Home » Cloud Computing (Page 15)
Category Archives: Cloud Computing
Twofer Tuesday: Incredible PBX 13 to the Rescue
With the Digium announcement last week that four and a half year’s worth of Asterisk® servers were vulnerable to the RTP eavesdropping bug, it prompted us to dust off our Incredible PBX® 13 for CentOS build and bring it up to current specs including the Digium patch for RTPbleed. And then along came Hurricane Issabel to remind us that sh*t happens, and it pays to have a backup plan for your telecommunications infrastructure. So today we’re pleased to introduce two new Asterisk solutions: a cloud-based server for $1 a month and a VirtualBox image that will run on any Windows or Mac computer. We would stress that these should be part of a comprehensive backup plan and may not be suitable to implement as your primary communications platform. But, for those impacted by Harvey’s or Issabel’s devastation, either of today’s solutions will get you a very stable PBX platform as soon as you have Internet or cellular connectivity.
Cloud Hosting for $1/month in NYC, Miami or LA
For today’s emergency cloud platform, we’ve chosen WootHosting which provides a rock-solid VPS in your choice of locations starting at $12 a year. That buys you the following:
2 CPU Core Allocations
1024MB Dedicated RAM
1024MB vSwap
50GB Secured Disk Space
3000GB Premium Bandwidth
1 IPv4 Address
100Mbps Port Speed
Choose New York Grand Opening Specials under the left tab. You still get your choice of cities for the $12/year VPS! Just configure the VPS as a CentOS 6, 64-bit platform. Login to the server as root using SSH or Putty and issue these commands:
setenforce 0 yum -y install net-tools nano wget tar yum -y upgrade --skip-broken wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz tar zxvf incrediblepbx* ./create-swapfile-DO ./IncrediblePBX*
On some platforms (not WootHosting’s VPS), your server may automatically reboot midway through the install. On these platforms, log back in as root and run the installer a second time to complete the install:
./IncrediblePBX*
After restarting the server at the conclusion of the install, log back in as root and perform the following steps to complete your setup:
Make your root password very secure: passwd
Create admin password for GUI access: /root/admin-pw-change
Set your correct time zone: /root/timezone-setup
Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin
Make a copy of your Knock codes: cat /root/knock.FAQ
Decipher your Reminders password: cat /root/reminders.FAQ
InsertOPTIONS="-i venet0:0"
in /etc/sysconfig/knockd
Decipher IP address and other info about your server: status
Your server will be up and running in about an hour. Remember, we are compiling all of the components including Asterisk from source which means customization and updates are easy. Continue your adventure by following our previous tutorial.
Incredible PBX 13 with VirtualBox in Under 5 Minutes
If you’re in a time crunch or prefer to set up a PBX locally, there is no better solution than VirtualBox. It runs on any desktop PC, Mac, Linux or Solaris machine, and the new Incredible PBX 13 image for VirtualBox can be installed and configured in under 5 minutes. With a single button click, you can backup your entire PBX in a couple of minutes and save it for a rainy day.
Today’s release is built atop the CentOS 6.9 platform and features the latest release of Asterisk 13 and a terrific collection of GPL modules from FreePBX® 12. Think of Incredible PBX as the glue stick that assembles all the necessary VoIP components and holds them together seamlessly. As with all Incredible PBX builds, you also get the full complement of goodies including dozens of text-to-speech apps, voice recognition and dialing, SMS messaging, Google Voice and free fax support, reminders and wakeup calls, and SECURITY!
Is VirtualBox merely a sandbox for experimentation? Absolutely not. With any of the beefier desktop computers available today, running Incredible PBX as a 24/7 VirtualBox image is every bit as feature rich with stellar performance that’s equivalent to using dedicated hardware. And there are some added advantages. Obviously, deploying a turnkey VoIP platform in under 5 minutes is a major plus. But, unlike using a dedicated Linux platform, you also get the ability to take snapshots of your system and do full backups in minutes instead of the hours required to bring down dedicated hardware, load a different backup application using a different operating system, perform a backup, and then reboot your VoIP server. And your backups won’t just run on the one server on which the backup was performed. You can restore the backup to any other computer that can run VirtualBox. For any of you that came from a network management background, you know what a big deal that really is. And there’s one more bonus. With Incredible Backup and Restore, you can move your image to dedicated hardware running the same operating system with Asterisk 13 and the same GUI platform in minutes.
Are there security compromises using the VirtualBox platform? Not at all. Incredible PBX still comes preconfigured with the Linux IPtables firewall that is locked down to a whitelist of local area networks, preferred providers, and your own IP addresses. You can expand the whitelist using the add-ip and add-fqdn scripts or use PortKnocker and Travelin’ Man 4 tools to let remote users gain instant access.
Getting Started with VirtualBox. Step #1 today is to download one or more of the 64-bit VirtualBox installers from VirtualBox.org or Oracle.com. Our recommendation is to put all of the 100MB installers on a 4GB thumb drive.1 Then you’ll have everything in one place whenever and wherever you happen to need it. Once you’ve downloaded the software, simply install it onto your favorite desktop machine. Accept all of the default settings, and you’ll be good to go. And here’s a link to the latest Oracle VM VirtualBox User Manual.
Downloading the Incredible PBX 13 Virtual Machine. A word of warning on the front end. The new Incredible PBX image featuring Asterisk 13 for VirtualBox is huge, about 2.3GB! Download the image from SourceForge onto your desktop by clicking here.
Importing Incredible PBX 13 into VirtualBox. Double-click on the .ova file you downloaded to begin the import procedure and load it into VirtualBox. When prompted, be sure to check the Reinitialize the Mac address of all network cards box and then click the Import button. Once the import is finished, you’ll see a new Incredible PBX 13 for CentOS 6.9 virtual machine in your VM List on the VirtualBox Manager Window. We need to make a couple of one-time adjustments to the Incredible PBX VM configuration to account for differences in sound and network cards on different host machines.
Click on the Incredible PBX Virtual Machine in the VM List. Then click Settings -> Audio. Verify that Enable Audio option is checked and choose your sound card. Then click OK. Next click Settings -> Network. For Adapter 1, be sure the Enable Network Adapter option is checked. From the Attached to pull-down menu, choose Bridged Adapter. Then select your network card from the Name list. Then click OK. That’s all the configuration that is necessary for your Incredible PBX Virtual Machine.
Running Incredible PBX 13 on VirtualBox. Once you’ve imported and configured the Incredible PBX Virtual Machine, you’re ready to go. Highlight Incredible PBX 13 for CentOS 6.9 Virtual Machine in the VM List on the VirtualBox Manager Window and click the Start button. The CentOS 6.9 boot procedure will begin just as if you had installed Incredible PBX on a standalone machine. You’ll see a couple of dialogue boxes pop up that explain the keystrokes to move back and forth between your host operating system desktop and your virtual machine. Remember, you still have full access to your desktop computer. Incredible PBX is merely running as a task in a VirtualBox window. Always gracefully halt Incredible PBX just as you would on a dedicated computer.
Here’s what you need to know. To work in the Incredible PBX Virtual Machine, just left-click your mouse while it is positioned inside the VM window. To return to your host operating system desktop, press the right Option key on Windows machines or the left Command key on any Mac. For other operating systems, read the dialogue boxes for instructions on moving around. To access the Linux CLI, login as root with the default password: password.
