewall rules to use with your instance. For PBX in a Flash, you’ll need at least the following Inbound Rules in your Security Group: TCP 22 (SSH), TCP 80 (Web), TCP 1723 (for PPTP VPN only), and TCP 9001 (for WebMin access). For VoIP services, you’ll need UDP 5060 (SIP), UDP 10000-20000 (RTP), UDP 4569 (IAX), and UDP 69 (TFTP, if desired). EC2 lets you lock down Security Group entries to individual IP addresses. We strongly recommend this for SSH, Web, SIP, IAX, and TFTP services. If you need access from multiple IP addresses, just add additional Security Group rules for each address and service. Finally, you’ll be shown a summary of all your selections. If everything looks OK, click Launch to start the instance. While it’s starting up, click Elastic IPs from the left column of the EC2 Dashboard. Choose Allocate New Address and then Associate Address to connect it with the instance that just launched. Write down the IP address. You’ll need it for SSH access. Finally, click Instances and wait for your virtual machine to come on line with a green check mark.

Your First Login. Now you can log into your EC2 instance via SSH using your key file and the IP address associated with the instance: ssh -i mykey.pem -v ec2-user@54.235.12.34. If you’re using a Windows machine with Putty, use PuttyGen.exe to convert your .pem key into something Putty can understand before attempting to log in. Once you’re logged in, you need to immediately change all the default passwords:

• sudo passwd (to change your ec2-user password)
• sudo passwd root (to change your root password)
• su root (to switch to the root account with your new password)
• passwd-master (to change your FreePBX and web passwords)
• cd /root (to switch to the /root directory)

Keep in mind that PBX in a Flash is a little different than a standard Linux install. It has been designed for use as the root user only. So, whenever you log into a PIAF instance in EC2, always execute the following command: su root && cd /root. Most Linux and PBX in a Flash utilities will not work properly if you attempt to execute them as the ec2-user! For web access and management of your server, point your browser to the IP address of your EC2 instance. If you’re new to PBX in a Flash, stop here and read the PBX in a Flash 2.0.6.3 Quick Start Guide. It’ll tell you everything you need to know to get started with PBX in a Flash.

Installing Incredible PBX. We’ve got a few more surprises for you today. First, there are new, GPL2-licensed releases of Incredible PBX: version 10 for FreePBX 2.10 and version 11 for FreePBX 2.11. If you’re new to all of this, Incredible PBX provides some additional layers of security for your server while also giving you dozens of turnkey Asterisk applications including text-to-speech, speech-to-text, SMS messaging, news, weather, stocks, and tide reports, and much more. You can read the Incredible PBX tutorial here. To install Incredible PBX while logged into your EC2 instance as root, issue the following commands and plug in your passwd-master password when prompted. If you’re using the PIAF-Green AMI, replace incrediblepbx10 with incrediblepbx11 below.

cd /root
wget http://incrediblepbx.com/incrediblepbx10.gz
gunzip incrediblepbx10.gz
chmod +x incrediblepbx10
./incrediblepbx10


Installing Incredible Fax. Yes, there’s more. Incredible Fax also works just fine on the EC2 platform. If you want the added convenience of having your Incredible PBX double as a free fax machine, run install-incredfax2 after the Incredible PBX 10 install completes. For Incredible PBX 11, run /root/incrediblefax11.sh. Plug in your email address for delivery of incoming faxes and enter your home area code when prompted. For every other prompt, just press the Enter key. If you’d like to also add the optional OCR utility, just choose it when prompted. For complete documentation, see this Nerd Vittles article. Don’t forget that a REBOOT OF YOUR SERVER is required when the install is finished, or faxing won’t work! Then log in to AvantFax through the PBX in a Flash GUI using maint:password. Be sure to change your password!

Also be sure to set up a second, dedicated Google Voice number if you want support for inbound faxing. Once the Google Voice credentials are configured in FreePBX for the additional Google Voice line, simply add an Inbound Route for this DID to point to the fax destination. Just plug in your 10-digit Google Voice number and other entries shown in the form below. Save your setup and reload FreePBX. Done!

Introducing Incredible Backup and Restore. Last, but not least, we have new GPL2-licensed backup and restore utilities to simplify the task of moving PBX in a Flash setups between Amazon EC2 and other standalone or virtual machine platforms. To complement these new utilities, we’ve also released a new 64-bit PIAF-Purple Virtual Machine image for VirtualBox. PIAF-Purple-64.ova is a free download from SourceForge and will run under VirtualBox on any Windows, Mac, Linux, or Solaris desktop computer. Our VirtualBox tutorial is available here. You also have the option of downloading the current 64-bit PIAF-20631 ISO from SourceForge and building your own server or virtual machine. All three platforms (Amazon EC2 AMI, VirtualBox OVA, or PIAF 64-bit ISO) are 100% compatible with Incredible PBX, Incredible Fax, and the new Incredible Backup. Once you have matching platforms, you can backup your PIAF or Incredible PBX setup on one platform and then restore it to a different platform by simply copying the backup image to the new platform and running Incredible Restore. The entire procedure takes only a couple of minutes.

To install the backup and restore utilities on either of the platforms, simply issue the following commands:

cd /usr/local/sbin
wget http://incrediblepbx.com/incrediblebackup10.tar.gz
tar zxvf incrediblebackup10.tar.gz
rm incrediblebackup10.tar.gz

Because Incredible Backup shuts down Asterisk, MySQL, and Apache, do NOT run this when folks are using your PBX! To make a backup, log into your server as root and type: incrediblebackup.

