Home » Incredible PBX (Page 30)

Category Archives: Incredible PBX

The Most Versatile VoIP Provider: FREE PORTING

Paradise Found: Amazon’s Polly TTS Meets Incredible PBX




In a word, WOW! If you’ve previously used text-to-speech (TTS) applications with Incredible PBX™ or any other PBX, you fully appreciate the challenges of getting excellent voice quality from a synthesized voice. In addition to operating system quirks, you also had to scramble to find TTS software that had acceptable voice quality without breaking the bank. Well, it’s a new day. Amazon’s introduction of Polly TTS provides not only incredible voice quality but it comes at an unbelievable price point. Your first year is free for the first 5 million characters each month. After that and in subsequent years, it’s $4 for every million characters of TTS translation. The icing on the cake is the Wazo PBX application which provides a near perfect platform on which to implement custom applications. But, don’t take our word for it. Listen to this sample. The clip’s introduction uses the free Pico TTS voice. The Yahoo News headlines were generated with Polly. Can you say Night and Day?

[soundcloud url="https://api.soundcloud.com/tracks/319736570″ params="auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true" width="80%" height="414″ iframe="true" /]

The beauty of Nerd Vittles projects is it’s all about the freedom to choose rather than making do with choices selected by others. Today’s addition of the Polly TTS engine brings the number of TTS options supported with Incredible PBX for Wazo to four. In addition to the free options of FLITE, Festival, and PICO, you now have a dirt cheap commercial alternative that rivals the voice quality of any available TTS application on the market. And, as we promised a few weeks ago, we plan to add the IBM Bluemix TTS platform very soon.

NOV. 1 UPDATE: IBM has moved the goal posts effective December 1, 2018:




Stewart Nelson was kind enough to share his audio clip comparing the Top Four commercial TTS applications. You can judge them for yourself. The clips are played in the following order: Amazon Parrot, Google Translate, IBM Bluemix TTS, and Microsoft.

[soundcloud url="https://api.soundcloud.com/tracks/320177552″ params="auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true" width="100%" height="450″ iframe="true" /]

How New TTS Apps Will Work in Incredible PBX. That’s only half of our story today. We also are introducing a new TTS methodology that makes it easy to roll your own TTS applications and take advantage of the voice platforms already installed on your Incredible PBX for Wazo server. In our new TTS design, there are three components. First, there’s a chunk of dialplan code that answers calls, prompts for input (if required), and then passes the call off for processing and generation of the TTS results using the desired TTS platform.

The processing and TTS components consist of two PHP/AGI scripts on Asterisk® servers. This may be slightly different on 3CX servers once the functionality becomes available. The results processing script actually obtains the data to feed to the TTS processing engine. For example, this could be news headlines or a local weather forecast. This script generates plain text suitable for processing by any TTS engine. Finally, the TTS script stores your user credentials (if required) and handles translation of the results data into an audio file using the TTS platform of your choice. It also plays the audio "results" to the caller. As you add new applications, all that is necessary is a short dialplan snippet and a results processing script to obtain the necessary text to feed the TTS processing script.

Here’s a sample Asterisk dialplan snippet for the Yahoo News Headlines application. Note that you need only change the pollytts line of code to switch TTS engines. Simple design!

;# // BEGIN nv-news-yahoo
exten => 951,1,Answer
exten => 951,n,Wait(1)
exten => 951,n,Set(TIMEOUT(digit)=7)
exten => 951,n,Set(TIMEOUT(response)=10)
exten => 951,n,AGI(picotts.agi,"Please hold while we get the headlines.",en-US)
exten => 951,n,AGI(nv-news-yahoo.php,10) ;  obtain latest 10 Yahoo NEWS Headlines
exten => 951,n,NoOp(News: ${NEWS}) ;  display NEWS in text format on Asterisk CLI
exten => 951,n,AGI(pollytts.php,"${NEWS}") ; pass NEWS to TTS engine for playback
exten => 951,n,Hangup
;# // END nv-news-yahoo

The picotts line (above) shows the syntax to use the Pico TTS engine instead of pollytts. The new line would look like the following. Doesn’t get much easier than this:

exten => 951,n,AGI(picotts.agi,"${NEWS}",en-US)

Getting Started. Here are the steps to get everything working with your existing Incredible PBX for Wazo platform. First, you’ll need credentials from Amazon Polly after you create or sign in to your an Amazon AWS account. Enter "Polly" in the AWS dialog to add the service. Open your Security Credentials by clicking on your name and choosing My Security Credentials. Create a new Access Key ID and Secret. Make note of your Amazon region. You’ll need it as well as your credentials in a minute. Next, you’ll need to put the pieces in place on your Wazo server to support Polly TTS. We’ve made this easy by bundling everything into a single tarball. Just log into your server as root, download the tarball, untar it, add MP3 support for SOX, run the included script to install the dialplan code, and edit the pollytts.php script to install your Amazon credentials. Install time: under a minute.

cd /var/lib/asterisk/agi-bin
cp -p nv-news-yahoo.php nv-news-yahoo-orig.php
cp -p nv-weather-zip.php nv-weather-zip-orig.php
wget http://incrediblepbx.com/nv-polly-install.tar.gz
tar zxvf nv-polly-install.tar.gz
rm -f nv-polly-install.tar.gz
apt-get -y install libsox-fmt-mp3
./install-polly-dialplan-wazo.sh
nano -w pollytts.php

Once the pieces are in place and the editor opens, insert your Amazon key, secret, and region code. Then save the file: Ctrl-X, Y, then ENTER. Finally, you can try out the two sample applications on your PBX. Dial 951 for Yahoo News or 947 for Weather.

Originally published: Monday, May 1, 2017


SECURITY ALERT: The Sangoma® Portal reportedly has been compromised. According to Sangoma’s Chief Operating Officer, customers’ root passwords were stored on Sangoma servers as a favor to customers to facilitate future support access by Sangoma staff. That procedure now has been discontinued. Although not acknowledged, the root passwords were apparently stored in unencrypted format unbeknownst to customers. More than a dozen customers have since reported their servers were compromised using their own root credentials. Sangoma maintains there is a "theoretical possibility" that their portal was the culprit although the COO indicates that they have been unable to find any evidence of an intrusion. Rootkit appears to be a word missing from the Sangoma lexicon. If you do business with Sangoma through their web portal, you are well advised to check your server immediately to determine if your PBX also has been compromised. Full details regarding breach detection and a link to Sangoma’s response are available on the PIAF Forum. If your server has been hacked, prudence would dictate rebuilding your server from the ground up. There was no mention whether Sangoma did the same after a previous unauthorized intrusion. As this incident reinforces, attempting to patch a compromised server is extremely risky.


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Free SMS Messaging Returns to Incredible PBX for Wazo


We continue our Wazo adventure today with a few simple additions to the Incredible PBX for Wazo dialplan. We will enable SMS messaging both from SIP phones such as the Yealink T46G and using voice recognition from any phone connected to Wazo including WebRTC. Of course, you still can use the command line to send SMS messages to one or more recipients using SMS Message Blasting which is covered below. To implement SMS messaging, you’ll need at least one Google Voice account configured. To implement the voice recognition option, you’ll also need to first enable voice recognition with Incredible PBX for Wazo.

The prerequisites for SMS Messaging with Incredible PBX for Wazo look like this:

  1. Incredible PBX for Wazo Server
  2. Preconfigured Google Voice Trunk
  3. Activate Google Speech Recognition on your server

Activating Google Speech Recognition on Your Server. If you haven’t previously activated Google Speech Recognition on your Wazo server, you’ll need to complete this step if you want to be able to dictate SMS messages from phones connected to Wazo. Follow this tutorial to obtain a speech recognition API key and activate the Google service on your server. It only takes a couple minutes.

SMS Dictator for Wazo. True to form, Google broke the command-line SMS messaging component a few weeks ago. So let’s get that squared away before we begin. Install the latest Google Voice python scripts and the updated SMS Dictator components by issuing the following commands after logging into your server as root. You’ll need your Google Voice credentials to install the update:

cd /root
wget http://incrediblepbx.com/sms-dictator-wazo.tar.gz
tar zxvf sms-dictator-wazo.tar.gz
rm -f sms-dictator-wazo.tar.gz
./sms-dictator.sh

 
Wazo SMS Messaging Setup. You may also want to enable your SIP phones to send SMS messages directly. Login to your Wazo PBX using your favorite web browser. We need to review the existing gv.conf file by navigating to IPX Configuration → Configuration Files → gv.conf. Review the first context in the file. It should look like the following. Be sure that the third from the last line below does NOT wrap to a separate line in the Wazo editor! Insert your Google Voice credentials for GVACCT and GVPASS.

;# // BEGIN gv-outcall
[subr-gv-outcall]
exten = s,1,Set(XIVO_CALLOPTIONS=r)
same  =   n,GotoIf($["${MESSAGE(body)}" = ""]?skipsms)
same  =   n,Set(GVACCT=yourname@gmail.com)
same  =   n,Set(GVPASS=yourpassword)
same  =   n,System(/usr/bin/gvoice -e ${GVACCT} -p ${GVPASS} send_sms ${XIVO_DSTNUM} "${MESSAGE(body)}")
same  =   n(skipsms),Return()
;# // END gv-outcall

Once you get this set up and since we’ll be using plain text passwords to send the SMS messages through Google Voice, you’ll need to perform these two additional steps after first logging into your Google account with a browser using the same IP address as your Wazo server: (1) Enable Less Secure Apps and (2) Activate the Google Voice Reset Procedure. Now promptly send an SMS message from a phone registered to your Wazo server.

Dial S-M-S (767) from any phone connected to your Wazo PBX to send an SMS message. After dictating your message, you have the choice of keying in a 10-digit phone number for the SMS recipient or you can say the name of anyone in your AsteriDex phone book.



Sending SMS Messages. We obviously can’t cover the SMS messaging methodology for every SIP phone on the market. But here’s how to send an SMS message using Yealink’s T46G. First, configure one of the buttons on the phone as an extension on your Wazo PBX. Next, press the Menu button. Highlight Messages and press OK. Choose Text Message and OK. Choose New Message and OK. Type your SMS message using the keypad and press Send button. For the From: field, use the left and right arrow keys to select your Wazo extension. Press the down arrow and fill in the SMS number of your recipient just as you would do on your smartphone. Press the Send button. "Sending Message" will appear briefly on the T46G’s display. Wazo’s Asterisk CLI also will show transmission of the SMS message.

Interestingly, the same SMS functionality exists on the $29 UTP E-62 (if you can find one). Choose Menu → Applications → SMS → New. Type your SMS message using the keypad and press Send button. For the From: field, use the left and right arrow keys to select your Wazo extension. Press the down arrow and fill in the SMS number of your recipient just as you would do on your smartphone. Press the Send button. "Sending Message" will appear briefly on the UTP’s display. Wazo’s Asterisk CLI also will show the SMS transmission.

