Home » Posts tagged 'voip' (Page 7)
Tag Archives: voip
The Most Versatile VoIP Provider: FREE PORTING
JUST RELEASED: Visit the Incredible PBX WikiDeploying an Incredible PBX 2021 PUBLIC Server
With the almost overnight popularity of the new Clearly Anywhere softphone which provides Incredible PBX connectivity from virtually anywhere, we wanted to add a missing piece to our Incredible PBX 2021 release. Because softphones need connectivity on both cellular networks and using Wi-Fi with dynamic IP addresses in multiple locations, exclusive whitelist-based access to Incredible PBX platforms simply was no longer feasible. Additionally, due to Clearly Anywhere’s tight integration with the FreePBX® User Control Panel (UCP), remote access to UCP for mobile users has become more important particularly with the new QR Code auto-configuration option for Clearly Anywhere clients.
Safely deploying a public-facing Asterisk® server with full FreePBX functionality has become the Holy Grail for Nerd Vittles in 2020. Today we tackle it with the new Incredible PBX® 2021 Debian platform featuring the latest releases of Asterisk 16 and FreePBX 15. The icing on today’s cake is an additional offer from Skyetel that supplements the current Nerd Vittles BOGO offer of up to $500 in half-priced VoIP services. Skyetel now starts you off with a $10 credit just for opening an account here. Then, after you have had an opportunity to kick the tires and perhaps purchase a DID for a buck, you can make $9 worth of phone calls before deciding whether to take advantage of the BOGO special by making a purchase of up to $250 and having Skyetel match your contribution. Once you have funded your account, you then can also take advantage of Skyetel’s free number porting offer for the next 60 days. To get your $10 credit, just open a ticket and request the $10 Nerd Vittles credit once you’ve signed up. To get the Nerd Vittles BOGO price match and take advantage of free number porting, simply open another ticket once you have added up to $250 to your account. Effective 10/1/2023, $25/month minimum spend required.
Making the Case for a Public-Facing PBX
We’ve had folks using our Incredible PBX PUBLIC implementation for over a year, and today we expand the offering to support the new Incredible PBX 2021 with Debian 10. Early on, the first question we got was why anyone would want to do this. After all, PBX in a Flash 3 and Incredible PBX for the better part of a decade have been deployed with a whitelist using the Travelin’ Man 3 firewall, and there’s never been a security issue. So why switch horses now? The short answer is mobile users with dynamic IP addresses. If all the users of your PBX are sitting behind the same NAT-based router with static IP addresses, the Travelin’ Man 3 design is perfect. The bad guys could never even see your server. But if some of your users either reside or travel outside your home base or if you want calls to follow you on your smartphone with Clearly Anywhere when you leave home or the office, then Travelin’ Man 3 blocked SIP access from these remote phones until their new IP addresses were whitelisted. Multiply this by dozens or hundreds of users, and network management suddenly became a full-time job. Yes, we’ve had tools such as dynamic DNS and PortKnocker to ease the pain, but it still was a knuckle-drill for mobile users. And, in today’s Covid world, much of the workforce is quickly morphing into mobile users without a traditional desk at any office. What we were also beginning to see were homegrown "improvements" to the IPtables firewall where users that didn’t appreciate the risks were exposing their servers to SIP attacks simply to ease the pain of connecting remotely.
The world also is becoming more SIP savvy. Just as folks are learning that a $35 antenna can provide an awesome collection of 4K Ultra HD TV channels without the expense of a monthly cable bill, others are learning that a SIP telephone or softphone app on your smartphone can provide free calls to and from anybody with a SIP URI without sharing your communications with Facebook or Microsoft. A public-facing PBX makes free worldwide SIP calling a reality.
Building the Base Platform for Incredible PBX PUBLIC
To get started today, begin by installing Incredible PBX 2021 using our latest tutorial. We strongly recommend a cloud-based KVM platform with a static IP address on the Internet.
Once you have set up your Incredible PBX 2021 server, the next step is to assign one or two fully-qualified domain names (FQDNs) to your server. You can have one FQDN for registering SIP extensions and a different one for anonymous SIP (invite) access to your server, or you can use the same FQDN for both. Security through obscurity provides an extra layer of protection for your server so choose your FQDNs carefully. sip.yourname.com provides almost no protection while f246g.yourname.com pretty much assures that nobody is going to guess your domain name. This is particularly important with the FQDN for SIP registrations because registered extensions on your PBX can obviously make phone calls that cost money. If you don’t have your own domain, you can always obtain a free FQDN from a service such as NoIP.com.
By default, Incredible PBX 2021 configures five extensions (701-705) and a Ring Group for those extensions (777) as well as four trunks. With Skyetel, your PBX is ready to make and receive calls as soon as you sign up. With the other three trunk providers, you only need to enable the trunk. You can add as many additional providers and extensions as you like and modify the ring group to meet your needs. To get started, be sure to configure the correct time zone for your server as this affects delivery of reminders. Run /root/timezone-setup. Next, set a secure password for admin access to the FreePBX GUI modules. Run /root/admin-pw-change. Then set a secure password for admin access to web applications such as AsteriDex, Reminders, and User Control Panel. Run /root/apache-pw-change. In addition to reviewing your extensions and ring group, review the default inbound route and choose the destination for the incoming calls from your provider. Finally, configure the outbound route to use the provider sequence desired. By default, it uses Skyetel for outbound calls.
If you plan to use Clearly Anywhere, you’ll need to add at least one PJsip extension on your PBX or use the preconfigured PJsip extension 701. Simply navigate to Applications -> Extensions in the FreePBX GUI. Choose Add Extension -> Add PJsip Extension. In the General tab, insert an extension number in User Extension and Display Name, e.g. 707. In the Advanced tab, set Max Contacts to 11 which will let you connect up to 5 Clearly Anywhere softphones to the extension. Click Submit and Reload Dialplan when prompted. Go back into the new extension and make note of your new credentials for User Manager. You’ll need these for Clearly Anywhere. Remember to also add the PJsip extension to the Inbound Route for your incoming calls.
Going Public with Incredible PBX 2021
Once you’ve tested making and receiving calls with your new server, you’re ready to convert it into a public-facing PBX. Before proceeding, remove any whitelist entries you’ve added using add-ip and add-fqdn by running del-acct. These can be added back after the GO-PUBLIC-2021 install script is run. In order to run the install script below, you’ll need your FQDNs that you chose above, plus a port number for future SSH/Putty access to your server, plus a list of the extensions you wish to make available for public access to your PBX. These whitelisted extensions can be reached via SIP URI from anywhere in the world by anybody. It works just like your old MaBell phone. Anybody, anywhere can dial your number. What’s changed is now the calls are free. So choose your list carefully. We recommend using the year you were born for your SSH port to keep things simple for you. Once the GO-PUBLIC-2021 script has been run, you can only access your PBX via SSH/Putty at the new port, for example: ssh -p 1990 root@yourFQDN.com
Now we’re ready to run the install script. It takes less than a minute. Before you begin, log out of ALL SIP extensions you have previously registered with Incredible PBX 2021 and change the server destination from an IP address to the FQDN you plan to assign to SIP registrations. Otherwise, these IP addresses will get banned while the install script is running below!
cd /root wget http://incrediblepbx.com/go-public-2021.tar.gz tar zxvf go-public-2021.tar.gz rm -f go-public-2021.tar.gz ./GO-PUBLIC-2021
A Few Words About Incredible PBX PUBLIC Security
As with all Incredible PBX servers, Incredible PBX 2021-PUBLIC includes the Automatic Update Utility. Please don’t disable it. It’s our only way to push updates to you if some vulnerability is discovered down the road. It gets run whenever you login to your server as root using SSH/Putty. Do so regularly and follow us on Twitter for security alerts. There’s also an Incredible PBX RSS Feed that is displayed when you login to the Incredible PBX GUI with a browser. It, too, includes security alerts and should be checked regularly. It’s your phone bill.
Incredible PBX 2021-PUBLIC uses the ipset utility in conjunction with the IPtables firewall to block several countries that have inordinately high concentrations of folks that try to break into VoIP servers. In addition, your public PBX includes the VoIP Blacklist which includes another 100,000 bad guys from around the globe. These blacklists get updated every night by a script which is run from /etc/crontab. For your own safety, don’t disable or delete /etc/update-voipbl.sh or the other components upon which it relies.
