Home » Incredible PBX » CentOS/SL Platform (Page 20)

Category Archives: CentOS/SL Platform

The Most Versatile VoIP Provider: FREE PORTING

The New Hybrid PBX: Why Settle for a One Trick Pony?

blank

Let’s face it. It’s hard not to like the application development flexibility that Asterisk® offers, especially if you’re part of an organization that has very specific telephony needs. But the price you pay for "free" and putting all of your eggs in the Asterisk basket is painful. Here are a few of the hurdles that come to mind: security, NAT, one-way audio, remote users, CRM support, conferencing, painful upgrades to address frequent bug fixes, and, more generally, telephone management and support. We love Asterisk, but…

Most folks don’t buy all of their cars or groceries or computer software from a single company. So why do it with your phone system when you can take advantage of the best of all worlds, open source and commercial? To us, that’s the compelling case for integrating a 3CX commercial PBX into your Asterisk infrastructure. It’s a new iteration of what we used to call a hybrid PBX. And you can do it without cost for a full year to kick the 3CX tires and provide your mobile users with transparent phone service regardless of where they are roaming. Using the special Nerd Vittles signup link, you get a custom version of 3CX that supports 4 simultaneous calls, 10-user web meetings, unlimited trunks, and 10 or more extensions. After the first year, you can either spring for less than $100 a year to maintain the 3CX free PBX platform and mobile clients with pain-free updates, or you can upgrade to a more robust 3CX Pro commercial offering with a much expanded feature set including call center technology and seamless CRM integration with MS Exchange, Salesforce, Microsoft Dynamics, Microsoft Outlook, Office 365, Google Contacts, Exact Online, Freshdesk, Datev, Zendesk, Nutshell, vtiger, EBP, Insightly, amoCRM, Bitrix24 and Act. What’s not to like?

If you’re a frequent Nerd Vittles visitor, you already know that the 3CX clients for iOS, Android, Windows, and Macs are one of our favorite telephony apps of all time. The ease with which the 3CX client can be configured with a single click on an email attachment is revolutionary. And, once configured, the fact that you never again experience a NAT problem with a SIP call is nothing short of miraculous. As we’ve previously mentioned, the 3CX Client provides a nearly perfect mobile client for those that rely upon Asterisk. Now 3CX is poised to release an even easier configuration procedure for their mobile clients in update 2 for version 15.5. Simply log into your 3CX web client on a PC or Mac and choose the Settings:QR Code option from the menu bar. 3CX will present a QR code to activate the 3CX Client for your smartphone. Scan it using the 3CX Client app on your smartphone and, presto, your phone is instantly provisioned. It doesn’t get any easier than this…



Let’s spend a little time reviewing our favorite Hybrid PBX setup. In this scenario which is perfect for small businesses with a mobile workforce, the setup looks like this. An Asterisk server is deployed to manage company trunks including Google Voice, voicemail, IVRs, custom apps, and extensions for every employee. Then we add a 3CX free PBX, interconnect it with the Asterisk PBX, and assign a 3CX extension for every employee. The 3CX extensions will all tie back to the employee extensions on the Asterisk PBX. It obviously simplifies things if you keep your number schemes consistent. For example, extension 7000 on the Asterisk PBX could be matched to extension 000 on the 3CX PBX. Then we set up outbound trunks on both the Asterisk PBX and 3CX to dial a 9 prefix to reach extensions on the other PBX. So dialing 9000 on the Asterisk PBX would connect the caller to extension 000 on the 3CX PBX. On the 3CX side, dialing 9000 would connect the caller to extension 7000 on the Asterisk PBX in our example. And, of course, 3CX Clients can reach any number worldwide using Asterisk outbound trunks by dialing a 9 prefix and then the long distance number. Our previous tutorials will walk you through setting this up with Incredible PBX® 13, Issabel™, any FreePBX®-based PBX, or even Wazo. Once you complete the 5-minute setup, mobile users can take advantage of all the powerful features on any 3CX Client platform while still receiving their incoming calls from the Asterisk-based office PBX by simply forwarding their extension to their matching 9XXX destination on the 3CX platform. This will ring their 3CX Client anywhere in the world with nothing but a Wi-Fi connection! And it’s a free call.


blank

Published: Monday, October 16, 2017  


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

The Ultimate Voice Dialer for Asterisk and Incredible PBX

blank

Let’s face it. Voice recognition with Google has been hit and miss, and that’s on a good day. So we’re delighted to shift gears and introduce a new platform powered by IBM Watson’s Speech-to-Text (STT) engine. While it’s not free, that’s really theoretical for most of our readers. Your first month on the platform is entirely free. And, after that, you get 1,000 minutes a month of free voice recognition services. If you still want more, it’s 2¢ a minute.

We first introduced IBM’s STT platform back in March when we documented how to use the service to transcribe voicemails and deliver them via email. Today, we’re introducing the Incredible Voice Dialer for Asterisk. It runs on all of the major Incredible PBX platforms: CentOS, Wazo, and Issabel. It’s married to our AsteriDex phonebook application that is deployed with Incredible PBX using MySQL, MariaDB, or SQLite3 depending upon platform.

The way it works is a user picks up an extension on your PBX and dials 411. The caller will be prompted for the name of the person or company to call. Once the caller says the name, the Incredible Voice Dialer will send the recording to IBM’s Watson STT engine for transcription. The result is then passed to AsteriDex where the text will be matched against the phone number saved for that person or company. The number is then passed to your default outbound trunk to place the call. All of the magic happens in less than two seconds, and the call begins ringing at your destination. You can try it out for yourself on our demo server this week. Just dial: blank, choose option 1 when the IVR answers, and then say "Delta Airlines" or "American Airlines" when prompted for a name. The queries support wildcard matching. If you say "Delta", you’ll still be connected to Delta Airlines.

What About the Quality? Here’s the bottom line. Speech recognition isn’t all that useful if it fails miserably in recognizing everyday speech. The good news is that IBM Watson’s speech recognition engine is now the best in the business. If you want more details, read the article below which will walk you through IBM’s latest speech recognition breakthrough:


Creating an IBM Bluemix Speech to Text Account

NOV. 1 UPDATE: IBM has moved the goal posts effective December 1, 2018:

blank

1. Create Bluemix account here.

2. Confirm your registration by replying to email from IBM.

3. Login to Bluemix using your new credentials.

4. Agree to terms and conditions, name your organization, and name your space (STT).

5. Choose Watson Speech to Text service and click Create.

6. When Speech to Text-kb opens, click Service Credentials tab (on the left).

7. In Actions column, click View Credentials. Write down your username and password.

8. Logout by clicking on image icon in upper right corner of dialog window.

 

Install Voice Dialer with Incredible PBX for Wazo

1. Login to your server as root using SSH/Putty and issue the following commands:

cd /
wget http://incrediblepbx.com/ibmstt-411-wazo.tar.gz
tar zxvf ibmstt-411-wazo.tar.gz
rm -f ibmstt-411-wazo.tar.gz
sed -i '\\:// BEGIN Call by Name:,\\:// END Call by Name:d' /etc/asterisk/extensions_extra.d/xivo-extrafeatures.conf
sed -i '/\\[xivo-extrafeatures\\]/r /tmp/411.txt' /etc/asterisk/extensions_extra.d/xivo-extrafeatures.conf
asterisk -rx "dialplan reload"

2. Edit /var/lib/asterisk/agi-bin/getnumber.sh and insert your IBM credentials from step #7 above into these variables:

API_USERNAME="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
API_PASSWORD="XXXXXXXXXXXX"

3. Save the file.

 

Install Voice Dialer on Other Incredible PBX Platforms

1. Login to your server as root using SSH/Putty and issue the following commands:

cd /
wget http://incrediblepbx.com/ibmstt-411.tar.gz
tar zxvf ibmstt-411.tar.gz
rm -f ibmstt-411.tar.gz
sed -i '\\:// BEGIN Call by Name:,\\:// END Call by Name:d' /etc/asterisk/extensions_custom.conf
sed -i '/\\[from-internal-custom\\]/r /tmp/411.txt' /etc/asterisk/extensions_custom.conf
asterisk -rx "dialplan reload"

2. Edit /var/lib/asterisk/agi-bin/getnumber.sh and insert your IBM credentials from step #7 above into these variables:

API_USERNAME="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
API_PASSWORD="XXXXXXXXXXXX"

3. Save the file.

 

Take Incredible Voice Dialer for a Test Drive

1. From an extension connected to your PBX, dial 411. When prompted for the name to call, say "Delta Airlines" or "American Airlines."

2. Quicker than you could actually dial the number, you’ll be connected.

 

Building Voice-Enabled Applications with Asterisk

All of our code is open source, GPL2 code so you’re more than welcome to use it, learn from it, and then build your own voice-enabled applications. Just abide by the terms of the license and share. When you review /var/lib/asterisk/agi-bin/getnumber.sh, you’ll see that it’s incredibly easy to change the backend database. Here’s the Wazo flavor of the script:

API_USERNAME="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
API_PASSWORD="XXXXXXXXXXXX"

thisfile="$1"

# sending the recording to IBM Watson for transcription
curl -k -u $API_USERNAME:$API_PASSWORD -X POST --limit-rate 40000 --header "Content-Type: audio/wav" --data-binary @/tmp/$thisfile.wav "https://stream.watsonplatform.net/speech-to-text/api/v1/recognize?continuous=true&model=en-US_NarrowbandModel" 1>/tmp/$thisfile.txt

# grabbing the text out of the IBM Watson response
msg=`cat /tmp/$thisfile.txt | grep transcript | cut -f 2 -d ":" | cut -f 2 -d '"' | sed 's| *$||' | sed -e "s/\b\(.\)/\u/g"`%

# passing text to MySQL (1st line) or SQLite3 (2nd line) for name lookup. answer is num2call.
#num2call=$(mysql -uroot -ppassw0rd asteridex -ss -N -e "SELECT user1.out FROM user1 where name LIKE '$msg'");
num2call=`/usr/bin/sqlite3 /var/lib/asterisk/agi-bin/asteridex.sqlite "select out from user1 where name LIKE '$msg'"`

# clearing out our temporary files
rm -f /tmp/$thisfile.*

# passing the results to the Asterisk dialplan
echo "SET VARIABLE PTY2CALL "\""$msg"\"""
echo "SET VARIABLE NUM2CALL "\""$num2call"\"""

# we're done with the AGI bash script so let's exit gracefully
exit 0

The Asterisk dialplan code could be modified for any number of applications. Here’s what it looks like on the Incredible PBX 13 platform. It’s slightly different with Wazo to accomodate their dialplan syntax.