When logging in for the first time, Incredible PBX will go through some setup steps and then reboot. Login again to complete the setup. status will always provide a snapshot of your system. To shut down Incredible PBX gracefully, click in the VM window with your mouse, log in as root, and type: halt. Be sure to complete the following setup steps from the Linux CLI:
- Change your root password: passwd
- Set your FreePBX admin password: /root/admin-pw-change
- Set your web apps admin password: htpasswd /etc/pbx/wwwpasswd admin
- Set your correct time zone: /root/timezone-setup
- Add WhiteList entries to firewall if needed: /root/add-ip or /root/add-fqdn
- Store PortKnocker credentials in a safe place: cat /root/knock.FAQ
- Decipher your Reminders password: cat /root/reminders.FAQ
- Login to your NeoRouter VPN server if desired: /root/nrclientcmd
To access the Incredible PBX GUI with a browser, point to the IP address of your virtual machine and login as admin with admin password set above. We recommend that you log in to the Linux CLI as root at least once a week so that Incredible PBX updates get applied to your server regularly. This is critically important if you care about your phone bill. Enjoy!
Published: Tuesday, September 12, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
RTPbleed Security Alert: Asterisk Calls Can Be Intercepted
If you’ve installed Asterisk® during the past 4½ years, your server has a MAJOR security problem. If you didn’t already know, with Asterisk, your VoIP conversations actually are carried over a random UDP port using the Real Time Protocol (RTP), not the SIP port (UDP 5060) which handles the setup and teardown of your VoIP connections. It turns out that, since March 2013, all of that RTP traffic and thus your conversations could be intercepted and redirected by anyone on the Internet. As this recent article in The Register noted:
The problem occurs when [communications] systems like IP telephony have to get past network address translation (NAT) firewalls. The traffic has to find its way from the firewall’s public IP address to the internal address of the device or server, and to do that, RTP learns the IP and port addresses to associate with a call.
The problem is, the process doesn’t use any kind of authentication.
This is exacerbated by the fact that, by default, Asterisk and FreePBX® traditionally use the NAT=yes setting (whether needed or not) to enable this navigational magic just in case your calls need it. Without it, you may end up with no audio or one-way audio on your calls. Traditional wisdom was that an attacker needed to be positioned between the caller and the Asterisk server in order to intercept this media stream. As luck would have it, it turns out the man in the middle didn’t need to be in the middle after all. He could be anywhere on the Internet. The old adage to talk on the phone as if someone else were listening turns out to have been pretty good advice in the case of Asterisk communications. Even if you had a firewall, chances are you protected UDP port 5060 while exposing and forwarding UDP 10000-20000 to Asterisk without any safeguards.
According to last week’s Asterisk advisory, “To exploit this issue, an attacker needs to send RTP packets to the Asterisk server on one of the ports allocated to receive RTP. When the target is vulnerable, the RTP proxy responds back to the attacker with RTP packets relayed from the other party. The payload of the RTP packets can then be decoded into audio.” Specifically, if UDP ports 10000-20000 are publicly exposed to the Internet, anybody and everybody can intercept your communications without credentials of any kind. WOW!
So, there’s a patch to fix this, right? Well, not exactly:
Note that as for the time of writing, the official Asterisk fix is vulnerable to a race condition. An attacker may continuously spray an Asterisk server with RTP packets. This allows the attacker to send RTP within those first few packets and still exploit this vulnerability.
The other recommended "solutions" aren’t much better:
- When possible the nat=yes option should be avoided
- To protect against RTP injection, encrypt media streams with SRTP
- Add config option for SIP peers to prioritize RTP packets
The nat=no option doesn’t work if you or your provider employs NAT-based routers. The SRTP option only works on more recent releases of Asterisk, and it also requires SRTP support on every SIP phone. Prioritizing RTP packets is not a task for mere mortals.
Surprisingly, the one solution that is not even mentioned is hardening your firewall to block incoming UDP 10000-20000 traffic that originates outside your server. Our recognized SIP expert on the PIAF Forum had the simple solution. Bill Simon observed:
If the SDP in the INVITE or subsequent re-INVITE contains routable IP addresses, then use them for media. If the SDP contains non-routable IP addresses, then the client is behind a NAT and not using any NAT traversal techniques like SIP ALG, ICE/STUN, so send to the originating IP. Why are we making allowances here for media to come from anywhere? I think you can probably clamp down your firewall as much as you want, because symmetric RTP should allow media to get through by way of establishing an outbound stream (inbound stream comes back on the same path).
Our testing confirms that simply blocking incoming RTP traffic on your firewall solves the problem without any Asterisk patch. In short, RTP traffic cannot originate from anonymous sources on the Internet.
For those using Incredible PBX® or Travelin’ Man 3 or an IPtables firewall, the fix is easy. Simply remove or comment out the INPUT rule that looks like this and restart IPtables:
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
On RedHat/CentOS servers, the rule is in /etc/sysconfig/iptables. On Debian/Ubuntu and Raspbian servers, you’ll find the rule in /etc/iptables/rules.v4. On Incredible PBX for Issabel servers, you’ll find the rule in /usr/local/sbin/iptables-custom. On all Incredible PBX platforms, remember to restart IPtables using only this command: iptables-restart.
Published: Friday, September 8, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Another Perfect Pair: Flawless VoIP with Wazo and 3CX
We previously documented how to interconnect an Issabel PBX with 3CX to take advantage of the best of both worlds. Today, we’ll again use the Nerd Vittles free 3CX server offering and interconnect it with a Wazo PBX. An added benefit of using Wazo is the fact that you can set up redundant (and free) HA servers with Wazo in minutes. Once we get the pieces in place, from Wazo extensions, you’ll be able to call your 3CX Clients by dialing 4 digits. And, from 3CX Clients, you can call Wazo extensions as well as all of your Asterisk® applications in the same way with the added bonus of being able to make outbound calls through your Wazo trunks by dialing any number with an 8 prefix from 3CX extensions. Once you have both of your PBXs running, the setup time to interconnect them is under 5 minutes.
Why would you want to maintain two PBXs? As we previously noted, the simple answer is the added flexibility you achieve coupled with a 99% reduction in VoIP headaches. If you haven’t yet used 3CX Clients on a PC or Mac desktop or on an iOS or Android device, you have missed perhaps the greatest VoIP advancement of the last decade. As the name suggests 3CX Clients connect to a 3CX server with less than a one-minute setup. They work flawlessly from anywhere using WiFi or cellular. Every function you’re accustomed to on a top-of-the-line desktop SIP phone works exactly the same on the 3CX clients: phonebook, hold, transfer, voicemail, chat, conferencing, and WebMeeting. It’s what every Unified Communications system should deliver. The silver lining is you can kiss all of your Asterisk NAT woes goodbye! If you ever travel or if you need remote phone access to your PBX infrastructure, you owe it to yourself to try a 3CX Client. We promise. You’ll never go back!
