Home » Incredible PBX » Raspberry Pi (Page 11)
Category Archives: Raspberry Pi
Mastering the Incredible PBX 16-15 Feature Set with Raspbian
This week we’ll finish up our introduction of Incredible PBX® 16-15 for the Raspberry Pi with a quick look at some of the additional features that are offered on this new platform and that were not covered in our first and second articles. These include text-to-speech apps for news, weather, and today in history as well as the sample ODBC apps for speed dialing and employee data base lookups. We’ll also walk you through the conferencing setup and document the easiest way to deploy an Interactive Voice Response (IVR) system or a Stealth AutoAttendant with or without Direct Inward System Access (DISA) which provides a way to call into your PBX from anywhere and obtain dial tone to make calls or access features just as if you were using a local phone connected to your PBX. We’ll finish up with a review of the Incredible PBX security model: Travelin’ Man 3 IPtables firewall, Fail2Ban, and PortKnocker.
Introduction to Incredible PBX TTS Apps
Text-to-Speech (TTS) applications are included in Incredible PBX for two reasons. First, they provide useful information by phone. Second, they document the procedure required to build your own TTS applications using Asterisk®. That process typically includes a dialplan code addition to /etc/asterisk/extensions_custom.conf plus a PHP/AGI script which must be stored in /var/lib/asterisk/agi-bin. The actual interaction with the caller is handled in the dialplan code using a TTS engine to convert the text results of the PHP/AGI query into audio suitable for playback over the telephone. The (free) PicoTTS engine is included in the Incredible PBX image for the Raspberry Pi. The commercial IBM TTS engine is also available.
The job of the dialplan code is to answer the incoming call and prompt the caller for any necessary information that needs to be passed to the PHP/AGI script to obtain the information sought by the caller. For example, with the Weather by ZIP code app, the caller dials Z-I-P (947) and the dial plan code prompts the caller for the ZIP code of the desired weather report. This ZIP code is then passed to the nv-weather-zip.php AGI script to retrieve the requested weather forecast. The text results of the query then are passed back to the dialplan code which plays back the results to the caller using the PicoTTS engine.
Three sample TTS applications are included. Dial 951 for the latest Yahoo News headlines. Dial 947 to obtain a weather report for any American city using its ZIP code. Dial T-O-D-A-Y to listen to Today in History events for the current day of the year.
Introduction to Incredible PBX ODBC Apps
As with TTS apps, sample ODBC apps are included in Incredible PBX to provide useful information to callers and to document the procedure required to build your own ODBC applications with Asterisk. For those unfamiliar with ODBC, it is a middleware component that lets you build generic database applications that will work with almost any data base management system. In our case, we are using the MySQL clone, MariDB, as the backend database. But the same ODBC API could be used with a database stored in SQLite, or SQL Server, or PostgreSQL. To interact with your own database, the first step is to install an ODBC connector for your particular database so that it can "talk" to Linux and to Asterisk. On the Linux side, take a look at /etc/odbc.ini for examples of how this is done for individual databases. If you’re using a backend database other than MySQL/MariaDB, then the driver must be installed and added to /etc/odbcinst.ini. On the Asterisk side, there are three pieces that need to be put in place in /etc/asterisk. res_odbc_custom.conf houses the actual linkages to the ODBC databases defined in /etc/odbc.ini. func_odbc.conf houses the actual ODBC queries that will be used to read and write information from and to your databases. Finally, odbc.conf contains the dialplan code that will be used to interact with the caller. It answers the incoming calls, prompts the caller for necessary data to complete the query, executes the query defined in func_odbc.conf, and then converts the text results to audio and passes the results back to the caller using the PicoTTS app.
Two sample ODBC applications are included. Dial 222 to obtain an employee name lookup from the employee timeclock database by entering the employee number, e.g. 12345. Dial 223 for a speed dial application using the AsteriDex dialcode (the first 3 letters of a name). For example, enter D-E-L to obtain phone number of Delta Airlines and optionally place the call.
Introduction to Incredible PBX Conference Bridge
The Incredible PBX platform includes a preconfigured conference application which makes it easy for two or more parties to confer regarding any subject matter of common interest. Those with a local extension on the PBX can join the conference by dialing C-O-N-F (2663). For callers outside the PBX to participate, you would need to add a DID that points to the conference number. We’ve made it easy by including this option in the sample IVR created by Allison Smith. Simply designate the IVR as the destination for a DID and tell users to choose option 2. Local users can call D-E-M-O (3366) and choose option 2.
Before using the conference application, you will want to reset the conference passwords. There’s one for users and a second one for the conference leader. After logging into your server as root, issue the command: ./reset-conference-pins. You can display most of the passwords on your PBX including the conference PINs: ./show-passwords.
The conference bridge setup is configured in the GUI: Applications -> Conferences. Here you can decide whether to require the conference administrator to be present before users can join the conference, you can force termination of the conference when the admin leaves, you can enable the menus for users and administrators by pressing *, you can choose whether to record the conference, you can set the maximum number of conference participants, and much more. Simply click on the ? icons for explanations of the various features. CAUTION: Be advised that saving new settings for the conference bridge will reset the conference PINs to the entries shown or entered into the template, e.g. 1234 and 4321 as shown above!
Configuring Incredible PBX IVRs and AutoAttendants
We’ve included a sample IVR and the Stealth AutoAttendant as part of the Incredible PBX install. The easiest way to master the process of building these is to examine the included samples and try them out: Applications -> IVR -> DemoIVR. The demo IVR comes with all the options preconfigured. Be very careful exposing this through a DID unless you have hardened the passwords, especially for the Telephone Reminders app since this application allows any caller to set up calls to external phone numbers which may cost you money!
The IVR options themselves are self-explanatory and well-documented under the ? icon. The IVR Entries at the bottom of the template define the destinations for caller button presses during a call. The Stealth AutoAttendant is worth examining further since it does not include predefined destinations. You would need to add these yourself. The idea behind a Stealth AutoAttendant is to provide options to a caller which are not explained when the AutoAttendant answers the call. In this way, it allows you to "hide" certain features of your PBX from the average caller. While standing alone, it’s obviously not secure since anyone can press a number on their phone after being connected, it does at least obscure the existence of the options. One good use for this is a DISA option which would let you call into your PBX to obtain dialtone to perform other functions on the PBX with an appropriate password, of course. This is documented in the next section and would need to be set up BEFORE adding the option as a choice on the AutoAttendant.
Configuring DISA with Incredible PBX
Before setting up a DISA option with Incredible PBX, be aware of the risks. Anyone that guesses your DISA password basically gets a blank check to perform any function that could be executed from any phone registered to your PBX. If you’ve decided to proceed anyway, access the GUI and choose Applications -> DISA -> Add DISA. Here’s what a typical DISA setup would look like. You’d obviously want a much more secure PIN!
Once you have saved the template and reloaded your dialplan, you then can add DISA as an option in your IVR or AutoAttendant. Be sure to test it carefully before exposing it for public access. You’ve been warned!
Incredible PBX Security Model Overview
Unlike most other free PBX offerings, Incredible PBX is always deployed as a secure platform. Attempts to access Incredible PBX from outside your local area network will fail unless the IP address has been whitelisted in the IPtables firewall using one of the Travelin’ Man 3 utilities: add-ip or add-fqdn. Repeated attempts to access the PBX will be blocked by Fail2Ban and subsequent attempts to whitelist a blocked IP address will not be successful until the Fail2Ban quarantine expires. Thus, it is important to set up Incredible PBX initially using a desktop PC from which you will subsequently manage the PBX. This assures that at least this desktop PC’s IP address is whitelisted.
