Posts tagged: voip

4 Months in Paradise: The Return of Free International VoIP Calling

With the impending implosion of Google Voice, it seemed appropriate to begin our quest for alternative termination providers. One of the real beauties of VoIP technology is you don’t have to put all of your eggs in one basket particularly in the termination department. It costs almost nothing to set up accounts with multiple providers for outbound calling. In addition to redundancy, the other clear advantage in using multiple providers for outbound calls is that you can take advantage of special rates to different destinations. So here’s the bargain of the week. If you have loved ones traveling to South America, Europe or Asia this summer, now’s your chance to sign up for VoIP service with FreeVoipDeal and enjoy four months of free calling to more than 50 countries around the world for every $15 of credits you purchase on their web site. Please note the fine print: “FreeVoipDeal reserves the right after a certain amount of calls to start charging the default rate.” There is no mention of what that “certain amount” happens to be. When your free calling finally ends, you can either purchase $15 of additional credits for 120 more “free” days or continue to call all of the previously free destinations for about 2¢ a minute.

The company behind FreeVoIPDeal is betamax which hosts over 30 sites offering varying deals to different countries. BEWARE: The prices change regularly. So a country that’s free today may suddenly cost money tomorrow. How does a mere mortal keep track? Well, betamax probably hopes that you won’t. But an enterprising individual named Robert Siemer has done the work for you. His backsla.sh/betamax web site automatically updates the pricing for all betamax sites every day! If this sounds like a lot of work to save a few cents a minute, you’d be right. And Vitelity which sponsors both the Nerd Vittles and PBX in a Flash projects offers consistently low rates to all of these countries. You’ll find a DID special at the end of this article, and their excellent international rate table is available at this link.

Setting Up an Account. Before you can set up a trunk in PBX in a Flash, you’ll first need to create a FreeVoipDeal account. In the “old days” this required use of their Windows client to obtain your credentials. Now you can simply create an account on the web site at this link. You’ll need either a regular land line or a cell phone number to verify your registration. Once you’re set up and you’ve deposited at least 10 euros (about $15) in your account, it’s time to set up a SIP trunk and outbound route in PBX in a Flash.

Configuring a Trunk with PBX in a Flash. Assuming you already have a phone registered to an extension in PBX in a Flash, it’s a one-minute drill to configure a trunk and outbound route to support FreeVoipDeal. Using a browser, log into FreePBX® using your maint username and password. Choose Connectivity -> Trunks -> Add SIP Trunk. Name the trunk: FreeVoipDeal. For the Dialed Number Manipulation Rules, enter Prepend: 1 and Match Pattern: NXXNXXXXXX. Clear out all of the default entries in Outgoing and Incoming Settings. Then, in Outgoing Settings, enter Trunk Name: freevoipdeal. For the PEER Details, enter the following using your actual account USERNAME and PASSWORD. Then SAVE your settings and reload FreePBX.

username=USERNAME
authuser=USERNAME
secret=PASSWORD
type=peer
qualify=yes
nat=yes
insecure=port,invite
host=sip.freevoipdeal.com
fromdomain=sip.freevoipdeal.com
dtmfmode=auto
disallow=all
canreinvite=no
allow=ulaw

There’s no need to enter a CallerID number. All of the outgoing calls will be delivered as ANONYMOUS. You also won’t need to register with the provider since Asterisk® can handle this on the fly using your credentials entered above.

Configuring an Outbound Route with PBX in a Flash. One more step, and you’ll be ready to start making calls. Choose Connectivity -> Outbound Routes. For the Route Name, enter: FreeVoIPDeal. For the Dial Pattern to make U.S. calls, enter: NXXNXXXXXX. If you want to force callers to dial a prefix to use the FreeVoipDeal trunk, then enter a 9 or some other number in the Prefix field. For Trunk Sequence 0, choose: FreeVoipDeal. Click Submit Changes and restart FreePBX when prompted. You’re done!

Making Your First Call. Using a phone or softphone logged into your server, dial the prefix (if any) plus the 10-digit number of someone in the United States. When the called party answers, make sure you can hear the called party and vice versa. If not, open Settings -> SIP Settings in FreePBX and add your External IP and Local Network settings. Also make certain the NAT entry is set to YES.

Configuring Your Server for International Calls. We do not recommend configuring your server to permit international calls to everywhere. The reason is simple. If strangers manage to access one of your extensions, they can run up your phone bill in a hurry. For this reason, we also strongly recommend that you do not configure automatic credit card replenishment with any VoIP provider!

For international calling, we recommend you add a separate Dial Pattern to both your FreeVoipDeal trunk AND the outbound route for each country code you wish to enable. Here is the complete list of codes. For example, to allow calls to Germany from another country, you’d add 49XXXXXXXXXX, save your changes, and reload FreePBX.

Spoofing Your CallerID. If you first verify that you own a number by using the web portal, you then can spoof the outbound CallerID using the number you verified. Just add the following entries to your trunk settings replacing 9991234567 with your verified CallerID number. Special thanks to @hillclimber on the PIAF Forum for the tip.
fromuser=0019991234567
sendrpid=yes

Originally published: Friday, April 25, 2014




Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Obivoice = OBi Heaven: Dumping Google Voice for Less Than 10¢ a Day

What a difference a week makes! When we wrote last week’s article about netTALK and their terrific pricing, we were pleased to report that at least one company could offer a drop-in replacement for Google Voice without breaking the bank. But, alas, all is not well in netTALK Land. For openers, the Better Business Bureau revoked their accreditation last June because of failure to respond to or resolve technical complaints. And a recent SEC Filing paints a fairly bleak picture of the company’s financial condition. Special thanks to Gershom1624 for his sleuthing efforts. This merely reinforces the difficulty of providing reliable, unlimited VoIP service at the $2.50 a month price point. But we firmly believe $2.50 is the magic price point, and it is achievable with some safeguards for the provider, i.e. residential service, no call centers, no 10,000 minutes-a-month customers. My mom loved the telephone, but she never spent 5 hours a day on the telephone. There also has to be some tradeoff in the level of support customers can expect. If customers tie up expensive support reps with multiple calls, the pricing matrix falls apart very quickly. And that brings us to this week.


Let’s review the Wish List for those that missed last week’s article. We want a drop-in replacement for Google Voice on both the OBi110 (stand-alone with any POTS telephone) and Asterisk® (PBX) platforms. It needs to provide unlimited (within reason) calling in the U.S. and Canada. It needs a feature set that is fairly comparable to Google Voice. It needs to include E911 service because the federal government says so. We don’t care much about support as long as the setup process is well-documented, the service is reliable, and calls sound great. Charging for support requests to resolve issues that aren’t the company’s fault is perfectly fine with us. But the price point for unlimited calling needs to be $2.50 a month, i.e. $30 a year or $60 every two years for the math-challenged. We’d prefer no tips, taxes, or fees. We want to keep our existing number. And, lest we forget, the company must promise to stay in business and never raise prices… forever.

Suppose we could find you a company that, with a 2-year commitment, could provide all of the above (minus the last sentence) plus fax support including a web page to send outgoing faxes from attachments, free calling and a mobile app for your iOS and Android devices, Visual Voicemail with voicemail transcription as well as email delivery of voicemail messages, call forwarding, call waiting, CallerID spoofing for any number you own, and unbelievable customer service. Not sure about the service? How about a 30-day free trial with 60 free minutes?