Building Your Wazo and 3CX Server Platforms
The prerequisite for interconnecting Wazo and 3CX servers is, of course, to install the two PBXs on platforms of your choice. Our preference is cloud-based servers because it avoids many of the stumbling blocks with NAT-based routers. If you know what you’re doing, you obviously can deploy the PBXs in any way you like. For the Wazo PBX, start with our latest Wazo tutorial. For 3CX, start with our introductory tutorial which includes a link to obtain a free perpetual license supporting 4 simultaneous calls and unlimited trunks. Then secure your server by adding the Travelin’ Man 3 firewall for 3CX. Once both servers are up and running, whitelist the IP address or FQDN of the Wazo PBX on the 3CX server and vice versa. You’ll find the add-ip and add-fqdn utilities in /root of each server.
Overview of Interconnection Methodology
If you’re new to all of this, suffice it to say that 3CX is a powerful, commercial PBX while Wazo provides a robust Asterisk RealTime implementation for basic telephony operation. The two systems are quite different in terms of their approaches to interconnectivity. While you can transparently interconnect one 3CX server to another one, you cannot accomplish the same thing when the second PBX is Asterisk-based. Instead, Wazo is configured as a SIP trunk on the 3CX platform. The limitation this causes is that extensions on the Wazo PBX can only direct dial extensions on the 3CX platform. Wazo-based extensions cannot utilize 3CX trunks to place outbound calls. There’s more flexibility on the 3CX side of things. 3CX extensions can place direct calls to Wazo extensions. They also can take advantage of Wazo’s trunks to place outbound calls. Additionally, as we noted above, 3CX extensions can take advantage of every Asterisk application hosted on the Wazo platform including all of the Incredible PBX® enhancements. This actually works out perfectly because you can deploy 3CX Clients for your end-users, and they can take advantage of all the extension and trunk resources on both the 3CX and Wazo platforms. It also greatly simplifies remote deployment by removing NAT one-way audio hassles while allowing almost instantaneous setup of remote 3CX Clients, even by end-users.
For our setup today, we’re assuming you have elected to use 3-digit extensions on both the Wazo and 3CX platforms. To call extensions connected directly to the alternate server, we will simply dial 8 + the extension number on the remote PBX. To make external calls from 3CX extensions using Wazo trunks, we will dial 8 + a 10-digit number. For international users, you can adjust the dialplan on both PBXs accordingly.
By default, SIP trunks are associated with a DID on the 3CX platform. We will register the 3CX DID trunk with Wazo to maintain connectivity; however, we will not register the corresponding trunk on the Wazo side with the 3CX server. Keep in mind that you can only route a 3CX DID to a single destination, i.e. an extension, a ring group, or an IVR. But we can use 3CX’s CallerID routing feature to send calls to specific 3CX extensions from Wazo extensions even using a single 3CX trunk. For each 3CX extension, we’ll create an Outbound Route on the Wazo side with a CallerID number that matches the 3CX extension number we wish to reach. On the 3CX side, we’ll create an Inbound CID Rule that specifies the extension number to which each matching CallerID number should be routed. This sounds harder than it actually is. So keep reading, and it’ll all make sense momentarily. Once you’ve set all of this up, we think you’ll agree that it makes sense to create the bulk of your extensions exclusively on the 3CX side.
Configuring Wazo for Interconnection to 3CX
Let’s begin by creating a Trunk on the Wazo side to connect to your 3CX server. In the Wazo GUI, choose IPBX:Trunk Management:SIP Protocol and + Add SIP Trunk.
In the General tab, fill in the blanks as shown below. Make up a very secure Password:
In the Signalling tab, fill in the blanks identified by arrows as shown below:
In the Advanced tab, fill in the blanks as shown below. Then SAVE the trunk settings.
Because we set up the Wazo trunk with a Default destination context, we don’t need an Incoming Route for the 3CX calls since they will be processed exactly as if they were dialed from a local extension on the Wazo PBX, i.e. local calls will be routed to extensions and outgoing calls through trunks will be routed using your existing Outbound Routes.
Finally, we need to create the Outbound Routes for calls originating from Wazo extensions that should be directed to specific extensions on the 3CX platform. You’ll need a list of the 3CX extension numbers you wish to enable on the Wazo platform, and we’ll need to create a separate Outbound Route for each 3CX extension to be enabled. Create the Outbound Routes using the template below after accessing Call Management:Outgoing Calls:+ Add Route.
In the General tab, we recommend including the 3CX extension in the Name field. The Context should be Outcalls, and the Trunk should be the 3CX001 trunk we created above.
In the Exten tab, specify the dialing prefix (9) followed by the 3CX extension number in the Exten field. Then choose 1 in the Stripnum field to tell Wazo to strip off the dialing prefix before sending the call to the 3CX PBX. Click SAVE to save your new outbound route settings. Repeat for each 3CX extension that should be accessible from the Wazo PBX.
Configuring 3CX for Interconnection to Issabel PBX
Now we’re ready to set up the 3CX side to interconnect with your Wazo PBX. Start by creating a SIP Trunk and fill out the template as shown below using one of the phone numbers associated with your Wazo PBX as the Main Trunk No.
Fill in the Trunk Details using the example below. Be sure to specify the actual IP address or FQDN of your Wazo server as well as the SIP credentials of 3CX for username and the actual password you set up on the Wazo side of things. The Main Trunk No will be the same as you entered in the previous step. Choose a Default Destination for the Trunk.
When the SIP Trunks listing redisplays, highlight your new Asterisk trunk and click Refresh Registration. The icon beside the Trunk should turn green. If not, be sure your IP address and password match the settings on the Wazo side. Remember to also whitelist the IP address of your 3CX server on the Wazo PBX using /root/add-ip and do the same for the Wazo PBX on the 3CX side. Don’t proceed until you get a green light!
Now we need two Outbound Routes for calls placed from 3CX extensions. One will handle calls destined for Local Extensions on the Wazo side. Our design is to place calls to Wazo extensions by dialing 8 + the 3-digit extension number. Adjust this to meet your own requirements. Be sure to set the Route as Wazo with a value of 1 for Strip Digits.
The other Outbound Route will handle calls destined for external calling with a Wazo trunk using a similar methodology. 3CX users will dial 8 + 10-digit number for calls to be processed by Trunks on the Wazo server.
Finally, we need an Inbound Rule for every 3CX extension that you wish to enable for remote calling from Wazo extensions. Use the Add CID Rule option to create each Inbound Rule using the sample below. In our example, we’re authorizing incoming calls to 3CX extension 003 where the CallerID number of the incoming call is 003. This template is exactly the same as what we used with the 3CX-Issabel setup previously.
Test Drive Your Interconnected Servers
Now we’re ready to try things out. From an extension on the 3CX server, dial 8 plus any 3-digit extension that exists on the Wazo server. Next, dial 8 plus a 10-digit number such as your smartphone. The call should be routed out of your Wazo server using the Trunk associated with the NXXNXXXXXX rule in your Wazo Outbound Routes. Finally, from an extension on your Wazo PBX, dial 9 plus 000 which should route the call to extension 000 on your 3CX server. Enjoy!