To whitelist a static IP address, log into your server as root and issue the following command: ./add-ip my-log-cabin 12.34.56.78 where my-log-cabin is the descriptive name you wish to associate with the whitelisted IP address and 12.34.56.78 is the actual IP address.
Obviously, everyone doesn’t have a static IP address. That’s what the add-fqdn utility is for. It allows you to use a dynamic DNS service to assign an FQDN to a dynamic IP address and rely upon the dynamic IP address provider to keep the FQDN synchronized as the IP address changes. Search your favorite search engine, search for "free dynamic dns raspberry pi" to find available providers. On the Incredible PBX, the setup is much the same except you’ll use the FQDN assigned to the IP address: ./add-fqdn my-log-cabin logcabin.myip.com. Incredible PBX actually runs a script every 10 minutes to keep dynamic IP addresses synchronized. Don’t make any changes to /root/ipchecker. If you’d prefer to have the script run more frequently, adjust the 10 entry in the ipchecker line in /etc/crontab.
Last but not least, Incredible PBX includes the PortKnocker utility which provides an emergency "back door" into your PBX if you ever find yourself locked out by the firewall rules. The idea behind PortKnocker is that you send a packet to three random, pre-defined ports in a particular sequence and, if there’s a match, PortKnocker whitelists your IP address for further access to the server until the firewall is restarted or the server is rebooted. You’ll find your credentials and documentation in /root/knock.FAQ. If your PBX is sitting behind a hardware-based router or firewall, be sure to map the three TCP ports to the LAN IP address of your PBX. Enjoy!
Originally published: Wednesday, August 28, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Icing on the Cake for Incredible PBX 16-15 and Raspberry Pi
In our last article, we introduced Incredible PBX® 16-15 featuring Asterisk® 16 and FreePBX® 15 on the new Raspberry Pi 4 with Raspbian 10. But we’re just getting started. Today we want to show off the real power of this $35 on-premise platform with the addition of IBM’s voice recognition software. Your first 500 minutes a month are free. In conjunction with Incredible PBX, you’ll get flawless transcription and email delivery of your voicemail messages plus a voice dialer that lets you call anyone in your AsteriDex phonebook by simply dialing 411 and saying the name of the person or company you wish to call. We’ve got a few more surprises plus some tips for the $5.95 Blinkt rainbow light show that will have your friends drooling with envy. If you haven’t yet installed Incredible PBX 16-15, start there.
Configuring Gmail as Exim Smart Relay Host
Before you can receive voicemail messages by email, your server needs to be able to successfully send email messages. Most Raspberry Pi implementations will be on networks managed by companies like Comcast, Spectrum, and AT&T that block downstream mail servers (that’s you) from sending email. The solution is to use Gmail or your local ISP as a smart relay host to send mail from your server. Here’s how to set it up using a Gmail account without two-step authentication. Log into your server as root and run ./configure-exim-email. Choose "mail sent by smarthost; received via SMTP or fetchmail." Accept all the defaults until you get to Outgoing Smarthost prompt. Enter: smtp.gmail.com::587. At the following prompts, choose NO, NO, mbox, and NO. When the setup completes, edit /etc/exim4/passwd.client and insert the following line using your Gmail AcctName and AcctPW. NOTE: If you are using a Gmail account with 2-step verification enabled, you MUST use a Gmail App Key instead of your Gmail account password.
*.google.com:AcctName@gmail.com:AcctPWsmtp.gmail.com:AcctName@gmail.com:AcctPW
Save the file and then issue the following commands to complete the setup:
update-exim4.conf systemctl restart exim4 exim4 -qff
Now send yourself a test email message to make sure things are working properly:
echo "test" | mail -s testmessage yourname@yourmailprovider.com
Some prefer an email notification whenever your server is booted. Once you have configured a relay host above, you can add this feature by editing /etc/rc.local and adding the following lines just above the service knockd start line using your actual email address:
_PRIVATE="Private IP: `cat /etc/hostip | cut -f1-2 -d " "`" _PUBLIC=" Public IP: `curl -s -S --user-agent \\ "Mozilla/4.0" http://myip.incrediblepbx.com | awk 'NR==2'`" echo "$_PRIVATE\\n$_PUBLIC" | mail -s "RasPi 16-15 has booted" yourname@yourmailserver.com
Why IBM's speech recognition breakthrough matters for AI and IoT. Via @techrepublic https://t.co/AJi8MA3E20
— IBM Developer (@IBMDeveloper) March 15, 2017
Obtaining IBM Cloud Speech to Text Credentials
Follow this link to set up your IBM account and obtain credentials for both Speech to Text (STT) and Text to Speech (TTS) services. Please note that your STT and TTS API keys will NOT be the same. So don’t accidentally use the wrong one. For today, we’ll need your STT API Key.
Installing STT Engine for Voicemail Transcription
Now we’re ready to deploy IBM’s STT Engine to (1) transcribe your voicemails and (2) deliver them by email. To begin, open the Incredible PBX web GUI with your browser and edit extension 701 under Applications -> Extensions. Click on the Voicemail tab. Enter an Email Address for delivery of your voicemails. Set Email Attachment, Play CID, and Play Envelope to YES. After testing things out, you may want to actually Delete Voicemails after email delivery, but leave it set to NO for the time being. Click Submit and Apply Config to save your settings.
Next, log into the Linux CLI as root and change to the /usr/local/sbin directory. Then copy the sendmailmp3.ibm file to sendmailmp3: Then edit sendmailmp3.
cd /usr/local/sbin cp -p sendmailmp3.ibm sendmailmp3 nano -w sendmailmp3
Scroll down to line #21 and enter your actual API_KEY replacing the X’s inside the quotes. Save the file: Ctrl-X, Y, then ENTER. Now call extension 701’s voicemail (*701) and leave yourself a short voicemail message. Within a minute or two, it should be delivered to your email address that you specified for extension 701 voicemails. It will include the voicemail recording as well as a transcription.
Deploying the AsteriDex Voice Dialer
AsteriDex is an open source database that is included in every Incredible PBX deployment. You can access it within the web GUI under the Third Party Addon tab. By default, it includes entries for some of the major airlines. You can create as many additional entries as you wish. Also included with Incredible PBX is a voice dialer that is accessed by dialing 411. You’ll be prompted for the name of the person or company to contact. Once you say the name, the voice dialer will place the call using your default outbound route for 10-digit calls. The missing piece is voice recognition software to transcribe what you say into text that can be looked up in AsteriDex to retrieve the number to call. That’s where IBM’s STT engine enters the picture. To deploy it, start by replacing the 411 context in your dialplan. Then we’ll edit the getnumber.sh shell script and insert your STT credentials.
cd /var/lib/asterisk/agi-bin sed -i '\:// BEGIN Call by Name:,\:// END Call by Name:d' \\ /etc/asterisk/extensions_custom.conf sed -i '/\[from-internal-custom\]/r /var/lib/asterisk/agi-bin/ibm-411.txt' \\ /etc/asterisk/extensions_custom.conf asterisk -rx "dialplan reload" nano -w getnumber.sh
Scroll down to line #13 and make it look like this: API_USERNAME="apikey"
On Line #14, enter your actual API_KEY between the quotation marks replacing the X’s. Then save the file: Ctrl-X, Y, then ENTER.
