Posts tagged: voip

View from the Trenches: A Fresh Look at VoIP Project Development in the Cloud

The world of cloud-based computing has profoundly changed over the past year. And today we want to take a fresh look at the cloud landscape for those of you that spend considerable time experimenting or tweaking software applications either for customers or for your own organization.

First, a brief paragraph of history. We began our cloud experiments almost seven years ago when Amazon S3 was still in its infancy. At the time, Amazon S3 was a real bargain even with all its development quirks. The adventure continued when we moved some production level systems to Amazon’s EC2 cloud in early 2013. What we quickly learned was just how expensive cloud computing could be once you reached the end of your “free year” with Amazon. As the cloud options continued to bloom, RentPBX began providing technical and financial assistance to our projects while also offering inexpensive, production-quality VoIP services in the cloud at truly bargain basement prices: $15 a month. That barely covers the electric bill for many folks hosting their own local servers. And RentPBX servers are unique. They don’t commingle other processor-intensive applications on their servers. All of their servers are pure VoIP which makes for an incredibly reliable cloud-based platform. Our special pricing still is available for those using PBX in a Flash and Incredible PBX. Just sign up with the coupon code: NOGOTCHAS. So that’s a little background.

But there are many of us that develop systems and experiment with new offerings as part of our daily routine. We build systems. We tweak systems. We blow up systems. And we start over, sometimes dozens (hopefully not hundreds) of times. To give you an example, our typical Incredible PBX build to support a new platform goes through twenty to thirty iterations before all of the kinks are worked out of the code. And that’s before the software development teams for CentOS, Ubuntu, Asterisk, Apache, SendMail, MySQL, and the Raspberry Pi “improve” anything. A production-quality cloud service really isn’t flexible enough to support this type of activity, and an affordable local server lacks the horsepower to keep setup times reasonable. On occasion, we use a high performance iMac coupled with VirtualBox for development, but that introduces some quirks that typically aren’t found on real world servers.

The good news is that there are two relatively new cloud offerings that fit very well with the requirements needed for rapid application development. We use both of them in slightly different ways so let us share our experience in hopes that it will save many of you some time experimenting.

We can’t say enough good things about Digital Ocean. Despite a few growing pains from time to time, Digital Ocean provides a vast assortment of cloud-based servers scattered all around the world. There are servers in New York, San Francisco, Amsterdam, London, Frankfurt, and even Singapore. You can size your development platform to meet almost any requirement with prices starting at about 5¢ for a 7-hour day of development. That buys you a speedy 512MB/single-CPU platform with 20 gigs of storage and a terabyte of monthly bandwidth. Add a (free) 1GB cache to your build, and it’s the performance equivalent of our $3,000 standalone Dell servers. You can scale up from there to a platform with 64GB of RAM, 20 CPUs, 640GB SSD drive, and 9 terabytes of monthly data transfer for less than $1 an hour. The difference with this platform is you can create a CentOS, Ubuntu, Fedora, FreeBSD, or Debian server of any recent vintage in about one minute. There’s also a vast array of preconfigured applications for the specialists of the world:

Using our referral code, you get $10 of free service while we get a little spiff down the road to keep the Nerd Vittles lights on. Tear down of servers is almost instantaneous, and you simply pay for the time you used. Using the small platform for 90 minutes will set you back a whole penny. Some of our PBX in a Flash users are actually running production-level servers on this platform (which we don’t recommend), and the monthly cost is capped at $5. One of the best kept secrets at Digital Ocean is that you can take snapshots of your builds and store them at little to no cost. We have a dozen of them and have never paid a penny in storage fees. You also have the option of off-site backups for production platforms.

The new kid on the block is CloudAtCost.com. If you’re not into bleeding edge, this probably isn’t the offering for you. But it is dirt cheap. While you can pay by the month, CloudAtCost also has a revolutionary marketing strategy. You can pay for your virtual machine once (almost always at a substantial discount off the listed prices), and you get to use “your server” forever at no additional cost… at least as long as CloudAtCost stays in business. If this sounds like a pyramid scheme, you probably wouldn’t be the first to suggest that. Suffice it to say, their business has grown geometrically over the past year. And they recently announced CloudPRO which lets you pool resources from servers you previously have bought, and use them in much the same way as Digital Ocean but with no additional charges. So here’s today’s pricing:

To put things in perspective, the virtual machine equivalent of Digital Ocean’s smallest setup costs $17.50, ONE TIME! The Big Dog 3 platform with a one-time fee of $560 migrated to CloudPRO would provide you with the capability to create 8 smaller systems (1 CPU, 1GB RAM, and 10GB storage) as desired with no bandwidth limitations forever.1 Download and upload performance is fairly impressive using speedtest-cli:

So what’s the catch. Well, there are some. First, as you might imagine, these folks are much like the fella laying track in front of the steaming locomotive. Will that ever end? You’d better hope not because, when it does, the entire house of cards may come down. While Digital Ocean typically builds virtual machines in under a minute, CloudAtCost turnaround times are close to a day. Once your server is actually working, we’ve had a pretty good experience with the performance quality although there can be rough spots that usually are resolved within a day. The promise, of course, is to get build times down to a minute or two. But, frankly, we’re not holding our breath. As for platform support, there are plenty of options just like with Digital Ocean:

What is this platform good for? In our case, it’s almost perfect for off-site backups. You can judge the web performance for yourself by visiting the backup site for Nerd Vittles, or the PIAF Forum, or Incredible PBX, or PBX in a Flash. Would we use CloudAtCost for production? Not a chance. But for backups and demo servers, it’s AWESOME and CHEAP! If you’re a Nerd Vittles early bird, you can use our coupon code for an additional 20% off: Zu2eXYDYtU.

DEMO SERVER. We’ve actually set up an Incredible PBX server with Google Voice and an IVR of sample applications so you can judge the CloudAtCost performance for yourself. You can even try hacking the IP address if that’s your thing. We always love to test our firewall: nmap -sT -O 162.252.242.229. To try out Allison’s IVR, enter your 10-digit callback number below and then click the Click Here button once. Count to 10 and your phone should be ringing. After you answer the call and press 1, you’ll be connected to the IVR Demo in Canada. Don’t be shy.



Nerd Vittles IVR Demo Options
1 – Call by Name (say “Delta Airlines” or “American Airlines” to try it out)
2 – MeetMe Conference (password is 1234)
3 – Wolfram Alpha (say “What planes are overhead?”)
4 – Lenny (The Telemarketer’s Worst Nightmare)
5 – Today’s News Headlines
6 – Weather Forecast (say the city and state, province, or country)
7 – Today in History
8 – Speak to a Real Person (or maybe just Lenny if we’re out)

Originally published: Cinco de Mayo, 2015



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. forever: as long as CloudAtCost.com stays in business []

    VoIP’s Dirty Little Secret: Why ‘Unlimited’ SIP Trunks Are a Very Bad Deal


    The snazzy ads and free sign-up offers make so-called Unlimited SIP Trunks sound appealing. Let’s take a careful look at what a service such as SIPStation™ would actually provide and compare prices with what’s offered by providers such as Vitelity. Vitelity’s rates are competitive with those offered by many SIP providers as detailed in this PIAF Forum thread.

    Full Disclosure: Vitelity is a Platinum Sponsor of Nerd Vittles™ and our open source projects including PBX in a Flash™ and Incredible PBX™. We also happen to like their business practices and recommend them without hesitation.

    First, a couple of upfront gotcha’s to keep in mind. SIPStation trunks are touted as unlimited. Realistically, they’re limited in a number of ways. For openers, you can only make or receive ONE call at a time unlike trunks provided by most SIP providers that typically offer multiple channels for simultaneous calls. Second, you usually can’t spoof the CallerID number on all-you-can-eat trunks unlike the trunks offered by many providers. We’ll explain why that matters in a minute. Third, if you believe these one-call-at-a-time unlimited trunks provide truly unlimited calling, we’ve got some swamp land in Florida that may be of interest. Leave your trunks off-hook for 2 weeks playing music on hold and see how long your account lasts.

    One of the real beauties of VoIP technology and Asterisk® is that you can choose different providers to handle your incoming and outgoing calls. And you can choose still other providers to handle outbound calls in specific countries to take advantage of better calling rates. With a service such as SIPStation, you’re back to the old Ma Bell days, only worse. One incoming call means nobody else can receive an incoming call until the first caller hangs up or until you buy another $25 trunk. 1 It also means that no one else in the organization can make a simultaneous outbound call without buying additional trunks. At least with Ma Bell, you got call waiting. No such luck here. Another similarity to Ma Bell: the price tag.