;# // BEGIN Call by Name        
exten => 411,1,Answer
exten => 411,n,Playback(custom/411)
exten => 411,n,Set(RANDFILE=${RAND(8000,8599)})
exten => 411,n,Record(/tmp/${RANDFILE}.wav,3,10)
exten => 411,n,Playback(/tmp/${RANDFILE})
exten => 411,n,AGI(getnumber.sh,${RANDFILE})
exten => 411,n,NoOp(Party to call : ${PTY2CALL})
exten => 411,n,NoOp(Number to call: ${NUM2CALL})
exten => 411,n,Goto(outbound-allroutes,${NUM2CALL},1)
exten => 411,n,Hangup()
;# // END Call by Name        

There’s nothing magical about it. (1) It answers the call to 411. (2) It plays back a recording that prompts the user to say the name of the person or company to call. (3) It generates a random number to use for the filenames associated with the STT process. (4) It records the caller’s speech and saves it to the random filename as a .wav file which IBM STT can understand. (5) It passes the call to the AGI bash script to send the recording to IBM Watson and obtain the transcription and to pass the text to MySQL or SQLite3 to lookup the text in the AsteriDex database. (6) We display the called party’s name on the Asterisk CLI. (7) We display the called party’s phone number on the Asterisk CLI. (8) We place the call using the PBX’s default outbound route. (9) We hangup the call when it’s completed.

Published: Monday, October 9, 2017  


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Game Changer: Hooking Up Facebook with Incredible PBX

blank

There aren’t many VoIP discoveries that get us this excited about the future of telecom. But merging with 1.5 billion users plus Facebook’s enormous talent pool and technology resources is definitely something worthy of your attention. What a Facebook marriage with the VoIP platform could mean for the future of telecommunications is nothing short of earth-shattering. Few people still have home phones. Almost everyone has a Facebook account and a cellphone. If VoIP solutions for businesses fail to take those last two sentences into account, commercial PBX’s days are numbered… and it’s not a big number.

So why integrate Facebook Messenger into your PBX? The screenshot above says it all.

Think of the possibilities. Using Facebook Messenger on your smartphone or desktop PC, you could query a CRM database running on your VoIP server and instantly connect to anyone in the world by making a free call or sending a free text message. Using Facebook Messenger, you or any designated employee could receive instant alerts when a new voicemail or fax arrived on your PBX. Using Facebook Messenger, the Call Center possibilities are virtually endless as documented here. Using Facebook Messenger, you as an administrator could literally manage your entire fleet of PBXs from the convenience of your smartphone… anywhere in the world. While the Facebook Messenger platform does not independently support phone calls between its users today, it’s just a matter of time. Look at the name of the product. Is there any doubt where this project is headed given the fact that Apple already supports free calling with Facetime, Microsoft supports free calling with Skype, Google supports free calling with Google Voice, and Amazon supports free calling with its Echo platform?

Facebook integration is revolutionary in another way as well. It heralds the arrival of chatbots to do the heavy lifting for telecom businesses as well as system administrators. Just as ATMs revolutionized banking, chatbots are poised to do much the same thing for communications and Internet support. Down the road, we’ll document how to take advantage of this chatbot technology using Facebook Messenger.

We need to learn to walk before we can run. So today we’ve developed a Facebook webhooks integration project for Incredible PBX® that is perfect for administrators, whether you manage a home PBX or a dozen PBXs for an organization. We’ll get to some of the other possibilities in future articles. Setting this up is the best way we can think of to get your creative juices flowing to consider what’s possible and to identify where to go next. When we’re finished, you’ll have a Facebook Messenger platform from which you can issue any Linux® or Asterisk® command to your server. And, you’ll be able to send messages from your PBX to Facebook Messenger to identify any events you wish to monitor, whether it’s phone calls, or voicemails, or receipt of faxes, or even VoIP provider outages. In addition, you can even reroute calls by entering simple call forwarding commands in Messenger.

Before we get started, let’s get all of the legal stuff out of the way up front. WE PROVIDE OPEN SOURCE, GPL CODE TO OUR READERS AT NO COST. ALWAYS HAVE. ALWAYS WILL. THE TRADEOFF IS YOU MUST AGREE TO ACCEPT ALL RISKS INHERENT IN USING THE SOFTWARE, WHETHER THOSE RISKS ARE KNOWN OR UNKNOWN TO YOU OR TO US. THE SOFTWARE IS PROVIDED "AS IS" AND MAY BE USED AS DELIVERED, OR YOU MAY MODIFY IT TO MEET YOUR OWN NEEDS SUBJECT TO THE TERMS OF THE GPL 2 LICENSE AVAILABLE HERE. IF YOU ARE UNWILLING TO AGREE TO THESE TERMS AND CONDITIONS, STOP READING HERE AND MOVE ON TO SOME OTHER WEB SITE. OTHERWISE, LET’S BEGIN WHAT WE PROMISE WILL BE A TERRIFIC ADVENTURE.

Overview of Facebook Messenger Webhooks Project

Here is a thumbnail sketch of what we’ll be covering today. Once you get an SSL certificate installed for your server, the remaining steps are a walk in the park. When we’re finished, you’ll have a Facebook Messenger platform that is seamlessly integrated with your PBX. The current software release supports Incredible PBX 13 with CentOS 6, Incredible PBX for Issabel, and Incredible PBX for Wazo. Minor tweaking required for other Asterisk platforms.

  • SSL Certificate – Obtaining and installing an SSL certificate for your web server
  • Security – Locking down your server for safe, secure Facebook Messenger access
  • Incredible PBX Webhooks App – Installing the server-side webhooks software
  • Facebook Integration – Interconnecting Facebook Messenger and Incredible PBX
  • Outbound Call Setup – Configuring Incredible PBX to make outbound calls from FB
  • Incoming Call Alerts – Configuring Incredible PBX for FB Messenger call alerts
  • Webhooks Feature Set – Our tutorial covering all supported webhook commands
  • SMS Messaging – Configuring Incredible PBX for SMS Messaging support with FB
  • Webhooks Tips & Tricks – Adjusting our code to meet your own requirements

Obtaining and Installing an SSL Certificate

Believe it or not, the hardest part of today’s project was covered in last week’s Nerd Vittles tutorial. It walked you through obtaining and installing an SSL Certificate on any of the major Incredible PBX platforms. This gets your server configured to use secure and encrypted web communications via HTTPS which is both a Facebook requirement and a smart idea. There’s no need to read further until you get your server working properly with an SSL certificate because the Facebook integration component will fail until you get HTTPS access squared away. So start there and return here when you’re finished.

The Most Important Piece of the Puzzle: SECURITY

If you’ve been following Nerd Vittles over the years, you already know that our most important consideration with any PBX deployment is security. A PBX without a secure firewall is an invitation for an astronomical phone bill. Today’s setup assumes you already have deployed Incredible PBX with its Travelin’ Man 3 firewall that provides a whitelist of IP addresses that may access (or even see) your server. By definition, Facebook Messenger is a public platform available to everyone in the world. So how do we safely integrate it into your PBX while preserving the security of your server and its telecom resources? We do it in several ways. First, Facebook Messenger Webhooks are tied to a commercial Facebook page even though you don’t need a business in order to create the page. As the owner of that Facebook Page, you have to authorize users to access the page. DON’T! Make this a page that is solely dedicated to managing your PBX through Messenger. DO NOT USE THIS FACEBOOK PAGE AS THE PUBLIC FACE FOR YOUR BUSINESS! Also make certain that your Facebook credentials include a very secure password… as if the integrity of your PBX depended upon it. IT DOES! So long as you follow these guidelines, Facebook’s own security mechanisms will protect your PBX from intrusion. If this discussion makes you nervous, our last topic today will show you how to remove components from the code to eliminate any functionality you wish to turn off.

As configured, Facebook Messenger Webhooks won’t work at all with Incredible PBX because the firewall should block all web access to your server. This requires a change on the Incredible PBX for Wazo platform which we will cover momentarily. The way we will provide Facebook access is by adding the Facebook server IP addresses to the existing whitelist, and then we’ll run a bash script every night to keep the Facebook IP addresses current.

In the past, we opened TCP port 443 (HTTPS) to public access on the firewall with Incredible PBX for Wazo. Instead, we relied upon web server authentication for access to the Wazo, Telephone Reminders, and AsteriDex services. That needs to be changed before you interconnect with Facebook Messenger, and we’ll include that in the commands to whitelist the Facebook servers below.

1. To secure port 443 in your firewall, be sure that the port is not exposed in /etc/sysconfig/iptables (CentOS) or /etc/iptables/rules.v4 (Debian/Ubuntu/Raspbian). And then restart the Incredible PBX firewall.

sed -i 's|443|450|' /etc/sysconfig/iptables
sed -i 's|443|450|' /etc/iptables/rules.v4
iptables-restart

2. Verify your new configuration: iptables -nL. Search for 443 and make certain it is NOT in the whitelist.

3. Verify that the whois package is installed on your server by issuing the command: whois. If you get a file not found error, install the package using the top line for CentOS and the bottom line for Debian/Ubuntu/Raspbian:

yum install whois
apt-get install whois

4a. For Issabel and Incredible PBX 13, add to the end of /usr/local/sbin/iptables-restart these lines to whitelist the FB servers. Then restart the firewall: iptables-restart

whois -h whois.radb.net -- '-i origin AS32934' | grep ^route: | sed "s|route:     |/usr/sbin/iptables -A INPUT -s |" | sed "s|$| -p tcp -m tcp --dport 443 -j ACCEPT|" > /usr/local/sbin/iptables-facebook
chmod +x /usr/local/sbin/iptables-facebook
/usr/local/sbin/iptables-facebook

4b. For Incredible PBX for Wazo, add to end of /usr/local/sbin/iptables-restart these lines to whitelist the FB servers. Then restart the firewall: iptables-restart

whois -h whois.radb.net -- '-i origin AS32934' | grep ^route: | sed "s|route:     |/sbin/iptables -A INPUT -s |" | sed "s|$| -p tcp -m tcp --dport 443 -j ACCEPT|" > /usr/local/sbin/iptables-facebook
chmod +x /usr/local/sbin/iptables-facebook
/usr/local/sbin/iptables-facebook

5. Verify your new configuration: iptables -nL. You should see numerous whitelist entries for port 443 at the end of the listing.

