The Most Versatile VoIP Provider: FREE PORTING

Asterisk Virtual PBX Perfection: PiaF + Proxmox, Part II

Taming the OpenVZ beast to support Asterisk® virtualization has been interesting. Reminds me of laying track in front of a steaming locomotive. The demand for a solid, stable Asterisk-based Virtual PBX is overwhelming based upon the visitor count we've recorded. So we wanted to get it right! If you haven't visited the original article in a few days or if you've just landed here, start there. Then come back.

Security WARNING: Always run Proxmox behind a secure, hardware-based firewall with no port exposure to the Internet. Review this message thread for the reasons why.

If you're new to the virtualization world, the beauty of OpenVZ templates running on a Proxmox VE server is that you can create a fully-functional PBX in a Flash system in just under 15 seconds. If you want a dozen fully functional PBXs, the creation time jumps to a whopping 3 minutes. And OpenVZ images load almost instantly with a choice of either dynamic or static IP addresses. Add another 5 minutes to run the new Orgasmatron V installer, and you've got a turnkey, state-of-the-art PBX with dozens of preconfigured Asterisk applications plus free calling in the U.S. and Canada courtesy of Google Voice.

For normal PBX operations, last week's 32-bit PBX in a Flash OpenVZ template was just about perfect. But there were two wrinkles. First, conferencing didn't work because there was no timing source (aka Zaptel/DAHDI). You'll recall that both Zaptel and DAHDI are tied to the Linux kernel. And, with OpenVZ templates, the kernel lives on the Proxmox server. Because Proxmox is a 64-bit native application, its kernel wasn't accessible to 32-bit apps such as last week's template. Second, there's a Denial of Service security issue with the version of IAX2 installed in the default build of PBX in a Flash which you already know about if you've been following us on Twitter or if you subscribe to the PIAF RSS Feed.

So we had our work cut out for us this week. We wanted to kill two birds with one stone by delivering a 64-bit version of PBX in a Flash with conferencing support that also addressed the IAX2 security issue. The nice part of IAX is that you really only need to expose the IAX port through your firewall on one server. Then all of your remaining servers can register to the new safe server (using any version of Asterisk) while remaining safely ensconced behind hardware- based firewalls to avoid DOS attacks.

Overview. There are five pieces to this week's puzzle. First, you need a functioning Proxmox VE 1.3 server. Second, you need to install the new 64-bit PBX in a Flash OpenVZ template on your Proxmox server. Third, you need to create at least one OpenVZ virtual machine (VM) using the new PIAF 64-bit template. Fourth, you need to install and activate DAHDI on your Proxmox server. And finally, you need to enable DAHDI on each of the virtual machines created in step #3.

Installing Proxmox. We're assuming you've already purchased an appropriate hardware platform for Proxmox and have your Proxmox VE 1.3 server up and running. If not, start with last week's article. Be sure to read the footnotes to make certain you purchase hardware that actually can run Proxmox! NOTE: The new Proxmox VE 1.4 beta does not yet have all of the tools necessary to enable conferencing so make certain you install the current 1.3 release.

Installing PIAF 64-bit OpenVZ Template. Using a web browser, download the new PBX in a Flash 64-bit OpenVZ template to your Desktop. Our special thanks to Wolf Paul for his continuing help in teaching us how to build these templates. Once you have the OpenVZ template in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF 64-bit OpenVZ template on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. And, as Joe Roper has pointed out, you can do this directly within the Proxmox server by logging in as root and issuing the following commands.

cd /var/lib/vz/template/cache/
wget http://nerd.bz/dnlkWr


Creating a PIAF 64-bit Virtual Machine. Now you're ready to create your 64-bit virtual machine. Click on Virtual Machines and then the Create tab. Accept the default OpenVZ Container type. For the Template, choose centos-5.0-pbxinaflash_1.4.0-3_x86_64. Now give your virtual machine a host name that will help you distinguish it from other VMs on your Proxmox server. Create a secure root password for your new VM. We recommend a minimum memory and swap memory size of 512MB and a minimum disk size of 20GB. You can experiment with these to find the best fit on your server. It only takes about 15 seconds to create an OpenVZ virtual machine so trial-and-error isn't painful.

You have a choice of Network Types. With Virtual Networks (venet), you need to designate a static IP for your virtual machine. With Bridged Ethernet (veth), an IP address is assigned by your DHCP server. Be aware that our status app currently won't display venet-assigned IP addresses, but ifconfig will. There are some other significant differences including network security that you may wish to review. To keep things simple, choose Bridged Ethernet as shown in the screen shot above. As mentioned, we'll depend upon your DHCP server to assign a dynamic IP address. You can lock it down on your router to assure that the same IP address always is assigned to this virtual machine. Finally, provide a DNS domain for the new VM and assign at least one DNS server. The IP of your gateway router/firewall usually will suffice. Click create when you have filled in all the blanks.

To start the OpenVZ virtual machine, click on the List tab. Then click on the 64-bit VM you wish to run. When the details display, click the Start button. Within a couple seconds, your VM will start up. Now click on the Open VNC Console link which provides you a command line interface to the now running virtual machine. Type ifconfig several times until you get a display showing your network interfaces. If no IP address is shown for eth0, type: service network restart. You only need to do this the first time your new virtual machine is started. Once the network reloads, you should be good to go. Type status and the IP address of your new VM should display.

Before you do anything else, change the web passwords for your virtual machine to something that is really secure. Just type passwd-master and answer the prompts. You now can close the VNC window after writing down the IP address and VM ID of your new virtual machine.

NOTE: Unlike the 32-bit version from last week, it is not necessary to generate new SSH server keys for PIAF 64-bit virtual machines. These will be generated automatically the first time you start up the VM.

Installing DAHDI on the Proxmox Server. At the outset, we want to express our deep appreciation to Joe Roper, one of the founders of the PBX in a Flash project, for his work in putting together a simple script to install and activate DAHDI on the Proxmox server. In addition, the script spawns another script which makes it easy to activate DAHDI for any PIAF 64-bit virtual machines desired. For our European friends that ever have the need for an Asterisk consultant, you can do no better than Joe Roper. Thanks, Joe!

To begin, log into your Proxmox server as root and issue the following commands:

cd /root
wget http://nerd.bz/dahdi
apt-get -y update
apt-get -y install zip
unzip install-dahdi.zip
rm install-dahdi.zip
chmod +x install-dahdi.sh
./install-dahdi.sh

Activating DAHDI for Designated Virtual Machines. By default, DAHDI is not activated on any of the virtual machines you create. To activate it and enable conferencing, log into your Proxmox server as root and issue the following command: pabx-enable-conference. When prompted to enter the VM ID of the virtual machine to be activated, type in the number (e.g. 101) and press Enter. After activation is complete, use a web browser to access the Proxmox GUI. Start up the virtual machine if it is not already running. Then, either log into the VM with SSH as root or choose Open VNC Console. From the CLI, type amportal restart to reload Asterisk. Once you have created at least one extension and one conference using the FreePBX GUI, you should be able to dial into the conference successfully. If you get an error about a missing TUN device, see comment #1 below for the fix. Enjoy!


Article of the Week. Justin West's Free Homebrew VoIP with Google Voice and Intel Atom


Enhanced Google Maps. In case you haven't noticed, we've added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We'll show you how to add something similar to any LAMP-based Linux system in coming weeks. It's a powerful technology that has enormous potential. If you're unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

Asterisk Virtualization: PiaF + Proxmox, It Just Works

We've invested weeks and months over the years wrestling with virtualization technologies searching for the perfect fit for the Asterisk® PBX platform and especially for the turnkey solutions provided by PBX in a Flash and our latest Orgasmatron V installer. Why virtualization you might be asking? As with most computer applications, it comes down to flexibility and, of course, cost savings.

For the latest article on PBX in a Flash 2 with OpenVZ, follow this link.

In the flexibility department, VoIP virtualization lets you choose options such as Cloud Computing and hosted solutions from various providers. It also provides a terrific training platform as well as your own managed Cloud Computing solution. You can build and host a dozen or more virtual Asterisk systems on a single $500 to $1,000 server and have a transportable solution ready to deploy in a couple of hours. And then there are those of us in the technology business that need to test all sorts of new operating systems and applications without having to dedicate a standalone machine to each experiment.

Security WARNING: Always run Proxmox behind a secure, hardware-based firewall with no port exposure to the Internet. Review this message thread for the reasons why.

Our virtualization platform of choice is Proxmox, a lightweight Debian-based distribution that includes kernel support for both KVM and OpenVZ. As Martin Maurer from Proxmox put it in a recent interview:

This means you get the best of both virtualization worlds... containers (OS Virtualization) and fully-virtualized machines (Machine Virtualization). Proxmox VE also includes a very powerful yet easy to use web-based management system with clustering features. Boot the Proxmox VE install media, answer a few simple questions, and within 10 minutes you have a very powerful virtualization platform you can manage from a web browser. Install it on one or more additional machines that are networked together and use Proxmox VE's cluster management tool to create a virtualization cluster that allows for centralized management, automated backups, iso media and OS Template syncing, as well as migration features. Proxmox VE really is a time saving turnkey solution... and it is freely available under a GPL license."

As far as cost savings, $500 to $1,000 says it all. When you can run a dozen dedicated systems on such a hardware platform, it reduces the individual cost of each turnkey system deployment to well under $100. And the performance penalty for implementing this multitasking solution is only a 1 to 3 per cent performance hit compared to using comparable standalone systems for similar computing tasks. Om Malik recently noted that:

More than half of new servers in 2009 will be virtualized, compared with 30 percent in 2008, according to a new survey by TheInfoPro."

Comparing 2009 to 2008 deployments, that's a 70% increase in just one year. When there is comparable performance, 90% cost savings, and greatly enhanced deployment flexibility, you have to ask yourself why wouldn't you deploy virtualized solutions. With the solution we're providing today, you get some other benefits as well: snapshot backups and cluster computing, both of which actually work. And the cost of this virtualization technology... it's FREE!

Hardware Requirements. For full KVM virtualization support, you'll need either an Intel-VT1 or AMD-V2 capable CPU/Mainboard. Also strongly recommended are a multi-core CPU and as much RAM as your budget can afford. Our favorites (primarily because of cost) are the Dell T105 (with either dual or quad core AMD Athlon processor) or the Dell T300 (with quad core Intel Xeon processor). Both are on sale for the next few days starting at $249 up to about $1,000 with $350-$549 off the retail prices. You can save more by using our Dell coupon in the right margin. We recommend purchasing larger hard disks from other suppliers so stick with the default setup in drives. Dell has gotten more competitive on RAM pricing so that's your call. For a point of reference, a dual core AMD with 8GB of RAM can support about 8 simultaneous Asterisk servers.

Installing Proxmox. If you go the Dell route, you'll need an external USB CD or DVD drive to install Proxmox. Dell's optical drives aren't supported in the Proxmox boot image. So begin by downloading the Proxmox VE 1.3 ISO image and create your CD. Then boot your new server from the CD (by pressing F11 for the boot selection screen and choosing your USB external drive on Dell servers). Press Return to begin the install, agree to the license agreement, and click Next on the installer screen to begin. Choose your country, time zone, and keyboard layout. Next choose a secure password and provide a valid email address which is used to send you critical alerts from your Proxmox server. Finally, choose a hostname, specify a fixed IP address, netmask, gateway, and DNS servers and then press Next. Three minutes later, you'll have a new Proxmox server. Log in to your server as root and create a directory for your backups: mkdir /backup. You're finished on the CLI at this point.

OpenVZ vs. ISO Images. One of the beauties of Proxmox is that it supports two different types of images to create virtual machines. An OpenVZ template is akin to a snapshot of an existing system while an ISO image is identical to the installer you normally would burn onto a CD in order to install a software application on your server. In short, you still have to go through the installation scenario when you create a virtual machine (KVM) from an ISO image. A virtual machine created from an OpenVZ image is ready for use the moment it is created. If you remember when instant-on televisions first were introduced, you'll also appreciate the difference in boot times between OpenVZ and KVM machines which boot an application installed from an ISO in much the same manner as you would experience on a standalone machine.

