Home » Posts tagged 'raspberrypi' (Page 2)

Tag Archives: raspberrypi

The Most Versatile VoIP Provider: FREE PORTING

Introducing OpenVPN for Incredible PBX

We’ve been wrestling with virtual private networks for more than 22 years now. Here’s a quick walk down memory lane. Our adventure began with the Altiga 3000 series VPN concentrators which we introduced in the federal courts in 1999. It was a near perfect plug-and-play hardware solution for secure communications between remote sites using less than secure Windows PCs. Cisco quickly saw the potential, gobbled up the company, and promptly doubled the price of the rebranded concentrators. Over a decade ago, we introduced Hamachi® VPNs to interconnect Asterisk® and PBX in a Flash servers. At the time, Hamachi was free, but that was short-lived when they were subsequently acquired by LogMeIn®. What followed was a short stint with PPTP VPNs which worked great with Macs, Windows PCs, and many phones but suffered from an endless stream of security vulnerabilities. Finally, in April 2012, we introduced the free NeoRouter® VPN. Version 2 still is an integral component in every Incredible PBX® platform today, and PPTP still is available as well. While easy to set up and integrate into multi-site Asterisk deployments, the Achilles’ Heel of NeoRouter remains its inability to directly interconnect many smartphones and stand-alone SIP phones, many of which now support the OpenVPN platform.

The main reason we avoided OpenVPN® over the years was its complexity to configure and deploy.1 In addition, it was difficult to use with clients whose IP addresses were frequently changing. Thanks to the terrific work of Nyr, Stanislas Angristan, and more than a dozen contributors, OpenVPN now has been tamed. And the new server-based, star topology design makes it easy to deploy for those with changing or dynamic IP addresses. Today we’ll walk you through building an OpenVPN server as well as the one-minute client setup for almost any Asterisk deployment and most PCs, routers, smartphones, and VPN-compatible soft phones and SIP phones including Yealink, Grandstream, Snom, and many more. And the really great news is that OpenVPN clients can coexist with your current NeoRouter VPN.

Finally, a word about the OpenVPN Client installations below. We’ve tested all of these with current versions of Incredible PBX 13-13 and 16-15 as well as Incredible PBX 2020 and Incredible PBX 2021. They should work equally well with other server platforms which have been properly configured. However, missing dependencies on other platforms are, of course, your responsibility.

Building an OpenVPN Server Platform

There are many ways to create an OpenVPN server platform. The major prerequisites are a supported operating system, a static IP address for your server, and a platform that is extremely reliable and always available. If the server is off line, all client connections will also fail. While we obviously have not tested all the permutations and combinations, we have identified a platform that just works™. It’s the CentOS 7, 64-bit cloud offering from Vultr. If you use our referral link at Vultr, you not only will be supporting Nerd Vittles through referral revenue, but you also will be able to take advantage of their $100 free credit for new customers. For home and small business deployments, we have found the $5/month platform more than adequate, and you can add automatic backups for an additional $1 a month. Cheap insurance!

A more recent and less costly hosting alternative is the $25/year Crown Cloud offering that we introduced several weeks ago. It includes a free snapshot backup in the $25 annual price.

To get started, create your CentOS 7 instance and login as root using SSH or Putty. Immediately change your password and update and install the necessary CentOS 7 packages. Be sure to turn off SELinux if it is installed by default.

passwd
setenforce 0
# edit /etc/selinux/config
# insert: SELINUX=disabled
# save the SELinux config file
yum -y update
yum -y install net-tools nano wget tar iptables-services
systemctl stop firewalld
systemctl disable firewalld
systemctl enable iptables

We recommend keeping your OpenVPN server platform as barebones as possible to reduce the vulnerability risk. By default, this installer routes all client traffic through the VPN server which wastes considerable bandwidth. The sed commands below modify this design to only route client VPN traffic through the OpenVPN server.


#!/bin/bash
##filename # openvpn-install-mod
echo "      Fix script /root/openvpn-install.sh to ensure internet traffic doesn't use vpn-tunnel."
echo " "
read -p "     Press 'Enter' to continue at your own risk,  or Ctrl+c to abort."
##trap user non root
if [ "$(id -u)" -ne 0 ]; then
echo ""
echo "Must be run as root user: sudo $0" echo ""
exit 1
fi
# cd /root
echo "     Fetching latest copy of install script  /root/openvpn-install.sh from github.com/Angristan"
curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
echo "        running  3 sed commands to ensure only local traffic uses vpn-tunnel :-"
echo '        1st commenting-out line 857'
#### fails to complete with \\"redirect-gateway ## sed -i "s|\\techo 'push \\"redirect-gateway|#\\techo 'push \\"redirect-gateway|" openvpn-install.sh
sed -e '/redirect-gateway d/s/^/#/' -i openvpn-install.sh

echo '2nd commenting-out line 865'
###sed -i "s|push \\"redirect-gateway|#push \\"redirect-gateway|" openvpn-install.sh
sed -e '/redirect-gateway ipv6/s/^/#/' -i openvpn-install.sh

echo '3rd after line 1042 ;  newline 1043   pull-filter ignore redirect-gateway'
###sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' openvpn-install.sh
sed -i 's|tls-client|tls-client\npull-filter ignore "redirect-gateway"|' openvpn-install.sh

Here are the recommended entries in running the OpenVPN installer:

  • Server IP Address: using FQDN strongly recommended to ease migration issues
  • Enabled IPv6 (no): accept default
  • Port (1194): accept default
  • Protocol (UDP): accept default
  • DNS (3): change to 9 (Google)
  • Compression (no): accept default
  • Custom encrypt(no): accept default
  • Generate Server
  • Client name: firstclient
  • Passwordless (1): accept default

NOTE: On CentOS 7 platforms, edit /usr/lib/systemd/system/openvpn@.service. Scroll down to the ExecStart= line and change %i.conf to %I.conf. Then save the file. Special thanks to @mattburris for catching the error.

In the following steps, we will use IPtables to block all server access except via SSH or the VPN tunnel. Then we’ll start your OpenVPN server:

cd /etc/sysconfig
wget http://incrediblepbx.com/iptables-openvpn.tar.gz
tar zxvf iptables-openvpn.tar.gz
rm -f iptables-openvpn.tar.gz
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
systemctl -f enable openvpn@server.service
systemctl start openvpn@server.service
systemctl status openvpn@server.service
systemctl enable openvpn@server.service
systemctl restart iptables

Once OpenVPN is enabled, the server can be reached through the VPN at 10.8.0.1. OpenVPN clients will be assigned by DHCP in the range of 10.8.0.2 through 10.8.0.254. You can list your VPN clients like this: cat /etc/openvpn/ipp.txt. You can list active VPN clients like this: cat /var/log/openvpn/status.log | grep 10.8. And you can add new clients or delete old ones by rerunning /root/openvpn-install.sh.

For better security, change the SSH access port replacing 1234 with desired port number:

PORT=1234
sed -i "s|#Port 22|Port $PORT|" /etc/ssh/sshd_config
systemctl restart sshd
sed -i "s|dport 22|dport $PORT|" /etc/sysconfig/iptables
systemctl restart iptables

We’ve made changes in the Angristan script to adjust client routing. By default, all packets from every client flowed through the OpenVPN server which wasted considerable bandwidth. Our preference is to route client packets destined for the Internet directly to their destination rather than through the OpenVPN server. The sed commands added to the base install above do this; however, if you’ve already installed and run the original Angristan script, your existing clients will be configured differently. Our recommendation is to remove the existing clients, make the change below, and then recreate the clients again by rerunning the script. In the alternative, you can execute the command below to correct future client creations and then run it again on each existing client platform substituting the name of the /root/.ovpn client file for client-template.txt and then restart each OpenVPN client.


cd /etc/openvpn
sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' client-template.txt

Creating OpenVPN Client Templates

In order to assign different private IP addresses to each of your OpenVPN client machines, you’ll need to create a separate client template for each computer. You do this by running /root/openvpn-install.sh again on the OpenVPN server. Choose option 1 to create a new .ovpn template. Give each client machine template a unique name and do NOT require a password for the template. Unless the client machine is running Windows, edit the new .ovpn template and comment out the setenv line: #setenv. Save the file and copy it to the /root folder of the client machine. Follow the instructions below to set up OpenVPN on the client machine and before starting up OpenVPN replace firstclient.ovpn in the command line with the name of .ovpn you created for the individual machine.



Renewing OpenVPN Server’s Expired Certificate

The server certificate will expire after 1080 days, and clients will no longer be able to connect. Here’s what to do next:

systemctl stop openvpn@server.service
cd /etc/openvpn/easy-rsa
./easyrsa gen-crl
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
systemctl start openvpn@server.service


Installing an OpenVPN Client on CentOS/RHEL

cd /root
yum -y install epel-release
yum --enablerepo=epel install openvpn -y
# copy /root/firstclient.ovpn from server to client /root
# and then start up the VPN client
openvpn --config /root/firstclient.ovpn --daemon
# adjust Incredible PBX firewall below
iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
cd /usr/local/sbin
echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom

Running ifconfig should now show the VPN client in the list of network ports:

tun0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
     inet addr:10.8.0.2  P-t-P:10.8.0.2  Mask:255.255.255.0
     UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
     RX packets:9 errors:0 dropped:0 overruns:0 frame:0
     TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:100 
     RX bytes:855 (855.0 b)  TX bytes:17254 (16.8 KiB)

And you should be able to login to the VPN server using its VPN IP address:

# enter actual SSH port replacing 1234
PORT=1234
ssh -p $PORT root@10.8.0.1

Installing an OpenVPN Client on Debian and Ubuntu

cd /root
apt-get update
apt-get install openvpn unzip
dpkg-reconfigure tzdata
# copy /root/firstclient.ovpn from server to client /root
# and then start up the VPN client
openvpn --config /root/firstclient.ovpn --daemon
# adjust Incredible PBX firewall below
iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
cd /usr/local/sbin
echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom

Running ifconfig should now show the VPN client in the list of network ports:

tun0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
     inet addr:10.8.0.2  P-t-P:10.8.0.2  Mask:255.255.255.0
     UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
     RX packets:9 errors:0 dropped:0 overruns:0 frame:0
     TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:100 
     RX bytes:855 (855.0 b)  TX bytes:17254 (16.8 KiB)

And you should be able to login to the VPN server using its VPN IP address:

# enter actual SSH port replacing 1234
PORT=1234
ssh -p $PORT root@10.8.0.1

Installing an OpenVPN Client on Raspbian

The OpenVPN client now is easy to install on the latest Incredible PBX builds for the Raspberry Pi. Log into your server as root and issue the following commands to set your time zone and install the OpenVPN client. pbxstatus should then show the 10.8.0.x VPN address in the Private IP listing.

dpkg-reconfigure tzdata
apt-get install openvpn unzip
# copy your .ovpn template into /root
# edit template and comment out setenv line
# start up the client using actual .ovpn filename
openvpn --config /root/raspi.ovpn --daemon
# adjust Incredible PBX firewall
iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
cd /usr/local/sbin
echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom
iptables-restart
pbxstatus


Installing an OpenVPN Client on a Mac

While there are numerous OpenVPN clients for Mac OS X, none hold a candle to Tunnelblick in terms of ease of installation and use. First, create a new client config on your server and copy it (/root/*.ovpn) to a folder on your Mac where you can find it. Download Tunnelblick and install it. Run Tunnelblick and then open Finder. Click and drag your client config file to the Tunnelblick icon in the top toolbar. Choose Connect when prompted. Done.

Installing an OpenVPN Client for Windows 10

The installation procedure for Windows is similar to the Mac procedure above. Download the OpenVPN Client for Windows. Double-click on the downloaded file to install it. Create a new client config on your server and copy it (/root/*.ovpn) to a folder on your PC where you can find it. Start up the OpenVPN client and click on the OpenVPN client in the activity tray. Choose Import File and select the config file you downloaded from your OpenVPN Server. Right-click on the OpenVPN icon again and choose Connect. Done.

Installing an OpenVPN Client for Android

Our favorite OpenVPN client for Android is called OpenVPN for Android and is available in the Google Play Store. Download and install it as you would any other Android app. Upload a client config file from your OpenVPN server to your Google Drive. Run the app and click + to install a new profile. Navigate to your Google Drive and select the config file you uploaded.

Installing an OpenVPN Client for iOS Devices

The OpenVPN Connect client for iOS is available in the App Store. Download and install it as you would any other iOS app. Before uploading a client config file, open the OpenVPN Connect app and click the 4-bar Settings icon in the upper left corner of the screen. Click Settings and change the VPN Protocol to UDP and IPv6 to IPV4-ONLY Tunnel. Accept remaining defaults.

To upload a client config file, the easiest way is to use Gmail to send yourself an email with the config file as an attachment. Open the message with the Gmail app on your iPhone or iPad and click on the attachment. Then choose the Upload icon in the upper right corner of the dialog. Next, choose Copy to OpenVPN in the list of apps displayed. When the import listing displays in OpenVPN Connect, click Add to import the new profile. Click ADD again when the Profile has been successfully imported. You’ll be prompted for permission to Add VPN Configurations. Click Allow. Enter your iOS passcode when prompted. To connect, tap once on the OpenVPN Profile. To disconnect, tap on the Connected slider. When you reopen the OpenVPN Connect app, the OVPN Profiles menu will display by default. Simply tap once on your profile to connect thereafter.

Installing a Web Interface to Display Available Clients

One advantage of NeoRouter is a simple way for any VPN client to display a listing of all VPN clients that are online at any given time. While that’s not possible with OpenVPN, we can do the next best thing and create a simple web page that can be accessed using a browser but only from a connected OpenVPN client pointing to http://10.8.0.1.

To set this up, log in to your OpenVPN server as root and issue the following commands:


yum --enablerepo=epel install lighttpd -y
systemctl start lighttpd.service
systemctl enable lighttpd.service
chown root:lighttpd /var/log/openvpn/status.log
chmod 640 /var/log/openvpn/status.log
cd /var/www
rm -rf lighttpd
wget http://incrediblepbx.com/lighttpd.tar.gz
tar zxvf lighttpd.tar.gz
ln -s /var/log/openvpn/status.log /var/www/lighttpd/status.log
sed -i 's|#server.bind = "localhost"|server.bind = "10.8.0.1"|' /etc/lighttpd/lighttpd.conf
systemctl restart lighttpd.service

 
UPDATE: On some cell phones and on Windows PCs, you may observe that you can no longer reach your favorite web sites after enabling the OpenVPN client. Luckily there’s a simple fix that allows 10.8.0.x traffic to be sent through the OpenVPN tunnel while all other traffic is routed out of your standard network connection. Here’s the fix. Make sure the .ovpn client config file includes the following lines:

pull-filter ignore redirect-gateway
route-nopull
route 10.8.0.0 255.255.255.0

Originally published: Monday, July 20, 2020  Updated: Saturday, June 25, 2022



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



  1. Our discussion today is focused on the free, MIT-licensed version of OpenVPN. For details on their commercial offerings, follow this link. []

Interconnect Incredible PBX 2020 to the Asterisk Mothership

The Holy Grail for a mobile VoIP solution is a simple way to connect back to your primary Asterisk® PBX via Wi-Fi from anywhere in the world to make and receive calls as if you never left. Let’s tick off the potential problems. First, many home-based PBXs are sitting behind NAT-based routers. Second, almost all remote Wi-Fi connections are made through a NAT-based router. Third, chances are the remote hosting platform blocks outgoing email from downstream servers such as a mobile PBX. Fourth, deciphering the IP address of your remote connection can be problematic. Fifth, the chances of experiencing one-way audio or no audio on your VoIP calls is high because of NAT-based routers at both ends of your connection.