    Now let’s suppose that your hardware store or restaurant needs four lines and 90% of the call traffic is incoming calls. With SIPStation, the monthly cost will be over $100. With a single Vitelity trunk and the PBX in a Flash special pricing, your cost for the phone number and four incoming calls at a time is $3.99 a month including 911 emergency service. That’s a 2500% price difference. And while you’d have to pay by the minute for the outgoing calls at a little less than a penny and a half a minute, in most businesses it amounts to chump change. So, unless your organization happens to make substantially more outgoing calls and makes several thousand minutes of outbound calls on every trunk every month, the business case simply isn’t there to justify any unlimited SIP trunking service. And, it gets worse.

    Most of these providers won’t let you spoof your CallerID number on the outbound calls so you are forced to use their trunks for all of your outgoing and incoming calls. If your business depends upon a readily identifiable phone number to transact business over the phone, that means you don’t have the option of using a trunk such as Vitelity’s for incoming calls while reserving SIPStation trunks for outgoing-only calls because the phone number of your business won’t match up. In case you didn’t know, inbound calls are less costly to providers than most outbound calls, hence the reason they prefer to bundle the two in all-you-can-eat plans.

    Let’s do the math for a typical business with support for 4 simultaneous calls. The cost from SIPStation would be $24.99/mo. x 4 channels plus $1/mo. for a single DID. That works out to $100.96 per month. Comparable service from Vitelity would run $3.99/mo. for the unlimited incoming calls with four simultaneous channels leaving a balance of $96.97 for pay-by-the-minute outbound calls. With Vitelity, that works out to 7,211 outbound calling minutes to break even. Anything less than 7,211 minutes of outbound calls a month saves you $14 a month per thousand minutes compared to SIPStation pricing for four ‘unlimited’ trunks. For a business that makes less than an hour of outbound calls a day, the savings would be over $70 a month!

    The math only tells half the story. There are at least a couple other major issues. With SIPStation, if 75% of your calls are incoming and your call volume is substantial, it means that much of the time you’ll only have one trunk available for outgoing calls. That limitation wouldn’t apply with Vitelity since incoming and outgoing calls are managed separately. In effect, you’d be getting the flexibility to make 4 outbound calls at a time using any providers you choose. Not only could you spoof your outbound calls with the CallerID of your incoming DID, but you also could still have 4 available channels for simultaneous incoming calls. Thus, you’ve effectively doubled the call capacity provided by SIPStation for the same money. These numbers obviously reflect substantial savings even for a small business. When you scale up to hundreds of trunks, the effect on your telecom budget will be downright staggering.

    Finally, there’s the SIPstation design and forced integration into FreePBX®. As we’ve mentioned previously, it’s the only non-essential component in FreePBX that cannot be easily removed from within the FreePBX GUI. While you’re not forced to sign up, it does mark a new low by introducing NagWare into an open source product. Yesterday, that lock-in bit everyone in the butt. Because of one or more bugs in some FreePBX updates that were pushed out, entire systems were blown out of the water when attempting a generic FreePBX update of modules from within the GUI using Module Admin. One of the affected modules reportedly was SIPStation which could not be removed. The dilemma was that FreePBX functionality could not be restored without first removing the SIPStation module. For the benefit of those still struggling, here’s how to permanently remove it from your server “the old-fashioned way.” Log into your server as root and issue the following commands:

    amportal a ma uninstall sipstation
    rm -rf /var/www/html/admin/modules/sipstation
    

    Here’s Our Recommendation. Start with a service such as Vitelity and take advantage of the discount coupon below. Then monitor your incoming and outgoing call volume in your business for several months. Next, do the math and see if you don’t save hundreds, if not thousands, of dollars a year by using a provider such as Vitelity rather than an ‘unlimited’ SIP trunking service. Let us know your type of business and post the results of your testing for everyone else to see. Enjoy!

    Originally published: Wednesday, April 29, 2015



    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. To be fair, the trunks cost $24.99 per month. []

    Gotcha-Free PBX: GIT-R-Done with Incredible PBX for Asterisk-GUI (CentOS)

    For the die-hard developers out there, we are pleased to introduce a new version of Incredible PBX™ for Asterisk-GUI that uses GIT repos to build both Asterisk® and Asterisk-GUI with the same feature set of applications as our previous releases. You still get a Gotcha-Free PBX with pure and honest open source GPL code. No patent, trademark, or copyright minefields to trip you up. But this time around you’ll have an Asterisk platform that can be updated in seconds by running a simple upgrade script: upgrade-asterisk-to-current. Special thanks to Matt Jordan & Co. for the new GIT implementation. And our extra special thanks to Denver sports cartoonist, Drew Litton, for letting us share his GIT-R-DONE creation as well.

    This time around you’ll need a 64-bit CentOS 6.5/6.6 base platform. When you complete the 30-minute install procedure, you’ll have the very latest version of Asterisk 11 and Asterisk-GUI. Both are compiled from source on your hardware platform to maximize performance. The end result is the VoIP Trifecta… better, cheaper, and faster.

    Since the early Windows® days, we haven’t been big fans of GUI-only interfaces. Let’s face it. Some things can be configured more efficiently with less chance for error using other tools. Incredible PBX takes advantage of this hybrid technology by offering the best of all worlds. Administrators can use a GUI where it makes sense and use a text editor or simple web form where it doesn’t. There’s no MySQL middleware to obfuscate your Asterisk settings. So you can configure 8 VoIP trunks from 8 great providers in under 5 minutes. And there’s so much more…

    Target Audience: Home or SOHO/SBO in need of a turnkey, Gotcha-Free PBX Development Platform

    Default Configuration: Asterisk 11 with enhanced Asterisk-GUI, Kennonsoft GUI, and NANPA dialplan

    Platform: 64-bit CentOS 6.5/6.6 running on Dedicated Server, Cloud-Based Server, or Virtual Machine

    Minimum Memory: 512MB

    Recommended Disk: 20GB+

    Default Trunks: Google Voice, CallCentric, DIDlogic, Future-Nine, IPcomms, Les.net, Vitelity, VoIP.ms1

    Feature Set: Fax, SMS messaging, VPN, Reminders, ConfBridge Conferencing, AsteriDex, Voicemail, Email, IVR, News, Weather, Voice Dialer, Wolfram Alpha, Today in History, TM3 Firewall WhiteList, Speed Dialer, iNUM and SIP URI (free) worldwide calling, OpenCNAM CallerID lookups, DISA, Call Forwarding, CSV CDRs

    Administrator Utilities: Incredible Backup/Restore, Automatic Updater, Asterisk Upgrader, phpMyAdmin, Timezone Config, Plug-and-Play Trunk Configurator, WebMin, External IP Setup, Firewall WhiteList Tools

    Getting Started with Incredible PBX for Asterisk-GUI (GIT Edition)

    Here’s a quick overview of the installation and setup process for Incredible PBX for Asterisk-GUI:

    1. Choose a Hardware Platform – Dedicated PC, Cloud, or Virtual Machine
    2. Install Linux – 64-bit CentOS 6.5 or Scientific Linux Minimal ISO
    3. Download and Install Incredible PBX for Asterisk-GUI
    4. Install Incredible Fax for Asterisk-GUI (optional)
    5. Set Up Passwords for Incredible PBX for Asterisk-GUI
    6. Configure Trunks with Incredible PBX for Asterisk-GUI
    7. Connect a Softphone to Incredible PBX for Asterisk-GUI

    1. Choose a Platform for Incredible PBX for Asterisk-GUI

    Incredible PBX for Asterisk-GUI works equally well on dedicated hardware or a virtual machine. Just be sure you’ve met the minimum requirements outlined above and that you have a sufficiently robust Internet connection to support 100Kb of download and upload bandwidth for each simultaneous call you wish to handle with your new PBX.

    For Dedicated Hardware, we recommend an Atom-based PC of recent vintage with at least a 30GB drive and 4GB of RAM. That will take care of an office with 10-20 extensions and a half dozen or more simultaneous calls if you have the Internet bandwidth to support it.

    For Cloud-Based Implementations, this time around we recommend Digital Ocean because the GIT edition is designed to be a development platform with bleeding edge Asterisk 11 code.

    For Virtual Machine Installs, we recommend Oracle’s VirtualBox platform which runs atop almost any operating system including Windows, Macs, Linux, and Solaris. Here’s a link to our original VirtualBox tutorial to get you started. We suggest allocating 1GB of RAM and at least a 20GB disk image to your virtual machine for best performance.

    2. Install a Linux Flavor for Incredible PBX for Asterisk-GUI

    To be clear, we plan to support many Linux flavors other than RedHat. But Rome wasn’t built in a day so hang in there. We’re flippin’ burgers as fast as we can. For today, you’ll need a 64-bit version of CentOS or Scientific Linux 6.5/6.6. On some platforms, you install 6.5. After the initial update and upgrade steps, you’ll end up with 6.6. There are many flavors of CentOS and Scientific Linux. For Incredible PBX, a minimal install is all you need.