Now pick up a phone connected to your PBX and dial 411. When prompted for the person/company to call, say "American Airlines."
Move Over Siri. Here Comes Iris.
If the idea of instant access to all the world’s information is appealing but you’re not quite ready to invite Siri, Alexa, and Google into your bedroom, then IRIS may be your cup of tea. With the Incredible PBX implementation of Wolfram Alpha, you simply dial I-R-I-S (4747) from any phone, ask a question, and the world’s greatest almanac tied to a supercomputer will provide you an answer. So long as it’s for non-commercial use, you get 2,000 free queries a month just by signing up for a Wolfram Alpha account. Here’s a sample of what’s available:
Weather in Charleston South Carolina
Weather forecast for Washington D.C.
Next solar eclipse
Otis Redding
Define politician
Who won the 1969 Superbowl? (Broadway Joe)
What planes are flying overhead now? (flying over your server’s location)
Ham and cheese sandwich (nutritional information)
Holidays 2019 (summary of all holidays for 2019 with dates and DOW)
Medical University of South Carolina (history of MUSC)
Star Trek (show history, air dates, number of episodes, and more)
Apollo 11 (everything you ever wanted to know)
Cheapest Toaster (brand and price)
Battle of Gettysburg (sad day 🙂 )
Daylight Savings Time 2019 (date ranges and how to set your clocks)
Tablets by Motorola (pricing, models, and specs from Best Buy)
Doughnut (you don’t wanna know)
Snickers bar (ditto)
Weather (local weather at your server’s location)
Deploying IRIS is simple. Once you have your Wolfram Alpha APP-ID, edit the 4747 file in /var/lib/asterisk/agi-bin and insert your APP-ID in the first line of the file. Then save it. In the same directory, edit wolfram.sh and enter apikey for your API_USERNAME, your actual IBM STT API key as your API_PASSWORD, and reenter your Wolfram Alpha APPID. Then save the file. Now dial I-R-I-S (4747) from any phone and ask one of the sample questions above.
UPDATE: A bug crept into the Wolfram Alpha scripts somewhere along the way. Here’s the fix, but you don’t need to install it. Simply log out and back into your Raspberry Pi as root, and the Automatic Update Utility will install it for you.
cd /var/lib/asterisk/agi-bin sed -i 's|results.chr(13).chr(10);|results.chr(13).chr(10).chr(34);|' 4747.php
Using Allison’s Demo IVR for Feature Set Access
Rather than remembering all of the dial codes we’ve documented above, the easiest way to get instant access to all the features we’ve discussed plus more is to dial D-E-M-O (3366) from any phone connected to your PBX. Better yet, you can share the feature set with your friends by configuring the Demo IVR as the Inbound Route Destination for one of your DIDs. Be careful sharing your password for Telephone Reminders to avoid having some creep schedule multiple reminders to make expensive calls to some ship in the middle of nowhere.
Updating pbxstatus to Support NeoRouter
If you have deployed the NeoRouter VPN on your server, you’ve probably noticed that the pbxstatus display looks a bit awkward now since there are multiple local IP addresses. Here’s the fix. Edit /usr/local/sbin/pbxstatus. Scroll down to line #6 and replace it with the following. Then save the file.
_IP=" Private IP: `cat /etc/hostip | cut -f1-2 -d " "`"
Adding Blinkt for Non-Blacklisted Incoming Calls
If you deployed the Blinkt hardware addition following our last tutorial, we wanted to add an additional feature that will provide visual alerts when incoming calls arrive. Here’s how:
cp -p /root/rainbow.py /usr/local/sbin/. echo "asterisk ALL = NOPASSWD: /usr/local/sbin/rainbow.py" >> /etc/sudoers echo '[app-blacklist-check] include => app-blacklist-check-custom exten => s,1(check),GotoIf($["${BLACKLIST()}"="1"]?blacklisted) exten => s,n,Set(CALLED_BLACKLIST=1) exten => s,n,System(/usr/bin/sudo /usr/local/sbin/rainbow.py &) exten => s,n,Return() exten => s,n(blacklisted),Answer exten => s,n,Set(BLDEST=${DB(blacklist/dest)}) exten => s,n,ExecIf($["${BLDEST}"=""]?Set(BLDEST=app-blackhole,hangup,1)) exten => s,n,GotoIf($["${returnhere}"="1"]?returnto) exten => s,n,GotoIf(${LEN(${BLDEST})}?${BLDEST}:app-blackhole,zapateller,1) exten => s,n(returnto),Return() ;--== end of [app-blacklist-check] ==--; ' >> /etc/asterisk/extensions_override_freepbx.conf asterisk -rx "dialplan reload"
Originally published: Monday, August 19, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Back to School: It’s Incredible PBX 16-15 for the Raspberry Pi
It’s Back to School Time in the U.S.A., and we have a terrific new August project for you and your shiny new Raspberry Pi 4. It features Asterisk® 16 with all the latest FreePBX® 15 GPL modules plus the feature sets of Incredible PBX® and RasPBX and RonR’s latest build. And it’s all rolled into one terrific (free) bundle. It’s literally the best of all worlds. Finally, a word of caution. This is a work in progress. If you’re looking for instant perfection, come back after Labor Day. But, if you want to roll up your sleeves and participate in an open source project, you’ve come to the right place. We welcome your comments AND contributions. After all, that’s what open source development is all about. Participate!
This is the first of several articles on Incredible PBX 16-15. Today, we’ll get your platform built and walk you through what’s included in the new build. You can expect a new release regularly until we work through all of the kinks and some of the missing pieces. If you’ve been following our articles this past month, you already know that restoring backups from Incredible PBX 13-13 into Incredible 16-15 was one of the primary development goals of FreePBX 15. It remains a little rough around the edges, but we’re close on the CentOS platform. And, in coming weeks, we’ll integrate what we’ve learned on the CentOS 7 platform into the Raspbian 10 Buster image for the Raspberry Pi. In the meantime, come enjoy and explore the powerful, new feature set that comes with Incredible PBX 16-15 out of the box. Unlike RonR’s build, there’s nothing to compile with Incredible PBX 16-15 for Raspbian 10 even though all of the components are there to let you do so whenever the mood strikes. And, unlike the FreePBX Distro, we don’t rely on static packages which make it difficult to make future modifications on your own. Instead, Incredible PBX 16-15 offers a snapshot image with a complete toolkit to make future modifications as desired.
What’s Included? Incredible PBX 16-15 for Raspbian 10 serves up a VoIP powerhouse featuring Asterisk 16 and all FreePBX 15 GPL modules, an Apache web server, the latest MariaDB SQL server (formerly MySQL), Exim4 mail server, and most of the Incredible PBX feature set including SIP, SMS, voice recognition, AsteriDex, PicoTTS Text-to-Speech VoIP applications plus fax support, Click-to-Dial, News, Weather, Telephone Reminders, and hundreds of features that typically are found in commercial PBXs: Conferencing, IVRs and AutoAttendants, Email Delivery of Voicemail, Voicemail Blasting, and more. We’ve also incorporated the Zero Trunk Configuration feature from the LITE build which lets you sign up with one of four VoIP providers and start making and receiving calls instantly.