Here are some other things you should do regularly to assure that your server remains secure. Login via SSH/Putty as root and check pbxstatus after the Automatic Update Utility is run. With the exception of the fax components, all the other items should be green all the time. From the Linux CLI, run: iptables -nL. This will show your firewall rules and whether any IP addresses have been banned by Fail2Ban. If there are banned IP addresses that are not your own, please open a thread on the VoIP-Info Forum and let us know about it. If there are dozens of banned IP addresses, shutdown your server immediately until the problem is identified and resolved. If the IP addresses happen to be your own users because of using incorrect passwords or because of using a server IP address instead of its FQDN for SIP registrations, unban the IP address:
fail2ban-client set asterisk unbanip xxx.xxx.xxx.xxx
Finally, watch the Asterisk CLI periodically for abnormal activity: asterisk -rvvvvvvvvvv
Tightening Up SSH Server Access
You obviously need a very secure root password for access to your server using SSH/Putty. Changing the TCP port for SSH access avoids the script kiddies, but it doesn’t offer much protection from a determined cracker. SSH login attempts are monitored by Fail2Ban, but Fail2Ban has issues when a determined intruder is using a powerful computing platform such as Amazon EC2. The prudent solution is to disable SSH password access and use SSH Public Key Authentication as documented in the linked tutorial. Always, always use ssh-copy-id to copy your credentials to more than one desktop machine so that you don’t inadvertently lock yourself out of your PBX in case of a hardware failure. Then set PasswordAuthentication no in /etc/ssh/sshd_config and restart SSH: systemctl restart sshd.
Web Access to Incredible PBX 2021 PUBLIC
By default, web access to all apps including FreePBX, UCP, AvantFax, AsteriDex, and Reminders is limited to whitelisted IP addresses. For some implementations, particularly those using Clearly Anywhere, this may not be ideal as UCP can assist with user management of the PBX as well as QR code provisioning of Clearly Anywhere. The Apache web server can be used to manage web access so long as you understand the need to apply Apache security patches in a timely manner.
Assign the same FQDN that you use for SIP access to port 80 for the UCP application. Deploy OpenVPN on your server and use the PBX’s OpenVPN IP address for general access to all web applications we listed above. If you’d like public access to the FreePBX GUI, assign web access for it to another random port, e.g. 8080 in our example below. Block web access to your server from the public IP address of your PBX on both port 80 and 8080 in our example below. Here’s how to accomplish that. Create a new file in /etc/pbx/httpdconf. Create public.conf with the following contents:
Listen 8080 <virtualhost *:80> ServerAdmin you@gmail.com ServerName 111.112.113.114 Redirect 403 / UseCanonicalName Off UserDir disabled </virtualhost> <virtualhost *:8080> ServerAdmin you@gmail.com ServerName 111.112.113.114 Redirect 403 / UseCanonicalName Off UserDir disabled </virtualhost> <virtualhost *:80> ServerAdmin you@gmail.com ServerName server-fqdn.com DocumentRoot /var/www/html/ucp ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log common </virtualhost> <virtualhost *:80> ServerAdmin you@gmail.com ServerName 10.8.0.123 DocumentRoot /var/www/html ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log common </virtualhost> <virtualhost *:8080> ServerAdmin you@gmail.com ServerName server-fqdn.com DocumentRoot /var/www/html ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log common </virtualhost> <virtualhost 127.0.0.1:80> ServerAdmin you@gmail.com ServerName 127.0.0.1 ServerAlias localhost DocumentRoot /var/www/html </virtualhost>
In the ServerAdmin lines, insert your email address. Replace 111.112.113.114 with the public IP address of your server. Replace server-fqdn.com with the FQDN assigned for SIP registration access to your PBX. Replace 10.8.0.123 with the OpenVPN private IP address of your PBX. Replace 8080 with the port you chose for FreePBX access to your server. Save the file and then restart Apache: systemctl restart httpd.
Now it should be safe to open TCP port 80 and 8080 (or whatever port you chose) for web access to your server. Let’s also whitelist TCP 2267 for Clearly Anywhere access while we’re at it. On the Debian 10 platform, here are the commands:
cd /etc/iptables sed -i 's/10000:20000 -j ACCEPT/&\\n-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT/' rules.v4 sed -i 's/10000:20000 -j ACCEPT/&\\n-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT/' rules.v4 sed -i 's/10000:20000 -j ACCEPT/&\\n-A INPUT -p tcp -m tcp --dport 2267 -j ACCEPT/' rules.v4 iptables-restart
Be sure to test all three access methods to verify that you haven’t left a security hole.
Keeping FreePBX 15 Modules Current
We strongly recommend that you periodically update all of your FreePBX modules to eliminate bugs and to reduce security vulnerabilities. From the Linux CLI, log into your server as root and issue the following commands:
rm -f /tmp/* fwconsole ma upgradeall fwconsole reload /root/sig-fix systemctl restart apache2 /root/sig-fix
Special Thanks: We want to give an extra special tip of the hat to the VoIP-Info Forum members who assisted in working the kinks out of the Incredible PBX 2021 PUBLIC offering. We also wish to thank JavaPipe LLC for a number of DDOS tips and tricks in securing Linux with IPtables.
Originally published: Monday, December 21, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
A New Day: Introducing Incredible PBX 2021 Beta for Debian
Shifting gears is never easy, and sometimes it takes an ill-advised corporate blunder to move the needle. But IBM’s decimation of the CentOS project last week was just the motivation we needed to begin exploring alternatives for the Incredible PBX project. We are delighted to introduce the beta release of Incredible PBX 2021 for Debian 10 for those with a pioneering spirit that would like to participate in development of this promising new platform.
Before we get started, a few cautionary notes. This is not production-ready software. It’s been in development for less than a week by a single individual. As much as we believe in miracles, this probably is not one of them. Having said that, many talented individuals on the VoIP-Info.org Forum have taken this for a spin and offered numerous suggestions. You, too, can follow our progress and participate. With a little luck, we’ll have a production-ready release before the end of 2020. We’ve successfully built a fully-functional version of Incredible PBX 2021 with on-premise hardware using VirtualBox and VMware ESXi. And we’ve deployed virtual machines at Vultr and Digital Ocean without a hiccup.
For those that would like to roll up your sleeves and contribute to this open source project, here’s how to get started. If you’re using on-premise hardware, begin by downloading the netinst ISO image of Debian 10.7 for amd64. Follow our previous tutorials for tips on installation with VirtualBox or VMware ESXi. If you’d prefer to experiment in the cloud for about a penny an hour, open an account at Vultr or Digital Ocean using our referral links that support the Nerd Vittles project. You’ll also get some free credit to try out the service. Then create a new $5/month Debian 10, 64-bit instance in your favorite city.
Once your Debian 10 platform is up and running, login as root using SSH or Putty and issue the following commands:
wget http://incrediblepbx.com/IncrediblePBX2021.sh chmod +x IncrediblePBX2021.sh ./IncrediblePBX2021.sh
At about 5 minutes into the install procedure, you’ll be prompted for your telephone country code. It’s 1 for Canada and the United States. Just before the install completes, you’ll be prompted to save your default IPtables setup. Once the installation completes, reboot and you should be good to go. For tips on next steps, review the Incredible PBX 2020 CentOS 7 tutorial.
After you log back in following a reboot, check the version of Debian 10 in the pbxstatus display. If it’s less than 10.7, issue the following commands to bring your server up to Debian 10.7. Do NOT do this before the base install is finished, or Asterisk may fail to install properly.
apt-get update apt-get upgrade -y
Next Steps with Incredible PBX 2021
Before you can manage your PBX through a web browser, you first will need to set the admin passwords for FreePBX, Apache web apps such as Reminders and AsteriDex, and AvantFax (if you are using Incredible Fax). These all can be set by logging into your server as root and issuing the following commands: admin-pw-change, apache-pw-change, and avantfax-pw-change. The AvantFax password can also be reset with a browser by first logging in as admin with a password of password.
Outbound mail functionality needs to be working so that you can receive voicemail messages and faxes by email. To prevent SPAM, most ISPs and ITSPs block messages from downstream mail servers. That would be you. The easiest way to resolve this is to configure SendMail using Gmail as an SMTP Smarthost. You obviously need a Gmail account to implement this and, if you have turned on two-factor authentication for your Gmail account, you also will need to obtain an App password for your Gmail account, and use that in lieu of your regular Gmail password when configuring SendMail. With your Gmail username and password in hand, log into your server as root and run: /root/enable-gmail-smarthost-for-sendmail.
If your Incredible PBX 2021 is hosted with a cloud provider, be advised that many providers do not include a swap file as part of their offering. FreePBX requires a swap file. To add one, issue this command after logging into your server as root: /root/create-swapfile-DO.
To correctly set the time on your PBX, run: /root/timezone-setup.
By default, the voicemail password for each of the configured extensions (701-705) is set to the extension number. This means the user will be prompted to set a voicemail password on the first login to voicemail for each extension. A phone must be registered to the actual extension to access its voicemail account. For example, once a phone is registered to extension 701, the voicemail setup can be accessed by dialing *98701.
