Home » Cloud Computing (Page 16)
Category Archives: Cloud Computing
Finding the Perfect Phone Solution for Small Organizations
Many of us wear several hats during our business careers. One of those invariably is managing a community organization of some flavor. We frequently are asked for advice on what the ideal telephony solution would be for such an organization. The reason for the inquiries typically is because the Bell Sisters have now jacked up the cost of a single, business phone line to well over $100 a month. And that gets you local calls only unless you sign up for exorbitant additional charges for long distance calling. It’s worth noting that most of the individuals making these inquiries stress that they do not want to get in the business of managing a phone system. They’re looking for a plug-and-play, set-it-and-forget-it setup that will require minimal tweaking. My first question is always: "What’s your budget?" Then we explore (1) how many phones, (2) the frequency of calls, (3) the number of simultaneous calls, (4) the mix of local and long distance calling, and, last but not least, (5) the must-have feature set. No shocker: the budget is always near zero.
Today, we’re going to start on the bottom rung and work our way up the technology ladder. If you never thought smartphones and cellular would be part of this equation, guess again. $60 will now buy you a 4G LTE smartphone at WalMart, and monthly plans with unlimited calling in the U.S. start at $25 for Walmart’s Family Mobile plan, a far cry from the Ma Bell business phone rates. And you can keep your number! If you need multiple phones but only a single line, that’s not a problem either. Add a Link2Cell digital cordless phone system from Panasonic and now you have as many as 5 phones that can make and receive calls using your cellular connection via Bluetooth®. Some even support a second cellphone connection. With many you can build a phonebook on your cellphone and import it into all of your cordless phones. And, of course, voicemail is included as part of your cell plan. For those with poor cellular service, the Family Calling Plan supports free WiFi calling on many cellphones. And $10 extra buys you rollover international calling funds with 5¢/min. rates to Canada and Mexico. Calling rates to other countries are less than impressive and do not compare favorably with typical VoIP rates.
Cellular phone service isn’t for everyone, and there are considerably more choices in the Land of VoIP. The wrinkle with all of the VoIP solutions is that now you need internet service at the site of your organization. To say there is minimal competition in the internet service provider market is an understatement. If you’re lucky, you’ll have a choice between AT&T and one of the cable companies: Comcast, Charter, or Time Warner/Spectrum. The downside is it adds an additional $25 to $75+ to your monthly costs unless the organization already has Internet service that is used for purposes other than telephony. What won’t work for VoIP is satellite internet service because of latency issues.
Once you’re over the internet service hurdle, there are numerous VoIP choices for phone service depending upon your skillset. Again, let’s start on the bottom rung. If you can make it with one phone and one call at a time, it’s hard to beat Ooma Telo. $100 buys you a device that delivers landline-like phone service at a monthly cost of $4 (you only pay communications taxes and fees) to $10 depending upon the feature set you choose. The basic, fees-only plan gets you toll-free nationwide calling in the U.S., call waiting, caller ID, 911 service, a call log history and voicemail through Ooma’s online dashboard. The premium $10 a month plan adds a second line, free calling to Canada and Mexico, voicemail via email, call screening, do not disturb and call forwarding to an Android phone or iPhone. As with cellular service, you can keep your existing phone number. If you need WiFi connectivity or cellphone Bluetooth connectivity for your Ooma device, add $50. Otherwise, just plug a standard telephone into the Ooma hardware, and you’re good to go. You also could use a wireless phone system such as the ones described in the previous section to add up to five extensions.
If you need additional lines or phones, the $200 Ooma Office offering is worth considering. You can add as many users as desired for $19.95/month/each with every user getting unlimited U.S./Canada calling, CallerID service, and an impressive collection of business phone features (shown above). The cost of the VoIP phones for each user are not included. While the monthly service charges are pricey, you’re paying for the simplicity of never having to deal with the intricacies of configuring and managing a business phone system. However, you do have to purchase and configure a SIP phone for each user.
When you get beyond the single user, single line requirement, the sky opens up in the VoIP market. The savings go from getting part of your hundred dollars back each month to saving several hundred or thousands of dollars every month. What becomes important is how much of the deployment work you’re willing to undertake yourself. If the answer is not much, then the phone systems from one of our corporate sponsors, 3CX or RentPBX, are probably your best bets. Both offer turnkey VoIP solutions, and 3CX also has a worldwide dealer network to handle all of the deployment chores for you as well. While the front end costs with the 3CX commercial solution must be considered, the long-term savings more than cover these costs in your first year.
If you’re capable of making your own dinner by reading the directions off the side of a box, then you can probably handle many VoIP deployments yourself. The list of tasks goes something like this. You’ll either need a computer or cloud provider for a computing platform. Then you need a Linux operating system for that platform. Next, you need VoIP software to serve as your PBX. Services such as RentPBX handle setup of all three of these tasks for a monthly cost of $15. Or you can do it yourself and reduce the cost to $5 or less per month. We have dozens of tutorials to show you how.
At this juncture, you’re pretty much on your own except for our tutorials. The remaining tasks include purchasing and configuring phones for your users and configuring trunks from one or more VoIP providers, the folks that interconnect your phone calls to the people you are calling. Then you configure your PBX to route calls in and out of your PBX, and you’re in business. All of these tasks are managed using web-based GUI software, and there are plenty of tutorials to hold your hand every step of the way.
We’ll finish up today by walking you through one of our favorite open source VOIP setups. It provides free calling and faxing in the United States. Typical setup takes less than an hour, and the monthly cost is $3 which includes nightly backups of your entire PBX. These backups can be restored with a single button click.
FULL DISCLOSURE: 3CX, RentPBX, Amazon, Vitelity, and Vultr all provide financial support to Nerd Vittles and our open source projects. We’ve chosen these providers not the other way around. Our decisions were based upon their corporate reputation and the quality of their offerings and their pricing,
The Vultr/VoIP Open Source Solution
Begin by setting up an account at Vultr using our referral link. Then create a new instance choosing the smallest Server Size and CentOS 7/64-bit as the Server Type. Pick a Server Location that supports the $2.50 server size. Currently, Miami and New York are available. Once your virtual machine is running, you can activate automatic backups under the Server Information:Backups tab in the Vultr Control Panel.
(1) Once you’ve built and started your new virtual machine, log into your server as root using SSH/Putty and immediately change your root password: passwd.
(2) With the $2.50 size VULTR virtual machine, you must create a swapfile before proceeding. Here are the commands:
dd if=/dev/zero of=/swapfile bs=1024 count=1024k chown root:root /swapfile chmod 0600 /swapfile mkswap /swapfile swapon /swapfile echo "/swapfile swap swap defaults 0 0">>/etc/fstab sysctl vm.swappiness=10 echo vm.swappiness=10>>/etc/sysctl.conf free -h cat /proc/sys/vm/swappiness
(3) Now you’re ready to kick off the Issabel 4 install. Here are the commands:
cd /root yum -y install wget nano dialog wget -O - http://repo.issabel.org/issabel4-netinstall.sh | bash
When prompted for a MySQL password, use: passw0rd (with a zero). Choose a secure Issabel admin password for the GUI.
(4) After the reboot, log back in as root and install Incredible PBX for Issabel:
cd /root wget http://incrediblepbx.com/IncrediblePBX11-Issabel4.sh chmod +x IncrediblePBX11-Issabel4.sh ./IncrediblePBX11-Issabel4.sh
When prompted for a MySQL password, use: passw0rd (with a zero). Choose a secure Issabel admin password for the GUI.
(5) After the reboot, configure your correct timezone: /root/timezone-setup
Be advised that, when you log into the Issabel web interface, you will be prompted (three times) for your admin credentials. You can save these entries to avoid having to repeat it in the future. Now you can jump over to the Incredible PBX for Issabel tutorial to complete your installation. Within a couple minutes, your PBX will be ready to accept calls. Enjoy!
Published: Monday, August 7, 2017
Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a difficult place to address support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Almost Free: Professional Grade TTS Comes to Issabel 4
There’s no need to be chained to your TV for breaking news and weather forecasts when they can be as close as the nearest VoIP phone. Today we’re elevating text to speech with Issabel to commercial-quality. We’re wrapping up our month-long romance with Issabel 4 by introducing IBM’s Bluemix TTS service for Incredible PBX®. It’s surprisingly affordable. The first million characters of text-to-speech synthesis are FREE every month so, for most users, upgrading to commercial quality speech synthesis is a no-brainer. Try out our 10-second demo and prepare to be amazed. We provided a plain text demo (without any voice transformation SSML) to show how incredibly accurate IBM’s basic voice synthesis engine is. With additional tweaking using IBM’s SSML functions, any voice nuances can be quickly corrected or enhanced. Feel free to build a few samples on your own at IBM’s demo site.
[soundcloud url="https://api.soundcloud.com/tracks/335398310″ params="auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true" width="80%" height="414″ iframe="true" /]
An awesome text-to-speech engine, of course, is only half of the story. You still need application software to bring TTS to life on your PBX. Nerd Vittles tried and true news and weather applications for Incredible PBX provide the glue that binds news and weather updates to your phone by simply dialing a 3-digit extension on your PBX. 951 gets you the latest breaking news from Yahoo, and 947 gets you current weather conditions and a weather forecast for any zip code in the United States. It’s pure, open source GPL code so feel free to modify it to meet your needs. Additional weather data is available from IBM Bluemix at modest cost for our international friends. Make that your weekend project!