For those that travel regularly or those that are living elsewhere during the Coronavirus pandemic and want to avoid the complexity of configuring OpenVPN, here is a quick thumbnail of the setup we recommend as your mobile companion. We use it regularly. You’ll never have a one-way audio problem again. In terms of hardware, you’ll need a Raspberry Pi 4B or 3B+ with its native WiFi support plus a Windows or Mac notebook computer for traveling. You’ll also need a NeoRouter VPN server to make this process seamless. If you’ve already set up an OpenVPN server platform, it will work equally well. One advantage of NeoRouter is that clients can be added from the client side without having to create a config file on the VPN server. All you need is a username and password. But the choice of VPN platform is totally a matter of preference. The objective using either OpenVPN or NeoRouter is secure communications to your home base. We don’t want to have to reconfigure either your home PBX or your traveling Raspberry Pi or your notebook PC based upon changes in your public and private IP addresses.

Today we’ll walk you through the easiest way to set up a (free) NeoRouter server on the Internet. It can be used to connect up to 254 devices on an encrypted private LAN. We’re delighted to have finally found a perfect use for the (free) Google Cloud instance.


Using a Raspberry Pi, build an Incredible PBX 2020 platform by following our latest tutorial. We’ll set this up on your home WiFi network so that you only have to throw the Raspberry Pi and its power supply in your suitcase when you travel. As part of the setup, we’ll download NeoRouter and activate private IP addresses for your notebook computer as well as both of your PBXs (using nrclientcmd). Next, we’ll interconnect the two PBXs using SIP trunks and the NeoRouter private LAN IP addresses. We’ll take advantage of a neat little Raspberry Pi trick by storing a wpa_supplicant.conf template on your PC for the remote WiFi setup even though we don’t yet know anything about the remote LAN. Once we know the SSID and password at the remote destination, we’ll use your notebook computer to edit the template and transfer the file to the /boot folder of your RasPi’s microSD card. When the card then is inserted and the RasPi is booted, it will automatically move the template to the proper /etc/wpa_supplicant folder to successfully activate your WiFi connection. We’ll also load links, a fast text-based browser, just in case you encounter a remote site that requires some sort of acknowledgement or password before establishing your WiFi connection to the Internet.

Setting Up a (free) NeoRouter Server in the Cloud

Because NeoRouter uses a star-based VPN architecture, that means the NeoRouter Server must always be available at the same IP address for all of the NeoRouter Clients (aka Nodes) to talk to. If you already have a cloud-based server that has a static IP address and can handle the traffic cop duties of NeoRouter Server, then that’s an ideal place to install NeoRouter Server. Simply download the Free flavor of NeoRouter Server that matches your existing platform and install it. Add an FQDN for your server’s IP address, and you’re all set. A detailed summary of available management options is included in our previous NeoRouter v2 article.

We devoted a couple weeks to Google Cloud instances, and it turned out to be a pretty awful platform for hosting Asterisk. But the free offering looks to be a perfect fit as a hosting platform for NeoRouter Server. You also won’t have to worry about Google going out of business anytime soon. So let us walk you through an abbreviated setup process on the Google Cloud platform. If you’re just getting started with Google Cloud, read our previous article to take advantage of Google’s generous $300 offer to get you started and to generally familiarize yourself with the mechanics of setting up an instance in the Google Cloud.

For NeoRouter Server, navigate to https://console.cloud.google.com. Click the 3-bar image in the upper left corner of your Dashboard. This exposes the Navigation Menu. In the COMPUTE section of the Dashboard, click Compute Engine -> VM Instances. Then click CREATE PROJECT and name it. Now click CREATE INSTANCE and Name it nrserver. The instance name becomes the hostname for your virtual machine. If you want to remain in the Free Tier, choose f1-micro instance as the Machine Type and choose a U.S. Region (us-central1, us-east1 or us-west1). For the Boot Disk, choose CentOS 6 and expand the disk storage to at least 20GB (30GB is available with the Free Tier). For the Firewall setting, leave HTTP and HTTPS disabled. Check your entries carefully and then click the Create button.

When your virtual machine instance comes on line, jot down the assigned public IP address. We’ll need it in a minute. Now click on the SSH pull-down tab and choose Open in a Browser Window. Now we need to set a root password and adjust the SSH settings so that you can login from your desktop computer using SSH or Putty:

sudo passwd root
su root
nano -w /etc/ssh/sshd_config

When the editor opens the SSH config file, add the following entries. Then save the file and restart SSH: service sshd restart

PermitRootLogin yes
PasswordAuthentication yes

You now should be able to log in to your instance as root from your desktop computer using SSH or Putty. Test it to be sure: ssh root@server-IP-address

Before we leave the Google Cloud Dashboard, let’s make the assigned public IP address permanent so that it doesn’t get changed down the road. Keep in mind that, if you ever delete your instance, you also need to remove the assigned static IP address so you don’t continue to get billed for it. From Home on the Dashboard, scroll down to the NETWORKING section and choose VPS Network -> External IP Addresses. Change the Type of your existing address to Static and Name it staticip. Next, choose Firewall Rules in the VPS Network section and click CREATE FIREWALL RULE. Fill in the template like the following leaving the other fields with their default entries. Then click CREATE.

  1. Name: neorouter
  2. Target Tags: neorouter
  3. Source IP Range: 0.0.0.0/0
  4. Protocols/Ports: check tcp: 32976

CAUTION: Before this firewall rule will be activated for your instance, it also must be specified in the Network Tags section for your instance. Shut down your instance and add the neorouter tag by editing your instance. Then restart your instance.

Now we’re ready to install NeoRouter Free v2 Server on your instance. Be sure to choose the Free v2 variety. Log back into your server as root using SSH/Putty and issue these commands:

yum -y update
yum -y install nano
wget http://download.neorouter.com/Downloads/NRFree/Update_2.3.1.4360/Linux/CentOS/nrserver-2.3.1.4360-free-centos-x86_64.rpm
rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm
/etc/rc.d/init.d/nrserver.sh restart
nrserver -setdomain <DOMAINNAME> <DOMAINPASSWORD>
nrserver -adduser <USERNAME> <PASSWORD> admin
nrserver -enableuser <USERNAME>
nrserver -showsettings

Finally, add the following command to /etc/rc.local so that NeoRouter Server gets started whenever your instance is rebooted:

echo "/etc/rc.d/init.d/nrserver.sh start" >> /etc/rc.local

Installing Incredible PBX 2020 on a Raspberry Pi

We won’t regurgitate our Raspberry Pi tutorial. Simply follow the steps outlined there to acquire the necessary components and to get Incredible PBX 2020 installed. You’ll also get a free fax machine as part of the install. We do want to stress the importance of getting WiFi working, configuring Exim to use your Gmail credentials as a smarthost, and making sure you added the email addition to /etc/rc.local so that you receive IP address information about your PBX whenever it is rebooted. If you skipped any of these steps, stop here and revisit the RasPi tutorial to complete those items.

Configuring NeoRouter Client on Your Computers

All flavors of Incredible PBX come with the NeoRouter client preinstalled. If your Asterisk-based home PBX is of another variety, you can install the NeoRouter Client matching the architecture of your server from here. Be sure to click on the NeoRouter Free v2 tab before making your selection. The other varieties are incompatible with the Free NeoRouter v2 Server installed above and are not free. The only exception is the latest release of Mac OS. With it, you’ll need to use the NeoRouter NeoRouter Pro v2 client for Mac. Also be sure you match both the operating system and architecture of your server platform. Finally, make certain that TCP 32976 is whitelisted in your firewalls.

On Linux-based (non-GUI) platforms, setting up the NeoRouter Client is done by issuing the command: nrclientcmd. You’ll be prompted for your NeoRouter Server FQDN as well as your username and password credentials. Perform this procedure on both your home PBX and the Raspberry Pi.

To add your Windows or Mac notebook to the NeoRouter VPN, download the appropriate client and run the application which will prompt for your NeoRouter Server FQDN as well as your NeoRouter credentials. Once completed, you should see all three machines in your NeoRouter Free Client Dashboard: your PC as well as your home PBX and Raspberry Pi-based Incredible PBX. Make note of the private VPN addresses (10.0.0.X) of both your home PBX and your Raspberry Pi. These VPN addresses never change, and we’ll need them to interconnect your PBXs and to set up a softphone on your notebook computer.

Admininistrative Tools to Manage NeoRouter

Here are a few helpful commands for monitoring and managing your NeoRouter VPN.

To access your NeoRouter Linux client: nrclientcmd

To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart

To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart

To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword

For a list of client devices: nrserver -showcomputers

For a list of existing user accounts: nrserver -showusers

For the settings of your NeoRouter VPN: nrserver -showsettings

To add a user account: nrserver -adduser username password user

To add admin account: nrserver -adduser username password admin

For a complete list of commands: nrserver –help


Interconnecting Your Raspberry Pi and Home PBX

To keep things simple, our setup examples below assume the following NeoRouter VPN addresses: Home PBX (10.0.0.1) and Raspberry Pi (10.0.0.2). Using a browser, you’ll need to login to the GUI of your Home PBX and Raspberry Pi and add a Trunk to each PBX. Be sure to use the same secret on BOTH trunk setups. We don’t recommend forwarding incoming calls from your Home PBX to your Raspberry Pi because most folks won’t be sitting in their hotel room all day to answer incoming calls. Instead, add the number of your smartphone to a Ring Group on the Home PBX and don’t forget the # symbol at the end of the number. On the Raspberry Pi side, we are assuming that whenever a call is dialed from a registered softphone with the 9 prefix, the call will be sent to the Home PBX for call processing (without the 9). For example, 98005551212 would send 800-555-1212 to the Home PBX for outbound routing and 9701 would send 701 to the Home PBX for routing to the 701 extension. You can obviously adjust your dialplan to meet your own local requirements.

On the Home PBX, the chan_sip trunk entries should look like this:

Trunk Name: raspi-remote

PEER DETAILS

host=10.0.0.2
type=friend
context=from-internal
username=home-pbx
fromuser=home-pbx
secret=some-password
canreinvite=no
insecure=port,invite
qualify=yes
nat=yes

On the Raspberry Pi, the chan_sip trunk entries should look like this:

Trunk Name: home-pbx

PEER DETAILS

host=10.0.0.1
type=friend
context=from-internal
username=raspi-remote
fromuser=raspi-remote
secret=some-password
canreinvite=no
insecure=port,invite
qualify=yes
nat=yes

On the Raspberry Pi, add an Outbound Route named Out9-home-pbx pointed to home-pbx Trunk with the following Dial Patterns. For each Dial Pattern, prepend=blank and prefix=9:

dial string: 1NXXNXXXXXX  
dial string: NXXNXXXXXX  
dial string: *98X.
dial string: XXX
dial string: XXXX
dial string: XXXXX
  

Tweaking Your Raspberry Pi for WiFi Mobility

Typically, you don’t know the WiFi SSID or password of your destination location before you travel. Because you won’t be traveling with a monitor and keyboard for your Raspberry Pi, we needed some way to adjust the WiFi credentials on the microSD card to accommodate the destination WiFi network when you arrive. Luckily, the Raspberry Pi folks thought of a clever way to handle this. You can simply plug your microSD card into your notebook PC (Mac ALERT: Don’t forget your SD card dongle!) and add a wpa_supplicant.conf config file to the /boot directory on the card once you arrive at your destination and know the SSID and password of the local WiFi network. When the Raspberry Pi is subsequently booted, the operating system will move the config file to the /etc/wpa_supplicant directory so that your WiFi network will come on line. Here’s what a typical wpa_supplicant.conf file should look like using your actual credentials. The last network section handles open WiFi network connections (think: McDonald’s) if you want to enable them:

country=US
update_config=1

network={
 ssid="your-SSID"
 psk="your-SSID-password"
 key_mgmt=WPA-PSK
 scan_ssid=1
 priority=5
}

network={
 key_mgmt=NONE
 priority=1
}

The other gotcha is that some public WiFi networks require some type of web login procedure before you can actually access the Internet even though an IP address may have been assigned to your Raspberry Pi. To handle this situation, you’ll need a text-based web browser on the Raspberry Pi that can be accessed through your notebook PC using SSH and your Raspberry Pi’s VPN address. Our favorite is links which can be installed on your Raspberry Pi before you pack up.

apt-get install links -y

Once you arrive at your destination, connect both your notebook PC and Raspberry Pi to the same WiFi network, login to the RasPi with SSH at the VPN address assigned to your RasPi, and run links to start the browser. Press <esc> to access the links menu options. If you can’t access your RasPi at the VPN IP address, try its WiFi-assigned local IP address.

Adding a Softphone to Your Notebook PC

Last, but not least, you obviously need a way to make and receive calls once your Raspberry Pi is up and running at the remote site. We recommend installing a softphone on your Mac or PC notebook that connects to an extension on your Raspberry Pi using the VPN IP address of the Raspberry Pi. Using the VPN address assures that the connection will always be available regardless of the WiFi network’s local IP addresses. Everyone has their own favorite softphone, but here are some suggestions.

For Windows PCs, we recommend VitalPBX Communicator. It’s a free download from here.



Another good choice is YateClient for Windows which also is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for an extension on your Raspberry Pi. Then enter the VPN IP address of your server plus your extension’s password. Click OK to save your entries.

If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.

Adding a Softphone to Your Smartphone

We actually prefer adding a free softphone app to our smartphone. There are a number of alternatives on both the iOS and Android platforms. With iPhones and iPads, we’ve had great success with Acrobits Softphone, Grandstream Wave, Linphone, and Zoiper Lite. All are available in the App Store. For Android devices, our current favorite is the VitalPBX Communicator. Acrobits Groundwire is another good choice. But Grandstream Wave, Linphone, and Zoiper Lite also are available. Keep in mind that Zoiper also supports IAX connections to simplify NAT connections. And, on both platforms, don’t forget that Google now lets you make and receive calls using the new Google Voice app using your old Google Voice numbers that no longer work directly with Asterisk.

Enjoy your pain-free Home Away from Home!

Originally published: Tuesday, April 2, 2020



Need help with Asterisk? Visit the VoIP-info Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Happy New Decade: It’s Incredible PBX 2020 for Raspberry Pi

As we begin a new decade, it seemed a fitting time for a terrific new project for you and your Raspberry Pi 4. It features Asterisk® 16 with all the latest FreePBX® 15 GPL modules plus the feature sets of Incredible PBX® and RasPBX and RonR’s latest build. The icing on the cake is support for plug-and-play Incredible IP Phones and a new trunking platform that integrates SMS messaging into your Asterisk platform. And it’s all rolled into one terrific (free) bundle.

This is the first of several articles on Incredible PBX 2020. Today, we’ll get your platform built and walk you through what’s included in the new build. In coming weeks, we’ll integrate the CentOS 7 platform enhancements into the Raspbian 10 Buster image for the Raspberry Pi. In the meantime, come enjoy and explore the powerful, new feature set that comes with Incredible PBX 2020 out of the box. Unlike other aggregations, there’s nothing to compile with Incredible PBX 2020 for Raspbian 10. And, unlike the FreePBX Distro, we don’t rely on static packages which make it difficult to make future modifications on your own. Instead, Incredible PBX 2020 offers a snapshot image with a complete toolkit to make future modifications as desired. Last, but not least, Incredible PBX 2020 features the new ClearlyIP module repository which protects you from proprietary modifications that limit or cripple your PBX moving forward.

What’s Included? Incredible PBX 2020 for Raspbian 10 serves up a VoIP powerhouse featuring Asterisk 16 and all FreePBX 15 GPL modules, an Apache web server, the latest MariaDB SQL server (formerly MySQL), Exim4 mail server, and most of the Incredible PBX feature set including SIP, SMS, voice recognition, AsteriDex, PicoTTS Text-to-Speech VoIP applications plus fax support, Click-to-Dial, News, Weather, Telephone Reminders, and hundreds of features that typically are found in commercial PBXs: Conferencing, IVRs and AutoAttendants, Email Delivery of Voicemail, Voicemail Blasting, and more. We’ve also incorporated the Zero Trunk Configuration feature from the LITE build which lets you sign up with one of four VoIP providers and start making and receiving calls instantly. Or you can use the new ClearlyIP trunking module included in the GUI for a seamless integration of SMS messaging into FreePBX and its User Control Panel.