If you want to send and receive faxes with Incredible PBX 2021, run the following script while logged into your server as root: /root/incrediblefax2020-debian10.sh. When prompted, accept all the defaults. Once the HylaFax and AvantFax components are installed, reboot your server. To send faxes, click on the AvantFax tab in the FreePBX GUI and enter your login credentials (default: admin/password). To receive incoming faxes once you have configured a trunk and DID for your PBX, login to the FreePBX GUI as admin. Navigate to Connectivity -> Inbound Routes. For each of your DIDs on which you wish to receive faxes, select the inbound route and click the Fax tab. Review the Default Inbound Route Fax settings for proper setup.
NOTE: If you get a database error when you attempt to access AvantFax from a web browser, log into your server as root and reinstall the AvantFax database: ./avantfax-db-replace.
Audio Issues with Incredible PBX 2021
If you experience one-way or no audio on some calls, add your external IP address and LAN subnet in the GUI by navigating to Settings -> Asterisk SIP Settings. In the NAT Settings section, click Detect Network Settings. Click Submit and Apply Settings to save your changes.
Adding Incredible PBX 2021 to an OpenVPN Network
We previously have documented the procedure for creating an OpenVPN server as well as OpenVPN client templates (.ovpn). If you need a refresher, the tutorial is here. To add your Incredible PBX 2021 server to an existing OpenVPN network, begin by creating an incrediblepbx2021.ovpn template on your OpenVPN server. Be sure to comment out or delete the setenv line in the template. Then copy this template to /etc on your Incredible PBX 2021 server. Next, issue the following commands to put the remaining pieces in place:
cp -p /root/openvpn-start /etc/. echo "[Unit] Description=openvpn2021 ConditionPathExists=/etc/openvpn-start After=rclocal.service [Service] Type=forking ExecStart=/etc/openvpn-start /etc/incrediblepbx2021.ovpn TimeoutSec=0 StandardOutput=tty RemainAfterExit=yes PermissionsStartOnly=true SysVStartPriority=99 [Install] WantedBy=multi-user.target" > /etc/systemd/system/openvpn2021.service
Finally, enable the new openvpn2021.service and reboot your server. The OpenVPN IP address should now appear on the LAN line in pbxstatus:
systemctl enable openvpn2021.service reboot
Incredible PBX 2021 Administration
We’ve eased the pain of administering your new PBX with a collection of scripts which you will find in the /root folder after logging in with SSH or Putty. Here’s a quick summary of what each of the scripts does.
add-fqdn is used to whitelist a fully-qualified domain name in the firewall. Because Incredible PBX 2021 blocks all traffic from IP addresses that are not whitelisted, this is what you use to authorize an external user for your PBX. The advantage of an FQDN is that you can use a dynamic DNS service to automatically update the IP address associated with an FQDN so that you never lose connectivity.
add-ip is used to whitelist a public IP address in the firewall. See the add-fqdn explanation as to why this matters.
del-acct is used to remove an IP address or FQDN from the firewall’s whitelist.
admin-pw-change is used to set the admin password for access to the FreePBX/Incredible PBX web GUI using a browser pointed to the local IP address of your server.
apache-pw-change is used to set the admin password for access to Apache/Incredible PBX apps including AsteriDex and Reminders. This provides a password layer of protection for access to these applications.
avantfax-email-change is used to change the destination email address for incoming faxes.
avantfax-pw-change is used to change your admin password for the AvantFax web console.
iaxmodem-restart is used to restart the modems used to send and deliver faxes. The pbxstatus display will tell you whether the IAXmodems are down.
incrediblebackup2021 makes a backup of critical components on your PBX to a tarball saved in /backup. This should be copied to safe location off-site for a rainy day.
incrediblerestore2021 restores a backup file which has been copied to the /backup folder.
ipchecker is a script which deciphers the public IP addresses associated with whitelisted FQDNs created with add-fqdn on your server. If any of the addresses have changed, the firewall is restarted after updating the IP addresses. By default, it is executed every 10 minutes by /etc/crontab.
licenses.sh displays the license associated with each of the FreePBX modules on your server.
logos-b-gone removes proprietary artwork from your PBX and is no longer necessary with the included IncrediblePBX FreePBX module.
mime-construct is a command-line utility to send emails with attachments.
neorouter-login is a script to add your PBX to a NeoRouter VPN. Tutorial here.
odbc-gen.sh is a script that was run to generate the ODBC settings for Asterisk. Do NOT use it.
openvpn-start is a script to add your PBX to an existing OpenVPN network using an .ovpn config file. Tutorial here.
pbxstatus displays status of all major components of Incredible PBX 2021.
pptp-install is a script to create a PPTP network connection for your PBX. Tutorial here.
purge-cdr-cel-records removes all CDR and CEL records from the MySQL database.
reset-conference-pins is a script that automatically and randomly resets the user and admin pins for access to the preconfigured conferencing application. Dial C-O-N-F from any registered SIP phone to connect to the conference.
reset-extension-passwords is a script that automatically and randomly resets ALL of the SIP passwords for extensions 701-705. Be careful using this one, or you may disable existing registered phones and cause Fail2Ban to blacklist the IP addresses of those users. HINT: You can place a call to the Ring Group associated with all five extensions by dialing 777.
reset-reminders-pin is a script that automatically and randomly resets the pin required to access the Telephone Reminders application by dialing 123. It’s important to protect this application because a nefarious user could set up a reminder to call a number anywhere in the world assuming your SIP provider’s account was configured to allow such calls.
show-feature-codes is a cheat sheet for all of the feature codes which can be dialed from any registered SIP phone. It documents how powerful a platform Incredible PBX 2021 actually is. A similar listing is available in the GUI at Admin -> Feature Codes.
show-passwords is a script that displays most of the passwords associated with Incredible PBX 2021. This includes SIP extension passwords, voicemail pins, conference pins, telephone reminders pin, and your Anveo Direct outbound calling pin (if configured). Note that voicemail pins are configured by the user of a SIP extension the first time the user accesses the voicemail system by dialing *97.
sig-fix disables Module Signature Checking in the FreePBX GUI. This should not be necessary unless you have added or edited FreePBX Modules with missing module signatures.
sms-skyetel is a script to send SMS messages using a Skyetel trunk.
sms-voip.ms is a script to send SMS messages using a VoIP.ms trunk.
sms-blast, sms-blaster, and sms-dictator are scripts for message blasting. Tutorial here.
switch-to-php5.6 is a script to disable PHP 7.3 and set PHP 5.6 as the default version for your PBX. PHP 5.6 is required to use AvantFax. It is the default configuration for Incredible PBX 2021. The current default PHP version is displayed in the Apache listing of pbxstatus.
switch-to-php7.3 is a script to disable PHP 5.6 and set PHP 7.3 as the default version for your PBX. You cannot use AvantFax when PHP 7.3 is the default.
timezone-setup is a script to set the timezone for your PBX.
update-IncrediblePBX is a script that runs the Automatic Update Utility whenever you login to your server as root. These updates typically resolve bugs and security issues with your PBX. Do NOT remove it.
wolfram is a script to deploy Wolfram Alpha on your PBX. Tutorial here.
Forwarding Calls to Your Cellphone. Keep in mind that inbound calls to your DIDs automatically ring all five SIP extensions, 701-705. The easiest way to also ring your cellphone is to set one of these five extensions to forward incoming calls to your cellphone. After logging into your PBX as root, issue the following command to forward calls from extension 705 to your cellphone: asterisk -rx "database put CF 705 6781234567"
To remove call forwarding: asterisk -rx "database del CF 705"
Keeping FreePBX 15 Modules Current
We strongly recommend that you periodically update all of your FreePBX modules to eliminate bugs and to reduce security vulnerabilities. From the Linux CLI, log into your server as root and issue the following commands:
rm -f /tmp/* fwconsole ma upgradeall fwconsole reload /root/sig-fix systemctl restart apache2 /root/sig-fix
Originally published: Monday, December 14, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Capitalism 101: IBM Castrates CentOS to "Improve" RHEL
If you loved the PC Jr. and New Coke, you’re going to love yesterday’s technology news. Claiming the best of intentions, IBM® cut the 8-year life span of CentOS® 8 to one year after which CentOS will become CentOS Stream, an experimental development platform sandwiched between Fedora® and Red Hat Enterprise Linus®. If you’ve spent the last year or two planning for or deploying CentOS 8, too bad. You can either pay up for RHEL licenses going forward or switch to a new platform. The government-sponsored Scientific Linux project folded into CentOS so that option no longer exists. Oracle Linux® remains an option but, considering Oracle’s track record with MySQL, that might give many organizations pause. For organizations with thousands of CentOS platforms, the remaining alternatives are PAINFUL. Both Debian and Ubuntu would require major software plumbing changes. There’s always a chance that the original CentOS developers will come to the rescue with a new product, but we’re not holding our breath.