Getting Started with IBM Bluemix TTS Service
NOV. 1 UPDATE: IBM has moved the goal posts effective December 1, 2018:
You can start your free, 30-day trial of IBM Bluemix services without providing a credit card. Just sign up here. Once your account is activated, here’s how to obtain credentials for the TTS service to use with Incredible PBX for Issabel. Start by logging in to your IBM Bluemix account. Once you’re logged in, click on your account name (1) in the upper right corner of your web page to reveal the pull-down to select your Region, Organization, and Space. Follow the blue links at the bottom of the pull-down menu to create an Organization and Space for your TTS service.
Next, click the Menu icon which is displayed as three horizontal bars on the left side of the web page. Choose Watson. Click Create Watson Service and select Text to Speech from the applications listing. Watson will generate a new TTS service template and display it. Make certain that your Region, Organization, and Space are shown correctly. Then verify that the Standard Pricing Plan is selected. When everything is correct, click the Create button.
When your Text to Speech application displays, click Service Credentials and then click New Credential (+). When the Add New Credential dialog appears, leave the default settings as they are and click Add. Your Credentials Listing then will appear. Click View Credentials beside the new entry you just created. Write down your URL, username, and password. You’ll need these to configure the IBM Bluemix TTS service in Issabel momentarily. Logout of the IBM Cloud by clicking on the little face in the upper right corner of your browser window and choose Log Out. Confirm that you do, indeed, wish to log out. NOTE: For new implementations, you will have an APIkey instead of a username and password.
Implementing IBM Bluemix TTS Service with Issabel
Now for the fun part. We’ve built all the pieces you’ll need to deploy IBM’s TTS service and to reconfigure the Incredible PBX news and weather applications to take advantage of IBM’s new text synthesis engine. There are 5 Simple Steps to put all the pieces in place for this. Begin by (1) installing Issabel 4 on your favorite platform. Next, (2) install Incredible PBX for Issabel by following our tutorial. Now (3) log into your Issabel PBX as root using SSH or Putty and issue the following commands:
cd /var/lib/asterisk/agi-bin wget http://incrediblepbx.com/ibmtts-issabel.tar.gz tar zxvf ibmtts-issabel.tar.gz nano -w /var/lib/asterisk/agi-bin/ibmtts.php
When the installation finishes, (4) an editor will open to let you insert your IBM Bluemix TTS credentials. Do so and then press Ctrl-X, Y, and Enter to save your entries. For new deployments, your API Username will be apikey, and your API Password will be your actual APIkey. Finally, while still in the agi-bin directory, (5) run the following script to update your Asterisk dialplan: ./install-ibmtts-dialplan.sh.
Now you’re ready to take IBM’s Bluemix TTS for a test drive. Pick up any phone connected to your PBX and dial 951 for the latest Yahoo news. Then dial 947 and enter a 5-digit zip code to retrieve the latest weather conditions and weather forecast for your zip code. Enjoy!
If you’d like to try out the News application with IBM Bluemix, feel free call our Demo PBX and choose option 5:
Published: Monday, July 31, 2017
Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a difficult place to address support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
The Perfect Pair: Flawless VoIP with Issabel 4 and 3CX
We continue our Issabel 4 adventure today with a VoIP match made in heaven. Today, we’ll take advantage of the Nerd Vittles free 3CX server offering and interconnect it with an Issabel 4 PBX to enjoy the best of both worlds. From Issabel extensions, you can call your 3CX Clients by dialing 4 digits. From 3CX Clients, you can call Issabel extensions as well as your Asterisk® applications in the same way with the added bonus of being able to make outbound calls through your Issabel trunks by dialing any number with a 9 prefix. Once you have both of your PBXs running, the setup time to interconnect them is under 5 minutes.
Why would you want to maintain two PBXs? The simple answer is the added flexibility you achieve coupled with a 99% reduction in VoIP headaches. If you haven’t yet used 3CX Clients on a PC or Mac desktop or on an iOS or Android device, you have missed perhaps the greatest VoIP advancement of the last decade. As the name suggests 3CX Clients connect to a 3CX server with less than a one-minute setup. They work flawlessly from anywhere using WiFi or cellular. As an added bonus, you can kiss all of your Asterisk NAT woes goodbye! If you ever travel or if you need remote phone access to your PBX infrastructure, you owe it to yourself to try a 3CX Client. We promise. You’ll never again use a traditional SIP client.
Building Your Issabel and 3CX Server Platforms
The prerequisite for interconnecting Issabel and 3CX servers is, of course, to install the two PBXs on platforms of your choice. Our preference is cloud-based servers because it avoids many of the stumbling blocks with NAT-based routers. If you know what you’re doing, you obviously can deploy the PBXs in any way you like. For the Issabel 4 PBX, start with our introductory tutorial to install Issabel 4. Then follow the Incredible PBX for Issabel tutorial to add security and the Asterisk bells and whistles. For 3CX, start with our introductory tutorial which includes a link to obtain a free perpetual license supporting 4 simultaneous calls and unlimited trunks. Then secure your server by adding the Travelin’ Man 3 firewall for 3CX. Once both servers are up and running, whitelist the IP address or FQDN of the Issabel PBX on the 3CX server and vice versa. You’ll find the add-ip and add-fqdn utilities in /root of each server.
Overview of Interconnection Methodology
If you’re new to all of this, suffice it to say that 3CX is a powerful, commercial PBX while Issabel relies upon Asterisk and FreePBX® for its basic telephony operation. The two systems are quite different in terms of their approaches to interconnectivity. While you can transparently interconnect one 3CX server to another one, you cannot accomplish the same thing when the second PBX is Asterisk-based. Instead, the Issabel PBX is configured as a SIP trunk on the 3CX platform. The limitation this causes is that extensions on the Issabel PBX can only direct dial extensions on the 3CX platform. Issabel-based extensions cannot utilize 3CX trunks to place outbound calls. There’s more flexibility on the 3CX side of things. 3CX extensions can place direct calls to Issabel extensions. They also can take advantage of Issabel-based trunks to place outbound calls. Additionally, as we noted above, 3CX extensions can take advantage of every Asterisk application hosted on the Issabel platform including all of the Incredible PBX® enhancements. This actually works out perfectly because you can deploy 3CX Clients for your end-users, and they can take advantage of all the extension and trunk resources on both the 3CX and Issabel platforms. It also greatly simplifies remote deployment by removing NAT one-way audio hassles while allowing almost instantaneous setup of remote 3CX Clients, even by end-users.
For our setup today, we’re assuming you have elected to use 3-digit extensions on both the Issabel and 3CX platforms. To call extensions connected directly to the alternate server, we will simply dial 9 + the extension number on the remote PBX. To make external calls from 3CX extensions using Issabel trunks, we will dial 9 + a 10-digit number. For international users, you can adjust the dialplan on both PBXs accordingly.
By default, SIP trunks are associated with a DID on the 3CX platform. We will register the 3CX DID trunk with Issabel to maintain connectivity; however, we will not register the corresponding trunk on the Issabel side with the 3CX server. Keep in mind that you can only route a 3CX DID to a single destination, i.e. an extension, a ring group, or an IVR. But we can use 3CX’s CallerID routing feature to send calls to specific 3CX extensions from Issabel extensions even using a single 3CX trunk. For each 3CX extension, we’ll create an Outbound Route on the Issabel side with a CallerID number that matches the 3CX extension number we wish to reach. On the 3CX side, we’ll create an Inbound CID Rule that specifies the extension number to which each matching CallerID number should be routed. This sounds harder than it actually is. So keep reading, and it’ll all make sense momentarily. Once you’ve set all of this up, we think you’ll agree that it makes sense to create the bulk of your extensions exclusively on the 3CX side.
Configuring Issabel PBX for Interconnection to 3CX
Let’s begin by creating a Trunk on the Issabel PBX to connect to your 3CX server. In the Issabel GUI, choose PBX:PBX Config:Trunks and Add a SIP Trunk. Fill in the blanks as shown below. Make up a very secure secret for your Trunk and be sure to leave the Outbound CallerID field blank. Click on the image below if you need to enlarge it.
Because we set up the 3CX trunk with a from-internal destination context, we don’t need an Incoming Route for the 3CX Trunk. The calls will be processed exactly as if they were dialed from a local extension on the Issabel PBX, i.e. local calls will be routed to extensions and outgoing calls through trunks will be routed using your existing Outbound Routes.
Finally, we need to create the Outbound Routes for calls originating from Issabel extensions that should be directed to specific extensions on the 3CX platform. You’ll need a list of the 3CX extension numbers you wish to enable on the Issabel platform, and we’ll need to create a separate Outbound Route for each 3CX extension to be enabled. Create the Outbound Routes using the template below. We recommend including the 3CX extension in the Route Name. The Route CID and Route Pattern should be a 9 followed by the 3CX extension number for each Outbound Route you create. In the template below, we’re telling Issabel to route a call dialed as 9003 to extension 003 on the 3CX PBX. The Dial Manipulation Rule in the 3CX Trunk settings tells Issabel to strip off the 9 before sending the call to the 3CX PBX.