    With dedicated hardware, begin by downloading the 64-bit CentOS 6.6 minimal ISO. Boot your server with the ISO, and begin the install. Here are the simplest installation steps:

    Choose Language and Click Continue
    Click: Install Destination (do not change anything!)
    Click: Done
    Click: Network & Hostname
    Click: ON
    Click: Done
    Click: Begin Installation
    Click: Root Password: password, password, Click Done twice
    Wait for Minimal Software Install and Setup to finish
    Click: Reboot

    With most cloud-based providers, you simply choose the CentOS 6.5 platform in creating your initial image. 512MB of RAM is plenty so long as you have a swap file. Within a minute or two, you’re ready to boot up the server.

    For VirtualBox, download the Scientific Linux 6.6 minimal install .ova image from SourceForge. Then double-click on the image to load it into VirtualBox. Enable Audio and configure Network with Bridge Adapter in Settings. Then start the virtual machine. Default password for root is password.

    With VirtualBox, you can skip this step. For everyone else, log into your server as root and issue the following commands to put the basic pieces in place and to reconfigure your Ethernet port as eth0. On some platforms, some of the commands may generate errors. Don’t worry about it! Just make a note of your IP address so you can log back in with SSH from a desktop computer to begin the Incredible PBX install.

    For CentOS/Scientific Linux 6.5 minimal install:

    setenforce 0
    yum -y upgrade
    yum -y install net-tools nano wget
    ifconfig
    sed -i 's|quiet|quiet net.ifnames=0 biosdevdame=0|' /etc/default/grub
    grub2-mkconfig -o /boot/grub2/grub.cfg
    wget http://incrediblepbx.com/update-kernel-devel
    chmod +x update-kernel-devel
    ./update-kernel-devel
    reboot
    

    For CentOS/Scientific Linux 6.6 minimal install:

    setenforce 0
    yum -y upgrade
    yum -y install net-tools nano wget
    ifconfig
    reboot
    

    3. Install GIT-R-Done Edition of Incredible PBX for Asterisk-GUI

    cd /root
    yum -y install wget
    wget http://incrediblepbx.com/incrediblepbx11gui-git.tar.gz
    tar zxvf incrediblepbx11gui-git.tar.gz
    #./create-swapfile-DO  #add this step for Digital Ocean droplets
    rm -f incrediblepbx11gui-git.tar.gz
    ./IncrediblePBX11-GUI-git.sh
    ./IncrediblePBX11-GUI-git.sh
    

    4. Install Incredible Fax for Asterisk-GUI (optional)

    Administrators have been trying to stomp out faxing for at least two decades. Here’s a hint. It ain’t gonna happen. So go with the flow and add Gotcha-Free Faxing to your server. It’ll be there when you need it. And sooner or later, you’ll need it. This install script is simple enough for any monkey to complete. Run the script and enter the email address for delivery of your faxes. Then, if you’re in the U.S. or Canada, press the Enter key to accept every default entry during the HylaFax and AvantFax installation steps. For other countries, read the prompts and answer accordingly. When the installation finishes, reboot your server to bring faxing on line. Be sure to change your AvantFax admin password. By default, it is password. You can use the script included in the /root folder: avantfax-pw-change. REMINDER: Don’t forget to reboot your server!

    cd /root
    ./incrediblefax11-GUI.sh
    ./avantfax-pw-change
    reboot
    

    Troubleshooting: If your IAXmodems don’t display with a green IDLE notation in the AvantFax GUI, you may need to restart them once more. After a second reboot, all should be well. The restart command is /root/iaxmodem-restart.

    5. Initial Configuration of Incredible PBX for Asterisk-GUI

    Incredible PBX is installed with the preconfigured IPtables Linux firewall already in place. It implements WhiteList Security to limit server access to connected LANs, your server’s IP address, your desktop computer’s IP address, and a few of our favorite SIP providers. You can add additional entries to this WhiteList whenever you like using the add-ip and add-fqdn tools in /root. There’s also an Apache security layer for our web applications. And, of course, Asterisk-GUI has its own security methodology using Asterisk’s manager.conf. Finally, we randomize extension and DISA passwords as part of the initial install process. Out of the starting gate, you won’t find a more secure VoIP server implementation anywhere. After all, it’s your phone bill.

    Even with all of these layers of security, here are 10 Quick Steps to better safeguard your server. You only do this once, but failing to do it may lead to security issues you don’t want to have to deal with down the road. So DO IT NOW!

    First, log into your server as root with your root password and do the following:

    Make your root password very secure: passwd
    Set your correct time zone: ./timezone-setup
    Create admin password for web apps: htpasswd -b /etc/pbx/wwwpasswd admin newpassword
    Make a copy of your other passwords: cat passwords.FAQ
    Make a copy of your Knock codes: cat knock.FAQ
    Decipher IP address and other info about your server: status

    Second, log into your server as admin using a web browser pointed to your server’s IP address:

    Click USERS tab in Incredible PBX GUI
    Click Asterisk-GUI Administration
    Log in as user: admin with password: password
    Immediately change your admin password and login again

    Log in to Asterisk-GUI again with your new password. Expand the options available in the GUI:

    Options -> Advanced Options -> Show Advanced Options

    Last but not least, Incredible PBX includes an automatic update utility which downloads important updates whenever you log into your server as root. We recommend you log in once a week to keep your server current. Now would be a good time to log out and back into your server at the Linux command line to bring your server up to current specs.

    6. Configure Trunks with Incredible PBX for Asterisk-GUI

    Now for the fun part. If this is your first VoIP adventure, be advised that this ain’t your grandma’s phone system. You need not and should not put all your eggs in one basket when it comes to telephone providers. In order to connect to Plain Old Telephones, you still need at least one provider. But there is nothing wrong with having several. And a provider that handles an outbound call (termination) need not be the same one that handles an incoming call (origination) and provides your phone number (DID). We cannot recommend Vitelity highly enough, and it’s not just because they have financially supported our projects for almost a decade. They’re as good as VoIP providers get, and we use lots of them. If you’re lucky enough to live in the U.S., you’d be crazy not to set up a Google Voice account. It’s free as are all phone calls to anywhere in the U.S. and Canada. The remaining preconfigured providers included in Incredible PBX for Asterisk-GUI are equally good, and we’ve used and continue to use almost all of them. So pick a few and sign up. You only pay for the calls you make with each provider so you have little to lose by choosing several. The PIAF Forum includes dozens of recommendations on VoIP providers if you want additional information.

    With the preconfigured trunks in Incredible PBX for Asterisk-GUI, all you need are your credentials for each provider and the FQDN of their server. Log into Asterisk-GUI Administration as admin using a browser. From the System Status screen, click Incredible PBX Apps. Click on each provider you have chosen and fill in the blanks with your credentials. When you’ve saved all of your settings, log into your server as root via SSH and type: service asterisk restart or asterisk-restart. You can also issue the command in the Asterisk-GUI by choosing the Asterisk CLI tab2 in the left column. Doesn’t get any simpler!

    Update: It should be noted that Incredible PBX for Asterisk-GUI also supports Anveo Direct trunks; however, they are configured differently because of the way Anveo handles the calls. You’ll need the PIN provided by Anveo to set up your trunk, and Anveo supports CallerID spoofing so you can enter any CallerID number for the trunk that you are authorized to use. You’ll find the Anveo Direct setup link in the Incredible PBX Apps tab. To route an outgoing call through Anveo trunk, dial 2 + any desired 10-digit number.

    Here is the complete list of dialing prefixes and the trunks to which they are associated:

    • 1 – Google Voice
    • 2 – Anveo Direct
    • 3 – Future Nine
    • 4 – CallCentric
    • 5 – DIDlogic
    • 6 – IPcomms
    • 7 – Les.net
    • 8 – Vitelity
    • 9 – VoIP.ms

    For free iNUM calling worldwide, the following dialing prefixes are supported in conjunction with the last seven digits of any destination iNUM DID. Free iNUM DIDs for your own PBX are available from both of these providers as well.

    • 0XXXXXXX – CallCentric
    • 90XXXXXXX – VoIP.ms

    Finally, in addition to the native Asterisk motif implementation of Google Voice (covered below) which uses insecure authentication with Google Voice, we also support the new Simonics SIP gateway to Google Voice using OAUTH authentication. Just click this link for the installation script and tutorial.

    7. Configure a Softphone with Incredible PBX for Asterisk-GUI

    We’re in the home stretch now. You can connect virtually any kind of telephone to your new Gotcha-Free PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.

    We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 6002 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 6002 password. Choose Users -> 6002 and write down your SIP/IAX Password. You can also find it in /root/passwords.FAQ. Fill in the blanks using the IP address of your server, 6002 for your account name, and whatever password is assigned to the extension. Click OK to save your entries.

    Once you are registered to extension 6002, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

    7001 - IVR Demo
    123 - Reminders
    947 - Weather by ZIP Code
    951 - Yahoo News
    *61 - Time of Day
    TODAY - Today in History

    If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.

    Configuring Google Voice

    If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

    IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail.