Choosing a SIP Provider. As we mentioned, Incredible PBX 16-15 comes preconfigured to support four of the major SIP providers: Skyetel, VoIP.ms, V1VoIP, and Anveo Direct. We obviously hope you’ll choose Skyetel not only because they financially support Nerd Vittles and our open source projects, but also because it is a clearly superior platform offering crystal-clear communications and quadruple-redundancy so you never miss a call. Skyetel also sets itself apart from the other providers in the support department. They actually respond to issues, and there’s never a charge. As the old saying goes, they may not be the cheapest, but you get what you pay for. Even without taking advantage of Nerd Vittles free $10 credit plus a half-price offer on up to $500 of Skyetel services, they’re still dirt cheap compared to the Bell Sisters and cable companies. Traditional DIDs are $1 per month. Outbound conversational calls are $0.012 per minute. Incoming conversational calls are a penny a minute, and CallerID lookups are $0.004. With all four providers, you only pay for minutes you use. Using more than one is a good idea. With your Skyetel $10 credit, there’s ample funding to order a phone number and make hundreds of calls at zero cost. Once you’re satisfied with the service (and you will be), you can fund your account with up to $250, and Skyetel will match your deposit plus give you free number porting for any existing numbers you want to add to your account. Quite literally, you have nothing to lose. Effective 10/1/2023, $25/month minimum spend required.
Assembling the Required Raspberry Pi Components
Before you can deploy Incredible PBX 16-15, you’ll first need the necessary Raspberry Pi hardware. Here’s the short list and, if you’re in a hurry, the $35 Raspberry Pi 3B+ will cost you less than $3 extra to get it quickly from Amazon using our referral link. If you prefer to wait for a Raspberry Pi 4, read on. Either way, the RasPi remains one of the world’s best bargains! Assuming you already own an HDMI-compatible monitor and a USB keyboard…
Raspberry Pi 4B from a Raspberry Pi reseller $8 USB-C RasPi 4 (only) Power Supply $10 32GB microSDHC Class 10 card (strongly recommended!) $5 Official RasPi 4 Case
Getting Started with Incredible PBX 16-15
Here’s our 10-Step Guide to installation and setup. "Automatic" means just watch. Steps #1 and #2: follow the links. For the remaining steps, we’ll further document the procedures.
- Download and unzip Incredible PBX 16-15 image from SourceForge
- Transfer Incredible PBX 16-15 image to microSD card
- Boot Raspberry Pi from new microSD card (16GB minimum)
- Login to RasPi console as root:password to initialize your server (Automatic)
- In raspi-config Advanced Options, Expand FileSystem to fill your SD card
- In Localization Options, set Locale, TimeZone, Keyboard, & WiFi Country
- Reboot after writing down your server IP address (Automatic)
- Login via SSH or Putty as root:password to set passwords & setup firewall (Automatic)
- Run admin-pw-change to set the admin password for access to the web GUI
- Register for and configure at least one trunk provider for Incredible PBX 16-15
- Enjoy!
First Boot of Incredible PBX 16-15 with Wi-Fi
Incredible PBX 16-15 requires Internet connectivity to complete its automated install. If you’re using a wired network connection, you can skip to the next section. With the Raspberry Pi 3B and 4B, WiFi is built into the hardware. But you still have to insert your SSID name and SSID password to make a connection to your WiFi network. To do so, follow these next steps carefully. Insert the Incredible PBX 16-15 microSD card into your Raspberry Pi 3 or 4 and apply power to the hardware. When the bootup procedure finishes, login as root with the default password: password. At the first prompt, DO NOT PRESS THE ENTER KEY! Instead, press Ctrl-C to break out of the setup script. At the command prompt, issue the following commands to bring up the WiFi config file:
cd /etc/wpa_supplicant nano -w wpa_supplicant.conf
If your WiFi network does not require a password, uncomment or insert the four lines below and save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.
network={ key_mgmt=NONE priority=1 }
If your WiFi network requires a password, uncomment or insert the following into wpa_supplicant.conf:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev update_config=1 network={ ssid="YourSSID" psk="YourSSIDpassword" key_mgmt=WPA-PSK scan_ssid=1 priority=7 }
Then scroll down to the SSID entry and replace YourSSID with the actual SSID of your WiFi network. Make sure you preserve the entry with the quotes as shown. Next, replace YourSSIDpassword with the SSID password of your WiFi network. Save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.
Once the reboot process finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in a minute. Skip the next section since you are using a WiFi connection.
If you don’t see an IP address assigned to your server, then correct the network deficiency (invalid WiFi credentials, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.
First Boot of Incredible PBX Using Wired Connection
Incredible PBX 16-15 requires Internet connectivity to complete its automated install. After connecting your server to your local network with a network cable, insert the Incredible PBX 16-15 microSD card into your Raspberry Pi and apply power to the hardware. When the bootup procedure finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in the next step.
If you don’t see an IP address assigned to your server, then correct the network deficiency (cable not connected, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.
Completing the Incredible PBX Initialization Procedure
Unless your desktop PC and RasPi are both on the same private LAN, the remainder of the install procedure should be completed from a desktop PC using SSH or Putty. This will assure that your desktop PC is also whitelisted in the Incredible PBX firewall. Using the console to complete the install is NOT recommended as your desktop PC will not be whitelisted in the firewall. This may result in your not being able to log in to your server. Once you have network connectivity, log in to your server as root from a desktop PC using the default password: password. Accept the license agreement by pressing ENTER. You then will be redirected to raspi-config. This is the utility used to expand your Incredible PBX 16-15 image to use your entire microSD card. If you fail to complete this step, your microSD card will be restricted to 16GB. In the raspi-config utility, choose Localization Options and set Locale, TimeZone, Keyboard, & WiFi Country. Then choose Advanced Options. All of the defaults should be satisfactory with the exception of the first item: Expand Filesystem. Choose this option and activate the resizing directive. Review the other items and then exit and reboot.
Once your server reboots and you log back in as root, all of your passwords will be randomly assigned with the exception of the root user Linux password and your admin password for access to the web GUI. You can set the root password by issuing the command: passwd
. Set the admin password for access to the web GUI with this command: /root/admin-pw-change
. With the exception of these two passwords, the remaining passwords can be displayed using the command: /root/show-passwords
.
Finally, if your PBX is sitting behind a NAT-based router, you’ll need to redirect incoming UDP 5060-5061 and UDP 10000-20000 traffic to the private IP address of your PBX. This is required for all of the SIP providers included in the Incredible PBX 16-15 build. Otherwise, all inbound calls will fail.
Configuring Skyetel for Incredible PBX 16-15
If you’ve decided to go with Skyetel, here’s the drill. Sign up for Skyetel service and take advantage of the Nerd Vittles Free $10 credit and BOGO special. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request the $10 credit for your account by referencing the Nerd Vittles special offer. Once you are happy with the service, open another ticket after funding your account and request that Skyetel match your deposit of up to $250. That gets you up to $500 of helf-price calling. Credit is limited to one per person/company/address/location. If you have numbers to port in, you can do it at no cost after funding your account.