For bargain hunters that can’t find a UTP E-62, Yealink’s $50 YEA-SIP-T19P-E2 Entry-level SIP phone also appears to support SMS messaging. As with the UTP phones, you’ll need a $9 power supply unless your network supports POE.

Creating an SMS Message Blast with Wazo. Here’s how to take advantage of SMS Message Blasting using a Google Voice account with Incredible PBX for Wazo. Log into your server as root and do the following:

  1. Edit /root/smsmsg.txt and insert the text message to be sent
  2. Edit /root/smslist.txt and create a list of the phone numbers to receive the message
  3. Edit /root/smsblast and insert your gvoice username and password
  4. Run /root/smsblast to kick off the SMS Blast

Receiving SMS Messages. Typically reply messages to Google Voice numbers are forwarded either to an email address or to Hangouts. We don’t recommend enabling incoming mail on your Wazo PBX. Instead, add a New Alternate Email Address to your Google Voice account in Settings → Voicemail & Text. After verifying the new email address, set it as your Voicemail Notification email address and Save changes. Go back into Settings → Voicemail & Text and make certain that you have also checked the Text Forwarding checkbox which now should reflect your alternate email address. Now all of your incoming SMS messages will be delivered to this email address.

TIP: Google will no longer let you forward incoming SMS messages directly to another SMS destination, but you can cheat. If you have your own mail server or a non-Gmail account on which you can redirect incoming mail without verification, then simply set up the alternate email address as documented above. Then reroute that email address to point to an SMS-email gateway that forwards incoming messages to SMS, e.g. 8431234567@txt.att.net to send an SMS message to your AT&T cellphone. The complete list of providers is here. Enjoy!

Originally published: Monday, April 3, 2017



Need help with Asterisk? Come join the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

IBM’s Speech Recognition Engine Comes to Asterisk



Eight years ago, we introduced transcription for Asterisk® voicemail messages. When the messages were delivered by email, you got both a recording and the transcribed text courtesy of Google. As with most things Google, the licensing terms changed regularly and voicemail transcription became more convoluted until it became next to worthless. Today we begin our new exploration of IBM’s Watson Developer Cloud. It offers a rich collection of services at unbelievably low price points. We’re kicking things off by introducing a better Speech-to-Text (STT) solution with IBM’s Bluemix. The STT API performs better than any speech recognition engine in the world. And you won’t have to worry about Google breaking our middleware every month. On the Lite plan, up to 100 minutes per month are free. Or you can opt for the Standard pay-as-you-go plan for 2¢ per minute and let your customers yack all they like. That works out to $1.20 an hour which still is pretty cheap secretarial help. In coming weeks, we will introduce IBM’s Text-to-Speech (TTS) offering and Lisa. Up to a million characters of TTS service monthly are free. Here’s a sample to give you a taste of the voice quality:

[soundcloud url="https://api.soundcloud.com/tracks/312693441″ params="auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true" width="100%" height="350″ iframe="true" /]

NOV. 1 UPDATE: IBM has moved the goal posts effective December 1, 2018:

For new deployments, your API Username will be apikey, and your API Password will be your actual APIkey.

Overview. What we’ve done today is integrate the STT Bluemix API directly into existing Asterisk voicemail systems. We started with Nicolas Bernaerts’ terrific sendmailmp3 script. It works on both the Wazo and FreePBX® platforms. If you have deployed Incredible PBX, then the setup takes a couple of minutes. For everyone else, there’s an additional configuration step using your favorite GUI. To get started, you’ll sign up for a Bluemix account and obtain your credentials. Next, you download today’s script for your platform and insert your credentials. Finally, you set up voicemail on the extensions desired and insert an email address for each voicemail account. On generic FreePBX systems, you’ll need to add the name of our script to manage your voicemail recordings.

What About the Quality? Here’s the bottom line. Speech recognition isn’t all that useful if it fails miserably in recognizing everyday speech. The good news is that IBM Watson’s speech recognition engine is now the best in the business. If you want more details, read the article below which will walk you through IBM’s latest speech recognition breakthrough:


Creating an IBM Bluemix Speech to Text Account

Follow this link to set up your IBM account and obtain credentials for both Speech to Text (STT) and Text to Speech (TTS) services. Please note that your STT and TTS API keys will NOT be the same. So don’t accidentally use the wrong one.
 

Installing STT Engine with Incredible PBX for Wazo

1. After logging into your Incredible PBX for Wazo server as root using SSH/Putty:

cd /usr/sbin
wget http://incrediblepbx.com/sendmailibm.tar.gz
tar zxvf sendmailibm.tar.gz
rm -f sendmailibm.tar.gz

2. Edit sendmailibm and insert Bluemix STT credentials on lines 29 and 30. Save the file.

3. Edit bluemix-test and insert Bluemix STT credentials on first two lines. Save the file.

4. Copy the updated sendmailibm file to sendmail:

cd /usr/sbin
cp -p sendmailibm sendmail

5. Test your Bluemix STT setup: bluemix-test

6. Result should be: please record your message after the beep

7. Set up voicemail account for a Wazo extension with your email address.

8. Place a test call to the extension and record a voicemail when prompted.

9. Your message will be transcribed and delivered via email.

 

Installing STT Engine with Incredible PBX for RasPi

1. After logging into your Raspberry Pi server as root using SSH/Putty:

cd /usr/sbin
wget http://incrediblepbx.com/sendmailibm-raspi.tar.gz
tar zxvf sendmailibm-raspi.tar.gz
rm -f sendmailibm-raspi.tar.gz

2. Edit sendmailmp3.ibm and insert Bluemix STT credentials on lines 28 and 29. Save file.

3. Edit bluemix-test and insert Bluemix STT credentials on first two lines. Save the file.

4. Copy the updated sendmailmp3.ibm file to sendmailmp3:

cd /usr/sbin
cp -p sendmailmp3.ibm sendmailmp3

5. Test your Bluemix STT setup: bluemix-test

6. Result should be: your dictation is now being processed and emailed please wait

7. Set up voicemail for a RasPi extension with your email address.

8. Place a test call to the extension and record a voicemail when prompted.

9. Your message will be transcribed and delivered via email.

 

Installing STT Engine with Incredible PBX 13

1. After logging into your Incredible PBX 13 server as root using SSH/Putty:

cd /usr/local/sbin
wget http://incrediblepbx.com/sendmailibm-13.tar.gz
tar zxvf sendmailibm-13.tar.gz
rm -f sendmailibm-13.tar.gz

2. Edit sendmailmp3.ibm and insert Bluemix STT credentials on lines 28 and 29. Save file.

3. Edit bluemix-test and insert Bluemix STT credentials on first two lines. Save the file.

4. Copy the updated sendmailmp3.ibm file to sendmailmp3:

cd /usr/local/sbin
cp -p sendmailmp3.ibm sendmailmp3

5. Test your Bluemix STT setup: bluemix-test

6. Result should be: we are now transferring you out of the company directory…

7. Set up voicemail for an extension and include your email address.

8. Place a test call to the extension and record a voicemail when prompted.

9. Your message will be transcribed and delivered via email.

 

Installing STT Engine with Legacy FreePBX® Servers

1. Follow steps #1 through #7 from the Incredible PBX 13 tutorial above.

2. Choose Settings -> Voicemail Admin -> Settings in the GUI.

3. In the format field, insert: wav|wav49

4. In the mailcmd field, insert: /usr/local/sbin/sendmailmp3

5. Click Submit to save your settings and then Reload the FreePBX Dialplan.

6. Place a test call to the extension and record a voicemail when prompted.

7. Your message will be transcribed and delivered via email.

Update: Matt Darnell reports that, depending upon your existing setup, you may need to add the unix2dos and lame packages with legacy FreePBX servers to get MP3 messages delivered correctly.

 

Originally published: Monday, March 20, 2017





Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Best of Both Worlds: Marrying Asterisk to 3CX’s Free PBX with a $35 Raspberry Pi


One of the real beauties of Asterisk® has always been its flexibility in talking to other PBXs, both commercial and open source. There are numerous reasons why you might want to try this. First, it makes it easy to migrate to a commercial platform where you can get support for mission critical telephony requirements. Second, you may want a hybrid setup where servers with on-site support personnel can run Asterisk while remote satellite offices can take advantage of a commercial PBX and the support options it offers. Third, you may want to take advantage of specific features that are only available by relying upon multiple PBX solutions. In the case of 3CX, their integrated softphone clients with one-click setup simplicity, conferencing and WebRTC apps, and Call Center offerings are the best in the business while providing unmatched VoIP security. Asterisk on the other hand is light-years ahead of almost everybody in the text-to-speech and voice recognition fields while offering the most powerful VoIP toolkit to build any custom VoIP application imaginable.

Today we thought it would be fun to walk you through the easy way to tie an Incredible PBX server with all its features to a powerful (free) 3CX platform with its virtually flawless softphone clients.1 When we’re finished, you’ll have a free 3CX server in the Cloud at a one-time total cost of $17.50. And you’ll be able to place and receive free U.S./Canada calls from any iPhone, Android phone, or PC using the 3CX client from anywhere in the world with nothing more than a WiFi connection. The Google Voice trunk supporting the calls will reside on Incredible PBX for the Raspberry Pi. When you’re sold on the power of the 3CX platform, you can upgrade to the 3CX 4-simultaneous call commercial offering with unlimited users and trunks at an annual cost of just $149. Maintenance and upgrades are included. Large organizations have relied upon back office servers for custom applications forever. And now you can take advantage of the same flexibility using a tiny $35 Raspberry Pi and our free (as in really free) Incredible PBX software. No Gotchas!

Initial Raspberry Pi Platform Setup

Before we can interconnect 3CX’s Free PBX with a Raspberry Pi, you obviously have to set up both PBX platforms. For the Raspberry Pi, our recent Nerd Vittles tutorial will walk you through the setup process. In lieu of a Raspberry Pi, you can use any legacy FreePBX®-based Asterisk platform including Incredible PBX 13, PIAF3, Elastix®, AsteriskNOW®, or FreePBX Distro®. The setup procedure is exactly the same.

Building a 3CX Server in the Cloud

Building a 3CX server in the Cloud is equally easy. Let’s go through the process once again. If you’re just experimenting, a lifetime Cloud-based server at CloudAtCost for a one-time charge of $17.50 cannot be beat. We would hasten to add that we don’t recommend this platform for production use, but it’s a terrific proof-of-concept option. When you’re actually ready to deploy 3CX for production use, the least costly Cloud solution is the $3.49 per month OVH RAID offering with 2GB of RAM and 10GB storage. The $5 per month offerings from Digital Ocean and Vultr are other alternatives worth a look. Both of these platforms come with free credits ($10 and $20, respectively) to let you try things out.