Choosing a SIP Provider. As we mentioned, Incredible PBX 2020 comes preconfigured to support five of the major SIP providers: ClearlyIP, Skyetel, VoIP.ms, V1VoIP, and Anveo Direct. We obviously hope you’ll choose ClearlyIP or Skyetel trunking because both financially support Nerd Vittles and our open source projects. As the old saying goes, they may not be the cheapest, but you get what you pay for. With all five providers, you only pay for minutes you use so signing up with more than one provider is a smart idea.


Assembling the Required Raspberry Pi Components

Before you can deploy Incredible PBX 2020, you’ll first need the necessary Raspberry Pi hardware. Here’s the short list and, if you’re in a hurry, the $35 Raspberry Pi 3B+ will cost you less than $3 extra to get it quickly from Amazon using our referral link. If you prefer to wait for a Raspberry Pi 4, read on. Either way, the RasPi remains one of the world’s best bargains! Assuming you already own an HDMI-compatible monitor and a USB keyboard

  • Raspberry Pi 4B from a Raspberry Pi reseller
  • $8 USB-C RasPi 4 (only) Power Supply
  • $10 32GB microSDHC Class 10 card (strongly recommended!)
  • $5 Official RasPi 4 Case
  • Getting Started with Incredible PBX 2020

    Here’s our 10-Step Guide to installation and setup. "Automatic" means just watch. Steps #1 and #2: follow the links. For the remaining steps, we’ll further document the procedures.

    1. Download and unzip Incredible PBX 2020.3 image from SourceForge
    2. Transfer Incredible PBX 2020 image to microSD card
    3. Boot Raspberry Pi from new microSD card (16GB minimum)
    4. Login to RasPi console as root:password to initialize your server (Automatic)
    5. In raspi-config Advanced Options, Expand FileSystem to fill your SD card
    6. In Localization Options, set Locale, TimeZone, Keyboard, & WiFi Country
    7. Reboot after writing down your server IP address (Automatic)
    8. Login via SSH or Putty as root:password to set passwords & setup firewall (Automatic)
    9. Run admin-pw-change to set the admin password for access to the web GUI
    10. Register for and configure at least one trunk provider for Incredible PBX 2020
    11. Enjoy!

    First Boot of Incredible PBX 2020 with Wi-Fi

    Incredible PBX 2020 requires Internet connectivity to complete its automated install. If you’re using a wired network connection, you can skip to the next section. With the Raspberry Pi 3B and 4B, WiFi is built into the hardware. But you still have to insert your SSID name and SSID password to make a connection to your WiFi network. To do so, follow these next steps carefully. Insert the Incredible PBX 2020 microSD card into your Raspberry Pi 3 or 4 and apply power to the hardware. When the bootup procedure finishes, login as root with the default password: password. At the first prompt, DO NOT PRESS THE ENTER KEY! Instead, press Ctrl-C to break out of the setup script. At the command prompt, issue the following commands to bring up the WiFi config file:

    cd /etc/wpa_supplicant
    nano -w wpa_supplicant.conf
    

    If your WiFi network does not require a password, uncomment or insert the four lines below and save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.

    network={
     key_mgmt=NONE
     priority=1
    }
    

    If your WiFi network requires a password, uncomment or insert the following into wpa_supplicant.conf:

    ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
    update_config=1
    
    network={
     ssid="YourSSID"
     psk="YourSSIDpassword"
     key_mgmt=WPA-PSK
     scan_ssid=1
     priority=7
    }
    

    Then scroll down to the SSID entry and replace YourSSID with the actual SSID of your WiFi network. Make sure you preserve the entry with the quotes as shown. Next, replace YourSSIDpassword with the SSID password of your WiFi network. Save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.

    Once the reboot process finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in a minute. Skip the next section since you are using a WiFi connection.

    If you don’t see an IP address assigned to your server, then correct the network deficiency (invalid WiFi credentials, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.

    First Boot of Incredible PBX Using Wired Connection

    Incredible PBX 2020 requires Internet connectivity to complete its automated install. After connecting your server to your local network with a network cable, insert the Incredible PBX 2020 microSD card into your Raspberry Pi and apply power to the hardware. When the bootup procedure finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in the next step.

    If you don’t see an IP address assigned to your server, then correct the network deficiency (cable not connected, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.

    Completing the Incredible PBX Initialization Procedure

    Unless your desktop PC and RasPi are both on the same private LAN, the remainder of the install procedure should be completed from a desktop PC using SSH or Putty. This will assure that your desktop PC is also whitelisted in the Incredible PBX firewall. Using the console to complete the install is NOT recommended as your desktop PC will not be whitelisted in the firewall. This may result in your not being able to log in to your server. Once you have network connectivity, log in to your server as root from a desktop PC using the default password: password. Accept the license agreement by pressing ENTER. You then will be redirected to raspi-config. This is the utility used to expand your Incredible PBX 2020 image to use your entire microSD card. If you fail to complete this step, your microSD card will be restricted to 16GB. In the raspi-config utility, choose Localization Options and set Locale, TimeZone, Keyboard, & WiFi Country. Then choose Advanced Options. All of the defaults should be satisfactory with the exception of the first item: Expand Filesystem. Choose this option and activate the resizing directive. Review the other items and then exit and reboot.

    Once your server reboots and you log back in as root, all of your passwords will be randomly assigned with the exception of the root user Linux password and your admin password for access to the web GUI. You can set the root password by issuing the command: passwd. Set the admin password for access to the web GUI with this command: /root/admin-pw-change. With the exception of these two passwords, the remaining passwords can be displayed using the command: /root/show-passwords.

    Finally, if your PBX is sitting behind a NAT-based router, you’ll need to redirect incoming UDP 5060-5061 and UDP 10000-20000 traffic to the private IP address of your PBX. This is required for all of the SIP providers included in the Incredible PBX 2020 build. Otherwise, all inbound calls will fail.

    A Word About FreePBX Module Morphing

    If you’ve been following the latest FreePBX module saga, then we probably don’t need to repeat that now is not a good time to be indiscriminately updating FreePBX modules using the Module Admin utility. Chances are pretty good that you may irreparably break something. Should an alert appear in the Dashboard indicating that a particular module has a security vulnerability, please post a note on the PIAF Forum and await a response before attempting to upgrade the module. We also strongly recommend backing up your microSD card as documented below to avoid future surprises.

    Configuring Skyetel for Incredible PBX 2020

    If you’ve decided to go with Skyetel, here’s the drill. Sign up for Skyetel service and take advantage of the Nerd Vittles Free $10 credit and BOGO special. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request the $10 credit for your account by referencing the Nerd Vittles special offer. Once you are happy with the service, open another ticket after funding your account and request that Skyetel match your deposit of up to $250. That gets you up to $500 of helf-price calling. Credit is limited to one per person/company/address/location. If you have numbers to port in, you can do it at no cost after funding your account. Effective 10/1/2023, $25/month minimum spend required.

    Skyetel does not use SIP registrations to make connections to your PBX. Instead, Skyetel utilizes Endpoint Groups to identify which servers can communicate with the Skyetel service. An Endpoint Group consists of a Name, an IP address, a UDP or TCP port for the connection, and a numerical Priority for the group. For incoming calls destined to your PBX, DIDs are associated with an Endpoint Group to route the calls to your PBX. For outgoing calls from your PBX, a matching Endpoint Group is required to authorize outbound calls through the Skyetel network. Thus, the first step in configuring the Skyetel side for use with your PBX is to set up an Endpoint Group. Here’s a typical setup for Incredible PBX 2020:

    • Name: MyPBX
    • Priority: 1
    • IP Address: PBX-Public-IP-Address
    • Port: 5060
    • Protocol: UDP
    • Description: 2020.incrediblepbx.com

    To receive incoming PSTN calls, you’ll need at least one DID. On the Skyetel site, you acquire DIDs under the Phone Numbers tab. You have the option of Porting in Existing Numbers (free for the first 60 days after you fund your account) or purchasing new ones under the Buy Phone Numbers menu option.

    Once you have acquired one or more DIDs, navigate to the Local Numbers or Toll Free Numbers tab and specify the desired SIP Format and Endpoint Group for each DID. Add SMS/MMS and E911 support, if desired. Call Forwarding and Failover are also supported. That completes the VoIP setup on the Skyetel side. System Status is always available here.

    Configuring VoIP.ms for Incredible PBX 2020

    To sign up for VoIP.ms service, may we suggest you use our signup link so that Nerd Vittles gets a referral credit for your signup. Once your account is set up, you’ll need to set up a SIP SubAccount and, for Authentication Type, choose Static IP Authentication and enter your Incredible PBX 2020 server’s public IP address. For Transport, choose UDP. For Device Type, choose Asterisk, IP PBX, Gateway or VoIP Switch. Order a DID in their web panel, and then point the DID to the SubAccount you just created. Be sure to specify atlanta1.voip.ms as the POP from which to receive incoming calls. On the Incredible PBX side, simply Enable the VoIPms trunk and save your update.

    Configuring V1VoIP for Incredible PBX 2020

    To sign up for V1VoIP service, sign up on their web site. Then login to your account and order a DID under the DIDs tab. Once the DID has been assigned, choose View DIDs and click on the Forwarding button beside your DID. For Option #1, choose Forward to IP Address/PBX. For the Fowarding Address, enter the public IP address of your server. For the T/O (timeout) value, set it to 2o seconds. Then click the Update button. Under the Termination tab, create a new Endpoint with the public IP address of your server so that you can place outbound calls through V1VoIP. On the Incredible PBX side, simply Enable the V1VoIP trunks and save your updates.

    Configuring Anveo Direct for Incredible PBX 2020

    To sign up for Anveo Direct service, sign up on their web site and then login. After adding funds to your account, purchase a DID under Inbound Service -> Order DID. Next, choose Configure Destination SIP Trunk. Give the Trunk a name. For the Primary SIP URI, enter $[E164]$@server-IP-address. For Call Options, select your new DID from the list. You also must whitelist your public IP address under Outbound Service -> Configure. Create a new Call Termination Trunk and name it to match your server. For Dialing Prefix, choose six alphanumeric characters beginning with a zero. In Authorized IP Addresses, enter the public IP address of your server. Set an appropriate rate cap. We like $0.01 per minute to be safe. Set a concurrent calls limit. We like 2. For the Call Routing Method, choose Least Cost unless you’re feeling extravagant. For Routes/Carriers, choose Standard Routes. Write down your Dialing Prefix and then click the Save button. On the Incredible PBX side, simply Enable the AnveoDirect trunks and save your updates.

    Before you can make outbound calls through Anveo Direct from your PBX, you first must configure the Dialing Prefix that you wrote down in the previous step. Using a browser, login to the GUI as admin. Navigate to Connectivity -> Trunks -> Anveo-Out. Click the Pencil icon to edit the trunk settings. Then click the Custom Settings tab. Replace anveo-pin with your actual Anveo PIN. Click Submit and Apply Settings to save your changes.

    By default, incoming Anveo Direct calls will be processed by the Default inbound route on your PBX. If you wish to redirect incoming Anveo Direct calls using DID-specific inbound routes, then you’ve got a bit more work to do. In addition to creating the inbound route using the 11-digit Anveo Direct DID, enter the following commands after logging into your server as root using SSH/Putty:

    cd /etc/asterisk
    echo "[from-anveo]" >> extensions_custom.conf
    echo "exten => _.,1,Ringing" >> extensions_custom.conf
    echo "exten => _.,n,Goto(from-trunk,\\${SIP_HEADER(X-anveo-e164)},1)" >> extensions_custom.conf
    asterisk -rx "dialplan reload"
    

    Configuring a Softphone for Incredible PBX 2020

    We’re in the home stretch now. You can connect virtually any kind of telephone to your new PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.

    We recommend YateClient for Windows which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You can find them by running /root/show-passwords. You’ll need the IP address of your server plus your extension 701 password. In the YateClient, fill in the blanks using the IP address of your Server, 701 for your Username, and whatever Password was assigned to the extension when you installed Incredible PBX. Click OK to save your entries.

    Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

    DEMO - Apps Demo
    123 - Reminders
    947 - Weather by ZIP Code
    951 - Yahoo News
    TODAY - Today in History
    LENNY - The Telemarketer's Worst Nightmare
    

    If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.

    Audio Issues with Incredible PBX 2020

    Only if you experience one-way or no audio on some calls, add your external IP address and LAN subnet in the GUI by navigating to Settings -> Asterisk SIP Settings. In the NAT Settings section, click Detect Network Settings. Click Submit and Apply Settings to save your changes.

    Configuring Gmail as Exim Smart Relay Host

    Most Raspberry Pi implementations will be on networks managed by companies like Comcast, Spectrum, and AT&T that block downstream mail servers (that’s you) from sending email. The solution is to use Gmail or your local ISP as a smart relay host to send mail from your server. You’ll need this to deliver voicemails via email. Here’s how to set it up using a Gmail account without two-step authentication. Log into your server as root and run dpkg-reconfigure exim4-config. Choose "mail sent by smarthost; received via SMTP or fetchmail." Accept all the defaults until you get to Outgoing Smarthost prompt. Enter: smtp.gmail.com::587. At the following prompts, choose NO, NO, mbox, and NO. When the setup completes, edit /etc/exim4/passwd.client and insert the following line using your Gmail AcctName and AcctPW. NOTE: If you are using a Gmail account with 2-step verification enabled, you MUST use a Gmail App Key instead of your Gmail account password. You also must enable Less Secure Apps access to your Gmail account.

    *.google.com:AcctName@gmail.com:AcctPW
    smtp.gmail.com:AcctName@gmail.com:AcctPW
    

    Save the file and then issue the following commands to complete the setup:

    update-exim4.conf
    systemctl restart exim4
    exim4 -qff
    

    Now send yourself a test email message to make sure things are working properly:

    echo "test" | mail -s testmessage yourname@yourmailprovider.com
    

    Some prefer an email notification whenever your server is booted. Once you have configured a relay host above, you can add the feature by editing /etc/rc.local and adding the following lines with your actual email address just above the service knockd start line:

    _PRIVATE="Private IP: `cat /etc/hostip | cut -f1-2 -d " "`"
    _PUBLIC=" Public IP: `curl -s -S --user-agent \\
    "Mozilla/4.0" http://myip.incrediblepbx.com | awk 'NR==2'`"
    echo "$_PRIVATE\\n$_PUBLIC" | mail -s "RasPi 2020 has booted" yourname@yourmailserver.com
    

    Building the Incredible PBX Demo IVR

    If you’d like to try your hand at building an IVR, here are the steps to build the Incredible PBX Demo IVR. From the FreePBX Dashboard, choose Applications -> IVR -> Add IVR. Then fill in the template using the entries shown below. Then click Submit and Reload Dialplan.



    Building the Incredible PBX Stealth AutoAttendant

    Many users prefer to play an announcement to incoming callers with a brief pause thereafter which indicates that the call is being connected. If configured properly, this lets you embed several dial codes which can be entered while the announcement is playing and the call is being transferred. For example, you might wish to route incoming calls to Lenny if a caller presses 0. Or you might wish to immediately route an incoming call to a Ring Group if the caller presses 1. Here’s a sample IVR setup to get you started.