So here we are. How does this affect Incredible PBX? As most of you know, we’ve had Incredible PBX 2020 versions for both CentOS 7 and Raspbian 10 for the Raspberry Pi®. There will be no CentOS 8 release of Incredible PBX, but you’ve got four more years of CentOS 7 support unless IBM welches on that commitment as well. Because Raspbian 10 is a derivative of Debian 10, moving forward it makes perfect sense to consolidate onto the Debian 10 platform. And Incredible PBX 2021 will do just that with versions for Debian 10 and Raspbian.
With a little help from Santa, we hope to have a beta release of Incredible PBX 2021 for Debian before the end of this month. Stay tuned. The world will not end.
Originally published: Wednesday, December 9, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Meet Acer Spin 713: A Phenomenal Computer for All Seasons
It’s a portable office. It’s a movie theater. It’s a LAMP server. It’s a desktop PC. It’s a tablet computer. It’s a Chrome browser. It’s an Android platform. It’s a Linux server. And it gets almost 8 years of free software and firmware updates. Meet the $629 Acer Chromebook Spin 713. And, if you hurry, it’s $80 off at Best Buy today.
The checklist of superlatives is almost too lengthy to mention: a touchscreen of unrivaled quality, a 12-hour battery, dongle-free ports galore: HDMI, USB-C, USB 3.0, microSD slot, and headphone jack. While Chromium notebooks began as little more than a Chrome browser, that was then. The 2020 iteration includes complete Android integration as well as a feature-complete Debian 10 virtual machine platform supporting Apache, PHP 7, and the latest MariaDB/MySQL. If movies and television are your thing, Netflix and Sling TV transform the Chromebook into a near perfect viewing platform. As they say, seeing is believing. So here’s a snapshot from an iPhone that captures the quality of the 2256×1504-pixel (3:2 QHD) display. Suffice it to say, the display is as good or better than our $3,000 MacBook Pro’s screen.
Did we mention Best Buy’s $629 price. This 2-in-1 is a steal. It’s $200 below today’s Amazon pricing and is $400 below the closest comparable Chromebook models. Some may recall that we reviewed the System76 Lemur Pro Linux notebook in August and raved about its pricing at $1322, more than double the cost of Acer’s Spin 713. Having used both machines, I can honestly say you lose nothing by choosing the Acer device, and you gain access to the entire Android platform including Google Play as well as Linux. And the Spin 713 converts into a touchscreen tablet simply by flipping the screen. The only downside is, if these machines go on sale for Black Friday, you will be hard-pressed to find one to buy.
Deploying a LAMP Server with a Chromebook
If you pick up one of these bad boys, here’s a quick primer on setting up a LAMP server on the Linux virtual machine. Begin by enabling it in the Settings tab. Next, click on the Linux Terminal option in your Applications. At the Linux prompt, set up a new root user password: sudo passwd root. Switch to the root user account: su root. Now enter these commands:
cd ~ apt update apt upgrade apt install apache2 apache2-utils -y systemctl start apache2 systemctl enable apache2 chown www-data:www-data /var/www/html/ -R apt install mariadb-server mariadb-client -y systemctl start mariadb systemctl enable mariadb mysql_secure_installation apt install php7.3 libapache2-mod-php7.3 php7.3-mysql php-common \\ php7.3-cli php7.3-common php7.3-json php7.3-opcache php7.3-readline \\ php7.3-mbstring php7.3-dev -y systemctl restart apache2 echo "<?php phpinfo(); ?>" > /var/www/html/info.php echo "ip a" > /usr/local/bin/ifconfig chmod +x /usr/local/bin/ifconfig ifconfig | grep "inet "
Make note of your Linux machine’s IP address (last command above) and use a browser to access and verify the PHP info for your server: http://Spin-IP-Address/info.php
In the alternative, use this FQDN: http://penguin.linux.test/info.php
In keeping with their tradition of idiotic obsolescence, the PHP developers dropped support for mysqli in PHP 7 which means the mysql_connect function to interact with MySQL databases fails. Here’s how to restore it:
mkdir /usr mkdir /usr/src apt install build-essential git cd /usr/src git clone https://github.com/wardmundy/pecl-database-mysql mysql --recursive cd mysql phpize ./configure make make install cd /etc/php/7.3/apache2 echo "extension=/usr/lib/php/20180731/mysql.so" >> php.ini systemctl restart apache2
The mysql and mysqli sections will now magically reappear in your phpinfo() listing.
Adding Clearly Anywhere Softphone to the Spin 713
As noted, the Spin 713 also is a fully functional Android platform so adding the Clearly Anywhere softphone is easy. Simply download the software from Google Play. Then run the app and enter your extension credentials and FQDN of Incredible PBX 2020 PUBLIC server.
Adding Linphone Softphone to the Spin 713
Adding the Linphone softphone is equally easy. Simply download the software from Google Play. Then run the app and enter your Linphone SIP credentials with the configuration setup documented in our tutorial. Linphone calls to other Linphone users and to Incredible PBX 2020 PUBLIC users or anyone with a SIP URI worldwide are free.
Installing OpenVPN for Android on the Spin 713
There are several ways to install OpenVPN on the Spin 713 platform. You can use the traditional method we’ve documented for Linux installs; however, you will lose the ability to use OpenVPN IP addresses from your desktop and browser. The better method is to install the OpenVPN for Android client from the Play Store. Next, send yourself an email with the .ovpn file you created for the Chromebook. Open the message using Gmail on the Chromebook and save the received file in your Downloads folder. Open the OpenVPN for Android app on your desktop. Choose the + icon to create a new Profile and select the .ovpn file from Downloads. Once installed, edit the Settings. In the IP and DNS tab, disable No Local Binding. Enable Override DNS Settings and specify 8.8.8.8 and 8.8.4.4 for your DNS servers. Enable PULL Settings.In the ROUTING tab, enable Bypass VPN for Local Networks and Block IPv6. Then Start the VPN Client by clicking on your saved Profile.
Installing Zoom for Debian 10 on the Spin 713
No computer platform would be complete without Zoom. Begin by downloading Zoom for Debian here. In the File Manager (Alt-Shift-m), navigate to your Downloads folder and double-click on zoom_amd64.deb to install the application. Once installed, it will appear in your Linux apps container. Right-click (HINT: tap touchpad with two fingers) on Zoom icon to add Zoom to your Shelf.
Installing phpMyAdmin for PHP 7.3 on the Spin 713
No development platform would be complete without phpMyAdmin. We found an excellent tutorial to get everything set up properly with a few minor changes. Your LAMP platform already is in place so skip down to Step 2 in the tutorial. There’s one important correction in the instructions. Step 4, item 1 should be: sudo mkdir /var/www/html/phpmyadmin. And accessing phpMyAdmin once installed should be: http://Spin-IP-address/phpmyadmin.
Mastering Chromebook Shortcuts on the Spin 713
If you learn no other keyboard shortcut, remember this one: Ctrl + Alt + /. That gets you the entire list of keyboard shortcuts on the Chromebook. These keyboard shortcuts are a bit like memorizing multiplication tables. The sooner you learn them, the happier you will be using your Chromebook. If you’re an avid Linux user, be advised that the Linux virtual machine and the Chromebook desktop share the same clipboard so you can easily copy-and-paste between the two environments. On the desktop, Ctrl-c copies to the clipboard, and Ctrl-v pastes data from the clipboard. In the Linux virtual machine, Ctrl-Shift-C copies to the clipboard, and Ctrl-Shift-V pastes data from the clipboard. Learn a few new shortcuts each time you use your Chromebook. You’ll be amazed how quickly your productivity improves.
Where To Go From Here?
While you’re getting your feet wet, here are some must-have’s for your Spin 713. For openers, feast your eyes on the 4K Nature Videos on YouTube. Prepare to be blown away.
Next, you’ll want a free Office Suite for your Chromebook. Our favorite is WPS Office which provides Microsoft-compatible versions of Word, Excel, Powerpoint and a PDF Viewer/Editor.
For video editing, nothing comes close to PowerDirector. Also check out YouTube Studio.
For photo editing, Adobe Lightroom is the hands-down winner. Google Photos and Snapseed (our personal favorite) are also worth a careful look. Both are free compliments of Google.
For Nerds, check out the Crostini Wiki on Reddit. And master the Crosh terminal commands.
Originally published: Monday, November 16, 2020 Updated: Monday, December 7, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
The Most Important Asterisk Component: It’s the Backups!