Let us introduce you to Obivoice. Don’t be alarmed by the one-year price of $40. The two-year price is just $60. But it doesn’t cost you a nickel to sign up and try the service. Obivoice is a pure SIP provider so the setup with PBX in a Flash™ or an OBi110™ takes only a couple minutes. Here’s the SIP trunk setup for PBX in a Flash using FreePBX®. All you need is your SIP credentials and phone number once you’ve signed up for an account. Plug in your 10-digit phone number in the Outbound CallerID and Register String, replace 1234 with your Account Number in the username, fromuser, and Register String, and replace yourpassword with your real Password in the secret and Register String.

Next, build yourself an Inbound Route with your 10-digit DID and point it to your favorite PBX destination. Finally, create an Outbound Route using obivoice as the Trunk Sequence, and you’re all set. It doesn’t get any easier than that.

We don’t think you will but, if you need assistance setting this up, head over to the PIAF Forum where there’s a lively discussion about Obivoice already.

The OBi110 setup is just as easy. Plug in sms.intelafone.com as the ProxyServer and OutboundProxy in your ITSP Profile, add your SIP credentials in the SP1 Voice Services dialog, and forward (or transfer) your existing Google Voice number to Obivoice. Done! Obivoice’s complete tutorial is available here.

Let us close with our own customer service story. We were so excited about this new service when it was announced yesterday that we actually clicked the wrong button and signed up for the wrong plan. Of course, it only takes a minute to get that sinking feeling in your stomach when you know you’ve screwed up. So late yesterday (Sunday night!) I opened a support ticket and asked to either cancel the wrong plan so that I could reenlist or to transfer to the $60 two-year plan. At 1:30 a.m. this morning, I got an email back from customer service indicating that the plan had been adjusted and that I had been billed for the price difference. WOW!

Run, don’t walk, to sign up for Obivoice. It’s that great!

p.s. The Obivoice jingle in their YouTube video is as good as their calls. We want it for our Music on Hold!

Originally published: Monday, January 13, 2014




Need help with Asterisk? Visit the PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for all of us.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity. 


Some Recent Nerd Vittles Articles of Interest…

The Definitive VoIP Quick Start Guide: Introducing PBX in a Flash 2.0.6.5.0

What a difference a year makes in the VoIP World! We now have a rock-solid, reliable Asterisk® 11 release and an equally stable FreePBX 2.11 on which to build state-of-the-art VoIP servers. If you’re new to the VoIP community, watch this video before you proceed.


Now let us welcome you to the World of PBX in a Flash™. This is our best release ever whether you’re a total newbie or an experienced Asterisk developer. You can’t really appreciate what goes into an open source product like PBX in a Flash until you try doing it yourself. The sad part is we and the CentOS™ development team are part of a dwindling few non-commercial entities that still are in the open source “business.” If you want to actually learn about Asterisk from the ground up using pure source code to customize your VoIP deployment, PBX in a Flash has no competition because your only other option is to roll your own starting with a Linux DVD. So our extra special kudos go to Tom King, who once again has produced a real masterpiece in that it is very simple for a first-time user to deploy and, at the same time, incredibly flexible for the most experienced Asterisk developer. The new PIAF 2.0.6.5.0 ISOs not only provide a choice of Asterisk® and FreePBX® versions to get you started. But now you can build and deploy standalone servers for SugarCRM™, NeoRouter™ VPN, YATE™, FreeSwitch™, and OpenFire™ XMPP using the 32-bit and 64-bit PIAF™ ISOs. So let’s get started.

Making a Hardware Selection

We’re going to assume that you need a VoIP telephony solution that will support an office of up to several dozen employees and that you have an Internet connection that will support whatever your simultaneous call volume happens to be. This is above and beyond your normal Internet traffic. To keep it simple, you need 100Kbps of bandwidth in both directions for each call.1 And you need a router/firewall that can prioritize VoIP traffic so that all your employees playing Angry Birds won’t cause degradation in VoIP call quality. Almost any good home router can now provide this functionality. Remember to disable ALG on your router, and it’s smooth sailing.

For computer hardware, you’ll need a dedicated machine. There are many good choices. Unless you have a burning desire to preserve your ties with Ma Bell, we recommend limiting your Ma Bell lines to your main number. Most phone companies can provide a service called multi-channel forwarding that lets multiple inbound calls to your main number be routed to one or more VoIP DIDs much like companies do with 800-number calls. If this works for you, then any good dual-core Atom computer will suffice. You’ll find lots of suggestions in this thread. And the prices generally are in the $200-$400 range. For larger companies and to increase Asterisk’s capacity with beefier hardware, see these stress test results.

If your requirements involve retention of dozens of Ma Bell lines and complex routing of calls to multiple offices, then we would strongly recommend you spend a couple thousand dollars with one of our consultants. They’re the best in the business, and they do this for a living. They can easily save you the cost of their services by guiding you through the hardware selection process. They also have turnkey phone systems using much the same technology as you’ll find in PBX in a Flash. You won’t hurt our feelings. :-)

Choosing the Right PIAF Platform

We get asked this question about a hundred times a week on the forums so here goes. There are more than two dozen permutations and combinations of CentOS, Asterisk, and FreePBX to choose from when you decide to deploy PBX in a Flash. We always recommend the latest version of CentOS because it tends to be the most stable and also supports the most new hardware. You have a choice to make between a 32-bit OS or 64-bit. Our preference is the 32-bit platform because it is better supported. The performance difference is virtually unnoticeable for most VoIP applications. With Asterisk, we always recommend an LTS release because these have long-term support. That narrows your choices to Asterisk 1.8 or Asterisk 11. At this juncture, we think you’d be crazy to install anything other than Asterisk 11. It’s incredibly reliable and stable, and it will be supported for years to come. It also supports Digium Phones. The bottom line is that Asterisk 11 is the latest and greatest with the best feature set. If we were building a system for a commercial business, it would be our hands-down choice. In the PBX in a Flash world, we have colors for various versions of PBX in a Flash that support different versions of Asterisk. Asterisk 11.6 happens to be the latest PIAF-Green, and we recommend you install it with the latest version of FreePBX as well, 2.11.0.11

Choosing the Right Phones

If there is one thing that will kill any new VoIP deployment, it’s choosing the wrong phones. If you value your career, you’ll let that be an organization-driven decision after carefully reviewing at least 6-12 phones that won’t cause you daily heartburn. You and your budget team can figure out the price points that work in your organization keeping in mind that not everyone needs the same type of telephone. Depending upon your staffing, the issue becomes how many different phone sets are you and your colleagues capable of supporting and maintaining on a long term basis.

Schmooze Com has released their commercial End Point Manager (EPM) at a price point of $39 per server. They’ve been using the application internally to support their commercial customers for over a year. Suffice it to say, it’s the best money you will ever spend. You can sign up for an account with Schmooze through our commercial support site and purchase the software now. You can review the Admin User Guide here. The beauty of this software is it gives you the flexibility to support literally hundreds of different VoIP phones and devices almost effortlessly. Using a browser, you can configure and reconfigure almost any VoIP phone or device on the market in a matter of minutes. So the question becomes which phones should you show your business associates. That again should be a decision by you and your management and budget teams, but collect some information from end-users first. Choose a half dozen representative users in your company and get each of them to fill out a questionnaire documenting their 10 most frequent daily phone calls and listing each step of how they processed those calls. That will give you a good idea about types and variety of phones you need to consider for different groups of users. Cheaper rarely is better. Keep in mind that phones can last a very long time, even lousy ones. So choose carefully.