    If you have difficulty finding the Google Chat option after setting up a new Google Voice account, follow this tutorial.

    Once you’ve created your Gmail and Google Voice accounts, go to Google Voice Settings and click on the Calls tab. Make sure your settings match these:

    • Call ScreeningOFF
    • Call PresentationOFF
    • Caller ID (In)Display Caller’s Number
    • Caller ID (Out)Don’t Change Anything
    • Do Not DisturbOFF
    • Call Options (Enable Recording)OFF
    • Global Spam FilteringON

    Click Save Changes once you’ve adjusted your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

    One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

    Now you’re ready to configure your Google Voice account in Incredible PBX. You can do it from within Asterisk-GUI by choosing Google Voice within the Incredible PBX Apps tab. Once you entered your credentials, don’t forget to restart Asterisk, or Google Voice calls will fail. If you still have trouble placing or receiving calls, try these tips.

    OK, Smarty Pants: Show Me the Beef!

    We know what some of you are thinking. “What does a fast food worker really know about VoIP and Gotcha-Free PBXs?? Before I waste a bunch of time on this, show me the beef!” Fair enough. Sit by your phone and click the Call Me icon below. Type in a fake name and your real phone number. Click the Connect button, answer your phone when it rings, and press 1. You’ll be connected to the Incredible PBX IVR for Asterisk-GUI. Pick an option from the menu of choices and take the Incredible PBX apps for a spin on our dime… actually it’s Google’s dime. Everything you see and hear is part of what you get with Incredible PBX for Asterisk-GUI including the ability to set up your own click-to-dial web interface exactly like this one. The demo just happens to be running on our Mac desktop instead of yours. So… what are you waiting for? Click away and try Incredible PBX for yourself. And, by the way, nobody besides the NSA and Google will be monitoring your call. 😉



    Nerd Vittles Demo IVR Options
    1 – Call by Name (say “Delta Airlines” or “American Airlines” to try it out)
    2 – MeetMe Conference (password is 1234)
    3 – Wolfram Alpha (say “What planes are overhead?”)
    4 – Lenny (The Telemarketer’s Worst Nightmare)
    5 – Today’s News Headlines
    6 – Weather Forecast (say the city and state, province, or country)
    7 – Today in History
    8 – Speak to a Real Person (or maybe just voicemail if we’re out)

    Homework Assignment: Mastering the Asterisk-GUI

    We’ll have more to say about the Incredible PBX applications next week. In the meantime, you have some homework. You need to learn all about Asterisk-GUI and how to make the best use of its powerful feature set. Here’s one word of warning. We mentioned that Incredible PBX was a hybrid system that combines some customized settings with the standard Asterisk-GUI interface. Before modifying existing settings for the default trunks, extensions, and default routes, take a look at the credentials* files in /etc/asterisk. If you modify any of these trunk entries or the Outgoing or Incoming Call Rules in Asterisk-GUI, you may break the Incredible PBX setup. So steer clear of that minefield until you know what you’re doing. Adding new extensions and additional trunks is perfectly fine and will not break anything.

    Rather than reinvent the wheel, we’ll point you to some excellent tutorials that already have been written. Start with Chapter 3 of Digium’s Asterisk Appliance™ Administrator Manual. Next, review Chapter 11 of The Asterisk Book (Second Edition). Finally, take a look at a couple of the tutorials that have been written by other companies that incorporated Asterisk-GUI into their hardware products, e.g. Yeastar’s MyPBX SOHO User Manual and Grandstream’s UCM6100 User Manual. Then check back with us next week for Chapter 2.

    In the meantime, if you have questions, join the PBX in a Flash Forums and take advantage of our awesome collection of gurus. There’s an expert available on virtually any topic, and the price is right. As with Incredible PBX, it’s absolutely free.

    We also are quickly building a collection of tutorials tailored specifically for Incredible PBX for Asterisk-GUI:

    Enjoy your new Gotcha-Free PBX!

    Now Available: The Gotcha-Free Incredible PBX Application User’s Guide

    Originally published: Monday, April 20, 2015


    Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. Vitelity and Google provide financial support to Nerd Vittles and the Incredible PBX project. []
    2. If, for some reason, the Asterisk CLI tab does not appear on your server, click Options -> Advanced Options -> Show Advanced Options. []

    The Two Amigos on Cloud 9: Introducing Incredible PBX for Elastix @ RentPBX

    We continue the Gotcha-Free PBX adventure today with an open source alternative for which many have been clamoring, another affordable Cloud-based Asterisk® platform with the no-strings-attached Elastix 2.5 GUI. In addition to a $15 a month hosting plan, the icing on the cake is the quick 10-minute automated setup on your choice of a dozen servers throughout the U.S. as well as Canada and Europe. If you can find the Enter key on a keyboard, then you can handle the complexity of the RentPBX setup for Incredible PBX for Elastix 2.5. When you’re finished, you’ll have a turnkey PBX featuring some terrific open source software. The software is all free, subject only to the terms of the open source licenses.

    Target Audience: Home or Office in need of a turnkey, Gotcha-Free Elastix PBX in the Cloud

    Default Configuration: Asterisk 11 with enhanced Elastix 2.5 GUI

    Platform: CentOS 5.11 running on RentPBX Cloud-Based Server platform

    Memory: 400 MB with 415 MB swap

    Disk Size: 20 GB

    Default Trunks: CallCentric, DIDlogic, Future-Nine, IPcomms, Les.net, Vitelity, VoIP.ms, Gvoice1

    Feature Set: Fax, SMS messaging, NeoRouter/PPTP VPN, Reminders, ConfBridge Conferencing, AsteriDex, Voicemail, Email, IVR, News, Weather, Voice Dialer, Wolfram Alpha, Today in History, TM3 Firewall WhiteList, Speed Dialer, iNUM and SIP URI (free) worldwide calling, DISA, Call Forwarding, Tailorable CDRs

    Administrator Utilities: Incredible Backup/Restore, Automatic Updater, phpMyAdmin, Timezone Config, WebMin, Admin Password Configurator, ODBC/MySQL Database Configurator, Firewall WhiteList Tools

    Getting Started with Incredible PBX for Elastix 2.5 (Cloud Edition)

    Here’s a quick overview of the installation and setup process for Incredible PBX for Elastix 2.5 @ RentPBX.com:

    1. Sign Up for Incredible PBX for Elastix 2.5 in the Cloud
    2. Complete the Install of Incredible PBX with two automatic reboots
    3. Set Up Passwords for Incredible PBX
    4. Configure Trunks with Incredible PBX
    5. Connect a Softphone to Incredible PBX
    6. Configure SMTP Mail for Incredible PBX

    1. Sign Up for Incredible PBX for Elastix 2.5 in the Cloud at RentPBX.com

    Visit RentPBX.com and choose the Elastix build option. Then complete the following steps:

    Step #1. Select a location for your cloud-based server.

    Step #2. Choose Elastix 2.5 IncrediblePBX Ready option.

    Step #3. Specify a hostname for your server.

    Step #4. When you begin the payment/checkout phase, enter your coupon code to take advantage of the $15/month discounted rate: NOGOTCHAS. Wait for the confirmation email with your server credentials and dedicated IP address.

    2. Complete the Install of Incredible PBX

    Nothing tricky here. It’s a 10-minute automated setup. Log into port 20022 of your server as root with your default password using SSH or Putty. Once you’re logged in, RentPBX will go through two setup cycles to complete the install and randomize all of your passwords for Incredible PBX. The first pass addresses some security vulnerabilities in the Elastix 2.5 base install and then prompts for the MySQL root password which must be passw0rd (with a zero). Next, you’re prompted to set up an admin password for the GUI. Make it secure! Then your server will reboot. After 60 seconds, log back in to port 20022 as root with your default password again. Type y to install Incredible PBX. Incredible PBX will first apply the latest upgrades for CentOS and Elastix. Be patient. The list is a long one. After the second reboot, log back into your server on port 20022 as root one final time and let Incredible PBX complete the install and secure your server. You’ll need to enter your MySQL and GUI passwords once again. Be sure to use passw0rd for MySQL! After the third reboot, log back into your server on the standard port 22 as root. Allow Incredible PBX to run its Automatic Update Utility to bring your system current. That’s it. You now have a secure, turnkey Elastix® PBX that’s ready for use.

    3. Initial Configuration of Incredible PBX for Elastix 2.5

    Incredible PBX is installed with the preconfigured IPtables Linux firewall already in place. It implements WhiteList Security to limit server access to your server’s IP address, your desktop computer’s IP address, and a few of our favorite SIP providers. You can add additional entries to this WhiteList whenever you like using the add-ip and add-fqdn tools in /root. There’s also an Apache security layer for web applications. And, of course, Elastix 2.5 has its own security methodology. RentPBX randomized extension and DISA passwords as part of the initial setup process. Out of the starting gate, you won’t find a more secure VoIP server implementation anywhere. After all, it’s your phone bill.