    Incredible PBX 2020 Administration

    We’ve eased the pain of administering your new PBX with a collection of scripts which you will find in the /root folder after logging in with SSH or Putty. Here’s a quick summary of what each of the scripts does.

    admin-pw-change lets you update the admin password for web browser access to the Incredible PBX GUI.

    apache-pw-change lets you update the admin password for Apache applications such as AsteriDex and Reminders.

    avantfax-pw-change lets you update the root password for AvantFax access (coming soon!).

    add-fqdn is used to whitelist a fully-qualified domain name in the firewall. Because Incredible PBX 2020 blocks all traffic from IP addresses that are not whitelisted, this is what you use to authorize an external user for your PBX. The advantage of an FQDN is that you can use a dynamic DNS service to automatically update the IP address associated with an FQDN so that you never lose connectivity.

    add-ip is used to whitelist a public IP address in the firewall. See the add-fqdn explanation as to why this matters.

    del-acct is used to remove an IP address or FQDN from the firewall’s whitelist.

    configure-exim-email lets you reconfigure the email server if you need to use an SMTP relay such as Google to get outbound email flowing. Tutorial here.

    iptables-restart is the ONLY command you should ever use to restart the IPtables firewall and Fail2Ban.

    knock.FAQ contains your PortKnocker credentials for emergency access to your server if the firewall locks you out. Tutorial here.

    proximity (once configured) will automatically forward calls to your cellphone when you are out of BlueTooth range from your RasPi. Also must enable running of script in /etc/crontab.

    reset-conference-pins is a script that automatically and randomly resets the user and admin pins for access to the preconfigured conferencing application. Dial C-O-N-F from any registered SIP phone to connect to the conference.

    reset-extension-passwords is a script that automatically and randomly resets ALL of the SIP passwords for extensions 701-705. Be careful using this one, or you may disable existing registered phones and cause Fail2Ban to blacklist the IP addresses of those users. HINT: You can place a call to the Ring Group associated with all five extensions by dialing 777.

    reset-reminders-pin is a script that automatically and randomly resets the pin required to access the Telephone Reminders application by dialing 123. It’s important to protect this application because a nefarious user could set up a reminder to call a number anywhere in the world assuming your SIP provider’s account was configured to allow such calls.



    rpi-clone is a utility that makes it easy to make a bootable image of the microSD card used to start your Raspberry Pi. You’ll need a USB-to-microSD adapter to begin. Insert a backup microSD card large enough to hold all of the data on the primary microSD card (df -h). Insert the USB stick with the card. Identify the backup microSD card, usually sda (fdisk -l). Format the backup microSD as an MSDOS partition. Then issue the following command to clone the primary microSD card: rpi-clone -f sda. Complete tutorial here.

    show-feature-codes is a cheat sheet for all of the feature codes which can be dialed from any registered SIP phone. It documents how powerful a platform Incredible PBX 2020 actually is. A similar listing is available in the GUI at Admin -> Feature Codes.

    show-passwords is a script that displays ALL of the passwords associated with Incredible PBX 2020. This includes SIP extension passwords, voicemail pins, conference pins, telephone reminders pin, and your Anveo Direct outbound calling pin (if configured). Note that voicemail pins are configured by the user of a SIP extension the first time the user accesses the voicemail system by dialing *97.

    timezone-setup lets you reconfigure the correct time zone for your server.

    purge-cdr-cel-records cleans out all existing entries in both the CDR and CEL tables of the Asterisk CDR database.

    log-cleanup removes all entries from most of the logs in /var/log.

    sig-fix disables module signature checking in FreePBX. It is automatically disabled upon installation.

    readme-RonR.txt documents the scripts provided from RonR build. We do NOT recommend using the FCC Blacklist because of its current size.

    update-asterisk16 is a utility that updates Asterisk 16 to the latest release. This should only be necessary when a security issue or bug is identified that affects the operation of your PBX.

    update-IncrediblePBX is the Automatic Update Utility which checks for server updates from incrediblepbx.com every time you log into your server as root using SSH or Putty. Do NOT disable it as it is used to load important fixes and security updates when necessary. We recommend logging into your server at least once a week.

    pbxstatus (shown above) displays status of all major components of Incredible PBX 2020.

    Forwarding Calls to Your Cellphone. Keep in mind that inbound calls to your DIDs automatically ring all five SIP extensions, 701-705. The easiest way to also ring your cellphone is to set one of these five extensions to forward incoming calls to your cellphone. After logging into your PBX as root, issue the following command to forward calls from extension 705 to your cellphone: asterisk -rx "database put CF 705 6781234567"

    To remove call forwarding: asterisk -rx "database del CF 705"

    Keeping FreePBX 15 Modules Current

    We strongly recommend that you periodically update all of your FreePBX modules to eliminate bugs and to reduce security vulnerabilities. Make a backup image with rpi-clone first! From the Linux CLI, log into your server as root and issue the following commands:

    rm -f /tmp/*
    fwconsole ma upgradeall
    fwconsole reload
    /root/sig-fix
    systemctl restart apache2
    /root/sig-fix
    

    Continue Reading: Icing on the Cake for Incredible PBX and Raspberry Pi

    Originally published: Monday, January 27, 2020



    Need help with Asterisk? Visit the PBX in a Flash Forum.


     

    Special Thanks to Our Generous Sponsors


    FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

    BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

    The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

    VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
     

    Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
     



    Interconnect Incredible PBX 16-15 to the Asterisk Mothership

    The Holy Grail for a mobile VoIP solution is a simple way to connect back to your primary Asterisk® PBX via Wi-Fi from anywhere in the world to make and receive calls as if you never left. Let’s tick off the potential problems. First, many home-based PBXs are sitting behind NAT-based routers. Second, almost all remote Wi-Fi connections are made through a NAT-based router. Third, chances are the remote hosting platform blocks outgoing email from downstream servers such as a mobile PBX. Fourth, deciphering the IP address of your remote connection can be problematic. Fifth, the chances of experiencing one-way audio or no audio on your VoIP calls is high because of NAT-based routers at both ends of your connection.

    For those that travel regularly and want to avoid the complexity of configuring OpenVPN, here is a quick thumbnail of the setup we recommend as your mobile companion. You’ll never have a one-way audio problem again. In terms of hardware, you’ll need a Raspberry Pi 4B or 3B+ with its native WiFi support plus a Windows or Mac notebook computer for traveling. You’ll also need a NeoRouter VPN server to make this process seamless. If you’ve already set up an OpenVPN server platform, it will work equally well. One advantage of NeoRouter is that clients can be added from the client side without having to create a config file on the VPN server. All you need is a username and password. But the choice of VPN platform is totally a matter of preference. The objective using either OpenVPN or NeoRouter is secure communications to your home base. We don’t want to have to reconfigure either your home PBX or your traveling Raspberry Pi or your notebook PC based upon changes in your public and private IP addresses.

    Today we’ll walk you through the easiest way to set up a (free) NeoRouter server on the Internet. It can be used to connect up to 254 devices on an encrypted private LAN. We’re delighted to have finally found a perfect use for the (free) Google Cloud instance.


    Using a Raspberry Pi, build an Incredible PBX 16-15 platform by following our previous tutorial. We’ll set this up on your home WiFi network so that you only have to throw the Raspberry Pi and its power supply in your suitcase when you travel. As part of the setup, we’ll download NeoRouter and activate private IP addresses for your notebook computer as well as both of your PBXs (using nrclientcmd). Next, we’ll interconnect the two PBXs using SIP trunks and the NeoRouter private LAN IP addresses. We’ll take advantage of a neat little Raspberry Pi trick by storing a wpa_supplicant.conf template on your PC for the remote WiFi setup even though we don’t yet know anything about the remote LAN. Once we know the SSID and password at the remote destination, we’ll use your notebook computer to edit the template and transfer the file to the /boot folder of your RasPi’s microSD card. When the card then is inserted and the RasPi is booted, it will automatically move the template to the proper /etc/wpa_supplicant folder to successfully activate your WiFi connection. We’ll also load links, a fast text-based browser, just in case you encounter a hotel that requires some sort of acknowledgement or password before establishing your WiFi connection to the Internet.

    Setting Up a (free) NeoRouter Server in the Cloud

    Because NeoRouter uses a star-based VPN architecture, that means the NeoRouter Server must always be available at the same IP address for all of the NeoRouter Clients (aka Nodes) to talk to. If you already have a cloud-based server that has a static IP address and can handle the traffic cop duties of NeoRouter Server, then that’s an ideal place to install NeoRouter Server. Simply download the Free flavor of NeoRouter Server that matches your existing platform and install it. Add an FQDN for your server’s IP address, and you’re all set. A detailed summary of available management options is included in our previous NeoRouter v2 article.

    We devoted a couple weeks to Google Cloud instances, and it turned out to be a pretty awful platform for hosting Asterisk. But the free offering looks to be a perfect fit as a hosting platform for NeoRouter Server. You also won’t have to worry about Google going out of business anytime soon. So let us walk you through an abbreviated setup process on the Google Cloud platform. If you’re just getting started with Google Cloud, read our previous article to take advantage of Google’s generous $300 offer to get you started and to generally familiarize yourself with the mechanics of setting up an instance in the Google Cloud.

    For NeoRouter Server, navigate to https://console.cloud.google.com. Click the 3-bar image in the upper left corner of your Dashboard. This exposes the Navigation Menu. In the COMPUTE section of the Dashboard, click Compute Engine -> VM Instances. Then click CREATE PROJECT and name it. Now click CREATE INSTANCE and Name it nrserver. The instance name becomes the hostname for your virtual machine. If you want to remain in the Free Tier, choose f1-micro instance as the Machine Type and choose a U.S. Region (us-central1, us-east1 or us-west1). For the Boot Disk, choose CentOS 6 and expand the disk storage to at least 20GB (30GB is available with the Free Tier). For the Firewall setting, leave HTTP and HTTPS disabled. Check your entries carefully and then click the Create button.

    When your virtual machine instance comes on line, jot down the assigned public IP address. We’ll need it in a minute. Now click on the SSH pull-down tab and choose Open in a Browser Window. Now we need to set a root password and adjust the SSH settings so that you can login from your desktop computer using SSH or Putty:

    sudo passwd root
    su root
    nano -w /etc/ssh/sshd_config
    

    When the editor opens the SSH config file, add the following entries. Then save the file and restart SSH: service sshd restart

    PermitRootLogin yes
    PasswordAuthentication yes
    

    You now should be able to log in to your instance as root from your desktop computer using SSH or Putty. Test it to be sure: ssh root@server-IP-address

    Before we leave the Google Cloud Dashboard, let’s make the assigned public IP address permanent so that it doesn’t get changed down the road. Keep in mind that, if you ever delete your instance, you also need to remove the assigned static IP address so you don’t continue to get billed for it. From Home on the Dashboard, scroll down to the NETWORKING section and choose VPS Network -> External IP Addresses. Change the Type of your existing address to Static and Name it staticip. Next, choose Firewall Rules in the VPS Network section and click CREATE FIREWALL RULE. Fill in the template like the following leaving the other fields with their default entries. Then click CREATE.

    1. Name: neorouter
    2. Target Tags: neorouter
    3. Source IP Range: 0.0.0.0/0
    4. Protocols/Ports: check tcp: 32976

    CAUTION: Before this firewall rule will be activated for your instance, it also must be specified in the Network Tags section for your instance. Shut down your instance and add the neorouter tag by editing your instance. Then restart your instance.

    Now we’re ready to install NeoRouter Free v2 Server on your instance. Be sure to choose the Free v2 variety. Log back into your server as root using SSH/Putty and issue these commands:

    yum -y update
    yum -y install nano
    wget http://download.neorouter.com/Downloads/NRFree/Update_2.3.1.4360/Linux/CentOS/nrserver-2.3.1.4360-free-centos-x86_64.rpm
    rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm
    /etc/rc.d/init.d/nrserver.sh restart
    nrserver -setdomain <DOMAINNAME> <DOMAINPASSWORD>
    nrserver -adduser <USERNAME> <PASSWORD> admin
    nrserver -enableuser <USERNAME>
    nrserver -showsettings
    

    Finally, add the following command to /etc/rc.local so that NeoRouter Server gets started whenever your instance is rebooted:

    echo "/etc/rc.d/init.d/nrserver.sh start" >> /etc/rc.local
    

    Installing Incredible PBX 16-15 on a Raspberry Pi

    We won’t regurgitate our Raspberry Pi tutorial. Simply follow the steps outlined there to acquire the necessary components and to get Incredible PBX 16-15 installed. We do want to stress the importance of getting WiFi working, configuring Exim to use your Gmail credentials as a smarthost, and making sure you added the email addition to /etc/rc.local so that you receive IP address information about your PBX whenever it is rebooted. If you skipped any of these steps, stop here and revisit the RasPi tutorial to complete those items.

    Configuring NeoRouter Client on Your Computers

    All flavors of Incredible PBX come with the NeoRouter client preinstalled. If your Asterisk-based home PBX is of another variety, you can install the NeoRouter Client matching the architecture of your server from here. Be sure to click on the NeoRouter Free v2 tab before making your selection. The other varieties are incompatible with the Free NeoRouter v2 Server installed above and are not free. Also be sure you match both the operating system and architecture of your server platform. Finally, make certain that TCP 32976 is whitelisted in your firewalls.

    On Linux-based (non-GUI) platforms, setting up the NeoRouter Client is done by issuing the command: nrclientcmd. You’ll be prompted for your NeoRouter Server FQDN as well as your username and password credentials. Perform this procedure on both your home PBX and the Raspberry Pi.

    To add your Windows or Mac notebook to the NeoRouter VPN, download the appropriate client and run the application which will prompt for your NeoRouter Server FQDN as well as your NeoRouter credentials. Once completed, you should see all three machines in your NeoRouter Free Client Dashboard: your PC as well as your home PBX and Raspberry Pi-based Incredible PBX. Make note of the private VPN addresses (10.0.0.X) of both your home PBX and your Raspberry Pi. These VPN addresses never change, and we’ll need them to interconnect your PBXs and to set up a softphone on your notebook computer.

    Admininistrative Tools to Manage NeoRouter

    Here are a few helpful commands for monitoring and managing your NeoRouter VPN.

    To access your NeoRouter Linux client: nrclientcmd

    To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart

    To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart

    To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword

    For a list of client devices: nrserver -showcomputers

    For a list of existing user accounts: nrserver -showusers

    For the settings of your NeoRouter VPN: nrserver -showsettings

    To add a user account: nrserver -adduser username password user

    To add admin account: nrserver -adduser username password admin

    For a complete list of commands: nrserver –help


    Interconnecting Your Raspberry Pi and Home PBX

    To keep things simple, our setup examples below assume the following NeoRouter VPN addresses: Home PBX (10.0.0.1) and Raspberry Pi (10.0.0.2). Using a browser, you’ll need to login to the GUI of your Home PBX and Raspberry Pi and add a Trunk to each PBX. Be sure to use the same secret on BOTH trunk setups. We don’t recommend forwarding incoming calls from your Home PBX to your Raspberry Pi because most folks won’t be sitting in their hotel room all day to answer incoming calls. Instead, add the number of your smartphone to a Ring Group on the Home PBX and don’t forget the # symbol at the end of the number. On the Raspberry Pi side, we are assuming that whenever a call is dialed from a registered softphone with the 9 prefix, the call will be sent to the Home PBX for call processing (without the 9). For example, 98005551212 would send 800-555-1212 to the Home PBX for outbound routing and 9701 would send 701 to the Home PBX for routing to the 701 extension. You can obviously adjust your dialplan to meet your own local requirements.