Skyetel does not use SIP registrations to make connections to your PBX. Instead, Skyetel utilizes Endpoint Groups to identify which servers can communicate with the Skyetel service. An Endpoint Group consists of a Name, an IP address, a UDP or TCP port for the connection, and a numerical Priority for the group. For incoming calls destined to your PBX, DIDs are associated with an Endpoint Group to route the calls to your PBX. For outgoing calls from your PBX, a matching Endpoint Group is required to authorize outbound calls through the Skyetel network. Thus, the first step in configuring the Skyetel side for use with your PBX is to set up an Endpoint Group. Here’s a typical setup for Incredible PBX 16-15:
- Name: MyPBX
- Priority: 1
- IP Address: PBX-Public-IP-Address
- Port: 5060
- Protocol: UDP
- Description: 16-15.incrediblepbx.com
To receive incoming PSTN calls, you’ll need at least one DID. On the Skyetel site, you acquire DIDs under the Phone Numbers tab. You have the option of Porting in Existing Numbers (free for the first 60 days after you fund your account) or purchasing new ones under the Buy Phone Numbers menu option.
Once you have acquired one or more DIDs, navigate to the Local Numbers or Toll Free Numbers tab and specify the desired SIP Format and Endpoint Group for each DID. Add SMS/MMS and E911 support, if desired. Call Forwarding and Failover are also supported. That completes the VoIP setup on the Skyetel side. System Status is always available here.
Configuring VoIP.ms for Incredible PBX 16-15
To sign up for VoIP.ms service, may we suggest you use our signup link so that Nerd Vittles gets a referral credit for your signup. Once your account is set up, you’ll need to set up a SIP SubAccount and, for Authentication Type, choose Static IP Authentication and enter your Incredible PBX 16-15 server’s public IP address. For Transport, choose UDP. For Device Type, choose Asterisk, IP PBX, Gateway or VoIP Switch. Order a DID in their web panel, and then point the DID to the SubAccount you just created. Be sure to specify atlanta1.voip.ms as the POP from which to receive incoming calls.
Configuring V1VoIP for Incredible PBX 16-15
To sign up for V1VoIP service, sign up on their web site. Then login to your account and order a DID under the DIDs tab. Once the DID has been assigned, choose View DIDs and click on the Forwarding button beside your DID. For Option #1, choose Forward to IP Address/PBX. For the Fowarding Address, enter the public IP address of your server. For the T/O (timeout) value, set it to 2o seconds. Then click the Update button. Under the Termination tab, create a new Endpoint with the public IP address of your server so that you can place outbound calls through V1VoIP.
Configuring Anveo Direct for Incredible PBX 16-15
To sign up for Anveo Direct service, sign up on their web site and then login. After adding funds to your account, purchase a DID under Inbound Service -> Order DID. Next, choose Configure Destination SIP Trunk. Give the Trunk a name. For the Primary SIP URI, enter $[E164]$@server-IP-address. For Call Options, select your new DID from the list. You also must whitelist your public IP address under Outbound Service -> Configure. Create a new Call Termination Trunk and name it to match your server. For Dialing Prefix, choose six alphanumeric characters beginning with a zero. In Authorized IP Addresses, enter the public IP address of your server. Set an appropriate rate cap. We like $0.01 per minute to be safe. Set a concurrent calls limit. We like 2. For the Call Routing Method, choose Least Cost unless you’re feeling extravagant. For Routes/Carriers, choose Standard Routes. Write down your Dialing Prefix and then click the Save button.
Before you can make outbound calls through Anveo Direct from your PBX, you first must configure the Dialing Prefix that you wrote down in the previous step. Using a browser, login to the GUI as admin. Navigate to Connectivity -> Trunks -> Anveo-Out. Click the Pencil icon to edit the trunk settings. Then click the Custom Settings tab. Replace anveo-pin with your actual Anveo PIN. Click Submit and Apply Settings to save your changes.
By default, incoming Anveo Direct calls will be processed by the Default inbound route on your PBX. If you wish to redirect incoming Anveo Direct calls using DID-specific inbound routes, then you’ve got a bit more work to do. In addition to creating the inbound route using the 11-digit Anveo Direct DID, enter the following commands after logging into your server as root using SSH/Putty:
cd /etc/asterisk echo "[from-anveo]" >> extensions_custom.conf echo "exten => _.,1,Ringing" >> extensions_custom.conf echo "exten => _.,n,Goto(from-trunk,\${SIP_HEADER(X-anveo-e164)},1)" >> extensions_custom.conf asterisk -rx "dialplan reload"
Configuring a Softphone for Incredible PBX 16-15
We’re in the home stretch now. You can connect virtually any kind of telephone to your new PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.
We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You can find them by running /root/show-passwords
. You’ll need the IP address of your server plus your extension 701 password. In the YateClient, fill in the blanks using the IP address of your Server, 701 for your Username, and whatever Password was assigned to the extension when you installed Incredible PBX. Click OK to save your entries.
Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:
DEMO - Apps Demo 123 - Reminders 947 - Weather by ZIP Code 951 - Yahoo News TODAY - Today in History LENNY - The Telemarketer's Worst Nightmare
If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.
Audio Issues with Incredible PBX 16-15
Only if you experience one-way or no audio on some calls, add your external IP address and LAN subnet in the GUI by navigating to Settings -> Asterisk SIP Settings. In the NAT Settings section, click Detect Network Settings. Click Submit and Apply Settings to save your changes.
Configuring Gmail as Exim Smart Relay Host
Most Raspberry Pi implementations will be on networks managed by companies like Comcast, Spectrum, and AT&T that block downstream mail servers (that’s you) from sending email. The solution is to use Gmail or your local ISP as a smart relay host to send mail from your server. You’ll need this to deliver voicemails via email. Here’s how to set it up using a Gmail account without two-step authentication. Log into your server as root and run configure-exim-email. Choose "mail sent by smarthost; received via SMTP or fetchmail." Accept all the defaults until you get to Outgoing Smarthost prompt. Enter: smtp.gmail.com::587. At the following prompts, choose NO, NO, mbox, and NO. When the setup completes, edit /etc/exim4/passwd.client and insert the following line using your Gmail AcctName and AcctPW:
*.google.com:AcctName@gmail.com:AcctPWsmtp.gmail.com:AcctName@gmail.com:AcctPW
Save the file and then issue the following commands to complete the setup:
update-exim4.conf systemctl restart exim4 exim4 -qff
Now send yourself a test email message to make sure things are working properly:
echo "test" | mail -s testmessage yourname@yourmailprovider.com
Some prefer an email notification whenever your server is booted. Once you have configured a relay host above, you can add the feature by editing /etc/rc.local and adding the following lines with your actual email address just above the service knockd start line:
_PRIVATE="Private IP: `cat /etc/hostip | cut -f1-2 -d " "`" _PUBLIC=" Public IP: `curl -s -S --user-agent \\ "Mozilla/4.0" http://myip.incrediblepbx.com | awk 'NR==2'`" echo "$_PRIVATE\\n$_PUBLIC" | mail -s "RasPi 16-15 has booted" yourname@yourmailserver.com
Incredible PBX 16-15 Administration
We’ve eased the pain of administering your new PBX with a collection of scripts which you will find in the /root folder after logging in with SSH or Putty. Here’s a quick summary of what each of the scripts does.
admin-pw-change lets you update the admin password for web browser access to the Incredible PBX GUI.
apache-pw-change lets you update the admin password for Apache applications such as AsteriDex and Reminders.
avantfax-pw-change lets you update the root password for AvantFax access (coming soon!).