The restore procedure essentially erases ALL of your existing FreePBX, Asterisk, TFTP, and web data. To restore a backup, copy the backup file to be restored to /tmp on the new server. Make sure the new server has Asterisk, FreePBX, and Incredible PBX versions that match what’s shown in the backup filename. There is NO error checking presently. To restore, log into your server as root, write down the filename of the backup file, and type: incrediblerestore /tmp/filename.tar.gz. If this is a new server and you’re still using your old one as well, then remove the DUNDI secret and secretexpiry entries from the Asterisk DB and restart Asterisk once the restore is completed:

asterisk -rx "database del dundi secret"
asterisk -rx "database del dundi secretexpiry"
amportal restart


For additional usage instructions and tips, see this thread on the PIAF Forum. Enjoy!

Tweet

Originally published: Monday, February 11, 2013  Updated: Thursday, February 14, 2013

---

Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you.

Need help with Asterisk? Visit the PBX in a Flash Forum.

---

whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest…

Tech toys continue to proliferate and, to get you in the Christmas spirit, we thought we would run down our short list of Must Have’s for 2012 so that you’ll be prepared for your Black Friday shopping spree. It’s just 10 days away!

Cell Phone Paradise

In the smartphone category, the iPhone 5 ranks up there as one of the most disappointing offerings of the year in our book. Apple continues to force obsolescence with a new nano SIM card and an all-new dock connector that only supports USB 2.0. Near Field Communication (NFC) is nowhere to be found. Did we mention the endless LITIGATION that seems to have replaced INNOVATION at Apple? Before you buy from Apple, ask yourself if you really want to encourage this type of corporate behavior. It’s ruining software development, and spare us the B.S. about Apple inventing all of this stuff. They didn’t!

Three out of four new cellphones reportedly are Android phones. There are lots of reasons why. We’ve been a huge fan of Samsung’s Galaxy S III as the best cellphone on the market… until we tried the new Galaxy Note II. We had planned to do a full-fledged review of the device until we read AnandTech’s writeup. It covers everything you’d ever want to know. What can we say? Easily rooted. A 5.5 inch diagonal screen with 1280×720 resolution leaves everything else in the dust. Add Android Jelly Bean with a quad-core processor and support for Samsung’s S-Pen, two fantastic cameras, a replaceable battery, 64GB microSD card support, an 11.78 watt-hour battery, cellular support for category 3 LTE FDD and TDD, Release 9 DC-HSPA+, GSM/EDGE, and TD-SCDMA along with onboard gpsOneGen 8A GNSS, and it’s damn close to perfect. It brings you the best of all possible non-proprietary worlds. And, yes, it still fits comfortably in your jeans pocket. Honest, you will love The Phablet, and it’s available with free 2-day shipping using Amazon Prime.¹ Or check out the Black Friday deals.

Best Cell Phone Plans

The United States cellphone provider market continues to be dominated by the Bell sisters, AT&T and Verizon, with Sprint and T-Mobile competing in the also-ran category. The good news is there now are some terrific cellphone pay-as-you-go bargains using three of the four major providers. Monthly pricing of these plans is typically 50 to 75% less than comparable plan offerings from AT&T and Verizon. Here are our favorites.

Straight Talk Unlimited. Straight Talk in conjunction with WalMart offers a $45 monthly plan ($495 a year) with unlimited talk, text, and web access. Buy a SIM for $9.99 and a refill card, port your number, and you’ll be up and running in about an hour. Better yet, buy them together and use coupon code SIMSAVE, and the SIM card is free with free shipping as well. It uses the identical AT&T network infrastructure as AT&T, and Straight Talk SIMs are interchangeable using any existing AT&T cellphone. On an Android phone, the feature set is identical to what you’d get with an AT&T plan. On an iPhone, you lose Visual Voicemail. If the phone is not jailbroken, you may lose multimedia messaging (MMS). For configuration details, see this post. Also available for T-Mobile, if you prefer. No tethering!

T-Mobile Unlimited Data Plan. T-Mobile in conjunction with WalMart offers a pay-as-you-go plan with 100 voice minutes, unlimited texting, and unlimited data (5GB at 4G speed and 2G speed thereafter) for $30 a month. Extra voice minutes are 10¢. It’s not only an amazing deal, but the fine print doesn’t seem to preclude tethering. You can use it with any T-Mobile phone including all of Google’s Android phones. For tethering support, any rootable Android phone works as well as the unmodified $349 Galaxy Nexus 4 purchased directly from Google starting today at noon Eastern time. The Nexus 4 gives you 4G performance over HSPA+, but no LTE radio support! Today’s AnandTech review here. If you don’t care about tethering but want 4G performance, then take a look at the $175 Samsung T679 available at WalMart. Beware: Most AT&T GSM phones will also work with T-Mobile, but you’ll only get 2G data performance because of the different radio frequencies used by AT&T and T-Mobile for 3G and 4G service.

If you have T-Mobile coverage in your area or if you spend a lot of time on the interstates and want network coverage for your laptops while you’re on the move, this is the plan for you. We call it the Stealth Plan because neither WalMart nor T-Mobile says much about it. It’s only available when you first sign up for service with your newly purchased T-Mobile SIM. Despite lots of chatter to the contrary, this plan is available (but unadvertised) by purchasing a 99¢ SIM directly from T-Mobile. Trust us. You’re only risking a buck. But, beware, if you ever switch to a different plan (or if you sign up for the wrong $30 plan originally… T-Mobile and WalMart both push a lousy plan that includes 1500 talk minutes with 30MB of data for the same $30), you can never go back to the good plan without purchasing another T-Mobile SIM. To activate your T-Mobile SIM once you have your T-Mobile phone in hand, go here. Remember. Make your initial selection carefully. To buy $30 refills, here’s the link.