The phone brands that we would seriously consider include Yealink, Aastra, Snom, Digium, Mitel, Polycom, Cisco, and Grandstream. Do you need BLF, call parking or multiple line buttons, a hold button, conferencing, speakerphone, HD voice, power over Ethernet support, distinctive ringtones for internal and various types of external calls, Bluetooth, WiFi, web, SMS, or email access, an extra network port for a computer, headset support, customizable buttons (how many?), quick dial keys, custom software, XML provisioning, VPN support? How easy is it to transfer a call? Do you need to mimic key telephones? Also consider color screens, touch screens, busy lamp indicators, extension modules (what capacity?). What do we personally use: Yealink’s T46G is our favorite, and we also have several Digium phones of various types, a couple of Aastra phones, a Grandstream GXP2200, and a collection of Panasonic cordless DECT phones, a fax machine as well as a Samsung Galaxy S4 and Moto X connected through an OBi202 with an OBiBT Bluetooth Adapter.

Installing PBX in a Flash

With the office politics out of the way, let’s get to the fun stuff.

For most deployments, choose the default install by pressing Enter.

Leave the UTC System Clock option unchecked and pick your Time Zone. Tab to OK and press Enter.

Choose a very secure Root Password. Tab to OK and press Enter. Your server will whir away for 5-10 minutes installing CentOS 6.4. When the reboot begins, remove the DVD or USB thumb drive.

Log into your server as root from either the console or an SSH connection to the IP address displayed on your server. Unless you need to install custom hardware drivers, choose the first option to install PBX in a Flash.

For today, we’re installing PBX in a Flash. So leave it highlighted, tab to OK, and press Enter.

Now pick your PIAF flavor, tab to OK, and press Enter. You’ll note there are some new colors. :-)

The PIAF Configuration Wizard will load. Press Enter to begin.

Unlike any other aggregation, PIAF gives you the opportunity to fully configure Asterisk using make menuconfig if you know what you’re doing. For everyone else, type N and then confirm your choice.

Next, you’ll need to choose your Time Zone again for PHP and FreePBX. Don’t worry if yours is missing. A new timezone-setup utility is also to reconfigure this to any worldwide time zone once the install has completed.

Next, choose your version of FreePBX to install. If you plan to also install Incredible PBX and Incredible Fax:

Incredible PBX 3 requires PIAF-Purple and FreePBX 2.9
Incredible PBX 4 requires PIAF-Purple and FreePBX 2.10 (32-bit only)
Incredible PBX 11 requires PIAF-Green and FreePBX 2.11 (recommended!)

Finally, you need to choose a very secure maint password for access to FreePBX using a browser. You can pick your own, or the installer will generate one for you. Don’t forget it.

The installer will give you one last chance to make changes. If everything looks correct, press the Enter key and go have lunch. Be sure you have a working Internet connection to your server before you leave. :wink:

In about 30-60 minutes, your server will reboot. You should be able to log in as root again using your root password. Write down the IP address of your server from the status display (above) and verify that everything installed properly. Note that Samba is disabled by default. If you want to use your server with Windows Networking, run configure-samba once your server is up and running and you’ve logged in. You also can ignore the MySQL DOWN alert shown above. Yours won’t say that. We’ve been experimenting with MariaDB as a MySQL replacement. You can read all about it in the Developers’ Corner of the PIAF Forum.

Configuring PBX in a Flash

Most PIAF Configuration is accomplished using the FreePBX Web GUI. Point your browser to the IP address shown in the status display above to display your PIAF Home Page. Click on the Users tab. Click FreePBX Administration. When prompted for your username and password, the username is maint. The password will be the FreePBX master password you chose in the Config Module phase of the PBX in a Flash installation procedure above.

If you’re new to Asterisk and FreePBX, here’s the one paragraph primer on what needs to happen before you can make free calls with Google Voice. You’ll obviously need a free Google Voice account. This gets you a phone number for people to call you and a vehicle to place calls to plain old telephones throughout the U.S. and Canada at no cost. You’ll also need a softphone or SIP phone to actually place and receive calls. YATE makes a free softphone for PCs, Macs, and Linux machines so download your favorite and install it on your desktop. Phones connect to extensions in FreePBX to work with PBX in a Flash. Extensions talk to trunks (like Google Voice) to make and receive calls. FreePBX uses outbound routes to direct outgoing calls from extensions to trunks, and FreePBX uses inbound routes to route incoming calls from trunks to extensions to make your phones ring. In a nutshell, that’s how a PBX works. There are lots of bells and whistles that you can explore down the road. FreePBX now has some of the best documentation in the business. Start here.

To get a minimal system functioning to make and receive calls, here’s the 2-minute drill. You’ll need to set up at least one extension with voicemail, and we’ll configure a free Google Voice account for free calls in the U.S. and Canada. Next, we’ll set up inbound and outbound routes to manage incoming and outgoing calls. Finally, we’ll add a phone with your extension credentials.

A Few Words About Security. PBX in a Flash has been engineered to run on a server sitting safely behind a hardware-based firewall with NO port exposure from the Internet. Leave it that way! It’s your wallet and phone bill that are at stake. If you’re running PBX in a Flash in a hosted environment with no hardware-based firewall, then immediately read and heed our setup instructions for Securing Your VoIP in the Cloud Server. We would encourage you to visit your PIAF Home Page regularly. It’s our primary way of alerting you to security issues which arise. You’ll see them posted (with links) in the RSS Feed shown above. If you prefer, you can subscribe to the PIAF RSS Feed or follow us on Twitter. For late-breaking enhancements, you also should regularly visit the Bug Reporting & Fixes Topic on the PIAF Forum.

Extension Setup. Now let’s set up an extension to get you started. A good rule of thumb for systems with less than 50 extensions is to reserve the IP addresses from 192.x.x.201 to 192.x.x.250 for your phones. Then you can create extension numbers in FreePBX to match those IP addresses. This makes it easy to identify which phone on your system goes with which IP address and makes it easy for end-users to access the phone’s GUI to add bells and whistles. In FreePBX 2.10 or 2.11, to create extension 201 (don’t start with 200), click Applications, Extensions, Generic SIP Device, Submit. Then fill in the following blanks USING VERY SECURE PASSWORDS and leaving the defaults in the other fields for the time being.

User Extension … 201
Display Name … Home
Outbound CID … [your 10-digit phone number if you have one; otherwise, leave blank]
Emergency CID … [your 10-digit phone number for 911 ID if you have one; otherwise, leave blank]

Device Options
secret … 1299864Xyz [randomly generated]
dtmfmode … rfc2833
Voicemail Status … Enabled
voicemail password … 14332 [make this unique AND secure!]
email address … yourname@yourdomain.com [if you want voicemail messages emailed to you]
pager email address … yourname@yourdomain.com [if you want to be paged when voicemail messages arrive]
email attachment … yes [if you want the voicemail message included in email]
play CID … yes [if you want the CallerID played when you retrieve message]
play envelope … yes [if you want date/time of the message played before the message]
delete Vmail … yes [if you want the voicemail message deleted after it’s emailed to you]
vm options … callback=from-internal [to enable automatic callbacks by pressing 3,2 after playing a voicemail message]
vm context … default

Write down the passwords. You’ll need them to configure your SIP phone.

Extension Security. We cannot overstress the need to make your extension passwords secure. All the firewalls in the world won’t protect you from malicious phone calls on your nickel if you use your extension number or something like 1234 for your extension password if your SIP or IAX ports happen to be exposed to the Internet.

In addition to making up secure passwords, the latest versions of FreePBX also let you define the IP address or subnet that can access each of your extensions. Use it!!! Once the extensions are created, edit each one and modify the permit field to specify the actual IP address or subnet of each phone on your system. A specific IP address entry should look like this: 192.168.1.142/255.255.255.255. If most of your phones are on a private LAN, you may prefer to use a subnet entry in the permit field like this: 192.168.1.0/255.255.255.0 using your actual subnet.