6. Add the following command at the bottom of /etc/crontab to assure that the Facebook server IP addresses are kept current:

20 0 * * * root /usr/local/sbin/iptables-restart >/dev/null 2>&1

7a. For Issabel and Incredible PBX 13, create new web directory, set ownership/permissions to house the Facebook Messenger webhooks, and add a sample web page:

mkdir /var/www/html/fb
echo "Hello World" > /var/www/html/fb/index2.php
chown -R asterisk:asterisk /var/www/html/fb

7b. For Incredible PBX for Wazo, create web directory, set ownership/permissions to house the Facebook Messenger webhooks, and add a sample web page:

mkdir /var/www/html/fb
echo "Hello World" > /var/www/html/fb/index2.php
chown -R asterisk:www-data /var/www/html/fb
chmod -R 775 /var/www/html/fb

8a. For Issabel and Incredible PBX 13, no further configuration is required.

8b. For Incredible PBX for Wazo, we need to enable access to the fb web directory. Edit /etc/nginx/locations/https-available/01_incrediblepbx:

At the top of the file, add the following:

location ~* ^/fb/. *\(?:ico|css|js|gif|jpe?g|png)${
 root /var/www/html;
}

At the bottom of the file, add the following:

location ~ /fb/ {
 root /var/www/html;
 index index.php;
 try_files $uri $uri/ =404;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fasstcgi_index index.php;
 include fastcgi_params;
 fastcgi_pass unix:/var/run/php5-fpm.sock;
}

Finally, restart the NGINX web server: service nginx restart

9. Using a browser, verify access to sample page: https://SERVER-FQDN/fb/index2.php

Installing Incredible PBX Webhooks Application

Now it’s time to install the Incredible PBX webhooks application on your PBX:

cd /var/www/html/fb
wget http://incrediblepbx.com/incrediblewebhooks.tar.gz
tar zxvf incrediblewebhooks.tar.gz
rm incrediblewebhooks.tar.gz

For Issabel and Incredible PBX 13, adjust the file ownership and permissions like this:

chown -R asterisk:asterisk /var/www/html/fb
chmod -R 775 /var/www/html/fb

For Incredible PBX for Wazo, adjust the file ownership and permissions like this:

chown -R asterisk:www-data /var/www/html/fb
chmod -R 775 /var/www/html/fb

Hooking Up with Facebook

1. Visit the Facebook Developer’s Page and click Add a New App. Give your app a Display Name and provide your Contact Email. Match the letters in the box to get past the Security Check to display the Facebook Product List.

2. When the Facebook Product List appears, click Messenger and choose Setup.

3. In the Token Generation section, click Create a new Facebook Business Page to open a separate browser tab. Do NOT use a page that you use for other purposes! Company, Organization, or Institution is a good choice because there’s a Telecom Company category. Give your new page a Descriptive Name: incrediblepbx-podunk.

4. Return to your Token Generation browser tab and Select the Page you just created from the pull-down list (see Token Generation section of image below). Click Continue and OK to accept the default settings. Facebook then will generate a Page Access Token.

5. Copy the Page Access Token to your clipboard and paste it into the $access_token variable in the config.inc.php template in /var/www/html/fb. Write it down and keep it in a safe place. You’ll always need it to create new webhooks applications. This is the important link to talk to your Facebook Webhooks.

6. In the Webhooks section, click Setup Webhooks. In the Page Subscription form, enter the callback URL for your page. This is the https address to access your Facebook directory with a browser, e.g. https://YOUR-FQDN/fb. Make up a very secure Verify Token and enter it on the form and in the $verify_token variable in the config.inc.php template. This is the code Facebook will send to initially shake hands with your web page. The two entries must match to successfully set up your webhooks linkage. For Subscription Fields, check the Messages box. Then click Verify and Save. If it worked, you’ll get a Complete checkmark in the Webhooks section (see below). The last step is to again Select your Page in the Webhooks section to interconnect Facebook with your PBX. After choosing your page, be sure to click Subscribe or nothing will work. Here’s what a successful setup looks like:

blank

7. To test things out, open Facebook Messenger on a desktop PC, Mac, or smartphone. Search Messenger for the Facebook page you linked to in the previous step. Then click on it to open it. Type howdy in the Message Box at the bottom of the dialog and click Send.

8. You should get an automated response that looks like this:

Hi there and welcome to BotWorld. SenderID:  13824822489535983

9. Copy the SenderID and paste it into cli-message.php together with Page Access Token from step #5, above.

Outbound Call Setup for Facebook Messenger

Outbound calling with Facebook Messenger works like this. You can connect to a specific number using the dial command. Or you can use the call command to look up an entry in your AsteriDex database. Messenger then will display the matching phone number and give you the option of placing the call. When the call is initiated, Incredible PBX will first call your designated CALL-PICKUP-NUMBER. It could be an extension or ring group of your choice. You could even specify a mobile phone number as the pickup destination provided your PBX supports at least two simultaneous outbound calls. Google Voice and many SIP providers can handle this with a single DID. Our personal preference is to route the pickup call to a trunk on a 3CX server which then sends the call to every 3CX client registered with the 3CX server. No NAT issues ever! Once you pick up the call on your designated phone, Incredible PBX will place the second call to the number you requested in Facebook Messenger. The two calls then are connected as if you had placed the call directly. The brief video below demonstrates how this works and the flexibility of using Acer’s $250 Chromebook Flip with Messenger and a 3CX client as a (free) WiFi-based web communications platform with Google Voice. It lets you place and take calls from anywhere in the world so long as you have Wi-Fi access. It’s a dirt cheap travel companion.




To make all of this work, you need to designate a phone in /var/www/html/fb/.cli-call to take outbound calls initiated from Facebook Messenger. This is either an extension number or a 10-digit CALL-PICKUP-NUMBER in the examples below. To set this up, edit .cli-call and choose one of the following examples. Comment out the other Channel options.

For Issabel and Incredible PBX 13, choose from the following:

#echo "Channel: SIP/701" > /tmp/cli.call
#echo "Channel: SIP/vitel-outbound/1CALL-PICKUP-NUMBER" > /tmp/cli-call
echo "Channel: Motif/gSOME-GV-NAMEgmailcom/1CALL-PICKUP-NUMBER@voice.google.com" > /tmp/cli.call

For Incredible PBX for Wazo, choose from the following:

echo "Channel: Local/701@default" > /tmp/cli.call
#echo "Channel: Local/CALL-PICKUP-NUMBER@default" > /tmp/cli.call

Incoming Call Alerts with Facebook Messenger

If you’ve always wished for screenpops to announce your incoming calls, you’re going to drool at the FB Messenger Webhooks implementation with Incredible PBX. It works (simultaneously) on desktop PCs, Macs, iPhones/iPads, Android devices, and Apple Watch:

blank

To set up incoming call alerts with Facebook Messenger, just issue the commands for your platform as outlined below.

For Incredible PBX 13, add the following to the end of extensions_override_freepbx.conf in /etc/asterisk directory. Then reload Asterisk dialplan: asterisk -rx "dialplan reload"

[cidlookup]
include => cidlookup-custom
exten => cidlookup_1,1,Set(CURLOPT(httptimeout)=7)
exten => cidlookup_1,n,Set(CALLERID(name)=${CURL(https://api.opencnam.com/v2/phone/${CALLERID(num)}?format=pbx&ref=freepbx)})
exten => cidlookup_1,n,Set(current_hour=${STRFTIME(,,%Y-%m-%d %H)})
exten => cidlookup_1,n,Set(last_query_hour=${DB(cidlookup/opencnam_last_query_hour)})
exten => cidlookup_1,n,Set(total_hourly_queries=${DB(cidlookup/opencnam_total_hourly_queries)})
exten => cidlookup_1,n,ExecIf($["${last_query_hour}" != "${current_hour}"]?Set(DB(cidlookup/opencnam_total_hourly_queries)=0))
exten => cidlookup_1,n,ExecIf($["${total_hourly_queries}" = ""]?Set(DB(cidlookup/opencnam_total_hourly_queries)=0))
exten => cidlookup_1,n,Set(DB(cidlookup/opencnam_total_hourly_queries)=${MATH(${DB(cidlookup/opencnam_total_hourly_queries)}+1,i)})
exten => cidlookup_1,n,ExecIf($[${DB(cidlookup/opencnam_total_hourly_queries)} >= 60]?System(${ASTVARLIBDIR}/bin/opencnam-alert.php))
exten => cidlookup_1,n,Set(DB(cidlookup/opencnam_last_query_hour)=${current_hour})
exten => cidlookup_1,n,System(/usr/bin/php /var/www/html/fb/cli-message.php "Incoming call: ${CALLERID(number)} - ${CALLERID(name)}.")
exten => cidlookup_1,n,Return()

exten => cidlookup_return,1,ExecIf($["${DB(cidname/${CALLERID(num)})}" != ""]?Set(CALLERID(name)=${DB(cidname/${CALLERID(num)})}))
exten => cidlookup_return,n,Return()

;--== end of [cidlookup] ==--;

For Incredible PBX for Issabel, add this to the end of extensions_override_issabel.conf in /etc/asterisk directory. Then reload Asterisk dialplan: asterisk -rx "dialplan reload"