To get started, sign up for a $17.50 server at Cloud at Cost. They will send you credentials to log into the Cloud at Cost Management Portal. Change your password IMMEDIATELY after logging in. Just go to SETTINGS and follow your nose.

To build your free 3CX PBX, create a virtual machine by clicking on the CLOUDPRO button in the CloudAtCost control panel. Then click Add New Server. Choose 1 CPU, 512MB RAM, and 10GB storage for your server. Choose Debian 8 64bit as the OS Type and click Complete.

While CloudAtCost is building your server platform, obtain a free license key for 3CX.

Once the Debian 8 server appears in your Control Panel, it will look something like what’s shown above, not CentOS obviously. The red arrow points to the i button you’ll need to click to decipher the password for your new virtual machine. You’ll need both the IP address and the password for your new virtual machine in order to log into the server which is now up and running with a barebones Debian 8 operating system. Note the yellow caution flag. That’s telling you that Cloud at Cost will automatically shut down your server in a week to save (them) computing resources. You can change the setting to keep your server running 24/7. Click Modify, Change Run Mode, and select Normal – Leave Powered On. Click Continue and OK to save your new settings.

Finally, you’ll want to change the Host Name for your server to something more descriptive than c7…cloudpro.92… Click the Modify button again and click Rename Server to make the change. Your management portal then will show the new server name as shown above.

Next, log in to your new Debian server as root using SSH or Putty and issue the commands below. Step #1 is to change your root password. What appears as the fourth line below is actually part of the third line and needs to be run as a single command. The last line to install SendMail will actually be run after you elect to use the Web Interface Wizard to configure 3CX. Just run it from the SSH command line before you switch to a browser to complete the 3CX setup.

passwd
wget -O- http://downloads.3cx.com/downloads/3cxpbx/public.key | apt-key add -
echo "deb http://downloads.3cx.com/downloads/3cxpbx/ /" | tee /etc/apt/sources.list.d/3cxpbx.list
apt-get update
rm -f /zang-debian.sh
apt-get -y install 3cxpbx
apt-get -y install sendmail sendmail-bin

When the initial setup finishes, choose the Web Interface Wizard and complete the install using your favorite web browser. Enter your 3CX license key when prompted. Make up a very secure Username and Password to access your 3CX portal. Specify that your IP address is Dynamic when prompted (even though it isn’t). This tells 3CX to generate an FQDN for your server. Accept the default ports for HTTP (5000) and HTTPS (5001) access to your server. We recommend choosing 4-digit extensions numbers which will make it easy to distinguish 3CX extension numbers from 3-digit extension numbers of the RasPi platform. While logged into the 3CX management portal, adjust Settings → Email to Mail Server → 127.0.0.1 and Reply to → noreply@YourActual3CX-FQDN. Leave the other settings blank and click TEST then OK. Now download your favorite 3CX smartphone client, send yourself the Welcome Email for your default extension, and your 3CX initial setup is complete.

Server Interconnection Overview

Now we’re ready to interconnect the two servers. What we’ll be doing is creating Trunks on both the Raspberry Pi and the 3CX server and tying them together. We’ll use this trunk to handle the call traffic between the two PBXs. Then we’ll add incoming and outgoing call routes on both servers to specify how the individual calls should be routed. Because the free version of 3CX limits the administrator to a single trunk, we’ll offload all of the provider trunks to the Raspberry Pi and reserve the one available 3CX trunk as the interconnect path to the Raspberry Pi. For today’s setup, we’ll use 3CX’s free softphone clients as the actual phone devices for end-users. Of course, you could also use your favorite SIP phones, and 3CX provides automatic configuration for dozens of devices. But we want to introduce the 3CX smartphone clients because they provide an incredibly easy way to get users connected without having to worry about punching holes in firewalls.

To place outbound calls on the 3CX side, 3CX provides enormous flexibility in call routing. Because we chose 4-digit local extensions when we set up the 3CX server, it will make it easy to route other calls through the outbound trunk to the Raspberry Pi using nothing more than the length of the dial string. For example, 3-digit calls line up perfectly with extension numbers on the Incredible PBX for RasPi platform. So 3CX users can easily reach extensions connected directly to the Raspberry Pi. And 10-digit 3CX calls will be forwarded to the Raspberry Pi as traditional outbound calls. They will be processed just as if you had dialed a 10-digit call from a Raspberry Pi extension. For example, if you have a registered Google Voice trunk to handle 10-digit calls on the Raspberry Pi, then the same call path would be used for calls originating from 3CX extensions. And, yes, calls to the U.S. and Canada would still be free and would display the CallerID associated with the Raspberry Pi’s Google Voice trunk. You could get more creative and add an additional dialing prefix on the 3CX side to route specific types of calls to a designated outbound trunk on the Raspberry Pi side based upon the dialing prefix, but we’ll leave that as a homework project for you.

For incoming calls on the 3CX side, in addition to 4-digit local extension-to-extension calling, we can define the destination for incoming calls that originate from either a Raspberry Pi extension or from outside calls coming in from one of the Raspberry Pi’s provider trunks. These are managed by assigning one or more DIDs in the 3CX trunk configuration and then creating 3CX Inbound DID Rules that tell 3CX where to route calls to each defined DID. For 3CX softphone clients registered to extensions, it means your cellphone will ring whenever a call is routed to that particular extension. On the Raspberry Pi side, we create Incoming Call Routes for each DID to be routed to 3CX and specify our defined 3CX trunk as the destination for incoming calls from those DIDs. Not all DIDs on the Raspberry Pi have to be routed to the 3CX server obviously. That is merely one of many call destination options available to the administrator on the Raspberry Pi server.

Here’s a typical call path for an outside call that is placed to a Google Voice number registered with your Raspberry Pi. The Asterisk server running on the Raspberry Pi would answer the call placed to the Google Voice Trunk. Asterisk then would check for an Incoming Route on the Raspberry Pi with a DID matching the number of your Google Voice trunk. Finding a match, Asterisk would check for the desired destination of the call and would note that it is listed as the registered 3CX trunk. Asterisk would pass the call through this trunk to the 3CX server including its associated DID and CallerID info. The 3CX server would answer the incoming call and would check for an Incoming Route matching the DID passed from Asterisk. Finding a match, it would pass the call to the Extension specified in the Incoming Route. When 3CX rings the extension, it would also detect that a softphone was registered to that extension and would also ring the 3CX client on the user’s smartphone. The user answers the call on the 3CX client of their smartphone and begins a conversation. The free version of the 3CX server supports 8 simultaneous calls so you are unlikely to ever run out of call paths for calls in the home and small office environment.

Firewall Setup for Server Interconnection

Because the 3CX server is sitting in the Cloud, its firewall is configured automatically as part of the setup process. If your Raspberry Pi is sitting behind a NAT-based firewall, then you would need to map port UDP 5060 from the router on your public IP address to the private IP address of your Raspberry Pi. In addition, login to your Raspberry Pi as root using SSH and run /root/add-ip to whitelist the public IP address of your 3CX server in the cloud. Otherwise, the 3CX server cannot establish a connection to your Raspberry Pi.

Raspberry Pi Trunk Configuration

Using a browser, login to the web interface for FreePBX on your Raspberry Pi and choose Connectivity → Trunks → Add SIP (chan_sip) Trunk. Name the trunk remote. In the Outgoing Settings, make the entries shown below naming the trunk remote and using a secure secret that will be used to interconnect the two servers. The Register String looks like the following: main:secret@3CX-IP-Address where main is the 3CX server trunk name, secret is your secure secret, and 3CX-IP-Address is the 3CX public IP address.

3CX Trunk Configuration

Using a browser, login to your 3CX server: https://3CX-IP-Address:5001 or http://3CX-IP-Address:5000. From your Dashboard, choose SIP Trunks → Add SIP Trunk. Create a Generic SIP Trunk and then fill in the blanks as shown below. For Registrar/Server/Gateway Hostname or IP, use the public IP address or FQDN of your Raspberry Pi. For Type of Authentication choose Outbound. The authentication credentials should be remote and the secure secret you chose, and the Main Trunk No should match the DID of the Google Voice trunk you set up on your Raspberry Pi. Then pick a default Destination for incoming calls.

3CX Outbound Rules Configuration

Next, we need to tell 3CX which outgoing calls to send out through the Raspberry Pi trunk we just set up. In our example today, we’re going to send all 10-digit calls and 3-digit calls. The 10-digit calls will be routed out the Google Voice trunk on the Raspberry Pi side. And the 3-digit calls will be sent directly to Raspberry Pi extensions. So we’ll need two Outbound Rules.

For the first rule, choose Outbound Rules → Add. For the Rule Name, specify StandardOut. Apply the rule to Calls to Numbers with a length: 10. For Route 1, choose Generic SIP Trunk as the Destination. Click OK to save the new rule.

For the second rule, choose Outbound Rules → Add. For Rule Name, specify StandardInt. Apply the rule to Calls to Numbers with a length: 3. For Route 1, choose Generic SIP Trunk as the Destination. Click OK to save the new rule.

If you already have configured a 3CX smartphone client for one of your 3CX extensions, you now should be able to dial any 3-digit or 10-digit number and have the call processed through your new 3CX→RasPi trunk without any further setup assuming you’ve created a Google Voice trunk on the Raspberry Pi side. That wasn’t too hard, was it?

Routing Incoming Google Voice Calls to 3CX

Depending upon your own requirements, you may want to route incoming Google Voice calls or other trunks directly to an extension and/or softphone on your 3CX server. You obviously could set up multiple trunks of any type on the Raspberry Pi side and have the calls to each trunk routed to a different extension or softphone on the 3CX side. To enable this on the 3CX side, edit your Generic SIP Trunk and click the DIDs tab. Then Add each of the 10-digit DIDs of the Raspberry Pi trunks you wish to redirect. Next, create an Inbound Rule for every DID and tell 3CX where to route the calls.

On the Raspberry Pi side, add each of your Google Voice Trunks. Then create an Inbound Route for each DID and specify the Destination as Trunks → Remote (sip). The 3CX server will take care of routing the various incoming calls to each of the Google Voice trunks to its predefined extension and/or softphone. Enjoy!

Originally published: Monday, March 6, 2017





Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. A simpler Bridge setup is available in the paid versions of 3CX. []

Twofer Tuesday: 2 Cloud Servers for the Price of a RasPi




It’s been more than a year since we last chatted about Cloud At Cost. Because they’re in the midst of yet another 50% off Fire Sale and to close out February with a bang, it seemed like a good time to take a fresh look at a terrific way to get started with Linux. For today’s $35 cloud project, we’re going to build a free WordPress server and a free commercial PBX compliments of 3CX. For what it’s worth, we’ve been running a PIAF5 server at CloudAtCost for more than four months without a single hiccup. It provides flawless Google Voice calling from either a connected SIP phone or from the 3CX Client running on a SIM-free Android phone or iPhone. See our recent article for tips on setting up a SIM-free mobile phone.