Published: Tuesday, September 5, 2017
Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a difficult place to address support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Best of the Internet: American Road Warrior’s Fall Roundup
The Internet is all about sharing the best finds and once a year we like to take a fresh look at what’s new and exciting whether you travel frequently or not. While the primary focus of Nerd Vittles is VoIP technology, you can’t provide the best VoIP solutions without also exploring network and cellular technology. And, as the old saying goes, all work and no play makes Jack a dull boy. When we travel for more than a day or two, we like to have a music and video source other than an iPhone. So let’s start there. And there’s plenty to love here even if you never leave the comfort of your living room.
For movies and TV shows, nothing holds a candle to a $10 subscription to Netflix. You can watch on your phone, or tablet, or PC, and someone else in your family can do the same thing at the same time. For $2 more, you can watch on four devices at a time. If you happen to have a rental unit, your renters will always remember you for the free Netflix subscription. Our second place alternative is primarily for cord cutters. DirecTV Now is just $10/month if you happen to have an AT&T Unlimited Data Plan (regularly $35). That gets you 60+ live channels and 20,000 on demand titles. For an extra $5, you can add HBO. With a two-month prepayment, you can snag a free Roku Premier until September 22, 2017. DirecTV Now also aupports streaming to two simultaneous devices, and a 100-hour DVR is just around the corner.
For cellular service, we’ve never been big fans of corporate tying. Believe it or not, there was a time when most thought it was illegal. But there’s a loophole. So long as you’re not forced to buy the unrelated product, it’s not technically a tying violation. And that’s where we find ourselves today with American oligopolies. You’d be crazy not to take advantage of the opportunities especially since AT&T bought DirecTV. An AT&T unlimited data plan for your cellular service unlocks all sorts of goodies with DirecTV. We’ve mentioned the $25 monthly credit with DirecTV Now. But it’s also available with standard DirecTV subscriptions. And you get HBO and NFL Sunday Ticket at no charge as well. With four devices including a Wi-Fi HotSpot, our cellular plan with AT&T costs under $50/month per device including taxes and fees. It provides unlimited talk, text, and data in the U.S., Canada, Mexico, Puerto Rico, and the U.S. Virgin Islands. The 22GB data throttling gotcha doesn’t apply in many locations including our hometown of Charleston, SC. We racked up 90GB of data usage on the hotspot during our last 8-day vacation. Never a hiccup! Whether you’re in a car, a hotel room, or on a cruise ship, the $59 AT&T Velocity 4G LTE HotSpot is a perfect traveling companion supporting 10 device connections for up to 10 hours.
For international cellular data service, there’s a terrific new option that provides unlimited 4G data service in 100+ countries for $9 per day. This compares favorably with AT&T’s outrageous cruise ship offering of $8.19 per megabyte of data traffic. You can purchase the Skyroam Solis device for $150 on Amazon, or you can rent one in major airports. It supports 5 devices at a time. We can’t give you a first-hand report on the Solis because it was just released this week. But we have ordered one and will provide a Grand Turk update soon. ↙
For music services, Spotify Premium remains the gold standard. $10 a month buys you unlimited streaming of almost every song ever published. $5 more gets you a family plan to support 5 people. For qualifying college students, Spotify Premium is just $5 a month. You can even download the songs to your smartphone or tablet and play them when you don’t have Internet connectivity. For extended vacations, we discovered a new boom box this summer that is worth a careful look. It combines an Android tablet with some terrific speakers to provide 12 hours of non-stop music from your favorite sources including Spotify. It also can access the best radio stations throughout the United States using the iHeartRadio app. And it even includes 8GB of internal storage as well as microSD and USB flash drive support. The Sonicgrace will set you back $190 on Amazon (MSRP: $299.99).
For music junkies, it’s worth noting that the only application that routinely crashed Android unfortunately was TuneIn Radio. For neophytes, TuneIn is the must-have app that provides streaming of virtually every commercial radio station in the world. Here’s the quick fix. We suspected that the problem involved the latest release of TuneIn which you would automatically receive using Google’s Play Store as the download source as Sonicgrace does. So the solution would be to install a prior release. Here’s how. On a desktop PC, download an earlier TuneIn APK from here. We chose 13.7 which happened to work. Next, use Gmail to send yourself a message with this 13.7.apk file as an attachment. Then, on the Sonicgrace, first install Gmail from the Play Store tapping My +:App:PlayStore. Open the Gmail app once the install finishes and then open the email message you sent yourself. Tap on the attachment, and TuneIn will automatically be installed.
For VoIP telephony, here’s another nice surprise. Google’s Amazon Echo Killer, aka Google Home, has a new feature. It can make free calls in the United States and Canada to anyone in your Google Contacts as well as any business you can find with a Google Search. Here’s the best deal we could find if you don’t already own Google Home. It’s also available at Target and WalMart for about $25 more plus tax. And here’s how to start making calls.
Published: Friday, September 1, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Free Worldwide VoIP Calling with iNum and Issabel 4
In our last article, we documented how to implement free, safe SIP URI worldwide calling with an almost-free Issabel™ server in the Cloud. Today we’ll add another free worldwide calling option using iNum™. As with SIP URIs, iNum provides a way for anyone in the world to reach you by phone without paying a nickel. And iNum adds the same functionality for Issabel PBX users to reach anyone else in the world with an iNum phone number. The iNum project was started almost a decade ago by Voxbone to create a free global phone network for IP communications. The International Telecommunication Union allocated a portion of its non-geographic country code +883 to the initiative. iNums are 15-digit telephone numbers in the +883 5100 area code. You can keep yours for life at no cost.
Let’s begin by obtaining an iNum telephone number for your Issabel PBX. Every PBX should have at least one. There are a number of iNum providers throughout the world that will give you an iNum telephone number at no cost. For our purposes today, we’ll document the procedure for CallCentric. Assuming you have 911 service with another provider, it won’t cost you anything to set up a CallCentric account and obtain a working iNum telephone number. Other providers (e.g. LocalPhone) typically require a modest deposit just to set up an account which is perfectly understandable. However, CallCentric doesn’t require a credit card up front. If you already have a VoIP.ms account from our tutorial last week, they also offer free iNum phone numbers: Order DIDs:iNum (limited to one per account).
Obtaining an iNum Phone Number from CallCentric
Navigate to the CallCentric web site and click Sign Up. Once your account is activated, login using your new credentials. Jot down your Username, CallCentric #, and Password for future access to the web site. From the main Dashboard, click View/Modify Extensions. Extension 100 should already be set up. Just create a SIP password and jot it down with your SIP username which is the same as your CallCentric #. Click Apply and then SAVE.
Next, let’s order the CallCentric freebies which include BOTH an iNum phone number and a traditional DID. Neither one costs you money, but you do have to use the DID once a month to keep it. The iNum phone number never expires. Under Products, click Order. Under Make Calls, choose the IP Freedom Plan unless you want to use CallCentric to make commercial calls. Under Receive Calls, choose Free Phone Number and Get a Number. Write down your 10-digit number. To obtain an iNum phone number, click here and then click Order an iNum Number. Write down your iNum phone number. UPDATE: CallCentric now will let you order multiple iNum phone numbers at no cost. Each supports two simultaneous calls and unlimited incoming minutes.