Adding a Google Voice Trunk. There are lots of trunk providers, and one of the real beauties of having your own PBX is that you don’t have to put all of your eggs in the same basket… unlike the AT&T days. We would encourage you to take advantage of this flexibility. With most providers, you don’t pay anything except when you actually use their service so you have nothing to lose.

For today, we’re going to take advantage of Google’s current offer of free calling in the U.S. and Canada through the end of 2013. You also get a free phone number in your choice of area codes. PBX in a Flash now installs a Google Voice module under FreePBX -> Connectivity that lets you set up your Google Voice account with PBX in a Flash in just a few seconds once you have your credentials.

A Word to the Wise: All good things come to an end… especially those that are free. So plan ahead with some alternate providers that keep your phones working should Google decide to pull the plug or change the terms with Google Voice.

Signing Up for Google Voice. You’ll need a dedicated Google Voice account to support PBX in a Flash. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account rather than creating a separate account. Take our word for it. Inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So… set up a dedicated Gmail and Google Voice account2, and use it exclusively with PBX in a Flash. Google Voice no longer is by invitation only. If you’re in the U.S. or have a friend that is, head over to the Google Voice site and register. If you’re living on another continent, see MisterQ’s posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for PBX in a Flash to function with Google Voice! Otherwise, inbound and/or outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings and enable it. Be sure to try one call each way from Google Chat in Gmail. Then disable Google Chat in GMail for this account. Otherwise, it won’t work with PIAF.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Configuring Google Voice Trunk in FreePBX. All trunk configurations now are managed within FreePBX, including Google Voice. This makes it easy to customize PBX in a Flash to meet your specific needs. Click the Connectivity tab in FreePBX 2.11 and choose Google Voice [Motif]. To Add a new Google Voice account, just fill out the form. NOTE: The form has changed from prior releases of FreePBX. Do NOT check the last box: Send Unanswered to GoogeVoice Voicemail, or you may have problems receiving incoming calls.

Google Voice Username is your Google Voice account name without @gmail.com. Password is your Google Voice password. NOTE: Don’t use 2-stage password protection in this Google Voice account! Phone Number is your 10-digit Google Voice number. Next, check only the first two boxes: Add Trunk and Add Outbound Routes. Then click Submit Changes and reload FreePBX. Down the road, you can add additional Google Voice numbers by clicking Add GoogleVoice Account option in the right margin and repeating the drill. For Google Apps support, see this post on the PIAF Forum.

Outbound Routes. The idea behind multiple outbound routes is to save money. Some providers are cheaper to some places than others. It also provides redundancy which costs you nothing if you don’t use the backup providers. The Google Voice module actually configures an Outbound Route for 10-digit Google Voice calling as part of the automatic setup. If this meets your requirements, then you can skip this step for today.

Inbound Routes. An Inbound Route tells PBX in a Flash how to route incoming calls. The idea here is that you can have multiple DIDs (phone numbers) that get routed to different extensions or ring groups or departments. For today, we’ll build a simple route that directs your Google Voice calls to extension 201. Choose Connectivity -> Inbound Routes, leave all of the settings at their default values except enter your 10-digit Google Voice number in the DID Number field. Enable CallerID lookups by choosing CallerID Superfecta in the CID Lookup Source pulldown. Then move to the Set Destination section and choose Extensions in the left pull-down and 201 in the extension pull-down. Now click Submit and save your changes. That will assure that incoming Google Voice calls are routed to extension 201.

IMPORTANT: Before Google Voice calling will actually work, you must restart Asterisk from the Linux command line interface. Log into your server as root and issue this command: amportal restart.

Eliminating Audio and DTMF Problems. You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in FreePBX: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

General Settings. Last, but not least, we need to enter an email address for you so that you are notified when new FreePBX updates are released. In FreePBX 2.11, choose Admin -> Module Admin and click on the Upgrade Notifications shield on the right. Plug in your email address, click Submit, and save your changes. Done!

Setting Up a Desktop Softphone. PBX in a Flash supports all kinds of telephones, but we’ll start with the easy (free) one today. You can move on to “real phones” once you’re smitten with the VoIP bug. For today, you’ll need to download a softphone to your desktop PC or Mac.

The easiest way to get started is to set up a YATE softphone on your Desktop computer. Versions are available at no cost for Macs, PCs, and Linux machines. Just download the appropriate one and install it from this link. Once installed, it’s a simple matter to plug in your extension credentials and start making calls. Run the application and choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 201 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 201, close the Account window. Then click on YATE’s Telephony Tab and place your first call. It’s that easy!

Monitoring Call Progress with Asterisk. That about covers the basics. We’ll leave you with a tip on how to monitor what’s happening with your PBX. There are several good tools within the FreePBX GUI. You’ll find them under the Reports tab. In addition, Asterisk has its own Command Line Interface (CLI) that is accessible from the Linux command prompt. Just execute the following command while logged in as root: asterisk -rvvvvvvvvvv.

What’s Next? We’ve barely scratched the surface of what you can do with PBX in a Flash. Log into your server as root and type help-pbx for a list of simple install scripts that can add almost any function you can imagine. And Incredible PBX 11 and Incredible Fax can be installed in under 2 minutes to provide you almost every Asterisk application on the planet. You can read the complete tutorial here. In addition, Travelin’ Man 3 can be installed as part of Incredible PBX for rock-solid Internet security. If you care about your wallet, add Travelin’ Man to your server!

New App of the Week. We’re pleased to introduce Trunk Failure Email Alerts for Asterisk supporting SIP, IAX2, and Google Motif trunks. Just insert your email address in this little script and run it every hour as a cron job. You’ll get an email alert whenever any of your VoIP trunks fail. Enjoy!

VoIP Experts on Twitter. GetVoip.com has just released their list of The Top 50 VoIP Experts to Follow on Twitter. It’s a great read… but we may be biased. :wink:

Join Google+ Today. For the latest VoIP and technology news, come follow us on Google+ and join CircleCount.com for a terrific overview of your Google+ friends and their hometowns.

Originally published: Tuesday, December 17, 2013




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity. 


Some Recent Nerd Vittles Articles of Interest…

The New VoIP Frontier: Meet the iPad Mini with Retina Display

Last week was interesting if for no other reason because Apple released an amazing new product without tooting a single trumpet. In fact, the iPad Mini with Retina display was quietly made available on Apple’s web site in the middle of the night. Most believe that the rationale was that the devices were in such short supply that Apple couldn’t afford the PR nightmare of releasing a new product that very few could buy. Guess what? It’s still available. You have to order on the web. Then you can either pick up the device at your local Apple Store, or have it shipped directly to you… from China. We ordered on Tuesday and received the unit on Friday. What struck us about the new iPad Mini is the striking resemblance to the old iPad Mini. One suspects that Apple is running out of magic bunnies to pull from the hat so we’re getting down to one new gee whiz feature per year. In fairness, the new iPad Mini not only has a Retina display, but also has the new A7 chip with 64-bit architecture. The CPU is up to four times faster while graphics performance saw an 800% improvement without sacrificing battery life. To be completely honest, Apple needed the extra horsepower to drive the retina display, and the battery life has been preserved by increasing its size considerably. Almost half of the inside of an iPad Mini is now nothing but battery. Hop over to iFixIt for all the details.

If the new hardware were the only addition, we probably would have had little interest in the new iPad Mini. But we learned a couple of years ago that there’s a dramatic difference in reading on a 7 inch tablet vs. an 8 inch tablet. And, when you add the retina display with 2048-by-1536 resolution and a staggering 326 pixels per inch, the iPad Mini becomes an almost perfect traveling companion for those that do a lot of reading. Apple also bundles an impressive list of business and productivity applications including Siri at no additional cost. For those that work on the Mac platform, the most important enhancement to these apps is that what you see on the Mac desktop using Pages, Numbers, or Keynote is exactly what you’ll see when the document is moved to either the iPad Air or iPad Mini with Retina display. For traveling business folks, that’s a huge improvement!