    Even with all of these layers of security, here are 5 Quick Steps to better safeguard your server. You only do this once, but failing to do it may lead to security issues you don’t want to have to deal with down the road. So DO IT NOW!

    Log into your server as root with your root password and do the following:

    Make your root password very secure: passwd
    Set your correct time zone: ./timezone-setup
    Create admin password for web apps: htpasswd -b /etc/pbx/wwwpasswd admin newpassword
    Make a copy of your other passwords: cat passwords.FAQ
    Decipher IP address and other info about your server: status

    Using a browser, you’re not ready to log into the Elastix 2.5 GUI with your new admin password.

    4. Activate Trunks with Incredible PBX for Elastix 2.5

    For those migrating from another aggregation including PBX in a Flash, this should be familiar territory for you. Using a browser, log into Elastix 2.5 at the IP address of your server. Before you can actually make or receive calls outside your PBX, you’ll need at least one trunk. In the Elastix 2.5 GUI, click PBX -> Trunks. Once you have your credentials from a provider, choose a provider from the list of preconfigured trunks on the right or create a new one. If you’re using one of the preconfigured options, remember to enable the trunk after adding your desired CallerID and credentials. Then save your settings and reload your Asterisk dialplan. That’s it. You’re ready to go.

    5. Configure a Softphone with Incredible PBX for Elastix 2.5

    Incredible PBX comes preconfigured with two extensions (701 and 702) that let you connect phones to your PBX. You can connect virtually any kind of telephone to your Elastix 2.5 PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP.

    We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. You can find them in /root/passwords.FAQ. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password is assigned to the extension. Here’s what your entries should look like. Click OK to save your entries.

    Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Here are a few numbers to get you started:


    123 - Reminders
    947 - Weather by ZIP Code
    951 - Yahoo News
    222 - ODBC Lookup (try: 12345)
    DEMO - Allison's IVR Demo
    TODAY - Today in History

    6. Configuring SMTP Mail with Incredible PBX for Elastix 2.5

    Outbound email support using Postfix is preconfigured with Elastix 2.5. You can test whether it’s actually working by issuing the following command using your destination email address after logging in as root:

    echo "test" | mail -s testmessage yourname@gmail.com
    

    If you don’t receive the email message within a minute or two and you’ve checked your spam folder, chances are your ISP is blocking downstream SMTP servers in an effort to combat spam. Comcast is one of the usual suspects. To enable outbound email service for delivery of voicemail and other email messages with a provider blocking downstream SMTP servers, you first need to obtain the SMTP domain of your ISP, e.g. smtp.comcrap.net. Next, edit /etc/postfix/main.cf and add your SmartHost entry [in brackets] to the line that begins like this: relayhost =. The line should look like this: relayhost = [smtp.comcrap.net]. Save your addition and restart Postfix: service postfix restart. Be sure to try another email test message after completing the SmartHost update. To use Gmail as your mail relay, see this tutorial.

    Configuring Google Voice

    We have included the Python implementation of gvoice in /root for those that want to experiment by making calls and sending SMS blasts the “old-fashioned” way. While Elastix does not directly support native Asterisk 11 Google Voice functionality, you now can use a SIP gateway to access Google Voice and make free calls in the U.S. and Canada.

    Homework Assignment: Mastering Incredible PBX for Elastix 2.5

    We’ve put together a complete tutorial for the applications included in Incredible PBX for Asterisk-GUI. Most of it is fully applicable to Elastix 2.5 as well. That should be your next stop. Then you’ll be ready to tackle Elastix 2.5. Google is your friend. Do some exploring, and we’ll post links to great articles on this terrific platform as we discover them. Your suggestions are also welcomed!

    In the meantime, if you have questions, join the PBX in a Flash Forums and take advantage of our awesome collection of gurus. There’s an expert available on virtually any topic, and the price is right. As with Incredible PBX, it’s absolutely free. The same applies to the Elastix forum.

    And if all of that wasn’t enough, feast your eyes on the Elastix Add-Ons that are only a button click away:

    Download (PDF, 619KB)

    Originally published: Friday, March 27, 2015


    Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. Vitelity, Google, and RentPBX provide financial support to Nerd Vittles and the Incredible PBX project. []

    The Gotcha-Free PBX: Harnessing SIP URIs for Free Worldwide Calling

    We continue the Incredible PBX for Asterisk-GUI adventure today with a close look at SIP URIs, those email-like addresses that are the fundamental building blocks for VoIP technology. Consider this. If everyone in the world had a SIP address instead of a phone number, every call to every person in the world via the Internet would be free. That pretty much sums up why SIP URIs are important. The syntax for SIP URIs depends a bit upon your platform. In the Asterisk® world, they look like this: SIP/somenameORnumber@FQDN.yourdomain.com. On many SIP phones, you enter SIP URIs in the following format: sip:somenameORnumber@FQDN.yourdomain.com. Others use somenameORnumber@FQDN.yourdomain.com. Assuming you have a reliable Internet connection, once you have “dialed” a SIP URI, the destination SIP device will ring just as if they had a POTS phone. And Asterisk processes SIP URIs in much the same way as other calls originating from trunks. As noted, SIP URI calls of any duration to anywhere are free. And, of course, Incredible PBX is also free with No Gotchas!

    In our original articles on Incredible PBX for Asterisk-GUI, we covered outbound calls to SIP URIs, and we’ll briefly review that procedure today. Then we’ll move on to setting up one or more SIP URIs for your own server so that you can receive incoming SIP URI calls. We’ll show you how to route them to any destination you like, both internal and external. We’ll also address the security implications of enabling SIP URI calling on your server. You don’t want the whole world calling into your server to make outbound calls on your nickel. We’ll also walk you through a safer SIP methodology in which you use a service provider as a SIP intermediary to better protect the security of your server. And finally, we’ll show you how to interconnect your new SIP URIs to real telephone numbers at zero cost. Then your friends without a SIP URI still can call you from any POTS or cellphone in the world.

    SIP URI Calling with Incredible PBX for Asterisk-GUI

    With one line of dialplan code, you can add Speed Dials for free SIP URI calling worldwide. The dialplan code is stored in the [CallingRule_SIP_URI] context in extensions_custom.conf. Just clone one of the existing entries, designate a speed dial number to connect to the SIP URI, and enter the SIP URI for the destination. Numerous SIP providers support assignment of SIP URI’s to existing DIDs for unlimited free calling from anywhere in the world. Here’s a sample using a speed dial code of 53669 (L-E-N-N-Y). Use it for your telemarketers: exten = 53669,1,Dial(SIP/2233435945@sip2sip.info).

    Choosing a SIP URI Strategy with Incredible PBX for Asterisk-GUI

    Before we actually create SIP URIs on your own server to receive anonymous calls, let’s walk through the available implementation strategies so that you can make an informed choice on how best to proceed. Keeping in mind that SIP URIs consist of an identifier and a fully-qualified domain name (FQDN) or IP address, one option is to use the same domain that you use for your company. We don’t recommend this approach because it makes it easy to guess where your SIP resources reside. Another option is to use a really obscure FQDN with your SIP URIs. Something like k43X20.mycompany.com or, for dynamic addresses, something like k43X20.dyndns.org makes more sense. In the next section, we’re going to lock down SIP access to your server to this FQDN so the more obscure the FQDN the safer you will be. Security through obscurity still works wonders. A third option is to use the IP address of your server instead of an FQDN. That’s a bad choice because of programs like SIPVicious that the bad guys use to scan the Internet for potential SIP targets to be hacked.

    An alternative approach worth considering is to use a provider such as VoIP.ms as a SIP intermediary. In this scenario, you create a sub-account and assign an obscure extension number to that account. This in turn generates a SIP URI that can be used to connect to that account from your server by simply registering a VoIP.ms trunk in Incredible PBX. Once the trunk is registered, incoming SIP URI calls to your VoIP.ms sub-account will be forwarded (without cost) to your server without exposing Asterisk to SIP guest access at all. The wrinkle with this option is that VoIP.ms has often indicated that they plan to charge a reduced fee for these connections at some point. However, to date, they’ve never done it. If VoIP.ms shifts gears down the road, you obviously can as well. For the time being, we would encourage you to take advantage of this free service option. It remains our first choice for SIP URI implementation because there is no need to expose SIP resources on your server at all. VoIP.ms takes care of all the SIP security headaches leaving you to enjoy free calling. In the screenshot we’ve shown above, assuming your VoIP.ms account number was 12345, the SIP URI to connect to this sub-account would be 123458005551212@houston.voip.ms assuming you registered your trunk with the houston.voip.ms server.