You might think Backups are critical in the event of a catastrophic hardware failure. And you’d be right. But there are other equally important reasons to maintain current backups. If you decide to migrate to a new server platform, a current backup makes it a painless exercise. If you need to recover from a FreePBX® module upgrade that hosed your server, a current backup is critical. If you want to migrate to a newer release of Asterisk® or FreePBX, a backup is all that stands in the way of a potential nightmare or days of drudgery.
Depending upon your server platform, there are a number of backup methodologies. The most obvious one is Incredible Backup 16 which was used to build your initial Incredible PBX® 2020 platform. Next is Incredible Backup 2020 which is available on the new Incredible PBX Wiki. A third backup option is the FreePBX Backup & Restore Module which is included in all Incredible PBX 2020 builds. On cloud-based server platforms from CrownCloud, Vultr, and Digital Ocean, there’s a backup or snapshot option built into the platform. On Vultr and Digital Ocean servers, backups are an optional feature for an additional 20% monthly charge. On CrownCloud servers, a free snapshot is included in your $25 annual fee. Other cloud platforms have different backup options. For on-premise virtual machine platforms such as VirtualBox and VMware, there are snapshot and backup options built into the platform. And, of course, there are disk imaging backup options such as Clonezilla, Mondo Rescue and dozens of other Linux backup solutions. Today we want to walk you through which backup alternatives work best depending on platform and the level of protection desired.
Incredible PBX 2020 Backup & Restore
As noted, Incredible PBX 2020 Backup & Restore is the newest release of backup and restore utilities for Incredible PBX 2020 platforms. It’s available for download from the Incredible PBX Wiki. To make a backup, run: /root/incrediblebackup2020. You would typically use it to recover from a catastrophic hardware failure or to migrate your PBX to a new, compatible platform such as moving from CentOS 7 on-premise hardware to a cloud-based CentOS 7 platform or migrating a VirtualBox installation to dedicated hardware. It backs up the entire web directory tree as well as all MySQL databases in addition to Asterisk files that you may have customized. It is well suited for restoration of an Incredible PBX 2020 server setup onto the same operating system platform from which the backup was made. In other words, you wouldn’t use it to restore an Incredible PBX 2020 server from a CentOS 7 platform to a Raspberry Pi platform or vice versa. Before restoring an Incredible PBX 2020 backup, you must first build the new server with the same operating system, Asterisk, and FreePBX versions as the backup image, i.e. a new Incredible PBX 2020 installation for CentOS 7 or Raspbian 10. Next, install the Incredible PBX 2020 Backup & Restore components. Finally, copy your Incredible Backup 2020 image to the /backup folder of the new server and then run: /root/incrediblerestore2020.
FreePBX Backup & Restore Module
The FreePBX Backup & Restore Module is included in all Incredible PBX 2020 servers. It is accessed by logging into the FreePBX GUI as admin and navigating to Admin -> Backup & Restore after creating a Storage Location with Settings -> Filestore. For example, to create a backup directory in /var/spool/asterisk, the Local filestore entries would look like this:
The typical use case would be to recover from a module update scenario that went awry, to migrate from one FreePBX 15 platform to a new one with an incompatible operating system, e.g. to move from a Raspberry Pi to a CentOS 7-based server. It is also useful for upgrading from an Incredible PBX 13-13 platform to Incredible PBX 2020 but, for this to work, you must first remove the OSS Endpoint Manager module on the Incredible PBX 13-13 server.
To restore a FreePBX backup onto a new platform, repeat the steps above to set up the FileStore on the new server. Then copy the backup image from /var/spool/asterisk/backup to your desktop. Next, run the Restore option on the new platform and upload the backup image from your desktop.
Cloud Server Backups & Snapshots
Depending upon your cloud hosting provider, the procedure to create backups and snapshots may differ. The important point to stress is that these backups and snapshots are extremely easy to create but typically are housed in the same network operations center and often on the same server as your PBX. The risks in using these backup and snapshot options as your sole recovery mechanism from a catastrophic failure should be obvious. When combined with an off-site Incredible Backup 2020 image, you’re protected from a NOC catastrophic failure.
VirtualBox Backups & Snapshots
On the VirtualBox platform, you’ll find the Snapshot utility under Machine -> Tools. The other option is a full backup which is accomplished in one of two ways. For an external backup, choose File -> Export. For a backup in place, choose Machine -> Clone. The usual warnings about storing your backup images off-site apply.
VMware ESXi Backups & Snapshots
On the VMware ESXi platform, you’ll find the Snapshot utility under Actions -> Snapshots. To make an external backup, go to Actions -> Export. The usual warnings about storing your backup images off-site apply.
Installing Mondo Rescue for CentOS 7
The Mondo Rescue install for CentOS 7 is dependent upon a repository that is difficult to ascertain to put it charitably. Here is the correct installation procedure for CentOS 7:
cd /etc.yum.repos.d wget ftp://ftp.mondorescue.org/centos/7/x86_64/mondorescue.repo yum install mondo
For the backup and restore process using Mondo Rescue, follow this TecMint tutorial once you complete the install above.
Cloning a Raspberry Pi microSD Card
Our Incredible PBX 2020 for Raspberry Pi tutorial documents the easiest method for backing up your Raspberry Pi. We are repeating it here for completeness.
rpi-clone is a utility that makes it easy to make a bootable image of the microSD card used to start your Raspberry Pi. You’ll need a USB-to-microSD adapter to begin. Insert a backup microSD card large enough to hold all of the data on the primary microSD card (df -h). Insert the USB stick with the card. Identify the backup microSD card, usually sda (fdisk -l). Format the backup microSD card:
mkfs.vfat /dev/sda1 && mkfs.ext4 /dev/sda2. Then issue the following command to clone the primary microSD card: rpi-clone -f sda. Tutorial here.Originally published: Monday, November 23, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Oldie But Goodie: VoIP.ms, The Most Versatile VoIP Provider
We all are fortunate to have an extraordinary selection of options when it comes to VoIP Providers. For redundancy and reliability, nobody quite matches Skyetel. For FreePBX® and SIP phone integration, ClearlyIP is the hands-down winner. And, if you’re searching for the Most Versatile VoIP Provider, look no further than VoIP.ms, now with a $10 signup credit with your first deposit to kick the tires. We are thrilled that all three of these providers are Platinum Sponsors of Nerd Vittles and our open source projects. Here’s our VoIP.ms signup link.
As we have often stressed, the beauty of VoIP is not having to put all your eggs in one basket when it comes to communications. Most of the offerings we write about are free when not in use. So, unlike in the MaBell days, you lose nothing by signing up with multiple providers and enjoying the best of all worlds. Today we want to highlight what makes VoIP.ms extra special.
VoIP.ms Points of Presence
When it comes to Points of Presence (POPs), VoIP.ms covers all the bases. This matters because the closer your VoIP provider is to the physical location of your PBX, the better your calls will be. In the case of VoIP.ms, your choice of POPs is impressive. In the United States, there are multiple POPs in Atlanta, Chicago, Dallas, Denver, Houston, Los Angeles, New York, San Jose, Seattle, Tampa, and Washington, D.C. In Canada, you can choose between multiple POPs in Montreal, Toronto, and Vancouver. For our international friends, there are POPs in Amsterdam, London, Paris, and Sydney.
VoIP.ms DID Options
In addition to free number porting, VoIP.ms has an impressive array of DIDs from which to choose. They offer DIDs in virtually every state, province, and country in the world as well as toll-free and fax numbers in many locations with per minute and unlimited calling options.
Obtaining VoIP.ms SIP URIs
There are now more than 2,000 VoIP networks that support SIP URI access. Using a SIP URI dialing prefix, you can call any of the referenced networks @sipbbroker.com. The beauty of SIP URI calling is the calls typically are free worldwide regardless of duration. There are a number of ways to obtain a SIP URI for your PBX. Perhaps the easiest is to set up the PUBLIC Incredible PBX cloud platform that we previously introduced. Then you can create as many SIP URIs as you like, and they can be used to perform any task that’s available with Asterisk®. If you’re not quite ready to make that leap, virtual SIP URIs are available from VoIP.ms for 25¢ a month. SIP URIs are treated just like DIDs with incoming calls billed at ⅒¢ per minute.
VoIP.ms Incoming Call Routing
For call routing, the options are equally impressive. In fact, you may decide you don’t need a PBX at all. VoIP.ms supports SIP and IAX2 trunk registrations using credentials or IP address, a customizable IVR, a call queue, conferencing, call forwarding, SIP URI forwarding, call hunting, ring groups, callback, DISA, custom music on hold, voicemail transcription, and impressive call failover options for each of the following conditions: busy, unreachable, and unanswered calls. You can also perform CNAM lookups on incoming calls as well as setting the ring time, customizing each DID’s voicemail setup, and choosing whether to record calls.