Configuring 3CX for Interconnection to Issabel PBX
Now we’re ready to set up the 3CX side to interconnect with your Issabel PBX. Start by creating a SIP Trunk and fill out the template as shown below using one of the phone numbers associated with your Issabel PBX as the Main Trunk No.
Fill in the Trunk Details using the example below. Be sure to specify the actual IP address or FQDN of your Issabel server as well as the SIP credentials of 3CX for username and the actual password you set up on the Issabel side of things. The Main Trunk No will be the same as you entered in the previous step. Choose a Default Destination for the Trunk.
When the SIP Trunks listing redisplays, highlight your new Asterisk trunk and click Refresh Registration. The icon beside the Trunk should turn green. If not, be sure your IP address and password match the settings on the Issabel side. Don’t proceed until you get a green light!
Now we need two Outbound Routes for calls placed from 3CX extensions. One will handle calls destined for Local Extensions on the Issabel side. Our design is to place calls to Issabel extensions by dialing 9 + the 3-digit extension number. Adjust this to meet your own requirements. Be sure to set the Route as Asterisk with a value of 1 for Strip Digits.
The other Outbound Route will handle calls destined for external calling with an Issabel trunk using a similar methodology. 3CX users will dial 9 + 10-digit number for calls to be processed by Trunks on the Issabel server.
Finally, we need an Inbound Rule for every 3CX extension that you wish to enable for remote calling from Issabel extensions. Use the Add CID Rule option to create each Inbound Rule using the sample below. In our example, we’re authorizing incoming calls to 3CX extension 003 where the CallerID number of the incoming call is 003.
Test Drive Your Interconnected Servers
Now we’re ready to try things out. From an extension on the 3CX server, dial 9 plus any 3-digit extension that exists on the Issabel server. Next, dial 9 plus a 10-digit number such as your smartphone. The call should be routed out of your Issabel server using the Trunk associated with the NXXNXXXXXX rule in your Issabel Outbound Routes. Finally, from an extension on your Issabel PBX, dial 9 plus 000 which should route the call to extension 000 on your 3CX server. Enjoy!
Published: Wednesday, July 19, 2017
Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a difficult place to address support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Leap Into Summer: Introducing Incredible PBX for Issabel
NEWS FLASH: A new release of Incredible PBX for Issabel is now available. Tutorial is here.
If you didn’t already know, we’ve always liked free. No strings, no gotchas, no demoware, and no legal shenanigans. That’s why our introduction of Issabel 4 last week was such a breath of fresh air. While there’s now an awesome free version of 3CX, the open source community has had a very long dry spell. So today we celebrate a decade of adding fun to phone systems with the introduction of Incredible PBX® for Issabel 4. It includes our next generation, preconfigured Travelin’ Man 3 firewall, additional text-to-speech engines (FLITE, GoogleTTS, and PicoTTS), voice recognition, turnkey trunk and extension setups with preconfigured tollfree calling, Google Voice support with OAuth 2 or plain text passwords for free calling in the U.S. and Canada, SMS messaging, telephone reminders, turnkey fax support, AsteriDex phone book with both voice and speed dialing, Wolfram Alpha, sample ODBC apps, and a boatload of dialplan code and AGI scripts to help anyone wanting to learn how to develop custom applications with Asterisk®.
Installing Incredible PBX for Issabel 4
Let’s start with the basics and get all of the Incredible PBX components loaded. As with all Incredible PBX builds, running the Incredible PBX installer will erase ALL of your existing Issabel configuration. So begin with a clean, unaltered Issabel 4 platform with no added components or configuration changes. Be sure to use either the June or July ISO for base Issabel install. We will update it from there as part of the Incredible PBX install. Just follow last week’s tutorial to bring up Issabel 4 on a dedicated server or a virtual machine.
JUST RELEASED: A new tutorial to walk you through Getting Started: Issabel in the Cloud.
The Travelin’ Man 3 firewall is installed and configured as part of the install. It whitelists certain IP addresses and blocks everyone else from even seeing your server on the Internet. For this reason, it is critically important that you perform the Incredible PBX install using SSH or Putty from a PC that you will use to manage your Issabel server. Otherwise, you risk locking yourself out of your own server. Whitelisted IP addresses include the Issabel server itself, the public and private IP addresses of your desktop PC, all non-routable, private LAN addresses, and the Nerd Vittles collection of recommended SIP hosting providers. You can add as many additional providers or users to the whitelist using the simple tools provided as part of the install and further documented below. Do NOT activate Issabel’s firewall.
As part of the install process, you’ll be prompted during both passes to create a password for MySQL/MariaDB and an admin password for the Issabel web GUI. The MySQL password MUST be passw0rd (with a zero), or you will get a permanent mess. The admin password can be anything you like. Passwords can be updated by running /root/admin-pw-change. Many of the Incredible PBX apps depend upon this MySQL password so don’t change it. Your MySQL databases remain secure and can only be accessed on localhost or after a successful root login to your server from a whitelisted IP address.
Begin the Incredible PBX install by logging into your Issabel server as root from a desktop PC using SSH or Putty and execute the following commands:
cd /root wget http://incrediblepbx.com/IncrediblePBX11-Issabel4.sh chmod +x IncrediblePBX11-Issabel4.sh ./IncrediblePBX11-Issabel4.sh
Introducing the (new) Travelin’ Man 3 Firewall
Issabel 4 includes an IPtables firewall component. Do NOT activate it because Incredible PBX includes its own preconfigured IPtables firewall, better known as Travelin’ Man 3. With the Issabel 4 firewall, the administrator is responsible for setting all of the firewall rules. With Travelin’ Man 3, all the heavy lifting is done for you. The design is also markedly different. Issabel 4 opens ports which you define, but it gives worldwide access to those ports by any user. Travelin’ Man 3 employs a WhiteList rather than opening ports for everyone. If you’re on the WhiteList, you get access to the limited collection of ports assigned to that IP address. If you’re not on the WhiteList, you cannot even see the Issabel PBX from the Internet. For those without remote telephones or traveling employees, this provides total protection of your server with virtually no further firewall management.
If you have remote users of your PBX or if you wish to deploy softphones on mobile devices and rely upon WiFi facilities at random locations, Travelin’ Man 3 provides several utilities to assist. If the remote users have static IP addresses, then those IP addresses can be added to the WhiteList by running /root/add-ip. Better yet, a NeoRouter VPN is provided that lets remote users access Issabel using NeoRouter private LAN addresses that already are WhiteListed as part of the installation process. These require little to no configuration with static or dynamic IP addresses even when switching between WiFi networks. For those with dynamic IP addresses and no VPN, FQDNs can be assigned using a service such as dyn.com and a dynamic DNS client can be loaded on the smartphone to keep the current IP address synchronized with the FQDN. On the Incredible PBX side, these FQDNs can be added using /root/add-fqdn, and the IP addresses will be updated automatically every 10 minutes. The final option to provide remote users the 3-digit PortKnocker codes from knock.FAQ and let them automatically whitelist their own IP addresses by running the PortKnocker client from any smartphone or Linux server. When the Issabel server detects a successful knock sequence, the source IP of the knock sequence is whitelisted until the next reload of the firewall. If an administrator prefers to allow permanent additions to the WhiteList that survive a reboot or restart of the firewall, the administrator need only run the following command one time: iptables-knock activate. WhiteListed entries can be removed using the /root/del-acct utility. Further details on the new Travelin’ Man 3 design are available here.
Update: The July Issabel ISO introduced a quirk into our Travelin’ Man 3 setup. For a reason that we have not yet tracked down, it is no longer possible to whitelist an IP address and use that address to access the Issabel GUI with a browser. Until we can track down the problem, we have modified the security methodology to access the Issabel web GUI. While we have opened port 443 for public access, we have added another layer of security by requiring Apache htaccess credentials before you can access any web site on your Issabel server. As the last step of the Incredible PBX installation procedure, you will be prompted to enter your admin password again. The username admin and the admin password are used BOTH for Apache authentication AND Issabel GUI authentication. Should you ever need to change your Issabel GUI admin password using /root/admin-pw-change, you also will need to execute the following command to change the admin password for Apache authentication: htpasswd -c /etc/pbx/wwwpasswd admin.
Setting Up a Softphone with Issabel 4
If you’re a Mac user, you’re lucky (and smart). Download and install Telephone from the Mac App Store. Start up the application and choose Telephone:Preference:Accounts. Click on the + icon to add a new account. To set up your softphone, you need 3 pieces of information: the IP address of your server (Domain), and your Username and Password. You can decipher your server’s IP address by running pbxstatus. If you wish to use one of the preconfigured extensions (701 and 702), you’ll find the randomized passwords in /root/passwords.FAQ. Now copy or cut-and-paste your Username and Password into the Accounts dialog of the Telephone app. Click Done when you’re finished, and your new softphone will come to life and should show Available. Dial the IVR (D-E-M-O) to try things out. With Telephone, you can use over two dozen soft phones simultaneously.
For everyone else, we recommend the YateClient softphone which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the Issabel extension. You’ll need the IP address of your server plus your extension number and password associated with either the 701 or 702 extension.