With CallCentric, you have two options in routing incoming calls. You can use the Default routing setup which will send the calls to your CallCentric registered trunk (which we will set up below) on your Issabel PBX. Or you can customize the routing and forward the calls for each DID and iNum number to a SIP URI. From the Dashboard, choose Phone Number Forwarding. If you simply want to forward both your DID and iNum numbers to the SIP URI that you set up last week with VoIP.ms, then no trunk registration (below) is required at all. However, you would lose the ability to use CallCentric to place outbound iNum calls from your Issabel extensions.
Integrating iNum Support into Your Issabel PBX
In the Issabel web GUI, we need to configure the trunk for CallCentric. The template already is included with Incredible PBX® for Issabel. Then we need to set up an Inbound Route for CallCentric as well as an outbound route to process iNum calls originating from Issabel extensions.
To configure the CallCentric trunk, navigate to PBX:PBX Config:Trunks:CallCentric. First, uncheck the Disable Trunk field. In Outgoing Settings, insert your SIP username (1777XXXXXXX) in the fromuser and defaultuser fields as well as in the initial field (before colon) and last field (after /) of the Registration String. Insert your SIP password in the secret field and the second field (after the colon) in the Registration String. Submit Changes and Reload Dialplan when prompted.
Next create an Outbound Route for iNum calls using your CallCentric trunk. Navigate to PBX:PBX Config:Outbound Routes. Click Add Route. For Route Name, use Out-CallCentric-iNum. For Dial Pattern, insert 008835100 in the Prepend field and XXXXXXXX in the Match Pattern field. For Trunk Sequence, choose CallCentric. Click Submit Changes and Reload Dialplan when prompted.
Next create an Inbound Route for calls coming from your CallCentric trunk. This will include BOTH your iNum calls and calls from your free CallCentric DID. Navigate to PBX:PBX Config:Inbound Routes. Click Add Incoming Route. For Description, use CallCentric-Incoming. For DID Number, use your SIP username (1777XXXXXXX). For CID Lookup Source, choose OpenCNAM. Then pick a Destination for the incoming calls, e.g. an extension, ring group, or IVR. Click Submit Changes and Reload Dialplan when prompted.
Placing iNum Calls from Issabel Extensions
With our simplified outbound route, users of Issabel extensions can dial iNum phone numbers by simply dialing the last 8 digits of the number, i.e. all of the numbers following 8835100. Most abbreviated numbers start with a zero. For example, to reach Lenny, simply dial 01198938.
Placing iNum Calls from SIP Phones
If you want to reach an iNum number and only have a SIP phone, you can dial any iNum phone number in SIP URI format. Use this syntax: sip:8835100xxxxxxxx@sip.inum.net. Note that the full iNum phone number is required.
Placing iNum Calls from Standard Phones
As part of the iNum initiative, local access numbers have been established in more than 50 countries around the globe. By placing a local call from any telephone to one of these local access numbers, any individual with an iNum phone number anywhere in the world can be reached without further cost. Here is a current list of the local access numbers. Once your call is answered, simply enter the 15-digit iNum phone number you wish to reach, and you will be connected. Here is the latest iNUM listing from DSL Reports:
Country City Access Number ------------------- ------------------------ --------------- Argentina Buenos Aires +54 1159839500 Australia Sydney +61 280148200 Austria +43 720880500 Bahrain +973 16199200 Belgium Brussels +32 28081771 Brazil Brasilia +556135500791 Brazil Florianopolis +554840420809 Brazil Rio De Janeiro +552135006959 Brazil Sao Paulo +551146803621 Bulgaria Sofia +359 24917555 Canada Calgary (403) 775-1446 Canada Edmonton (780) 669-9257 Canada Halifax (902) 982-6937 Canada London (519) 488-9336 Canada Montreal (514) 907-7500 Canada Ottawa (613) 686-4519 Canada Quebec City (418) 800-0384 Canada St. Johns, Newfoundland (709) 757-0060 Canada Regina (306) 988-1600 Canada Toronto (416) 800-4303 Canada Toronto (647) 724-8777 Canada Vancouver (778) 786-3497 Canada Winnipeg (204) 272-8182 Chile Santiago +56 25813444 Croatia Zagreb +385 17776363 Cyprus Nicosia +357 22030500 Czech Republic Prague +420 246019777 Denmark +45 69918686 Dominican Republic Santiago (829) 947-9610 El Salvador +503 21131899 Estonia +372 6681881 Finland Helsinki +358 942419200 France Paris +33 170619800 Germany Frankfurt +4969257385876 Germany Frankfurt +4969257380439 Greece Athens +30 2111768444 Hungary Budapest +36 14088951 Ireland Dublin +353 15262600 Israel Tel Aviv +972 37219555 Italy Rome +39 0662207777 Japan Tokyo +81 345209777 Latvia Vilnius +370 52059090 Lithuania +371 67652500 Luxembourg +352 20880108 Malta +35627780107 Mexico Guadalajara +52 3346242977 Mexico Mexico City +52 5511678222 Mexico Monterrey +52 8141703540 Netherlands Amsterdam +31 208080808 New Zealand Auckland +64 99250499 Norway Oslo +47 21031306 Panama +507 8322488 Peru Lima +51 17085500 Poland Warsaw +48 223982688 Portugal Lisbon +351 308803219 Puerto Rico Bayamon Norte (787) 395-7140 Romania +40 318103500 Singapore +65 31581212 Slovakia Bratislava +421 233002555 Slovenia Ljubljana +386 16001422 South Africa Johannesburg +27105002854 South Africa Pretoria +27120042701 Spain Barcelona +34 931815653 Spain Madrid +34 911883777 Sweden Stockholm +46 852500111 Switzerland Zurich +41 435006262 United Kingdom London +44 2033556363 United States Albuquerque, NM (505) 225-8243 United States Charlotte, NC (980) 202-0283 United States Charlotte, NC (980) 236-0398 United States Chicago, IL (312) 253-4880 United States Houston, TX (713) 474-2323 United States Kansas City, MO (913) 951-0932 United States Los Angeles, CA (213) 221-3799 United States New York, NY (646) 843-6969 United States Phoenix, AZ (602) 354-9444 United States San Diego, CA (619) 330-9640 United States San Francisco, CA (650) 360-0999 United States Santa Barbara, CA (805) 308-9649 United States Seattle, WA (206) 420-5904 United States Spokane, WA (509) 931-0459 United States Tacoma, WA (253) 343-1529
We’ve barely scratched the surface of what you can do with Incredible PBX for Issabel. Head over to our introductory article where we’ve documented dozens of Asterisk® applications that await your exploration. Enjoy!
Published: Tuesday, August 29, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Free Worldwide VoIP Calling with SIP URIs and Issabel 4
SIP URIs make the VoIP World go ’round. They’re the email-like addresses that carry VoIP calls between SIP servers to reach their destination. But there’s gold in them hills if you know how to use SIP URIs because SIP URI calls are free even if the calls travel all the way around the world. We previously documented how to deploy SIP URI calling with PIAF5 and 3CX, and today we’ll show you how to make SIP URI calls from and to your Issabel™ server using Incredible PBX®. More importantly, we’ll show you how to do it safely without opening up the anonymous calling floodgates and compromising your Asterisk® server.