There have been some equally impressive additions on the communications front for those that enjoy Voice over IP technology. If you’re using PBX in a Flash™ or Asterisk®, we’re pleased to report that the Zoiper IAX client for iOS 7 works flawlessly. Simply set up an IAX extension on your server and enter your credentials in the Zoiper client on your iPad. Screwy as it sounds, Google has released Hangouts on the iOS 7 platform (only) with the added capability to place and receive PSTN phone calls anywhere in the world using a Google Voice PSTN phone number. And calls within the U.S. and Canada are free! Will it disappear? Will Google ever support it on their own Android devices? Who knows? We’ve given up trying to predict what Google will do next, but this addition will probably remain so long as Hangouts continues to be a viable platform. And Google seems to be staking their VoIP fortunes on Hangouts just as Apple has done with FaceTime and Microsoft with Skype. Of course, PSTN calls aren’t possible with FaceTime and, with Skype, PSTN calls are never free. So there is that important difference, and Hangouts fills that niche.

The other major software news is that Google Play Music now is available for iOS 7 as well. In addition to unlimited streaming of almost any music on the planet for $9.95 a month (to a single device at a time), you also can move 20,000 of your favorite songs to the Google Cloud and stream them for free. Apple offers free music alternatives as well including iTunes Radio which now is rolled into the iPad Music app.

There used to be a big reason for buying the cellular addition to the iPads. It made the GPS functionality work. Our Wi-Fi only unit had no problem pinpointing our location with nothing but a WiFi signal. Of course, if you have one of the new Verizon or AT&T bundled data plans, adding an iPad is just $10 a month. That alone would warrant purchase of the unlocked cellular model which now works with all cellular carriers. What a concept!

As you might expect, there are no deals to be had on the iPad Mini with Retina display. But, if you’re looking to buy a new iPad for Christmas, you should probably pay a visit to WalMart or Target on Black Friday. Both retailers are throwing in a $100 gift card with your purchase of the new iPad Air. Nobody other than Apple is yet selling the iPad Mini with Retina display. For another great review, see today’s coverage on The Verge. Enjoy!



Just Released: AstriCon 2013 Videos. Digium has just released all of the videos from AstriCon 2013 on the new YouTube Asterisk Channel.



Originally published: Monday, November 18, 2013




Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Introducing the Grandstream UCM6100 Asterisk PBX: So Close But So Far Away

Grandstream has done with Asterisk what Samsung and others did with Android. You basically take a freely available, open source toolkit and transform it into a terrific piece of turnkey hardware with tremendous savings in development costs. While it’s great for consumers, to us it highlights what is wrong with the GPL2 license which lets companies do this in the first place. These for-profit companies give almost nothing back to the open source community. Remember, it’s not their toolkit which took talented (and uncompensated) developers hundreds of man-years to construct. In Samsung’s case, they built closed source smartphones and tablets. With the Grandstream UCM6100 series, you get closed source PBXs. What’s wrong with this picture? Lots! You’re taking someone else’s work product, embellishing it to make a profit, and returning nothing to the open source community that made your open source product possible in the first place. Don’t get us wrong! We love Samsung’s smartphones and tablets. We’ve owned at least a half dozen of them. And Grandstream’s UCM6100 is an incredibly useful appliance for home offices as well as small and large organizations. We can think of a thousand use cases for the UCM6100 in the corporate and government workplace. If done right, it could easily have replaced the $200,000 PBX that supported 100+ employees in one of my former organizations. We also should note that Grandstream isn’t the first company to attempt this feat with Asterisk. Read Tom Keating’s excellent article for the history. And don’t forget the AA50 for a few cents more. :-)

What is disappointing is that all of these products would be so much better and so much safer if the companies would open source their code and encourage community development to finish the job they started.1 No individual and few companies could match the hardware development platform that Samsung and Grandstream have managed to put together. In Grandstream’s case, you can buy the UCM6102 at retail for $264! It includes two FXS ports for devices such as fax machines and two FXO ports for interconnecting your Ma Bell PSTN trunks to a one-pound SIP powerhouse. That $264 buys you an incredibly attractive piece of hardware with an LCD that tells you everything about your PBX at the click of a button. And there are small LEDs to display the status of the LAN, WAN, USB, SD card, Phone, Fax, and both Telco lines. The device can sit under your phone on your desk in a SOHO office, or it can be wall-mounted in the closet of a bank’s branch office. Models are also available with 4 FXO ports (pictured above) as well as 8 and 16 FXO ports. One of these could meet the needs of almost any organization, regardless of size. Amazing hardware technology, really!

The web-based software user interface (UI) is no less impressive. FreePBX® has been our development partner on open source Asterisk® projects for the better part of a decade. To say they’ve made Asterisk what it is today is an understatement. Asterisk is a toolkit. FreePBX makes it a useful PBX for millions of users around the globe. Having said all of that, competition makes the world go ’round. And Grandstream has built an impressive UI for the UCM6100 devices. What is more amazing is to compare the performance of the Grandstream device to our own Incredible PBX for the Raspberry Pi which runs with Asterisk and FreePBX on a virtually identical processor with the same memory constraints as the UCM6100 devices. Night and day is the only way to sum it up. The Grandstream PBX literally runs circles around the Raspberry Pi in hardware and UI performance. In fact, you would never know the Grandstream PBX wasn’t running on a quad-core processor with several gigs of RAM if you were judging by performance. And there’s even a little fan that comes on about once an hour as if to remind you that there’s a real computer under the covers.

After receiving our UCM6102 late last week, we put it through its paces. We set up extensions and trunks and ring groups and outbound routes and inbound routes. We tested voicemail. We configured an IVR. We uploaded custom voice prompts. We tried out the Parking Lot and Call Forwarding and Conferencing. It all worked swimmingly, and configuration took only minutes with the web-based UI which was quite intuitive given its similarity to older releases of FreePBX such as 2.8 and 2.9.

But, in the words of Geoffrey Chaucer, “All good things must come to an end.” Our next mission was to interconnect the UCM PBX with one of our existing PBX in a Flash servers. After all, the real utility of a turnkey PBX appliance like this would be to support a branch office with no technical staff in residence. This would allow a bank or a hospital or a real estate company to interconnect sites with extensions at each site that could transparently connect to each other. For example, dialing 5000-5099 would ring phones in the main headquarters while dialing 5300-5399 would ring phones in branch office #3. For this to work in the Asterisk environment, we need password-protected trunks on each Asterisk server that interconnect the PBXs to each other to form a meshed network. It’s not difficult, and we’ve explained how to do it in previous Nerd Vittles articles using PBX in a Flash as well as Incredible PBX for the Raspberry Pi.

Trunk to Trunk Server Connections. As the screenshot above shows, connecting a trunk from the Grandstream PBX to our Asterisk server was a breeze using both SIP and IAX trunks. But attempts to connect a trunk from the Asterisk server to the Grandstream PBX using both SIP and IAX failed with password errors. When we alerted the Grandstream development team, suffice it to say they were confused. Did we mean we wanted to connect a remote Asterisk server to an extension on the UCM6100? That was the first hint that all was not well in Asterisk Land. It became readily apparent that the developers were quite adept at mimicking the functionality of FreePBX to create a powerful PBX. But they lacked an in depth understanding of some of the Asterisk fundamentals. While the Grandstream development team was incredibly responsive, it reinforces why open sourcing their code would provide huge benefits not only to others but also to their own project. It gets worse, unfortunately, much worse.