add-fqdn is used to whitelist a fully-qualified domain name in the firewall. Because Incredible PBX 16-15 blocks all traffic from IP addresses that are not whitelisted, this is what you use to authorize an external user for your PBX. The advantage of an FQDN is that you can use a dynamic DNS service to automatically update the IP address associated with an FQDN so that you never lose connectivity.
add-ip is used to whitelist a public IP address in the firewall. See the add-fqdn explanation as to why this matters.
del-acct is used to remove an IP address or FQDN from the firewall’s whitelist.
configure-exim-email lets you reconfigure the email server if you need to use an SMTP relay such as Google to get outbound email flowing. Tutorial here.
iptables-restart is the ONLY command you should ever use to restart the IPtables firewall and Fail2Ban.
knock.FAQ contains your PortKnocker credentials for emergency access to your server if the firewall locks you out. Tutorial here.
proximity (once configured) will automatically forward calls to your cellphone when you are out of BlueTooth range from your RasPi. Also must enable running of script in /etc/crontab.
reset-conference-pins is a script that automatically and randomly resets the user and admin pins for access to the preconfigured conferencing application. Dial C-O-N-F from any registered SIP phone to connect to the conference.
reset-extension-passwords is a script that automatically and randomly resets ALL of the SIP passwords for extensions 701-705. Be careful using this one, or you may disable existing registered phones and cause Fail2Ban to blacklist the IP addresses of those users. HINT: You can place a call to the Ring Group associated with all five extensions by dialing 777.
reset-reminders-pin is a script that automatically and randomly resets the pin required to access the Telephone Reminders application by dialing 123. It’s important to protect this application because a nefarious user could set up a reminder to call a number anywhere in the world assuming your SIP provider’s account was configured to allow such calls.
show-feature-codes is a cheat sheet for all of the feature codes which can be dialed from any registered SIP phone. It documents how powerful a platform Incredible PBX 16-15 actually is. A similar listing is available in the GUI at Admin -> Feature Codes.
show-passwords is a script that displays ALL of the passwords associated with Incredible PBX 16-15. This includes SIP extension passwords, voicemail pins, conference pins, telephone reminders pin, and your Anveo Direct outbound calling pin (if configured). Note that voicemail pins are configured by the user of a SIP extension the first time the user accesses the voicemail system by dialing *97.
timezone-setup lets you reconfigure the correct time zone for your server.
purge-cdr-cel-records cleans out all existing entries in both the CDR and CEL tables of the Asterisk CDR database.
log-cleanup removes all entries from most of the logs in /var/log.
sig-fix disables module signature checking in FreePBX. It is automatically disabled upon installation.
readme-RonR.txt documents the scripts provided from RonR build. We do NOT recommend using the FCC Blacklist because of its current size.
update-IncrediblePBX is the Automatic Update Utility which checks for server updates from incrediblepbx.com every time you log into your server as root using SSH or Putty. Do NOT disable it as it is used to load important fixes and security updates when necessary. We recommend logging into your server at least once a week.
pbxstatus (shown above) displays status of all major components of Incredible PBX 16-15.
Forwarding Calls to Your Cellphone. Keep in mind that inbound calls to your DIDs automatically ring all five SIP extensions, 701-705. The easiest way to also ring your cellphone is to set one of these five extensions to forward incoming calls to your cellphone. After logging into your PBX as root, issue the following command to forward calls from extension 705 to your cellphone: asterisk -rx "database put CF 705 6781234567"
To remove call forwarding: asterisk -rx "database del CF 705"
Incredible PBX 16-15 Last-Minute Fixes
For each release, we will post fixes for Incredible PBX 16-15 here. If you download a newer release, previous fixes have already been addressed and should not be applied. If you’re still using an earlier release, be sure to apply all patches for your release plus all patches for subsequent releases.
Release 1 Fixes:
Login to your server as root and issue the following commands to update your server. A reboot is not required unless noted.
service knockd start sed -i 's|exit 0"|exit zero"|' /etc/rc.local sed -i 's|exit 0|service knockd start\\nexit 0|' /etc/rc.local /root/reset-extension-passwords
A glitch in the admin-pw-change utility used to set the password for web access to the GUI has also been fixed. Simply log out of your server and log back in as root, and the Automatic Update Utility will fix the problem. You then can successfully set your admin password.
Release 2 Fixes:
# failed exim messages from Fail2Ban sed -i 's|/dev/null|:blackhole:|' /etc/aliases systemctl restart exim4 exim -bp | exiqgrep -i | xargs exim -Mrm systemctl restart fail2ban # missing AGI files cd /var/lib/asterisk/agi-bin wget http://incrediblepbx.com/raspi1615-agibin.tar.gz tar zxvf raspi1615-agibin.tar.gz rm -f raspi1615-agibin.tar.gz
Release 3 Updates/Fixes:
Release 3 adds dozens of Incredible PBX applications. See the Application User’s Guide for tutorials. In addition, release 3 adds MySQL ODBC support (special thanks to @jerrm for sorting this out) with demo Asterisk applications for customer lookups (dial 222 and enter 12345) and AsteriDex speed dials (dial 223 and enter 335 (D-E-L) for Delta Airlines.
Release 4 Updates/Fixes:
Release 4 adds Allison’s Demo IVR and Stealth AutoAttendant as well as support for Blinkt!. It provides hourly alerts during the workday as well as whenever pbxstatus is run. You can order one here. This brings us to functional equivalence with the CentOS 7 release of Incredible PBX 16-15.
Release 5 Updates/Fixes:
Release 5 sets NAT default setting for all extensions to YES. This reduces the likelihood that callers will experience one-way audio on calls. The size of the swap file also was double to eliminate dashboard warning messages when some larger microSD cards were deployed.
Continue Reading: Icing on the Cake for Incredible PBX 16-15 and Raspberry Pi
Originally published: Wednesday, August 7, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Introducing Incredible PBX LITE featuring Raspbian 10
As you may know, the Raspberry Pi Foundation introduced the $35 Raspberry Pi 4 last week. In addition to jaw-dropping hardware enhancements, the introduction also included the new Raspbian 10 (Buster) platform which was surprising since Debian 10 isn’t scheduled for official release until the end of this week. As with prior releases, Raspbian 10 brought with it some major headaches for the VoIP community not the least of which is FreePBX® cannot (yet) be installed. But sometimes there’s a silver lining accompanying bad news.
Several Debian 10 issues caused us to rethink what a VoIP platform for the Raspberry Pi actually should look like. After all, most Raspberry Pi hobbyists aren’t interested in mastering the intricacies of Asterisk® and FreePBX. They’re more concerned with a stable, fast VoIP communications platform that’s easy to deploy and will operate without hiccups in a home or small office environment. Thus was born Incredible PBX LITE, a new turnkey VoIP platform that requires zero configuration out of the box and supports five SIP telephones and up to four trunk providers for low-cost worldwide calling. Simply sign up with one of these VoIP service providers, acquire a telephone number (DID), enter the IP address of your PBX, and you can instantly make and receive calls using up to five SIP telephones or softphones.
UPDATE: If you’d prefer the full-featured Incredible PBX 16-15 for the Raspberry Pi, it’s now available here as well.