    On the Home PBX, the chan_sip trunk entries should look like this:

    Trunk Name: raspi-remote
    
    PEER DETAILS
    
    host=10.0.0.2
    type=friend
    context=from-internal
    username=home-pbx
    fromuser=home-pbx
    secret=some-password
    canreinvite=no
    insecure=port,invite
    qualify=yes
    nat=yes
    

    On the Raspberry Pi, the chan_sip trunk entries should look like this:

    Trunk Name: home-pbx
    
    PEER DETAILS
    
    host=10.0.0.1
    type=friend
    context=from-internal
    username=raspi-remote
    fromuser=raspi-remote
    secret=some-password
    canreinvite=no
    insecure=port,invite
    qualify=yes
    nat=yes
    

    On the Raspberry Pi, add an Outbound Route named Out9-home-pbx pointed to home-pbx Trunk with the following Dial Patterns. For each Dial Pattern, prepend=blank and prefix=9:

    dial string: 1NXXNXXXXXX  
    dial string: NXXNXXXXXX  
    dial string: *98X.
    dial string: XXX
    dial string: XXXX
    dial string: XXXXX
      

    Tweaking Your Raspberry Pi for WiFi Mobility

    Typically, you don’t know the WiFi SSID or password of your destination location before you travel. Because you won’t be traveling with a monitor and keyboard for your Raspberry Pi, we needed some way to adjust the WiFi credentials on the microSD card to accommodate the destination WiFi network when you arrive. Luckily, the Raspberry Pi folks thought of a clever way to handle this. You can simply plug your microSD card into your notebook PC (Mac ALERT: Don’t forget your SD card dongle!) and add a wpa_supplicant.conf config file to the /boot directory on the card once you arrive at your destination and know the SSID and password of the local WiFi network. When the Raspberry Pi is subsequently booted, the operating system will move the config file to the /etc/wpa_supplicant directory so that your WiFi network will come on line. Here’s what a typical wpa_supplicant.conf file should look like using your actual credentials. The last network section handles open WiFi network connections (think: McDonald’s) if you want to enable them:

    country=US
    update_config=1
    
    network={
     ssid="your-SSID"
     psk="your-SSID-password"
     key_mgmt=WPA-PSK
     scan_ssid=1
     priority=5
    }
    
    network={
     key_mgmt=NONE
     priority=1
    }
    

    The other gotcha is that some public WiFi networks require some type of web login procedure before you can actually access the Internet even though an IP address may have been assigned to your Raspberry Pi. To handle this situation, you’ll need a text-based web browser on the Raspberry Pi that can be accessed through your notebook PC using SSH and your Raspberry Pi’s VPN address. Our favorite is links which can be installed on your Raspberry Pi before you pack up.

    apt-get install links -y
    

    Once you arrive at your destination, connect both your notebook PC and Raspberry Pi to the same WiFi network, login to the RasPi with SSH at the VPN address assigned to your RasPi, and run links to start the browser. Press <esc> to access the links menu options. If you can’t access your RasPi at the VPN IP address, try its WiFi-assigned local IP address.

    Adding a Softphone to Your Notebook PC

    Last, but not least, you obviously need a way to make and receive calls once your Raspberry Pi is up and running at the remote site. We recommend installing a softphone on your Mac or PC notebook that connects to an extension on your Raspberry Pi using the VPN IP address of the Raspberry Pi. Using the VPN address assures that the connection will always be available regardless of the WiFi network’s local IP addresses. Everyone has their own favorite softphone, but here are some suggestions.

    For Windows PCs, we recommend VitalPBX Communicator. It’s a free download from here.



    Another good choice is YateClient which also is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for an extension on your Raspberry Pi. Then enter the VPN IP address of your server plus your extension’s password. Click OK to save your entries.

    If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.

    Adding a Softphone to Your Smartphone

    We actually prefer adding a free softphone app to our smartphone. There are a number of alternatives on both the iOS and Android platforms. With iPhones and iPads, we’ve had great success with Acrobits Softphone, Grandstream Wave, Linphone, and Zoiper Lite. All are available in the App Store. For Android devices, our current favorite is the VitalPBX Communicator. Acrobits Groundwire is another good choice. But Grandstream Wave, Linphone, and Zoiper Lite also are available. Keep in mind that Zoiper also supports IAX connections to simplify NAT connections. And, on both platforms, don’t forget that Google now lets you make and receive calls using the new Google Voice app using your old Google Voice numbers that no longer work directly with Asterisk.

    Enjoy your pain-free traveling!

    Originally published: Monday, September 9, 2019



    Need help with Asterisk? Visit the VoIP-info Forum.


     

    Special Thanks to Our Generous Sponsors


    FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

    BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

    The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

    VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
     

    Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
     



    Mastering the Incredible PBX 16-15 Feature Set with Raspbian



    This week we’ll finish up our introduction of Incredible PBX® 16-15 for the Raspberry Pi with a quick look at some of the additional features that are offered on this new platform and that were not covered in our first and second articles. These include text-to-speech apps for news, weather, and today in history as well as the sample ODBC apps for speed dialing and employee data base lookups. We’ll also walk you through the conferencing setup and document the easiest way to deploy an Interactive Voice Response (IVR) system or a Stealth AutoAttendant with or without Direct Inward System Access (DISA) which provides a way to call into your PBX from anywhere and obtain dial tone to make calls or access features just as if you were using a local phone connected to your PBX. We’ll finish up with a review of the Incredible PBX security model: Travelin’ Man 3 IPtables firewall, Fail2Ban, and PortKnocker.

    Introduction to Incredible PBX TTS Apps

    Text-to-Speech (TTS) applications are included in Incredible PBX for two reasons. First, they provide useful information by phone. Second, they document the procedure required to build your own TTS applications using Asterisk®. That process typically includes a dialplan code addition to /etc/asterisk/extensions_custom.conf plus a PHP/AGI script which must be stored in /var/lib/asterisk/agi-bin. The actual interaction with the caller is handled in the dialplan code using a TTS engine to convert the text results of the PHP/AGI query into audio suitable for playback over the telephone. The (free) PicoTTS engine is included in the Incredible PBX image for the Raspberry Pi. The commercial IBM TTS engine is also available.

    The job of the dialplan code is to answer the incoming call and prompt the caller for any necessary information that needs to be passed to the PHP/AGI script to obtain the information sought by the caller. For example, with the Weather by ZIP code app, the caller dials Z-I-P (947) and the dial plan code prompts the caller for the ZIP code of the desired weather report. This ZIP code is then passed to the nv-weather-zip.php AGI script to retrieve the requested weather forecast. The text results of the query then are passed back to the dialplan code which plays back the results to the caller using the PicoTTS engine.

    Three sample TTS applications are included. Dial 951 for the latest Yahoo News headlines. Dial 947 to obtain a weather report for any American city using its ZIP code. Dial T-O-D-A-Y to listen to Today in History events for the current day of the year.

    Introduction to Incredible PBX ODBC Apps

    As with TTS apps, sample ODBC apps are included in Incredible PBX to provide useful information to callers and to document the procedure required to build your own ODBC applications with Asterisk. For those unfamiliar with ODBC, it is a middleware component that lets you build generic database applications that will work with almost any data base management system. In our case, we are using the MySQL clone, MariDB, as the backend database. But the same ODBC API could be used with a database stored in SQLite, or SQL Server, or PostgreSQL. To interact with your own database, the first step is to install an ODBC connector for your particular database so that it can "talk" to Linux and to Asterisk. On the Linux side, take a look at /etc/odbc.ini for examples of how this is done for individual databases. If you’re using a backend database other than MySQL/MariaDB, then the driver must be installed and added to /etc/odbcinst.ini. On the Asterisk side, there are three pieces that need to be put in place in /etc/asterisk. res_odbc_custom.conf houses the actual linkages to the ODBC databases defined in /etc/odbc.ini. func_odbc.conf houses the actual ODBC queries that will be used to read and write information from and to your databases. Finally, odbc.conf contains the dialplan code that will be used to interact with the caller. It answers the incoming calls, prompts the caller for necessary data to complete the query, executes the query defined in func_odbc.conf, and then converts the text results to audio and passes the results back to the caller using the PicoTTS app.

    Two sample ODBC applications are included. Dial 222 to obtain an employee name lookup from the employee timeclock database by entering the employee number, e.g. 12345. Dial 223 for a speed dial application using the AsteriDex dialcode (the first 3 letters of a name). For example, enter D-E-L to obtain phone number of Delta Airlines and optionally place the call.

    Introduction to Incredible PBX Conference Bridge

    The Incredible PBX platform includes a preconfigured conference application which makes it easy for two or more parties to confer regarding any subject matter of common interest. Those with a local extension on the PBX can join the conference by dialing C-O-N-F (2663). For callers outside the PBX to participate, you would need to add a DID that points to the conference number. We’ve made it easy by including this option in the sample IVR created by Allison Smith. Simply designate the IVR as the destination for a DID and tell users to choose option 2. Local users can call D-E-M-O (3366) and choose option 2.

    Before using the conference application, you will want to reset the conference passwords. There’s one for users and a second one for the conference leader. After logging into your server as root, issue the command: ./reset-conference-pins. You can display most of the passwords on your PBX including the conference PINs: ./show-passwords.

    The conference bridge setup is configured in the GUI: Applications -> Conferences. Here you can decide whether to require the conference administrator to be present before users can join the conference, you can force termination of the conference when the admin leaves, you can enable the menus for users and administrators by pressing *, you can choose whether to record the conference, you can set the maximum number of conference participants, and much more. Simply click on the ? icons for explanations of the various features. CAUTION: Be advised that saving new settings for the conference bridge will reset the conference PINs to the entries shown or entered into the template, e.g. 1234 and 4321 as shown above!

    Configuring Incredible PBX IVRs and AutoAttendants

    We’ve included a sample IVR and the Stealth AutoAttendant as part of the Incredible PBX install. The easiest way to master the process of building these is to examine the included samples and try them out: Applications -> IVR -> DemoIVR. The demo IVR comes with all the options preconfigured. Be very careful exposing this through a DID unless you have hardened the passwords, especially for the Telephone Reminders app since this application allows any caller to set up calls to external phone numbers which may cost you money!

    The IVR options themselves are self-explanatory and well-documented under the ? icon. The IVR Entries at the bottom of the template define the destinations for caller button presses during a call. The Stealth AutoAttendant is worth examining further since it does not include predefined destinations. You would need to add these yourself. The idea behind a Stealth AutoAttendant is to provide options to a caller which are not explained when the AutoAttendant answers the call. In this way, it allows you to "hide" certain features of your PBX from the average caller. While standing alone, it’s obviously not secure since anyone can press a number on their phone after being connected, it does at least obscure the existence of the options. One good use for this is a DISA option which would let you call into your PBX to obtain dialtone to perform other functions on the PBX with an appropriate password, of course. This is documented in the next section and would need to be set up BEFORE adding the option as a choice on the AutoAttendant.

    Configuring DISA with Incredible PBX

    Before setting up a DISA option with Incredible PBX, be aware of the risks. Anyone that guesses your DISA password basically gets a blank check to perform any function that could be executed from any phone registered to your PBX. If you’ve decided to proceed anyway, access the GUI and choose Applications -> DISA -> Add DISA. Here’s what a typical DISA setup would look like. You’d obviously want a much more secure PIN!

    Once you have saved the template and reloaded your dialplan, you then can add DISA as an option in your IVR or AutoAttendant. Be sure to test it carefully before exposing it for public access. You’ve been warned!

    Incredible PBX Security Model Overview

    Unlike most other free PBX offerings, Incredible PBX is always deployed as a secure platform. Attempts to access Incredible PBX from outside your local area network will fail unless the IP address has been whitelisted in the IPtables firewall using one of the Travelin’ Man 3 utilities: add-ip or add-fqdn. Repeated attempts to access the PBX will be blocked by Fail2Ban and subsequent attempts to whitelist a blocked IP address will not be successful until the Fail2Ban quarantine expires. Thus, it is important to set up Incredible PBX initially using a desktop PC from which you will subsequently manage the PBX. This assures that at least this desktop PC’s IP address is whitelisted.

    To whitelist a static IP address, log into your server as root and issue the following command: ./add-ip my-log-cabin 12.34.56.78 where my-log-cabin is the descriptive name you wish to associate with the whitelisted IP address and 12.34.56.78 is the actual IP address.

    Obviously, everyone doesn’t have a static IP address. That’s what the add-fqdn utility is for. It allows you to use a dynamic DNS service to assign an FQDN to a dynamic IP address and rely upon the dynamic IP address provider to keep the FQDN synchronized as the IP address changes. Search your favorite search engine, search for "free dynamic dns raspberry pi" to find available providers. On the Incredible PBX, the setup is much the same except you’ll use the FQDN assigned to the IP address: ./add-fqdn my-log-cabin logcabin.myip.com. Incredible PBX actually runs a script every 10 minutes to keep dynamic IP addresses synchronized. Don’t make any changes to /root/ipchecker. If you’d prefer to have the script run more frequently, adjust the 10 entry in the ipchecker line in /etc/crontab.

    Last but not least, Incredible PBX includes the PortKnocker utility which provides an emergency "back door" into your PBX if you ever find yourself locked out by the firewall rules. The idea behind PortKnocker is that you send a packet to three random, pre-defined ports in a particular sequence and, if there’s a match, PortKnocker whitelists your IP address for further access to the server until the firewall is restarted or the server is rebooted. You’ll find your credentials and documentation in /root/knock.FAQ. If your PBX is sitting behind a hardware-based router or firewall, be sure to map the three TCP ports to the LAN IP address of your PBX. Enjoy!

    Originally published: Wednesday, August 28, 2019



    Need help with Asterisk? Visit the VoIP-info Forum.


     

    Special Thanks to Our Generous Sponsors


    FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

    BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

    The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

    VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
     

    Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
     



    Icing on the Cake for Incredible PBX 16-15 and Raspberry Pi



    In our last article, we introduced Incredible PBX® 16-15 featuring Asterisk® 16 and FreePBX® 15 on the new Raspberry Pi 4 with Raspbian 10. But we’re just getting started. Today we want to show off the real power of this $35 on-premise platform with the addition of IBM’s voice recognition software. Your first 500 minutes a month are free. In conjunction with Incredible PBX, you’ll get flawless transcription and email delivery of your voicemail messages plus a voice dialer that lets you call anyone in your AsteriDex phonebook by simply dialing 411 and saying the name of the person or company you wish to call. We’ve got a few more surprises plus some tips for the $5.95 Blinkt rainbow light show that will have your friends drooling with envy. If you haven’t yet installed Incredible PBX 16-15, start there.

    Configuring Gmail as Exim Smart Relay Host

    Before you can receive voicemail messages by email, your server needs to be able to successfully send email messages. Most Raspberry Pi implementations will be on networks managed by companies like Comcast, Spectrum, and AT&T that block downstream mail servers (that’s you) from sending email. The solution is to use Gmail or your local ISP as a smart relay host to send mail from your server. Here’s how to set it up using a Gmail account without two-step authentication. Log into your server as root and run ./configure-exim-email. Choose "mail sent by smarthost; received via SMTP or fetchmail." Accept all the defaults until you get to Outgoing Smarthost prompt. Enter: smtp.gmail.com::587. At the following prompts, choose NO, NO, mbox, and NO. When the setup completes, edit /etc/exim4/passwd.client and insert the following line using your Gmail AcctName and AcctPW. NOTE: If you are using a Gmail account with 2-step verification enabled, you MUST use a Gmail App Key instead of your Gmail account password.

    *.google.com:AcctName@gmail.com:AcctPW
    smtp.gmail.com:AcctName@gmail.com:AcctPW
    

    Save the file and then issue the following commands to complete the setup:

    update-exim4.conf
    systemctl restart exim4
    exim4 -qff
    

    Now send yourself a test email message to make sure things are working properly:

    echo "test" | mail -s testmessage yourname@yourmailprovider.com
    

    Some prefer an email notification whenever your server is booted. Once you have configured a relay host above, you can add this feature by editing /etc/rc.local and adding the following lines just above the service knockd start line using your actual email address:

    _PRIVATE="Private IP: `cat /etc/hostip | cut -f1-2 -d " "`"
    _PUBLIC=" Public IP: `curl -s -S --user-agent \\
    "Mozilla/4.0" http://myip.incrediblepbx.com | awk 'NR==2'`"
    echo "$_PRIVATE\\n$_PUBLIC" | mail -s "RasPi 16-15 has booted" yourname@yourmailserver.com
    


    Obtaining IBM Cloud Speech to Text Credentials

    Follow this link to set up your IBM account and obtain credentials for both Speech to Text (STT) and Text to Speech (TTS) services. Please note that your STT and TTS API keys will NOT be the same. So don’t accidentally use the wrong one. For today, we’ll need your STT API Key.