For those coming from the Windows World, Linux can be a little intimidating. Learning with a Cloud-based server presents its own challenges because of the security issues when your server sits on the public Internet. And then there’s the cost factor. Not everyone has several hundred dollars to buy hardware and, frankly, learning about Linux on a $35 Raspberry Pi can drive most folks to drink. So today we’ll show you another way. It’s not necessarily a better way. But it’s different, and it’s loads of fun for not much money. Today’s project takes about an hour, and you’ll have two terrific Linux applications to play with for life when we’re finished.

There’s lots to hate at Cloud At Cost, a Canadian provider that offers virtual machines in the cloud for a one-time fee with no recurring charges. For $35, you currently get two virtual machine platforms, and each has 512MB of RAM, 10GB of storage, and a gigabit Internet connection FOR LIFE. We haven’t seen a week go by when Cloud at Cost didn’t offer some sort of discount. Today it’s 50% off which brings the per server cost down to $17.50 each. That’s less than most lunches these days. If you don’t like half off and would prefer to wait for a better discount, check their Twitter feed every few days. So that’s the good news. But, if 99.999% reliability, performance, and excellent customer support are your must-haves, then look elsewhere. So why would anyone in their right mind sign up for a cloud solution that didn’t offer those things? Did we mention it’s $17.50 for a lifetime cloud server!

If you take our recommendation, you’ll need to go into this with the right attitude. It’s not going to be flawless perfection computing. It’s a sandbox on which to experiment with Linux, and VoIP, and Cloud Computing. Will your virtual machine disintegrate at some juncture? Maybe so. We’ve had about a third of ours fail at some point. But you can rebuild them easily, especially if you keep a backup. Our experience is that the first couple days are critical. If you start seeing sluggish performance which degenerates to zero, don’t waste your time. Take good notes as you go along, delete the virtual machine, and rebuild a new one. It won’t cost you a dime, and it’ll save you hours of frustration. We suspect that bad folks get onto some of the servers and delight in bringing the machines to their knees. So the quicker you cut your losses, the better off you will be. Is CloudAtCost a good solution for production use? Don’t risk it unless waterboarding is your favorite sport. It’s probably not gonna work, and you WILL be disappointed. Repeat after me: IT’S A SANDBOX!

Building a LAMP Server in the Cloud

Our first objective today is to show you how to build a rock-solid, secure Linux server in the Cloud with all the bells and whistles that make Linux the server platform of choice for almost every organization in the world. We’ll continue by showing you how to embellish the platform with WordPress to do something that’s special for you whether it’s your own blog like Nerd Vittles, or a school newspaper, or an on-line shopping site to sell comic books. The basic foundation for most Linux platforms is called a LAMP server which stands for Linux, Apache, MySQL, and PHP. Linux is an open source operating system that includes contributions from thousands of developers around the world. Apache is the web server platform on which most commercial businesses stake their reputation. MySQL is the open source database management system now owned by Oracle. If it’s good enough for Facebook, it’s good enough for you. And PHP is THE web-based programming language that will let you build almost any application using Linux, Apache, and MySQL.

So what’s the big deal? There are thousands of online tutorials that will show you how to build a LAMP server. For long time readers of Nerd Vittles, you already know that the component we continually stress is security. Without that, the rest really doesn’t matter. You’ll be building a platform for someone else to hijack and use for nefarious purposes. When we’re finished with today’s Project #1, you’ll have a cloud-based LAMP server that is totally invisible to the rest of the world with the exception of its web interface. And we’ll show you a simple way to reduce the exposure of that web interface to some of its most likely attackers. Will it be 100% secure? Nope. If you have a web server on the public Internet, it’s never going to be 100% secure because there’s always the chance of a software bug that nobody has yet discovered and corrected. THAT’S WHAT BACKUPS ARE FOR!

Creating a CentOS Machine in the Cloud

To get started, you’ve got to plunk down your $35 at Cloud at Cost. This buys you two server platforms while they’re cheap! Once you’ve paid the piper, they will send you credentials to log into the Cloud at Cost Management Portal. Change your password IMMEDIATELY after logging in. Just go to SETTINGS and follow your nose.

To create your first virtual machine, click on the CLOUDPRO button and click Add New Server. If you’ve only purchased the $17.50 CloudPRO 1 platform, then you’ll need all of the available resources shown in the pick list. Otherwise, choose 1 CPU, 512MB RAM, and 10GB storage for your first server. Leave CentOS 6.7 64bit selected as the OS Type and click Complete. Depending upon the type of special pricing that Cloud at Cost is offering when you sign up, the time to build your virtual machine can take anywhere from a minute to the better part of a day. We’ve learned to build new virtual machines at night, and they’re usually available for use by the next morning. Luckily, this slow performance does not impact existing virtual machines that already are running in their hosting facility.

Initial Configuration of Your CentOS 6 VM

With a little luck, your virtual machine soon will appear in your Cloud at Cost Management Portal and look something like what’s shown above. The red arrow points to the i button you’ll need to click to decipher the password for your new virtual machine. You’ll need both the IP address and the password for your new virtual machine in order to log into the server which is now up and running with a barebones CentOS 6.7 operating system. Note the yellow caution flag. That’s telling you that Cloud at Cost will automatically shut down your server in a week to save (them) computing resources. You can change the setting to keep your server running 24/7. Click Modify, Change Run Mode, and select Normal – Leave Powered On. Click Continue and OK to save your new settings.

Finally, you’ll want to change the Host Name for your server to something more descriptive than c7…cloudpro.92… Click the Modify button again and click Rename Server to make the change. Your management portal then will show the new server name as shown above.

Logging into Your CentOS 6 VM

In order to configure and manage your new CentOS 6 virtual machine, you’ll need to log into the new server using either SSH or, for Windows users, Putty. After installing Putty, run it and log in to the IP address of your VM with username root and the password you deciphered above. On a Mac, open a Terminal session and issue a command like this using the actual IP address of your new virtual machine:

ssh root@12.34.56.78

Before you do anything else, reset your root password to something very secure: passwd

Installing the LAMP Server Basics

Now we’re ready to build your LAMP server platform. We’ve chopped this up into lots of little steps so we can explain what’s happening as we go along. There’s nothing hard about this, but we want to document the process so you can repeat it at any time. As we go along, just cut-and-paste each clump of code into your SSH or Putty session and review the results to make sure nothing comes unglued. If something does, the beauty of virtual machines is you can delete them instantly within your management portal and just start over whenever you like. So here we go…

We’ll begin by permanently turning off SELINUX which causes more problems than it solves. The first command turns it off instantly. The second line assures that it’ll stay off whenever you reboot your virtual machine.

setenforce 0
sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config

First, let’s address a couple of CloudAtCost quirks that may cause problems down the road. CloudAtCost has a nasty habit of not cleaning up after itself with fresh installs. The net result is your root password gets reset every time you reboot.

killall plymouthd
echo killall plymouthd >> /etc/rc.local
rm -f /etc/rc3.d/S97*

Now let’s bring CentOS 6.7 up to current CentOS 6.8 specs and add a few important applications:

yum -y update
yum -y install nano wget expect net-tools dialog git xz
yum -y install kernel-headers
yum -y install kernel-devel
reboot

After reboot, log back in as root. Now we’ll set up your Apache web server and configure it to start whenever you reboot your server:

yum -y install httpd
service httpd start
chkconfig httpd on

Next, let’s set up your MySQL server, bring it on line, and make sure it restarts after server reboots. Unless you plan to add Asterisk® and FreePBX® to your server down the road, you’ll want to uncomment the two commands that begin with # by removing the # symbol and replacing new-password with a very secure password for your root user account in MySQL. Be sure to run the last command to secure your server. After logging in, the correct answers are n,Y,Y,Y,Y.

yum -y install mysql mysql-server
service mysqld start
chkconfig mysqld on
#/usr/bin/mysqladmin -u root password 'new-password'
#/usr/bin/mysqladmin -u root -p -h localhost.localdomain password 'new-password'
mysql_secure_installation

Next, we’ll set up PHP and configure it to work with MySQL:

yum -y install php
yum -y install php-mysql
service httpd restart

Finally let’s get SendMail installed and configured. Insert your actual email address in the last line and send yourself a test message to be sure it’s working. Be sure to check your spam folder since the message will show a sender address of localhost which many email systems including Gmail automatically identify as spam.

yum -y install sendmail
rpm -e postfix
service sendmail restart
yum -y install mailx
echo "test" | mail -s testmessage youracctname@yourmailserver.com

Installing Supplemental Repositories

One of the beauties of Linux is not being totally dependent upon CentOS for all of your packaged applications. Let’s add a few other repositories that can be used when you need to add a special package that is not in the CentOS repository. Let’s start with EPEL. We’ll disable it by default and only use it when we need it.

yum -y install http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/epel.repo

We actually need the EPEL repo to install Fail2Ban for monitoring of attacks on certain Linux services such as SSH:

yum --enablerepo=epel install fail2ban -y
cd /etc
wget http://incrediblepbx.com/fail2ban-lamp.tar.gz
tar zxvf fail2ban-lamp.tar.gz

Another important repository is REMI. It is especially helpful if you decide to upgrade PHP from the default version 5.3 to one of the newer releases: 5.5 or 5.6. In this case, you’ll want to activate the specific repository to support the release you choose in /etc/yum.repos.d/remi-safe.repo.

yum -y install http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/remi-safe.repo

One final repository to have on hand is RPMForge, now renamed RepoForge. We’ll use it in a bit to install a dynamic DNS update utility which you actually won’t need at CloudAtCost since your server is assigned a static IP address. But it’s handy to have in the event you wish to assign a free FQDN to your server anyway.

yum -y install http://incrediblepbx.com/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
sed -i 's|enabled = 1|enabled = 0|' /etc/yum.repos.d/rpmforge.repo

Country Blocking with IPSET


We’ll use the EPEL repo to install ipset, a terrific addition to the IPtables Linux firewall that lets you quickly block entire countries from accessing your server:

yum --enablerepo=epel install ipset -y

Next, we’ll add a sample script that documents how the country blocking mechanism works with ipset. For a complete list of countries that can be blocked, go here. If you need a decoder badge to match abbreviations against country names, you’ll find it here. To add other countries, simply edit the shell script and clone lines 4-7 using the names of the countries and country zone files that you wish to add. Be sure to insert the new lines before the commands to restart iptables and fail2ban. This script will need to be run each time your server reboots and before IPtables is brought on line. We’ll handle that a little later.

echo "#\\!/bin/bash" > /etc/block-china.sh
echo " " >> /etc/block-china.sh
echo "cd /etc" >> /etc/block-china.sh
echo "ipset -N china hash:net" >> /etc/block-china.sh
echo "rm cn.zone" >> /etc/block-china.sh
echo "wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone" >> /etc/block-china.sh
echo "for i in \$(cat /etc/cn.zone ); do ipset -A china \$i; done" >> /etc/block-china.sh
echo "service iptables restart" >> /etc/block-china.sh
echo "service fail2ban restart" >> /etc/block-china.sh
sed -i 's|\\\\||' /etc/block-china.sh
chmod +x /etc/block-china.sh