Configuring Google Voice Natively or Using Simonics
Everybody likes free calling, and nobody does it better than Google. Will it last? Well, the naysayers (including me) have been predicting its demise for over 5 years. Yet it keeps on ticking. If you live in the U.S. and want to take advantage of free calls in the U.S. and Canada, you’d be crazy not to deploy a Google Voice trunk on your PBX. Voice quality is near perfect. And the price is right.
The original release of Incredible PBX for Issabel did not support Google Voice trunks so we suggested an intermediary to provide the functionality through a SIP gateway. It works flawlessly using OAuth 2 password authentication, but it’ll set you back $5. If you prefer free, we’ve added the original Google Voice plain-text password solution from the FreePBX® 2.11 days in the latest Incredible PBX release using the July Issabel ISO. It is far from perfect. While you can make and receive calls and faxes to and from Issabel extensions, you cannot direct incoming calls to an IVR because of an old NAT quirk in Asterisk 11. If this isn’t a problem for you, keep reading. Otherwise, skip down to the Simonics tutorial below after completing the initial Google Voice setup which follows.
Here are the initial setup steps on the Google side:
1. Set up a dedicated Gmail and Google Voice account to use exclusively for this new SIP gateway. Head over to the Google Voice site and register. You’ll need to provide a U.S. phone number to verify your account by either text message or phone call.
2. Once you have verified your account by entering your verification code, you’ll get a welcome message from Mr. Google. Click Continue to Google Voice.
3. Provide an existing U.S. phone number for verification. It can be the same one you used to set up your Google account in step #1.
4. Once your phone number has been verified, choose a DID in the area code of your choice.
5. When your DID has been assigned, click the More icon at the bottom of the left column of the Google Voice desktop. Click Legacy Google Voice. Now click the Settings icon on your legacy Google Voice desktop. Make certain that Forward Calls to Google chat is checked and disable calls to your forwarding number. Click on the Calls tab and select Call Screening:OFF, CallerID (Incoming):Display Caller’s Number, and Global Spam Filtering:checked. The remaining entries should be blank.
6. Google Voice configuration is now complete. Sign out of your Google Voice account.
The Native Google Voice Solution using FreePBX Motif Module. Here’s a quick thumbnail of the steps to put all the pieces in place using the FreePBX Google Voice/Motif module. First, we set up a Google Voice account at Google as documented above. Next, we’ll set up the Google Voice account in the Issabel GUI to activate the Google Voice trunk. Next, we’ll add an Incoming Route to tell Issabel how to process Google Voice calls. Then we need to tell Google to relax the rules on use of plain text passwords. And, finally, we’ll restart Asterisk from the Linux CLI.
1. Login to the Issabel web interface with your admin password and choose PBX:PBX Config:Google Voice. Enter your Google Voice account name, password, and 10-digit phone number. Be sure to check all three boxes to Add a Trunk, Add an Outbound Route, and Send Unanswered Calls to Google Voicemail. Click Submit and then reload your dialplan when prompted.
2. Configure an Inbound Route for your incoming Google Voice calls. Click Inbound Routes in the PBX Configuration Menu. Then click Add Incoming Route and enter a Description for the route and enter the DID Number using your 10-digit Google Voice number. If you want to activate CNAM (CallerID Name) lookups, choose OpenCNAM from the Source list. Choose an appropriate Destination for the calls from the pull-down menu of choices. Use only an extension or a ring group. Then SAVE your settings and reload dialplan. To activate fax detection, change Detect Faxes to YES, Detection type to SIP, Detection time to 4, and Destination to Extension 329 (F-A-X). Click Submit and then reload your dialplan again.
3. On the Google site, login into your Google Voice account again. Then follow this link to Enable Less Secure Apps. Then follow this link to activate the Google Voice Reset Procedure. Now log out of your Google Voice account.
4. Login to your Issabel server with SSH/Putty as root and restart Asterisk: amportal restart
5. Now connect a SIP phone to extension 701 and place a call to any number in the U.S. or Canada.
6. Once you have placed an outbound call, incoming calls should work by dialing your Google Voice number from any phone. If you have trouble getting Google to answer the call, this is fairly typical. Try adjusting the NAT settings for your extension from YES to NEVER and place another call. Then change then back to NAT = yes, and you should be good to go.
7. For additional Google Voice trunks, rinse and repeat.
The Simonics GV-SIP Gateway Solution. Here’s the quick thumbnail of the steps to put all the pieces in place. First, we set up a Google Voice account at Google as documented above. Next, we’ll set up an account at the Simonics site to link our Google Voice account to the Simonics SIP Gateway. Then we’ll plug our Simonics SIP credentials into the preconfigured Simonics trunk on Incredible PBX. Finally, we’ll add Incoming and Outgoing Routes to tell Issabel how to process Google Voice calls.
Now you’re ready to set up an account on the Simonics site. With this Nerd Vittles link, there’s a one-time fee of $4.99.
1. Start by registering your new Google account.
2. After paying the $4.99 registration fee via PayPal, proceed through the setup process to link your Google Voice account and 11-digit Google Voice phone number to the Simonics SIP Gateway.
3. You then will be provided your SIP username and password as well as the gateway address, gvgw.simonics.com, to use in building your SIP trunk on your Issabel PBX.
4. If your SIP credentials ever get compromised, regenerate your password by logging back into the Simonics GW site.
Now it’s time to configure your Simonics trunk in Incredible PBX for Issabel. Start by logging into the Issabel web interface as admin with your admin password from above. Next, click PBX:PBX Configuration in the left Issabel menu. Click Trunks:Simonics-GV in the PBX Configuration menu. The Simonics-GV trunk template will display:
1. Untick the Disable Trunk check box.
2. In Outbound CallerID, insert your 10-digit Google Voice number.
3. In username, insert GV1 followed by your 10-digit Google Voice number.
4. In secret, insert your Simonics SIP password.
5. In the Registration String, insert GV1 followed by your 10-digit Google Voice number followed by a colon (:)
6. In the Registration String after the colon, insert your Simonics SIP password.
7. In the tail of the Registration String after the slash (/), insert your 10-digit Google Voice number.
8. Click Submit Changes and then Reload the Dialplan when prompted.
Now you’re ready to configure an Outbound Route for your Google Voice calls. Click Outbound Routes in the PBX Configuration Menu. Then click Add Route and fill out the form as shown below, save your settings, and reload the dialplan.
Finally, let’s configure an Inbound Route for your incoming Google Voice calls. Click Inbound Routes in the PBX Configuration Menu. Then click Add Incoming Route and enter a Description for the route and enter the DID Number using your 10-digit Google Voice number. If you want to activate CNAM (CallerID Name) lookups, choose OpenCNAM from the Source list. Choose an appropriate Destination for the calls from the pull-down menu of choices, e.g. extension, ring group, IVR, etc. Then SAVE your settings and reload dialplan.
Your Google Voice trunk through the Simonics SIP Gateway should now be working. You can verify this by entering sip show registry in the Asterisk CLI. Place a test call from a softphone connected to your Issabel PBX by dialing a 10-digit number. Then place a call to your Google Voice number from a mobile phone or home/office phone. The Asterisk CLI displays progress of calls by activating it from Linux CLI: asterisk -rvvvvvvvvvv
If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.
If you want to display your primary phone number on the pbxstatus dialog, simply enter the number in /etc/pbx/.phone.
Adding Speech Recognition Support to Incredible PBX
To support many of our applications, Incredible PBX has included Google’s speech recognition service. These applications include AsteriDex Voice Dialing by Name (411) and Wolfram Alpha for Asterisk (4747), all of which use Lefteris Zafiris’ terrific speech-recog AGI script. Unfortunately (for some), Google now has tightened up the terms of use for their free speech recognition service. Now you can only use it for "personal and development use." If you meet those criteria, keep reading. Here’s how to activate speech recognition on Incredible PBX. Don’t skip any steps!
If you like Siri, you’ll love Wolfram Alpha. To use Wolfram Alpha by phone, you first must obtain a free Wolfram Alpha APP-ID. Then issue the following command replacing APP-ID with your actual ID. Don’t change the yourID portion of the command:
sed -i "s|yourID|APP-ID|" /var/lib/asterisk/agi-bin/4747
Now you’re ready to try out the speech recognition apps. Dial 411 and say "American Airlines" to be connected to American.
To access Wolfram Alpha by phone, dial 4747 and enter your query, e.g. "What planes are overhead now?" Read the Nerd Vittles tutorial for additional examples and tips.
Configuring the Issabel Fax Server
Incredible PBX for Issabel includes turnkey fax support with Issabel. Once you have added a trunk that supports VoIP faxing (HINT: Google Voice trunks work great!), fax configuration with Issabel only takes a minute. Start by logging into the Issabel web interface as admin. First, navigate to PBX:PBX Configuration:Extensions:Fax and obtain your password for extension 329. Next, navigate to Fax:Virtual Fax:New Virtual Fax. Fill in the form as shown below using your actual email address and phone number for receiving faxes as well as your actual extension 329 secret. Then click SAVE. Assuming you typed your secret correctly, you will see a status notification showing virtual fax machine "Running and idle on ttyIAX1."
Assuming you already have set up a Google Voice trunk as outlined above, the next step is to modify the Inbound Route for this trunk to support fax detection. In that way, incoming fax calls will automatically be redirected to extension 329 and the received faxes will be emailed to you in PDF format. Set the email address in Fax:Fax Master. In addition, the faxes can be downloaded and managed from Fax:Virtual Fax:Fax Viewer. Modify your Inbound Route to match the #3 settings shown below. Then save/reload your changes.