To make a long story short, it doesn’t appear that safely interconnecting trunks between Asterisk servers and the Grandstream devices is available at least at this juncture. What is possible and what the Grandstream developers documented is the ability to create a trunk on a remote Asterisk server that registers to an extension on the Grandstream PBX. But this still did not enable users on remote Asterisk servers to call extensions on the Grandstream PBX unless the Allow Guest Calls option was enabled in the device’s SIP settings. That didn’t make a lot of sense to us if, in fact, the remote Asterisk server was actually registered to the Grandstream PBX. So we changed the password on the extension to make sure the registration would fail. And, yes, you still could make calls to the Grandstream PBX extensions so long as Allow Guest Calls was enabled. Did we mention? It gets worse, much worse.

IVR Vulnerability. Remember that IVR setup we mentioned? By default, it sits on extension 7000 on the Grandstream PBX. We called it from an extension on the remote Asterisk server, and it worked as expected even without a valid SIP registration so long as Allow Guest Calls was enabled. You probably can guess what our next test was. We disabled Allow Guest calls and attempted to call an extension on the Grandstream PBX. It rang busy as it should. We then dialed extension 7000, and guess what? The call went through. Whoa! Remember, SIP guest calls had been disabled, and there was no SIP registration because of a password mismatch. In short, anybody from anywhere that knew the public IP address of our Grandstream PBX could now connect to any IVR on the device just by knowing that the IVRs begin with extension 7000. It’s a classic dial plan mistake of letting external calls bleed into privileges which should be reserved for internal users. For security and other reasons, it’s also why FreePBX does not assign extension numbers to IVRs. But there’s more.

Stealth AutoAttendant Gone Bad. As you can see from the IVR Setup screen shown above, two of the options available when setting up an IVR are to enable calls to Extensions and to Trunks. Many administrators as well as casual users that barely understand what they’re doing probably would enable these features believing the options would be restricted to local use by the default guest call restriction. Wrong! What it means in terms of this security lapse is that now any anonymous caller with your IP address can dial into your Grandstream PBX and, while the IVR announcement on the default IVR extension (7000) is playing, the anonymous caller can dial any Extension or any long distance call supported by the Grandstream PBX trunk configuration so long as these options were enabled in the IVR. In Nerd Vittles parlance, think of it as a remake of our Stealth AutoAttendant with Public DISA Connectivity… for the world!

FXO/PSTN Warning. In discussing this with Tony Lewis of Schmooze and FreePBX fame, he reminded me that we’re talking about a PBX that’s been designed for business use with FXO ports and PSTN trunks. So, while the SIP vulnerability at least required that someone know the IP address of your PBX, once you connect PSTN lines to the Grandstream PBX and answer incoming calls with an IVR on the system, all bets are off. Anonymous bad guys now can place PSTN calls to any published phone number for your server that happens to connect to an IVR. These calls then can be used as the springboard to place outbound calls to anywhere the PBX trunk setup permits. Get out your checkbook!


Syslog Configuration. We have another concern with the device as well. The default syslog setup sends information to log.ipvideotalk.com which is a server registered to Grandstream Networks in Los Angeles. With a closed platform, you have no way to decipher what is actually being sent without putting Wireshark on the line and monitoring it. While we are not suggesting that Grandstream has anything but the best of intentions, we think it’s a better practice to allow folks to opt in to monitoring systems, particularly ones that provide as much confidential information as the Asterisk syslog setup.

Other Security Issues. Having owned the device for only a few days, we obviously have not tested all of the potential attack vectors. There are other anomalies in the dial plan code which we really can’t quite figure out without seeing the actual code. We were going to try to document an equally serious issue with the trunk peering, but your head would probably explode just trying to wrap your head around the problem. Ours did! Suffice it to say, with a single outbound route to a registered trunk that has failed to register, all outbound calls initiated by internal and external callers should always fail. They don’t! We’re also unclear whether the appliance provides SSH access for the root user. In any case, you aren’t provided the password. That could potentially be a problem if, in fact, a root account is enabled on the appliance. Finally, we should note that, according to the GPL materials published by Grandstream, this appliance is running Asterisk 1.8.9.3. Twenty-five versions of Asterisk 1.8 have been released since that offering appeared eight months ago. Some of those updates patched serious security vulnerabilities in the Asterisk 1.8 code.

Until Grandstream addresses some of these security issues, you are well advised to only operate a Grandstream PBX behind a secure, hardware-based firewall with no Internet port exposure. We would caution against connecting PSTN trunks to the device at this juncture. If you’re feeling lucky, a possible option for the time being would be to disable IVRs and especially the extension and trunk dialing options. That alternative unfortunately defeats the real purpose of buying these devices.

I Have A Dream. Not to beat a dead horse, but discoveries like this reinforce the need for companies such as Grandstream to revisit their design strategy and give serious consideration to open sourcing their code. After all, Grandstream is primarily a hardware company, and they could sell a gazillion of these appliances if the platform were open. We’ve hurriedly compiled a list of features that currently are missing which could be added almost overnight if this were an open source project. The PBX in a Flash development team would be at the front of the line to assist!

  1. No text-to-speech functionality
  2. No speech-to-text functionality
  3. No (intended) DISA functionality (but data is collected in syslog??)
  4. No ability to load custom dialplan code
  5. No AGI/PHP script support
  6. No Google Voice support for free calling in U.S. and Canada (add it for $30 like this)
  7. No SIP/IAX trunk registrations from remote Asterisk servers
  8. No incoming calls except via anonymous SIP or PSTN (nixes interoffice setups for extensions)
  9. No traditional fax support except using fax machine on FXS port (T.38 is supported)
  10. No access to Asterisk CLI for debugging or otherwise
  11. Crippled SSH access (basic config info, set/get variable, upgrade, reboot, reformat)
  12. No VPN support
  13. No SIP security with Internet exposure
  14. No Fail2Ban support
  15. No WhiteList security to lock down the server

Recommendations. In closing, we don’t mean to suggest that security vulnerabilities never occur in open source code, but open source does guarantee that hundreds if not thousands of developers would be reviewing the code rather than a handful of people that may not fully appreciate all of the nuances of Asterisk. And each time a discovery like this occurs that has the potential of costing unsuspecting companies thousands of dollars in unanticipated phone bills, it gives Asterisk an undeserved black eye. Issuing a patch unfortunately won’t cure this problem for most purchasers because most purchasers never upgrade firmware on appliances.

We hope Grandstream will either pull the devices from the marketplace until the default firmware is fixed or place a big orange warning sticker on the boxes warning purchasers to upgrade the firmware and explaining the consequences of not doing so. Better yet, do the right thing and open source the platform and the code so that others can benefit from Grandstream’s development work on what still could be an incredibly useful and amazing device.


July 31 Update: After an exchange of emails with Grandstream, we have a better understanding of their call routing methodology that we want to pass along. It should be noted that the security holes we documented still exist, but there are mechanisms in place to stop the bleeding… if you know how to use them. Grandstream relies upon a set of Privilege Levels for extensions and IVRs as well as inbound and outbound routes. These include Internal, Local, National, and International. Only Extensions and IVRs with matching or higher privileges can use Inbound and Outbound Routes of a matching or lower privilege level. Read that again! It’s important. For example, if an extension has Internal privileges (the default), then that Extension can only access Outbound Routes designated as Internal. Calls to other numbers will fail. Unfortunately, all routes default to Internal, and this security mechanism is barely documented in the User Manual. Unlike FreePBX which uses Outbound Routes to connote calls leaving your server, Outbound Routes in Grandstream parlance are a set of dialplan rules for every call. Stated differently, to have a secure system, you need to create an Outbound Route for every possible type of external AND internal call. The same holds for Inbound Routes. Here’s an example of how to safely configure Trunks and Extensions between the Grandstream PBX and a remote Asterisk server so that extension-to-extension calls can be made between the two offices while insulating your IVRs from the long distance free for all that we documented in the original article.