Adding a Few Handy Utilities

If you’re like us, you’ll want to test the speed of your Internet connection from time to time. Let’s install a free script that you can run at any time by logging into your server as root and issuing the command: /root/speedtest.py. Here were our results from last year. Running speedtest on a new server we built today showed a vast improvement in performance. Downloads were over ten times as fast, and upload speeds more than tripled. In fact, we now are using two CloudAtCost servers to host the old PIAF3 repositories.

cd /root
wget https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
chmod +x speedtest.py

Next, let’s put in place a simple status display which will quickly tell you what’s running and what’s not. We’ve borrowed some GPL code from Incredible PBX to help you out. Run status-lamp at any time for a snapshot of your server.

cd /usr/local/sbin
wget http://incrediblepbx.com/status-lamp.tar.gz
tar zxvf status-lamp.tar.gz
rm -f status-lamp.tar.gz
sed -i 's|myip.pbxinaflash.com|myip.incrediblepbx.com|' /usr/local/sbin/status-lamp

Now we’ll put the Linux Swiss Army Knife in place. It’s called WebMin, and it provides a GUI to configure almost everything in Linux. Pick up a good WebMin book from your public library to get started. Once installed, you access WebMin from your browser at the IP address of your server on the default port of 10000: https://serverIPaddress:10000. It’s probably a good idea to change this port number and the commented out line shows how to do it with the new port being 9001 in the example. The way in which we typically configure the Linux firewall will block all access to WebMin except from an IP address which you have whitelisted, e.g. your home computer’s public IP address.

cd /root
yum -y install perl perl-Net-SSLeay openssl perl-IO-Tty
yum -y install http://prdownloads.sourceforge.net/webadmin/webmin-1.831-1.noarch.rpm
#sed -i 's|10000|9001|g' /etc/webmin/miniserv.conf
service webmin restart
chkconfig webmin on

Configuring the Linux IPtables Firewall

RULE #1: DON’T BUILD SERVERS EXPOSED TO THE INTERNET WITHOUT SECURITY!

As installed by CloudAtCost, your server provides ping and SSH access from a remote computer and nothing else. The good news: it’s pretty safe. The bad news: it can’t do anything useful for anybody because all web access to the server is blocked. We want to fix that, tighten up SSH access to restrict it to your IP address, and deploy country blocking to show you how.

As we implement the firewall changes, you need to be extremely careful in your typing so that you don’t accidentally lock yourself out of your own server. A typo in an IP address is all it takes. The good news is that, if you do lock yourself out, you still can gain access via the CloudAtCost Management Portal by clicking the Console button of your virtual machine. Because the console is on the physical machine and the lo interface is whitelisted, you can log in and disable the firewall temporarily: service iptables stop. Then fix the typo and restart the firewall: service iptables start.

First, let’s download the new IPtables config file into your root folder and take a look at it.

cd /root
wget http://incrediblepbx.com/iptables-lamp.tar.gz
tar zxvf iptables-lamp.tar.gz

Now edit the /root/iptables-lamp file by issuing the command: nano -w /root/iptables-lamp

You can scroll up and down through the file with Ctl-V and Ctl-Y. Cursor keys work as well. Once you make changes, save your work: Ctl-X, Y, ENTER. You’re now an expert with the nano text editor, an absolutely essential Linux tool.

Here’s what that file actually looks like:

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp ! --syn -m state --state NEW -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN              -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST              -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST              -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,FIN FIN                  -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG                  -j DROP
-A INPUT -p tcp -m set --match-set china src                    -j DROP
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#-A INPUT -s 12.34.56.78 -j ACCEPT
#-A INPUT -s yourFQDN.dyndns.org -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Reminder: If you add another country to your block-china script, don’t forget to add a corresponding new country entry to your iptables file. See line 17 above that includes the word "china" for the syntax. There’s nothing much else to tweak except the two commented out (brown) lines that begin with #. First, remove the # symbol by moving the cursor to the right of the first one and hitting the backspace/delete key on your keyboard. Replace 12.34.56.78 with the public IP address of the computer from which you will be accessing your virtual machine. If you need multiple entries for multiple computers at different addresses, clone the line by pressing Ctrl-K and then Ctrl-U twice. Yes, we know. Some folks IP addresses change from time to time. In the next section, we’ll show you how to set up a Dynamic DNS entry with a utility that will keep track of your current IP address. In this case, uncomment the second commented line and replace yourFQDN.dyndns.org with your dynamic DNS address. Be very careful to assure that your FQDN is always on line. If the firewall cannot verify your DNS entry when it starts, the IPtables firewall will not start which means your server will be left unprotected. HINT: IP addresses are much safer because they are never verified.

Once you have your whitelisted addresses configured, comment out the port 22 line to keep the bad guys from trying to break into your server with SSH. Then save the file: Ctl-X, Y, ENTER. Next, issue the following commands to copy everything into place and restart the firewall.

mv /etc/sysconfig/iptables /etc/sysconfig/iptables.orig
cp -p /root/iptables-lamp /etc/sysconfig/iptables
echo "/etc/block-china.sh" >> /etc/rc.local
/etc/block-china.sh

Always, always, always check to be sure your firewall is functioning: iptables -nL. If you don’t see your desktop computer’s public IP address near the end of the listing, then the firewall is dead. status-lamp should also show IPtables down. Check for an error message which will tell you the problematic line so you can correct it.

Implementing Dynamic DNS Service

There are a number of free and paid Dynamic DNS providers. The way this works is you choose a fully-qualified domain name (FQDN) to identify your computer. Then you run a dynamic DNS update utility periodically from that computer. It reports back the current public IP address of your computer and your provider updates the IP address assigned to your FQDN if it has changed. In addition to supporting sites with ever changing IP addresses, it also allows you to permanently assign an FQDN to your computer or server so that it can be accessed without using a cryptic IP address.

If that computer happens to be an Incredible PBX server or a LAMP server that you’ve set up using this tutorial, then the following will get the DNS client update utility loaded using the RPM Forge repository that we previously installed:

yum --enablerepo=rpmforge install ddclient -y

Similar DNS update clients are available for Windows, Mac OS X, and many residential routers. Then it’s just a matter of plugging in the credentials for your dynamic DNS provider and your FQDN. In the case of the CentOS client, the config file is /etc/ddclient/ddclient.conf. Now reboot your server and pick up a good book on Linux to begin your adventure.

Now For Some Fun…

First, let’s check things out and make sure everything is working as it should. With your favorite web browser, visit the IP address of your new server. You should see the default Apache page:

Next, let’s be sure that PHP is working as it should. While still logged into your server as root using SSH or Putty, issue the following commands and make up some file name to replace test4567 in both lines. Be sure to keep the .php file name extension. Note to gurus: Yes, we know the second line below is unnecessary if you remove the space after the less than symbol in the first line. Unfortunately, WordPress forces the space into the display which left us no alternative.

echo "< ?php phpinfo(); ?>" > /var/www/html/test4567.php
sed -i 's|< |<|' /var/www/html/test4567.php

Now jump back to your web browser and access the new page you just created using the IP address of your server and the file name you made up: http://12.34.56.78/test4567.php

The PHPinfo listing will tell you everything you ever wanted to know about your web server setup including all of the PHP functions that have been enabled. That's why you want an obscure file name for the page. You obviously don't want to share that information with every bad guy on the planet. Remember. This is a public-facing web site that anyone on the Internet can access if they know or guess your IP address.

When you're ready to set up your own web site, just name it index.php and store the file in the /var/www/html directory of your server. In the meantime, issuing the following command will assure that anyone accessing your site gets a blank page until you're ready to begin your adventure:

echo " " > /var/www/html/index.php

Ready to learn PHP programming? There's no shortage of books to get you started.

Adding WordPress to Your LAMP Server

Where to begin with WordPress? What used to be a simple platform for bloggers has morphed into an all-purpose tool that makes building virtually any type of web site child's play. If you want to see what's possible, take a look at the templates and sample sites shown on WPZOOM. Unless you're an art major and savvy web designer, this will be the best $70 you ever spent. One of these templates will have your site up and running in minutes once we put the WordPress pieces in place. For the big spenders, $149 will give you access to over 50 gorgeous templates which you can download and use to your heart's content on multiple sites. And, no, your sites don't blow up after a year. You just can't download any additional templates or updates unless you renew your subscription. The other alternative is choose from thousands of templates that are provided across the Internet as well as in the WordPress application itself.

WordPress templates run the gamut from blogs to newsletters to photographer sites to e-commerce to business portfolios to video to travel to magazines to newspapers to education to food to recipes to restaurants and more. Whew! There literally is nothing you can't put together in minutes using a WordPress template. But, before you can begin, we need to get WordPress installed on your server. This is optional, of course. And, if you follow along and add WordPress, we've set it up in such a way that WordPress becomes the primary application for your site. Stated differently, when people use a browser to access your site, your WordPress template will immediately display. When we finish the basic WordPress setup and once you upload an image or two, you'll have a site that looks something like this:

Before you begin, we strongly recommend that you acquire a domain for your site if you plan to use it for anything but experimentation. The reason is because it can be complicated to migrate a WordPress site from one location to another.1 Once you've acquired your domain, point the domain to the IP address of your new server. With a dirt cheap registrar such as Omnis.com, it's easy:

Now let's get started. To begin, we need to load the WordPress application onto your server:

cd /root
mkdir wordpress
cd wordpress
wget http://wordpress.org/latest.tar.gz
tar -xvzf latest.tar.gz -C /var/www/html

Next, we'll configure MySQL to support WordPress. We're assuming that you have NOT already created root passwords for MySQL. If you have, you'll need to add -pYourPassword to the various commands below immediately after root. There is no space between -p and your root password. Also edit the first line and make up a new password (replacing XYZ below) for the wordpress user account that will manage WordPress on your server before you cut and paste the code:

mysql -u root -e 'CREATE USER wordpress@localhost IDENTIFIED BY "XYZ";'
mysql -u root -e 'CREATE DATABASE wordpress;'
mysql -u root -e 'GRANT ALL ON wordpress.* TO wordpress@localhost;'
mysql -u root -e 'FLUSH PRIVILEGES;'

Next, we need to configure WordPress with your new MySQL credentials. Before you cut and paste, replace XYZ in the fourth line with the password you assigned in the preceding MySQL step:

cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php
sed -i 's|database_name_here|wordpress|' /var/www/html/wordpress/wp-config.php
sed -i 's|username_here|wordpress|' /var/www/html/wordpress/wp-config.php
sed -i 's|password_here|XYZ|' /var/www/html/wordpress/wp-config.php
chown -R apache:apache /var/www/html/wordpress

Before you forget, take a moment and create a very secure password for your MySQL root user accounts. Here are the commands. Just replace new-password with your new password before you cut and paste. Note that you also will be prompted for this password when you execute the second command because you will now have a root user password in place from executing the first command.