Virgin Mobile (not quite) Unlimited Plan. If you have good Sprint coverage, would like to use an iPhone with or without tethering, and don’t mind data limits then the Virgin Mobile Plan isn’t too bad. $35 a month gets you 300 minutes, unlimited messaging, and 2.5GB of data. For $15 more, you get 3.5GB of data with tethering. $10 more gets you 1200 talk minutes a month while $20 more gets you unlimited talk. It’s been reported that the Virgin Mobile iPhone 4S will be available in Target stores for $500 with a free $100 Target gift card beginning at 9 p.m. on Nov. 22.

VoIP Desktop Phone of the Year

It was just a matter of time until someone produced a reasonably priced, rock-solid SIP desktop phone based upon Android. The combination provides the best of both worlds with SIP access to your favorite Asterisk® server or Incredible PBX for the Raspberry Pi plus Skype, Google Voice, Microsoft Lync, YouTube, Facebook, Twitter, and Angry Birds without leaving your chair. Meet the $200 Grandstream GXP-2200. We got to spend some time with it at AstriCon 2012 a few weeks ago. With support for six lines, five-way conference calls, HD audio, Bluetooth, integrated PoE, and VPNs of many flavors, the GXP2200 takes top honors as our VoIP Desktop Phone of the Year. It’s still in limited supply but should be available everywhere soon.

Thanksgiving Update: Since we originally published this article, Grandstream has released a firmware update that resolved virtually all outstanding issues. The Google Play Store now is available which means many Android apps you previously have purchased can now be installed on the GXP2200 at no cost. Skype with incoming video now works well. There’s no outbound video because there is no camera built into the phone. Not sure whether a USB camera would solve that as we haven’t tested it (yet). GrooVe IP can be installed from the Play Store for plug-and-play Google Voice calling. That gives you the "VoIP Big Three" on a single desktop phone: SIP, Skype, and Google Voice. AsteriDex also can be used from the phone’s browser to provide click-to-dial calling with any SIP trunk you’ve set up on the phone. The PBX in a Flash RSS Security Feed can also be installed on the desktop of this phone. With the $5 IP Cam Viewer app, you can use your phone to monitor dozens of IP cameras in your organization or anywhere around the globe. In short, we can find nothing not to like about this phone! For up-to-the-minute news updates, visit the PIAF Forum.

Hosted VoIP Provider of the Year

We’re delighted that one of our corporate sponsors is the hands-down winner of Hosted VoIP Provider of the Year. With your choice of servers throughout the United States, Canada, and Europe, not only is RentPBX’s service and support second to none, but their $14.99 a month pricing for cloud-based hosting of PBX in a Flash is in a league of its own. Be sure to use coupon code PIAF2012 for your first hosted PBX order to take advantage of this special pricing.

VoIP Computer of the Year

No surprise here. The $35 Raspberry Pi now with 512MB RAM takes top honors. Add a power supply, plug into your LAN, burn Incredible PBX 3.5 to an SD card, and boot to a near perfect (free) VoIP platform with Google Voice, SIP support, unlimited extensions with voicemail, IVR support, text-to-speech and speech-to-text functionality. Take our 35 apps for a spin, and you’ll agree the choice is a No Brainer. And this week you can add free fax support to the already incredible feature set. Review the Quick Start Guide and then the Fab 35 Apps Tutorial. Then finish off your adventure by Interconnecting Raspberry Pi devices in less than 5 minutes. If money is no object and you want one in two days, take a look at the Amazon ad in the right column which provides a good refresher in the law of supply and demand.

Our runner-up for best all-purpose VoIP computer remains the Foxconn NT535 Dual-Core Atom machine which is back on sale for $154.99 at Amazon today with free 2-day shipping with Amazon Prime. Details in our previous article.

VoIP Tablet of the Year

C|Net has done a great Roundup of the 7-Inchers. Jokes aside and absent special requirements, Google’s Nexus 7 is the clear winner. You get an open platform, easily rootable, state-of-the-art quad-core tablet running the latest version of Android. And it supports every VoIP requirement you can dream up: Google Voice, SIP, Skype, and VPN support. The 16MB version is available for $199 directly from Google, WalMart, or Staples. That’s over $100 less than the comparable, but inferior, iPad Mini. Because the iPad Mini lacks GPS support in the WiFi model, turn-by-turn navigation is out of the equation. At least for us, it is one of the major must-have features for any tablet device.

Happy Thanksgiving!

Tweet

Originally published: Tuesday, November 13, 2012  

---

Need help with Asterisk? Visit the PBX in a Flash Forum.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest…

1. Some of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. [↩]

What a difference a Jelly Bean can make! Home runs don’t come easy in the technology arena especially in the tablet market with a third-generation, 800-pound gorilla named iPad® already sitting in the room and an upstart Kindle Fire® threatening to burn the house down. But, if you’ve been disappointed by the fit and finish of previous Android releases, then it’s time to have another look. Whether you’re a road warrior or a couch potato, you’re gonna love the new Nexus 7 quad-core tablet from Asus. Open the case and look into your Nexus 7′s eyes. Blink once¹ and boom. Your desktop appears. Incredible features. Stunning performance. And unbelievable price.

We like to start with the bad news. There’s not much: no rear-facing camera, no microSD expansion slot, and no HDMI port. Don’t make the mistake of buying the 8GB tablet. While $199 is appealing, you’ll quickly wish you’d spent the additional $50 to purchase the 16GB flavor. Remember, the storage is not expandable. But, if you hurry, you’ll get a $25 gift card to Google Play. So go for broke and splurge. You’ll want to fill all 16 gigs with lightening fast Android apps. And there’s no longer a shortage of choices. Almost anything that you’d find on an iPad is available for the Nexus 7… and then some. The one missing feature in Jelly Bean is Flash support. That’s Adobe’s doing, not Google’s. But there’s an easy fix. Load the Firefox Beta browser and side load the Adobe Flash Play 11.1 apk, and you’re back in business.