[cidlookup]
include => cidlookup-custom
exten => cidlookup_5,1,Set(CURLOPT(httptimeout)=7)
exten => cidlookup_5,n,Set(CALLERID(name)=${CURL(https://api.opencnam.com/v2/phone/${CALLERID(num)}?format=pbx&ref=issabelpbx)})
exten => cidlookup_5,n,Set(current_hour=${STRFTIME(,,%Y-%m-%d %H)})
exten => cidlookup_5,n,Set(last_query_hour=${DB(cidlookup/opencnam_last_query_hour)})
exten => cidlookup_5,n,Set(total_hourly_queries=${DB(cidlookup/opencnam_total_hourly_queries)})
exten => cidlookup_5,n,ExecIf($["${last_query_hour}" != "${current_hour}"]?Set(DB(cidlookup/opencnam_total_hourly_queries)=0))
exten => cidlookup_5,n,ExecIf($["${total_hourly_queries}" = ""]?Set(DB(cidlookup/opencnam_total_hourly_queries)=0))
exten => cidlookup_5,n,Set(DB(cidlookup/opencnam_total_hourly_queries)=${MATH(${DB(cidlookup/opencnam_total_hourly_queries)}+1,i)})
exten => cidlookup_5,n,ExecIf($[${DB(cidlookup/opencnam_total_hourly_queries)} >= 60]?System(${ASTVARLIBDIR}/bin/opencnam-alert.php))
exten => cidlookup_5,n,Set(DB(cidlookup/opencnam_last_query_hour)=${current_hour})
exten => cidlookup_5,n,System(/usr/bin/php /var/www/html/fb/cli-message.php "Incoming call: ${CALLERID(number)} - ${CALLERID(name)}.")
exten => cidlookup_5,n,Return()

exten => cidlookup_return,1,ExecIf($["${DB(cidname/${CALLERID(num)})}" != ""]?Set(CALLERID(name)=${DB(cidname/${CALLERID(num)})}))
exten => cidlookup_return,n,Return()

;--== end of [cidlookup] ==--;

For Incredible PBX for Wazo, edit /etc/asterisk/extensions_extra.d/cid-superfecta.conf. In the [xivo-subrgbl-did] context just below the n(keepon),Gosub(cid-superfecta,s,1) line, insert the following. Then reload the Asterisk dialplan: asterisk -rx "dialplan reload"

same = n,System(/usr/bin/php /var/www/html/fb/cli-message.php "Incoming call: ${XIVO_SRCNUM} - ${CALLERID(name)}.")

Incredible PBX Webhooks Feature Set

Now that we’ve got all the pieces in place and properly configured, let’s briefly walk through the various options that are available. With all commands, you use Facebook Messenger with your designated web page on any platform supported by Messenger.

dial 8005551212 – connects to designated extension and then calls 8005551212
call Delta – looks up Delta in AsteriDex and provides button to place the call
lookup Delta – looks up Delta in AsteriDex and provides button to place the call
!command – executes a Linux command, e.g. !asterisk -rx "sip show registry"
howdy – returns greeting and SENDER ID of your FB page (Hookup, item #9)
help – provides links to phone help as well as PIAF and Asterisk forums
sms 10-digit-SMS-number "Some message" – sends SMS message through GV
update – updates Messenger platform for Incredible PBX to the latest & greatest
anything else – returns whatever you typed as a response (for now)

Configuring Incredible PBX for SMS Messaging

We’ve implemented a traditional SMS messaging function in this build that let’s you send an SMS message to any phone if you have a Google Voice account and assuming you have pygooglevoice functioning properly on your PBX. The Google Voice account need not be registered as a trunk on the PBX. To use the feature, insert your Google Voice credentials including your plain-text password for a working Google Voice account in /var/www/html/fb/.smssend. Then test the SMS functionality by issuing the following command from the Linux CLI:

/var/www/html/fb/.smssend 10-DIGIT-SMS-NUMBER "Hello SMS World"

blank

If an error occurs, the script will tell you what to try to fix it. Begin by Enabling Less Secure Apps. Then follow this link to relax Google Voice security on your account. If it still fails after trying both of these methods, you may have an old build of pygooglevoice. Here are the commands to bring your system up to current specs. Then try again.

cd /root
rm -r pygooglevoice
git clone https://github.com/wardmundy/pygooglevoice.git
cd pygooglevoice
python setup.py install
cp -p bin/gvoice /usr/bin/.

Once you’ve sent an SMS message successfully using .smssend, you can start sending SMS messages from within Messenger. Syntax: sms 10-digit-SMS-number "Some message"

Incredible PBX Webhooks Tips & Tricks

There’s lots to learn with Facebook Messenger Webhooks. When we started two weeks ago, there were no PHP resources on the web that offered much help. Lucky for you, our pain is your gain. The meat of the coconut is primarily stored in the index.php in your fb directory. Print it out and it will tell you everything you ever wanted to know about coding webhooks with PHP.

Disabling Shell Access. While shell access only provides asterisk or www-data permissions depending upon your platform, we’ve nevertheless heard from more than one source exclaiming what a dumb idea it is to put a webhooks shell command out in the wild. We trust our readers to use it responsibly and to always place it behind a firewall with public access to TCP port 443 blocked. If that design and the Facebook security mechanisms still leave you queasy, the short answer is to remove that block of code on your server or change the access code from ! to something much more obscure, e.g. YuKFoo!. This is easy to do but just be aware that if you change the access code or even remove the block of code, running the update command to load the latest release from Incredible PBX Headquarters will overwrite your changes. So it’s probably a better idea to rename the update command (line 248) as well so you don’t accidentally run it. You’ll find the shell command block of code beginning at line 64 in the 170928 version. If you change the access code to a different string, remember to change the substring "1″ reference in that line and the subsequent line to the actual length of your access code, e.g. YukFoo! is seven characters long so the number 1 would be replaced with 7 in BOTH lines 64 and 65.

Other Security Measures. We don’t trust anybody (and that includes Facebook) when it comes to accessing resources from our paid VoIP providers. We would encourage you to run this application on a dedicated Incredible PBX in the Cloud server that has only a single Google Voice trunk with no funds balance in that particular Google account. In this way, if your server is compromised, the worst thing that can happen is your Google account gets compromised or some stranger makes U.S. and Canadian calls without financial cost to you. Now that Cloud servers are available for less than $2 a month, it makes good sense to separate out applications that pose heightened security issues for you and yours. If you do decide to use a SIP provider rather than a Google Voice trunk, we strongly recommend restricting international calls and keeping a minimal balance in your account with no automatic replenishment enabled.

Getting Rid of Lenny. The help command included in the feature set provided is more of a traditional web page with buttons simulating hot links. We’ve included a nifty telephone option in the help features. It let’s you embed a phone number that is called using client-side integration whenever help is entered and the "Talk to Lenny" option is clicked:

blank

What client-side integration means is the calls use any dialer available on the Messenger client’s platform. They are not sent to your PBX for processing. On a Mac or iPhone, Facetime provides free calls. On Windows, Skype provides paid calls. On Android devices, the Google Hangouts Dialer provides free calls. Facebook basically passes tel: +18005551212 to the client’s browser, and it’s up to the client’s browser to figure out how to process the call. We currently have the feature configured to "Talk to Lenny," but you could change it to Phone Home or Call the Office and enter your own phone number. Here are the commands to do it. Just replace "Phone Home" in the first command below with whatever label desired. Replace "8005551212″ in the second line with the number to be called. Leave the other Lenny entry and phone number as they are since they will be overwritten by these two commands. As noted above, your modifications will be overwritten whenever you execute the update command.

sed -i 's|Talk to Lenny|Phone Home|' /var/www/html/fb/index.php
sed -i 's|8436060444|8005551212|' /var/www/html/fb/index.php

Enhanced Calling Option. Beginning with the October 1 update which you can obtain by entering the update command in Messenger, you now have two calling options on some smartphone platforms. The call command still triggers an AsteriDex lookup on your PBX. But now you have a choice in how to place the call. (1) You can click the dial button to place the outbound call through your PBX, or (2) you can click on the retrieved phone number link to place the outbound call using the client-side resource available on your Messenger platform, e.g. Facetime, Skype, or Google Hangouts. In some circumstances, the client-side call may be preferable since it avoids the two-step calling procedure used by Asterisk. The choice is yours and may depend upon the availability and cost of the client-side call when placed from your calling location.

blank

Special Thanks. Our special hat tip to Scott T. Tabor (@ABSGINC) for his pioneering work on Facebook Webhooks. You can visit the PIAF Forum and Scott’s blog to review how far we have come in just two weeks. Thanks, Scott.

Published: Monday, October 2, 2017  


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

VoIP Security: Installing SSL Certificates with Incredible PBX

blank

We’ve got some revolutionary VoIP projects coming your way over the next several weeks, but I’m sorry to say the hardest part of them is getting your server configured to use secure and encrypted web communications via HTTPS. This is quickly becoming a universal requirement of most of the major technology players. So what might not be the most glamorous VoIP topic for a Monday morning is not only necessary but long overdue. The good news is that obtaining, installing, configuring, and maintaining an SSL certificate for your VoIP server is not the royal pain that it once was. And, by this time next week, you’ll be glad you went through the exercise. Thankfully, the EFF’s Certbot project is available to assist in installing free certificates from Let’s Encrypt.

Before we begin, here’s a word to the wise. You will save yourself a thousand headaches by deploying your Incredible PBX server in the cloud where you get a dedicated IP address and can easily assign a fully-qualified domain name (FQDN) to your server. Options now are available for as little as $1.50 to $3.50/month including Vultr which provides an incredibly reliable platform in many cities for as little as $2.50 a month. And another 50¢ buys you weekly image backups without lifting a finger. They can be restored with one click! If reliability and redundancy matter, you can’t beat Vultr’s price or the feature set, and we have tutorials to get you started with either Wazo or Issabel. If cost is your sole criteria, you can’t beat WootHosting at $1.50 a month. You’ll find a tutorial here. If performance is critical, you can’t beat OVH at $3.50/month with a Wazo tutorial here and an Issabel tutorial here. Finally, if you’re technically challenged, our corporate sponsor, RentPBX, will do all of the cloud migration for you and provide a turnkey, high performance VoIP platform for just $15/month. So what are you waiting for? Now’s the time. No excuses! It’s not going to get any cheaper or more reliable. And next week you’ll be thanking us. For these reasons, we’re saying goodbye our home-based servers sitting behind NAT-based firewalls. With the projects coming down the pike, the mountain is just too steep to continue that trek unless you have the technical expertise to pull it off yourself.