To receive the incoming faxes by email, navigate to Fax:Fax Master and enter your email address. Then click SAVE.
The final step is to designate the IP addresses of those authorized to send faxes using Issabel. Navigate to Fax:Fax Clients and specify the public and private IP addresses (one per line) authorized to send faxes. Then click SAVE. Hylafax clients can be used remotely, or you can use the web utility included with Issabel: Fax:Virtual Fax:Send Fax.
The best way to test things out is to send yourself a test fax. FaxZERO lets you send 5 free faxes of up to 3 pages every day. Give it a whirl.
To send a fax out from your server from the Linux CLI using either a text document or PDF file, the syntax looks like the following:
sendfax -n -d 8005551212 smsmsg.txt
Sampling Other Incredible PBX Applications
As installed, Incredible PBX includes dozens of additional applications for Asterisk. Here’s how to sample some of them using a softphone connected to your Issabel PBX. A good place to start is Allison’s Demo IVR (dial D-E-M-O) using any phone connected to your PBX:
Nerd Vittles Demo IVR Options
1 – 411 -Call by Name (say "American Airlines")
2 – 2663 – MeetMe Conference
3 – 4747 – Wolfram Alpha
4 – 53669 – Lenny (The Telemarketer’s Worst Nightmare)
5 – 951 – Today’s News Headlines
6 – 947 – Weather Forecast (enter a 5-digit ZIP code)
7 – 86329 – Today in History
8 – 701 – Speak to a Real Person
For ODBC demos, dial 222 and enter 12345 for the employee number for a sample database application. Or dial 223 for a sample ODBC dialer using AsteriDex. Enter 263 (first three letters of American Airlines) to place the call. Sample dialplan code is stored in /etc/asterisk/odbc.conf. Dial L-E-N-N-Y (53669) to call or forward telemarketer calls to Lenny. Dial T-I-M-E (8463) for Time of Day. Dial *88HHMM to set an Alarm for HH:MM where HH is the hour of the day in military time. Dial C-O-N-F (2663) for MeetMe conference. Conference credentials are in /root/passwords.FAQ. Voice Dialer (411) works with any database entry in AsteriDex. Access AsteriDex with a browser at https://Issabel-IP-Address/asteridex4. Telephone Reminders can be scheduled by phone (123) or via the web: https://Issabel-IP-Address/reminders. Sample code for the FLITE, GoogleTTS, and PicoTTS engines is in 951 (Yahoo News) context of /etc/asterisk/extensions_custom.conf. All of your FreePBX "old favorites" including blacklists, call transfers and forwarding, dictation, recordings and more are still available as well: PBX:PBX Config:Feature Codes.
Update: We’ve added Allison’s Demo IVR to our own Issabel server at Vultr ($2.50/mo.)1 so you can judge the call quality and feature set for yourself. You can even send us a fax or SMS message if you’d like to try out those features:
For VoIP callers, use this free SIP URI: 1015954772235642@tampa.voip.ms
Published: Monday, July 10, 2017 Updated: Tuesday, July 25, 2017
Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a difficult place to address support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
- Some of our links refer users to providers that support Nerd Vittles through referral fees or advertising. These funds help cover the costs of our blog. We never recommend particular products solely to generate revenue. However, when pricing is comparable or particular features warrant our recommendation, we support these vendors and deeply appreciate their financial support of our software development efforts. [↩]
Independence Day for Elastix 4: Introducing Issabel 4
There was more than a little disappointment when PaloSanto Solutions closed up their Elastix® shop last year. The good news was that 3CX stepped in with a terrific free offer on their commercial PBX for Elastix users. And, of course, Sangoma® quickly learned Spanish to tout their closed source crippleware, the FreePBX® Distro. But today’s a new day, and there’s another great surprise as the discontinued Elastix 4 open source product is reincarnated as Issabel 4. Featuring a respin of CentOS 7 plus Asterisk® 11 and FreePBX GPL components (only), Issabel is the first new open source project in the Asterisk community in many, many years. And what a terrific GPL platform it is.
If you liked Elastix 4, you’re going to love Issabel. Its feature set not only matches Elastix 4, but it further enhances it with a collection of bells and whistles you won’t find anywhere else for free. In addition to a modern GUI and Dashboard, you’ll find a rich collection of add-ons to further enhance the FreePBX GPL components without any NagWare. There’s a native email server, a firewall, a fax server, chat service, Festival TTS, and optional add-ons for a Call Center, FOP 2, Vtiger CRM, and RoomX for hotel management.
2018 NEWS FLASH: Incredible PBX® 13 for the 2018 edition of Issabel supporting Asterisk 13 is now available for download. Complete tutorial available at this link.
For today, let’s get Issabel up and running. Installation is a breeze. Just download the 64-bit ISO from SourceForge. Be sure to use the January 2018 release. We will upgrade it from there when we install Incredible PBX 13 for Issabel in this new tutorial. Then burn the image to a CD or, better yet, load it up on your desktop PC with VirtualBox and take it for a quick spin. We think you’ll be thrilled.
Once you’ve installed the image and created your passwords, simply log into the Issabel GUI as admin with your GUI password. Click on PBX in the left column of the Dashboard. Set up a SIP trunk with an inbound and outbound route. Add an extension and a softphone, and you’ll be making your first call in minutes. If you’re unfamiliar with Elastix and FreePBX GPL components, here’s a quick tutorial to get you started.
Getting Started with Issabel 4
Here’s a quick overview of the installation and setup process for Issabel 4:
- Choose HW Platform – Dedicated PC, Cloud, Virtual Machine
- Install Issabel 4 – 64-bit CentOS 7 platform
- Activate Trunks for Issabel 4
- Connect a Softphone to Issabel 4
- Configuring SMTP Mail with Issabel 4
1. Choose a Platform for Issabel 4
Issabel 4 works equally well on dedicated hardware, a cloud-based server, or a virtual machine. Just be sure you have a sufficiently robust Internet connection to support 100Kb of download and upload bandwidth for each simultaneous call you wish to handle with your new PBX.
For Dedicated Hardware, we recommend at least an Atom-based PC of recent vintage with at least a 30GB drive and 4GB of RAM. That will take care of an office with 10-20 extensions and a half dozen or more simultaneous calls if you have the Internet bandwidth to support it. Our favorite hardware platform remains the $200 Intel NUC, and you can read all about it here.
For Cloud-Based Servers, we recommend RentPBX, one of our financial supporters who also happens to size servers properly and restrict usage solely to VoIP. This avoids performance bottlenecks that cause problems with VoIP calls. Yes, we have a coupon code for you to get the $15/month rate: NOGOTCHAS.1 The new image to support Issabel 4 should be available shortly. In the meantime, you can roll your own VPS using the Issabel ISO at Vultr for just $5 $2.50 a month using our referral code. First, upload the ISO by choosing Servers -> ISO -> Add ISO after login. ISO image link: http://nerd.bz/2ukpAXC
Next, create a new Instance by clicking the + icon in Servers. Choose a Server Location close to you. For Server Type, choose Upload ISO and pick your new ISO image. Use $2.50/month Server Size. Enter issabel for your Hostname. Leave everything else at default settings. Click Deploy Now. Click the Manage tab once your Cloud Instance is up and running. Make note of your server’s IP address. You’ll need it shortly.
Wait about a minute and then click View the Console to connect to VNC with your booted Issabel installer. Expand the console window so you can see the entire screen. Highlight Install and press ENTER. Choose the default Installation Destination, and then click Begin Installation. Click Root Password and set a very secure root password. Click Done to proceed with install. Have a cup of coffee while you wait. At about the 60% mark in the post-installation setup, the install may appear to be hung. Relax. It’s not. While you’re waiting, on the Vultr console, go to Settings -> Custom ISO under Server Details for your instance and locate the button to remove the ISO from the instance. Don’t do it yet. Switch back to the console window and wait for the instance to reboot and redisplay the Issabel installer menu. Now switch back to the Vultr window in your browser and click the Remove ISO button, and your server will reboot again. Close the Console window and then reopen it. Enter passw0rd (with a zero) for your MySQL password when prompted and create a very secure admin password for the web interface. Once the installer finishes, you can login to the IP address of your instance using user account admin and the web password you just created. If you ever need to reset them, login with SSH as root using your root password and issue the following command: issabel-admin-passwords --change
Update: On other cloud platforms that do not directly support ISO image installs, you can begin by installing a minimal, 64-bit version of CentOS 7. Then issue the following commands via SSH or Putty after logging into your server as root. NOTE: The 2018 release of Issabel featuring Asterisk 13 is NOT yet supported:
yum -y install wget nano openssh-server wget -O - http://repo.issabel.org/issabel4-netinstall.sh | bash
For Virtual Machine Installs, we recommend Oracle’s VirtualBox platform which runs atop almost any operating system including Windows, Macs, Linux, and Solaris. Here’s a link to our original VirtualBox tutorial to get you started. We suggest allocating 1GB of RAM and at least a 20GB disk image to your virtual machine for best performance. We actually used VirtualBox to build our first Issabel 4 platform.