    Installing STT Engine for Voicemail Transcription

    Now we’re ready to deploy IBM’s STT Engine to (1) transcribe your voicemails and (2) deliver them by email. To begin, open the Incredible PBX web GUI with your browser and edit extension 701 under Applications -> Extensions. Click on the Voicemail tab. Enter an Email Address for delivery of your voicemails. Set Email Attachment, Play CID, and Play Envelope to YES. After testing things out, you may want to actually Delete Voicemails after email delivery, but leave it set to NO for the time being. Click Submit and Apply Config to save your settings.

    Next, log into the Linux CLI as root and change to the /usr/local/sbin directory. Then copy the sendmailmp3.ibm file to sendmailmp3: Then edit sendmailmp3.

    cd /usr/local/sbin
    cp -p sendmailmp3.ibm sendmailmp3
    nano -w sendmailmp3
    

    Scroll down to line #21 and enter your actual API_KEY replacing the X’s inside the quotes. Save the file: Ctrl-X, Y, then ENTER. Now call extension 701’s voicemail (*701) and leave yourself a short voicemail message. Within a minute or two, it should be delivered to your email address that you specified for extension 701 voicemails. It will include the voicemail recording as well as a transcription.

    Deploying the AsteriDex Voice Dialer

    AsteriDex is an open source database that is included in every Incredible PBX deployment. You can access it within the web GUI under the Third Party Addon tab. By default, it includes entries for some of the major airlines. You can create as many additional entries as you wish. Also included with Incredible PBX is a voice dialer that is accessed by dialing 411. You’ll be prompted for the name of the person or company to contact. Once you say the name, the voice dialer will place the call using your default outbound route for 10-digit calls. The missing piece is voice recognition software to transcribe what you say into text that can be looked up in AsteriDex to retrieve the number to call. That’s where IBM’s STT engine enters the picture. To deploy it, start by replacing the 411 context in your dialplan. Then we’ll edit the getnumber.sh shell script and insert your STT credentials.

    cd /var/lib/asterisk/agi-bin
    sed -i '\:// BEGIN Call by Name:,\:// END Call by Name:d' \\
     /etc/asterisk/extensions_custom.conf
    sed -i '/\[from-internal-custom\]/r /var/lib/asterisk/agi-bin/ibm-411.txt' \\
     /etc/asterisk/extensions_custom.conf
    asterisk -rx "dialplan reload"
    nano -w getnumber.sh
    

    Scroll down to line #13 and make it look like this: API_USERNAME="apikey"

    On Line #14, enter your actual API_KEY between the quotation marks replacing the X’s. Then save the file: Ctrl-X, Y, then ENTER.

    Now pick up a phone connected to your PBX and dial 411. When prompted for the person/company to call, say "American Airlines."

    Move Over Siri. Here Comes Iris.

    If the idea of instant access to all the world’s information is appealing but you’re not quite ready to invite Siri, Alexa, and Google into your bedroom, then IRIS may be your cup of tea. With the Incredible PBX implementation of Wolfram Alpha, you simply dial I-R-I-S (4747) from any phone, ask a question, and the world’s greatest almanac tied to a supercomputer will provide you an answer. So long as it’s for non-commercial use, you get 2,000 free queries a month just by signing up for a Wolfram Alpha account. Here’s a sample of what’s available:

    Weather in Charleston South Carolina
    Weather forecast for Washington D.C.
    Next solar eclipse
    Otis Redding
    Define politician
    Who won the 1969 Superbowl? (Broadway Joe)
    What planes are flying overhead now? (flying over your server’s location)
    Ham and cheese sandwich (nutritional information)
    Holidays 2019 (summary of all holidays for 2019 with dates and DOW)
    Medical University of South Carolina (history of MUSC)
    Star Trek (show history, air dates, number of episodes, and more)
    Apollo 11 (everything you ever wanted to know)
    Cheapest Toaster (brand and price)
    Battle of Gettysburg (sad day 🙂 )
    Daylight Savings Time 2019 (date ranges and how to set your clocks)
    Tablets by Motorola (pricing, models, and specs from Best Buy)
    Doughnut (you don’t wanna know)
    Snickers bar (ditto)
    Weather (local weather at your server’s location)

    Deploying IRIS is simple. Once you have your Wolfram Alpha APP-ID, edit the 4747 file in /var/lib/asterisk/agi-bin and insert your APP-ID in the first line of the file. Then save it. In the same directory, edit wolfram.sh and enter apikey for your API_USERNAME, your actual IBM STT API key as your API_PASSWORD, and reenter your Wolfram Alpha APPID. Then save the file. Now dial I-R-I-S (4747) from any phone and ask one of the sample questions above.

    UPDATE: A bug crept into the Wolfram Alpha scripts somewhere along the way. Here’s the fix, but you don’t need to install it. Simply log out and back into your Raspberry Pi as root, and the Automatic Update Utility will install it for you.

    cd /var/lib/asterisk/agi-bin
    sed -i 's|results.chr(13).chr(10);|results.chr(13).chr(10).chr(34);|' 4747.php
    

    Using Allison’s Demo IVR for Feature Set Access

    Rather than remembering all of the dial codes we’ve documented above, the easiest way to get instant access to all the features we’ve discussed plus more is to dial D-E-M-O (3366) from any phone connected to your PBX. Better yet, you can share the feature set with your friends by configuring the Demo IVR as the Inbound Route Destination for one of your DIDs. Be careful sharing your password for Telephone Reminders to avoid having some creep schedule multiple reminders to make expensive calls to some ship in the middle of nowhere.

    Updating pbxstatus to Support NeoRouter

    If you have deployed the NeoRouter VPN on your server, you’ve probably noticed that the pbxstatus display looks a bit awkward now since there are multiple local IP addresses. Here’s the fix. Edit /usr/local/sbin/pbxstatus. Scroll down to line #6 and replace it with the following. Then save the file.

    _IP=" Private IP: `cat /etc/hostip | cut -f1-2 -d " "`"
    

    Adding Blinkt for Non-Blacklisted Incoming Calls

    If you deployed the Blinkt hardware addition following our last tutorial, we wanted to add an additional feature that will provide visual alerts when incoming calls arrive. Here’s how:

    cp -p /root/rainbow.py /usr/local/sbin/.
    echo "asterisk ALL = NOPASSWD: /usr/local/sbin/rainbow.py" >> /etc/sudoers
    echo '[app-blacklist-check]
    include => app-blacklist-check-custom
    exten => s,1(check),GotoIf($["${BLACKLIST()}"="1"]?blacklisted)
    exten => s,n,Set(CALLED_BLACKLIST=1)
    exten => s,n,System(/usr/bin/sudo /usr/local/sbin/rainbow.py &)
    exten => s,n,Return()
    exten => s,n(blacklisted),Answer
    exten => s,n,Set(BLDEST=${DB(blacklist/dest)})
    exten => s,n,ExecIf($["${BLDEST}"=""]?Set(BLDEST=app-blackhole,hangup,1))
    exten => s,n,GotoIf($["${returnhere}"="1"]?returnto)
    exten => s,n,GotoIf(${LEN(${BLDEST})}?${BLDEST}:app-blackhole,zapateller,1)
    exten => s,n(returnto),Return()
    ;--== end of [app-blacklist-check] ==--;
    ' >> /etc/asterisk/extensions_override_freepbx.conf
    asterisk -rx "dialplan reload"
    




     

    Originally published: Monday, August 19, 2019



    Need help with Asterisk? Visit the VoIP-info Forum.


     

    Special Thanks to Our Generous Sponsors


    FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

    BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

    The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

    VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
     

    Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
     



    Back to School: It’s Incredible PBX 16-15 for the Raspberry Pi

    It’s Back to School Time in the U.S.A., and we have a terrific new August project for you and your shiny new Raspberry Pi 4. It features Asterisk® 16 with all the latest FreePBX® 15 GPL modules plus the feature sets of Incredible PBX® and RasPBX and RonR’s latest build. And it’s all rolled into one terrific (free) bundle. It’s literally the best of all worlds. Finally, a word of caution. This is a work in progress. If you’re looking for instant perfection, come back after Labor Day. But, if you want to roll up your sleeves and participate in an open source project, you’ve come to the right place. We welcome your comments AND contributions. After all, that’s what open source development is all about. Participate!

    This is the first of several articles on Incredible PBX 16-15. Today, we’ll get your platform built and walk you through what’s included in the new build. You can expect a new release regularly until we work through all of the kinks and some of the missing pieces. If you’ve been following our articles this past month, you already know that restoring backups from Incredible PBX 13-13 into Incredible 16-15 was one of the primary development goals of FreePBX 15. It remains a little rough around the edges, but we’re close on the CentOS platform. And, in coming weeks, we’ll integrate what we’ve learned on the CentOS 7 platform into the Raspbian 10 Buster image for the Raspberry Pi. In the meantime, come enjoy and explore the powerful, new feature set that comes with Incredible PBX 16-15 out of the box. Unlike RonR’s build, there’s nothing to compile with Incredible PBX 16-15 for Raspbian 10 even though all of the components are there to let you do so whenever the mood strikes. And, unlike the FreePBX Distro, we don’t rely on static packages which make it difficult to make future modifications on your own. Instead, Incredible PBX 16-15 offers a snapshot image with a complete toolkit to make future modifications as desired.

    What’s Included? Incredible PBX 16-15 for Raspbian 10 serves up a VoIP powerhouse featuring Asterisk 16 and all FreePBX 15 GPL modules, an Apache web server, the latest MariaDB SQL server (formerly MySQL), Exim4 mail server, and most of the Incredible PBX feature set including SIP, SMS, voice recognition, AsteriDex, PicoTTS Text-to-Speech VoIP applications plus fax support, Click-to-Dial, News, Weather, Telephone Reminders, and hundreds of features that typically are found in commercial PBXs: Conferencing, IVRs and AutoAttendants, Email Delivery of Voicemail, Voicemail Blasting, and more. We’ve also incorporated the Zero Trunk Configuration feature from the LITE build which lets you sign up with one of four VoIP providers and start making and receiving calls instantly.

    Choosing a SIP Provider. As we mentioned, Incredible PBX 16-15 comes preconfigured to support four of the major SIP providers: Skyetel, VoIP.ms, V1VoIP, and Anveo Direct. We obviously hope you’ll choose Skyetel not only because they financially support Nerd Vittles and our open source projects, but also because it is a clearly superior platform offering crystal-clear communications and quadruple-redundancy so you never miss a call. Skyetel also sets itself apart from the other providers in the support department. They actually respond to issues, and there’s never a charge. As the old saying goes, they may not be the cheapest, but you get what you pay for. Even without taking advantage of Nerd Vittles free $10 credit plus a half-price offer on up to $500 of Skyetel services, they’re still dirt cheap compared to the Bell Sisters and cable companies. Traditional DIDs are $1 per month. Outbound conversational calls are $0.012 per minute. Incoming conversational calls are a penny a minute, and CallerID lookups are $0.004. With all four providers, you only pay for minutes you use. Using more than one is a good idea. With your Skyetel $10 credit, there’s ample funding to order a phone number and make hundreds of calls at zero cost. Once you’re satisfied with the service (and you will be), you can fund your account with up to $250, and Skyetel will match your deposit plus give you free number porting for any existing numbers you want to add to your account. Quite literally, you have nothing to lose. Effective 10/1/2023, $25/month minimum spend required.


    Assembling the Required Raspberry Pi Components

    Before you can deploy Incredible PBX 16-15, you’ll first need the necessary Raspberry Pi hardware. Here’s the short list and, if you’re in a hurry, the $35 Raspberry Pi 3B+ will cost you less than $3 extra to get it quickly from Amazon using our referral link. If you prefer to wait for a Raspberry Pi 4, read on. Either way, the RasPi remains one of the world’s best bargains! Assuming you already own an HDMI-compatible monitor and a USB keyboard

  • Raspberry Pi 4B from a Raspberry Pi reseller
  • $8 USB-C RasPi 4 (only) Power Supply
  • $10 32GB microSDHC Class 10 card (strongly recommended!)
  • $5 Official RasPi 4 Case
  • Getting Started with Incredible PBX 16-15

    Here’s our 10-Step Guide to installation and setup. "Automatic" means just watch. Steps #1 and #2: follow the links. For the remaining steps, we’ll further document the procedures.

    1. Download and unzip Incredible PBX 16-15 image from SourceForge
    2. Transfer Incredible PBX 16-15 image to microSD card
    3. Boot Raspberry Pi from new microSD card (16GB minimum)
    4. Login to RasPi console as root:password to initialize your server (Automatic)
    5. In raspi-config Advanced Options, Expand FileSystem to fill your SD card
    6. In Localization Options, set Locale, TimeZone, Keyboard, & WiFi Country
    7. Reboot after writing down your server IP address (Automatic)
    8. Login via SSH or Putty as root:password to set passwords & setup firewall (Automatic)
    9. Run admin-pw-change to set the admin password for access to the web GUI
    10. Register for and configure at least one trunk provider for Incredible PBX 16-15
    11. Enjoy!

    First Boot of Incredible PBX 16-15 with Wi-Fi

    Incredible PBX 16-15 requires Internet connectivity to complete its automated install. If you’re using a wired network connection, you can skip to the next section. With the Raspberry Pi 3B and 4B, WiFi is built into the hardware. But you still have to insert your SSID name and SSID password to make a connection to your WiFi network. To do so, follow these next steps carefully. Insert the Incredible PBX 16-15 microSD card into your Raspberry Pi 3 or 4 and apply power to the hardware. When the bootup procedure finishes, login as root with the default password: password. At the first prompt, DO NOT PRESS THE ENTER KEY! Instead, press Ctrl-C to break out of the setup script. At the command prompt, issue the following commands to bring up the WiFi config file:

    cd /etc/wpa_supplicant
    nano -w wpa_supplicant.conf
    

    If your WiFi network does not require a password, uncomment or insert the four lines below and save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.

    network={
     key_mgmt=NONE
     priority=1
    }
    

    If your WiFi network requires a password, uncomment or insert the following into wpa_supplicant.conf:

    ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
    update_config=1
    
    network={
     ssid="YourSSID"
     psk="YourSSIDpassword"
     key_mgmt=WPA-PSK
     scan_ssid=1
     priority=7
    }
    

    Then scroll down to the SSID entry and replace YourSSID with the actual SSID of your WiFi network. Make sure you preserve the entry with the quotes as shown. Next, replace YourSSIDpassword with the SSID password of your WiFi network. Save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.

    Once the reboot process finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in a minute. Skip the next section since you are using a WiFi connection.

    If you don’t see an IP address assigned to your server, then correct the network deficiency (invalid WiFi credentials, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.

    First Boot of Incredible PBX Using Wired Connection

    Incredible PBX 16-15 requires Internet connectivity to complete its automated install. After connecting your server to your local network with a network cable, insert the Incredible PBX 16-15 microSD card into your Raspberry Pi and apply power to the hardware. When the bootup procedure finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in the next step.

    If you don’t see an IP address assigned to your server, then correct the network deficiency (cable not connected, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.

    Completing the Incredible PBX Initialization Procedure

    Unless your desktop PC and RasPi are both on the same private LAN, the remainder of the install procedure should be completed from a desktop PC using SSH or Putty. This will assure that your desktop PC is also whitelisted in the Incredible PBX firewall. Using the console to complete the install is NOT recommended as your desktop PC will not be whitelisted in the firewall. This may result in your not being able to log in to your server. Once you have network connectivity, log in to your server as root from a desktop PC using the default password: password. Accept the license agreement by pressing ENTER. You then will be redirected to raspi-config. This is the utility used to expand your Incredible PBX 16-15 image to use your entire microSD card. If you fail to complete this step, your microSD card will be restricted to 16GB. In the raspi-config utility, choose Localization Options and set Locale, TimeZone, Keyboard, & WiFi Country. Then choose Advanced Options. All of the defaults should be satisfactory with the exception of the first item: Expand Filesystem. Choose this option and activate the resizing directive. Review the other items and then exit and reboot.