    Creating Your Own SIP URIs with Incredible PBX for Asterisk-GUI

    The procedure for creating one or more SIP URIs on your own Incredible PBX server is straight-forward:

    1. For servers behind a hardware-based firewall, map UDP 5060 (SIP) to your server
    2. Enable allowguest access in [general] context of sip.conf
    3. Create desired SIP URIs in [public] context of extensions.conf

    1. Unless your server is sitting on the public Internet without a hardware-based firewall, you’ll need to map UDP port 5060 (SIP) from the firewall to the private LAN address of your server. Otherwise incoming SIP calls will never reach Incredible PBX. Most routers have a Port Forwarding tab in which you designate the port to be forwarded, the type of port, and the destination IP address. Consult the manual for your router/firewall for detailed instructions.

    2. Changing the allowguest setting in the [general] context of sip.conf is mandatory since the purpose of SIP URI calling is to accept calls from unregistered users. The risk, of course, is that anyone in the world with an Internet connection can attempt to connect to your server. More on that later. For now, issue this command after logging into your server as root:

    sed -i 's|allowguest=no|allowguest=yes|' /etc/asterisk/sip.conf
    

    Once you issue this command and restart Asterisk, the setup of Incredible PBX for Asterisk-GUI is to route anonymous SIP calls to the [public] context in extensions.conf. Only extensions in this context will be exposed to anonymous callers. This is important. NEVER change the destination context for these calls to one that provides unrestricted access to the calling resources on your server. The reason should be obvious. But, in case it isn’t, this would permit anonymous callers to use all of your trunks to place outbound calls to anywhere… on your nickel. $100,000 phone bills are the usual result.

    3. There are two important facets in creating your own SIP URIs for anonymous access to your server. As touched upon previously, the first is choosing an obscure FQDN for your server. This is a really important layer of security for a couple of reasons: (1) your anonymous caller has to know the actual FQDN of your server in order to reach you and (2) in the next step we’re going to lock down your server to only allow anonymous SIP access from this FQDN. So choose carefully. The second consideration is deciding which server resources you wish to expose for SIP URI access. Do you wish to permit SIP URI calls only to a specific extension or ring group, or perhaps a custom IVR just for SIP URI callers, or perhaps a conference or DISA access (very dangerous)?

    You can deploy more than one SIP URI. For each one, you’ll need a destination for the incoming call and an identifier or extension. Identifiers could be numeric, alphanumeric, or pure alpha characters. For example, 8005551212, joe6001, and accounting are all perfectly acceptable. The resultant SIP URI would be something like joe6001@k43X20.mycompany.com.

    As noted, for each destination on your server that you wish to enable for SIP URI access, you add a line of dialplan code to the [public] context in extensions.conf. The syntax is identical to what you’ve previously used in routing incoming trunk calls to a destination except we’ll restrict connections to those matching the identifier you’ve chosen for each SIP URI. Here are some examples to get you started.

    To route SIP URI accounting@k43X20.mycompany.com to Ring Group #1:
    exten = accounting,n,Goto(ringroups-custom-1,s,1)

    To route SIP URI joe6001@k43X20.mycompany.com to Extension 6001:
    exten = joe6001,n,Goto(default,6001,1)

    To route SIP URI demo@k43X20.mycompany.com to the Nerd Vittles demo IVR:
    exten = demo,n,Goto(voicemenu-custom-2,s,1)

    To route SIP URI lenny@k43X20.mycompany.com to an outside SIP URI:
    exten = lenny,1,Dial(SIP/2233435945@sip2sip.info)

    To route SIP URI conference@k43X20.mycompany.com to the default conference at extension 2663:
    exten = conference,1,Goto(conf_bridge,2663,1)

    To route SIP URI weather@k43X20.mycompany.com to the Weather by ZIP Code application:
    exten = weather,1,Goto(CallingRule_extensions_custom,947,1)

    To route SIP URI 800directory@k43X20.mycompany.com to Directory Assistance using Google Voice trunk:
    exten = 800directory,1,Dial(Motif/GoogleVoice/18005551212@voice.google.com)

    Securing Your Server with SIP URI Implementations

    There are two important security steps once you have enabled anonymous SIP URI calling to your server. The first line of defense is to harden the IPtables Firewall to only permit anonymous SIP access to the specific FQDN you plan to use for your SIP URI callers. The second is to harden Asterisk to disallow requests for domains not serviced by your server.

    1. Edit the IPv4 rules for your operating system. On the CentOS-compatible platforms, it’s /etc/sysconfig/iptables. On the Debian/Ubuntu/Raspbian platforms, it’s /etc/iptables/rules.v4. Toward the end of the file and just above the final fail2ban entries, insert the following code using your actual FQDN in the first line:

    -A INPUT -p udp --dport 5060 -m string --string "@k43X20.mycompany.com" --algo bm -j ACCEPT
    -A INPUT -p udp --dport 5060 -m string --string "REGISTER sip:" --algo bm -j DROP
    -A INPUT -p udp --dport 5060 -m string --string "OPTIONS sip:" --algo bm -j DROP
    -A INPUT -p udp -m udp --dport 5060 -j DROP
    

    2. Run the following commands substituting your actual FQDN in the first line to lock down Asterisk to only your FQDN for anonymous SIP connections:

    sed -i '/\[general\]/a ;domain=k43X20.mycompany.com' /etc/asterisk/sip.conf
    sed -i '0,/;domain/s/;domain/domain/' /etc/asterisk/sip.conf
    sed -i '0,/;allowtransfer=no/s/;allowtransfer=no/allowtransfer=no/' /etc/asterisk/sip.conf
    sed -i '0,/; allowexternaldomains=no/s/; allowexternaldomains=no/allowexternaldomains=no/' /etc/asterisk/sip.conf
    

    3. Restart your firewall: iptables-restart

    4. Restart Asterisk: asterisk-restart

    5. Done!

    Interconnecting a SIP URI with a Free PSTN Phone Number

    Wouldn’t it be nice if all your friends and business associates without SIP URI capability could still call you using a traditional PSTN number? Well, it’s your lucky day because www.ipkall.com provides just what you need, a free phone number in the Seattle area that you can connect to an existing SIP URI on your server.

    When folks call the Seattle number, they will be connected to your server using whatever routing you chose for the SIP URI in the previous section. So sign up for a number, enter your email address and the SIP URI for the calls, and wait for the confirmation email identifying your new telephone number. The only catch is that you need to receive at least one call a month to keep the number. Aside from that, there are no restrictions on use of the PSTN numbers. Enjoy!


    Don’t forget to List Yourself in Directory Assistance with your new IPkall PSTN number so everyone can find you by dialing 411. And be sure to add your new number to the Do Not Call Registry to block telemarketing calls.

    Originally published: Wednesday, March 25, 2015


    Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    SOHO Delight: Introducing the Ultimate Asterisk Appliance for Under $30

    We continue our journey to identify cost-effective, Gotcha-Free Asterisk® solutions. And, yes, we eat our own dog food! So this week we turn our attention to a real sleeper. It’s an Asterisk appliance with an almost unbelievable price and an even more incredible feature set. With the PBX in a Flash™ and Incredible PBX™ projects, we meet hundreds of thousands of new VoIP enthusiasts each year. But let’s face it. Even software products as simple to use as ours present a formidable challenge to some folks that are new to networking and dealing with complex hardware setups. There’s also the corner grocery store and the mom-and-pop restaurants and the shoe repair store and the tire store and the neighborhood bike shop that shouldn’t have to spend hundreds of dollars each month for basic phone service. And then there are those with a cabin in the mountains or a weekend beach house that just want a plug-and-play communications device that’s available when you need it. So this week’s VoIP solution is dedicated to those on a budget that have no interest in spending months learning the intricacies of VoIP technology. These folks just want basic phone service that works at an affordable price. Bells and whistles are nice but not if they add complexity or cost. And, boy, do we have an incredible find to share with you today. What you’ll need in addition to this Asterisk appliance is electricity and a working Internet connection with a router/firewall. That’s it.

    WARNING: We do not recommend EVER connecting the JS-200FX directly to the Internet because of potential security issues with this older version of Asterisk.

    We purchased our first JS-200FX Asterisk Appliance from X100P.com for $89.95 with $15 for shipping from the Far East. But others tipped us off that refurbished units (that means they’ve actually been tested and they work) are regularly available for considerably less cost. We’ve added a direct link to the manufacturer for your convenience. Either way, the JS-200FX is a steal. In addition to a router and firewall, the appliance includes two FXS ports to connect plain old telephones, integrated WiFi to connect softphones and SIP devices wirelessly, and best of all turnkey Google Voice support for two lines to make free calls in the United States and Canada. Because the Asterisk-GUI is an integral part of the appliance, setup time is under 5 minutes. And we’ll show you how. As we love to say, if you can handle slice-and-bake cookies, you can do this. So here’s the drill:

    1. Sign up for Google Voice service (do it twice for double the fun!)
    2. Boot and login to JS200-FX after connecting network cable from ETH2 to a computer
    3. Configure Networking and Connect CAT5 from ETH1 to Internet router
    4. Configure Google Voice and Make a Call
    5. Configure Asterisk (optional)
    6. Interconnect Remote Asterisk Server (optional)

    1. Getting Started with Google Voice

    With the JS200-FX, you can use any SIP provider including our platinum sponsor, Vitelity. See below for a deal you can’t refuse. But, if you live in the United States, you’d be crazy not to also use Google Voice. It’s free! To use Google Voice with the JS200-FX, you’ll need at least one dedicated Google Voice account. Create a Gmail account first. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages. Then visit http://google.com/voice to set up your Google Voice account and phone number. Yes, you can port an existing number into Google Voice!