As with life, there's a dark cloud lurking behind every silver lining, and this is especially true in the Asterisk environment. OpenVZ containers rely upon a shared kernel, the one that actually boots the Proxmox server. KVM containers created from ISO images are self-contained with their own complete operating system and kernel. Thus, zaptel and dahdi cannot be loaded directly from an OpenVZ container. Instead one must rely upon a shared version of zaptel or dahdi loaded on the Proxmox server itself. As it turns out, this is no small feat and certainly not a task for mere mortals. Bottom Line: If you need conferencing or otherwise need a timing source for your Asterisk deployment, you will not want to use the OpenVZ approach at least for now. We hope to more fully document the zaptel/dahdi hurdles that need to be addressed in coming weeks. You can follow our progress in this message thread on the PBX in a Flash Forum. On the other hand, if you have more traditional VoIP requirements for your PBX, then the ease of installation and use of the OpenVZ image makes perfect sense. So let's start there assuming you understand the limitations.

Installing PIAF OpenVZ. Using a web browser, download the new PBX in a Flash OpenVZ image to your Desktop. Our special thanks to Wolf Paul, who did most of the work in putting this together. Once you have the OpenVZ image in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF OpenVZ image on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. And, as Joe Roper has pointed out, you can do this directly within the Proxmox server by logging in as root and issuing the following commands. Thanks, Joe.

cd /var/lib/vz/template/cache/
wget http://tr.im/piaf1506

If you really want to walk on the wild side, here's a third method from Ap.Mathu. After logging into your server as root and issuing the following commands, you can download PBX in a Flash as well as Joomla!, eyeOS, BlueOnyx, Moodle, and FrontAccounting directly through the Proxmox web interface (Appliance Templates, Download):

cd ~
wget http://mundy.org/piaf1506
cat piaf1506 >> /var/lib/pve-manager/apl-available

NOTE: You'll need to use the third option above only after you enable IPtables below because the apl-available file gets regenerated from "headquarters" each time Proxmox restarts.

Enabling IPtables Firewall. IPtables works a little differently in the OpenVZ environment. It actually runs on the Proxmox host. There are three steps to get it working. First, be sure you have downloaded PIAF OpenVZ template 15.04 or later. Second, shut down every running VM on your Proxmox server using the web interface. When you're sure they're all stopped, log into your Proxmox server as root using SSH and carefully enter the following two commands. Note that, because of the length, the sed command stretches to several lines which should be unraveled into a single line for the command to execute properly! Using a block-copy from a desktop machine to your SSH session is the safest method.

sed -i 's|ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length|ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp|' /etc/vz/vz.conf

/etc/init.d/vz restart


Now you're ready to create your first virtual machine. Click on Virtual Machines and then the Create tab. Accept the default OpenVZ container type and give your virtual machine a host name that will help you distinguish it from other VMs on your Proxmox server. Create a secure root password for your new VM. We recommend a minimum memory and swap memory size of 512MB and a minimum disk size of 20GB. You can experiment with these to find the best fit on your server. It only takes about 30 seconds to create an OpenVZ virtual machine so trial-and-error isn't painful.

You have a choice of Network Types. With Virtual Networks (venet), you need to designate a static IP for your virtual machine. With Bridged Ethernet (veth), an IP address is assigned by your DHCP server. Be aware that our status app currently won't display venet-assigned IP addresses, but ifconfig will. There are some other significant differences including network security that you may wish to review. Our special thanks to Martin Maurer from the Proxmox Dev Team for the hand-holding in getting both options working. To keep things simple, choose Bridged Ethernet as shown in the screen shot above. As mentioned, we'll depend upon your DHCP server to assign a dynamic IP address. You can lock it down on your router to assure that the same IP address always is assigned to this virtual machine. Finally, provide a DNS domain for the new VM and assign at least one DNS server. The IP of your gateway router/firewall usually will suffice. Click create when you have filled in all the blanks. Your new virtual machine will be ready to run in less than a minute.

To start the OpenVZ virtual machine, click on the List tab. Then click on the VM you wish to run. When the details display, click the Start button. Within a couple seconds, your VM will start up. Now click on the Open VNC Console link which provides you a command line interface to the now running virtual machine. Type ifconfig several times until you get a display showing your network interfaces. If no IP address is shown for eth0, type: service network restart. You only need to do this the first time your new virtual machine is started. Once the network reloads, you should be good to go. Type status and the IP address of your new VM should display. Type service iptables status to verify that IPtables is running. It currently does not show properly with status. If it's not running, type service iptables restart, and then check it again. The safest test is to attempt to log into your new server with a phone using the wrong extension password. After three tries, it should lock out that IP address temporarily.

Now it's time to secure your new virtual machine. We need to change the master password (not the root password) that is used to gain web access to your server. We also need to change the server's SSH keys to make them unique. Just run the following three commands making certain that you choose to overwrite your existing SSH keys when prompted to do so:

passwd-master
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa

Finally, you can type rasterisk to load the Asterisk CLI. You now have a functional PBX which is ready for configuration. See our knol for step-by-step instructions if you're new to all of this. Or, better yet, you can transform your new virtual machine into a turnkey PBX in less than 10 minutes with free calling in the U.S. and Canada with our Orgasmatron V Installer.

We strongly encourage (actually we're begging) you to read our Primer on Asterisk Security before doing anything else. It could save you an astronomical phone bill down the road.

Where To Go From Here. Until our next chapter, you might want to experiment with some of the other OpenVZ appliances which are available for Proxmox. Many can be installed within the Proxmox GUI (Appliance Templates, Download). Here's the short list: Proxmox Mail Gateway, CYAN Secure Web, Trouble Ticket Tracking, Zenoss Core IT Monitoring, CentOS 4 and 5, Debian 4 and 5, Fedora 9, Ubuntu Hardy, Drupal Content Management, Joomla Content Management, MediaWiki, SugarCRM, and WordPress. Enjoy!

Continue reading Part II for the 64-bit version with DAHDI conferencing...


Enhanced Google Maps. In case you haven't noticed, we've added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We'll show you how to add something similar to any LAMP-based Linux system in coming weeks. It's a powerful technology that has enormous potential. If you're unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

  1. Be very careful choosing Intel processors. Even some high-end processors do not support Intel Virtualization Technology. Here's the official list. []
  2. And here is a useful reference for AMD-compatible processors. The AMD WIKI provides the following list of AMD-V compatible processors: "AMD's x86 virtualization extension to the 64-bit x86 architecture is named AMD Virtualization, also known by the abbreviation AMD-V, and is sometimes referred to by the code name 'Pacifica'. AMD processors using Socket AM2, Socket S1, and Socket F include AMD Virtualization support. AMD Virtualization is also supported by release two (8200, 2200 and 1200 series) of the Opteron processors. The third generation (8300 and 2300 series of Opteron processors) will see an update in virtualization technology..." []

VoIP Prioritizing The World’s Best Traveling Phone

photo courtesy of skitch.com image sharing service

We follow a lot of really smart geeks on Twitter. As you might imagine, there’s a good bit of chatter about the world’s best cellphones. About half are die-hard iPhone users, and the rest are all over the map. Our iPhone is now a glorified iPod and, when you finish reading today, you’ll understand why.

What always has set Macs apart from PCs in our humble opinion is flexibility. So why is it that Apple has gone out of its way to strip that feature from the iPhone? Well, we all know the answer. AT&T and the iTunes Store. Or in a word, money. So what’s missing? For openers, there’s no tethering, the ability to connect your PC to your cellphone when the power goes out so you can send an emergency message or check on your servers at work. And then there’s free calling: the ability to place free SIP calls or Google Voice calls using your cellphone from almost anywhere. And then there’s the money thing. If you’ve traveled to foreign countries with an AT&T-powered iPhone, we don’t have to finish this story. For everyone else, let’s just say the cost of using your iPhone in a foreign country or on a cruise ship is stratospheric.

We’ve watched our friends and colleagues purchase all sorts of add-on gizmos to make up for the shortcomings in the iPhone. These have included secondary cellphones and more recently the MiFi devices which let you pay one of the companies in the American cellphone oligopoly another $60++ per month to tether your notebook and netbook to the cellular data network. Let’s get this straight. We pay a cellphone provider for an unlimited data plan as part of our service, but to transmit data to or from our PC through the plan, add another $60 a month for another data plan with a bandwidth cap. Huh? This is for a service that most of us use intermittently and would prefer to never use because of the lousy performance. Here’s our #1 traveling rule. Never stay in a hotel that doesn’t have WiFi, period. Why would you? The one next door has it!

So let’s go about this by the book… with a requirements analysis first! We want a cellphone that makes cellular calls from most locations, and we want the ability to decide which cell provider we use depending upon where we are. We want the option to make phone calls through our own SIP provider, or Asterisk® server, or Google Voice whenever we feel like it with or without a Wi-Fi connection. And, of course, we want VoIP Prioritization. This means we want our cell phone to prioritize incoming and outgoing calls by attempting to use VoIP services first, cellphone carrier second. Good luck with that one! We also want to be able to check our email using POP3 or IMAP servers. And, when we need to send or receive something on our notebook computer and there’s no WiFi around, we want our cellphone to provide data connectivity. We’re not going to be downloading movies and 1,000-page books all day long. We just want to get an important file attachment from the office so we can read it on a normal screen. And, finally, we’d like a QWERTY keyboard for messaging, and we want to be able to change our own battery, add a memory chip, and swap out SIM cards whenever we’d like. And the music, camera, and GPS functionality would be nice-to-haves on a phone.

Is this so hard? Well, if you’re in the United States and you’re planning to purchase a phone through Sprint, T-Mobile, AT&T, or Verizon to get one of those sign-away-your-life phone discounts, the answer is IMPOSSIBLE! And, to those that are chomping at the bit to tell us how they’ve accomplished some of these miracles with their hacked iPhone, let me just remind you that Apple considers it a national security threat to hack your iPhone thus explaining why Apple also considers it honorable to brick your hacked iPhone at any time despite the fact that you paid for it. Ask yourself if you really want to invest your cellphone dollars with a company spewing forth this kind of bullshit stuff.

And the answer is…

The unlocked U.S. version of the Nokia E71 costs $289.99 at NewEgg, and it’s worth every penny. We’ve been using ours all day, every day for the better part of a year. We’re not going to do a full review of the phone when there’s already an excellent one out there. Start with the allaboutsymbian review and then pick up again here. What isn’t covered in that review is the critical component that we believe sets this phone apart from everything else out there: incredibly simple SIP connectivity and VoIP setup with an Asterisk server because of the native SIP stack and SIP client which is built into the E71’s firmware. And, as you will soon discover, this transforms the E71 into the perfect traveling companion because it makes the E71 just another telephone extension on your home office Asterisk PBX. If secure communications matters, there’s VPN support as well.

Implementing Incoming VoIP Prioritization. Here’s how we’ve set up connectivity to our E71. First, create an extension on your Asterisk server that will be dedicated to remote SIP access from your E71. Let’s use extension 371 in this example. Give it a very secure password because the IP address of your E71 will change as you move from place to place so we can’t really lock down the extension with anything other than a secure password, or you won’t be able to connect. Next, create another extension (372) and forward all incoming calls to that extension to the regular phone number of your E71, i.e. the one provided by your cellphone provider. Then create a Ring Group on your Asterisk server (373) and set up 371 as the only number in the ring group extension list. For the destination if no answer, choose extension 372. Finally, set up your Google Voice number with a destination extension that forwards calls to ring group 373. So the way this will work is that incoming calls to your Google Voice number will ring the SIP connection on your E71 (371) if your E71 is registered to your Asterisk server via SIP. And, when it’s not registered, the calls will be forwarded to the regular phone number of your E71 (372) without any delay since extension 371 isn’t registered with your server. If you get in the habit of searching for WiFi wherever you happen to light and connecting back to your Asterisk server, (as you’ll see, this is a one-click operation), then you’ll have dirt-cheap remote cellphone service on your E71 almost all of the time. And, if you travel to foreign countries, it means that any time your E71 is registered with a WiFi HotSpot, all incoming calls will be free instead of costing an arm-and-a-leg in per minute international roaming fees.