VoIP.ms Outbound Call Pricing
No article would be complete without some mention of pricing. VoIP.ms is not the cheapest provider on the planet. But, as the old saying goes, you get what you pay for. Calls to toll-free numbers are free. While that may seem obvious, it is the exception rather than the rule in the VoIP world. Calls to US-48 destinations are a penny a minute and are billed in six second increments. Calls to most Canadian destinations are about a half-cent per minute. Calls to Mexico are just over a penny a minute billed in one minute increments. International calls vary based upon destination and latest published rates. International calls are blocked unless you enable them, and you can choose the countries you wish to enable as well as a dollar limit.
VoIP.ms Messaging Services
One of our favorite VoIP.ms features is the variety of SMS and MMS messaging options they provide. Virtually all of their DIDs now support messaging. With incoming messages, you have the choice of routing the message to an email address, another SMS destination, the VoIP.ms Message Portal, an SMS URL callback destination, and now an SMS SIP account. Our tutorial below sets up SMS SIP messaging with Incredible PBX® 2020 or 2021. You then can send quick messages in response to incoming calls on your Clearly Anywhere softphone.
Configuring VoIP.ms for SMS SIP Messaging
Prerequisites: DID supports messaging, SMS SIP messaging enabled on the DID
First, create an Asterisk SubAccount using the SIP protocol with User/Password Authentication. In the Security section, enter the public IP address of your PBX, and Save your Settings. Next, acquire a DID in the VoIP.ms portal. Then choose the Manage DIDs option and edit your DID configuration. For Call Routing, select the SIP/IAX option and pick your SubAccount. Choose a DID POP near your PBX location. In the Message Service section, enable SMS SIP Account and pick your SubAccount. Then Apply Changes.
Configuring Incredible PBX for SIP Messaging
Prerequisites: PJsip VoIP.ms Trunk, PJsip Extension for SMS, sms-in and sms-out Contexts
Both PJsip Trunks and PJsip Extensions in FreePBX now support a Messages Context option in the Advanced tab of the setup GUI. Using the sms-in and sms-out contexts documented below, FreePBX now can process incoming and outgoing SMS messages. A typical use case in the Incredible PBX 2020 would be to quickly respond to an incoming call to the Clearly Anywhere app on your smartphone to indicate that you were in the midst of another call and would return the caller’s call. It is anything but a robust SMS messaging application for your smartphone, but it is a welcome addition for many mobile users that have to juggle both cellphone calls and office calls forwarded from a PBX to your smartphone. VoIP.ms has developed an excellent SMS Management Portal that is included in the VoIP.ms Dashboard. It allows you to read, respond, and manage SMS messages sent to your VoIP.ms DIDs.
Once you have completed the necessary setup steps on the VoIP.ms side, there are three steps to activate SMS SIP messaging with Incredible PBX: (1) create and register your VoIP.ms PJsip Trunk, (2) create and configure a PJsip extension to receive incoming calls and SMS messages, (3) add the sms-in and sms-out contexts to extensions_custom.conf dialplan.
(1) Create a PJsip Trunk for VoIP.ms in FreePBX to process calls and SMS messages:
In the PJsip Settings tab, fill out the General tab. The Username will be your VoIP.ms account number followed by an underscore and then the name of the SubAccount you created above, e.g. 12345_mypbx. The Password will be the password you assigned to your VoIP.ms SubAccount. For SIP Server, enter VoIP.ms POP assigned to your DID, e.g. atlanta1.voip.ms. Accept the remaining defaults in the General tab. Click on the Advanced tab and scroll down to Message Context and enter sms-in. Click Submit and Reload your Dialplan.
(2) Next create a PJsip Extension in the FreePBX portal. This will be used to process calls and send SIP messages. NOTE: Incredible PBX ships with a number of chan_sip extensions preconfigured. Do NOT use these. You need to create a PJsip extension. The General tab should look something like this:
Click on the Advanced tab and scroll down to Max Contacts and enter a number that is one more than twice the number of phones that will be connected simultaneously to this extension. For example, if you have 3 smartphones connecting to this extension, enter 7. Scroll down to Message Context and enter sms-out. Click Submit and Reload your Dialplan.
(3) Finally, cut-and-paste the following code into the bottom of extensions_custom.conf in the /etc/asterisk directory:
[sms-out]
exten => _.,1,NoOp(Outbound Message dialplan invoked)
exten => _.,n,NoOp(To ${MESSAGE(to)})
exten => _.,n,NoOp(From ${MESSAGE(from)})
exten => _.,n,NoOp(Body ${MESSAGE(body)})
;
; add your VoIPms info in the next 3 lines
exten => _.,n,Set(VOIPMS_ACCOUNT="123456_subacct")
exten => _.,n,Set(VOIPMS_POP="atlanta.voip.ms")
exten => _.,n,Set(VOIPMS_TRUNK="VoIPms-PJsip") ; actual VoIP.ms trunk in FreePBX
;
exten => _.,n,Set(NUMBER_TO=${CUT(CUT(MESSAGE(to),@,1),:,2)})
exten => _.,n,Set(EXTENSION_FROM=${CUT(CUT(MESSAGE(from),@,1),:,2)})
;
; Now map your sending extensions EXTENSION_FROM to corresponding DIDs NUMBER_FROM
exten => _.,n,Set(CASE_701=6005550101) ; ext 701 msgs originate from 6005550101
exten => _.,n,Set(CASE_702=6005550102) ; ext 702 msgs originate from 6005550102
exten => _.,n,Set(CASE_703=6005550101) ; ext 703 msgs originate from 6005550101
;
exten => _.,n,Set(NUMBER_FROM=${CASE_${EXTENSION_FROM}})
exten => _.,n,Set(ACTUAL_FROM="${NUMBER_FROM}" )
exten => _.,n,Set(ACTUAL_TO=pjsip:${VOIPMS_TRUNK}/sip:${NUMBER_TO}@${VOIPMS_POP})
exten => _.,n,MessageSend(${ACTUAL_TO},${ACTUAL_FROM})
exten => _.,n,NoOp(Send status is ${MESSAGE_SEND_STATUS})
exten => _.,n,Hangup()
;-------------------------------------------------------------------------
[sms-in]
exten => _.,1,NoOp(Inbound SMS dialplan invoked)
exten => _.,n,NoOp(To ${MESSAGE(to)})
exten => _.,n,NoOp(From ${MESSAGE(from)})
exten => _.,n,NoOp(Body ${MESSAGE(body)})
;
; enter your default incoming SMS extension below
; if you want SMS messages delivered to multiple extensions,
; clone additional MessageSend lines below with extension numbers
exten => _.,n,Set(EXTENSION=701)
;
exten => _.,n,Set(ACTUAL_FROM=${MESSAGE(from)})
exten => _.,n,Set(HOST_TO=${CUT(MESSAGE(to),@,2)})
exten => _.,n,Set(NUMBER_TO=${MESSAGE_DATA(X-SMS-To)})
exten => _.,n,MessageSend(pjsip:${EXTENSION}@${HOST_TO},${ACTUAL_FROM})
exten => _.,n,NoOp(Send status is ${MESSAGE_SEND_STATUS})
exten => _.,n,Hangup()
;-------------------------------------------------------------------------
In the pasted [sms-out] context, insert your actual VOIPMS_ACCOUNT, VOIPMS_POP, and VOIPMS_TRUNK name in the lines provided. Then map each extension from which you wish to send SMS messages to a VoIP.ms DID on your PBX in the lines provided. In the pasted [sms-in] context, enter the EXTENSION number which should receive incoming messages from the PJsip trunk in which you designated [sms-in] as the Message Context. There is no magic to the [sms-in] context name. If you have more than one PJsip trunk, simply create additional incoming contexts (such as [sms-in-2]) for each additional trunk and clone the [sms-in] code designating the desired extension to receive incoming messages from each DID. For the [sms-out] context, it can be used as the Message Context for multiple extensions that should be enabled to send outbound SMS messages.
Save the file, and reload the Asterisk dialplan: asterisk -rx "dialplan reload"
Once all the pieces are in place, SMS messages sent to your VoIP.ms DID will be delivered to the FreePBX trunk registered to the SMS SIP destination specified in your VoIP.ms DID setup. And here’s one more tip. If you happen to have a Yealink T46G (not T48G) or a Grandstream GXV phone that is also registered to that extension, the messages will also pop up on your desktop phone with an alert tone. On Grandstream GXV Android phones, we recommend dragging the SMS app to the main screen so that the incoming message count appears beside the SMS icon when new messages are received.
Our special thanks and much of the credit for this SMS/SIP solution for Asterisk goes to Stepan Novotill and the participants in this thread on the VoIP-Info Forum.