Obtaining and Installing an SSL Certificate

For CentOS 6 running Incredible PBX 13 or CentOS 7 running Incredible PBX for Issabel 4, begin by making certain that you can access your site using its FQDN with HTTP, e.g. http://myserver.mydomain.org. Get that working first. Next, log into your server as root using SSH/Putty and issue the following commands:

yum -y install python-devel python-pip python-setuptools python-virtualenv --enablerepo=epel
yum -y install centos-release-scl
yum -y install python27
scl enable python27 bash
pip -V # should show python 2.7
pip install --upgrade pip
pip install requests registry urllib3 pyOpenSSL --force --upgrade
pip install certbot-apache --force --upgrade
cd /root
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
service iptables stop
./certbot-auto --authenticator webroot --installer apache -w /var/www/html -d FQDN.here
iptables-restart
service httpd restart
exit

During the automated setup, you can decide whether to force all web traffic to the secure site. We recommend it. Once the install finishes, test access to your server by going to your FQDN using HTTPS. Don’t continue with the setup until you get HTTPS working and your browser shows you have a SECURE site! Remember that you must renew your free certificate every 90 days by using the following /root/certbot-update script:

#!/bin/bash
echo "Before you begin, type: scl enable python27 bash"
echo "Then rerun this update script and press ENTER."
read -p "If you already have done so, press Enter. Otherwise, Ctrl-C now"
service iptables stop
./certbot-auto --authenticator webroot --installer apache -w /var/www/html -d FQDN.here
iptables-restart
echo "Type exit when this script completes."
exit

For Debian 8 running Incredible PBX for Wazo, things are a bit more complicated because Wazo forces HTTPS access even though you do not yet have a certificate for your FQDN. Because of its NGINX web server platform, with Wazo you’ll have to manually install and configure certificates with certbot and LetsEncrypt. The silver lining with Wazo is HTTPS access gets you a WebRTC phone with a couple button clicks. Go to this link, click on the Config wheel (bottom right), click on the Pencil icon and plug in the FQDN of your server. Click SAVE. Enter your login name as 701 and the password assigned to the extension which you can obtain by running: /root/show-701-pw. That’s probably the quickest phone setup you’ll ever find. But we’re getting ahead of ourselves…

1. Let’s get certbot installed. Login to your server as root using SSH or Putty and issue the following commands:

cd /etc/apt
echo "deb http://ftp.debian.org/debian jessie-backports main" >>  sources.list
apt-get update
apt-get install certbot -t jessie-backports

2. Temporarily, turn off HTTPS since the certificate install requires HTTP access. In /etc/nginx/sites-enabled/xivo, comment out these 3 lines and save the updated file:

In server section for port 80:
 #   include /etc/nginx/locations/http-enabled/*;
In server section for port 443:
 #   listen 443 default_server;
 #   server_name $domain;

Then restart the web server: /etc/init.d/nginx restart. Now you have a basic http web server. If you want to verify that it’s working, use a browser and go to http://YOUR-FQDN/asteridex4/index.php. It should download the file to your desktop which isn’t desirable, but this is only temporary.

3. In /var/www/html, issue the following commands:

cd /var/www/html
mkdir .well-known
cd .well-known
mkdir acme-challenge
cd acme-challenge
chown -R asterisk:www-data /var/www/html/.well-known

Leave this SSH/Putty session running temporarily and open a second SSH/Putty connection to your server logging in as root.

4. Disable your firewall temporarily: /etc/init.d/netfilter-persistent flush

5. Start the certbot installation script: certbot certonly –manual

6. You’ll be prompted for the FQDN of your server to generate the certificates. Then you’ll be given an oddball name AND an expected oddball response. With these two entries in hand, temporarily switch back to your other SSH session and issue these commands while positioned in /var/www/html/.well-known/acme-challenge:

mkdir ODDBALL-NAME
cd ODDBALL-NAME
echo "ODDBALL-RESPONSE > index.html"
chown -R asterisk:www-data /var/www/html/.well-known

7. Use a browser to (quickly) go to http://YOUR-FQDN/.well-known/acme-challenge/ODDBALL-NAME/ and be sure your web server displays the expected ODDBALL-RESPONSE. You’ve got to get this working before you continue with the certbot install or it will fail. You only have a few minutes to do this before certbot will change the ODDBALL-NAME and ODDBALL-RESPONSE credentials. 3 consecutive failures and you have to wait an hour to try again. Guess how we know?

8. Once you get the expected response, switch back to your SSH session running the certbot installer and press ENTER to continue with the certificate install. When it completes, you’ll get a congratulatory note and a reminder that, in less than 90 days, you’ll need to run certbot renew to update your certificate.

9. Install the new certificates in NGINX and put things back together again:

cd /etc/nginx/sites-enabled
nano -w xivo

10. Begin by removing the 3 # signs that we inserted to get HTTP working in step #2.

11. Near the bottom of the file, comment out these existing certificate lines:

#    ssl_certificate /usr/share/xivo-certs/server.crt;
#    ssl_certificate_key /usr/share/xivo-certs/server.key;
#    ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:!SEED:+HIGH:+MEDIUM;

12. Add the following new lines just below the lines you commented out. Be sure to replace YOUR.FQDN in each line with the actual FQDN of your server:

    ssl_certificate /etc/letsencrypt/live/YOUR.FQDN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/YOUR.FQDN/privkey.pem;
    ssl_ciphers HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA;

13. Save the file and then restart your firewall and NGINX:

iptables-restart
/etc/init.d/nginx restart

14. Edit /etc/apt/sources.list and comment out the jessie-backports line from step #1.

15. Reload your aptitude sources: apt-get update

16. Remember that you must renew your free certificate every 90 days by issuing this command: certbot renew --quiet.

Better yet, issue the following command to set up a cron job to auto-renew your certificate every week:

echo "5 3 * * 0 root /usr/bin/certbot renew --quiet > /dev/null 2>&1" >> /etc/crontab

17. Test things out with a web browser by visiting your FQDN. Your browser should now show the site as SECURE.

18. Now try out that new WebRTC phone.

Published: Monday, September 25, 2017  


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Twofer Tuesday: Incredible PBX 13 to the Rescue

blank

With the Digium announcement last week that four and a half year’s worth of Asterisk® servers were vulnerable to the RTP eavesdropping bug, it prompted us to dust off our Incredible PBX® 13 for CentOS build and bring it up to current specs including the Digium patch for RTPbleed. And then along came Hurricane Issabel to remind us that sh*t happens, and it pays to have a backup plan for your telecommunications infrastructure. So today we’re pleased to introduce two new Asterisk solutions: a cloud-based server for $1 a month and a VirtualBox image that will run on any Windows or Mac computer. We would stress that these should be part of a comprehensive backup plan and may not be suitable to implement as your primary communications platform. But, for those impacted by Harvey’s or Issabel’s devastation, either of today’s solutions will get you a very stable PBX platform as soon as you have Internet or cellular connectivity.

Cloud Hosting for $1/month in NYC, Miami or LA

For today’s emergency cloud platform, we’ve chosen WootHosting which provides a rock-solid VPS in your choice of locations starting at $12 a year. That buys you the following:

2 CPU Core Allocations
1024MB Dedicated RAM
1024MB vSwap
50GB Secured Disk Space
3000GB Premium Bandwidth
1 IPv4 Address
100Mbps Port Speed

Choose New York Grand Opening Specials under the left tab. You still get your choice of cities for the $12/year VPS! Just configure the VPS as a CentOS 6, 64-bit platform. Login to the server as root using SSH or Putty and issue these commands:

setenforce 0
yum -y install net-tools nano wget tar
yum -y upgrade --skip-broken
wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz
tar zxvf incrediblepbx*
./create-swapfile-DO
./IncrediblePBX*

On some platforms (not WootHosting’s VPS), your server may automatically reboot midway through the install. On these platforms, log back in as root and run the installer a second time to complete the install:

./IncrediblePBX*

After restarting the server at the conclusion of the install, log back in as root and perform the following steps to complete your setup:

Make your root password very secure: passwd
Create admin password for GUI access: /root/admin-pw-change
Set your correct time zone: /root/timezone-setup
Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin
Make a copy of your Knock codes: cat /root/knock.FAQ
Decipher your Reminders password: cat /root/reminders.FAQ
Insert OPTIONS="-i venet0:0" in /etc/sysconfig/knockd
Decipher IP address and other info about your server: status

Your server will be up and running in about an hour. Remember, we are compiling all of the components including Asterisk from source which means customization and updates are easy. Continue your adventure by following our previous tutorial.

Incredible PBX 13 with VirtualBox in Under 5 Minutes

If you’re in a time crunch or prefer to set up a PBX locally, there is no better solution than VirtualBox. It runs on any desktop PC, Mac, Linux or Solaris machine, and the new Incredible PBX 13 image for VirtualBox can be installed and configured in under 5 minutes. With a single button click, you can backup your entire PBX in a couple of minutes and save it for a rainy day.

Today’s release is built atop the CentOS 6.9 platform and features the latest release of Asterisk 13 and a terrific collection of GPL modules from FreePBX® 12. Think of Incredible PBX as the glue stick that assembles all the necessary VoIP components and holds them together seamlessly. As with all Incredible PBX builds, you also get the full complement of goodies including dozens of text-to-speech apps, voice recognition and dialing, SMS messaging, Google Voice and free fax support, reminders and wakeup calls, and SECURITY!