SIP Setup for Nokia E71. John Rogers over at geek.com has written an excellent piece with lots of pretty pictures to show you how to configure your E71 with Asterisk. Rather than reinvent the wheel, here’s the link. It only takes a couple of minutes. We do have a few tips to get you started on the right foot. Make certain that the IP address you enter for your Asterisk server is the public IP address or fully-qualified domain name for your server, not the private IP address inside your firewall. As you roam from one WiFi network to the next, the E71 will automatically configure the phone for the new networks as soon as you choose WLAN Scanning, select a WiFi network, and choose to Connect to your Asterisk server. This is performed from the default screen on your phone so there’s no wading through layer upon layer of menus. After linking and unlinking to different networks about a dozen times, we have found it’s a good idea to shut down the phone, remove the battery momentarily, and then restart the phone. It keeps awkward connect problems from ever occurring. To enable VoIP Prioritization for outbound calling, all you have to do is change one default setting on the Nokia E71: Menu, Tools, Settings, Phone, Call, Default Call Type: Internet Call.

Depending upon your choice of router, using the public IP address of your Asterisk server may cause connectivity issues when you attempt to make a connection through the same WiFi network on which your Asterisk server resides. You can solve this by investing in one of dLink’s Gaming Routers which also provide the necessary tools to prioritize VoIP traffic on your network. Second, make sure you load the latest Nokia firmware for the E71 before you begin configuring your phone. You can check which firmware is installed on your phone by pressing *#0000#. If it’s less than 200.21.118, you need to upgrade, and you’ll need a Windows machine to do it. Here’s the link to Nokia’s upgrade site.

Where To Go From Here. Once you have your E71 performing as a remote Asterisk extension, there are some other must-have’s for your phone. First, you’ll want to purchase JoikuSpot Premium for 15.00€ (about $20). It turns your phone into a WiFi HotSpot whenever you need tethering. Next you’ll want to load Nokia’s OVI store which includes a number of free downloads including Internet Radio, Fring, Nimbuzz, and Web Server. With the web server, you can actually create a blog and let visitors share photos and take pictures using your E71. Try ours to get a taste of what’s available. We think you’ll also find Google Latitude to be a fascinating addition. It lets you produce a free, GPS-enabled map with your current location just like Where In the World Is Nerd Uno. In fact, that map is produced from GPS data generated on our Nokia E71.

A Word of Caution. Finally, we’ll close on a cautionary note. Tempting as it may be to buy Nokia’s latest and greatest cellphone, DON’T! Nokia quietly has dropped the native SIP stack and SIP client on almost all of its newest cellphones presumably to win the love and affection of companies like AT&T. These are the same companies that continue to claim in FCC filings that they have nothing against VoIP on cellphones. The list of VoIP-impaired Nokia cellphones includes the N97 as well as the AT&T-branded E71x. Nokia also has been less than clear about the new N900. Historically, this has meant that SIP functionality has disappeared. So beware of shiny new things… that may not work worth a damn. It’s too bad. Nokia was one of our favorite companies, but it looks like they’re ceding the VoIP technology business to Google’s Android which happens to be next on the Nerd Vittles Radar. Here’s a complete list of Nokia’s SIP-compatible phones. Enjoy!


Enhanced Google Maps. In case you haven’t noticed, we’ve added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We’ll show you how to add something similar to any LAMP-based Linux system in coming weeks. It’s a powerful technology that has enormous potential. If you’re unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest…

Welcome to IP Country: A New Layer of Asterisk Security

image courtesy of fail2ban.org One of the problems with writing a blog like Nerd Vittles is it's more than double the work of your typical blog where a writer pontificates about something and then moves on. What makes Nerd Vittles a little different is that, with help from a number of very gifted developers, we actually create useful applications and then write about how to use them. So you get a bonus for the same low price: free! This obviously imposes some time constraints in order to get fresh material into your hot little hands every week.

This week we turn our attention to Asterisk® Security again and unfortunately the Whole Enchilada is not yet ready. So today you get Chapter I of this topic with a comment that we're still mulling over some enhancements. When those pieces are finished or at least properly evaluated, we'll produce a sequel. Software houses spend years developing applications. And sometimes it takes us more than a week. 🙂

Let's start with a few observations which should be quite obvious to those who have wrestled with VoIP or Asterisk for a while. Internet security is a bitch. And Asterisk security is much, much worse. When a few disgruntled people can bring Twitter to its knees because they're mad about some particular tweet or Twitter user, it tells you what we're all up against. Hate to say it but we can all thank Microsoft for years of security neglect that rendered the Windows operating system less than optimum in preventing the spread and deployment of BOTs. And the tools have gotten more dangerous as well. Strangers (our euphemism for these folks) write new software, too.

If you're using PBX in a Flash (and you really should be!), you know that we've devoted enormous resources to Asterisk security. Two years ago when PBX in a Flash was introduced, the majority of people using Asterisk still were using 1234 as the extension password on all or most of their extensions. A couple $100,000 phone bills and lots of public education, and that situation hopefully is behind us. Two years ago, no Asterisk aggregation included a firewall... except PBX in a Flash. Believe it or not, there were individuals running Asterisk servers on the public Internet with a default root password of password. That added more than a few more BOTs to the Internet kettle of fish. Then there were the brute force password hacks that hit Asterisk servers thousands of times per minute guessing passwords. Nothing stood in the way of these attacks until PBX in a Flash introduced Fail2Ban which automatically blacklisted IP addresses after a certain number of failed login attempts. We followed Fail2Ban with our Atomic Flash product which provided a turnkey Hamachi VPN implementation for rock-solid safe remote computing. And, of course, there was a one-minute Hamachi VPN install script for standard PBX in a Flash systems. No other aggregation has it to this day.

The purpose of the history lesson isn't to crow about PBX in a Flash although we're mighty proud of it. Rather we wanted to make you aware that precious little development effort is actually going into security while enormous resources are devoted to things such as Internet faxing, Skype, and Google Voice integration. We'll be the first to admit that we love the latest gee whiz gizmos as much as anybody. But come on. A handful of us who do this purely for fun somehow manage to turn out loads of security enhancements while huge, for-profit companies are devoting virtually zero resources to making Asterisk, SIP, and the VoIP community safer. SIP is about as secure as whispering at a movie theater. Google releases Google Voice with SIP access protected by a 4-digit password. 🙄 That approach to security needs to change, or we're all going to wake up sorry one day soon. If this is preaching to the choir, then feel free to pass this article on to one of your brethren who has not yet seen the light! Start by reading our Primer on Asterisk Security.

If you have extremely secure passwords on your Asterisk extensions and trunks, and you have deployed a properly configured firewall with Fail2Ban to protect against brute force attacks, then you're ahead of the curve insofar as Asterisk security is concerned. But what we think is still missing is access restrictions based upon what the military calls a "need to know." Simply stated, it means folks shouldn't get access of any kind to your Asterisk server unless they have a need to be there. And, if we find someone there that doesn't belong, they should be kicked off and banned from further access.

So today we have a new security tool for your Asterisk toolbox: IP Country, country-based network filtering by IP address. In a nutshell, it means configuring your Asterisk server to dramatically reduce the number of IP addresses which can reach your server at all. If you receive anonymous SIP connections from all around the globe that you actually need or if you're attacked from a BOT running on grandma's Windows machine down the block, this may not work for you, but it's another tool in your quiver of arrows. For most servers, it has the potential to reduce the vulnerability from random outside threats substantially. It's taken a lot of research to come up with much of what follows, and we want to express our special thanks to Sandro Gauci and Joe Roper for their assistance. Some of this technology has been around for many years, but unfortunately it was expensive. So we also want to express our special appreciation to MaxMind for releasing their open source GeoLite Country database which is now free for downloading. That is the critical ingredient in much of what follows. So here's a word from our sponsor:

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

Scope of Protection. An obvious question is just exactly what are we trying to protect. In our view, it's several things. First, we don't want strangers logging in to extensions on our server and making free calls around the globe using pilfered or hacked passwords. We also don't want strangers using our extensions to masquerade as us for any other purpose. Second, we don't want strangers randomly calling our server using SIP URI's that they've dreamed up. And third, we don't want strangers accessing any other applications on our server including SSH and FTP as well as web and email services.

IP Country Design. As with other security features in Asterisk, FreePBX, and IPtables, our implementation of IP Country uses permit and deny access tables that consist of authorized and unauthorized ranges of IP addresses. There's also a table with the latest GeoLite Country information which is used as the data source for your permit table. When a connection to the server is made, the IP address is checked against the permit table of authorized addresses. If there's no match, we'll consider the connection a stranger. If there is a match, then we'll check the deny table to make certain this particular IP address hasn't been banned. Unless you alter all of our scripts, your system must be using the default MySQL account name of root with a password of passw0rd. As configured in PBX in a Flash, this is NOT a security risk since MySQL access is limited to your server, and your server requires root credentials to log in.

Today's Objective. To get everyone started, we're going to tackle the first two objectives today. The solutions offered should work fine on any FreePBX-based Asterisk system... even those that hide the existence of FreePBX.

For outgoing calls, we'll introduce a new script which runs periodically to examine the IP addresses attached to every SIP and IAX extension and trunk on your Asterisk server. If a stranger's IP address is identified (as explained above), we'll add an IPtables firewall rule to permanently block access to your server from this IP address. These rules are stored in /etc/sysconfig/iptables should you ever need to remove an IP address that has been blocked. You can adjust the script execution frequency based upon the thickness of your wallet. After all, it's your phone bill. This functionality is mutually independent from the incoming call protection outlined below so you can use either or both of the functions to meet your own requirements. For systems that use enormous numbers of SIP URI's for communications around the globe, you might choose to implement just this piece for extension and trunk IP Country protection without altering your incoming dialplan at all. Keep in mind that FreePBX now supports permit and deny IP address filters on extensions, something you really should be using even if you decide against implementing the IP Country security protection layer.

For incoming calls, we're going to modify FreePBX's existing Blacklist functionality to also look up the calling IP address in our IP Country permit and deny tables. If the IP address is authorized, the call will go through. Otherwise, the call will be treated just as if the caller's number were blacklisted. Be aware that incoming calls to one of your commercial DIDs may reflect the IP address of your provider since the caller may be calling from a Plain Old Telephone rather than an IP address. The existing Blacklist functionality can be used to block these unwanted callers. If you live in the United States, you'll probably also want to call 888-382-1222 and place your DIDs in the Do Not Call database. Just call from a phone using the CallerID of the number you wish to block.

Installing GeoLite Country. To get started, log into your server as root and issue the following commands:

cd /
wget http://bestof.nerdvittles.com/applications/ipcountry/ipcountry.tgz
tar zxvf ipcountry.tgz
rm ipcountry.tgz
cd /root/ipcountry
./nv-ipcountry

Once the nv-ipcountry script begins to run, it will download and install the GeoLite Country database into MySQL. You then will be asked whether to add countries to your permit table. Since your permit table is empty at this point, the answer should be yes. You'll then get a list of country codes. Choose the two-character country code desired and type it in UPPERCASE, e.g. US. If you want to add one or more additional countries, just rerun ./nv-ipcountry and do NOT initialize the permit table (which erases all of its contents).

New GeoLite Country databases are released every month or two so get used to the procedure. You'll be using it periodically to keep your list of IP addresses current. We'll cover the update procedure after we get you up and running.

Remember: If no IP addresses for any country are added to the permit table, you will not be able to make calls or register trunks with your providers! The only default entries added to the permit table are the non-routable, private IP address ranges, e.g. 192.168.0, etc. The geolite table is merely a data repository of the latest GeoLite Country database and has no effect on the daily operation of your system! You use it only as a data source for populating your permit table.

Testing IP Country. Before we actually turn anything on, we need to be sure we're not going to blow your Asterisk system out of the water! In short, we want to make sure that every extension that's supposed to be able to make a connection to your PBX still can. And we need to make sure all of your trunk registrations still are working. While you're still in the /root/ipcountry directory, issue the following command: ./test.sh. This script will display all of your SIP and IAX connections and then will tell you whether each connection will pass muster with IP Country security in place. Each IP address should display ok. If any of them show ko, you have a problem. This means that you have an extension or trunk with an IP address that is not included in your permit table. You can scan through the show peers listings in the display to figure out which providers or extensions are associated with any problem IP addresses. Be sure it's not a bad guy first. Then you have a couple of options. You can either manually add the IP address to the permit table as outlined below. Or you can add additional countries which include the missing IP address(es). To decipher the country of any problem IP address, go to this link and plug in the IP address. Once you've made entries in your permit table to cover all of your needed IP addresses, run the test script again just to be sure everything shows ok. Do NOT proceed until you get all ok's, and don't write us if you do.