2. Install 64-bit Issabel 4 on Your Platform
Begin by downloading the 64-bit Issabel 4 ISO. For dedicated hardware, burn the ISO image to a DVD and boot your server with the Issabel 4 ISO to begin the install. You’ll be presented with the CentOS 7 Installation GUI:
Choose: Time Zone (click)
Choose: Keyboard (click)
Choose: Install Drive (double-click)
Choose: Root Password (Make it Secure!)
Wait for Install and Reboot to Complete
Set MySQL Password to: passw0rd (MANDATORY: with a zero!)
Set Issabel admin Password: minimum 10 alphanumeric characters with upper & lowercase
For VirtualBox, create an Issabel 4 virtual machine of Linux (RedHat 64-bit) type by clicking New. Click Settings button. In System, enable I/O APIC and disable Hardware Clock in UTC Time. In Audio, enable Audio for your sound card. In Network, enable Bridged Adapter for Adapter 1. In Storage, click on Empty in the Storage Tree. Then click on the Disk icon to the right of CD/DVD Drive attributes. Choose the Issabel 4 ISO file that you downloaded. Click OK. Then start the virtual machine to begin the installation process. Follow the setup steps above to install Issabel 4 in your virtual machine.
3. Activate Trunks with Issabel 4
For those migrating from another aggregation including PIAF 3, this should be familiar territory for you. Using a browser, log into Issabel 4 at the IP address of your server using your admin password. Before you can actually make or receive calls outside your PBX, you’ll need at least one trunk. In the Issabel 4 GUI, click PBX -> PBX Configuration -> Trunks. Once you have your credentials from a provider, choose a provider from the list of preconfigured trunks on the right or create a new one. If you’re using one of the preconfigured options, remember to enable the trunk after adding your desired CallerID and credentials. Then save your settings and reload your Asterisk dialplan. That’s it. You’re ready to go.
To display your trunk registrations: asterisk -rx "sip show registry"
Google Voice Setup. If you wish to use Google Voice for free calling in the U.S. and Canada, you’ll need to sign up for an account with Simonics SIP to Google Voice Gateway service. Complete documentation is here. With the latest version of Incredible PBX 13 for Issabel, Google Voice support is included in the GUI.
Connection Issues. If you experience problems getting trunks to register with providers, add or remove the following entry in /etc/asterisk/sip_custom.conf: nat=yes
. Then restart Asterisk: amportal restart
.
4. Configure a Softphone for Issabel 4
You can connect virtually any kind of telephone to your Issabel 4 PBX after you first create a SIP extension. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP.
We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter your credentials once you create a 701 extension in Issabel 4. You’ll need the IP address of your server plus your extension 701 password. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password is assigned to the extension. Here’s what your entries should look like. Click OK to save your entries.
Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls.
5. Configuring SMTP Mail with Issabel 4
Outbound email support using Postfix is preconfigured with Issabel 4. You can test whether it’s actually working by issuing the following command using your destination email address after logging in as root:
echo "test" | mail -s testmessage yourname@gmail.com
If you don’t receive the email message within a minute or two and you’ve checked your spam folder, chances are your ISP is blocking downstream SMTP servers in an effort to combat spam. Comcast is one of the usual suspects. To enable outbound email service for delivery of voicemail and other email messages with a provider blocking downstream SMTP servers, just follow our recent tutorial to reconfigure Postfix on your server.
Published: Monday, July 3, 2017
Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a difficult place to address support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
- Some of our links refer users to providers that support Nerd Vittles through referral fees or advertising. These funds help cover the costs of our blog. We never recommend particular products solely to generate revenue. However, when pricing is comparable or particular features warrant our recommendation, we support these vendors and deeply appreciate their financial support of our software development efforts. [↩]
3CX in the Cloud: 8 Great Ways to Secure Your Server
Now that many of you have taken advantage of the opportunity to deploy a free 3CX server, it seemed like an opportune time to share what we’ve learned while deploying 3CX on hosted platforms in the cloud. If you’ve followed our Nerd Vittles adventures over the years, you already know that our number one consideration with any PBX deployment is security. Without that, you’re just paying somebody else’s phone bill. While 3CX is extremely secure as delivered, once you choose a cloud-based platform, it’s a new ballgame. There is no 3CX firewall sitting between your PBX and the Internet.
We hear some of you saying, "I love Asterisk. Why would I want to move to 3CX?" The short answer is don’t move, add a new 3CX server to supplement your existing Asterisk® infrastructure. Why? Because the 3CX Clients for Windows, Macs, iOS, and Android are incredibly compelling. You can make a connection from anywhere using WiFi or cellular infrastructure and make crystal clear calls with zero hassles. Better yet, folks can reach you on your mobile phone from anywhere in the world at zero cost by dialing your SIP URI using any SIP device including SIP softphones and other 3CX Clients. And the 3CX Client is literally plug-and-play. Send the welcome email for the extension you wish to activate on the 3CX Client, and in one-click your 3CX Client is automatically configured and on line. By interconnecting your 3CX server with your existing Asterisk infrastructure, you get the best of both worlds without the messy NAT and firewall problems that were daily fare using Asterisk alone. But we’re getting ahead of ourselves, let’s get your 3CX server in the Cloud properly secured before moving on to the fun stuff.
Five years ago, we first introduced our Failsafe PBX Security Tips to Sleep Like a Baby. That’s well worth a careful read before we begin. For today, we’ll be implementing most of the Travelin’ Man 3 Security Model with a few tweaks to take advantage of existing 3CX security features. We’ll walk you through (1) choosing a cloud platform, (2) deploying the IPtables Linux firewall, (3) implementing a WhiteList to hide your server from those that don’t need access, (4) installing PortKnocker to make it easy for end-users to give themselves access to your PBX, (5) configuring FQDNs and implementing dynamic DNS updates for remote users, (6) setting up a BlackList to complement 3CX’s existing Anti-Hacking mechanisms, (7) deploying IPset to facilitate blocking entire countries from accessing your server, and (8) protecting SSH by setting up Fail2Ban and changing ports.
Let’s spend a moment considering the best security methodology for your cloud-based server. The short answer is IT DEPENDS. If all of your users are situated in the same location and never travel and you don’t care to enable SIP URI calling from anywhere in the world to save on phone costs, then the solution is pretty easy. We can lock your server down to the public IP address of your private LAN, and nobody else will ever see your server. Once you add users outside your home office, things get more complicated. If they are all sitting behind local routers with public IP addresses that are static, things are still fairly straightforward. We can whitelist all of the static IP addresses, and again nobody else will see your 3CX server. If you have users that travel for a living or need 3CX Client connectivity from their smartphones or from PCs at various locations that only have dynamic IP addresses, then things get more complicated. You can take your chances and expose SIP communications ports while locking down other access, or you can lock down everything, assign FQDNs to each user, and use dynamic DNS clients running on Android or iOS devices or local PCs to regularly update IP addresses of users in the firewall whitelist.
Another option that we use when traveling is PortKnocker which will be installed as part of our Travelin’ Man 3 security suite. The way this works is you send a single packet to three different TCP ports on your server using a predefined sequence of 3 port numbers. When there is a match, the server will automatically whitelist your IP address. Then you can log into SSH or the Web portal or use a 3CX Client in the usual way. There are PortKnocker clients for smartphones (Android’s DroidKnocker and iOS PortKnock), or you can use the command line from a Linux server to immediately authorize remote access from any IP address. No firewall modification is required. By default, Travelin’ Man 3 temporarily authorizes IP address access until the next server reboot. But you can elect to permanently whitelist the IP addresses if desired. Again, all of this can be performed remotely by end-users without ever touching your server or calling upon assistance from an administrator.
Finally, we’ve provided utilities in /root to assist an administrator in whitelisting IP addresses (add-ip) or FQDNs (add-fqdn) as well as removing whitelisted entries (del-acct). In addition, if you prefer to leave your server exposed, we’ve included tools to blacklist IP addresses (add-blacklist), and our discussion below will provide some alternatives to secure SSH access. Whichever path you choose, just be aware that server security it totally your responsibility, not ours and not 3CX’s. We strongly recommend that you regularly monitor the Event Log in the 3CX Dashboard for security issues and attempted breaches. You then can make firewall adjustments to address the problems or to further lock down your server.
LEGAL DISCLAIMER: ALL OF THE SECURITY CODE WHICH FOLLOWS IS DISTRIBUTED AS IS AND PURSUANT TO THE GPL2 LICENSE. YOU AGREE TO ASSUME ALL RISKS BY USING THIS SOFTWARE. YOU ARE FREE TO MODIFY IT TO MEET YOUR REQUIREMENTS SO LONG AS YOU COMPLY WITH THE GPL LICENSE TERMS AVAILABLE HERE.
For today’s tutorial, we will cover both the WhiteList 3CX firewall methodology and the less secure BlackList alternative. We’ll walk you through exposing the necessary ports if you elect to use this relaxed security configuration for your server. Just be aware that it’s your phone bill at stake particularly if you have authorized calls to countries outside the location of your server as part of your 3CX setup.