    IMPORTANT: Do NOT under any circumstances take Google’s bait to switch from Google Chat to Hangouts. Click the X (shown above), or you will forever lose the ability to use Google Chat with your Asterisk appliance. Also be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for the Asterisk appliance to work its magic! Otherwise, all inbound and outbound calls will fail. Good News! You’re in luck. Google has apparently had a change of heart on discontinuing Google Chat support so it’s enabled by default in all new Google Voice accounts. Once you’ve created a Gmail and Google Voice account, go to Google Voice Settings and click on the Calls tab. Make sure your settings match these:

    • Call ScreeningOFF
    • Call PresentationOFF
    • Caller ID (In)Display Caller’s Number
    • Caller ID (Out)Don’t Change Anything
    • Do Not DisturbOFF
    • Call Options (Enable Recording)OFF
    • Global Spam FilteringON

    Click Save Changes once you’ve adjusted your settings. Under the Voicemail tab, plug in your email address so you get new voicemails delivered… and transcribed.

    One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work! If you have trouble placing or receiving calls, try BOTH of these tips.

    If you have difficulty finding the Google Chat option after setting up a new Google Voice account, follow this tutorial.

    2. Connecting to JS200-FX Asterisk Appliance

    Now you’re ready to begin the adventure. Turn the switch on the back of the JS200-FX to ON. Plug in the included CAT5 cable between ETH2 port on the JS200-FX and a desktop computer or notebook. Power on the device and wait about 2 minutes. From your computer, browse to 192.168.10.1 and login to Asterisk-GUI as user admin with password for your password. You’ll be prompted to change your password. Make it secure!

    3. Configuring Networking on JS200-FX Asterisk Appliance

    In a nutshell, you’ll be using the ETH1 port on the JS200-FX to connect to your Internet router. We’ll use ETH2 to directly connect to the JS200-FX from a computer when things go haywire. Assuming your router hands out private IP addresses with DHCP, you don’t really need to do much in the way of network configuration on the JS200-FX unless you want to set up a static IP address for the appliance. You’ll find that option under Networking -> WAN -> Connection Type. We typically recommend permanently assigning the IP address that was handed out by your router within the router’s configuration menu. The real trick at this point is deciphering what that IP address will be. You can figure that out by plugging a CAT5 cable between ETH1 and your router now. The address will appear in the WAN entry under Networking -> Status.

    Next, we’ll want to configure the Wireless Networking. We recommend setting the device up as an Access Point under Wireless -> Basic Settings. Under the Wireless Security tab, switch to WPA2-PSK security and create an 8-character password to access the device on its WiFi gateway. This gives you a way to connect wirelessly and be assigned an IP address in the range 192.168.10.100-200. If that range duplicates the private LAN subnet of your router, change it to 192.168.0.

    Finally, click on Firewall -> Remote Admin and activate remote access to Asterisk-GUI using port 80. Whatever you do, DO NOT MAP ANY PORTS FROM YOUR FIREWALL TO THIS ASTERISK APPLIANCE! It is an older version of Asterisk that probably is not without some security holes. So long as it’s safely ensconced behind a hardware-based firewall, you should have little to worry about especially if you only use Google Voice trunks for outside calling.

    4. Configuring Google Voice on JS200-FX Asterisk Appliance

    This is a 5-second task. In the Asterisk-GUI, click Google Voice. Plug in your Google Voice email address and password. If you wish to enable a second Google Voice account, click Enable Line #2 and enter your credentials for the second account. Save your settings and reload the dialplan when prompted. Now plug in a Plain Old Telephone to the TEL1 port on the JS200-FX. To dial out using the first Google Voice account, dial 941 + 1 + the 10-digit number. To retrieve your voicemail, dial 41. For the second Google Voice account, use the 942 prefix and 42 for voicemail.

    VoIP 101: Learning the Basics of Asterisk-GUI Management

    Everything from here on out is optional reading. But, if you plan to get the most out of your new PBX, you’ve got to master the basics of the lingo so you’ll know how to navigate through and manage the Asterisk-GUI. For the sake of simplicity, we’ll divide calls into three categories: local calls, incoming calls, and outgoing calls. The latter two categories are External calls from or to destinations outside your PBX.

    Local Calls. These are Internal Calls between users of your PBX. Users typically are assigned a local phone number, an Extension, on which to receive calls. You connect a telephone to an extension in order to answer and make calls. Traditional analog phones are called POTS phones (a.k.a. Plain Old Telephones). They connect to an FXS port (only!) which is identified by the TEL1 or TEL2 jacks on the JS200-FX. SIP and IAX phones or softphones are digital devices that connect to extensions configured as SIP or IAX extensions/users.

    Incoming Calls. As the name implies, these are calls coming into your PBX. You typically rent a phone number (DID) from a Provider. The provider assigns you credentials and registers the DID to a Trunk. On your PBX, you Create and Register a Trunk with credentials matching those assigned by the provider. When a call is placed to your DID, the provider passes the call to your PBX through the registered Trunk. The PBX then identifies both the DID and the CallerID of the incoming call and routes it to a Destination based upon the rules you establish in your Incoming Calling Rules (a.k.a. Inbound Routes). A typical destination would be an Extension or User, a Ring Group or collection of extensions, a Conference Room where multiple callers can converse at the same time, or a Voice Menu (a.k.a. IVR or AutoAttendant).

    Outgoing Calls. These are calls destined for Termination on a telephone outside your PBX. It could be across the street or on the other side of the world. Some of these calls are free and some are not. Outgoing calls begin from a Phone connected to an Extension or User. Once a number is dialed, a Dial Plan determines whether the caller is authorized to make the call. If so, the call is passed to the Outgoing Calling Rules (a.k.a. Outbound Routes). These rules determine which Trunk will actually process the call. As with incoming trunks, you sign up for Termination service with a provider that may be the same or different from your DID provider. Outgoing call rules may send calls with a certain Dialing Prefix to a specified Trunk to take advantage of free calling or reduced cost. These calling rules may strip off dialing prefixes and/or add additional digits to the dialed number before it is passed to the Provider for termination on a remote phone.

    5. Configuring Asterisk on JS200-FX Asterisk Appliance

    Now that you’ve mastered the basics, there’s so much more you can do. In fact, we could write a book about it. Lucky for us (and for you), others have already done that. To get the most out of this terrific appliance, you’ll need to learn more about Asterisk and the Asterisk-GUI. Fortunately, there’s no shortage of tutorials. Start with the JS200-FX Quick Start Guide (PDF). Then take a careful look at Chapter 3 of Digium’s Asterisk Appliance™ Administrator Manual. Next, review Chapter 11 of The Asterisk Book (Second Edition). Finally, review these tutorials that have been written by other companies that incorporated Asterisk-GUI into their hardware products, e.g. Yeastar’s MyPBX SOHO User Manual and Grandstream’s UCM6100 User Manual.

    6. Interconnecting JS200-FX Asterisk Appliance to Remote Asterisk Server

    Interconnecting the new Asterisk appliance to a remote Asterisk server to share outbound trunks or to allow free calls to local extensions on the remote server is easy. First, create an IAX trunk on the remote Asterisk server using a very secure password. This setup will give callers on the Asterisk appliance access to the entire dialplan on the remote Asterisk server so be careful. Also make sure the Trunk Name and username are the same.

    On the Asterisk appliance, there are 3 steps: create an IAX trunk to make the connection to the remote server, add an outbound route with a dialing prefix to route calls out the new trunk, and enable the new Trunk in your DefaultLocalContext dialplan.

    Trunk setup: Trunks -> New IAX Trunk

    You’ll need the IP address or FQDN of your remote server. In addition, the username and password must match what you set up (above) on the remote server.

    Outbound Route setup: Outgoing Call Rules -> New Calling Rule

    In our example, we’re requiring an 8 prefix followed by a 10-digit number to send a call to the remote server for outbound call processing. If you wanted to force a different dialing prefix at the remote server end in order to send calls out through a specific trunk, that prefix should be Prepended in the highlighted field of the outbound route. This setup would not permit calls to local extensions on the remote PBX. To do that, you’d probably want to create an additional outbound route with a Dial Pattern such as _8XXXX! if the extensions on the remote server were all four digits. Don’t forget to also enable that second outbound route in the dialplan setup below!

    Dialplan setup: Dial Plans -> Edit DefaultLocalContexts

    Just click on the Out_RentPBX checkbox and Save your update. Then reload the Asterisk dialplan, and you’re all set.