Manually Adding IP Addresses to IP Country. We've provided a command-line utility which makes it easy to add IP addresses and address ranges to either the permit or deny tables of IP Country. Be very careful using this tool! There's limited error-checking which means it's easy to create a mess. You'll find iputility.php in the /root/ipcountry folder. Since all IP addresses are stored as integers, you can use it to merely discover the integer value of an IP address, or you can actually insert IP addresses into either the permit or deny tables. Here are a few examples to show how the utility works:

./iputility.php 156.130.20.10
Returns the integer value for this IP address; no database update
./iputility.php 156.130.20.10 156.130.20.255
Returns integer values for this IP address range; no database update
./iputility.php 156.130.20.10 deny
Adds this IP address to IP Country deny table
./iputility.php 156.130.20.10 156.130.20.255 permit
Adds this address range to IP Country permit table)

A couple of points worth noting. First, all custom entries in your permit and deny tables using iputility will show a country code of AA. This makes them easy to find using phpMyAdmin if you make a mistake. Second, if you attempt to enter the same IP address range more than once, you'll get a database error since all entries in the tables must be unique. Third, remember that entries in the deny table take precedence over entries in the permit table. So, if the same IP address or address range is in both tables, access will be denied. The reason for this is to make it easy to exclude a few bad apples from a country that you might otherwise find unobjectionable. Finally, keep in mind that manual entries added to the permit table will have to be added again each time you initialize the table and insert new country IP codes after a GeoLite Country refresh. The deny table is unaffected by database refreshes. So make yourself a list of entries you manually insert into the permit table and keep it in a safe place for future reference.

Activating the IP Address Checker. In the /root/ipcountry directory, you'll find the script that we'll use to check your system periodically to be sure all of the extensions and trunks are registered at permitted IP addresses. To run the script manually, log into your server as root and type: /root/ipcountry/ip-checker.sh. When you run it, you shouldn't see any modifications to IPtables, just a string of ok's. So now we want to added the script as a cron job that will be run periodically to watch your system. Edit /etc/crontab and insert the following line at the bottom of the file:

*/1 * * * * /root/ipcountry/ip-checker.sh > /dev/null

*/1 means run the script once a minute, all day and night, every day. */5 means every 5 minutes. You make the call on how safe you'd like your system to be. If you'd like to receive an email or text message every time an IP address is blocked by ip-checker.sh, just edit the filecheck.php script, uncomment the two lines that begin with // and replace yourname@gmail.com with your email or text message address.

WARNING: For ip-checker.sh to work properly with IPtables, there are a couple of prerequisites. First, IPtables must be running on your system with the iptables file located in /etc/sysconfig. Second, your IPtables setup must include an SSH permit rule that looks like this:

-A INPUT -p tcp -m tcp --dport ssh -j ACCEPT

We use this rule as a place finder to determine where to insert new rules to block stranger's IP addresses. If you don't have the above rule, filecheck.php (used by ip-checker.sh) won't be able to insert new rules. So you'll need to manually edit filecheck.php to provide a "hook" that can be used to insert rules into your iptables file. PBX in a Flash systems come preconfigured to support this. With other aggregations, YMMV!

Activating the Incoming Call Checker. To screen incoming calls using your IP Country permit and deny tables, the setup is straight-forward assuming you are running the latest version of FreePBX 2.5. We're going to adjust the Blacklist context to also perform IP address lookups from IP Country when new calls arrive on your PBX. Just log into your server as root and add the following lines to the bottom of the extensions_override_freepbx.conf file in /etc/asterisk:

[app-blacklist-check]
include => app-blacklist-check-custom
exten => s,1,LookupBlacklist()
exten => s,n,GotoIf($["${LOOKUPBLSTATUS}"="FOUND"]?blacklisted)
exten => s,n,Set(TESTAT=${CUT(SIP_HEADER(From),@,2)})
exten => s,n,GotoIf($["${TESTAT}" != ""]?hasat)
exten => s,n,Set(FROM_IP=${CUT(CUT(SIP_HEADER(From),>,1),:,2)})
exten => s,n,Goto(gotip)
exten => s,n(hasat),Set(FROM_IP=${CUT(CUT(CUT(SIP_HEADER(From),@,2),>,1),:,1)})
exten => s,n(gotip),NoOp(Gateway IP is ${FROM_IP})
exten => s,n,NoOp(IP Country Lookup in Progress...)
; put authorized special calls like sipgate's Google Voice ringbacks below
exten => s,n,GotoIf($["${FROM_IP}"="sipgate.com"]?keepon)
exten => s,n,AGI(nv-ipcountry.php|${FROM_IP})
exten => s,n,GotoIf($["${STRANGER}"="true"]?blacklisted)
exten => s,n(keepon),NoOp(** AUTHORIZED CALLER **)
exten => s,n,Return()
exten => s,n(blacklisted),Answer
exten => s,n,Wait(1)
exten => s,n,Zapateller()
exten => s,n,Playback(ss-noservice)
exten => s,n,Hangup

Make sure you remove the line-wrap in the s,n(hasat) line and any others that may have wrapped in the display above! Then save the file and reload your Asterisk dialplan: asterisk -rx "dialplan reload". You're all set! If you'd like email notices when a stranger calls and is blacklisted, edit nv-ipcountry.php in /var/lib/asterisk/agi-bin. Plug in your actual email address in the $email variable and set $emailalerts = 1.

Housekeeping 101. As we mentioned above, the pool and location of IP addresses continues to change so periodic updates are necessary, or you'll end up blocking calls that otherwise should be permitted. MaxMind updates GeoLite Country on the first day of every month so add it to your TO-DO list. We strongly recommend that you perform these steps through an SSH connection from a remote PC. Why? Because, if you forget step 1 while logged directly into your server, you could inadvertently lock yourself out of your own system if the ip-checker script happens to run while your permit table is empty. If you do it from a remote machine, you can simply move to another machine and follow these instructions properly. Otherwise, you've got a serious problem on your main server. If this server provides phones to your business, do the update when the server is idle. So here's the drill:

  1. Comment out the ip-checker.sh /etc/crontab entry
  2. Download new GeoLite Country database from MaxMind
  3. Initialize the ipcountry.permit table
  4. Add authorized countries back into ipcountry.permit table
  5. Add back any custom entries to permit table
  6. Test your IP Country system to make sure you get all ok's
  7. Reactivate ip-checker.sh in /etc/crontab

1. Log into your server as root. To comment out the ip-checker.sh line in /etc/crontab, just add # as the first character on the line and save the file.

2. Change to the /root/ipcountry directory and run ./nv-GeoIPrefresh.

3. While still in the /root/ipcountry directory, run ./nv-ipcountry and choose 1-Yes to initialize your ipcountry.permit table.

4. Continue running or rerun ./nv-ipcountry to add each desired country to your ipcountry.permit table.

5. Run ./iputility.php to add custom IP address entries to your ipcountry.permit table. You do NOT need to reenter addresses in the deny table. It is unaffected by this update procedure.

6. Test your system again to make sure all extensions and trunks get an ok by running ./test.sh.

7. Edit /etc/crontab and remove the # at the beginning of the ip-checker.sh line and save the file.

What's Next. We're still exploring another possibility with IP Country, and that is integrating GeoLite Country directly into IPtables. This would validate every packet coming into your firewall using IP Country-like rules in IPtables. If you want to look at how it could be done, see this excellent writeup. Well, not so fast. Unfortunately, it won't compile under CentOS 5.2. Here's a link to the problem code if there are any Linux gurus in the house. Our reluctance in doing this has to do with performance. Keep in mind that, without stateful packet inspection, every single packet coming into your server would presumably trigger a database lookup. On a busy telephony system generating hundreds of thousands of packets per second, it would take a beast of a server with sufficient memory to cache the entire IP Country database in order to handle the processing load. So now we've got to either learn about or find an expert on the IPtables State Machine. If anyone wants to experiment, please share your expertise with the rest of us. There's a Google Voice invite in it for you, too.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

Introducing the Orgasmatron V, Google Voice Edition

It's been an interesting couple of weeks watching many of our readers flock to Google Voice in order to make free calls in the U.S. and Canada. The only problem with our Google Voice solution was the skill set required to get everything humming along as it should. For those new to the Asterisk® world, it only made sense to create a special installer that would build an Instant PBX.

Check Out the Latest! The Incredible PBX

Coming January 19: Incredible PBX 11 & Incredible Fax for Asterisk 11 and FreePBX 2.11

In putting this together, we couldn't help noticing the dilemma posed on the new FreePBX web site: "Looking for Phone Service? We can't quite give you the phone service for the same price (free) as the PBX..." Well, maybe they can't, but we certainly can thanks to our friends at Google Voice. So today we're pleased to introduce the first Truly Free™ Asterisk PBX. If you've mastered slice-and-bake cookies, you'll have no trouble with today's recipe.

Welcome to the Orgasmatron V Installer, the wonderscript that lets you create a turnkey Asterisk system with free U.S. and Canada calling through Google Voice in less than 15 minutes! When you're finished you'll have a PBX in a Flash system with every bell and whistle on the planet. Not only is the PBX absolutely free but so are all of your outbound and incoming calls throughout the United States and Canada. All you'll need is an Internet connection and any garden variety PC that's less than 3 years old. Or you can splurge and buy yourself a new Atom-based PC or NetBook and have a state-of-the-art PBX that may last you close to a decade. While you'll still need to change a few passwords and plug in some phones, the Orgasmatron V build reduces the Asterisk learning curve to almost zero. Out of the box, email works. Faxing works. ENUM works. And free calling in the U.S. and Canada works. Just plug in your Google Voice credentials, and you can start placing calls to every phone in the U.S. and Canada for free in just a few minutes.

For those that are wondering what's included in the Orgasmatron V build, here's a feature list of the components you get in addition to the base PBX in a Flash build with Asterisk 1.4, FreePBX 2.5, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin:

Getting Started. Even though the installation process is now a No-Brainer, you are well-advised to do some reading before you begin. VoIP PBX systems have become a favorite target of the hackers and crackers around the world and, unless you have an unlimited bank account, you need to take some precautions to protect your phone bill. Start by reading our Primer on Asterisk Security. Then read our PBX in a Flash and VPN in a Flash knols. If you're still not asleep, there's loads of additional documentation on the PBX in a Flash documentation web site.

Prerequisites. You obviously still need a free Google Voice account. If you don't have one, you can request an invite here. At last report, it's only taking a few days from application to invite which is really great news. Don't use a space in your Google Voice password! Once you have a Google Voice account and phone number (Google has reserved several million of them so... not to worry!), then you'll need a DID that provides unlimited, free incoming calls. We'll use it as your Google Voice RingBack DID and will explain all of this after we get your PBX up and running. We'd recommend a free IPkall or SIPgate DID, but we'll get to that.

Installation. Here's a quick tutorial to get you going. First, install the 32-bit, Asterisk 1.4 version of PBX in a Flash. Boot your system from the installation CD and type ksalt to begin. As your machine reboots, remove the CD and choose option A to load the most stable payload. When the install completes, reboot your system once again and login as root with the password you chose when you built your system. Now issue the following commands to bring your system current and protect your system passwords: update-scripts, update-fixes, passwd-master. You now have a PBX in a Flash base install. On a stand-alone machine, it takes about 30 minutes. On a virtual machine, it takes about half that time.

Now you're ready to run the Orgasmatron V Installer. While still logged into your new server as root, issue the following commands:

cd /root
wget http://pbxinaflash.net/orgasmatron/orgasmatron-gv.x
chmod +x orgasmatron-gv.x
./orgasmatron-gv.x
reboot

Stick around while the install script is running. Parts of it are interactive. For now, choose the Flite option when you're prompted twice for your text-to-speech preferences. That way you'll have a working system when you're finished. Once the Orgasmatron V installer script is finished, type status and write down the IP address of your server. You'll need it in the next step to log into FreePBX.