1. Choosing a 3CX Cloud Platform
Here are a few things to consider when choosing a cloud platform for your 3CX server. Keep in mind that the cloud giants like Amazon charge for data bandwidth usage AND data storage AND processing cycles. Even though Amazon uses what are traditionally considered non-routable IP addresses internally, be advised that Amazon internally routes these private LAN addresses. What that means is that, if you have whitelisted private LAN addresses in the 172.16.0.0/12 range, you will expose your server to hacking attempts from anyone with an Amazon S3 account. For that reason coupled with the pricing structure, we recommend against using Amazon as your 3CX cloud platform.
We also recommend you stick with VPS hosting plans using the KVM architecture and avoid OpenVZ unless it’s hosted with Virtuozzo 7. The traditional shared kernel architecture of OpenVZ means you will forfeit the ability to use powerful tools such as IPset to blacklist country-wide IP addresses from countries such as China and Russia. Over 90% of the attacks we see on our web sites originate from IP addresses in just those two countries. Fortunately, the new Virtuozzo 7 implementations of OpenVZ support ipset. SSDnodes in Montreal is the provider we use.
The rest of the cloud platform equation comes down to balancing the feature set and performance against the cost. At the bottom of the barrel is CloudAtCost which offers lifetime cloud services for a one-time charge PLUS an annual maintenance charge. Performance and reliability range from awful to tolerable. As an experimental platform, it’s worth considering. For anything beyond that, don’t waste your time or money.
Our preferences in low-cost, moderate performance cloud platforms include OVH virtual private servers ($3.49/mo. for 2GB RAM, 10GB SSD, 100Mbps unlimited bandwidth, and DDoS protection), Vultr VPS ($5/mo. for 1GB RAM, 25GB SSD, 1TB bandwidth), and Digital Ocean ($5/mo. for 512MB RAM, 20GB SSD, 1TB bandwidth plus $10 usage credit). For high performance, long-term use, nobody beats our corporate sponsor, RentPBX.com, at $15/mo. with referral code: NOGOTCHAS.1
2. Deploying the IPtables Linux Firewall
We’ve taken the pain out of deploying IPtables as a 3CX firewall. Our Travelin’ Man 3 script for 3CX does the heavy lifting for you by installing and preconfiguring IPtables and a collection of other security components. There are two alternatives when running the installer. You can completely lock down your server and use a firewall whitelist to enable access from specified IP addresses or FQDNs. There are utilities to allow administrators and end-users to add their own addresses to the whitelist. The other option is to run 3CX without the whitelist functionality and employ blacklisting to reduce the exposure of your server. This obviously increases the security risks but reduces the administrative burden on administrators and end-users. And, as you probably know, 3CX includes some security mechanisms to block or reduce attacks on your server. A third option using 3CX Clients or SBCs in networks that prevent VoIP calls is to deploy 3CX’s VPN-like Tunnel. This is well documented in this server tutorial and this client tutorial. It’s worth a careful look if you’re in a country that blocks VoIP calls, and it works with either TM3 firewall configuration. A fourth option which we will save for another day is to employ virtual private networks such as OpenVPN and NeoRouter. With VPNs, there’s more work on the front end but less day-to-day administration once properly configured.
If you don’t have widely scattered users and traveling users that need to employ 3CX Clients, the WhiteList option is far preferable. It sets up a WhiteList of devices that are authorized to access your PBX. Nobody else can even see the server on the Internet. To get started, log into your server as root using SSH or Putty. Be sure to login from a computer that will be used to manage your server so that this computer’s IP address gets whitelisted. You don’t want to lock yourself out of your own server! Then issue the following commands at the Linux prompt to run the TM3 installer, accept the license agreement, and choose either the WhiteList or BlackList option when prompted:
cd / wget http://incrediblepbx.com/tm3-3cx.tar.gz tar zxvf tm3-3cx.tar.gz rm -f tm3-3cx.tar.gz cd /root ./tm3-3cx.sh
When the installer finishes, press ENTER. You now have a functioning 3CX firewall with IPtables and Fail2Ban functionality to protect SSH logins from hacking attempts, IPset to block server access from certain countries, PortKnocker to facilitate remote user access to servers employing a WhiteList, and a collection of utilities in /root to facilitate WhiteListing and BlackListing of IP addresses and FQDNs by administrators.
3. Implementing the 3CX Firewall WhiteList
For the more technical types, here’s an overview of how the IPtables firewall is configured and functions. Currently, only IPv4 is protected. The basic setup is handled in /etc/iptables/rules.v4 by making a copy of rules.v4.tm3 and whitelisting 3 IP addresses: your server, your user PC from which you logged into SSH, and your public IP address. Additional whitelist entries are added using add-ip or add-fqdn in /root. Or end users can whitelist themselves using the PortKnocker credentials stored in /root/knock.FAQ. IPtables ALWAYS must be restarted/reloaded using the command: iptables-restart. This assures that all necessary components are reloaded including the base rules.v4 IPtables config plus the custom config in /usr/local/sbin/iptables-custom plus Fail2Ban. An administrator can remove whitelisted entries using /root/del-acct using the *.iptables filename associated with the entry to be removed. PortKnocker whitelist entries are stored by creation date.
Two templates for the TM3 custom configuration are stored in /usr/local/sbin. The WhiteList is iptables-custom.secure. The BlackList is iptables-custom.insecure. As part of the install, one or the other is copied into iptables-custom for use with your IPtables firewall. The code is well documented so that administrators can easily make modifications to support your own requirements. Simply rerun the tm3-3cx.sh installer once you have made changes, and your server will be reconfigured. Be advised that any previously added whitelist entries should be removed (/root/*.iptables) BEFORE rerunning the installer as these entries will not be replicated.
4. Using PortKnocker with the TM3 Firewall
There are two ways to use PortKnocker for end user management of the WhiteList. The default methodology is to temporarily WhiteList qualifying IP addresses whenever a successful port knock is performed from any remote site. This WhiteList addition to the firewall lasts only until the firewall is restarted with iptables-restart or the server is rebooted. For a mobile workforce, this is probably the preferable alternative with frequently updated remote IP addresses. The other alternative is to permanently add successful PortKnock IP addresses to the iptables-custom whitelist. The administrator can activate this by running the following command: iptables-knock activate. As with other WhiteList additions, these are stored in /root as *.iptables. To use PortKnocker, remote users will need the secret knock credentials stored in /root/knock.FAQ. Should you ever need to modify these codes when an employee is fired, simply edit /etc/knockd.conf and change the codes. Remember to revise /root/knock.FAQ with the new codes. Then restart PortKnocker: /root/knock-tester.sh.
5. Configuring Dynamic DNS for End Users
Here’s an easier way to set up remote users whose IP addresses regularly change either because of an ISP’s dynamic IP addressing scheme or because the user travels or frequently uses 3CX Clients from a smartphone. The trick here is to assign a fully-qualified domain name (FQDN) to each remote user’s device and then deploy a dynamic DNS update application on their device to keep the user’s current IP address in sync with their FQDN. As part of the TM3 implementation on 3CX, we included the /root/ipchecker script which checks for IP address changes every 10 minutes and updates the firewall whitelist accordingly. All that is required from the administrator is running /root/add-fqdn once for each remote user. Everything else is automatic on the 3CX server and the end user device.
There are a number of Dynamic DNS providers. Some are free and others have a modest annual fee. When it comes to DNS service, you get what you pay for. And our favorite remains dyndns.com. There are hundreds of domain names from which to choose, and there are update clients for most client platforms: Windows, Mac, Linux, iOS, and Android.
The setup procedure is straight-forward. (1) Choose a FQDN for each of your users on the dynamic DNS provider site. (2) Install and configure the DNS updater on each client device. (3) Run /root/add-fqdn on your 3CX server to add the FQDNs of each user to the TM3 WhiteList. (4) Restart IPtables: iptables-restart.
6. Implementing BlackLists with the TM3 Firewall
If an administrator elects NOT to deploy the 3CX firewall with a WhiteList and opts for the open 3CX firewall, then there are some additional steps to assure that your server remains secure. First, you’ll want to carefully monitor the 3CX Event Log in the 3CX web dashboard. When you spot hacking attempts that are being temporarily blocked by your 3CX server, immediately add them to your IPtables BlackList: /root/add-blacklist ipaddress. Thereafter, those users will no longer be able to access your server. After adding less than a handful of entries, our exposed server has not seen any further hacking attempts. YMMV!
7. Configuring Country Blocking with IPtables
The primary reason individual blacklist entries are unnecessary is because the TM3 installer automatically configures IPset to block access from a number of problematic countries. You can review these in /etc/block-china.sh and make modifications based upon your own requirements. Keep in mind that, if you add or remove countries from the script, you will need to add/remove the same entries in /usr/local/sbin/iptables-custom to assure that all of the countries you intend to block are assimilated into your firewall’s blacklist. Then reload the IPset tables and restart IPtables with this command: /etc/block-china.sh. To begin, you’ll need to decipher the country code for additional countries you wish to block. The country listing with codes is available here. The IPset country zones are available here.
The syntax for a new country addition in /etc/block-china.sh looks like this with the country name inserted in lines 1 & 4 and the country code inserted in lines 2 & 3:
/sbin/ipset -N china hash:net rm cn.zone /usr/bin/wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone for i in ; do /sbin/ipset -A china ; done
The blacklist entries in /usr/local/sbin/iptables-custom look like this using the country name from above:
/sbin/iptables -A INPUT -p tcp -m set --match-set china src -j DROP /sbin/iptables -A INPUT -p udp -m set --match-set china src -j DROP
None of the country modifications take effect until you reload the IPset tables and restart IPtables. Both are accomplished by running /etc/block-china.sh.