If you follow our musings on Nerd Vittles, you know that we eat our own dog food. So our Nexus 7 has both a PPTP VPN and NeoRouter VPN activated. We connect back to our PBX in a Flash server through one of the VPN connections and log in as an extension on the home Asterisk® server using Bria for Android. We activate a Google Voice account using GrooVe IP. And we connect back to an OBi device in the home office using OBiON. That makes three active phones for inbound and outbound calls right on the Nexus 7 desktop. Incoming calls to our home office pop up using Gtalk with the new Nerd Vittles’ GV Call Notifier.

As you can see from the above screenshot (actual screen size), our most recent Gmail messages, Google Calendar, and today’s weather forecast for our current location are displayed whenever the tablet is opened for use. The PIAF Forums are one click away with Tapatalk as is access to your favorite dozen apps and 20,000 of your favorite songs.

Drooling for Apple’s Siri? You’ll love the new, voice-activated Google Search which puts Siri to shame. Watch the video above and decide for yourself. And then there’s Google Now:

It tells you today’s weather before you start your day, how much traffic to expect before you leave for work, when the next train will arrive as you’re standing on the platform, or your favorite team’s score while they’re playing. And the best part? All of this happens automatically. Cards appear throughout the day at the moment you need them.

The Nexus 7 also sports a gyroscope, accelerometer, magnetometer, NFC, Bluetooth 4.0, and a GPS chip that can take advantage of Google Maps new off-line mode when WiFi isn’t available. Want to take a high-res screenshot? Just hold down the Power and Vol/Down buttons at the same time, and presto, your screenshot is saved. Video conferencing also is a breeze using either Google Talk or Skype. File transfers are equally easy thanks to NFC. Just tap two Jelly Bean devices together and the file transfer is on its way wirelessly. And then there’s Google Wallet which lets you pay for purchases with the tap of your Nexus 7. In a revolutionary move, there’s also a well-written, real User’s Guide (as in book) at your fingertips. Just click the Book icon to access your entire book collection including the User’s Guide. We could go on, but you get the idea. It’s revolutionary as is the price!

We can’t really show the near instantaneous response that a quad-core processor provides. Suffice it to say, this isn’t a Kindle Fire brimming with compromises to save on production costs. It’s a fast, no-compromise, state-of-the-art tablet with battery life that rivals any iPad. Because of web constraints, the above screenshots really don’t provide an accurate rendering of the actual screen resolution. Simply put, the 1280×800 WXGA screen leaves the Kindle Fire in the dust. Watching 720p videos of the Summer Olympics is nothing short of amazing with images literally jumping off the screen. For those of you that still wear suits to work, the Nexus 7 will fit comfortably in your inside suit pocket. Weighing in at just 12 ounces, you won’t be listing to one side from carrying the Nexus 7 in your pocket. In fact, it’s about 20% lighter than a Kindle Fire which makes a huge difference with the form factor of this device.

Last but not least, the setup process is now as smooth as silk. In about 5 minutes, everything is configured, your Gmail, Google Calendar, and Google Music and photo collections are all synced and ready for use. Run, don’t walk, and buy this tablet. It’s that good. And it’s less than half the cost of the cheapest, entry level New iPad. Does it replace a desktop PC or Mac? No. Could it replace an iPad? In a heartbeat.

Tweet

Originally published: Monday, July 30, 2012

---

Astricon 2012. Astricon 2012 will be in Atlanta at the Sheraton beginning October 23 through October 25. We hope to see many of you there. We called Atlanta home for over 25 years so we’d love to show you around. Be sure to tug on my sleeve and mention you’d like a free PIAF Thumb Drive. We’ll have a bunch of them to pass out to our loyal supporters. Nerd Vittles readers also can save 20% on your registration by using coupon code: AC12VIT.

---

Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.

---

whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest…

1. In case you’ve forgotten, one of the criticisms of the original face recognition device security was the fact that you could hold up a photo of the person with another device and walk right into the tablet. Forcing the person to blink once pretty much solves that. Most photos don’t blink. [↩]

Everybody has their own favorite way to start the day. If music doesn’t happen to be your thing, then perhaps a hotel-style wakeup call will fit the bill. Once installed, you can dial *68 from any extension on your Asterisk® PBX and schedule a hotel-style wakeup call complete with snooze alarms. You also can designate extensions that can serve as administrators to schedule wakeup calls for any extension on your system. And, no, this won’t interfere with Nerd Vittles Telephone Reminder System when your requirements demand something a bit more flexible and robust.

Prerequisites. The latest module is specifically designed for integration into any current version of FreePBX® (works fine in 2.8, 2.9, and 2.10) so all of the FreePBX-based aggregations should work just fine so long as your favorite includes a fairly recent version of FreePBX. Your server also needs PHP5.

Installation. The installation process couldn’t be simpler. First, download the software from the new POSSA Repository to your Desktop. Our special thanks to Andrew Nagy and Lorne Gaetz for their tireless work on the PBX Open Source Software Alliance. Don’t decompress the archive! Now use a web browser to access FreePBX on your Asterisk PBX. Choose Tools, Module Admin, Upload Module. Now Browse to the hotelwakeup-1.2.5.3.tgz file on your Desktop and click the Upload button. Now click local module administration, scroll down and click on Wake Up Calls and then the Install radio button. Now click Process, and complete the usual FreePBX install and reload process. It takes longer to explain it than it’ll take you to do it. Make certain that the PHP time zone is set correctly on your system, or the wakeup calls may arrive at unexpected times. HINT: Nothing beats a trial run!

Configuration. When you complete the install process, there will be a new option on your Tools menu bar in FreePBX called Wake Up Calls. Click on this option and decide whether you want to activate Operator mode to enable some extensions to schedule wakeups for every extension on your PBX. Then select the number of digits in your extensions, how long to ring when a wakeup call is placed, how long to wait to retry the call, and how many retry attempts to make. Now set the CallerID for the calls, and you’re finished. Click the Submit button and reload your Asterisk dialplan setup.