    Making Free SIP URI Calls Worldwide

    One of the hidden beauties of Asterisk is the ability to place SIP URI calls to anyone in the world and talk for free… for as long as you wish. SIP URIs look much like an email address with a name or number, followed by @, followed by an FQDN or IP address, e.g. 2233435945@sip2sip.info. While the SIP URI setup on the JS200-FX Asterisk Appliance is not exactly straightforward, it’s pretty easy once you know some of Asterisk-GUI’s magic tricks. The simplest method is to Create a New Voice Menu which will work like a Speed Dial for the new SIP URI. For example, here’s the setup to add Lenny to your appliance. Name the new voice menu Lenny and assign a number to the new voice menu (53669 spells L-E-N-N-Y). Now add two Actions by clicking Add New Step twice with the entries shown below. Save your Voice Menu. Then Reload the dialplan. Now dial 53669 to speak to Lenny. Or route telemarketers to this extension as part of your dial plan.

    Answer
    Macro trunkdial-failover-0.3,sip/2233435945@sip2sip.info,,,
    

    If you’re comfortable using an editor, there’s an easier way using the same methodology included in Incredible PBX for Asterisk-GUI. We’ll actually add a new [CallingRule_SIP_URI] context in which to save SIP URI speed dials. Then we’ll add that new context to the default dialplan: [DLPN_DefaultLocalContexts]. In the future, you can easily add additional SIP URI speed dials to this context. Just give each one a unique extension number and plug in the SIP URI using the syntax shown below.

    In the Asterisk-GUI, click Options -> Advanced Options -> Show Advanced Options. Then click on the new File Editor tab. In the Config Files pulldown, choose extensions.conf. Click Add Context button and name it: CallingRule_SIP_URI. The new context will be added to the bottom of the file so go there and click on + to edit its contents. Add the following line and click Save:

    exten = 53669,1,Dial(SIP/2233435945@sip2sip.info)
    

    Now we need to add the new context to the default dialplan so search through the contexts until you find [DLPN_DefaultLocalContexts]. Click on the + to edit the context. Then add the following line to the end of the existing list and click Save:

    include=CallingRule_SIP_URI
    

    Now click Apply Settings button to save your settings to NVRAM and reload the dialplan. That wasn’t so hard, was it?

    There’s another advantage to the second approach. Your Call Detail Records now will actually show the speed dial numbers that are called:

    Setting Up Incoming SIP URIs for Your PBX

    This is only recommended for those that are highly skilled in Asterisk and those that can afford an expensive phone bill. It requires that UDP port 5060 be exposed to the Internet through your firewall. You need to be extremely careful in setting up SIP URIs to avoid unintended consequences such as allowing strangers to place outbound calls through your PBX on your nickel. The steps are straight-forward. First, configure an FQDN for your server and, if your provider uses dynamic IP addresses, set up dynamic DNS refreshes using the facility included in Networking -> Dynamic DNS. Second, use the File Editor to edit the [general] context in sip.conf. Insert your FQDN into the fromdomain and domain variables. Next, insert the following line: allowexternaldomains=no. Then Save the file. Third, edit the [default-public] context in extensions.conf. Insert your desired SIP URIs in this context using the proper syntax. For example, to route a SIP URI for mothership@FQDN.yourdomain.com to extension 6001, the dialplan code would look like this: exten=mothership,1,Goto(default,6001,1). To route the same SIP URI to your first Voice Menu, the code would look like this: exten=mothership,1,Goto(voicemenu-custom-1,s,1). To route the same SIP URI to your first Ring Group, use: exten=mothership,1,Goto(ringroups-custom-1,s,1). To route the incoming SIP URI to an outgoing SIP URI, use: exten=mothership,1,Dial(SIP/somewhere@someFQDN.somedomain.com).

    There’s a silver lining to activating an inbound SIP URI. Once it’s properly configured, you can sign up for a free phone number in the Seattle area and map that DID to the SIP URI of your server. All of the incoming calls are free! This gives you some redundancy in the event of a Google Voice outage. Just visit www.ipkall.com to sign up for your free number.

    Hardening the JS200-FX Firewall

    Particularly if you elect to support incoming SIP URIs, you’ll want to tighten up the SPI Firewall included in the JS200-FX. While we have no simple way to decipher the existing rules, you can add rules of your own to lessen the opportunity for mischief. This is especially important in the SIP arena. Just to be sure you don’t lock yourself out of your own server, we recommend a 4-step process: (1) allowing full access from private LAN subnets, (2) whitelisting the FQDNs and IP addresses from which you will access the JS200-FX, (3) whitelisting the providers that you intend to use as well as the IP addresses of external phone devices, and (4) locking down incoming SIP URI access to a single FQDN for your server. The fourth step keeps random strangers from attempting to gain SIP access by scanning blocks of IP addresses in search of vulnerable servers. It’s a good idea to use an obscure FQDN for your appliance which minimizes the ability of strangers to guess the acceptable SIP URIs, e.g. somefunkyFQDN.somedomain.net would block all incoming SIP URI attempts by either IP address or by guessing any other FQDN. In other words, the FQDN works just like a password. Thus, if you set up a mothership SIP URI (make up your own!), the only incoming SIP URI calls that would be allowed would be those calling mothership@somefunkyFQDN.somedomain.net. Don’t publish the actual SIP URI anywhere!

    Also be advised that, if you use FQDNs in the step #2 white list and the dynamic IP address of these FQDNs changes, you will need to manually restart the JS200-FX to enable the new IP address. Currently, there is no ability to check for FQDN changes and automatically restart the appliance.

    To create the new firewall rules, choose Firewall -> Custom Rules -> Enable ON. Then enter and SAVE & APPLY the following rules using your actual settings rather than the sample entries below. CAUTION: This data should be entered by accessing the JS200-FX via WiFi at the 192.168.10.1 address, or you may lock yourself out during the update process.

    #1 private subnets and loopback - no changes needed in this section
    -A INPUT -s 192.168.0.0/16 -j ACCEPT
    -A INPUT -s 10.0.0.0/8 -j ACCEPT
    -A INPUT -s 172.16.0.0/12 -j ACCEPT
    -A INPUT -s 127.0.0.0/8 -j ACCEPT
    
    #2 enter your own IP addresses for WhiteList access below
    -A INPUT -s homeFQDN.dyndns.org -j ACCEPT
    -A INPUT -s alternateFQDN.dyndns.org -j ACCEPT
    -A INPUT -s 129.43.13.220 -j ACCEPT
    
    #3 providers and interconnected servers and phone devices
    ## atlanta.voip.ms sample entry
    -A INPUT -s 174.34.146.162/32 -p udp -m multiport --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,5080,4569 -j ACCEPT
    
    #4 SIP URI access - enter JS200-FX FQDN in next line and leave the rest
    -A INPUT -p udp --dport 5060 -m string --string "REGISTER sip:somefunkyFQDN.somedomain.net" --algo bm -j ACCEPT
    -A INPUT -p udp --dport 5060 -m string --string "REGISTER sip:" --algo bm -j DROP
    -A INPUT -p udp --dport 5060 -m string --string "OPTIONS sip:" --algo bm -j DROP
    -A INPUT -p udp --dport 5060 -j ACCEPT
    

    Implementing 7-Digit Dialing with Your Favorite Area Code

    Once you have at least one Google Voice account set up, here’s another trick to implement 7-digit dialing with your favorite area code. Just add an additional line to the [CallingRule_SIP_URI] context substituting your area code for 843:

    exten=_NXXXXXX!,1,Macro(trunkdial-failover-0.3,${GoogleVoice_1}/1843${EXTEN},,GoogleVoice_1,)
    

    OK, Smarty Pants: Show Me the Beef!

    We know what some of you are thinking. “Do you really know as much about VoIP as Lenny does?? Before wasting 30 bucks on this, show me the beef!” Fair enough. Sit by your phone and click the Call Me icon below. Type in a fake name and your real phone number. Click the Connect button. Answer your phone when it rings. Then press 1. You’ll be connected to the Conferencing System running on the JS200-FX Asterisk Appliance. You can chat with other Nerd Vittles users that have joined before you. So… what are you waiting for? Click away and try the JS200-FX Appliance for yourself.



    You can implement this Click-to-Dial technology using your own JS200-FX Asterisk Appliance in about 10 seconds. Once you have configured Google Voice as outlined in Step #1 above, click on the Call Widgets tab under Settings. Click Add a New Call Widget, give it a name, turn off ringing your home or office phone, turn off Call Presentation, and Save Changes. Now simply cut-and-paste the Embed code that’s provided and insert it into a public web page of your choice. Doesn’t get much easier than that, and all your family and friends can call you for free from the convenience of any available telephone in the U.S. or Canada by simply clicking on the Call Me widget on your web site’s home page.

    Originally published: Monday, March 16, 2015


    Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…