Now that we’ve gotten the price of cloud-based servers down to a respectable $1.50 to $2.50 per month, it’s time to cut the cord and kiss your home-grown server goodbye. The babysitting headaches and maintenance costs of running your own server and paying for electricity simply aren’t worth it. There’s another reason. NAT-based routers and firewalls complicate things when it comes to VoIP. Not only do you have to wrestle with SIP headers and ALG, but you also have to troubleshoot thorny one-way audio issues with VoIP calling. So bite the bullet and play along today. Skip that Starbucks coffee this week and you’ve all but paid for a full year’s worth of VoIP server hosting in the Cloud.
Getting Started with Vultr
If you just want to experiment in a cloud-based sandbox, then there’s no better option than Vultr. For less than a penny an hour, you can build a VoIP platform, tear it down, and build another one for less than the cost of a nickel candy bar. You remember those, don’t you? I actually tried to think of something that still costs a nickel, but that was the best I could do… and that was 50+ years ago.
After you’ve created an account on Vultr with our referral link, the first step is to create your new cloud instance. Choose New York or Miami as your desired hosting site (they both have $2.50/month availability) and select 64-bit CentOS 7 as your server platform. An additional 50¢ a month buys you automatic daily, weekly, or monthly backups to a separate, fault tolerant storage system in the same data center. HINT!
(1) Once you’ve built and started your new virtual machine, log into your server as root using SSH/Putty and immediately change your root password: passwd.
(2) With the $2.50 size VULTR virtual machine, you must create a swapfile before beginning the Issabel installation. Here are the commands:
dd if=/dev/zero of=/swapfile bs=1024 count=1024k chown root:root /swapfile chmod 0600 /swapfile mkswap /swapfile swapon /swapfile echo "/swapfile swap swap defaults 0 0">>/etc/fstab sysctl vm.swappiness=10 echo vm.swappiness=10>>/etc/sysctl.conf free -h cat /proc/sys/vm/swappiness
(3) Now skip down to the Issabel installation section to continue.
Getting Started with WootHosting
If $2.50 a month is too rich for your blood, there actually are two $1.50 a month options at WootHosting if you sign up for a year. With the New York special, you get a single VPS platform. With the twofer special, you actually get two VPS platforms in your choice of cities. WootHosting also offers considerably more horsepower with quadruple the RAM and more storage space. You can read our review of WootHosting here.
(1) Start by creating a CentOS 7 Minimal VPS platform in New York, Miami, or Los Angeles. If you opted for the WootHosting twofer special, then you’ll need to create a user and then a virtual server platform that looks something like this:
(2) Set a root password in the Root/Admin Password tab and enable TUN/TAP (needed for NeoRouter) in the Settings tab.
(3) Login to your server as root using SSH Terminal or Putty.
(4) Now continue with the Issabel installation as documented below.
Installing Issabel on Your VPS Platform
Issue the following commands to install Issabel. When prompted for a MariaDB (MySQL) and admin password, make certain to use passw0rd (with a zero) for your MariaDB password and a very secure password for your admin password, the one you’ll use to login as admin to Issabel’s web interface.
yum -y update yum -y install wget nano wget -O - http://repo.issabel.org/issabel4-netinstall.sh | bash
When the Issabel install is complete, your server will automatically reboot.
Installing Incredible PBX for Issabel on Your VPS
After the reboot, log back into your server as root and issue the following commands to install Incredible PBX for Issabel. You will again be prompted for MariaDB and admin passwords. Do exactly as you did above using passw0rd as your MariaDB password. At the conclusion of the install, you will again be prompted for the same admin password you used above. This is actually used for Apache web security and will be the first prompt you see when you attempt to login to any web application including Issabel, AsteriDex, and Reminders.
wget http://incrediblepbx.com/IncrediblePBX11-Issabel4.sh chmod +x IncrediblePBX11-Issabel4.sh ./IncrediblePBX11-Issabel4.sh
When the installation finishes, reboot your server once again and then log back in as root. The Automatic Update Utility will load current patches and then display pbxstatus.
Using a browser, login to the Issabel web client at the IP address shown in pbxstatus. You’ll be prompted twice (http and https) for your Apache admin credentials which should be the same as your Issabel GUI admin credentials. Save your Apache credentials in your browser when prompted to do so. Then you won’t have to provide Apache credentials again. Next, login to the Issabel GUI with admin and your admin password.
That completes the basic install of Incredible PBX and Issabel. Our previous tutorial will walk you through the basics of setting up your trunks, extensions, and routes in Issabel.
Overview of SIP URI Implementation with Issabel
There are any number of ways to implement incoming SIP URI support on Asterisk-based servers. Most are terribly insecure and provide an easy target for the bad guys to make free calls using your paid VoIP provider accounts. The traditional method to permit SIP URI access to your server would require poking a hole in your firewall to allow unrestricted access to the SIP port of your server, UDP 5060. In addition, it would require enabling unrestricted anonymous calling access to Asterisk via FreePBX®. After all, that’s similar to the way the Ma Bell telephone system operated. Anyone in the world could call you provided they had your number. The major deterrent was that most of the calls incurred costs to the caller with no monetary benefits being derived. VoIP changed all of that. Using a SIP client and SIP URIs, anonymous individuals now can place unlimited calls to unlimited VoIP servers at no cost. And, if they get lucky, they can decipher a way to call into your PBX via SIP URI and then call out using phone trunks that you actually have to pay for. Bad idea!
We have a better way that’s entirely secure and won’t incur calling charges for incoming anonymous SIP URI calls. The solution is to set up a trunk with a hosting provider that supports anonymous SIP URI access and then leave it to the VoIP provider to manage the thorny SIP security problems which is not Asterisk’s strong suit. Once we’ve set up the SIP URI with the provider, we will register a trunk with that provider on our Issabel server. Then all of the anonymous SIP URI calls will come into the SIP provider and be rerouted to Issabel through our registered trunk with that provider. No firewall puncturing is required because we will be using a registered trunk and tunnel between our server and the provider.
Implementing SIP URI Support with VoIP.ms
Our favorite VoIP provider to implement this is VoIP.ms in Canada. They have POP servers throughout the world so you can pick a server that is close to your cloud-based Issabel server. VoIP.ms POPs are available in Tampa, New York, and Los Angeles among others worldwide. Step one is to set up an account at VoIP.ms if you don’t already have one. Step two is to set up a SubAccount with a difficult-to-guess VoIP.ms Internal Extension Number. Be sure to jot down the Username and Password you set up for your SubAccount. You’ll need them in a minute. In our example today, we’re using 4772235642 as the internal extension number. This means other VoIP.ms account holders can reach this account by dialing 10+ 4772235642. And anyone on the Internet can reach this account by dialing your VoIP.ms account number + 4772235642 at the POP to which you are registering a VoIP.ms DID associated with this SubAccount. Clear as mud? Hang in there a bit longer.
Step three is to sign up for a VoIP.ms DID. This could be a free iNUM DID or a commercial DID (traditional 10-digit NANPA number) that your PBX could actually use to receive traditional calls. Commercial DIDs range in price from under $1 a month with incoming calls costing under a penny a minute to $4.25 a month with unlimited incoming (residential) calls. For our purposes today, the type of DID and its commercial cost really don’t matter. When any of these DIDs are connected to a SubAccount with an associated Internal Extension Number, SIP URI calls to that DID’s internal extension number are free! So… the cheaper, the better.