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -p -h localhost.localdomain password 'new-password'

Finally, we need to modify your Apache web server to support WordPress as the primary application. Be sure to enter your actual email address in the third line before you cut and paste the code below:

echo " " >> /etc/httpd/conf/httpd.conf
echo "" >> /etc/httpd/conf/httpd.conf
echo 'ServerAdmin somebody@somedomain.com' >> /etc/httpd/conf/httpd.conf
echo "DocumentRoot /var/www/html/wordpress" >> /etc/httpd/conf/httpd.conf
echo "ServerName wordpress" >> /etc/httpd/conf/httpd.conf
echo "ErrorLog /var/log/httpd/wordpress-error-log" >> /etc/httpd/conf/httpd.conf
echo "CustomLog /var/log/httpd/wordpress-acces-log common" >> /etc/httpd/conf/httpd.conf
echo "" >> /etc/httpd/conf/httpd.conf
echo " " >> /etc/httpd/conf/httpd.conf
service httpd restart

That should do it. Open a browser and navigate to the IP address of your server. You should be greeted with the following form. Fill in the blanks as desired. The account you're setting up will be the credentials you use to add and modify content on your WordPress site when you click Log In (as shown above). Make the username obscure and the password even more so. Remember, it's a public web site accessible worldwide! When you click Install WordPress, you'll be off to the races.

After your server whirs away for a minute or two, you will be greeted with the WordPress login prompt. With the username and password you entered above, you'll be ready to start configuring your WordPress site.

Once you're logged in, navigate to Appearance -> Themes and click Add New Theme. There's you will find literally hundreds of free WordPress templates that can be installed in a matter of seconds if WPZOOM is too rich for your blood. For a terrific all-purpose (free) theme, try Atahualpa. We'll leave our actual demo site running for a bit in case you want to explore and check out its performance. Installing and configuring the new theme took less than a minute:

A Final Word to the Wise. WordPress is relatively secure but new vulnerabilities are discovered regularly. Keep your templates, plug-ins, AND the WordPress application up to date at all times! The WordFence plug-in is a must-have. And we strongly recommend adding the following lines to your WordPress config file which then will let WordPress update everything automatically. Microsoft has given automatic updates a bad name, but in the case of WordPress, they work well.

echo "define('WP_AUTO_UPDATE_CORE', true);" >> /var/www/html/wordpress/wp-config.php
echo "add_filter( 'auto_update_plugin', '__return_true' );" >> /var/www/html/wordpress/wp-config.php
echo "add_filter( 'auto_update_theme', '__return_true' );" >> /var/www/html/wordpress/wp-config.php

Building a 3CX Server in the Cloud

Now we're ready for our second cloud project. In less than 10 minutes, we're going to build a free 3CX commercial PBX using the remaining Cloud resources from our $35 purchase. To create your second virtual machine, click on the CLOUDPRO button in the CloudAtCost control panel and then click Add New Server. Choose 1 CPU, 512MB RAM, and 10GB storage for your second server. Choose Debian 8 64bit as the OS Type and click Complete.

Obtain a free license key for 3CX. Next, log in to your new Debian server as root using SSH or Putty and issue these commands. We'll begin by changing your root password.
NOTE: What appears as the fourth line below needs to be added to line #3!

passwd
wget -O- http://downloads.3cx.com/downloads/3cxpbx/public.key | apt-key add -
echo "deb http://downloads.3cx.com/downloads/3cxpbx/ /" | tee /etc/apt/sources.list.d/3cxpbx.list
apt-get update
rm -f /zang-debian.sh
apt-get -y install 3cxpbx
apt-get -y install sendmail sendmail-bin

When the initial setup finishes, choose the Web Interface Wizard and complete the install using your favorite web browser. Enter your 3CX license key when prompted. Make up a very secure Username and Password to access your 3CX portal. Specify that your IP address is Dynamic when prompted (even though it isn't). This tells 3CX to generate an FQDN for your server. Accept the default ports for HTTP (5000) and HTTPS (5001) access to your server. We recommend choosing 4-digit extensions numbers so you'll be ready for next week's project interconnecting your 3CX server to a Raspberry Pi for the best of both worlds. While logged into the 3CX management portal, adjust Settings → Email to Mail Server → 127.0.0.1 and Reply to → noreply@YourActual3CX-FQDN. Leave the other settings blank and click TEST then OK. Set up a SIP trunk with inbound and outbound call routes. Now download your favorite 3CX smartphone client, send yourself the Welcome Email for your default extension, and start calling. It really doesn't get much easier in the VoIP World. Come join the PIAF Forum if you need a helping hand!

Free Calling in the U.S. and Canada with PIAF5. We know our more frugal U.S. residents are wondering if there's a way to make free calls even with 3CX. You didn't really think there would be a release of PBX in a Flash without Google Voice support, did you? It's easy using the Simonics SIP to Google Voice gateway service. Setup time is about a minute, and the one-time cost is $4.99 using this Nerd Vittles link. Setup instructions for the 3CX side are straight-forward as well, and we've documented the procedure on the PIAF Forum.

Free Calling Worldwide with SIP URIs. There's another free calling option as well. PIAF5 and 3CX support worldwide SIP URI calling at no cost. As part of the PIAF5 install procedure, 3CX registers an FQDN for you with one of the 3CX domains if you indicate that your server has a dynamic IP address. Unless you really know what you're doing with DNS, it's a good idea to tell 3CX you have a dynamic IP address whether you do or not. Here's why. Once you have an assigned FQDN in the 3CX universe, one very slick feature is the ease with which you can publish a SIP URI address for any or all of your 3CX extensions thereby allowing PIAF5 users to receive calls from any SIP client worldwide at no cost. Setup takes less than a minute. It's as easy as 1-2-3. Here's how:

1. Login to the 3CX GUI and go to Settings → Network → FQDN. Tick "Allow calls from/to external SIP URIs" and make note of your FQDN, e.g. mypiaf5server.3cx.us. Click OK.

2. For an extension to enable (e.g. 001), go to Extensions → Edit 001 → Options → SIP ID and create any desired SIP URI alias for this extension, e.g. billybob. Click OK.

3. Anyone with a SIP client anywhere worldwide can now call extension 001 using SIP URI: billybob@mypiaf5server.3cx.us.

Special Thanks: Our special tip of the hat goes to a few web sites that we found helpful in putting this article together especially Unixmen and Matt Wilcox & friends and Programming-Review.

Originally published: Tuesday, February 28, 2017





Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest...

  1. Should you ever have to migrate your WordPress site from one domain to another, here are two helpful tools to consider: the Automatic Domain Name Changer Plugin and our favorite: WordPress-Domain-Changer. []

Introducing a New WhiteList Security Model for Wazo


Today we’re pleased to introduce a new state-of-the-art Travelin’ Man 3 firewall implementation for 2017. Five years ago, we developed a new security model for Asterisk® servers that whitelisted those needing access while blocking everyone else. The design was simple. You can’t attack what you can’t see. Three years ago, we made Travelin’ Man 3 more flexible for remote users with the addition of PortKnocker, a terrific tool providing temporary remote server access using a random three-number code. Today’s release further streamlines the firewall management process. Trusted users can permanently whitelist new IP addresses from anywhere using any PC or smartphone.

Travelin’ Man 3 Overview

If you’re new to Travelin’ Man 3 and the Linux IPtables firewall, here’s a quick overview. IPtables is a software-based firewall that is integrated into the Linux kernel. It consists of rules that define which IP packets hitting your server are allowed through the gate. The whitelist methodology behind Travelin’ Man 3 works like this. We predefine a list of trusted VoIP providers that get SIP and IAX access to your server so that you can easily set up trunks for incoming and outgoing calls. Then, as part of the Incredible PBX installation procedure, we whitelist all non-routable IP addresses as well as the public IP addresses of your server and the PC from which you installed Incredible PBX. Nobody else can even see your server on the Internet.

New Travelin’ Man 3 Design

With today’s new Travelin’ Man 3 design, you can whitelist additional IP addresses in several ways. First, as the administrator, you can log into your server as root and whitelist any IP address using the add-ip script in the /root folder. If a fully-qualified domain name (FQDN) is associated with the IP address to be whitelisted, the administrator can use the add-fqdn script to add the FQDN. If the FQDN points to a dynamic IP address that is refreshed using a dynamic IP update service, then Travelin’ Man 3 will refresh the firewall at 10-minute intervals to assure that remote users always have access to the server. This differs from previous releases of Travelin’ Man 3 that required a manual entry in /root/ipchecker to enable automatic refreshes.

A third method for permanently adding whitelist entries to your firewall is now provided using PortKnocker which is an integral component of Incredible PBX. By providing your PortKnocker credentials (/root/knock.FAQ) to any user, that user can easily gain one-click permanent access to the server using either the NMAP utility from a remote computer or the iOS PortKnock or Android DroidKnocker apps available for smartphones. As in previous releases of Travelin’ Man 3, an administrator can remove whitelist entries using del-acct utility in the /root folder. All admin and user-generated whitelist entries are stored in /root with a file extension of .iptables. Those generated using PortKnocker are automatically assigned a filename consisting of the timestamp associated with the time at which the whitelist entry was created. IMPORTANT: To authorize PortKnocker to permanently add IP addresses to your firewall, there is an activation step. Log into your server as root and issue the following command: iptables-knock activate

As part of the new implementation of Travelin’ Man 3 for the Incredible PBX for Wazo platform (only!), we’ve also reworked the firewall design a bit. There were several serious limitations in the original IPtables implementation of TM3. First, while IPtables allowed FQDN entries in its main configuration file, if one or more of those domains was off-line when IPtables was started or restarted, the entire firewall came crashing down leaving your server unprotected. In prior implementations, we avoided catastrophe by always using our iptables-restart utility to start and restart IPtables. This utility automatically tested for firewall failures and removed FQDN entries that caused the problems. A second limitation in the original Travelin’ Man 3 design involved an administrator who inadvertently used the iptables save command to modify an existing IPtables setup. Whenever this command is executed, IPtables immediately rewrites all FQDN entries in its configuration by converting them to IP addresses thereby eliminating the ability of the firewall to account for dynamic IP address changes occurring thereafter. Perhaps the most dangerous limitation occurred where your server’s network connection was not yet active when IPtables was started. If your configuration included FQDN entries, this would always cause IPtables startup to fail since FQDNs are all tested for availability as part of the initialization process. With Incredible PBX implementations, we have designed some safeguards into the network startup process to minimize this risk, but it would still be a problem if an administrator happened to notice that a network cable was unplugged and chose to plug it in after the server had already booted. Yes, the network would come on line. No, the IPtables firewall would not if there were FQDN entries in the config causing an IPtables startup failure.