If you'd prefer to pick and choose the apps to install, use this fully-interactive installer instead:

cd /root
wget http://pbxinaflash.net/orgasmatron/orgasmatron-interactive.x
chmod +x orgasmatron-interactive.x
./orgasmatron-interactive.x
reboot

Using a web browser, open FreePBX on your new server with a command like this (substituting the IP address you wrote down above). When prompted for your account name, type maint and use the password you assigned when running passwd-master above:

http://192.168.0.123/admin/

You're NOT done yet!

These next three steps are important. They get all of the FreePBX modules installed and then restore the FreePBX backup set that's at the heart of the Orgasmatron build. Just follow along here. If you're using the new OpenVZ template for PBX in a Flash, start at step 3 and then complete step 1 and 2. Otherwise...

1. Choose Module Admin, Check for Updates online, Upgrade All, Process, Confirm, Return, Apply Config Changes, Continue.

2. Choose Module Admin, Check for Updates online, Download All, Process, Confirm, Return, Apply Config Changes, Continue.

3. Click on the Tools tab and choose Backup & Restore, Restore, RightNow, and select the .tar.gz file that is displayed. Then choose Restore Entire Backup Set, OK, Apply Config Changes, and Continue.

Securing Your System. You're almost done. We always like to reboot the server just to make sure nothing got lost in the shuffle. When the reboot is finished, log into FreePBX with a browser again. Before you do anything else, choose each of the 16 preconfigured extensions on your new server and change the extension AND voicemail passwords. Here's the drill: Setup, Extensions, 501, Submit after changing secret and Voicemail Password. Repeat with the next extension number instead of 501. Then Apply Config Changes, Continue when you've finished with all of them.

Now let's change the default DISA password: Setup, DISA, DISAmain, PIN, Submit Changes, Apply Config Changes, Continue. Whew! Your system now is relatively secure. Follow the steps in the tutorials we recommended, and you're ready to experiment. Plug in a couple of SIP phones or softphones and configure them using the available extensions (701-715) together with the secrets for those extensions. Place a test call between the extensions to make sure you have a working PBX. Now we're ready to add the pieces so that people from outside your system can call you and so that you can call them as well.

Setting Up An IPkall RingBack DID. Step #1 is obtaining a free DID which will be used to handle RingBack calls from Google Voice. If you're new to Google Voice, here's a quick primer. Whenever you place an outbound call through Google Voice, GV actually places two calls. It returns your call to a number you designate as your RingBack number, and then GV places the call to the destination number you've chosen. We will transparently merge the two calls together behind the scenes so the caller will think it's a "normal" long distance call. But, before Google Voice calling will work with Asterisk, you'll need another DID (in addition to your new Google Voice number) to transparently handle these RingBack calls into Asterisk.

Shown above is the IPkall request form to sign up for a free DID. Make your form look like the one above but change 3 pieces of information: (1) the SIP Proxy which is the public IP address of your Asterisk server or its fully-qualified domain name, (2) a working Email Address which will be used to confirm your request for a free DID, and (3) a password to protect your DID at IPkall. Leave the other entries the way they're shown, especially the SIP Phone Number, gv-ringback, which is preconfigured to route incoming SIP calls on your new PBX to any phones connected to extensions 701-715. Once you have confirmed your request by email, you will be assigned a phone number. Assuming you've already connected a phone to your new PBX on one of the above extensions, it should ring when you call your new IPkall number. Don't proceed until you get this working because it must be functional before you can complete the set up of your Google Voice account.

Setting Up A SIPgate RingBack DID. If you elect to use a SIPgate DID, the process is a bit more complicated. Once you've registered for a free DID on their site, you'll get an email with your credentials. You then will need to create a new trunk using FreePBX with the following entries replacing SIP-ID and SIP-Password with your actual credentials. Use sipgate for the Trunk Name and fill in the following in the Outgoing Settings section of the form:

type=peer
username=SIP-ID
fromuser=SIP-ID
secret=SIP-Password
context=from-trunk
host=sipgate.com
fromdomain=sipgate.com
insecure=very
caninvite=no
canreinvite=no
nat=no
disallow=all
allow=ulaw&alaw

Leave the Incoming Settings blank, and enter the following Registration String using your actual credentials:

SIP-ID:SIP-Password@sipgate.com/10-digitSIPgateNumber

Save your entries and then create an Inbound Route called sipgate. Enter your 10-digit SIPgate number in the DID Number field and choose Ring Group: 700 as the Destination for the inbound calls to this number. Reload your Asterisk dialplan when prompted to do so. Connect a phone to an extension on your PBX and be sure the phone rings when you call your new SIPgate DID number before proceeding.

Google Voice Setup. Once you get your RingBack DID set up on your Asterisk system, we need to configure your new Google Voice account. Log into your GV account and click Settings, Phones, Add Another Phone. Add the area code and phone number of your RingBack DID. Be sure a phone is connected to one of the existing extensions (701-715) on your PBX since you have to go through Google's confirmation drill to successfully register the number with GV. After the DID is confirmed, be sure there's a check mark beside this Google Voice destination so that incoming calls to your GV number will be routed to your Asterisk server.

While you're still in the Google Voice Setup, click on the General tab. Uncheck Enable Call Screening. Turn Call Presentation Off. And set CallerID to Display Caller's Number. Remember NOT to include a space in your Google Voice password! Finally, uncheck Do Not Disturb. Now click the Save Changes button.

Adding Your GV Credentials to PBX in a Flash. Now we're ready to insert your Google Voice credentials into PBX in a Flash. You'll need four pieces of information: your 10-digit Google Voice phone number, your Google Voice account name (which is the email address you used to set up your GV account), your GV password (no spaces!), and your 11-digit RingBack DID (beginning with a 1) from either IPkall or SIPgate. Don't get the 10-digit GV number mixed up with the 11-digit RingBack DID, or nothing will work. 🙂 Now log back into your server as root and issue the following commands. Check your entries carefully. If you make a typo in entering any of your data, press Ctrl-C to cancel the script and then run it again!!

cd /root
wget http://pbxinaflash.net/orgasmatron/configure-gv
chmod +x configure-gv
./configure-gv

Updating pyGoogleVoice. Since this article was initially released, Google has made some changes in the way Google Voice processes incoming calls. To address this, you'll need to update the version of pyGoogleVoice installed with this build. While still logged into your server as root, issue the following commands:
cd /root
wget http://pygooglevoice.googlecode.com/files/pygooglevoice-0.5.tar.gz
tar zxvf pygooglevoice-0.5*
cd pygooglevoice-0.5
python setup.py install

Modifying Your RingBack Inbound Route. The last step in the setup process is to reroute your gv-ringback incoming route so that it points to a custom context to process your Google Voice ringback calls transparently. Log back into FreePBX with a web browser and choose Setup, Inbound Routes, gv-ringback. Change the Destination for these calls to Custom Destinations: Custom GV-Park. If you're using SIPgate instead of IPkall, be sure to change the other settings to look like this:

Description: gv-ringback
DIDNumber: *Your 10-digit-SIPgate-Number*
CallerId: *Your 10-digit-Google-Voice-Number*

Save your changes by clicking the Submit button and then reload your dialplan when prompted.

Choosing a VoIP Provider. For this week, we'll point you to some things to play with on your new server. Then, in the subsequent articles below, we'll cover in detail how to customize every application that's been loaded. Nothing beats free when it comes to long distance calls. But nothing lasts forever. So we'd recommend you set up another account with Vitelity using our special link below. This gives your PBX a secondary way to communicate with every telephone in the world, and it also gets you a second real phone number for your new system... so that people can call you. Here's how it works. You pay Vitelity a deposit for phone service. They then will bill you $3.99 a month for your new phone number. This $3.99 also covers the cost of unlimited inbound calls (two at a time) delivered to your PBX for the month. For outbound calls, you pay by the minute and the cost is determined by where you're calling. If you're in the U.S., outbound calls to anywhere in the U.S. are a little over a penny a minute. If you change your mind about Vitelity and want a refund of the balance in your account, all you have to do is ask.

The VoIP world is new territory for some of you. Unlike the Ma Bell days, there's really no reason not to have multiple VoIP providers especially for outbound calls. Depending upon where you are calling, calls may be cheaper using different providers for calls to different locations. So we recommend having at least two providers. Visit the PBX in a Flash Forum to get some ideas on choosing alternative providers.

Kicking the Tires. OK. That's enough tutorial for today. Let's play. After you've connected a phone to your new system, begin your adventure by dialing these 10 numbers:

  • D-E-M-O - Check out the Nerd Vittles Orgasmatron Demo
  • Z-I-P - Enter a five digit zip code for any U.S. weather report
  • 6-1-1 - Enter a 3-character airport code for any U.S. weather report
  • 5-1-1 - Get the latest news and sports headlines from Yahoo News
  • T-I-D-E - Get today's tides and lunar schedule for any U.S. port
  • F-A-X - Send a fax to an email address of your choice
  • 4-1-2 - 3-character phonebook lookup/dialer with AsteriDex
  • M-A-I-L - Record a message and deliver it to any email address
  • C-O-N-F - Set up a MeetMe Conference on the fly
  • 1-2-3 - Schedule a regular or recurring phone reminder
  • Dial *68 - Schedule a hotel-style wakeup call on any extension

Google Voice Speed Dials. For frequently called numbers, you can add speed dials by inserting entries in the [from-internal-custom] context of extensions_custom.conf in the /etc/asterisk folder that look like the example below where 333 is the speed dial number and 6781234567 is the area code and number to call. Be sure to reload your Asterisk dialplan to activate them.

exten => 333,1,Dial(local/6781234567@custom-gv,300)

Congratulations! You now have what we hope will be flawless and free U.S. calling on your Asterisk system using Google Voice. No gimmicks, no strings, no cost. Enjoy!

Finally, one additional word of caution. Both Google Voice and this call design are set up for a single call at a time. There are no safeguards to prevent multiple calls, but that may violate the Google Voice terms of service.

Homework. Your homework for this week is to do some exploring. FreePBX is a treasure trove of functionality, and the Orgasmatron build adds a bunch of additional options. See if you can find all of them. Then log into your server as root and look through the scripts added in the /root/nv folder. You'll find all sorts of goodies to keep you busy. Enjoy!

Continue reading Part II.

Continue reading Part III.

Continue reading Part IV.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

Tweaking Asterisk for Free Google Voice Calling

Lips from Google Now that the Asterisk® and Google Voice marriage is finally underway, we wanted to step back today and revise the original methodology a bit to take advantage of some of the terrific comments which were offered in response to our last article. First, the good news. U.S. calls through Google Voice using Asterisk work! They sound great, and they're free. The not so good news was that the MeetMe conferencing trick to join your outbound call with the Google Voice click-to-dial return call from your destination worked great so long as a real person answered the phone. But, if an answering machine picked up or no one answered the call at all, there were problems because these calls already had been transferred to the MeetMe conference and there was no simple way to disconnect them. And the need for two DIDs to support a single Google Voice interface just seemed a bit wasteful.

9/1/2010 Update: A good bit has changed with Google Voice since this article was first published. For the definitive guide and installation procedure, we highly recommend The Incredible PBX and accompanying article which can be found at this link. Google Voice (and much more) already is included in our new PBX which is literally Plug-and-Play. If you prefer to roll your own, be sure to also have a look at this excellent update on the Michigan Telephone Blog.

Today we want to try to eliminate these two quirks while stiill providing a seamless interface between Google Voice and Asterisk. We also appreciate that thousands of you already have implemented the previous approach. So we want your transition to the new way of doing things to be as painless as possible. On the other hand, for frequent readers, we hope you'll bear with us as we repeat some of what already has been covered in previous articles so new visitors don't have to jump around between articles to get the complete picture of what we're trying to accomplish.

The objective remains the same. We want a methodology that lets us make outbound calls from any Asterisk phone using the Google Voice service to take advantage of free calling in the United States and Canada. And we want calls to our Google Voice number delivered to our Asterisk system for transparent call processing. Yes, SIP is still on our wish list for both outbound and inbound calls with Google Voice, but we'll make do with PSTN calls particularly while Google is footing the bill for all of the calls.