Signing Up for VoIP.ms Service
Please consider using the Nerd Vittles referral link should you decide to sign up for VoIP.ms services. These referral commissions help to defray the costs of maintaining Nerd Vittles and the Incredible PBX open source project. Many thanks.
Originally published: Monday, October 12, 2020 Updated: Saturday, August 28, 2021
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Deploying an Incredible PBX 2020 PUBLIC Server
With the almost overnight popularity of the new Clearly Anywhere softphone which provides Incredible PBX connectivity from virtually anywhere, we wanted to revisit our Incredible PBX 2020 PUBLIC tutorial to document some additional tips and tricks. And, because softphones need connectivity on both cellular networks and using Wi-Fi with dynamic IP addresses in multiple locations, exclusive whitelist-based access to Incredible PBX simply was no longer feasible. Additionally, due to Clearly Anywhere’s tight integration with the FreePBX® User Control Panel (UCP), remote access to UCP for mobile users has become more important particularly with the new QR Code auto-configuration option for Clearly Anywhere clients.
Safely deploying a public-facing Asterisk® server with full FreePBX functionality has become the Holy Grail for Nerd Vittles in 2019. Today we tackle it on the new Incredible PBX® 2020 platform featuring the latest releases of Asterisk 16 and FreePBX 15. The icing on today’s cake is an additional offer from Skyetel that supplements the current Nerd Vittles BOGO offer of up to $500 in half-priced VoIP services. Skyetel now starts you off with a $10 credit just for opening an account here. Then, after you have had an opportunity to kick the tires and perhaps purchase a DID for a buck, you can make $9 worth of phone calls before deciding whether to take advantage of the BOGO special by making a purchase of up to $250 and having Skyetel match your contribution. Once you have funded your account, you then can also take advantage of Skyetel’s free number porting offer for the next 60 days. To get your $10 credit, just open a ticket and request the $10 Nerd Vittles credit once you’ve signed up. To get the Nerd Vittles BOGO price match and take advantage of free number porting, simply open another ticket once you have added up to $250 to your account. Effective 10/1/2023, $25/month minimum spend required.
Making the Case for a Public-Facing PBX
We’ve had some of our pioneers trying out the Incredible PBX PUBLIC implementations for almost a year. Early on, the first question we got was why anyone would want to do this. After all, PBX in a Flash 3 and Incredible PBX for the better part of a decade have been deployed with a whitelist using the Travelin’ Man 3 firewall, and there’s never been a security issue. So why switch horses now? The short answer is mobile users with dynamic IP addresses. If all the users of your PBX are sitting behind the same NAT-based router with static IP addresses, the Travelin’ Man 3 design is perfect. The bad guys could never even see your server. But if some of your users either reside or travel outside your home base or if you want calls to follow you on your smartphone with Clearly Anywhere when you leave home or the office, then Travelin’ Man 3 blocked SIP access from these remote phones until their new IP addresses were whitelisted. Multiply this by dozens or hundreds of users, and network management suddenly became a full-time job. Yes, we’ve had tools such as dynamic DNS and PortKnocker to ease the pain, but it still was a knuckle-drill for mobile users. And, in today’s Covid world, much of the workforce is quickly morphing into mobile users without a traditional desk at any office. What we were also beginning to see were homegrown "improvements" to the IPtables firewall where users that didn’t appreciate the risks were exposing their servers to SIP attacks simply to ease the pain of connecting remotely.
The world also is becoming more SIP savvy. Just as folks are learning that a $35 antenna can provide an awesome collection of 4K Ultra HD TV channels without the expense of a monthly cable bill, others are learning that a SIP telephone or softphone app on your smartphone can provide free calls to and from anybody with a SIP URI without sharing your communications with Facebook or Microsoft. A public-facing PBX makes free worldwide SIP calling a reality.
Building the Base Platform for Incredible PBX PUBLIC
To get started today, begin by installing Incredible PBX 2020 using our latest tutorial. We strongly recommend a cloud-based KVM platform with a static IP address on the public Internet. We’ve even built an Incredible PBX 2020 image for our friends at CrownCloud. You won’t beat their pricing of $25/year which is about the same expense you will incur for electricity hosting your own server on premise. And you even get a snapshot backup at no additional cost.
Once you have set up your Incredible PBX 2020 server, the next step is to assign one or two fully-qualified domain names (FQDNs) to your server. You can have one FQDN for registering SIP extensions and a different one for anonymous SIP (invites) access to your server, or you can use the same FQDN for both. Security through obscurity provides an extra layer of protection for your server so choose your FQDNs carefully. sip.yourname.com provides almost no protection while f246g.yourname.com pretty much assures that nobody is going to guess your domain name. This is particularly important with the FQDN for SIP registrations because registered extensions on your PBX can obviously make phone calls that cost money. If you don’t have your own domain, you can always obtain a free FQDN from a service such as NoIP.com.
By default, Incredible PBX 2020 configures five extensions (701-705) and a Ring Group for those extensions (777) as well as four trunks. With Skyetel, your PBX is ready to make and receive calls as soon as you sign up. With the other three trunk providers, you only need to enable the trunk. You can add as many additional providers and extensions as you like and modify the ring group to meet your needs. To get started, be sure to configure the correct time zone for your server as this affects delivery of reminders. Run /root/timezone-setup. Next, set a secure password for admin access to the FreePBX GUI modules. Run /root/admin-pw-change. Then set a secure password for admin access to web applications such as AsteriDex, Reminders, and User Control Panel. Run /root/apache-pw-change. In addition to reviewing your extensions and ring group, review the default inbound route and choose the destination for the incoming calls from your provider. Finally, configure the outbound route to use the provider sequence desired. By default, it uses Skyetel for outbound calls.
If you plan to use Clearly Anywhere, you’ll need to add at least one PJsip extension on your PBX. Simply navigate to Applications -> Extensions in the FreePBX GUI. Choose Add Extension -> Add PJsip Extension. In the General tab, insert an extension number in User Extension and Display Name, e.g. 707. In the Advanced tab, set Max Contacts to 11 which will let you connect up to 5 Clearly Anywhere softphones to the extension. Click Submit and Reload Dialplan when prompted. Go back into the new extension and make note of your new credentials for User Manager. You’ll need these for Clearly Anywhere. Remember to also add the PJsip extension to the Inbound Route for your incoming calls.
Going Public with Incredible PBX 2020
Once you’ve tested making and receiving calls with your new server, you’re ready to convert it into a public-facing PBX. Before proceeding, remove any whitelist entries you’ve added using add-ip and add-fqdn by running del-acct. These can be added back after the GO-PUBLIC-2020 install script is run. In order to run the install script below, you’ll need your FQDNs that you chose above, plus a port number for future SSH/Putty access to your server, plus a list of the extensions you wish to make available for public access to your PBX. These whitelisted extensions can be reached via SIP URI from anywhere in the world by anybody. It works just like your old MaBell phone. Anybody, anywhere can dial your number. What’s changed is now the calls are free. So choose your list carefully. We recommend using the year you were born for your SSH port to keep things simple for you. Once the GO-PUBLIC-2020 script has been run, you can only access your PBX via SSH/Putty at the new port, for example: ssh -p 1990 root@yourFQDN.com
Now we’re ready to run the install script. It takes less than a minute. Before you begin, log out of ALL SIP extensions you have previously registered with Incredible PBX 2020 and change the server destination from an IP address to the FQDN you plan to assign to SIP registrations. Otherwise, these IP addresses will get banned while the install script is running below!
cd /root wget http://incrediblepbx.com/go-public-2020.tar.gz tar zxvf go-public-2020.tar.gz rm -f go-public-2020.tar.gz ./GO-PUBLIC-2020
A Few Words About Incredible PBX PUBLIC Security
As with all Incredible PBX servers, Incredible PBX 2020-PUBLIC includes the Automatic Update Utility. Please don’t disable it. It’s our only way to push updates to you if some vulnerability is discovered down the road. It gets run whenever you login to your server as root using SSH/Putty. Do so regularly and follow us on Twitter for security alerts. There’s also an Incredible PBX RSS Feed that is displayed when you login to the Incredible PBX GUI with a browser. It, too, includes security alerts and should be checked regularly. It’s your phone bill.
Incredible PBX 2020-PUBLIC uses the ipset utility in conjunction with the IPtables firewall to block several countries that have inordinately high concentrations of folks that try to break into VoIP servers. In addition, your public PBX includes the VoIP Blacklist which includes another 100,000 bad guys from around the globe. These blacklists get updated every night by a script which is run from /etc/crontab. For your own safety, don’t disable or delete /etc/update-voipbl.sh or the other components upon which it relies.