Is VirtualBox merely a sandbox for experimentation? Absolutely not. With any of the beefier desktop computers available today, running Incredible PBX as a 24/7 VirtualBox image is every bit as feature rich with stellar performance that’s equivalent to using dedicated hardware. And there are some added advantages. Obviously, deploying a turnkey VoIP platform in under 5 minutes is a major plus. But, unlike using a dedicated Linux platform, you also get the ability to take snapshots of your system and do full backups in minutes instead of the hours required to bring down dedicated hardware, load a different backup application using a different operating system, perform a backup, and then reboot your VoIP server. And your backups won’t just run on the one server on which the backup was performed. You can restore the backup to any other computer that can run VirtualBox. For any of you that came from a network management background, you know what a big deal that really is. And there’s one more bonus. With Incredible Backup and Restore, you can move your image to dedicated hardware running the same operating system with Asterisk 13 and the same GUI platform in minutes.

Are there security compromises using the VirtualBox platform? Not at all. Incredible PBX still comes preconfigured with the Linux IPtables firewall that is locked down to a whitelist of local area networks, preferred providers, and your own IP addresses. You can expand the whitelist using the add-ip and add-fqdn scripts or use PortKnocker and Travelin’ Man 4 tools to let remote users gain instant access.

Getting Started with VirtualBox. Step #1 today is to download one or more of the 64-bit VirtualBox installers from VirtualBox.org or Oracle.com. Our recommendation is to put all of the 100MB installers on a 4GB thumb drive.1 Then you’ll have everything in one place whenever and wherever you happen to need it. Once you’ve downloaded the software, simply install it onto your favorite desktop machine. Accept all of the default settings, and you’ll be good to go. And here’s a link to the latest Oracle VM VirtualBox User Manual.

Downloading the Incredible PBX 13 Virtual Machine. A word of warning on the front end. The new Incredible PBX image featuring Asterisk 13 for VirtualBox is huge, about 2.3GB! Download the image from SourceForge onto your desktop by clicking here.

Importing Incredible PBX 13 into VirtualBox. Double-click on the .ova file you downloaded to begin the import procedure and load it into VirtualBox. When prompted, be sure to check the Reinitialize the Mac address of all network cards box and then click the Import button. Once the import is finished, you’ll see a new Incredible PBX 13 for CentOS 6.9 virtual machine in your VM List on the VirtualBox Manager Window. We need to make a couple of one-time adjustments to the Incredible PBX VM configuration to account for differences in sound and network cards on different host machines.

Click on the Incredible PBX Virtual Machine in the VM List. Then click Settings -> Audio. Verify that Enable Audio option is checked and choose your sound card. Then click OK. Next click Settings -> Network. For Adapter 1, be sure the Enable Network Adapter option is checked. From the Attached to pull-down menu, choose Bridged Adapter. Then select your network card from the Name list. Then click OK. That’s all the configuration that is necessary for your Incredible PBX Virtual Machine.

Running Incredible PBX 13 on VirtualBox. Once you’ve imported and configured the Incredible PBX Virtual Machine, you’re ready to go. Highlight Incredible PBX 13 for CentOS 6.9 Virtual Machine in the VM List on the VirtualBox Manager Window and click the Start button. The CentOS 6.9 boot procedure will begin just as if you had installed Incredible PBX on a standalone machine. You’ll see a couple of dialogue boxes pop up that explain the keystrokes to move back and forth between your host operating system desktop and your virtual machine. Remember, you still have full access to your desktop computer. Incredible PBX is merely running as a task in a VirtualBox window. Always gracefully halt Incredible PBX just as you would on a dedicated computer.

Here’s what you need to know. To work in the Incredible PBX Virtual Machine, just left-click your mouse while it is positioned inside the VM window. To return to your host operating system desktop, press the right Option key on Windows machines or the left Command key on any Mac. For other operating systems, read the dialogue boxes for instructions on moving around. To access the Linux CLI, login as root with the default password: password.

When logging in for the first time, Incredible PBX will go through some setup steps and then reboot. Login again to complete the setup. status will always provide a snapshot of your system. To shut down Incredible PBX gracefully, click in the VM window with your mouse, log in as root, and type: halt. Be sure to complete the following setup steps from the Linux CLI:

  • Change your root password: passwd
  • Set your FreePBX admin password: /root/admin-pw-change
  • Set your web apps admin password: htpasswd /etc/pbx/wwwpasswd admin
  • Set your correct time zone: /root/timezone-setup
  • Add WhiteList entries to firewall if needed: /root/add-ip or /root/add-fqdn
  • Store PortKnocker credentials in a safe place: cat /root/knock.FAQ
  • Decipher your Reminders password: cat /root/reminders.FAQ
  • Login to your NeoRouter VPN server if desired: /root/nrclientcmd

To access the Incredible PBX GUI with a browser, point to the IP address of your virtual machine and login as admin with admin password set above. We recommend that you log in to the Linux CLI as root at least once a week so that Incredible PBX updates get applied to your server regularly. This is critically important if you care about your phone bill. Enjoy!

Published: Tuesday, September 12, 2017  


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

RTPbleed Security Alert: Asterisk Calls Can Be Intercepted

blank

If you’ve installed Asterisk® during the past 4½ years, your server has a MAJOR security problem. If you didn’t already know, with Asterisk, your VoIP conversations actually are carried over a random UDP port using the Real Time Protocol (RTP), not the SIP port (UDP 5060) which handles the setup and teardown of your VoIP connections. It turns out that, since March 2013, all of that RTP traffic and thus your conversations could be intercepted and redirected by anyone on the Internet. As this recent article in The Register noted:

The problem occurs when [communications] systems like IP telephony have to get past network address translation (NAT) firewalls. The traffic has to find its way from the firewall’s public IP address to the internal address of the device or server, and to do that, RTP learns the IP and port addresses to associate with a call.

The problem is, the process doesn’t use any kind of authentication.

This is exacerbated by the fact that, by default, Asterisk and FreePBX® traditionally use the NAT=yes setting (whether needed or not) to enable this navigational magic just in case your calls need it. Without it, you may end up with no audio or one-way audio on your calls. Traditional wisdom was that an attacker needed to be positioned between the caller and the Asterisk server in order to intercept this media stream. As luck would have it, it turns out the man in the middle didn’t need to be in the middle after all. He could be anywhere on the Internet. The old adage to talk on the phone as if someone else were listening turns out to have been pretty good advice in the case of Asterisk communications. Even if you had a firewall, chances are you protected UDP port 5060 while exposing and forwarding UDP 10000-20000 to Asterisk without any safeguards.

According to last week’s Asterisk advisory, “To exploit this issue, an attacker needs to send RTP packets to the Asterisk server on one of the ports allocated to receive RTP. When the target is vulnerable, the RTP proxy responds back to the attacker with RTP packets relayed from the other party. The payload of the RTP packets can then be decoded into audio.” Specifically, if UDP ports 10000-20000 are publicly exposed to the Internet, anybody and everybody can intercept your communications without credentials of any kind. WOW!

So, there’s a patch to fix this, right? Well, not exactly:

Note that as for the time of writing, the official Asterisk fix is vulnerable to a race condition. An attacker may continuously spray an Asterisk server with RTP packets. This allows the attacker to send RTP within those first few packets and still exploit this vulnerability.

The other recommended "solutions" aren’t much better:

  • When possible the nat=yes option should be avoided
  • To protect against RTP injection, encrypt media streams with SRTP
  • Add config option for SIP peers to prioritize RTP packets

The nat=no option doesn’t work if you or your provider employs NAT-based routers. The SRTP option only works on more recent releases of Asterisk, and it also requires SRTP support on every SIP phone. Prioritizing RTP packets is not a task for mere mortals.

Surprisingly, the one solution that is not even mentioned is hardening your firewall to block incoming UDP 10000-20000 traffic that originates outside your server. Our recognized SIP expert on the PIAF Forum had the simple solution. Bill Simon observed:

If the SDP in the INVITE or subsequent re-INVITE contains routable IP addresses, then use them for media. If the SDP contains non-routable IP addresses, then the client is behind a NAT and not using any NAT traversal techniques like SIP ALG, ICE/STUN, so send to the originating IP. Why are we making allowances here for media to come from anywhere? I think you can probably clamp down your firewall as much as you want, because symmetric RTP should allow media to get through by way of establishing an outbound stream (inbound stream comes back on the same path).

Our testing confirms that simply blocking incoming RTP traffic on your firewall solves the problem without any Asterisk patch. In short, RTP traffic cannot originate from anonymous sources on the Internet.

For those using Incredible PBX® or Travelin’ Man 3 or an IPtables firewall, the fix is easy. Simply remove or comment out the INPUT rule that looks like this and restart IPtables:

-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

On RedHat/CentOS servers, the rule is in /etc/sysconfig/iptables. On Debian/Ubuntu and Raspbian servers, you’ll find the rule in /etc/iptables/rules.v4. On Incredible PBX for Issabel servers, you’ll find the rule in /usr/local/sbin/iptables-custom. On all Incredible PBX platforms, remember to restart IPtables using only this command: iptables-restart.

Published: Friday, September 8, 2017  


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Free Worldwide VoIP Calling with iNum and Issabel 4


blank

In our last article, we documented how to implement free, safe SIP URI worldwide calling with an almost-free Issabel™ server in the Cloud. Today we’ll add another free worldwide calling option using iNum™. As with SIP URIs, iNum provides a way for anyone in the world to reach you by phone without paying a nickel. And iNum adds the same functionality for Issabel PBX users to reach anyone else in the world with an iNum phone number. The iNum project was started almost a decade ago by Voxbone to create a free global phone network for IP communications. The International Telecommunication Union allocated a portion of its non-geographic country code +883 to the initiative. iNums are 15-digit telephone numbers in the +883 5100 area code. You can keep yours for life at no cost.

blank

Let’s begin by obtaining an iNum telephone number for your Issabel PBX. Every PBX should have at least one. There are a number of iNum providers throughout the world that will give you an iNum telephone number at no cost. For our purposes today, we’ll document the procedure for CallCentric. Assuming you have 911 service with another provider, it won’t cost you anything to set up a CallCentric account and obtain a working iNum telephone number. Other providers (e.g. LocalPhone) typically require a modest deposit just to set up an account which is perfectly understandable. However, CallCentric doesn’t require a credit card up front. If you already have a VoIP.ms account from our tutorial last week, they also offer free iNum phone numbers: Order DIDs:iNum (limited to one per account).