Trial Run. To make sure everything is working, you need to place a test call from both a regular extension and also an extension that you designated as an operator station if you chose to implement this. Just dial *68 and follow the prompts using 4-digit numbers for the desired wake up call times. Then wait for your wakeup call. Doesn’t get much easier than that. Enjoy!

Tweet

Originally published: Wednesday, February 25, 2009.

Updated: Thursday, May 24, 2012.

---

Need help with Asterisk? Visit the NEW PBX in a Flash Forum.

---

whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest…

We're big fans of playing with our own VoIP hardware. It has the advantage of allowing the installation of everything behind a secure, hardware-based firewall thereby eliminating almost all of the security issues associated with VoIP telephony. With PBX in a Flash™ and its Zero Internet Footprint™, you can run a secure VoIP server in your home or office with no port exposure to the Internet. This setup, of course, assumes that you have the necessary bandwidth to support Internet telephony and that you possess the necessary skill set to maintain your own Linux® server running Asterisk®, FreePBX®, Apache®, SendMail®, PHP®, and on and on. Not everyone does. And, of course, there are thousands of organizations in which employees and their phones are not colocated with the home office VoIP communications server. And, believe it or not, there are folks that run their VoIP server on the public Internet without any firewall protection. For all of you, today's your lucky day.

Lest you think that we've bitten off more than we can chew, we want to acknowledge the dozens of thought-provoking comments on the PIAF Forums that ultimately led to today's new release. That is the hidden beauty of open source development. So, thank you dad311, atsak, tbrummell, Hyksos, markieb, Ramblin, darmock, lowno, blanchae, bmore, vcallaway, jroper, mag, briankelly63, mbellot, phonebuff, The Deacon, Astrosmurfer, frontline, ou812, LostTrunk, lgaetz, kh40s, rossiv, and all of our other gurus that make the PIAF Forums a great place to learn something new every day.

Thanks to our good friends at RentPBX, who provide terrific technical and financial support to both Nerd Vittles and the PBX in a Flash project, you don't have to roll your own. And your phones can be anywhere because your communications server sits on the public Internet. If cost is a factor or for those outside the United States that need a U.S. presence to take advantage of services such as Google Voice, the $15 a month price point using the PIAF2012 coupon code makes RentPBX more than competitive with what it would cost you in electricity, Internet bandwidth, and hardware resources to do it yourself... minus the headaches. You get a stable PBX in a Flash or Incredible PBX platform from the git-go. In addition, issues of jitter and latency all but disappear from the VoIP equation because you can choose the site of your hosted PBX from a worldwide list of Internet POPs including five regions in the U.S. as well as Canada and Europe. Many sit within a few milliseconds of the Internet backbone.

What you don't have with a hosted PBX solution is a hardware-based firewall sitting between your server and the Big, Bad Internet. With PBX in a Flash, the risk is lessened because the IPtables Linux Firewall is baked into the fabric of PBX in a Flash. For a comprehensive overview of how IPtables works, read this article. It explains IPtables better than any book you could buy.

Today we're pleased to introduce Travelin' Man 3™, a completely new security methodology based upon FQDN Whitelists and DDNS. In a nutshell, you get set-it-and-forget-it convenience and rock-solid VoIP security for your Cloud-based PBX or any PBX in a Flash server that's lacking a hardware-based firewall and you get both transparent connectivity and security for your mobile or remote workforce. We'll quickly cover the mechanics of this new IPtables methodology that allows you to secure your hosted PBX without compromising flexibility. The nitty gritty details of IPtables and firewalls we'll leave for you to explore at your leisure.

And, speaking of leisure, we always get the question: "Have you tested it?" For frequent readers of Nerd Vittles, you already know the answer. We eat our own dog food! In the case of Travelin' Man 3, we gave it a healthy workout just last week from the deck of the Carnival Fantasy as we passed by Cape Canaveral and in Key West with 4G service, and finally in several ports with WiFi access in the Bahamas. The beauty of the new design is you'll know instantly if it's not working because you'll never get your VoIP SIP phone to connect back to your VoIP server. We had zero problems using nothing more than an Android phone for both DynDNS updates and Bria SIP phone service. Being a pioneer isn't always easy, but... Somebody's gotta do it™.

Unlike previous iterations of Travelin' Man, version 3 lets you configure remote phone access from the server and keep one or hundreds of phones in sync even with changing IP addresses using dynamic DNS update software at the sites of the remote phones. Whether the site is a remote office or a floating hotel room, any PC or Mac whether it's a desktop or netbook can automatically manage the dynamic DNS updates while keeping all of the local phones securely connected to the VoIP Cloud. And any jail-broken iPhone can manage the updates as well. With Android phones, it's even better. You have your pick of several great apps: DynDNS Client, Dynamic DNS Client, or Dynamic DNS Updater. We've found the DynDNS Client to be nearly perfect. As we'll explain in a minute, this version of Travelin' Man is not compatible with prior versions so you'll need to choose either the manual methodology of previous iterations or version 3 which does it automagically.

A New Approach to WhiteLists. Our new approach to IPtables is to lock down your server using a WhiteList of safe IP addresses and fully-qualified domain names (FQDNs) that should be given access to your hosted VoIP server. Then we'll periodically check to see if the IP addresses associated with the FQDNs have changed and make the necessary adjustments automatically. If any intruder attempts to access any port on your PBX, their packets are simply discarded by IPtables so the bad guys never know your server exists.