What’s Included? Despite its name, Incredible PBX LITE still serves up a VoIP powerhouse featuring Asterisk 13, an Apache web server, the latest MariaDB SQL server (formerly MySQL), SendMail, and most of the Incredible PBX feature set including SIP, SMS, Opus, voice recognition, FLITE Text-to-Speech VoIP applications plus fax support, Click-to-Dial, News, Weather, Reminders, and hundreds of features that typically are found in commercial PBXs: Conferencing, IVRs and AutoAttendants, Email Delivery of Voicemail, Voicemail Blasting…
What’s Missing? We’ve removed the entire FreePBX GUI platform while retaining most of its feature set. We’ve also eliminated the need to run a web server or database server although they’re still there. And gone are the days of having to configure extensions and trunks as well as inbound and outbound routes before you can actually use your PBX to make your first call. The tradeoff is a noticeable performance improvement. While a Raspberry Pi 4 isn’t required to run Incredible PBX LITE, doing so provides another three-fold performance boost compared to a Raspberry Pi 3B+. Simply stated, Incredible PBX LITE performance now rivals what you would expect on a powerful cloud-based platform such as Digital Ocean or Vultr.
Choosing a SIP Provider. As we mentioned, Incredible PBX LITE comes preconfigured to support four of the major SIP providers: Skyetel, VoIP.ms, V1VoIP, and Anveo Direct. We obviously hope you’ll choose Skyetel not only because they financially support Nerd Vittles and our open source projects, but also because it is a clearly superior platform offering crystal-clear communications and triple-redundancy so you never miss a call. Skyetel also sets itself apart from the other providers in the support department. They actually respond to issues, and there’s never a charge. As the old saying goes, they may not be the cheapest, but you get what you pay for. Even without taking advantage of Nerd Vittles half-price offer on up to $500 of Skyetel services, they’re still dirt cheap compared to the Bell Sisters and cable companies. Traditional DIDs are $1 per month. Outbound conversational calls are $0.012 per minute. Incoming conversational calls are a penny a minute, and CallerID lookups are $0.004. With all four providers, you only pay for minutes you use. Using more than one is a good idea. Effective 10/1/2023, $25/month minimum spend required.
Assembling the Required Raspberry Pi Components
Before you can deploy Incredible PBX LITE, you’ll first need the necessary Raspberry Pi hardware. Here’s the short list and, if you’re in a hurry, the $35 Raspberry Pi 3B+ will cost you less than $3 extra to get it quickly from Amazon using our referral link. If you prefer to wait for a Raspberry Pi 4, read on. Either way, the RasPi remains one of the world’s best bargains! Assuming you already own an HDMI-compatible monitor and a USB keyboard…
Raspberry Pi 4B from a Raspberry Pi reseller $8 15.3W USB-C RasPi 4 (only) Power Supply $8 32GB microSDHC Class 10 card (strongly recommended!) $5 Official RasPi 4 Case
Getting Started with Incredible PBX LITE
Here’s everything to know about installation and setup. "Automatic" means just watch. Steps #1 and #2 are self-explanatory. For the remaining steps, we’ll further document the procedures in the sections below.
- Download and unzip Incredible PBX LITE image from SourceForge
- Transfer Incredible PBX LITE image to microSD card
- Boot Raspberry Pi from new microSD card (16GB minimum)
- Login to RasPi console as root:password to initialize your server (Automatic)
- In raspi-config Advanced Options, Expand FileSystem to fill your SD card
- In Localization Options, set Locale, TimeZone, Keyboard, & WiFi Country
- Reboot after writing down your server IP address (Automatic)
- Login via SSH or Putty as root:password to set passwords & setup firewall (Automatic)
- Register for and configure at least one trunk provider for Incredible PBX LITE
- Install Incredible Fax: /root/incrediblefax13_raspi3.sh (Credentials: admin:password)
First Boot of Incredible PBX LITE with Wi-Fi
Incredible PBX LITE requires Internet connectivity to complete its automated install. If you’re using a wired network connection, you can skip to the next section. With the Raspberry Pi 3B and 4B, WiFi is built into the hardware. But you still have to insert your SSID name and SSID password to make a connection to your WiFi network. To do so, follow these next steps carefully. Insert the Incredible PBX LITE microSD card into your Raspberry Pi 3 or 4 and apply power to the hardware. When the bootup procedure finishes, login as root with the default password: password. At the first prompt, DO NOT PRESS THE ENTER KEY! Instead, press Ctrl-C to break out of the setup script. At the command prompt, issue the following commands to bring up the WiFi config file:
cd /etc/wpa_supplicant nano -w wpa_supplicant.conf
If your WiFi network does not require a password, then uncomment the four lines below and save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.
network={ key_mgmt=NONE priority=1 }
If your WiFi network requires a password, scroll down to the SSID entry and replace YourSSID with the actual SSID of your WiFi network. Make sure you preserve the entry with the quotes as shown. Next, replace YourSSIDpassword with the SSID password of your WiFi network. Save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.
Once the reboot process finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in a minute. Skip the next section since you are using a WiFi connection.
If you don’t see an IP address assigned to your server, then correct the network deficiency (invalid WiFi credentials, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.
First Boot of Incredible PBX Using Wired Connection
Incredible PBX LITE requires Internet connectivity to complete its automated install. After connecting your server to your local network with a network cable, insert the Incredible PBX LITE microSD card into your Raspberry Pi and apply power to the hardware. When the bootup procedure finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in the next step.
If you don’t see an IP address assigned to your server, then correct the network deficiency (cable not connected, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.
Completing the Incredible PBX Initialization Procedure
Unless your desktop PC and RasPi are both on the same private LAN, the remainder of the install procedure should be completed from a desktop PC using SSH or Putty. This will assure that your desktop PC is also whitelisted in the Incredible PBX firewall. Using the console to complete the install is NOT recommended as your desktop PC will not be whitelisted in the firewall. This may result in your not being able to log in to your server. Once you have network connectivity, log in to your server as root from a desktop PC using the default password: password. Accept the license agreement by pressing ENTER. You then will be redirected to raspi-config. This is the utility used to expand your Incredible PBX LITE image to use your entire microSD card. If you fail to complete this step, your microSD card will be restricted to 16GB. In the raspi-config utility, choose Localization Options and set Locale, TimeZone, Keyboard, & WiFi Country. Then choose Advanced Options. All of the defaults should be satisfactory with the exception of the first item: Expand Filesystem. Choose this option and activate the resizing directive. Review the other items and then exit and reboot.
Once your server reboots and you log back in as root, all of your passwords will be randomly assigned with the exception of the root user Linux password. You can set it by issuing the command: passwd
. With the exception of your root user password, the remaining passwords can be displayed using the command: /root/show-passwords
.
Finally, if your PBX is sitting behind a NAT-based router, you’ll need to redirect incoming UDP 5060 and UDP 10000-20000 traffic to the private IP address of your PBX. This is required for all of the SIP providers included in the Incredible PBX LITE build. Otherwise, all inbound calls will fail.
SECURITY ALERT: There was a configuration error in the initial setup which leaves the firewall deactivated. This gets corrected by the Incredible PBX Automatic Update Utility the next time you login to your server as root. Please do so immediately.
Configuring Skyetel for Incredible PBX LITE
If you’ve decided to go with Skyetel, here’s the drill. Sign up for Skyetel service and take advantage of the Nerd Vittles BOGO special. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request the BOGO credit for your account by referencing the Nerd Vittles special offer. Skyetel will match your deposit of up to $250 which gets you up to $500 of helf-price calling. Credit is limited to one per person/company/address/location.