Here are some other things you should do regularly to assure that your server remains secure. Login via SSH/Putty as root and check pbxstatus after the Automatic Update Utility is run. With the exception of the fax components, all the other items should be green all the time. From the Linux CLI, run: iptables -nL. This will show your firewall rules and whether any IP addresses have been banned by Fail2Ban. If there are banned IP addresses that are not your own, please open a thread on the VoIP-Info Forum and let us know about it. If there are dozens of banned IP addresses, shutdown your server immediately until the problem is identified and resolved. If the IP addresses happen to be your own users because of using incorrect passwords or because of using a server IP address instead of its FQDN for SIP registrations, unban the IP address:
fail2ban-client set asterisk unbanip xxx.xxx.xxx.xxx
Finally, watch the Asterisk CLI periodically for abnormal activity: asterisk -rvvvvvvvvvv
Tightening Up SSH Server Access
You obviously need a very secure root password for access to your server using SSH/Putty. Changing the TCP port for SSH access avoids the script kiddies, but it doesn’t offer much protection from a determined cracker. SSH login attempts are monitored by Fail2Ban, but Fail2Ban has issues when a determined intruder is using a powerful computing platform such as Amazon EC2. The more prudent solution is to disable SSH port access and use SSH Public Key Authentication as documented in the linked tutorial. Always, always use ssh-copy-id to copy your credentials to more than one desktop machine so that you don’t inadvertently lock yourself out of your PBX in the case of a hardware failure.
Web Access to Incredible PBX 2020 PUBLIC
By default, web access to all apps including FreePBX, UCP, AvantFax, AsteriDex, and Reminders is limited to whitelisted IP addresses. For some implementations, particularly those using Clearly Anywhere, this may not be ideal as UCP can assist with user management of the PBX as well as QR code provisioning of Clearly Anywhere. The Apache web server can be used to manage web access so long as you understand the need to apply Apache security patches in a timely manner.
Assign the same FQDN that you use for SIP access to port 80 for the UCP application. Deploy OpenVPN on your server and use the PBX’s OpenVPN IP address for general access to all web applications we listed above. If you’d like public access to the FreePBX GUI, assign web access for it to another random port, e.g. 8080 in our example below. Block web access to your server from the public IP address of your PBX on both port 80 and 8080 in our example below. Here’s how to accomplish that. Create a new file in /etc/pbx/httpdconf. Create public.conf with the following contents:
Listen 8080 <virtualhost *:80> ServerAdmin you@gmail.com ServerName 111.112.113.114 Redirect 403 / UseCanonicalName Off UserDir disabled </virtualhost> <virtualhost *:8080> ServerAdmin you@gmail.com ServerName 111.112.113.114 Redirect 403 / UseCanonicalName Off UserDir disabled </virtualhost> <virtualhost *:80> ServerAdmin you@gmail.com ServerName server-fqdn.com DocumentRoot /var/www/html/ucp ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log common </virtualhost> <virtualhost *:80> ServerAdmin you@gmail.com ServerName 10.8.0.123 DocumentRoot /var/www/html ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log common </virtualhost> <virtualhost *:8080> ServerAdmin you@gmail.com ServerName server-fqdn.com DocumentRoot /var/www/html ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log common </virtualhost> <virtualhost 127.0.0.1:80> ServerAdmin you@gmail.com ServerName 127.0.0.1 ServerAlias localhost DocumentRoot /var/www/html </virtualhost>
In the ServerAdmin lines, insert your email address. Replace 111.112.113.114 with the public IP address of your server. Replace server-fqdn.com with the FQDN assigned for SIP registration access to your PBX. Replace 10.8.0.123 with the OpenVPN private IP address of your PBX. Replace 8080 with the port you chose for FreePBX access to your server. Save the file and then restart Apache: systemctl restart httpd.
Now it should be safe to open TCP port 80 and 8080 (or whatever port you chose) for web access to your server. Let’s also whitelist TCP 2267 for Clearly Anywhere access while we’re at it:
cd /etc/sysconfig sed -i 's/10000:20000 -j ACCEPT/&\\n-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT/' iptables sed -i 's/10000:20000 -j ACCEPT/&\\n-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT/' iptables sed -i 's/10000:20000 -j ACCEPT/&\\n-A INPUT -p tcp -m tcp --dport 2267 -j ACCEPT/' iptables iptables-restart
Be sure to test all three access methods to verify that you haven’t left a security hole.
Keeping FreePBX 15 Modules Current
We strongly recommend that you periodically update all of your FreePBX modules to eliminate bugs and to reduce security vulnerabilities. From the Linux CLI, log into your server as root and issue the following commands:
rm -f /tmp/* fwconsole ma upgradeall fwconsole reload /root/sig-fix systemctl restart apache2 /root/sig-fix
Special Thanks: We want to give an extra special tip of the hat to the VoIP-Info Forum members who assisted in working the kinks out of the Incredible PBX PUBLIC offering. We also wish to thank JavaPipe LLC for a number of DDOS tips and tricks in securing CentOS 7 with IPtables.
Originally published: Monday, December 30, 2019 Updated: Monday, September 28. 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Harnessing the Cloud to Start An Incredible PBX Business
If you’ve ever wanted to start your own VoIP business and earn some big bucks through consulting and hosting cloud-based PBXs, now’s your chance. One of the requests we often receive from those that deploy Incredible PBX 2020® for a living is a quicker way to produce new Incredible PBX servers on cloud platforms such as Vultr and Digital Ocean while also preserving Incredible PBX’s unique ability to upgrade source components for Asterisk® and FreePBX®. For small businesses, these cloud providers offer a perfect $5 a month platform for Incredible PBX. You can mark it up to $10 or $15 a month and make a handsome 100% to 200% profit without lifting a finger as a VoIP consultant. And Vultr and Digital Ocean will spot you a $100 credit to get the ball rolling.
Today’s solution was especially designed for those that would like to host virtual machines for customers in your own cloud account. It would work equally well for anyone wanting a quick way to create multiple Incredible PBX platforms in 5 minutes for friends and neighbors.
To begin, you’ll need to create a master image of Incredible PBX 2020 on the cloud platform of your choice using the recommended $5/month platform with CentOS 7. The July 1, 2020 or later tarball of Incredible PBX 2020 is required. Here are the Five Easy Steps:
1. Create the base Incredible PBX 2020 platform in the traditional way:
# create a secure root password to hand out to future customers passwd yum -y update yum -y install net-tools nano wget tar cd /root wget http://incrediblepbx.com/incrediblepbx2020.1.tar.gz tar zxvf incrediblepbx2020.1.tar.gz rm -f incrediblepbx2020.1.tar.gz # to add swap file on non-OpenVZ cloud platforms with no swap file ./create-swapfile-DO # kick off Phase I install ./IncrediblePBX2020.sh # after reboot, kick off Phase II install ./IncrediblePBX2020.sh # set desired timezone ./timezone-setup # optionally install Incredible Fax 2020 ./incrediblefax2020.sh
2. Once you complete the Phase I and Phase II installs and optionally install Incredible Fax, log out of your server and log back in so that the Automatic Update Utility can do its thing.
3. Next, we need to configure your master image so that it can be replicated using a simple image snapshot. A snapshot is free on the Vultr platform and will cost you about $5 a month with Digital Ocean. While still logged into your server as root, issue the following commands and then shut down your server gracefully:
cd /etc/sysconfig cp -p rules.v4.tm3 iptables sed -i 's|#-A|-A|' iptables touch /etc/update_hostconfig touch /etc/update_serverconfig halt
4. Once your server has halted, create a snapshot image of the server from Vultr or Digital Ocean dashboard. You do NOT need to preserve your Master VM once the snapshot is created.
5. Create a new virtual machine but, instead of choosing CentOS 7 as the base platform, choose the snapshot image built in the previous step. Once the 5-minute install completes, it’s ready for handover to a new customer by providing the root password from the Master Image together with the IP address of the new virtual machine.
When the new customer logs in via SSH using the root password from the Master Image, the Incredible PBX reconfiguration script will complete the setup of the new platform in a couple minutes prompting the user to change all of the passwords, resetting the ports for PortKnocker, and reconfiguring the firewall by whitelisting the customer’s IP addresses. If the build includes Incredible Fax, the customer should be instructed to change the AvantFax password. Run: /root/avantfax-pw-change. If the customer is in a different time zone, the customer should run /root/timezone-setup. Whooda thunk making money could be this easy.
The real beauty of this design is that you keep control of all the virtual machines you create. If a customer fails to pay, it’s easy to either shut down their VM or even delete it. You also can schedule automatic backups for the customer while recovering the extra $1 per month charge from the provider. In addition, if the customer ever needs hands-on support, you can use the Console link in the Dashboard without the need to whitelist your IP address. The customer still retains full control over the root password which would have to be provided.
Originally published: Monday, July 27, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Free Asterisk Solutions