The final step on the VoIP.ms side of things is to associate your DID with a SubAccount and choose a POP server to process the calls coming to you. This is done under the Manage DIDs tab in the VoIP.ms web interface.
So let’s review what we’ve done. We set up a VoIP.ms account. We created a SubAccount in their web interface and created an internal extension number for that subaccount. Next, we ordered a DID. And finally, we associated that DID with the subaccount we created and chose a POP server to deliver the inbound calls to our server.
Now we’re ready to set up a VoIP.ms trunk on our Issabel server and test things out.
Implementing SIP URI Support with Issabel
Incredible PBX makes setting up a VoIP.ms trunk easy. The template is already in place in the Issabel GUI. All you’ll need are your VoIP.ms credentials (SubAccount Username and Password), your DID number that you ordered from VoIP.ms, and the name of the VoIP.ms POP server (from Manage DIDs) that will be delivering the incoming calls. You’ll also want to jot down your Internal Extension Number (without leading 10) that you set up in your VoIP.ms SubAccount. You’ll need that and the FQDN of the VoIP.ms POP in order to decipher the SIP URI (phone number) to reach your server.
While logged into the Issabel GUI, navigate to PBX:PBX Config:Trunks:VoIPms. Insert your DID in the Outbound CallerID field. Uncheck the Disable Trunk box. Under PEER Details, insert your VoIP.ms username in the username and fromuser fields. Insert your VoIP.ms password in the password field. Insert the FQDN of the VoIP.ms POP server in the host field. Under Register String, insert your username, followed by a colon, your password, followed by @, your POP FQDN, followed by /DID, e.g. johndoe:secret@tampa.voip.ms/8005551212.
Next, we need to create an Inbound Route to process the incoming calls from VoIP.ms. Navigate to PBX:PBX Config:Inbound Routes. Click Add Incoming Route. In the Description field, enter VoIPms-Incoming. In the DID Number field, insert your DID number. In the Source field, choose OpenCNAM. In the Set Destination dialog, choose a destination for the incoming calls, e.g. an extension, ring group, or IVR. Then click Submit and reload dialplan.
Finally, we need to adjust a SIP setting to support SIP URI calls from VoIP.ms. Navigate to Security:Advanced Settings. Set Enable Direct Access ON. Set Allow Anonymous Calls OFF. Enter your admin password twice. Click SAVE.
Next, navigate to PBX:PBX Config:Unembedded IssabelPBX. When the new window opens, navigate to Settings:Asterisk SIP Settings. In the External IP field, insert the IP address of your Issabel server. Click Auto Configure button immediately below that. Scroll to the bottom and, in Other SIP Settings, insert match_auth_username = yes in the two fields provided. Click Submit Changes and reload dialplan. Click Logout: Admin at the top of the browser window and then close the browser tab to return to the main Issabel GUI.
Deciphering the SIP URI for Your Issabel PBX
From the information you wrote down above, here’s how to assemble the SIP URI for your Issabel PBX. Start with your VoIP.ms account number, e.g. 101595. Add your Internal Extension Number, e.g. 4772235642. Add the @ symbol followed by the VoIP.ms POP routing calls to Issabel, e.g. tampa.voip.ms. You can give ours a try if you’d like to interact with Allison’s Demo IVR: 1015954772235642@tampa.voip.ms. Most SIP clients support SIP URI calling including Zoiper (PCs) and Telephone (Macs).
Placing Outbound SIP URI Calls from Issabel PBX
The easiest way to place outbound SIP URI calls from your Issabel PBX is to set up Custom Extensions for the destinations you wish to reach.
Navigate to PBX:PBX Config:Extensions:Other (Custom) Device. Assign an extension number and display name to the extension and insert the SIP URI in the dial field using the syntax shown below. Then click Submit and reload your dialplan.
We’ve barely scratched the surface of what you can do with Incredible PBX for Issabel. Head over to our introductory article where we’ve documented dozens of Asterisk® applications that await your exploration. Enjoy!
Published: Thursday, August 24, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
A VPN for All Seasons: Introducing NeoRouter v2
Today, we want to revisit our favorite client-server VPN, NeoRouter. It’s included with all versions of Incredible PBX® and eases the pain of setting up air-tight firewalls as well as High Availability (HA) redundant servers with VoIP. NeoRouter relies upon a central server and uses a star topology to connect remote nodes. The major difference between NeoRouter and PPTP VPNs is that only registered devices participate in the virtual private network so there is no direct access to other machines on the LANs of the registered devices. If you have servers or users scattered all over the countryside, NeoRouter is an excellent (and free) way to manage and interconnect them. All data and communications between the nodes can then be routed through the encrypted VPN tunnel for rock-solid security.
With NeoRouter’s latest 2.3 (free) software, you can set up your VPN server using a PC, a Mac, a Linux or FreeBSD machine, OpenWrt Backfire, Tomato, or even a Raspberry Pi. With all versions of Incredible PBX, the NeoRouter Free Client is automatically installed. To bring up NeoRouter, all you need to do is install the NeoRouter Free Server on one of your machines and then login to the server from each NeoRouter Client using your server credentials. VPN clients also are available for PCs, Macs, Linux and FreeBSD machines, Raspberry Pi, OpenWrt, Tomato as well as Android and iOS phones and tablets. There’s even an HTML5 web application in addition to a Chrome browser plug-in. With the OpenWrt and Tomato devices or if you’re an extreme techie, you can broaden your NeoRouter star configuration and bridge remote LANs. See pp. 58-63 of the NeoRouter User’s Manual.
You can interconnect up to 256 devices to the NeoRouter Free Server at no cost. For $999, you can enlarge your VPN to support 1,000 devices. Screen sharing, remote desktop connections, HTTP, and SSH access all work transparently using private IP addresses of the VPN nodes which are automatically assigned in the 10.0.0.0 private network.
Today we are introducing the second generation of the NeoRouter VPN solution. It’s suitable for use on a dedicated server or running as a virtual machine. Whether to run NeoRouter Free server on a dedicated machine is your call. We never do. And NeoRouter never requires exposure of your entire server to the Internet. Only a single TCP port needs to be opened in your hardware-based firewall or IPtables Linux firewall. The only real requirement is a dedicated IP address for your server so that the client nodes can always find the mothership. We typically run the NeoRouter server component on our failover VoIP server with Wazo HA. We’ll finish up today by showing you how to back up the critical components of NeoRouter Server so that, if your server platform ever should fail, it only takes a few minutes to get back in business on a new server platform. Let’s get started.
Creating Your NeoRouter Server Platform
We’re assuming you already have an Incredible PBX server of some flavor running on a dedicated IP address with the IPtables firewall. If not, start there.
First, on your IPtables firewall, make certain that TCP port 32976 has been whitelisted for public access. On Incredible PBX platforms, this is automatic. You can double-check by running iptables -nL and searching for an entry that looks like this:
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32976
Second, we need to download and install the NeoRouter Free Server for your platform. Be sure you choose the version that matches your operating system, CPU architecture, and type. Debian and Ubuntu servers use the same code. We do not recommend Raspberry Pi as a suitable platform for your NeoRouter server!