Update: There's now a turnkey Asterisk solution that implements Google Voice calling without getting your hands dirty. Check out our new Orgasmatron V.

Tweaked Design. Here's the new design. You obviously still need a free Google Voice account. If you don't have one, you can request an invite here. At last report, it's only taking a few days from application to invite which is really great news. Don't use a space in your Google Voice password! Once you have a Google Voice account and phone number (Google has reserved a million of them so... not to worry!), then you'll need a DID that provides unlimited, free incoming calls. Once you get your DID set up on your Asterisk system, we'll set up a forwarding phone number for this DID in your Google Voice account so that Google Voice calls can be connected to your Asterisk server.

For outbound calls, we'll combine a little dialplan voodoo with pygooglevoice to instruct Asterisk to place a click-to-dial call using your Google Voice forwarding number. Then we'll stuff in the destination U.S. phone number. When you dial GV-678-1234567 from any of your Asterisk phones, Asterisk will park your initial call in a reserved parking lot slot and then join the called party to the originally parked call. The entire procedure is virtually transparent both to the caller and the callee. And, unlike the MeetMe conference, the parking lot fades out of the picture as soon as the call is connected. Thus, if either party hangs up, the active channel for the call is terminated on your Asterisk server.

For inbound calls from your Google Voice number, we'll tweak the dialplan so that it can distinguish between a RingBack call that Google Voice initiated and a true inbound call. We'll peel off the real inbound calls and route them to a separate Inbound Route in FreePBX for processing in any way you desire.

Finally, for those that implemented the methodology in our previous article, we'll walk you through the steps to revise your existing setup to take advantage of these new tweaks. You can skip over the initial installation process if you already have gone through the Google Voice setup from our earlier article. Just skip down to Tweaking Previous Setups.

Special Thanks. At the outset, we again want to express our sincere appreciation to Jacob Feisley and Paul Marks for their pioneering work on a Python interface to Google Voice. We also stumbled upon another Python development project, Google Voice for Python. While we originally had planned to rely upon Jacob and Paul's script, we ultimately decided to implement pygooglevoice because of the additional flexibility it provided for down the road. With pygooglevoice, you not only can make Google Voice calls, but you also can send SMS messages with no muss or fuss. Jacob Feisley has now joined that project as well. So, our special tip of the hat goes to the entire Google Voice for Python development team. It's a terrific product as you will see.

Prerequisites. Today's setup requires a CentOS-based Asterisk aggregation with a current version of FreePBX. Be aware that today's solution requires Python 2.4 or higher and reportedly will not work with Python 2.3 found in some Linux distributions. We've tested everything with PBX in a Flash and, on that platform, you're good to go. The install script should work equally well with the other CentOS-based Asterisk aggregations, but we haven't tested them. Be our guest, and let us know if you encounter any problems. Finally, a word of caution. We don't ordinarily distribute solutions using development tools we don't use. Our knowledge of Python wouldn't fill a thimble. We've made an exception today because of the extraordinary interest in Google Voice by the Asterisk community. But, if something comes unglued, we can't fix it. So have a backup plan in place just in case. 🙂

Today's Drill. To get everything working today, there are six steps: (1) obtaining and configuring a DID to manage calls between Google Voice and Asterisk, (2) configuring a Google Voice forwarding number for this DID to manage your outbound and inbound calls, (3) configuring FreePBX to route all outbound calls with a GV prefix to your special Google Voice dialplan context, (4) configuring an inbound route to manage incoming calls from your Google Voice number, (5) setting up a series of Parked Call extensions, one of which will be used to manage your outbound Google Voice calls, and (6) running our install script which adds the dialplan code for Google Voice calling with your credentials and puts the Python application into place on your server. It sounds more complicated than it is. So hang on to your hat. Here we go!

Dedicated DID. Before you can use Google Voice with Asterisk, you'll need a DID that can be dedicated to your Google Voice interface to Asterisk. We'd recommend a free IPkall or SIPgate DID. To get started, use one of the links above to obtain and configure the DID. Temporarily point the DID to an extension on your Asterisk system that can be used to verify your requests for the number. Since all of these calls are free, the area code of the DID really doesn't matter because you're never going to publish the fact that it exists.

The easiest method for setting up the DID is to first create a SIP URI for the DID on your Asterisk system. Next route the SIP URI to an Inbound Route in FreePBX where you can manage the destination for calls to that DID. Initially, you want the destination to be an extension on your Asterisk system that you can answer to verify both the DID setup and the GV setup below. Finally, point the DID you obtained to the SIP URI defined above.

HINT: The entry in extensions_override_freepbx.conf would look something like this for a SIP URI called ipkall-1:

exten => ipkall-1,1,Goto(from-trunk,${DID},1)

Then you would create an inbound route named ipkall-1 using FreePBX and designate some existing extension on your server as the destination for these inbound calls.

When you set up the SIP forwarding for the DID at ipkall.com, you'd specify the SIP URI as:

ipkall-1@ipaddress_of_your-Asterisk_server

We've previously covered in detail how to do this so read the article if you need a refresher course. To reiterate, the area code of this DID really doesn't matter because you're never going to give out the number. So use one of the free sources and save yourself some money. The real trick is you want to use a DID with unlimited, free inbound calls. Both IPkall and SIPgate provide that functionality at no cost.

Google Voice Setup. Log into your Google Voice account and click Settings, Phones, Add Another Phone. Add the area code and phone number of your DID. Be sure the DID is pointed to an extension on your PBX that you can answer since you have to go through Google's confirmation drill to successfully register the number. After the DID is confirmed, be sure there's a check mark beside this Google Voice destination so that incoming calls to your GV number will be routed to your Asterisk server.

While you're still in the Google Voice Setup, click on the General tab. Uncheck Enable Call Screening. Turn Call Presentation Off. And set CallerID to Display Caller's Number. Be aware that IPkall DIDs only forward your IPkall number as the CallerID number while SIPgate DIDs reportedly forward the actual number of the person calling you. If this matters to you, then you may prefer the SIPgate DID option. Finally, uncheck Do Not Disturb. Now click the Save Changes button.

Integrating Google Voice into Asterisk with FreePBX. Open FreePBX with a web browser and choose Setup, Trunks, Add Custom Trunk. Insert your GV number in the Outbound CallerID field and add the following Custom Dial String on the form and Submit Changes and reload the dialplan:

local/$OUTNUM$@custom-gv

Next, choose Setup, Outbound Routes, Add Route and fill in the following entries on the form:


Route Name: GoogleVoice
Dial Pattern: 48|NXXNXXXXXX
Trunk Seq: local/$OUTNUM$@custom-gv

Inbound Routes. Next, we need two Inbound Routes to get everything working. In setting up your DID with IPkall or SIPgate, you already should have created one inbound route for that provider. It already should be routing calls to an extension on your PBX. Now we need to create a Custom Destination for this inbound route and then reroute these calls there. In that way, your RingBack calls will be routed to some special dialplan code that drops these calls into a custom parking lot where the RingBack call is married up to the extension from which you placed the original call. Then we need to create another inbound route to manage normal incoming calls that are forwarded to your PBX whenever someone dials your Google Voice number.

To begin, choose Tools, Custom Destinations, Add Custom Destination and add an entry like this and then click the Submit Changes button:

Custom Destination: custom-park,s,1
Description: Custom GV-Park

Next choose Setup, Inbound Route and click on the inbound route you created previously for IPkall or SIPgate. Change the destination for these calls to Custom Destination: Custom GV-Park.

Now click on Add Incoming Route and create a new route for your incoming Google Voice calls. Give it any description you like but, for the DID number, it must be gv-incoming. You can leave most of the other defaults. Just be sure you set a destination for your incoming calls from Google Voice. It could be an extension, ring group, IVR, or whatever best meets your needs. The important entry here is gv-incoming for the DID number. Click the Submit button to save your entries. Ignore the warning that you've entered an oddball DID. We know what we're doing. 🙂

Setting Up the Parking Lot. While still in FreePBX, we need to create or adjust your existing settings in Setup, Parking Lot. The parking lot is used by FreePBX to simulate old key telephones where you could place a call on hold and then someone else in the office could pick up the call by clicking on the blinking key on their phone. The Asterisk equivalent is to press the flash hook and dial your Parking Lot Extension which then places the call in a Parking Lot space and tells you what the space number is. Someone else then can dial the number of that space to pick up the call. Our little trick today works like this. When you place an outbound call through Google Voice, your extension will be dumped into a reserved parking lot space. When Google Voice initiates the RingBack call before connecting the destination number you've dialed, that call will be sent to the same reserved parking lot space. The two calls then are joined, and you'll hear the parking lot number followed by ring tones as your call is connected by GV to its final destination. Our special thanks to Richard Bateman for his comment on the previous article and this terrific tip! He wins an Atomic Flash installer from Nerd Vittles. In addition, A. Godong wins an Atomic Flash installer for his tip on consolidating two DIDs into a single DID to manage both inbound and outbound GV calls. Just send us your addresses.

Now, where were we? Most FreePBX systems have a default setup for the Parking Lot. What we need to do is be sure you have reserved one more space in the parking lot than you actually need for day to day operation of your PBX. We'll use the last parking lot space number to manage outbound calling through Google Voice. Our entries look like the following:

Enable Parking Lot Feature: checked
Parking Lot Extension: 70
Number of Slots: 5
Parking Timeout: 30 seconds
Parking Lot Context: parkedcalls

Destination for Orphaned Calls: Terminate Call: Hangup

If you use our setup above, the Magic Number is 75 which is the fifth slot in the Parking Lot. If you use a different Parking Lot extension or number of slots, here's how to calculate the Magic Number. Start counting the slots beginning with one more than the Parking Lot Extension. When you get to the last slot in the number of slots you've specified, that's your Parking Lot Magic Number. Write it down. You'll need it in a second when you run our GV installation script.

Save your entries and reload the Asterisk dialplan when prompted.

Integrating pygooglevoice. Now we're ready to complete the setup by running our revised script which loads pygooglevoice and sets up your dialplan in extensions_custom.conf. You'll need 5 pieces of information to run the script so write them down before you begin:

1. Your 10-digit Google Voice phone number
2. Your Google Voice email address
3. Your Google Voice password (no spaces!)
4. Your 11-digit RingBack DID (16781234567)
5. Your Parking Lot Magic Number

A word of caution: If you used a gMail address to set up your Google Voice account, it's possible to have different gMail and Google Voice passwords. For this to work, you'll need to enter your gMail password, not your Google Voice password (assuming they're different).

Now log into your Asterisk server as root and issue the following commands:

cd /root
wget http://bestof.nerdvittles.com/applications/gv/install-gv-new
chmod +x install-gv-new
./install-gv-new

Google Voice Speed Dials. For frequently called numbers, you can add speed dials by inserting entries in the [from-internal-custom] context of extensions_custom.conf that look like the example below where 333 is the speed dial number and 6781234567 is the area code and number to call. Be sure to reload your Asterisk dialplan to activate them.

exten => 333,1,Dial(local/6781234567@custom-gv,300)

Congratulations! You now have what we hope will be flawless and free U.S. calling on your Asterisk system using Google Voice. No gimmicks, no strings, no cost. Enjoy!

Finally, one additional word of caution. Both Google Voice and this call design are set up for a single call at a time. There are no safeguards to prevent multiple calls, but that may violate the Google Voice terms of service.

Asterisk 1.6 Solution. Several readers now have documented the procedure for implementing the Asterisk 1.6 bridge technology to make outbound Google Voice calls. You can read all about it here.

Tweaking Previous Setups. If you installed pygooglevoice using our previous tutorial, here's what you need to do. First, log into your Asterisk server as root and issue the following commands:

cd /etc/asterisk
nano -w extensions_custom.conf

Scroll to the bottom of the file by pressing Ctrl-W then Ctrl-V. Move up the file using up arrow until you reach [custom-gv]. Press Ctrl-K repeatedly to delete all of the lines in the [custom-gv] context. If you get to another line that starts with a label in brackets like [this], STOP deleting. Once you've deleted all of the lines in the [custom-gv] context, save the file: Ctrl-X, Y, and press Enter.