Obtaining an iNum Phone Number from CallCentric

Navigate to the CallCentric web site and click Sign Up. Once your account is activated, login using your new credentials. Jot down your Username, CallCentric #, and Password for future access to the web site. From the main Dashboard, click View/Modify Extensions. Extension 100 should already be set up. Just create a SIP password and jot it down with your SIP username which is the same as your CallCentric #. Click Apply and then SAVE.

Next, let’s order the CallCentric freebies which include BOTH an iNum phone number and a traditional DID. Neither one costs you money, but you do have to use the DID once a month to keep it. The iNum phone number never expires. Under Products, click Order. Under Make Calls, choose the IP Freedom Plan unless you want to use CallCentric to make commercial calls. Under Receive Calls, choose Free Phone Number and Get a Number. Write down your 10-digit number. To obtain an iNum phone number, click here and then click Order an iNum Number. Write down your iNum phone number. UPDATE: CallCentric now will let you order multiple iNum phone numbers at no cost. Each supports two simultaneous calls and unlimited incoming minutes.

With CallCentric, you have two options in routing incoming calls. You can use the Default routing setup which will send the calls to your CallCentric registered trunk (which we will set up below) on your Issabel PBX. Or you can customize the routing and forward the calls for each DID and iNum number to a SIP URI. From the Dashboard, choose Phone Number Forwarding. If you simply want to forward both your DID and iNum numbers to the SIP URI that you set up last week with VoIP.ms, then no trunk registration (below) is required at all. However, you would lose the ability to use CallCentric to place outbound iNum calls from your Issabel extensions.

Integrating iNum Support into Your Issabel PBX

In the Issabel web GUI, we need to configure the trunk for CallCentric. The template already is included with Incredible PBX® for Issabel. Then we need to set up an Inbound Route for CallCentric as well as an outbound route to process iNum calls originating from Issabel extensions.

To configure the CallCentric trunk, navigate to PBX:PBX Config:Trunks:CallCentric. First, uncheck the Disable Trunk field. In Outgoing Settings, insert your SIP username (1777XXXXXXX) in the fromuser and defaultuser fields as well as in the initial field (before colon) and last field (after /) of the Registration String. Insert your SIP password in the secret field and the second field (after the colon) in the Registration String. Submit Changes and Reload Dialplan when prompted.

Next create an Outbound Route for iNum calls using your CallCentric trunk. Navigate to PBX:PBX Config:Outbound Routes. Click Add Route. For Route Name, use Out-CallCentric-iNum. For Dial Pattern, insert 008835100 in the Prepend field and XXXXXXXX in the Match Pattern field. For Trunk Sequence, choose CallCentric. Click Submit Changes and Reload Dialplan when prompted.

Next create an Inbound Route for calls coming from your CallCentric trunk. This will include BOTH your iNum calls and calls from your free CallCentric DID. Navigate to PBX:PBX Config:Inbound Routes. Click Add Incoming Route. For Description, use CallCentric-Incoming. For DID Number, use your SIP username (1777XXXXXXX). For CID Lookup Source, choose OpenCNAM. Then pick a Destination for the incoming calls, e.g. an extension, ring group, or IVR. Click Submit Changes and Reload Dialplan when prompted.

Placing iNum Calls from Issabel Extensions

With our simplified outbound route, users of Issabel extensions can dial iNum phone numbers by simply dialing the last 8 digits of the number, i.e. all of the numbers following 8835100. Most abbreviated numbers start with a zero. For example, to reach Lenny, simply dial 01198938.

Placing iNum Calls from SIP Phones

If you want to reach an iNum number and only have a SIP phone, you can dial any iNum phone number in SIP URI format. Use this syntax: sip:8835100xxxxxxxx@sip.inum.net. Note that the full iNum phone number is required.

Placing iNum Calls from Standard Phones

As part of the iNum initiative, local access numbers have been established in more than 50 countries around the globe. By placing a local call from any telephone to one of these local access numbers, any individual with an iNum phone number anywhere in the world can be reached without further cost. Here is a current list of the local access numbers. Once your call is answered, simply enter the 15-digit iNum phone number you wish to reach, and you will be connected. Here is the latest iNUM listing from DSL Reports:

Country             City                     Access Number
------------------- ------------------------ ---------------
Argentina           Buenos Aires             +54 1159839500
Australia           Sydney                   +61 280148200
Austria                                      +43 720880500
Bahrain                                      +973 16199200
Belgium             Brussels                 +32 28081771
Brazil              Brasilia                 +556135500791
Brazil              Florianopolis            +554840420809
Brazil              Rio De Janeiro           +552135006959
Brazil              Sao Paulo                +551146803621
Bulgaria            Sofia                    +359 24917555
Canada              Calgary                  (403) 775-1446
Canada              Edmonton                 (780) 669-9257
Canada              Halifax                  (902) 982-6937
Canada              London                   (519) 488-9336
Canada              Montreal                 (514) 907-7500
Canada              Ottawa                   (613) 686-4519
Canada              Quebec City              (418) 800-0384
Canada              St. Johns, Newfoundland  (709) 757-0060
Canada              Regina                   (306) 988-1600
Canada              Toronto                  (416) 800-4303
Canada              Toronto                  (647) 724-8777
Canada              Vancouver                (778) 786-3497
Canada              Winnipeg                 (204) 272-8182
Chile               Santiago                 +56 25813444
Croatia             Zagreb                   +385 17776363
Cyprus              Nicosia                  +357 22030500
Czech Republic      Prague                   +420 246019777
Denmark                                      +45 69918686
Dominican Republic  Santiago                 (829) 947-9610
El Salvador                                  +503 21131899
Estonia                                      +372 6681881
Finland             Helsinki                 +358 942419200
France              Paris                    +33 170619800
Germany             Frankfurt                +4969257385876
Germany             Frankfurt                +4969257380439
Greece              Athens                   +30 2111768444
Hungary             Budapest                 +36 14088951
Ireland             Dublin                   +353 15262600
Israel              Tel Aviv                 +972 37219555
Italy               Rome                     +39 0662207777
Japan               Tokyo                    +81 345209777
Latvia              Vilnius                  +370 52059090
Lithuania                                    +371 67652500
Luxembourg                                   +352 20880108
Malta                                        +35627780107
Mexico              Guadalajara              +52 3346242977
Mexico              Mexico City              +52 5511678222
Mexico              Monterrey                +52 8141703540
Netherlands         Amsterdam                +31 208080808
New Zealand         Auckland                 +64 99250499
Norway              Oslo                     +47 21031306
Panama                                       +507 8322488
Peru                Lima                     +51 17085500
Poland              Warsaw                   +48 223982688
Portugal            Lisbon                   +351 308803219
Puerto Rico         Bayamon Norte            (787) 395-7140
Romania                                      +40 318103500
Singapore                                    +65 31581212
Slovakia            Bratislava               +421 233002555
Slovenia            Ljubljana                +386 16001422
South Africa        Johannesburg             +27105002854
South Africa        Pretoria                 +27120042701
Spain               Barcelona                +34 931815653
Spain               Madrid                   +34 911883777
Sweden              Stockholm                +46 852500111
Switzerland         Zurich                   +41 435006262
United Kingdom      London                   +44 2033556363
United States       Albuquerque, NM          (505) 225-8243
United States       Charlotte, NC            (980) 202-0283
United States       Charlotte, NC            (980) 236-0398
United States       Chicago, IL              (312) 253-4880
United States       Houston, TX              (713) 474-2323
United States       Kansas City, MO          (913) 951-0932
United States       Los Angeles, CA          (213) 221-3799
United States       New York, NY             (646) 843-6969
United States       Phoenix, AZ              (602) 354-9444
United States       San Diego, CA            (619) 330-9640
United States       San Francisco, CA        (650) 360-0999
United States       Santa Barbara, CA        (805) 308-9649
United States       Seattle, WA              (206) 420-5904
United States       Spokane, WA              (509) 931-0459
United States       Tacoma, WA               (253) 343-1529


blank

We’ve barely scratched the surface of what you can do with Incredible PBX for Issabel. Head over to our introductory article where we’ve documented dozens of Asterisk® applications that await your exploration. Enjoy!

Published: Tuesday, August 29, 2017  


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Free Worldwide VoIP Calling with SIP URIs and Issabel 4

blank

SIP URIs make the VoIP World go ’round. They’re the email-like addresses that carry VoIP calls between SIP servers to reach their destination. But there’s gold in them hills if you know how to use SIP URIs because SIP URI calls are free even if the calls travel all the way around the world. We previously documented how to deploy SIP URI calling with PIAF5 and 3CX, and today we’ll show you how to make SIP URI calls from and to your Issabel™ server using Incredible PBX®. More importantly, we’ll show you how to do it safely without opening up the anonymous calling floodgates and compromising your Asterisk® server.

Now that we’ve gotten the price of cloud-based servers down to a respectable $1.50 to $2.50 per month, it’s time to cut the cord and kiss your home-grown server goodbye. The babysitting headaches and maintenance costs of running your own server and paying for electricity simply aren’t worth it. There’s another reason. NAT-based routers and firewalls complicate things when it comes to VoIP. Not only do you have to wrestle with SIP headers and ALG, but you also have to troubleshoot thorny one-way audio issues with VoIP calling. So bite the bullet and play along today. Skip that Starbucks coffee this week and you’ve all but paid for a full year’s worth of VoIP server hosting in the Cloud.

Getting Started with Vultr

If you just want to experiment in a cloud-based sandbox, then there’s no better option than Vultr. For less than a penny an hour, you can build a VoIP platform, tear it down, and build another one for less than the cost of a nickel candy bar. You remember those, don’t you? I actually tried to think of something that still costs a nickel, but that was the best I could do… and that was 50+ years ago.

blank

After you’ve created an account on Vultr with our referral link, the first step is to create your new cloud instance. Choose New York or Miami as your desired hosting site (they both have $2.50/month availability) and select 64-bit CentOS 7 as your server platform. An additional 50¢ a month buys you automatic daily, weekly, or monthly backups to a separate, fault tolerant storage system in the same data center. HINT!