8. Hardening SSH with 3CX in the Cloud
If you chose to implement the TM3 WhiteList option, SSH on your 3CX server is insulated from SSH attacks because the bad guys can’t see or access port 22 on your server. However, if you’re using the non-WhiteList approach with IPtables, then some additional safeguards to secure SSH are appropriate. As part of the TM3 security suite, Fail2Ban was installed to block repeated attempts to login to SSH. While this offers some protection, be advised that Fail2Ban scans logs and, as such, requires a sufficient time slice of processing power to complete the task regularly. Some of the more vicious hacking attempts originate from extremely powerful server platforms that can monopolize processor resources thereby depriving Fail2Ban of the necessary horsepower to adequately protect your server from brute force SSH attacks. The most important thing you can do to protect SSH on your server is to regularly review /var/log/auth.log for hacking attempts and block those IP addresses using the add-blacklist script.
The most effective way to configure SSH access is to deploy key-based authentication using cryptographically secure keys. Once enabled and tested, be sure to remove the ability to login using your root password. But be aware that removing root password access will mean that you cannot login to your server from multiple devices without copying your private key to every device from which you wish to obtain access. An excellent tutorial that will walk you through the basic implementation procedure is available from Digital Ocean.
The other effective way to minimize SSH attacks is to change the default access port on your server from port 22 to some other TCP port above 1024. While there are arguments against this approach, if you have a dedicated IP address assigned to your server, the likelihood of a bad guy hijacking your IP address and setting up a script to fake SSH behavior and surreptitiously collect your passwords is extremely remote. Most of the bad guys use toolkits that target port 22 for brute force SSH attacks. By changing the port, you cut your vulnerability by about 99 per cent. Here’s how. First, edit /etc/ssh/sshd_config. Change the line near the top of the file from Port 22 to some port number above 1024. If the line is commented out with #, remove the #. Second, edit /etc/iptables/rules.v4. On or about line 27, change 22 to the port number you assigned in the first step. Third, edit /etc/fail2ban/jail.conf. Scroll down to the [ssh] section of the file and change the port entry to: port = ssh,1234 where 1234 is the port number you assigned in step one. Save the file. Fourth, restart SSH: /etc/init.d/ssh restart. Finally, restart IPtables: iptables-restart.
When using an SSH client to login to your server, the new syntax should look something like this: ssh -p 1234 root@ipaddress where 1234 is the port you assigned for SSH access to your server and ipaddress is the IP address or FQDN of your server. When using putty, be sure to change the port to match the SSH port you assigned for SSH access to your server.
Nerd Vittles Exclusive: Grab your new (free) 3CX perpetual license with unlimited SIP trunks, 10 extensions, 4 simultaneous calls, and 10-user conferencing here.
Originally published: Friday, June 23, 2017
Need help with 3CX or VoIP? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
- Some of our links refer users to providers that support Nerd Vittles through referral fees or advertising. These funds help cover the costs of our blog. We never recommend particular products solely to generate revenue. However, when pricing is comparable or particular features warrant our recommendation, we support these vendors and deeply appreciate their financial support of our software development efforts. [↩]
The World Traveler and 3CX: A Match Made in Heaven
Last week we introduced the new (free) version of PIAF5 powered by 3CX v15.5 supporting four simultaneous calls, unlimited trunks, 10 extensions, and 10-user conference calls. And today we’re torture-testing our new 3CX server in the Bahamas aboard one of Carnival’s 3,000-passenger floating cities. Somebody’s gotta do it, right? What makes this such a challenging test for any PBX are several things. First, we’re using a free Google Voice trunk on a free 3CX PBX that we configured in under 10 minutes at CloudAtCost for a one-time cloud server charge of $17.50. Second, we’re sharing a satellite Internet connection with 3,000 other people in the middle of the Caribbean. The weekly charge is about $100 so every Internet junkie subscribes. Third, we’re using a 3CX Client on an iPhone in Airplane Mode. And, finally, we’re sitting behind the most Draconian firewall you can imagine because Carnival assumes everyone is a bad guy trying to bring their Internet service to its knees.
For those coming from the Asterisk® world, I don’t have to remind you how challenging this NAT-based setup would be even assuming you had a flawless Internet connection. Believe me. We don’t. And the secret sauce that makes all of this seem like child’s play is the latest collection of 3CX Clients for PCs, Macs, Android devices, and iPhones/iPads. Simply download the client for your platform, log into your 3CX portal and send the welcome email from a configured extension to your phone, open the email on your phone and double-click on the attachment, and boom. Your 3CX Client is automatically configured in seconds and ready to make your first call. A monkey could do it. It’s that easy!
So our torture-test for today looks more like a final exam in VoIP telephony. We’ll be using Carnival’s WiFi connection from our iPhone with its iOS 3CX Client. We’ll dial into the Incredible PBX™ at our office in Charleston. The office number is configured with a Stealth AutoAttendant which we’ll use to make an outbound call to our Demo IVR in Marbella, Spain using DISA and a FreeVoipDeal trunk. For the techies, it’s the NAT Trifecta with DTMF hurdles that are virtually impossible to traverse using Asterisk and any SIP client.
Guess what? It not only works, but it sounds like you’re sitting in the adjoining office. No echo, no DTMF problems, no missing audio, and no detectable problems in voice quality with either the Charleston IVR or the Marbella IVR. If cost matters and traveling is a key component in your telephony requirements, you owe it to yourself to set up a free 3CX PBX and take it for a spin. Whether you use it to supplement an existing Asterisk setup or as a standalone PBX, we think you’ll be thrilled with the results.
Continue reading about the new, free PIAF5 server powered by 3CX v.15.5…
Originally published: Monday, June 12, 2017
Need help with 3CX or VoIP? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Postfix + Gmail: A Pain-Free SMTP Relay for Wazo PBX
Let’s face it. As the number of Internet service providers blocking downstream email servers continues to proliferate, getting a reliable email server configured with Incredible PBX™ and other VoIP servers has become painful. If you’re new to all of this, here’s the simple explanation. Internet providers such as Comcast intentionally block outbound email from mail servers managed by their residential customers. While it may appear arbitrary, there actually is a good reason. The bad guys quickly discovered that many folks setting up SendMail and Postfix servers didn’t much know what they were doing, and it became fairly easy to turn these servers into anonymous email relay hosts for spammers. The sledgehammer solution was to simply block all of these servers from sending outbound email except through Comcast’s SMTP servers. In the VoIP world, that meant you could no longer depend upon your server to notify you when critical services came unglued.
We previously have posted tutorials showing how to configure SendMail to send outbound emails using either your Gmail account or your Comcast account. There’s one major problem on the Wazo platform. It uses Postfix instead of SendMail. More importantly, you can’t replace the mail server without breaking Wazo.
Configuring Gmail as an SMTP Relay Host for Postfix
So here’s the step-by-step procedure to configure Wazo to use Gmail as your SMTP relay:
1. Log into your server as root and issue the following command:
dpkg-reconfigure postfix
Click OK on the first dialog. Choose Internet Site as your Type of Mail Configuration. Accept the defaults for the System Mail Name, Root and Postmaster Recipient, and Other Destinations. Choose Yes for Forced Synchronous updates. Accept the defaults for the Local Networks, Default Mailbox Size, and Local Address Extension Character. Choose IPv4 for the Internet Protocol.
2. Once Postfix is reconfigured, edit /etc/postfix/main.cf. In the second section of code beginning with relayhost =
, replace it with the following block of commands:
relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_fallback_relay =
3. Install the following package: apt-get install libsasl2-modules
4. Create the following new file using your Gmail account name and password.
nano -w /etc/postfix/sasl_passwd:
[smtp.gmail.com]:587 yourname@gmail.com:yourpassword
5. Change the permissions on the sasl_passwd file:
chmod 600 /etc/postfix/sasl_passwd
6. Use postmap to compile and hash the sasl_passwd file:
postmap /etc/postfix/sasl_passwd
7. Restart Postfix: /etc/init.d/postfix restart
8. Send yourself a test email: echo "test" | mail -s "Test Mail" somebody@gmail.com
What Could Possibly Go Wrong?
In a perfect world, you’d be all set, and your emails would start arriving as scheduled. But things aren’t always that simple.
If you happen to be using a Gmail account with 2-Step Verification enabled, then your standard Gmail password obviously isn’t going to work. Instead, you’ll need to create an App Password for exclusive use with Postfix. Here’s how. Once you’ve generated the password, just substitute it for your standard Gmail password in step #4 above. Then recompile and hash the sasl_passwd file in step #6 and restart Postfix in step #7.
If your Gmail account was created from an IP address that differs from the IP address of your Wazo server, then you may also need to relax Google’s security mechanisms before attempting to send your first email in step #8. Login to your Gmail account and perform the Google Reset Procedure. Then enable Less Secure Apps using this Google tool. Now attempt to send yourself a test email as documented in step #8 above. Enjoy!
Published: Monday, May 29, 2017
Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a difficult place to address support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…