We've experimented with BlackLists for VoIP security, and the bottom line is they just don't work because of inherent problems with reliability and completeness. You spend your entire day updating lists of the bad guys only to discover that they've morphed to thousands of new IP addresses. Think Whack-A-Mole. IP addresses can easily be changed, and zombies have made attacks from third-party PCs a daily occurrence. Earlier this month, Nerd Vittles was hit with a denial of service attack from 30,000+ zombie PCs. This was in spite of the fact that we already block well over 100,000 IP addresses with the world's finest blacklists. Now it's 130,000. Of course, none of the owners of these PCs had any idea how their computers were being used. I'm reminded of a famous judge's secretary who received a knock at her door one Sunday morning from the FBI. They informed her that she was using her computer to host porno movie downloads. I won't offend your tender sensibilities by repeating what she actually told those "young men."

There's also the problem of dynamic IP addresses which means an address that was used by a bad guy yesterday may be handed out by the same ISP to your grandma tomorrow. And it didn't take the bad guys long to poison blacklists with IP addresses that you actually need for services such as DNS or network time services. If you've ever had an IP address that ended up on one of the major blacklists, you know what a hassle it is to get your IP address unBlacklisted. The Soup Nazi has nothing on these folks.

Bottom Line: Public web sites are pretty much forced to use BlackLists because they want their sites to be generally accessible. With a VoIP server, we have the luxury of choice, and WhiteLists are much more effective for server security.

Overview. Our recommended design works like this. Block everything. Then permit packets from known hosts and non-routable IP addresses only, and limit known hosts to only the services they actually need. For example, a VoIP provider such as Vitelity that is providing a DID for your inbound calls doesn't need web access to your server. They need SIP and RTP access. Nothing more. The same goes for a remote user: SIP and RTP access so their SIP phone works. Nothing more. You, as Administrator, need complete access to the server but only from a specific, defined IP address. We, of course, don't want IPtables to have to inspect and filter every single packet flowing into and out of your server because that would bog things down. And we don't want users on your private LAN and remote users with dynamic IP addresses to have to wrestle with updating their phones just to stay connected. So, we've opened up all non-routable IP addresses and, once we've verified that a remote site is authorized access, then subsequent packets flowing into and out of the server for that IP address will be passed along without additional packet inspection. And once we set up the FQDN for a remote user, local dynamic DNS update clients can be used to automate the process of keeping IP addresses current. Then, every few minutes, we'll let your server check whether there's been a change in any users' dynamic IP addresses. If so, we'll simply refresh the IP addresses of all FQDNs using an IPtables restart to bring the phones back to life. To end users, The Phones Just Work™.

Finally, a word about security for VoIP in the Cloud servers. If you run a virtual machine from any hosting provider with wide open access to SIP, IAX, and web services, it's just a matter of time before your server is going to be compromised, period! If you foolishly use credit card auto-replenishment for one or more of your hosting providers then you might as well mail a blank check to the bad guys and wait for them to cash it. Today's tools will take you less than a minute to permanently lock down your server. So... JUST DO IT™.

To give you some idea of how far the Android platform has come, here are a couple screenshots of our Samsung 4G Skyrocket smartphone running three simultaneous VoIP apps all day, every day: Bria SIP extension to our PIAF2 server in Charleston, CSipSimple extension to our RentPBX VM in California, and GrooveIP session with Google Voice. Try that on your 3G iPhone 4S.

We're officially releasing this for RentPBX users running PBX in a Flash 2™ or Incredible PBX 3™. These folks have been our pioneers for a very long time, and we like to take care of them first. Properly installed, Travelin' Man 3 should work fine on any PIAF2™ or Incredible PBX 3 system. We'll make a backup of /etc/sysconfig/iptables before replacing your IPtables setup with the PIAF2 default setup. It assumes ALL of your traffic is flowing on eth0. If that's not the case, don't use it without major modifications! We would hasten to add that Travelin' Man 3 is licensed as GPL2 open source software. So it's available NOW to everyone to use or to embellish as they see fit. We hope every provider of VoIP services offering virtual machines in the cloud as well as those without a hardware-based firewall to protect your Asterisk server will take advantage of the opportunity to customize and deploy this code for their particular IPtables environment. To paraphrase Bill Clinton: "It's your phone bill, stupid!"

Deploying Travelin' Man 3. Here's how to deploy Travelin' Man 3 on your server. In Step #1, we run secure-iptables. This locks down virtually all IP ports and services in the original IPtables configuration for PBX in a Flash to either the IP address or the FQDN of the administrator. Be advised that this setup uses the default ports for all PIAF2 services, e.g. SSH, WebMin, HTTP, etc. If you use custom ports, you'll need to modify the script accordingly. If the administrator is on the move or has a dynamic IP address on his or her desktop or notebook PC/Mac that will be used to administer the cloud server, then use an FQDN, not a static IP address, when you run secure-iptables.

Step #2 is automatic and is part of secure-iptables. It opens SIP and IAX port access for "trusted providers" such as Google, Vitelity, etc. This is covered in detail below. We also open accessibility from non-routable IP addresses. You obviously can close or limit private LAN access, if desired. We included it for the benefit of those running and administering PBX in a Flash on private LANs where internal security is not a concern.

In Step #3, we'll let you set up additional access for other providers, users, and phones. You get your choice of up to 9 separate services to enable, and each account gets a name and a file to keep track of the latest IP address entry: somename.iptables. These are stored in /root. Don't delete them! New accounts can be added using either a static IP address (add-ip) or an FQDN (add-fqdn). These accounts also can be deleted whenever necessary (del-acct). You can rerun secure-iptables whenever you like, but it automatically deletes all custom user accounts. Here's the list of services from which to choose. Mix and match as desired to meet your own requirements.