Here’s a quick summary of the new IPtables design. First, there are never FQDN entries in the main IPtables config file, /etc/iptables/rules.v4. Instead, all custom whitelist entries now are generated in /usr/local/sbin/iptables-custom. The startup and restart procedure with iptables-restart now works like this. First, IPtables is started with the rules.v4 rules. Next, Fail2Ban is restarted as a second layer of protection for your server. Finally, the custom rules including all of your whitelisted IP addresses and FQDNs are started by running iptables-custom. If individual custom rules fail, they simply fail. They won’t bring down the firewall or Fail2Ban. Custom rules in iptables-custom look like this:

/sbin/iptables -A INPUT -s yourFQDN.dyndns.org -j ACCEPT

It should be noted that, if an administrator, inadvertently restarts the firewall without using the iptables-restart script, the consequences will be that the custom whitelist rules will not be loaded and Fail2Ban may not function properly. This shouldn’t be a problem because those with whitelisted remote phones will soon be calling with complaints that their phones are off-line. 🙂

As with all servers, your Incredible PBX server is only secure as long as you have no rotten apples in the employee pool. So, yes, there may come a time when it becomes necessary to modify your 3-number PortKnocker credentials to block an employee who has been terminated. The three steps to do this would be the following. First, edit /etc/knockd.conf and change the 3 port addresses in the sequence entry. Second, restart PortKnocker on your server: /etc/init.d/knockd restart. Third, modify /root/knock.FAQ to reflect your newly assigned ports and redistribute the file to remote employees.

Ready to get started? Hop over to the latest Incredible PBX for Wazo tutorial and fire up a new server. If you have an existing XiVO or Wazo server and you’d like to implement the new Travelin’ Man 3 design, here’s a tutorial to get you started. Enjoy!

Published: Monday, February 20, 2017



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Chasing Rainbows: The VoIP in the Cloud Trifecta



Week after week, the VoIP landscape for Cloud Computing continues to improve. And today we have more terrific news. Not only is there a new release of Wazo with simplified support for WebRTC and FollowMe roaming, but the Wazo 17.02 release also is now available on the RentPBX platform worldwide. Coupling Wazo and RentPBX with a secondary Cloud platform to achieve total VoIP redundancy is the VoIP in the Cloud Trifecta if ever there were one. RentPBX has been a platinum sponsor of Nerd Vittles for many years and, while they may not be the cheapest Cloud provider, they are certainly the best when it comes to VoIP. The reason is simple. Their cloud platform is only used for VoIP so you’re not competing for server resources with a zillion customers that are compiling millions of lines of code all day long. You also get free support! Their worldwide hosting locations translate into crystal clear VoIP calling without jitter using your favorite VoIP providers. With the Nerd Vittles NoGotchas coupon code, monthly service is just $15. For mission critical VoIP platforms, we recommend you set up Wazo with RentPBX as your primary server and configure a secondary server at OVH or Vultr.com or Digital Ocean for an additional $3.50 to $5 per month. Using Wazo’s native High Availability feature, your business gets a fault-tolerant platform with automatic failover for less than $20 a month.

Installing Incredible PBX for Wazo at RentPBX

We want to quickly walk you through the installation procedure at RentPBX because it’s the easiest cloud platform to get up and running, period. First, sign up for an account at RentPBX and order Incredible PBX for Wazo which you’ll find under the PBX in a Flash section of their site. Next, choose your favorite hosting location. We strongly recommend their Miami site if you’re east of the Rockies. For example, ping times to atlanta.voip.ms are under 14 milliseconds. The LA node works great for those on the Left Coast. Then choose Incredible PBX Wazo (Debian 8 Asterisk 14) for your platform. Enter a hostname for your server (HINT: test.rentpbx.com works fine if you don’t have your own) and click Continue. Enter NoGotchas for your Promo Code. Click Validate Code and then Checkout. Once you receive your credentials, login to your new server as root using SSH or Putty. The RentPBX setup procedure is a two-step install. First, you get Debian up to date. Then you reboot and the main Incredible PBX installer will be run.

Because of some new certificates, you will get an exim prompt during the initial phase of the install. Just type q to proceed. After initial reboot, log back in with your root credentials and complete the prompts to add your Wazo web password, a telephone reminders numeric password, and a PPTP username and password. Review your passwords carefully. Then press ENTER to proceed with the installation of Incredible PBX for Wazo. Set your time zone when prompted. After about 5-10 minutes, you will be prompted to verify that the Wazo base install completed successfully. It’s perfectly normal that some of the Wazo services are disabled at this juncture. If you see “Wazo fully booted” after the listing of services, you’re good to go. Just press ENTER to proceed. The installer then will run the Wazo Wizard. Within a minute or two, you will again be asked to verify that it completed successfully. If you see no error messages, press ENTER and go have a cup of coffee. The rest of the install will proceed without further prompting. In 10-20 minutes, your server will be ready to use.

Setting Up SIP and Google Voice Trunks with Wazo

When the installation is finished, you can make toll-free calls in the U.S. and Canada without doing anything except dialing "1″ and the 10-digit number from any phone connected to your server. For other calls, there are two steps in setting up trunks to use with Incredible PBX. First, you have to sign up with the provider of your choice and obtain trunk credentials. These typically include the FQDN of the provider’s server as well as your username and password to use for access to that server. Second, you have to configure a trunk on the Incredible PBX for Wazo server so that you can make or receive calls outside of your PBX. As with the platform tutorials, we have taken the guesswork out of the trunk setup procedure for roughly a dozen respected providers around the globe. In addition, Wazo Snapshots goes a step further and actually creates the trunks for you, minus your credentials, as part of the initial Incredible PBX install.

For Google Voice trunks, log into your server as root and run ./add-gvtrunk. When prompted, insert your 10-digit Google Voice number, your Google Voice email address and OAuth 2 token. The native Google Voice OAuth tutorial explains how to obtain it.

For the other providers, review the setup procedure below and then edit the preconfigured trunk for that provider by logging into the Wazo web GUI and choosing IPX → Trunk Management → SIP Protocol. Edit the setup for your provider (as shown above) and fill in your credentials and CallerID number in the General tab. Activate the trunk in the Register tab after again filling in your credentials. Save your settings when finished. No additional configuration for these providers is required using the Incredible PBX for Wazo Snapshot.

Directing Incoming Calls from Wazo Trunks

Registered Wazo trunks typically include a DID number. With the exception of CallCentric, this is the number that callers would dial to reach your PBX. With CallCentric, it’s the 11-digit account number of your account, e.g. 17771234567. In the Wazo web GUI, we use IPX → Call Management → Incoming Calls to create inbound routes for every DID and trunk associated with your PBX. Two sample DIDs have been preconfigured to show you how to route calls to an extension or to an IVR. To use these, simply edit their settings and change the DID to match your trunk. Or you can create new incoming routes to send calls to dozens of other destinations on your PBX.

Routing Outgoing Calls from Wazo to Providers

Outgoing calls from extensions on your Wazo PBX must be routed to a trunk provider to reach call destinations outside your PBX. Outgoing call routing is managed in IPX → Call Management → Outgoing Calls. You tell Wazo which trunk provider to use in the General tab. Then you assign a Calling Digit Sequence to this provider in the Exten tab. For example, if NXXNXXXXXX were assigned to Vitelity, this would tell Wazo to send calls to Vitelity if the caller dialed a 10-digit number. Wazo has the flexibility to add and remove digits from a dialed number as part of the outbound call routing process. For example, you might want callers to dial 48NXXNXXXXXX to send calls to a Google Voice trunk where 48 spells "GV" on the phone keypad. We obviously don’t want to send the entire dial string to Google Voice so we tell Wazo to strip the first 2 digits (48) from the number before routing the call out your Google Voice trunk. We’ve included two examples in the Wazo Snapshot to get you started. Skype Connect (shown below) is an example showing how to strip digits and also add digits before sending a call on its way:

Setting Up a Softphone & WebRTC with Wazo

If you’re a Mac user, you’re lucky (and smart). Download and install Telephone from the Mac App Store. Start up the application and choose Telephone:Preference:Accounts. Click on the + icon to add a new account. To set up your softphone, you need 3 pieces of information: the IP address of your server (Domain), and your Username and Password. In the World of Wazo, you’ll find these under IPBX → Services → Lines. Just click on the Pencil icon beside the extension to which you want to connect. Now copy or cut-and-paste your Username and Password into the Accounts dialog of the Telephone app. Click Done when you’re finished, and your new softphone will come to life and should show Available. Dial the IVR (4871) to try things out. With Telephone, you can use over two dozen soft phones simultaneously on your desktop.

For everyone else, we recommend the YateClient softphone which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the Wazo Line. You’ll need the IP address of your server plus your Line username and password associated with the 701 extension. On the Wazo platform, do NOT use an actual extension number for your username with Wazo. Go to IPBX Settings → Lines to decipher the appropriate username and password for the desired extension. Click OK to save your entries.


WebRTC allows you to use your Chrome or Firefox browser as a softphone. Extension 701 comes preconfigured for WebRTC access with Incredible PBX for Wazo. It shares the same password as the Line associated with extension 701, but the username is 701 rather than the username associated with the Line. You can decipher the password by accessing the Wazo Web GUI and then IPBX → Services → Users → Incredible PBX → XiVO Client Password. Or log into your server as root using SSH or Putty and run: /root/show-701-pw. Wazo introduces several new features to WebRTC including support for the awesome new Opus codec plus voicemail management and even Gravatar support. It’s all preconfigured!

Special Note: Beginning with this version of Wazo (17.02), WebRTC is fully integrated with NGINX on your server, and a simplified method for configuring WebRTC users has been added. When you create a new User account, simply choose the SIP (WebRTC) Protocol when creating a new user account, and all of the Advanced Line options required to support WebRTC will be preconfigured for you.

To use WebRTC, you first need to accept the different SSL certificates associated with the WebRTC app. From your browser, go to the following site and click on each link to accept the certificates. Once you’ve completed this process, visit the Wazo WebRTC site.

Before logging in, click on the Gear icon in the lower right corner and then click on the Pencil icon to edit your Settings. Fill in the public IP address of your Wazo server and specify 443 for the Port. Leave the Backend field blank and click Save. Now login to your WebRTC account with Username 701. The Password is the one you obtained running show-701-pw. The IP Address (if required) is the address of your Wazo PBX.