Unfortunately, the IVR setup is still buggy and hence vulnerable. As the chart at the end of this article makes clear, there presently is no way to configure an IVR in such a way that remote callers cannot make long distance trunk calls while local extensions can. The only options presently available are either to disable the Dial Trunk option or to set the IVR Privileges lower than the Privileges setting for your outbound trunks. Do NOT rely upon a separate IVR for local users with the Dial Trunk option enabled thinking you’re safe. You’re not! Our original article above explains the possible consequences.

Remote Asterisk Server Setup Using FreePBX. On our remote server, we want to create two Trunks and an Outbound Route. One trunk will be used to set up an outbound registration to an Extension on the Grandstream PBX. We’ll use this trunk to place calls to Grandstream PBX extensions, IVRs, and conference rooms. The other trunk will be used to authenticate an inbound registration from the Grandstream PBX. The Grandstream PBX extensions will use this trunk (with registration from the Grandstream PBX) to initiate calls to extensions registered on our remote server. The outbound route will be used to route calls using the outbound registration trunk to Grandstream PBX extensions, IVRs, and conference rooms.

Here is the outbound registration trunk to extension 5001 on the Grandstream PBX (192.168.0.120 in our example):

Here is the inbound registration trunk to authenticate the Grandstream PBX matching trunk:

Here is the outbound route that allows extensions on the remote server to call Grandstream extensions, IVRs, and Conference Rooms:

You would also want to create an Inbound Route for 5001 that sends incoming calls from dialing 5001 on a Grandstream PBX extension to a particular destination on your remote server. Otherwise, the calls would be processed using the FreePBX default inbound route if you happen to have one. In our setups, we typically point the default inbound route to an IVR or a receptionist’s extension.

Grandstream PBX Setup to Connect to Remote Asterisk Server. To make all of this work securely, we need to create an Extension to handle the inbound registration from the remote Asterisk server so that users on the remote server can call extensions, IVRs, and conference rooms on the Grandstream PBX. And we need a SIP trunk that will register to the remote Asterisk server so that Grandstream PBX users can call extensions on the remote Asterisk server. Then we need Inbound and Outbound Routes to lock things down. We’re using 192.168.0.181 as the IP address of the remote Asterisk server in this example. The key point in securing the Grandstream PBX is to assign the proper permissions to the Grandstream Extension and IVRs that will be used with remote server connections. Then elevate permissions where necessary on the Inbound and Outbound Routes to make sure only our truly local extensions can make calls using Grandstream long distance and PSTN trunks. Don’t confuse local extensions with Local permissions. A local extension is an extension that registers to the Grandstream PBX. Local permissions is a security level that means a particular resource can only do things with other matching Internal or Local resources and with no resources that have been assigned a higher permission level. Internal permissions means a resource can only do things with other Internal resources. Clear as mud? We know. Hang in there until we’re finished.

First, create extension 5001 that will be used by the remote Asterisk server to register with the Grandstream PBX:

Next, create a SIP Trunk that will register to the remote Asterisk server at 192.168.0.181. We’ve used 1234 as the password in our examples so plug that in for the time being. You obviously would want something more secure than that! You’ll note that you don’t assign a Permission level to a Trunk. That is handled in the Inbound and Outbound Routes which tie particular routes to designated trunks. So Trunks inherit their permissions based upon a matching route. We suspect this may be the root cause of the security holes that we’ve documented. If there is no specified route for a particular type of call, Grandstream is doing something internally to make a determination on whether to allow the call or not. In some cases, that determination just happened to be wrong.

For truly local users, i.e. extensions directly connected to the Grandstream PBX, you need to elevate the Permissions for those extensions to reflect the types of calls you want them to be able to make. Typical permission for these extensions would be National or International. The same holds true for IVRs. Elevate IVR permissions to restrict usage to your intended audience. Keep in mind that we’re treating calls to extension 5001 on the remote Asterisk server as Internal. That’s the bottom rung in the security ladder which means every local extension and IVR will be able to place calls to that extension. If this isn’t what you want, then you’ll need to elevate the 5001 extension permissions accordingly. For example, you may only want Grandstream PBX extensions with Local call permissions to be able to call extensions on the remote PBX. In this case, you would want to change the 5001 extension permission level to Local.

Let’s tackle the Inbound Routes next since this was the cause of the inability to connect to local Grandstream extensions from the remote server. If you’re using the default Grandstream setup, then you’ll need Inbound Routes for both _50XX extensions and _70XX IVRs to permit remote callers to connect with Grandstream PBX extensions and IVRs with Local permissions only. This means that even if they connect to the 7000 IVR, they will not be able to make long distance calls on your nickel even if Trunk dialing is enabled.

The Inbound Route rule for Extensions should look like this:

The Inbound Route rule for your IVRs should look like this:

The key point to keep in mind with Inbound Route IVR permissions is to keep the permission level LOWER than whatever permission level you assign to the Outbound Route for placing calls that cost you money, typically National and International.

Now let’s set up the Outbound Route to restrict outbound calls to 10-digit numbers for extensions, IVRs, and Inbound Routes to those with at least National permissions. Keep in mind you may need additional outbound routes with Local permissions for certain 10-digit numbers if your local calling area happens to include free calling to multiple area codes, e.g. Atlanta.

Depending upon your setup, you may need additional dialplan rules and outbound routes to handle 11-digit numbers which should be routed out through a PSTN trunk, e.g. 1NXXNXXXXXX. And because of the security hole, be sure to add a catch-all for international calls that requires International permissions. The dial string XXXXXXXXXXX. will catch everything not included in the NXXNXXXXXX and 1NXXNXXXXXX outbound rules.

Finally, you’ll need an Outbound Route that allows local callers on the Grandstream PBX to connect to extensions on the remote PBX. You typically would assign Internal or Local permissions to this route which would look something like the following depending upon the extension configuration on your remote PBX:

A Word of Caution on IVRs: In the Grandstream security model, IVRs have their own Privilege levels. At least at this juncture, that Privilege level can “promote” the permissions of a call that began at a lesser privilege level. For example, if your Inbound Route for 7XXX calls is assigned Local privileges and the 7000 IVR is assigned National privileges, an incoming call to 7000 from a remote PBX will “inherit” the National privileges of the IVR. This obviously should never be possible. Either the 7000 IVR should generate Congestion and not answer the call at all where the Inbound Route has lesser privileges than the IVR. Or, at the very least, those options in the IVR (including stealth extension and trunk dialing) that require National or International privileges should generate Congestion and disconnect the call. For the time being, ALWAYS set the Privilege level of an IVR to the lowest permission threshold to protect your server and wallet from the consequences of placing unintended toll calls. Here’s a little chart we put together to document the impact of merely changing the Privilege setting for the 7000 IVR:

Other Tips and Tricks. Here are a few other suggestions to expand the functionality of your Grandstream PBX:

Add Google Voice Support with an OBi Device

Add Bluetooth Cellphone Trunk with an OBi202

Add Free iNum Calling Worldwide with a VoIP.ms Account using an OBi202

Continue reading Part 2


Deals of the Week. There are a couple of amazing deals still on the street, but you’d better hurry. First, for new customers, Sangoma is offering a board of your choice from a very impressive list at 75% off. For details, see this thread on the PIAF Forum. Second, a new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage, too, which will help avoid another PIAF Forum disaster.