1 - SIP (UDP)
2 - SIP (TCP)
3 - IAX
4 - Web
5 - WebMin
6 - FTP
7 - TFTP
8 - SSH
9 - FOP

Just a word of caution. IPtables stores its setup in /etc/sysconfig/iptables, but it actually runs from an image in memory on your Linux server. As part of the load process, IPtables converts all FQDNs stored on disk to static IP addresses. This speeds up firewall processing enormously. While it's possible to add IPtables rules in memory without writing them to disk (as in the original Travelin' Man design), don't do it with Travelin' Man 3! You will lose these settings whenever IPtables is restarted by running any of the above scripts or whenever a refresh of FQDN IP addresses becomes necessary. Whatever you do, never ever run the command: service iptables save. This command is used to write the IPtables entries in memory to disk. In doing so it writes only static IP addresses to disk. This will erase (a.k.a. ruin) your Travelin' Man 3 FQDN setup and force you to start over with Step #1. Otherwise, none of your FQDN's would ever get refreshed because they've all disappeared and become static IP addresses. You've been warned.

Locking Down Your Server. While there's still time, let's spend a minute and lock down your server to the public IP address of the PC that you use to administer the system. If you don't know the public IP address of the desktop machine you use to manage your server, then click on this link using a browser on that machine, and our web site will tell you the IP address.

Now log into your virtual machine as root using SSH and issue the following commands:

cd /root
wget http://incrediblepbx.com/travelinman3.tar.gz
tar zxvf travelinman3.tar.gz
./secure-iptables

When prompted for the FQDN or IP address of your Administrator PC, use the FQDN if you have one. Otherwise, type in the IP address and press the Enter key. Agree to the terms of service and license agreement by pressing Enter. When the iptables file displays, verify that you have typed your FQDN or IP address correctly, or you will lock yourself out of your own server. Press Ctrl-X to exit the editor, and then press Enter to update IPtables and save your new configuration.

WARNING: If you use an FQDN for your Administrator PC and it points to a dynamic IP address, be sure to also add this same FQDN using add-fqdn. Otherwise, IP address changes will not be detected, and you may lock yourself out of your own server.

Nobody can access your server except someone seated at your PC or on your private LAN with your login credentials. You can repeat this process as often as you like because each time the script is run, it automatically restores your original IPtables configuration. Now let's grant access to your SIP providers and those using remote SIP or IAX phones.

Using DynDNS to Manage FQDNs. The key ingredient with Travelin' Man 3 is automatic management of dynamic IP addresses. When a user or even the administrator moves to a different location or IP address, we don't want to have to manually adjust anything. So what you'll first need is a DynDNS account. For $20 a year, you can set up 30 FQDNs and keep the IP addresses for these hostnames current 24-7. For $30 a year, you can manage 75 hostnames using your own domain and execute up to 600,000 queries a month. That's more than ample for almost any small business but, if you need more horsepower, DynDNS.com can handle it. What we recommend is setting up a separate FQDN for each phone on your system that uses a dynamic IP address. This can include the administrator account if desired because it works in exactly the same way. When the administrator extension drops off the radar, a refresh of IPtables will bring all FQDNs back to life including the administrator's account. Sounds simple? It is.

Preparation. Before we make further modifications to IPtables in Step #3, let's make a list of all the folks that will need access to your VoIP Server in the Cloud. For each entry, write down the name of the person, server, or phone as well as the type of entity which needs server access. Then provide either the static IP address or FQDN for each entry. If one or more of your IP addresses are dynamic (meaning the ISP changes them from time to time), we'll cover managing dynamic IP addresses in a minute. For now, just make up a fully-qualified domain name (FQDN) for each dynamic IP address using one of the available DynDNS domains. For static IP addresses, use the FQDN or the IP address. HINT: FQDNs make it easy to remember which entry goes with which provider.

Make a list of your providers NOT in this list: Vitelity (outbound1.vitelity.net and inbound1.vitelity.net), Google Voice (talk.google.com), VoIP.ms (city.voip.ms), DIDforsale (209.216.2.211), CallCentric (callcentric.com), and also SIPgate.com (sipgate.com), VoIPStreet.com (chi-out.voipstreet.com plus chi-in.voipstreet.com), Les.net (did.voip.les.net), Future-Nine, AxVoice (magnum.axvoice.com), SIP2SIP (proxy.sipthor.net), VoIPMyWay (sip.voipwelcome.com), Teliax, and IPkall. The providers listed above are already enabled in the secure-iptables setup script. We call them Trusted Providers only because we trust them and have personally used all of them. We consider them reliable folks with whom to do business. It doesn't mean others aren't. It simply means these are ones we have tested with good results over the years. The only providers you'll need to add are ones we haven't provided. Also be sure to check whether the FQDNs of the providers above cover the server for your account. If not, you'll need to manually add those FQDNs as well. Keep in mind that trusted providers will have full SIP and IAX access to your server so stick with tried-and-true providers for your own safety. The PBX in a Flash Forum and DSL Reports are good sources of information on The Good, The Bad, and The Ugly.

Finally, list with a name each phone that will be connected to an extension on your server. If you have 10 traveling salesmen, then you might want to name them all by last name and also provide FQDNs with their last names, e.g. smith.dyndns.org and jones.dyndns.org. No spaces or punctuation in names or FQDNs! We strongly recommend using FQDNs wherever you can because it means zero work for you when a provider changes an IP address. Here's the table we use:

Name
Type: Person, Provider, Server, Phone
IP Address Type: Static or Dynamic
FQDN or IP Address
Services Desired: SIP, IAX, Web, FTP, SSH, etc.

Step #3: Adding Authorized Users. Now take your list and add each account to your server while logged in as root and positioned in the /root directory. For static IP addresses, use add-ip. For dynamic IP addresses and FQDNs, run add-fqdn and plug in the FQDN for each account. When one of your accounts needs to be removed, just run del-acct from the /root folder on your server and plug in the name of the account to delete. If a user changes from a static IP address to a dynamic IP address or vice versa, just delete the user and then add them again with the new IP address or FQDN. All of the accounts are stored in /root and have names like this: name.iptables.