Now continue reading this article by jumping up to the Google Voice Setup topic. The Custom Trunk entry and the GoogleVoice outbound route will already be in your FreePBX system so there's no need to repeat those two steps. You will need to perform the remaining FreePBX steps beginning at the Inbound Routes topic and continuing on with Setting Up the Parking Lot. Finally, when you run the new installation script, it will detect that pygooglevoice is already on your system and will skip that step but will install the new custom contexts in extensions_custom.conf using your new settings. Enjoy!


Thought for the Day. Which is more arbitrary: (1) Apple snubs Google Voice or (2) Google Voice snubs SIP? Pays to look in the mirror occasionally.


Best Read of the Week. Memo to Steve Jobs and Apple: Stop Being A Jerk!



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

The Wedding Is On: Asterisk and Google Voice Tie the Knot

Lips from Google Well, it was another painful week on the Google Voice front for Asterisk® lovers. We would hasten to add that none of the pain was induced by Google. This time around it was Gizmo5 initiating the daily gear shifting. What started out last Monday as a free, unlimited Google Voice service quickly morphed into a 20 minute call, and then a 3 minute call, and then 2¢ per minute for Google Voice calls. No notice to the early adopters, of course. So they'd only learn about all of this when the funds in their Gizmo5 accounts were exhausted. Ouch! We have gotten an explanation from Michael Robertson at Gizmo5 as have others. But we're not in a position to verify any of the information so we're not inclined to just pass it on again. Burn me once, shame on you. Burn be twice, shame on me.

So let's turn the page today. There were security issues with the Gizmo5 solution last week, and you can read all about it in last week's article if you're interested. Suffice it to say, it appears there was no business relationship between Google and Gizmo5 so it was a really bad idea to be providing your gMail credentials to Gizmo5 since they also are tied to Google Checkout and other Google services.

Aug. 4 Update: The solution outlined below works reliably. But it has a couple of limitations which have been alluded to in the comments. Specifically, there is not a simple way to terminate a call to either an answering machine or an unanswered call. In addition, two dedicated DIDs are required to get inbound and outbound calls working through Google Voice. Based upon user suggestions and a few new tricks of our own, we now have a tweaked solution that requires only a single DID and that properly terminates calls when either party hangs up. Please read the updated article here. Our apologies... recalling the Wild West adage: "Pioneers are the ones with the arrows in their backs."

Today's solution is much more secure. Your Google Voice credentials are stored on your Asterisk server and are only used to make HTTP requests to Google Voice to initiate calls. If you're just getting started with Google Voice, be aware that you do not have to use your gMail address to set up your Google Voice account, but it's a good idea particularly if you plan to use other Google services. For example, if you get an Android cellphone (as we did last week), the entire phone setup is configured around your gMail address and password. And, to integrate Google Voice into the phone, you need a gMail address that's tied to your Google Voice account. Once you make that link, all U.S. calls on your Android phone are free if they're routed out through Google Voice. Very slick!

Let's get down to business now. We promised you a secure Google Voice interface to Asterisk this week, and we've got it. As this is written, the only restrictions on use to make free U.S. calls are those set forth in the Google Voice Terms of Service. When we're finished today, you'll be able to pick up any Asterisk phone and dial GV-678-123-4567 to make a free call to anywhere in the United States and Canada. The call will go directly from your Asterisk server, through Google Voice, to the destination number you specify. In short, there is no intermediary in completing the calls. Google obviously can change the terms of service but, until they do, you should have a stable and free provider for making and receiving calls within the United States.

Special Thanks. At the outset, we want to express our sincere appreciation to Jacob Feisley and Paul Marks for their pioneering work on a Python interface to Google Voice. We also stumbled upon another Python development project, Google Voice for Python. While we originally had planned to rely upon Jacob and Paul's script, we ultimately decided to implement pygooglevoice because of the additional flexibility it provided for down the road. With pygooglevoice, you not only can make Google Voice calls, but you also can send SMS messages with no muss or fuss. Jacob Feisley has now joined that project as well. So, our special tip of the hat goes to the entire Google Voice for Python development team. It's a terrific product as you will see.

Prerequisites. Today's setup requires a CentOS-based Asterisk aggregation with a current version of FreePBX. Be aware that today's solution requires Python 2.4 and reportedly will not work with Python 2.5 found in some Linux distributions. We've tested everything with PBX in a Flash and, on that platform, you're good to go. The install script should work equally well with the other CentOS-based Asterisk aggregations, but we haven't tested them. Be our guest, and let us know if you encounter any problems. Finally, a word of caution. We don't ordinarily distribute solutions using development tools we don't use. Our knowledge of Python wouldn't fill a thimble. We've made an exception today because of the extraordinary interest in Google Voice by the Asterisk community. But, if something comes unglued, we can't fix it. So have a backup plan in place just in case. 🙂

Today's New Design. Here's the new design. You obviously still need a free Google Voice account. If you don't have one, you can request an invite here. At last report, it's only taking about a week from application to invite which is really great news! Once you have a Google Voice account and phone number (Google has reserved a million of them so... not to worry!), then we'll set up a couple of forwarding phone numbers in your Google Voice account. You aren't actually going to use one of them, but it does have to be registered as one of your GV forwarding numbers. We'll explain in a minute. Unlike the previous SIP approach, you no longer have to configure your Google Voice account to forward all incoming calls to voicemail. As you may recall, this allowed you to call your Google Voice number and press a few keys to make an outbound call instead of listening to your voicemails. The new Python approach simulates the Google Voice click-to-dial web interface to place calls so it won't disturb the normal use of your Google Voice phone number. But you need a RingBack number for the calls.

With a little dialplan voodoo and pygooglevoice, we'll tell Asterisk to place a click-to-dial call using one of your Google Voice forwarding numbers. Then we'll stuff in the destination U.S. phone number. When you dial GV-678-1234567 from any of your Asterisk phones, Asterisk will connect both your extension and the called party to an Asterisk MeetMe Conference where you can chat as long as you like. The entire procedure is totally transparent both to the caller and the callee. And the sound quality is still great.

To use Asterisk for inbound calls through Google Voice, you can designate a second forwarding number in Google Voice that connects to one or more extensions on your Asterisk system. All you really need for this is any DID, but you'll need separate DIDs to handle inbound and outbound calls. We'd recommend free IPkall and SIPgate DIDs. For outbound calls, we'll point one of your DIDs that's registered with Google Voice to a special Google Voice MeetMe conference line on your PBX. For inbound calls, point the other DID registered with Google Voice to an extension or ring group on your Asterisk server. Since all of these calls are free, the area code of the two DIDs really doesn't matter because you're never going to publish the fact that they exist.

Update: See the comments to this article for a one-DID solution that can handle both inbound and outbound calls.

To get everything working today, there are four steps: (1) configuring two Google Voice forwarding numbers to manage your outbound and inbound calls, (2) configuring FreePBX to route all outbound calls with a GV prefix to your special Google Voice dialplan context, (3) setting up a reserved MeetMe conference to manage your outbound Google Voice calls, and (4) running our install script which adds the dialplan code for Google Voice outbound dialing with your credentials and puts the Python application into place on your server. It sounds more complicated than it is. So hang on to your hat. Here we go!

Getting Two DIDs. Before you can use Google Voice with Asterisk, you'll need a couple of DIDs. As we indicated, we'll use one of the DIDs to handle the GV RingBack process when it places outbound calls. The other DID will be used to route incoming calls from Google Voice to your Asterisk server when people call your GV number. To get started, use the links above to obtain and configure the two DIDs. Then point each of them to an extension on your Asterisk system that can be used to verify your requests for the numbers.

The easiest method for setting these DIDs up is to create SIP URIs for the two DIDs on your Asterisk system. Then point each DID to a separate SIP URI on your server. Route each SIP URI to an Inbound Route in FreePBX where you can manage the destination for that DID's calls.

HINT: The entry in extensions_override_freepbx.conf would look something like this for a SIP URI called ipkall-1:

exten => ipkall-1,1,Goto(from-trunk,${DID},1)

Then you would create an inbound route named ipkall-1 using FreePBX and designate some existing extension on your server as the destination for these inbound calls.

When you set up the SIP forwarding for the DID at ipkall.com, you'd specify the SIP URI as:

ipkall-1@ipaddress_of_your-Asterisk_server

We've previously covered in detail how to do this so read the article if you need a refresher course. To reiterate, the area codes of these DIDs really don't matter because you're never going to give out either number. So use the free sources and save yourself some money. The real trick is you want to use DIDs with unlimited, free inbound calls. Both IPkall and SIPgate provide that functionality at no cost.

Google Voice Setup. Log into your Google Voice account and click Settings, Phones, Add Another Phone. Add the area code and phone number of both DIDs: the RingBack DID for outbound calls and the Destination DID for incoming calls. Remember, you'll need to be sure both DIDs are pointed to extensions on your PBX that you can answer since you have to go through Google's confirmation drill to successfully register each number. After the RingBack DID is confirmed, be sure you uncheck this Google Voice destination. You do not want incoming Google Voice calls routed to this DID because it is going to land in a MeetMe conference on your Asterisk system. We're only setting it up as a destination number in Google Voice so that we can use it for click-to-dial ringbacks.

The RingBack DID will ring whenever you place a GV-routed Outbound Call from any phone on your Asterisk system. Remember, we're using click-to-dial technology to make these calls. You just won't see it. So, once this DID has been set up in Google Voice and you've confirmed that it works, we're going to alter the destination of this DID's inbound route and redirect it to a dedicated MeetMe conference number to manage these calls. Whenever you place an outbound call through Google Voice, pygooglevoice will initiate the click-to-dial process and then our dialplan code will transfer both the caller and the called party to the same dedicated MeetMe conference. When the other party answers, you both can begin talking. The MeetMe conference will be transparent to both parties except you'll get music on hold if either party hangs up.

Integrating Google Voice into Asterisk and FreePBX. This setup lets you place a call through Google Voice from any Asterisk phone by dialing the GV prefix plus a 10-digit number. So, to place a call to President Obama in Washington through Google Voice, you'd dial 48-202-456-1111.

First, open FreePBX with a web browser and choose Setup, Trunks, Add Custom Trunk. Insert the following Custom Dial String on the form and Submit Changes and reload the dialplan:

local/$OUTNUM$@custom-gv

Next, choose Setup, Outbound Routes, Add Route and fill in the following entries on the form:


Route Name: GoogleVoice
Dial Pattern: 48|NXXNXXXXXX
Trunk Seq: local/$OUTNUM$@custom-gv

Next, choose Admin, Setup, Conferences, Add Conference. For the conference number, make up an obscure 5-digit number. Name the conference GV. Leave both PINs blank. For Conference Options, use the following. Once you've completed all of the entries, click Submit Changes and then reload your dialplan.

  • Join Message: None
  • Leader Wait: No
  • Quiet Mode: Yes
  • User Count: No
  • User join/leave: No
  • Music on Hold: Yes
  • Allow Menu: No
  • Record Conference: No

Finally, for the inbound route of the DID that will handle the RingBacks, change the inbound route destination for this DID to the MeetMe conference number you created above.

Save your changes and reload the Asterisk dial plan one more time to complete the setup.

Integrating pygooglevoice. Now we're ready to complete the setup by running our little script which loads pygooglevoice and sets up your dialplan in extensions_custom.conf. You'll need 4 pieces of information to run the script so write them down before you begin:

1. Your Google Voice email address
2. Your Google Voice password
3. Your 11-digit RingBack DID (16781234567)
4. MeetMe Conference Number for Outbound Calls

A word of caution: If you used a gMail address to set up your Google Voice account, it's possible to have different gMail and Google Voice passwords. For this to work, you'll need to enter your gMail password, not your Google Voice password (assuming they're different).