    Once your server reboots and you log back in as root, all of your passwords will be randomly assigned with the exception of the root user Linux password and your admin password for access to the web GUI. You can set the root password by issuing the command: passwd. Set the admin password for access to the web GUI with this command: /root/admin-pw-change. With the exception of these two passwords, the remaining passwords can be displayed using the command: /root/show-passwords.

    Finally, if your PBX is sitting behind a NAT-based router, you’ll need to redirect incoming UDP 5060-5061 and UDP 10000-20000 traffic to the private IP address of your PBX. This is required for all of the SIP providers included in the Incredible PBX 16-15 build. Otherwise, all inbound calls will fail.

    Configuring Skyetel for Incredible PBX 16-15

    If you’ve decided to go with Skyetel, here’s the drill. Sign up for Skyetel service and take advantage of the Nerd Vittles Free $10 credit and BOGO special. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request the $10 credit for your account by referencing the Nerd Vittles special offer. Once you are happy with the service, open another ticket after funding your account and request that Skyetel match your deposit of up to $250. That gets you up to $500 of helf-price calling. Credit is limited to one per person/company/address/location. If you have numbers to port in, you can do it at no cost after funding your account.

    Skyetel does not use SIP registrations to make connections to your PBX. Instead, Skyetel utilizes Endpoint Groups to identify which servers can communicate with the Skyetel service. An Endpoint Group consists of a Name, an IP address, a UDP or TCP port for the connection, and a numerical Priority for the group. For incoming calls destined to your PBX, DIDs are associated with an Endpoint Group to route the calls to your PBX. For outgoing calls from your PBX, a matching Endpoint Group is required to authorize outbound calls through the Skyetel network. Thus, the first step in configuring the Skyetel side for use with your PBX is to set up an Endpoint Group. Here’s a typical setup for Incredible PBX 16-15:

    • Name: MyPBX
    • Priority: 1
    • IP Address: PBX-Public-IP-Address
    • Port: 5060
    • Protocol: UDP
    • Description: 16-15.incrediblepbx.com

    To receive incoming PSTN calls, you’ll need at least one DID. On the Skyetel site, you acquire DIDs under the Phone Numbers tab. You have the option of Porting in Existing Numbers (free for the first 60 days after you fund your account) or purchasing new ones under the Buy Phone Numbers menu option.

    Once you have acquired one or more DIDs, navigate to the Local Numbers or Toll Free Numbers tab and specify the desired SIP Format and Endpoint Group for each DID. Add SMS/MMS and E911 support, if desired. Call Forwarding and Failover are also supported. That completes the VoIP setup on the Skyetel side. System Status is always available here.

    Configuring VoIP.ms for Incredible PBX 16-15

    To sign up for VoIP.ms service, may we suggest you use our signup link so that Nerd Vittles gets a referral credit for your signup. Once your account is set up, you’ll need to set up a SIP SubAccount and, for Authentication Type, choose Static IP Authentication and enter your Incredible PBX 16-15 server’s public IP address. For Transport, choose UDP. For Device Type, choose Asterisk, IP PBX, Gateway or VoIP Switch. Order a DID in their web panel, and then point the DID to the SubAccount you just created. Be sure to specify atlanta1.voip.ms as the POP from which to receive incoming calls.

    Configuring V1VoIP for Incredible PBX 16-15

    To sign up for V1VoIP service, sign up on their web site. Then login to your account and order a DID under the DIDs tab. Once the DID has been assigned, choose View DIDs and click on the Forwarding button beside your DID. For Option #1, choose Forward to IP Address/PBX. For the Fowarding Address, enter the public IP address of your server. For the T/O (timeout) value, set it to 2o seconds. Then click the Update button. Under the Termination tab, create a new Endpoint with the public IP address of your server so that you can place outbound calls through V1VoIP.

    Configuring Anveo Direct for Incredible PBX 16-15

    To sign up for Anveo Direct service, sign up on their web site and then login. After adding funds to your account, purchase a DID under Inbound Service -> Order DID. Next, choose Configure Destination SIP Trunk. Give the Trunk a name. For the Primary SIP URI, enter $[E164]$@server-IP-address. For Call Options, select your new DID from the list. You also must whitelist your public IP address under Outbound Service -> Configure. Create a new Call Termination Trunk and name it to match your server. For Dialing Prefix, choose six alphanumeric characters beginning with a zero. In Authorized IP Addresses, enter the public IP address of your server. Set an appropriate rate cap. We like $0.01 per minute to be safe. Set a concurrent calls limit. We like 2. For the Call Routing Method, choose Least Cost unless you’re feeling extravagant. For Routes/Carriers, choose Standard Routes. Write down your Dialing Prefix and then click the Save button.

    Before you can make outbound calls through Anveo Direct from your PBX, you first must configure the Dialing Prefix that you wrote down in the previous step. Using a browser, login to the GUI as admin. Navigate to Connectivity -> Trunks -> Anveo-Out. Click the Pencil icon to edit the trunk settings. Then click the Custom Settings tab. Replace anveo-pin with your actual Anveo PIN. Click Submit and Apply Settings to save your changes.

    By default, incoming Anveo Direct calls will be processed by the Default inbound route on your PBX. If you wish to redirect incoming Anveo Direct calls using DID-specific inbound routes, then you’ve got a bit more work to do. In addition to creating the inbound route using the 11-digit Anveo Direct DID, enter the following commands after logging into your server as root using SSH/Putty:

    cd /etc/asterisk
    echo "[from-anveo]" >> extensions_custom.conf
    echo "exten => _.,1,Ringing" >> extensions_custom.conf
    echo "exten => _.,n,Goto(from-trunk,\\${SIP_HEADER(X-anveo-e164)},1)" >> extensions_custom.conf
    asterisk -rx "dialplan reload"
    

    Configuring a Softphone for Incredible PBX 16-15

    We’re in the home stretch now. You can connect virtually any kind of telephone to your new PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.

    We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You can find them by running /root/show-passwords. You’ll need the IP address of your server plus your extension 701 password. In the YateClient, fill in the blanks using the IP address of your Server, 701 for your Username, and whatever Password was assigned to the extension when you installed Incredible PBX. Click OK to save your entries.

    Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

    DEMO - Apps Demo
    123 - Reminders
    947 - Weather by ZIP Code
    951 - Yahoo News
    TODAY - Today in History
    LENNY - The Telemarketer's Worst Nightmare
    

    If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.

    Audio Issues with Incredible PBX 16-15

    Only if you experience one-way or no audio on some calls, add your external IP address and LAN subnet in the GUI by navigating to Settings -> Asterisk SIP Settings. In the NAT Settings section, click Detect Network Settings. Click Submit and Apply Settings to save your changes.

    Configuring Gmail as Exim Smart Relay Host

    Most Raspberry Pi implementations will be on networks managed by companies like Comcast, Spectrum, and AT&T that block downstream mail servers (that’s you) from sending email. The solution is to use Gmail or your local ISP as a smart relay host to send mail from your server. You’ll need this to deliver voicemails via email. Here’s how to set it up using a Gmail account without two-step authentication. Log into your server as root and run configure-exim-email. Choose "mail sent by smarthost; received via SMTP or fetchmail." Accept all the defaults until you get to Outgoing Smarthost prompt. Enter: smtp.gmail.com::587. At the following prompts, choose NO, NO, mbox, and NO. When the setup completes, edit /etc/exim4/passwd.client and insert the following line using your Gmail AcctName and AcctPW:

    *.google.com:AcctName@gmail.com:AcctPW
    smtp.gmail.com:AcctName@gmail.com:AcctPW
    

    Save the file and then issue the following commands to complete the setup:

    update-exim4.conf
    systemctl restart exim4
    exim4 -qff
    

    Now send yourself a test email message to make sure things are working properly:

    echo "test" | mail -s testmessage yourname@yourmailprovider.com
    

    Some prefer an email notification whenever your server is booted. Once you have configured a relay host above, you can add the feature by editing /etc/rc.local and adding the following lines with your actual email address just above the service knockd start line:

    _PRIVATE="Private IP: `cat /etc/hostip | cut -f1-2 -d " "`"
    _PUBLIC=" Public IP: `curl -s -S --user-agent \\
    "Mozilla/4.0" http://myip.incrediblepbx.com | awk 'NR==2'`"
    echo "$_PRIVATE\\n$_PUBLIC" | mail -s "RasPi 16-15 has booted" yourname@yourmailserver.com
    

    Incredible PBX 16-15 Administration

    We’ve eased the pain of administering your new PBX with a collection of scripts which you will find in the /root folder after logging in with SSH or Putty. Here’s a quick summary of what each of the scripts does.

    admin-pw-change lets you update the admin password for web browser access to the Incredible PBX GUI.

    apache-pw-change lets you update the admin password for Apache applications such as AsteriDex and Reminders.

    avantfax-pw-change lets you update the root password for AvantFax access (coming soon!).

    add-fqdn is used to whitelist a fully-qualified domain name in the firewall. Because Incredible PBX 16-15 blocks all traffic from IP addresses that are not whitelisted, this is what you use to authorize an external user for your PBX. The advantage of an FQDN is that you can use a dynamic DNS service to automatically update the IP address associated with an FQDN so that you never lose connectivity.

    add-ip is used to whitelist a public IP address in the firewall. See the add-fqdn explanation as to why this matters.

    del-acct is used to remove an IP address or FQDN from the firewall’s whitelist.

    configure-exim-email lets you reconfigure the email server if you need to use an SMTP relay such as Google to get outbound email flowing. Tutorial here.

    iptables-restart is the ONLY command you should ever use to restart the IPtables firewall and Fail2Ban.

    knock.FAQ contains your PortKnocker credentials for emergency access to your server if the firewall locks you out. Tutorial here.

    proximity (once configured) will automatically forward calls to your cellphone when you are out of BlueTooth range from your RasPi. Also must enable running of script in /etc/crontab.

    reset-conference-pins is a script that automatically and randomly resets the user and admin pins for access to the preconfigured conferencing application. Dial C-O-N-F from any registered SIP phone to connect to the conference.

    reset-extension-passwords is a script that automatically and randomly resets ALL of the SIP passwords for extensions 701-705. Be careful using this one, or you may disable existing registered phones and cause Fail2Ban to blacklist the IP addresses of those users. HINT: You can place a call to the Ring Group associated with all five extensions by dialing 777.

    reset-reminders-pin is a script that automatically and randomly resets the pin required to access the Telephone Reminders application by dialing 123. It’s important to protect this application because a nefarious user could set up a reminder to call a number anywhere in the world assuming your SIP provider’s account was configured to allow such calls.

    show-feature-codes is a cheat sheet for all of the feature codes which can be dialed from any registered SIP phone. It documents how powerful a platform Incredible PBX 16-15 actually is. A similar listing is available in the GUI at Admin -> Feature Codes.

    show-passwords is a script that displays ALL of the passwords associated with Incredible PBX 16-15. This includes SIP extension passwords, voicemail pins, conference pins, telephone reminders pin, and your Anveo Direct outbound calling pin (if configured). Note that voicemail pins are configured by the user of a SIP extension the first time the user accesses the voicemail system by dialing *97.

    timezone-setup lets you reconfigure the correct time zone for your server.

    purge-cdr-cel-records cleans out all existing entries in both the CDR and CEL tables of the Asterisk CDR database.

    log-cleanup removes all entries from most of the logs in /var/log.

    sig-fix disables module signature checking in FreePBX. It is automatically disabled upon installation.

    readme-RonR.txt documents the scripts provided from RonR build. We do NOT recommend using the FCC Blacklist because of its current size.

    update-IncrediblePBX is the Automatic Update Utility which checks for server updates from incrediblepbx.com every time you log into your server as root using SSH or Putty. Do NOT disable it as it is used to load important fixes and security updates when necessary. We recommend logging into your server at least once a week.

    pbxstatus (shown above) displays status of all major components of Incredible PBX 16-15.

    Forwarding Calls to Your Cellphone. Keep in mind that inbound calls to your DIDs automatically ring all five SIP extensions, 701-705. The easiest way to also ring your cellphone is to set one of these five extensions to forward incoming calls to your cellphone. After logging into your PBX as root, issue the following command to forward calls from extension 705 to your cellphone: asterisk -rx "database put CF 705 6781234567"

    To remove call forwarding: asterisk -rx "database del CF 705"

    Incredible PBX 16-15 Last-Minute Fixes

    For each release, we will post fixes for Incredible PBX 16-15 here. If you download a newer release, previous fixes have already been addressed and should not be applied. If you’re still using an earlier release, be sure to apply all patches for your release plus all patches for subsequent releases.

    Release 1 Fixes:

    Login to your server as root and issue the following commands to update your server. A reboot is not required unless noted.

    service knockd start
    sed -i 's|exit 0"|exit zero"|' /etc/rc.local
    sed -i 's|exit 0|service knockd start\\nexit 0|' /etc/rc.local
    /root/reset-extension-passwords
    

    A glitch in the admin-pw-change utility used to set the password for web access to the GUI has also been fixed. Simply log out of your server and log back in as root, and the Automatic Update Utility will fix the problem. You then can successfully set your admin password.

    Release 2 Fixes:

    # failed exim messages from Fail2Ban
    sed -i 's|/dev/null|:blackhole:|' /etc/aliases
    systemctl restart exim4
    exim -bp | exiqgrep -i | xargs exim -Mrm
    systemctl restart fail2ban
    # missing AGI files
    cd /var/lib/asterisk/agi-bin
    wget http://incrediblepbx.com/raspi1615-agibin.tar.gz
    tar zxvf raspi1615-agibin.tar.gz
    rm -f raspi1615-agibin.tar.gz
    

    Release 3 Updates/Fixes:

    Release 3 adds dozens of Incredible PBX applications. See the Application User’s Guide for tutorials. In addition, release 3 adds MySQL ODBC support (special thanks to @jerrm for sorting this out) with demo Asterisk applications for customer lookups (dial 222 and enter 12345) and AsteriDex speed dials (dial 223 and enter 335 (D-E-L) for Delta Airlines.

    Release 4 Updates/Fixes:

    Release 4 adds Allison’s Demo IVR and Stealth AutoAttendant as well as support for Blinkt!. It provides hourly alerts during the workday as well as whenever pbxstatus is run. You can order one here. This brings us to functional equivalence with the CentOS 7 release of Incredible PBX 16-15.

    Release 5 Updates/Fixes:

    Release 5 sets NAT default setting for all extensions to YES. This reduces the likelihood that callers will experience one-way audio on calls. The size of the swap file also was double to eliminate dashboard warning messages when some larger microSD cards were deployed.

    Continue Reading: Icing on the Cake for Incredible PBX 16-15 and Raspberry Pi

    Originally published: Wednesday, August 7, 2019



    Need help with Asterisk? Visit the VoIP-info Forum.


     

    Special Thanks to Our Generous Sponsors


    FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

    BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

    The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

    VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
     

    Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
     



    Introducing Incredible PBX LITE featuring Raspbian 10



    As you may know, the Raspberry Pi Foundation introduced the $35 Raspberry Pi 4 last week. In addition to jaw-dropping hardware enhancements, the introduction also included the new Raspbian 10 (Buster) platform which was surprising since Debian 10 isn’t scheduled for official release until the end of this week. As with prior releases, Raspbian 10 brought with it some major headaches for the VoIP community not the least of which is FreePBX® cannot (yet) be installed. But sometimes there’s a silver lining accompanying bad news.