Step #4: Setting Up DynDNS Client Updates. There are actually two pieces in the Dynamic DNS update puzzle. At the end-user side, you need to deploy a DynDNS update client on the same subnet as the phone of your user. See the links above to download the update software you prefer. In the case of cellphones with SIP phone capability, this could be as simple as installing the DynDNS update client directly on the phone itself. Plug in your DynDNS credentials as well as the FQDN associated with the particular phone, and the rest is automatic.

Step #5: Setting Up IPtables Auto-Refresh. Finally, we need a way for your server to discover when a refresh of FQDNs becomes necessary because someone's IP address has changed. The simplest way to do this is to automatically run a simple script (ipchecker) that polls the DNS authoritative server to determine whether the dynamic IP address associated with an FQDN has changed. If so, we'll update the account.iptables file to reflect the new IP address and then restart IPtables. This will refresh all IP addresses associated with FQDNs. If all or most of your users spend time sleeping each day, you may wish to run the script only during certain (waking) hours of the day so your server has less of a load. The other consideration is how often to check. The guideline here is how long can any user live without their SIP phone being connected to your server. 10 minutes may be reasonable for some. 60 minutes may suffice for others. For us, it's 3 minutes. It's your choice. The way Travelin' Man 3 works is, whenever at least one account has an IP address change, it will trigger a restart of IPtables to do an IP address refresh for all of the FQDNs.

The top of the ipchecker script in /root looks like this:

#!/bin/bash

# Insert the account filenames to be checked below
# Remember to increment the account[#] for new entries

account[0]=larry.iptables
account[1]=curly.iptables
account[2]=moe.iptables

# ipchecker (c) Copyright 2012, Ward Mundy & Associates LLC.

You'll need to edit the script (nano -w /root/ipchecker) and modify the section in bold to reflect the actual FQDN account names you've created on your server that are associated with dynamic IP addresses only. You don't want to monitor accounts with static IP addresses or FQDNs that never get updated. When those extensions are off-line, it's not because their IP address changed, and restarting IPtables won't really help to improve the situation. Be sure to increment the account[n] array for each new account that you want to monitor and use the exact format shown in the example above. Before you enter an account in the script, display the contents of the file using cat /root/accountname.iptables. Make certain that the file includes BOTH an FQDN, then a space, and then an IP address. If not, delete the account (del-acct) and add it again using add-fqdn.

Once you've entered all of your accounts with dynamic IP addresses, save the script: Ctl-X, Y, then Enter. Run the script manually now to be sure it works as you intended: /root/ipchecker. Be advised that typos that list accounts that don't exist will cause problems. Error checking consumes processing cycles by requiring additional queries so we've left it out. That means it's solely up to you to check your account names for accuracy. And, remember, only include accounts that have dynamic IP addresses with FQDNs.

Step #6: Automating FQDN Refreshes with Cron. Finally, you'll need to add an entry to the bottom of /etc/crontab using nano. If you wanted the script to run 24 hours a day at 10 minute intervals, here's the command:

*/10 * * * * root /root/ipchecker > /dev/null

If you wanted the script to only run between the hours of 8 a.m. and 9 p.m. (server time zone) at 10 minute intervals, then you'd use something like this:

*/10 8-21 * * * root /root/ipchecker > /dev/null

On our RentPBX complimentary account which we use while traveling, we actually set the interval to 3 minutes. Since the DNS lookups use dig, changes on Android phones using the DynDNS client are almost instantaneous even with automatic switching between WiFi and cellular service. Finally, be sure to type date on your server and verify which time zone your cloud server thinks it's in! Adjust the times in /etc/crontab accordingly.

Be sure to check back here periodically for updates and follow the latest happenings about Travelin' Man 3 in this thread on the PIAF Forums. Enjoy!

Tweet

Originally published: Thursday, March 29, 2012

March 30 Update: We've released a 1.1 version based on some excellent recommendations from those that already have tried Travelin' Man 3. This new version lets you choose from 9 different web services to activate for each new user. Read all about it including how to update if you installed the original version yesterday. New downloads will get the updated 1.1 release.

December 3, 2012 Update: We've been alerted to a pretty serious security issue with the methodology that CentOS uses to start and restart iptables. In a nutshell, if you have an FQDN in your iptables file or in your Travelin' Man 3 FQDN rules that cannot be resolved to an IP address, iptables will not load properly when your system is booted. This basically would leave your server with no iptables firewall protection. The matter has been reported to the iptables Dev Team, and we are awaiting a response. In the meantime, you should regularly monitor your server to make certain that iptables is functioning properly. iptables -nL will tell you which rules are active. If you don't see any of your VoIP-specific rules, then restart IPtables: service iptables restart. Watch the display for the location of the offending rule. Then edit /etc/sysconfig/iptables and either fix or remove the rule and restart IPtables again. Once iptables is actually working, you can avoid the problem with a failed FQDN by using the following command instead of service iptables restart: iptables-restore /etc/sysconfig/iptables. Unfortunately, this will not catch or fix an issue which occurs during the boot process. You also should edit line 64 of /root/ipchecker and replace the service iptables restart command with: iptables-restore /etc/sysconfig/iptables. New downloads already have the patch.

UNLESS YOU DISCONTINUE USING FQDN'S WITH IPTABLES, IT IS ABSOLUTELY ESSENTIAL THAT YOU MONITOR YOUR SERVER DAILY IF YOU ARE RELYING EXCLUSIVELY UPON IPTABLES AS YOUR FIREWALL PROTECTION MECHANISM AND YOU ARE USING FQDN'S AS PART OF YOUR CENTOS SECURITY METHODOLOGY!

---

Need help with Asterisk? Visit the NEW PBX in a Flash Forum.

---

whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.

---

 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 

---

Some Recent Nerd Vittles Articles of Interest...