For RedHat/CentOS 64-bit platforms, here’s the download link. While logged into your server as root, issue the following command using the downloaded 64-bit RPM:
rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm
For Ubuntu/Debian 64-bit platforms, use this link. While logged into your server as root, issue the following command using the downloaded 64-bit .deb image:
dpkg -i nrserver-2.3.1.4360-free-ubuntu-amd64.deb
Third, each administrator (admin) and user is going to need a username to access your NeoRouter VPN. You can use the same credentials to log in from multiple client machines, something you may or may not want to do. Here are the commands to create admin and user accounts. Don’t use any special characters in the username and password!
nrserver -adduser username password admin
nrserver -adduser username password user
You’re done. Now let’s register your NeoRouter server with the mothership.
After your NeoRouter Free Server is installed, you can optionally go to the NeoRouter web site and register your new VPN by clicking Create Standalone Domain. Make up a name you can easily remember with no periods or spaces. You’ll be prompted for the IP address of your server in the second screen. FQDNs are NOT permitted.
When a VPN client attempts to login to your server, the server address is always checked against this NeoRouter database first before any attempt is made to resolve an IP address or FQDN using DNS. If no matching entry is found, it will register directly to your server using a DNS lookup of the FQDN. Whether to register your VPN is totally up to you. Logins obviously occur quicker using this registered VPN name, but logins won’t happen at all if your server’s dynamic IP address changes and you’ve hard-coded a different IP address into your registration at neorouter.com.
Configuring and Connecting Your NeoRouter Client
As mentioned previously, there are NeoRouter clients available for almost every platform imaginable, including iPhones, iPads, and our beloved Raspberry Pi. NeoRouter Client software is included in all Incredible PBX builds. If you’re using some other platform, Step #1 is to download whatever client is appropriate to meet your requirements. Here’s the NeoRouter Download Link. Make sure you choose a client for the Free version of NeoRouter. Obviously, the computing platform needs to match your client device. The clients can be installed in the traditional way with Windows machines, Macs, etc. Once enabled, you can use your NeoRouter Client to create a VPN tunnel to connect to any other resource in your virtual private network using SSH, VoIP clients, and web browsers.
To activate the NeoRouter client while logged in as root, type: nrclientcmd. You’ll be prompted for your Domain, Username, and Password. You can use the registered domain name from neorouter.com if you completed that step above. Otherwise, be sure to use the FQDN assigned to your NeoRouter Server. Once you’re logged in, you will be presented with the names and private IP addresses of all of your connected nodes.
To exit from NeoRouter Explorer, type: quit. The NeoRouter client will continue to run so you can use the displayed private IP addresses to connect to any other online devices in your NeoRouter VPN. All traffic from connections to devices in the 10.0.0.0 network will flow through NeoRouter’s encrypted VPN tunnel. This includes inter-office SIP and IAX communications between Asterisk® endpoints. These private IP addresses can also be used to create a High Availability (HA) platform with Wazo even if the servers are not colocated.
Admininistrative Tools to Manage NeoRouter
Here are a few helpful commands for monitoring and managing your NeoRouter VPN.
Browser access to NeoRouter Configuration Explorer (requires user with Admin privileges)
Browser access to NeoRouter Remote Access Client (user with Admin or User privileges)
Manage your account on line at this link
To access your NeoRouter Linux client: nrclientcmd
To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart
To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart
To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword
For a list of client devices: nrserver -showcomputers
For a list of existing user accounts: nrserver -showusers
For the settings of your NeoRouter VPN: nrserver -showsettings
To add a user account: nrserver -adduser username password user
To add admin account: nrserver -adduser username password admin
Test VPN access: http://www.neorouter.com/checkport.php
For a complete list of commands: nrserver –help
To change client name from default pbx.local: rename-server OR…
- Edit /etc/hosts
- Edit /etc/sysconfig/network
- Edit /etc/sysconfig/network-scripts/ifcfg-eth0
- Edit /etc/asterisk/vm_general.inc
- reboot
For the latest NeoRouter happenings, visit the NeoRouter blog and forum.
Backing Up NeoRouter Server for That Rainy Day
Yes, servers fail sooner or later. So it’s best to plan ahead and avoid having to recreate your NeoRouter VPN from scratch. Backing up your server is easy. Log into your server as root and issue the following command:
tar cvzf nr-server-db.tar.gz /usr/local/ZebraNetworkSystems/NeoRouter/NeoRouter_0_0_1.db /usr/local/ZebraNetworkSystems/NeoRouter/Feature.ini
Copy nr-server-db.tar.gz and your NeoRouter Server installer to a safe place!
When that sad day arrives, be sure that your original NeoRouter Server is off line. Then reinstall NeoRouter Server on a new server platform using your original NeoRouter Server installer. If necessary, change the DNS entry for your original NeoRouter server to the new IP address. Then shut down new NeoRouter Server, load your backup, and restart server:
/etc/rc.d/init.d/nrserver.sh stop cd / tar zxvf nr-server-db.tar.gz /etc/rc.d/init.d/nrserver.sh start
Published: Monday, August 21, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Twofer Tuesday: $1.50 Cloud Bargains for VoIP Deployments
We’ve been big fans of $5/month VPS offerings of Digital Ocean and Vultr for many years. When Vultr reduced their lowest tier to $2.50/month, we were ecstatic. These weren’t ideal VoIP platforms because of their 512MB memory constraint, but they were perfectly suitable as a sandbox for experimentation. And then along came OVH with a 2GB VPS that was nearly perfect for VoIP at $3.49/month. As we all know, the Earth does not stand still, and WootHosting now has once again changed the landscape with two different $1.50/month offerings that include 2GB of RAM. That’s cheaper than the cost of electricity to run a server in your home or office. Never mind that you also have to purchase a server.
As most of you know, we eat our own dog food before recommending products, and we’ve deployed both the Wazo and Issabel PBXs on the WootHosting platform being reviewed today. In addition, we’ve deployed a multi-purpose web server to host more than a dozen of our personal sites using an even better second offering that we also will cover today.
The first offering (pictured above) actually provides a platform for two separate VoIP servers. For each of the servers, you have a choice of sites: New York, Miami, or Los Angeles. Why would you want two servers? The most obvious answer is redundancy. Wazo already offers High Availability (HA) redundant servers with the click of a button. Our deployment tutorial is available here. By deploying identical servers in two cities, you have a failsafe VoIP platform that can survive almost any natural or man-made disaster. And the total cost for both cloud servers is just $3 a month. A similar implementation for other Incredible PBX platforms is now under development on the PIAF Forum. Compare these free options to HA solutions from other VoIP providers costing $3,000 plus maintenance.
If a New York-based cloud offering will meet your needs, the second WootHosting offer is even more impressive with 4 CPU core allocations, 2GB RAM and swap space, a whopping 150GB of storage, 3TB of monthly bandwidth, and advanced DDOS protection for $1.50/mo.:
As we mentioned, we actually use this second VPS offering to host more than a dozen of our personal web sites without a hiccup. But it is sufficiently robust to host very large VoIP implementations with support for dozens of simultaneous calls. A deployment guide for Wazo is available here. As with all cloud-based servers, we strongly recommend redundant system deployments in separate locations. Additional WootHosting specials in their various locations are documented on the New York ordering page. Enjoy!
Published: Tuesday, August 15, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…