Now log into your Asterisk server as root and issue the following commands:

cd /root
wget http://bestof.nerdvittles.com/applications/gv/install-gv
chmod +x install-gv
./install-gv

Google Voice Speed Dials. For frequently called numbers, you can add speed dials by inserting entries in the [from-internal-custom] context of extensions_custom.conf that look like the example below where 333 is the speed dial number and 6781234567 is the area code and number to call. Be sure to reload your Asterisk dialplan to activate them.

exten => 333,1,Dial(local/6781234567@custom-gv,300)

Congratulations! You now have free U.S. calling on your Asterisk system using Google Voice with no gimmicks and no strings. Enjoy!

If you happen to be running Asterisk 1.6, there's a simpler way to bridge your calls together without using the MeetMe conferencing trick. See this message thread in the PBX in a Flash Forum for details.

Finally, a word of caution. This transparent call design obviously only works for a single call at a time. There are no safeguards to prevent multiple calls, but that may violate the Google Voice terms of service anyway. And, even if Google Voice put the second call through, the end result would be that all four of you (2 callers + 2 destinations) would end up in the same conference. So much for privacy.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

Nerd Nirvana: Free Google Voice Calling Returns to Asterisk

Lips from Google with Gizmo5In what can only be described as a telephony game changer, Google Voice this past weekend expanded the scope of its offering by providing transparent SIP connectivity through Gizmo5 for inbound and outbound calling. Simply stated, you now can connect virtually any telephone to Google Voice using a garden-variety Internet connection. And the phone can be almost any SIP telephone or a standard home telephone plugged into a $40 ATA. Letting folks make click-to-dial calls through a PC is too geeky for most. But today's offering is a new animal. Google Voice now works with regular telephones.

Did we mention that you get a free phone number of your choice in almost any area code? Did we mention that every call you make throughout the United States and Canada is free? And, believe it or not, transparent Asterisk® support works out of the box as well. If your bread and butter business is SIP termination services in the United States (Are you listening, Vonage and Comcast?), then today probably isn't going to be your lucky day. For everyone else, it may just be remembered as the most important telephony development since the breakup of Ma Bell's monopoly. And now it's clear why Google Voice reserved a million DIDs. They're going to need every one of them... and more! Meet your New Phone Company®, Goliath Google, Inc. What Google Voice was missing was a simple interface to standard telephones, softphones, and SIP. Gizmo5 provides all of those missing pieces... and so much more. How about an almost-free Skype interface for openers.

As many of you know, we were ecstatic when Google Voice arrived with free U.S. calling, voice mail transcription, and SIP connectivity to Asterisk. Our solution lasted less than a week until Google slammed the SIP door and spoiled our party. So we shifted gears and showed you how to use a free Gizmo account and a free Google Voice account to make free SIP calls using Asterisk. Well, that lasted about a week as well although Craig Walker, who founded GrandCentral and now serves as the Google Voice Product Manager, responded to my inquiry about SIP support saying it sounded like a good idea and they would consider it once the initial Google Voice rollout was complete. Guess what? They've kept their promise.

Ironically, we had planned to introduce a new Google Voice solution for Asterisk today and were putting the finishing touches on the article when this news broke over the weekend. We've decided to postpone that discussion because, frankly, the Google Voice-Gizmo5 SIP marriage is the right way to go. It's straight-forward. It's proven technology. It's rock-solid reliable. And it's FREE!

Newly discovered issues with both security and Gizmo5's business model as pertains to making calls through Google Voice have given us pause in recommending the solution described below. In a nutshell, the solution below requires that you provide your Google email credentials to Gizmo5 in order to make the connection to Google Voice for free unlimited 20-minute 3-minute calling. Late yesterday, Gizmo5 announced a new 2¢ per minute fee for Google Voice calling (now described as Gizmo Voice). Yuck!

Even if you don't mind a stranger having unfettered access to your Gmail account, your Google credentials also may be used for other Google services including Google Checkout. Without a clearly defined business relationship between Google and Gizmo5, this would be a huge security risk. Having read several articles which hinted at a business relationship between Google and Gizmo5, we put our security concerns aside. However, when Gizmo5 began changing the ground rules for these calls (almost daily), it raised red flags that Google might not, in fact, be either a business partner or even a willing participant in Gizmo5's creation. As events continued to unfold, we have discovered that Gizmo5 may, in fact, be using a connection process that is not unlike the one we had planned to introduce this week anyway. And we have no business relationship with Google.

Bottom Line: Whether you are using an Asterisk server or not, WAIT! We have an equivalent, secure solution which is now available at no cost. We recommend you disable your Gizmo5-Google Voice setup if you already have put it in place and change your Gmail password! Then read the new Nerd Vittles article for a secure way to connect to Google Voice for free calling.

Our plan today is to show you the easy way to connect Asterisk to Google Voice through Gizmo5 to make free outbound phone calls and to receive free incoming calls. We'll leave the setup for a SIP phone, a generic Asterisk server, and an analog adapter such as the PAP2T-NA for another day. But we'll get to them sooner rather than later.

So, altogether now, welcome back... Googlified Messaging™. Before we begin...

Accounting 101. We hear you asking, "How long can the calls be free?" The short answer is probably not forever but long enough to run just about everyone else out of the business. Beyond that, what we see in our crystal ball pretty much lines up with Tim O'Reilly's talk at OSCON last week. And, at some point, Google may give you a choice of paying for the calls or perhaps volunteering to be their guinea pig for the mother of all indexing experiments. You'd agree to let them record your voice calls without identifying you individually. Then they could transcribe and index all of the keywords in your conversation and use those to identify buying trends, favorite movies, whatever. Remember, you can already say "Pizza" on your iPhone and get a list of nearby pizza parlors so this isn't as far-fetched as you may think. And keep in mind that, in some states, you only need the permission of one party to a telephone conversation to make a recording. Thanks to Amazon, it's been quite a resurgence for Big Brother. We thought we'd join the party with a little Orwellian hypothesizing of our own.

Step #1. If you're starting from scratch, the easiest way to get everything working today including Asterisk is to begin by installing PBX in a Flash, and then run the Orgasmatron Installer. This puts all the pieces in the proper places, and you'll be up and running in under an hour. For the complete soup-to-nuts tutorial, start here.

Step #2. You obviously still need a free Google Voice account to use Google Voice or Google Voice Dialing through Gizmo5. So that's next. If you don't have a Google Voice account, you can request an invite here. Our non-scientific survey suggests that it's taking less than a month to get an invite after you apply. YMMV! Once you have a Google Voice account and a local phone number (Google has reserved a million of them so... not to worry!), then you're all set.

Step #3. Next, you need a Gizmo5 account. If you don't have one, you can sign up for one within FreePBX once you run the Orgasmatron Installer. Or, you can download a Gizmo5 softphone and sign up that way. We're not sure it's required, but be charitable. Put a little money in your Gizmo5 Call Out account. You'll have it for a rainy day or international calling.

Step #4. We'll set up at least one forwarding phone number in your Google Voice account to match your Gizmo5 number. You don't have to actually use it, but it does have to be registered as one of your GV forwarding numbers. Unlike our previous SIP tutorials about Google Voice, you no longer have to configure your Google Voice account to forward all incoming calls to voicemail. As you may recall, this allowed you to call your Google Voice number and press a few keys to make an outbound call instead of listening to your voicemails. With the new Google Voice-Gizmo5 SIP offering, you no longer have to jump through all those hoops. It's a straight SIP-to-SIP-to-SIP connection from your Asterisk server to Gizmo5 to Google Voice.

Step #5. To use Asterisk for incoming calls through Google Voice, you can designate a forwarding number in Google Voice that connects to one or more extensions on your Asterisk system whenever anyone calls your Google Voice number. All you really need for this is one DID. This could be your Gizmo5 number, or it could be a free IPkall or SIPgate DID that's pointed to an extension or ring group on your Asterisk server. Since all of these calls are free, the area code of the DID really doesn't matter. The only number that will really matter to your callers is your main Google Voice number so be sure to select one for your hometown. Incidentally, you can add other forwarding numbers in Google Voice that will ring simultaneously with the DID on your Asterisk server. This could be your vacation home, your cell phone, or even your office phone.

Getting Started. We're going to be jumping back and forth between your Google Voice account, your Gizmo5 account, and the FreePBX web interface to your Asterisk server. So open each account in a separate tab with your web browser. To keep things simple, we're going to assume that you'll be using your Gizmo5 account to connect to your Asterisk server. In Asterisk lingo, the Gizmo5 account looks like any other DID on your Asterisk system.

FreePBX Setup for Gizmo5. If you've run the Orgasmatron Installer, you'll have a new Gizmo5 Integration option under the Setup tab. When you click on that option, you have the choice of either creating a new Gizmo5 account or using your existing account. Fill in the blanks to activate or create your new Gizmo5 account.

Once you've logged in, click Gizmo5 Integration Main Page. Choose Send all calls (except local extensions) through Gizmo5 and click Update Outbound Routes. For the time being, make certain that you have a default inbound route that rings one or more functioning extensions on your Asterisk system. You have to be able to answer an incoming call to complete the next steps. Finally, click on the Outbound Routes option. In the far right column, move the Gizmo5 entry to the top of the list and reload your dialplan when prompted.

If you're using a FreePBX-based system that doesn't have the Gizmo5 Integration option, you'll first need to establish an account at Gizmo5.com by downloading one of the softphones and signing up. After you have completed the sign up process, be sure that you disable automatic startup of the softphone. You can't have your Asterisk system AND the softphone registering to the same Gizmo5 account!

Next, using FreePBX, Add a new Trunk named Gizmo5. For the Peer Details, insert the following using your actual Gizmo5 phone number and password:

type=peer
insecure=very
host=proxy01.sipphone.com
username=1747XXXXXXX
fromuser=1747XXXXXXX
fromdomain=proxy01.sipphone.com
secret=password
context=from-gizmo5-trunk
qualify=yes

Leave the Incoming Settings section blank and then enter the Registration String using your actual Gizmo5 phone number and password:

1747XXXXXXX:password@proxy01.sipphone.com

Save your settings and reload your dialplan when prompted.

Next, create a Default Inbound Route so that calls from Google Voice will be routed to extensions on your server. Then, create an Outbound Route called OutGizmo with NXXNXXXXXX and 1NXXNXXXXXX as the Dial Patterns and Gizmo5 as the main Trunk Sequence . Move this route to the top of your outbound routes to assure that U.S. calls are placed using the Gizmo5 trunk. Reload your dialplan when prompted.

Finally, log into your Asterisk server as root and insert the following lines at the end of extensions_custom.conf in the /etc/asterisk directory. Then reload the dialplan: asterisk -rx "dialplan reload"

[from-gizmo5-trunk]
exten => s,1,Set(DID_EXTEN=${SIP_HEADER(To):5})
exten => s,n,Set(DID_EXTEN=${CUT(DID_EXTEN,@,1)})
exten => s,n,Goto(from-trunk,${DID_EXTEN},1)

Google Voice Setup. Log into your Google Voice account and click Settings, Phones, Add Another Phone. This forwarding phone number should be the DID that you want Google Voice to call when you have incoming calls on your Google Voice number. Again, to keep things simple, add your Gizmo5 phone number (747XXXXXXX) and select Gizmo as the Phone Type. You then will be prompted to place a test call and provide a 2-digit number to verify that the number is working. Answer the extension on your Asterisk system when it rings and enter the 2-digit code that's provided.

Gizmo5 Configuration. Log in to your Gizmo5 account using your 1747XXXXXXX account number or username and password. In the new Google Voice section of the form, insert your Google Voice email address and password. This is the email address you used to set up your Google Voice account. Choose "Use for U.S. calls only" and then click SAVE.

July 29 Update. Since this article was released, Gizmo5 has reduced the allowable calling time from unlimited to 20 minutes. Then today it was reduced to 3 minutes. That may be as long as you like to talk on the phone, but it's a major change from what was initially introduced 3 short days ago. Looks like we'll dust off our original article after all. Stay tuned...


Deals of the Week. The nation's premier provider of free directory assistance service, 1-800-FREE-411, now is offering free 5-minute phone calls to most destinations around the world. Just listen to two quick commercials and enjoy your free call. Thanks, @MichiganTelephone. And now you can send free SMS messages worldwide from your iPhone. Thanks, @TruVoIP. Finally, AT&T has the refurbished 8GB iPhone 3G for $49 with a two-year contract.

Originally published: July 26, 2009




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...