    Several Debian 10 issues caused us to rethink what a VoIP platform for the Raspberry Pi actually should look like. After all, most Raspberry Pi hobbyists aren’t interested in mastering the intricacies of Asterisk® and FreePBX. They’re more concerned with a stable, fast VoIP communications platform that’s easy to deploy and will operate without hiccups in a home or small office environment. Thus was born Incredible PBX LITE, a new turnkey VoIP platform that requires zero configuration out of the box and supports five SIP telephones and up to four trunk providers for low-cost worldwide calling. Simply sign up with one of these VoIP service providers, acquire a telephone number (DID), enter the IP address of your PBX, and you can instantly make and receive calls using up to five SIP telephones or softphones.

    UPDATE: If you’d prefer the full-featured Incredible PBX 16-15 for the Raspberry Pi, it’s now available here as well.

    What’s Included? Despite its name, Incredible PBX LITE still serves up a VoIP powerhouse featuring Asterisk 13, an Apache web server, the latest MariaDB SQL server (formerly MySQL), SendMail, and most of the Incredible PBX feature set including SIP, SMS, Opus, voice recognition, FLITE Text-to-Speech VoIP applications plus fax support, Click-to-Dial, News, Weather, Reminders, and hundreds of features that typically are found in commercial PBXs: Conferencing, IVRs and AutoAttendants, Email Delivery of Voicemail, Voicemail Blasting…

    What’s Missing? We’ve removed the entire FreePBX GUI platform while retaining most of its feature set. We’ve also eliminated the need to run a web server or database server although they’re still there. And gone are the days of having to configure extensions and trunks as well as inbound and outbound routes before you can actually use your PBX to make your first call. The tradeoff is a noticeable performance improvement. While a Raspberry Pi 4 isn’t required to run Incredible PBX LITE, doing so provides another three-fold performance boost compared to a Raspberry Pi 3B+. Simply stated, Incredible PBX LITE performance now rivals what you would expect on a powerful cloud-based platform such as Digital Ocean or Vultr.

    Choosing a SIP Provider. As we mentioned, Incredible PBX LITE comes preconfigured to support four of the major SIP providers: Skyetel, VoIP.ms, V1VoIP, and Anveo Direct. We obviously hope you’ll choose Skyetel not only because they financially support Nerd Vittles and our open source projects, but also because it is a clearly superior platform offering crystal-clear communications and triple-redundancy so you never miss a call. Skyetel also sets itself apart from the other providers in the support department. They actually respond to issues, and there’s never a charge. As the old saying goes, they may not be the cheapest, but you get what you pay for. Even without taking advantage of Nerd Vittles half-price offer on up to $500 of Skyetel services, they’re still dirt cheap compared to the Bell Sisters and cable companies. Traditional DIDs are $1 per month. Outbound conversational calls are $0.012 per minute. Incoming conversational calls are a penny a minute, and CallerID lookups are $0.004. With all four providers, you only pay for minutes you use. Using more than one is a good idea. Effective 10/1/2023, $25/month minimum spend required.


    Assembling the Required Raspberry Pi Components

    Before you can deploy Incredible PBX LITE, you’ll first need the necessary Raspberry Pi hardware. Here’s the short list and, if you’re in a hurry, the $35 Raspberry Pi 3B+ will cost you less than $3 extra to get it quickly from Amazon using our referral link. If you prefer to wait for a Raspberry Pi 4, read on. Either way, the RasPi remains one of the world’s best bargains! Assuming you already own an HDMI-compatible monitor and a USB keyboard

  • Raspberry Pi 4B from a Raspberry Pi reseller
  • $8 15.3W USB-C RasPi 4 (only) Power Supply
  • $8 32GB microSDHC Class 10 card (strongly recommended!)
  • $5 Official RasPi 4 Case
  • Getting Started with Incredible PBX LITE

    Here’s everything to know about installation and setup. "Automatic" means just watch. Steps #1 and #2 are self-explanatory. For the remaining steps, we’ll further document the procedures in the sections below.

    1. Download and unzip Incredible PBX LITE image from SourceForge
    2. Transfer Incredible PBX LITE image to microSD card
    3. Boot Raspberry Pi from new microSD card (16GB minimum)
    4. Login to RasPi console as root:password to initialize your server (Automatic)
    5. In raspi-config Advanced Options, Expand FileSystem to fill your SD card
    6. In Localization Options, set Locale, TimeZone, Keyboard, & WiFi Country
    7. Reboot after writing down your server IP address (Automatic)
    8. Login via SSH or Putty as root:password to set passwords & setup firewall (Automatic)
    9. Register for and configure at least one trunk provider for Incredible PBX LITE
    10. Install Incredible Fax: /root/incrediblefax13_raspi3.sh (Credentials: admin:password)

    First Boot of Incredible PBX LITE with Wi-Fi

    Incredible PBX LITE requires Internet connectivity to complete its automated install. If you’re using a wired network connection, you can skip to the next section. With the Raspberry Pi 3B and 4B, WiFi is built into the hardware. But you still have to insert your SSID name and SSID password to make a connection to your WiFi network. To do so, follow these next steps carefully. Insert the Incredible PBX LITE microSD card into your Raspberry Pi 3 or 4 and apply power to the hardware. When the bootup procedure finishes, login as root with the default password: password. At the first prompt, DO NOT PRESS THE ENTER KEY! Instead, press Ctrl-C to break out of the setup script. At the command prompt, issue the following commands to bring up the WiFi config file:

    cd /etc/wpa_supplicant
    nano -w wpa_supplicant.conf
    

    If your WiFi network does not require a password, then uncomment the four lines below and save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.

    network={
     key_mgmt=NONE
     priority=1
    }
    

    If your WiFi network requires a password, scroll down to the SSID entry and replace YourSSID with the actual SSID of your WiFi network. Make sure you preserve the entry with the quotes as shown. Next, replace YourSSIDpassword with the SSID password of your WiFi network. Save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.

    Once the reboot process finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in a minute. Skip the next section since you are using a WiFi connection.

    If you don’t see an IP address assigned to your server, then correct the network deficiency (invalid WiFi credentials, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.

    First Boot of Incredible PBX Using Wired Connection

    Incredible PBX LITE requires Internet connectivity to complete its automated install. After connecting your server to your local network with a network cable, insert the Incredible PBX LITE microSD card into your Raspberry Pi and apply power to the hardware. When the bootup procedure finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in the next step.

    If you don’t see an IP address assigned to your server, then correct the network deficiency (cable not connected, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.

    Completing the Incredible PBX Initialization Procedure

    Unless your desktop PC and RasPi are both on the same private LAN, the remainder of the install procedure should be completed from a desktop PC using SSH or Putty. This will assure that your desktop PC is also whitelisted in the Incredible PBX firewall. Using the console to complete the install is NOT recommended as your desktop PC will not be whitelisted in the firewall. This may result in your not being able to log in to your server. Once you have network connectivity, log in to your server as root from a desktop PC using the default password: password. Accept the license agreement by pressing ENTER. You then will be redirected to raspi-config. This is the utility used to expand your Incredible PBX LITE image to use your entire microSD card. If you fail to complete this step, your microSD card will be restricted to 16GB. In the raspi-config utility, choose Localization Options and set Locale, TimeZone, Keyboard, & WiFi Country. Then choose Advanced Options. All of the defaults should be satisfactory with the exception of the first item: Expand Filesystem. Choose this option and activate the resizing directive. Review the other items and then exit and reboot.

    Once your server reboots and you log back in as root, all of your passwords will be randomly assigned with the exception of the root user Linux password. You can set it by issuing the command: passwd. With the exception of your root user password, the remaining passwords can be displayed using the command: /root/show-passwords.

    Finally, if your PBX is sitting behind a NAT-based router, you’ll need to redirect incoming UDP 5060 and UDP 10000-20000 traffic to the private IP address of your PBX. This is required for all of the SIP providers included in the Incredible PBX LITE build. Otherwise, all inbound calls will fail.

    SECURITY ALERT: There was a configuration error in the initial setup which leaves the firewall deactivated. This gets corrected by the Incredible PBX Automatic Update Utility the next time you login to your server as root. Please do so immediately.

    Configuring Skyetel for Incredible PBX LITE

    If you’ve decided to go with Skyetel, here’s the drill. Sign up for Skyetel service and take advantage of the Nerd Vittles BOGO special. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request the BOGO credit for your account by referencing the Nerd Vittles special offer. Skyetel will match your deposit of up to $250 which gets you up to $500 of helf-price calling. Credit is limited to one per person/company/address/location.

    Skyetel does not use SIP registrations to make connections to your PBX. Instead, Skyetel utilizes Endpoint Groups to identify which servers can communicate with the Skyetel service. An Endpoint Group consists of a Name, an IP address, a UDP or TCP port for the connection, and a numerical Priority for the group. For incoming calls destined to your PBX, DIDs are associated with an Endpoint Group to route the calls to your PBX. For outgoing calls from your PBX, a matching Endpoint Group is required to authorize outbound calls through the Skyetel network. Thus, the first step in configuring the Skyetel side for use with your PBX is to set up an Endpoint Group. Here’s a typical setup for Incredible PBX LITE:

    • Name: MyPBX
    • Priority: 1
    • IP Address: PBX-Public-IP-Address
    • Port: 5060
    • Protocol: UDP
    • Description: lite1.incrediblepbx.com

    To receive incoming PSTN calls, you’ll need at least one DID. On the Skyetel site, you acquire DIDs under the Phone Numbers tab. You have the option of Porting in Existing Numbers (free for the first 60 days after you sign up for service) or purchasing new ones under the Buy Phone Numbers menu option.

    Once you have acquired one or more DIDs, navigate to the Local Numbers or Toll Free Numbers tab and specify the desired SIP Format and Endpoint Group for each DID. Add SMS/MMS and E911 support, if desired. Call Forwarding and Failover are also supported. That completes the VoIP setup on the Skyetel side. System Status is always available here.

    Configuring VoIP.ms for Incredible PBX LITE

    To sign up for VoIP.ms service, may we suggest you use our signup link so that Nerd Vittles gets a referral credit for your signup. Once your account is set up, you’ll need to set up a SIP SubAccount and, for Authentication Type, choose Static IP Authentication and enter your Incredible PBX LITE server’s public IP address. For Transport, choose UDP. For Device Type, choose Asterisk, IP PBX, Gateway or VoIP Switch. Order a DID in their web panel, and then point the DID to the SubAccount you just created. Be sure to specify atlanta1.voip.ms as the POP from which to receive incoming calls.

    Configuring V1VoIP for Incredible PBX LITE

    To sign up for V1VoIP service, sign up on their web site. Then login to your account and order a DID under the DIDs tab. Once the DID has been assigned, choose View DIDs and click on the Forwarding button beside your DID. For Option #1, choose Forward to IP Address/PBX. For the Fowarding Address, enter the public IP address of your server. For the T/O (timeout) value, set it to 2o seconds. Then click the Update button. Under the Termination tab, create a new Endpoint with the public IP address of your server so that you can place outbound calls through V1VoIP.

    Configuring Anveo Direct for Incredible PBX LITE

    To sign up for Anveo Direct service, sign up on their web site and then login. After adding funds to your account, purchase a DID under Inbound Service -> Order DID. Next, choose Configure Destination SIP Trunk. Give the Trunk a name. For the Primary SIP URI, enter $[E164]$@server-IP-address. For Call Options, select your new DID from the list. You also must whitelist your public IP address under Outbound Service -> Configure. Create a new Call Termination Trunk and name it to match your server. For Dialing Prefix, choose six alphanumeric characters beginning with a zero. In Authorized IP Addresses, enter the public IP address of your server. Set an appropriate rate cap. We like $0.01 per minute to be safe. Set a concurrent calls limit. We like 2. For the Call Routing Method, choose Least Cost unless you’re feeling extravagant. For Routes/Carriers, choose Standard Routes. Write down your Dialing Prefix and then click the Save button.

    Before you can make outbound calls through Anveo Direct from your PBX, you first must configure the Dialing Prefix that you wrote down in the previous step. Login to your server as root and use nano to edit extensions_additional.conf in the /etc/asterisk directory. Search (Ctl-W) for anveo-pin and replace anveo-pin with the 6-digit alphanumeric PIN for your account. Press Ctrl-X, Y, then Enter to save your settings. Reload your dialplan with the command: asterisk -rx "dialplan reload"

    Audio Issues with Incredible PBX LITE

    Only if you experience one-way or no audio on some calls, add your external IP address and LAN subnet in /etc/asterisk/sip_general_custom.conf like the following example:

    nat=yes
    externip=xxx.xxx.xxx.xxx
    localnet=192.168.0.0/255.255.0.0 
    

    Then restart Asterisk: systemctl restart asterisk

    Configuring a Softphone for Incredible PBX LITE

    We’re in the home stretch now. You can connect virtually any kind of telephone to your new PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.

    We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You can find them by running /root/show-passwords. You’ll need the IP address of your server plus your extension 701 password. In the YateClient, fill in the blanks using the IP address of your Server, 701 for your Username, and whatever Password was assigned to the extension when you installed Incredible PBX. Click OK to save your entries.

    Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

    DEMO - Apps Demo
    123 - Reminders
    947 - Weather by ZIP Code
    951 - Yahoo News
    TODAY - Today in History
    LENNY - The Telemarketer's Worst Nightmare
    

    If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.

    Incredible PBX LITE Administration

    We’ve eased the pain of administering your new PBX with a collection of scripts which you will find in the /root folder after logging in with SSH or Putty. Here’s a quick summary of what each of the scripts does.

    add-fqdn is used to whitelist a fully-qualified domain name in the firewall. Because Incredible PBX LITE blocks all traffic from IP addresses that are not whitelisted, this is what you use to authorize an external user for your PBX. The advantage of an FQDN is that you can use a dynamic DNS service to automatically update the IP address associated with an FQDN so that you never lose connectivity.

    add-ip is used to whitelist a public IP address in the firewall. See the add-fqdn explanation as to why this matters.

    del-acct is used to remove an IP address or FQDN from the firewall’s whitelist.

    proximity is a script used in conjunction with bluetooth to decipher whether your smartphone is within range of your server. If not, the script forwards calls to extension 701 to an extension or external smartphone of your choice. Edit the proximity script to add your preferences. Then uncomment the proximity line in /etc/crontab. Complete setup details on setup are available in our previous tutorial.

    reset-conference-pins is a script that automatically and randomly resets the user and admin pins for access to the preconfigured conferencing application. Dial C-O-N-F from any registered SIP phone to connect to the conference.

    reset-extension-passwords is a script that automatically and randomly resets ALL of the SIP passwords for extensions 701-705. Be careful using this one, or you may disable existing registered phones and cause Fail2Ban to blacklist the IP addresses of those users. HINT: You can place a call to the Ring Group associated with all five extensions by dialing 777.

    reset-reminders-pin is a script that automatically and randomly resets the pin required to access the Telephone Reminders application by dialing 123. It’s important to protect this application because a nefarious user could set up a reminder to call a number anywhere in the world assuming your SIP provider’s account was configured to allow such calls.

    show-feature-codes is a cheat sheet for all of the feature codes which can be dialed from any registered SIP phone. It documents how powerful a platform Incredible PBX LITE actually is.

    show-passwords is a script that displays ALL of the passwords associated with Incredible PBX LITE. This includes SIP extension passwords, voicemail pins, conference pins, telephone reminders pin, and your Anveo Direct outbound calling pin (if configured). Note that voicemail pins are configured by the user of a SIP extension the first time the user accesses the voicemail system by dialing *97.

    update-IncrediblePBX is the Automatic Update Utility which checks for server updates from incrediblepbx.com every time you log into your server as root using SSH or Putty. Do NOT disable it as it is used to load important fixes and security updates when necessary. We recommend logging into your server at least once a week.

    pbxstatus (shown above) displays status of all major components of Incredible PBX LITE.

    Call Detail Records available in spreadsheet format at /var/log/asterisk/cdr-csv/Master.csv.

    Originally published: Monday, July 1, 2019



    Need help with Asterisk? Visit the VoIP-info Forum.


     

    Special Thanks to Our Generous Sponsors


    FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

    BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

    The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

    VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
     

    Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.