Implementing FollowMe Roaming with a CellPhone

In addition to ringing your SIP extension when incoming calls arrive, Wazo 17.02 can also ring your cellphone simultaneously. This obviously requires at least one outbound trunk. If that trunk provider also supports CallerID spoofing, then Wazo will pass the CallerID number of the caller rather than the DID associated with the trunk. Incredible PBX for Wazo comes with cellphone support for extension 702 ready to go. To enable it, access the Wazo Web GUI and go to IPBX → Services → Users → Incredible PBX and insert your Mobile Phone Number using the same dial string format associated with the trunk you wish to use to place the calls to your cellphone. You then can answer the incoming calls on either your cellphone or the registered SIP phone. If you answer on your cellphone, you will be prompted whether you wish to accept the call. If you press 1 after observing the CallerID, the caller will be connected. If you decline, the caller will be routed to the Wazo voicemail account of the extension.

Activating Voice Recognition for Wazo

Google has changed the licensing of their speech recognition engine about as many times as you change diapers on a newborn baby. Today’s rule restricts use to “personal and development use.” Assuming you qualify, the very first order of business is to enable speech recognition for your Wazo PBX. Once enabled, the Incredible PBX feature set grows exponentially. You’ll ultimately have access to the Voice Dialer for AsteriDex, Worldwide Weather Reports where you can say the name of a city and state or province to get a weather forecast for almost anywhere, Wolfram Alpha for a Siri-like encyclopedia for your PBX, and Lefteris Zafiris’ speech recognition software to build additional Asterisk apps limited only by your imagination. And, rumor has it, Google is about to announce new licensing terms, but we’re not there yet. To try out the Voice Dialer in today’s demo IVR, you’ll need to obtain a license key from Google. This Nerd Vittles tutorial will walk you through that process. Add your key to /var/lib/asterisk/agi-bin/speech-recog.agi on line 72.

Adding DISA Support to Your Wazo PBX

If you’re new to PBX lingo, DISA stands for Direct Inward System Access. As the name implies, it lets you make calls from outside your PBX using the call resources inside your PBX. This gives anybody with your DISA credentials the ability to make calls through your PBX on your nickel. It probably ranks up there as the most abused and one of the most loved features of the modern PBX.

There are three ways to implement DISA with Incredible PBX for Wazo. You can continue reading this section for our custom implementation with two-step authentication. There also are two native Wazo methods for implementing DISA using a PIN for security. First, you can dedicate a DID to incoming DISA calls. Or you can add a DISA option to an existing IVR. Both methods are documented in our tutorial on the PIAF Forum.

We prefer two-step authentication with DISA to make it harder for the bad guys. First, the outside phone number has to match the whitelist of numbers authorized to use your DISA service. And, second, you have to supply the DISA password for your server before you get dialtone to place an outbound call. Ultimately, of course, the monkey is on your back to create a very secure DISA password and to change it regularly. If all this sounds too scary, don’t install DISA on your PBX.

1. To get started, edit /root/disa-xivo.txt. When the editor opens the dialplan code, move the cursor down to the following line:

exten => 3472,n,GotoIf($["${CALLERID(number)}"="701"]?disago1)  ; Good guy

2. Clone the line by pressing Ctrl-K and then Ctrl-U. Add copies of the line by pressing Ctrl-U again for each phone number you’d like to whitelist so that the caller can access DISA on your server. Now edit each line and replace 701 with the 10-digit number to be whitelisted.

3. Move the cursor down to the following line and replace 12341234 with the 8-digit numeric password that callers will have to enter to access DISA on your server:

exten => 3472,n,GotoIf($["${MYCODE}" = "12341234"]?disago2:bad,1)

4. Save the dialplan changes by pressing Ctrl-X, then Y, then ENTER.

5. Now copy the dialplan code into your Wazo setup, remove any previous copies of the code, and restart Asterisk:

cd /root
sed -i '\:// BEGIN DISA:,\:// END DISA:d' /etc/asterisk/extensions_extra.d/xivo-extrafeatures.conf
cat disa-xivo.txt >> /etc/asterisk/extensions_extra.d/xivo-extrafeatures.conf
/etc/init.d/asterisk reload

6. The traditional way to access DISA is to add it as an undisclosed option in an IVR that is assigned to one of your inbound trunks (DIDs). For the demo IVR that is installed, edit the ivr-1.conf configuration file and change the "option 0″ line so that it looks like this. Then SAVE your changes.

exten => 0,1(ivrsel-0),Dial(Local/3472@default)

7. Adjust the inbound calls route of one of your DIDs to point to the demo IVR by changing the destination to Customized with the following Command:

Goto(ivr-1,s,1)

A sample is included in the Wazo Snapshot. Here’s how ours looks for the Demo IVR:



8. Now you should be able to call your DID and choose option 0 to access DISA assuming you have whitelisted the number from which you are calling. When prompted, enter the DISA password you assigned and press #. You then should be able to dial a 10-digit number to make an outside call from within your PBX.

SECURITY HINT: Whenever you implement a new IVR on your PBX, it’s always a good idea to call in from an outside number 13 TIMES and try every key from your phone to make sure there is no unanticipated hole in your setup. Be sure to also let the IVR timeout to see what result you get.

Implementing HA Redundancy with Wazo

With a business phone system, nothing is more important than never missing a call. Wazo’s High Availability (HA) option makes this a no-brainer, and it’s free! Just set up a second server either in the cloud or in your office and walk through our HA tutorial to set up the second server and activate HA. Even though located just across the border in Canada, OVH is hard to beat at $3.49 a month with 2 gigs of RAM and 10 gigs of storage. Vultr.com and Digital Ocean are also good candidates for a slave server, and the cost is still just $5 a month. Their 512MB platforms work fine with a drive cache, especially for a backup server. To get started, create a new Wazo platform using one of the highlighted links above. Be sure to use the same version of Wazo. Once the server is up and running, go to our Wazo HA tutorial and we’ll walk you through installing the NeoRouter Server and completing the Wazo setup. Be sure to configure Google Voice on the backup server before activating HA!



Test Drive Incredible PBX for Wazo

To give you a good idea of what to expect with Incredible PBX for Wazo, just pick up a phone and dial any toll-free number in the U.S. and Canada using a 1 prefix. We’ve also set up a sample IVR using voice prompts from Allison. Try it out from any phone on your PBX by dialing 4871 (IVR1):

Nerd Vittles Demo IVR Options
1 – Call by Name (say "Delta Airlines" or "American Airlines" to try it out)
2 – MeetMe Conference
3 – Wolfram Alpha (Coming Soon!)
4 – Lenny (The Telemarketer’s Worst Nightmare)
5 – Today’s News Headlines
6 – Weather Forecast (enter a 5-digit ZIP code)
7 – Today in History (Coming Soon!)
8 – Speak to a Real Person (or maybe just Lenny if we’re out)

What To Do and Where to Go Next?

Here are a boatload of projects to get you started exploring Wazo on your own. Just plug the keywords into the search bar at the top of Nerd Vittles to find numerous tutorials covering the topics or simply follow our links. Unless there is an asterisk (*) the components already are in place so do NOT reinstall them. Just read the previous tutorials to learn how to configure each component. Be sure to also join the PIAF Forum to keep track of the latest tips and tricks with Wazo. There’s a treasure trove of information that awaits.

Wazo and Incredible PBX Dial Code Cheat Sheets

Complete Wazo documentation is available here. But here are two cheat sheets in PDF format for Wazo Star Codes and Incredible PBX Dial Codes.

Published: Monday, January 30, 2017





Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Deploying WebRTC with Incredible PBX for Wazo



We continue our open source adventure with Wazo today by introducing Sylvain Boily’s latest masterpiece, WebRTC for Wazo. What started as a simple experiment has now become a full-featured WebRTC implementation that rivals any of the commercial alternatives. Did we mention it’s FREE! Better still, when you install the latest release of Incredible PBX for Wazo with all of its modules, the key components to support WebRTC are already in place thanks to Wazo Snapshots. If you have an earlier version of Incredible PBX for XiVO, we’ve already put together a tutorial on the PIAF Forum to walk you through installing WebRTC.

If you’re new to WebRTC, this slide from AT&T covers it all:

Why WebRTC? Some of you may be asking, “What’s the big deal? Why would I want to deploy WebRTC?” The short answer is it eliminates the need to install and configure a proprietary softphone on every users’ desktop computer before they can communicate. Instead, all the user needs is a web browser that supports Real-Time Communications. By pointing their browser to https://phone.wazo.community/?serverIP=Wazo-ip-address, the user instantly gains a communications platform that’s as feature-rich as the most sophisticated softphone. Not only is it comparable to the dedicated clients of old, but there’s no associated cost nor the hassle of marrying a softphone to every user’s particular desktop operating system! And your web page could easily provide a directory of supported contact names and numbers as part of the user interface. In the case of the Wazo implementation, it does. To make a connection, all an end user needs is the latest Firefox or Chrome browser.



WebRTC Admin Setup with Incredible PBX for Wazo

We’re getting ahead of ourselves. Let’s get WebRTC set up with Incredible PBX for Wazo so your users have something to play with. If you haven’t already installed the latest Incredible PBX for Wazo, start there. This puts all the pieces in place to support WebRTC. Write down the IP address of Incredible PBX for Wazo once you complete the install. You’ll need to provide this IP address to WebRTC users.

The other piece a WebRTC user will need is the random password assigned to their WebRTC extension. Incredible PBX comes with extension 701 preconfigured. You can create additional extensions as needed. Running the /root/show-701-pw script will display the password for the default 701 extension. If you’re missing that script, running the command below from the Linux CLI will display it. Or you can log into the Wazo CLI with your browser and go to IPBX → IPBX Settings → Users. Then edit the Incredible PBX 701 user account by clicking on the Pencil icon and write down the Password assigned to the 701 Wazo Client. By the way, this will be the same password assigned to the Default SIP/m1hqy5f3 Line for the Incredible PBX user.

export PGPASSWORD='proformatique'; psql -P pager=off -U asterisk -d asterisk \\
-c "SELECT secret FROM usersip WHERE id=1"

WebRTC User Setup with Incredible PBX for Wazo

The end user needs 3 pieces of information to get WebRTC running: the IP address of the Incredible PBX for Wazo PBX as well as the end user’s username and password for an extension to be used for WebRTC communications. With those 3 pieces in hand, the actual WebRTC setup is easy.

Here are the steps for the end-user to perform:

(1) Use the extension 701 user credentials as explained above or create a new user account and password choosing SIP (WebRTC) Protocol for the account type.

(2) Using Firefox or Chrome, go to the following link: https://phone.wazo.community/

(3) Before logging in, click on the Gear icon in the lower right corner and click the Pencil icon to edit your Settings. Fill in the public IP address of your Wazo server and specify 443 for the Port. Leave the Backend field blank and click Save.

(4) Login to your WebRTC account with Username 701. The Password is the one you obtained running /root/show-701-pw.

(5) When prompted, authorize WebRTC to use the camera and microphone on the user’s desktop computer.



Once you’re logged in, at Enter number prompt, type in a phone number and click the Phone icon to dial.

There are loads of additional features in the Wazo WebRTC UI. Just follow your nose. Enjoy!

Published: Wednesday, October 26, 2016  Updated: Monday, May 29, 2017



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…