Originally published: Tuesday, July 30, 2013




Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Don’t miss the first-ever FreePBX World on August 27-28 at the Mandalay Bay in Las Vegas. For complete details, see this post on the FreePBX blog.


 

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. It turns out Grandstream may not have much of a choice but to open source their code. It now appears their PBX and User Interface are both based upon open source GPL2 software owned by Digium. []

Taking a Page from Asterisk: How Far We Have Come

We’ve never written about paging technology before, and this is one of those areas of VoIP telephony where it certainly paid to wait. What a difference a few years makes! At least in the Asterisk® context, SIP-based paging traditionally involved issuing a Page command with a list of extensions in your dialplan. The wrinkle was that each VoIP phone manufacturer had its own SIP header to trigger autoanswer on its phones. And, without autoanswer, paging becomes next to worthless with desktop phones. Then came FreePBX®. It took all the pain out of the process by using the *80 prefix to issue a page to almost any type of SIP phone. The one wrinkle was that Grandstream and a few other phones require that autoanswer be enabled for paging in the device configuration. Aside from that, any user can pick up a phone on a PBX in a Flash system and dial *80707 to page extension 707 with duplex voice communications through the speakerphones, meaning both parties can talk and listen to each other, the perfect VoIP intercom. And, there’s more good news. Paging works with almost all of the major phone manufacturers’ phones: Aastra, Digium, Grandstream, Linksys/Sipura, Mitel, Polycom, SNOM, and Yealink. In addition, the SIP-compatible Cyberdata ceiling speaker and Cyberdata POE Doorphone/Intercom with Keypad function just like a SIP phone.

For small groups of phones, paging now works equally well using the FreePBX Paging Module which allows an administrator to preconfigure a group of phones, specify whether to skip busy extensions, barge into busy extensions and place existing callers on hold, or whisper the page to the busy extensions. You can even enable or disable duplex communications during the page. Think of it as instant conference. The module also provides the flexibility for individual phone users to block pages from one or more extensions or even all extensions. Finally, the module lets you create and save multiple configurations for different purposes, and you can designate an Announcement message that plays to every page recipient. For organizations that need additional functionality including Page Scheduling and Automatic Page Alerts on Outbound Routes, take a look at the Schmooze PagingPro module. And, for a historical look at the evolution of paging on the Asterisk platform, see Chapter 11 of Asterisk: The Definitive Guide (4th edition). Better yet, buy the book!

So why do we need paging? In the corporate setting, it provides a perfect emergency broadcast service for fires, earthquakes, patient escapes from the loony bin, etc. In a school setting, it could inexpensively replace costly public address systems requiring dedicated wiring, speakers, and amplifiers. The Asterisk paging solution has the added benefit of letting anyone broadcast from anywhere by simply picking up a nearby phone and dialing some (hopefully password-protected) extension number. Separate RTP streaming IP addresses also could be configured on departmental phones to allow automobile dealership zone paging for parts, sales, or service. So a receptionist could park a call and then announce it to a particular department by pressing a softkey on the sidecar. And you still could have an additional emergency channel that reaches everybody. Just set up a different number to page each zone as well as the entire organization.

So that’s where we were until a week ago when Brian Kelly of PIAF Forum fame began exploring Multicast RTP Paging with Asterisk and AirPlay. Think of Multicast RTP as a radio station that streams data on a particular IP address and port. If you happen to have Multicast-aware SIP phones, they can “tune in” to particular channels of interest. And, whenever a stream is broadcast on one of the channels the phone device is preconfigured to listen to, it will go off hook just as if it had received a page as outlined above. The major advantage to RTP streaming is that there is only a single stream of data on a single channel whereas paging to multiple extensions requires a channel of data for every extension. If you want to follow along with today’s project, just configure one of the Multicast RTP streams on your phone with the port and IP address shown below.

The wrinkle is your phone devices must support Multicast RTP streaming, and many current models do not. Our VoIP Phone of the Year, the Yealink T46G, qualifies. So do some of the Aastra, SNOM (v7), and Linksys/Cisco phones (with quirks!). And the Cyberdata speaker and doorphone (above) support Multicast RTP streaming as well. Digium Phones currently do not. If you know of other phones that support Multicast RTP streams, please post a comment. You’ll know if your particular phone supports it if it has a configuration section in the manual that looks something like this:

The good news is current versions of Asterisk including 1.8, 10, and 11 support Multicast RTP Streaming and PIAF-Purple and PIAF-Green come preconfigured for RTP Multicast Streaming. A single line of dialplan code is all you need to initiate a broadcast:

exten => 1234,1,Dial(MulticastRTP/basic/224.0.0.1:1234)

This would cause the Multicast RTP Stream broadcast to begin on port 1234 of IP address 224.0.0.1 as soon as someone on your PBX in a Flash server dialed extension 1234 and began to speak. Every phone or SIP device listening for broadcasts on port 1234 from IP address 224.0.0.1 would receive the listen-only page on their speakerphone.

Of course, Brian was not content to merely issue a page from Asterisk to his SIP phones. He wanted all of them to be able to listen to his iTunes music collection using his iPhone or iPad. This required AirPlay, but AirPlay can only stream to iOS devices. Well, not so fast. An enterprising guru on SourceForge created his own AirPlay emulator called Shairport4w. This is a Windows application that works just like an AirPort server. It “listens” for content from an iPhone or iPad that has designated Shairport4w as its AirPlay device. iTunes has the ability to stream music to any AirPlay device including the Shairport4w. So that was half of the puzzle. That got iTunes music playing great on the Windows desktop.

But we needed the other piece of the puzzle. We needed to push the music from the Windows machine to the SIP phones using Multicast RTP streaming. Brian found the missing piece of the puzzle for that as well. It’s called Multicast Streamer for Windows and it’s available at no cost from CodeProject. Simply download and unzip the bundle of goodies and run Multicast Streamer on your Windows desktop together with Shairport4w. Shairport4w captures the incoming AirPlay stream and pushes it to the sound card.

Now we simply need to configure the sound card as the input device for Multicast Streamer and make the appropriate settings to broadcast the RTP stream to port 1234 on IP address 224.0.0.1. This was the listening port and IP address we configured on our SIP phones. Be sure to also adjust the Samples per second to 8,000 and the Bits per Sample to 16.

Your mileage may vary but in our case the only output device showing on Multicast Streamer was Microphone. What we needed was Stereo Mix to capture data from the sound card rather than the microphone. If yours is missing, do the following. Right-click on the Speaker icon and switch to the Recording tab. If you don’t see Stereo Mix, then Right-click on an empty area and make sure that both “Show Disabled Devices” and “Show Disconnected Devices” are checked. When the Stereo Mix option appears, Right-click on it and check Enable. Set the level to 100. Now it will also appear as an input device when you restart Multicast Streamer. Choose it as the default input device, make sure all your other settings match what we outlined above, and then click Start to begin the stream. Now stroll over to your iPod music player app on your iPhone or iPad, choose Shairport4w as the AirPlay output device, and play away. To cancel the stream on any phone, just hangup the speakerphone. Enjoy!


Deals of the Week. There are a couple of amazing deals still on the street, but you’d better hurry. First, for new customers, Sangoma is offering a board of your choice from a very impressive list at 75% off. For details, see this thread on the PIAF Forum. Second, a new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage, too, which will help avoid another PIAF Forum disaster.

Originally published: Monday, July 22, 2013




Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Don’t miss the first-ever FreePBX World on August 27-28 at the Mandalay Bay in Las Vegas. For complete details, see this post on the FreePBX blog.


 

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. Here’s the Nerd Vittles Discount Code: AC13NERD.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Ringbinder theme by Themocracy