(1) Once you’ve built and started your new virtual machine, log into your server as root using SSH/Putty and immediately change your root password: passwd.

(2) With the $2.50 size VULTR virtual machine, you must create a swapfile before beginning the Issabel installation. Here are the commands:

dd if=/dev/zero of=/swapfile bs=1024 count=1024k
chown root:root /swapfile
chmod 0600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile swap swap defaults 0 0">>/etc/fstab
sysctl vm.swappiness=10
echo vm.swappiness=10>>/etc/sysctl.conf
free -h
cat /proc/sys/vm/swappiness

(3) Now skip down to the Issabel installation section to continue.

Getting Started with WootHosting

If $2.50 a month is too rich for your blood, there actually are two $1.50 a month options at WootHosting if you sign up for a year. With the New York special, you get a single VPS platform. With the twofer special, you actually get two VPS platforms in your choice of cities. WootHosting also offers considerably more horsepower with quadruple the RAM and more storage space. You can read our review of WootHosting here.

(1) Start by creating a CentOS 7 Minimal VPS platform in New York, Miami, or Los Angeles. If you opted for the WootHosting twofer special, then you’ll need to create a user and then a virtual server platform that looks something like this:

blank

(2) Set a root password in the Root/Admin Password tab and enable TUN/TAP (needed for NeoRouter) in the Settings tab.

(3) Login to your server as root using SSH Terminal or Putty.

(4) Now continue with the Issabel installation as documented below.

Installing Issabel on Your VPS Platform

Issue the following commands to install Issabel. When prompted for a MariaDB (MySQL) and admin password, make certain to use passw0rd (with a zero) for your MariaDB password and a very secure password for your admin password, the one you’ll use to login as admin to Issabel’s web interface.

yum -y update
yum -y install wget nano
wget -O - http://repo.issabel.org/issabel4-netinstall.sh | bash

When the Issabel install is complete, your server will automatically reboot.

Installing Incredible PBX for Issabel on Your VPS

After the reboot, log back into your server as root and issue the following commands to install Incredible PBX for Issabel. You will again be prompted for MariaDB and admin passwords. Do exactly as you did above using passw0rd as your MariaDB password. At the conclusion of the install, you will again be prompted for the same admin password you used above. This is actually used for Apache web security and will be the first prompt you see when you attempt to login to any web application including Issabel, AsteriDex, and Reminders.

wget http://incrediblepbx.com/IncrediblePBX11-Issabel4.sh
chmod +x IncrediblePBX11-Issabel4.sh
./IncrediblePBX11-Issabel4.sh

When the installation finishes, reboot your server once again and then log back in as root. The Automatic Update Utility will load current patches and then display pbxstatus.

Using a browser, login to the Issabel web client at the IP address shown in pbxstatus. You’ll be prompted twice (http and https) for your Apache admin credentials which should be the same as your Issabel GUI admin credentials. Save your Apache credentials in your browser when prompted to do so. Then you won’t have to provide Apache credentials again. Next, login to the Issabel GUI with admin and your admin password.

That completes the basic install of Incredible PBX and Issabel. Our previous tutorial will walk you through the basics of setting up your trunks, extensions, and routes in Issabel.

Overview of SIP URI Implementation with Issabel

There are any number of ways to implement incoming SIP URI support on Asterisk-based servers. Most are terribly insecure and provide an easy target for the bad guys to make free calls using your paid VoIP provider accounts. The traditional method to permit SIP URI access to your server would require poking a hole in your firewall to allow unrestricted access to the SIP port of your server, UDP 5060. In addition, it would require enabling unrestricted anonymous calling access to Asterisk via FreePBX®. After all, that’s similar to the way the Ma Bell telephone system operated. Anyone in the world could call you provided they had your number. The major deterrent was that most of the calls incurred costs to the caller with no monetary benefits being derived. VoIP changed all of that. Using a SIP client and SIP URIs, anonymous individuals now can place unlimited calls to unlimited VoIP servers at no cost. And, if they get lucky, they can decipher a way to call into your PBX via SIP URI and then call out using phone trunks that you actually have to pay for. Bad idea!

We have a better way that’s entirely secure and won’t incur calling charges for incoming anonymous SIP URI calls. The solution is to set up a trunk with a hosting provider that supports anonymous SIP URI access and then leave it to the VoIP provider to manage the thorny SIP security problems which is not Asterisk’s strong suit. Once we’ve set up the SIP URI with the provider, we will register a trunk with that provider on our Issabel server. Then all of the anonymous SIP URI calls will come into the SIP provider and be rerouted to Issabel through our registered trunk with that provider. No firewall puncturing is required because we will be using a registered trunk and tunnel between our server and the provider.

Implementing SIP URI Support with VoIP.ms

Our favorite VoIP provider to implement this is VoIP.ms in Canada. They have POP servers throughout the world so you can pick a server that is close to your cloud-based Issabel server. VoIP.ms POPs are available in Tampa, New York, and Los Angeles among others worldwide. Step one is to set up an account at VoIP.ms if you don’t already have one. Step two is to set up a SubAccount with a difficult-to-guess VoIP.ms Internal Extension Number. Be sure to jot down the Username and Password you set up for your SubAccount. You’ll need them in a minute. In our example today, we’re using 4772235642 as the internal extension number. This means other VoIP.ms account holders can reach this account by dialing 10+ 4772235642. And anyone on the Internet can reach this account by dialing your VoIP.ms account number + 4772235642 at the POP to which you are registering a VoIP.ms DID associated with this SubAccount. Clear as mud? Hang in there a bit longer.

Step three is to sign up for a VoIP.ms DID. This could be a free iNUM DID or a commercial DID (traditional 10-digit NANPA number) that your PBX could actually use to receive traditional calls. Commercial DIDs range in price from under $1 a month with incoming calls costing under a penny a minute to $4.25 a month with unlimited incoming (residential) calls. For our purposes today, the type of DID and its commercial cost really don’t matter. When any of these DIDs are connected to a SubAccount with an associated Internal Extension Number, SIP URI calls to that DID’s internal extension number are free! So… the cheaper, the better.

The final step on the VoIP.ms side of things is to associate your DID with a SubAccount and choose a POP server to process the calls coming to you. This is done under the Manage DIDs tab in the VoIP.ms web interface.

So let’s review what we’ve done. We set up a VoIP.ms account. We created a SubAccount in their web interface and created an internal extension number for that subaccount. Next, we ordered a DID. And finally, we associated that DID with the subaccount we created and chose a POP server to deliver the inbound calls to our server.

Now we’re ready to set up a VoIP.ms trunk on our Issabel server and test things out.

Implementing SIP URI Support with Issabel

Incredible PBX makes setting up a VoIP.ms trunk easy. The template is already in place in the Issabel GUI. All you’ll need are your VoIP.ms credentials (SubAccount Username and Password), your DID number that you ordered from VoIP.ms, and the name of the VoIP.ms POP server (from Manage DIDs) that will be delivering the incoming calls. You’ll also want to jot down your Internal Extension Number (without leading 10) that you set up in your VoIP.ms SubAccount. You’ll need that and the FQDN of the VoIP.ms POP in order to decipher the SIP URI (phone number) to reach your server.

While logged into the Issabel GUI, navigate to PBX:PBX Config:Trunks:VoIPms. Insert your DID in the Outbound CallerID field. Uncheck the Disable Trunk box. Under PEER Details, insert your VoIP.ms username in the username and fromuser fields. Insert your VoIP.ms password in the password field. Insert the FQDN of the VoIP.ms POP server in the host field. Under Register String, insert your username, followed by a colon, your password, followed by @, your POP FQDN, followed by /DID, e.g. johndoe:secret@tampa.voip.ms/8005551212.

Next, we need to create an Inbound Route to process the incoming calls from VoIP.ms. Navigate to PBX:PBX Config:Inbound Routes. Click Add Incoming Route. In the Description field, enter VoIPms-Incoming. In the DID Number field, insert your DID number. In the Source field, choose OpenCNAM. In the Set Destination dialog, choose a destination for the incoming calls, e.g. an extension, ring group, or IVR. Then click Submit and reload dialplan.

Finally, we need to adjust a SIP setting to support SIP URI calls from VoIP.ms. Navigate to Security:Advanced Settings. Set Enable Direct Access ON. Set Allow Anonymous Calls OFF. Enter your admin password twice. Click SAVE.

Next, navigate to PBX:PBX Config:Unembedded IssabelPBX. When the new window opens, navigate to Settings:Asterisk SIP Settings. In the External IP field, insert the IP address of your Issabel server. Click Auto Configure button immediately below that. Scroll to the bottom and, in Other SIP Settings, insert match_auth_username = yes in the two fields provided. Click Submit Changes and reload dialplan. Click Logout: Admin at the top of the browser window and then close the browser tab to return to the main Issabel GUI.

Deciphering the SIP URI for Your Issabel PBX

From the information you wrote down above, here’s how to assemble the SIP URI for your Issabel PBX. Start with your VoIP.ms account number, e.g. 101595. Add your Internal Extension Number, e.g. 4772235642. Add the @ symbol followed by the VoIP.ms POP routing calls to Issabel, e.g. tampa.voip.ms. You can give ours a try if you’d like to interact with Allison’s Demo IVR: 1015954772235642@tampa.voip.ms. Most SIP clients support SIP URI calling including Zoiper (PCs) and Telephone (Macs).

Placing Outbound SIP URI Calls from Issabel PBX

The easiest way to place outbound SIP URI calls from your Issabel PBX is to set up Custom Extensions for the destinations you wish to reach.

Navigate to PBX:PBX Config:Extensions:Other (Custom) Device. Assign an extension number and display name to the extension and insert the SIP URI in the dial field using the syntax shown below. Then click Submit and reload your dialplan.


blank


blank

We’ve barely scratched the surface of what you can do with Incredible PBX for Issabel. Head over to our introductory article where we’ve documented dozens of Asterisk® applications that await your exploration. Enjoy!

Published: Thursday, August 24, 2017  


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…