Skyetel does not use SIP registrations to make connections to your PBX. Instead, Skyetel utilizes Endpoint Groups to identify which servers can communicate with the Skyetel service. An Endpoint Group consists of a Name, an IP address, a UDP or TCP port for the connection, and a numerical Priority for the group. For incoming calls destined to your PBX, DIDs are associated with an Endpoint Group to route the calls to your PBX. For outgoing calls from your PBX, a matching Endpoint Group is required to authorize outbound calls through the Skyetel network. Thus, the first step in configuring the Skyetel side for use with your PBX is to set up an Endpoint Group. Here’s a typical setup for Incredible PBX LITE:
- Name: MyPBX
- Priority: 1
- IP Address: PBX-Public-IP-Address
- Port: 5060
- Protocol: UDP
- Description: lite1.incrediblepbx.com
To receive incoming PSTN calls, you’ll need at least one DID. On the Skyetel site, you acquire DIDs under the Phone Numbers tab. You have the option of Porting in Existing Numbers (free for the first 60 days after you sign up for service) or purchasing new ones under the Buy Phone Numbers menu option.
Once you have acquired one or more DIDs, navigate to the Local Numbers or Toll Free Numbers tab and specify the desired SIP Format and Endpoint Group for each DID. Add SMS/MMS and E911 support, if desired. Call Forwarding and Failover are also supported. That completes the VoIP setup on the Skyetel side. System Status is always available here.
Configuring VoIP.ms for Incredible PBX LITE
To sign up for VoIP.ms service, may we suggest you use our signup link so that Nerd Vittles gets a referral credit for your signup. Once your account is set up, you’ll need to set up a SIP SubAccount and, for Authentication Type, choose Static IP Authentication and enter your Incredible PBX LITE server’s public IP address. For Transport, choose UDP. For Device Type, choose Asterisk, IP PBX, Gateway or VoIP Switch. Order a DID in their web panel, and then point the DID to the SubAccount you just created. Be sure to specify atlanta1.voip.ms as the POP from which to receive incoming calls.
Configuring V1VoIP for Incredible PBX LITE
To sign up for V1VoIP service, sign up on their web site. Then login to your account and order a DID under the DIDs tab. Once the DID has been assigned, choose View DIDs and click on the Forwarding button beside your DID. For Option #1, choose Forward to IP Address/PBX. For the Fowarding Address, enter the public IP address of your server. For the T/O (timeout) value, set it to 2o seconds. Then click the Update button. Under the Termination tab, create a new Endpoint with the public IP address of your server so that you can place outbound calls through V1VoIP.
Configuring Anveo Direct for Incredible PBX LITE
To sign up for Anveo Direct service, sign up on their web site and then login. After adding funds to your account, purchase a DID under Inbound Service -> Order DID. Next, choose Configure Destination SIP Trunk. Give the Trunk a name. For the Primary SIP URI, enter $[E164]$@server-IP-address. For Call Options, select your new DID from the list. You also must whitelist your public IP address under Outbound Service -> Configure. Create a new Call Termination Trunk and name it to match your server. For Dialing Prefix, choose six alphanumeric characters beginning with a zero. In Authorized IP Addresses, enter the public IP address of your server. Set an appropriate rate cap. We like $0.01 per minute to be safe. Set a concurrent calls limit. We like 2. For the Call Routing Method, choose Least Cost unless you’re feeling extravagant. For Routes/Carriers, choose Standard Routes. Write down your Dialing Prefix and then click the Save button.
Before you can make outbound calls through Anveo Direct from your PBX, you first must configure the Dialing Prefix that you wrote down in the previous step. Login to your server as root and use nano to edit extensions_additional.conf in the /etc/asterisk directory. Search (Ctl-W) for anveo-pin and replace anveo-pin with the 6-digit alphanumeric PIN for your account. Press Ctrl-X, Y, then Enter to save your settings. Reload your dialplan with the command: asterisk -rx "dialplan reload"
Audio Issues with Incredible PBX LITE
Only if you experience one-way or no audio on some calls, add your external IP address and LAN subnet in /etc/asterisk/sip_general_custom.conf like the following example:
nat=yes externip=xxx.xxx.xxx.xxx localnet=192.168.0.0/255.255.0.0
Then restart Asterisk: systemctl restart asterisk
Configuring a Softphone for Incredible PBX LITE
We’re in the home stretch now. You can connect virtually any kind of telephone to your new PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.
We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You can find them by running /root/show-passwords
. You’ll need the IP address of your server plus your extension 701 password. In the YateClient, fill in the blanks using the IP address of your Server, 701 for your Username, and whatever Password was assigned to the extension when you installed Incredible PBX. Click OK to save your entries.
Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:
DEMO - Apps Demo 123 - Reminders 947 - Weather by ZIP Code 951 - Yahoo News TODAY - Today in History LENNY - The Telemarketer's Worst Nightmare
If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.
Incredible PBX LITE Administration
We’ve eased the pain of administering your new PBX with a collection of scripts which you will find in the /root folder after logging in with SSH or Putty. Here’s a quick summary of what each of the scripts does.
add-fqdn is used to whitelist a fully-qualified domain name in the firewall. Because Incredible PBX LITE blocks all traffic from IP addresses that are not whitelisted, this is what you use to authorize an external user for your PBX. The advantage of an FQDN is that you can use a dynamic DNS service to automatically update the IP address associated with an FQDN so that you never lose connectivity.
add-ip is used to whitelist a public IP address in the firewall. See the add-fqdn explanation as to why this matters.
del-acct is used to remove an IP address or FQDN from the firewall’s whitelist.
proximity is a script used in conjunction with bluetooth to decipher whether your smartphone is within range of your server. If not, the script forwards calls to extension 701 to an extension or external smartphone of your choice. Edit the proximity script to add your preferences. Then uncomment the proximity line in /etc/crontab. Complete setup details on setup are available in our previous tutorial.
reset-conference-pins is a script that automatically and randomly resets the user and admin pins for access to the preconfigured conferencing application. Dial C-O-N-F from any registered SIP phone to connect to the conference.
reset-extension-passwords is a script that automatically and randomly resets ALL of the SIP passwords for extensions 701-705. Be careful using this one, or you may disable existing registered phones and cause Fail2Ban to blacklist the IP addresses of those users. HINT: You can place a call to the Ring Group associated with all five extensions by dialing 777.
reset-reminders-pin is a script that automatically and randomly resets the pin required to access the Telephone Reminders application by dialing 123. It’s important to protect this application because a nefarious user could set up a reminder to call a number anywhere in the world assuming your SIP provider’s account was configured to allow such calls.
show-feature-codes is a cheat sheet for all of the feature codes which can be dialed from any registered SIP phone. It documents how powerful a platform Incredible PBX LITE actually is.
show-passwords is a script that displays ALL of the passwords associated with Incredible PBX LITE. This includes SIP extension passwords, voicemail pins, conference pins, telephone reminders pin, and your Anveo Direct outbound calling pin (if configured). Note that voicemail pins are configured by the user of a SIP extension the first time the user accesses the voicemail system by dialing *97.
update-IncrediblePBX is the Automatic Update Utility which checks for server updates from incrediblepbx.com every time you log into your server as root using SSH or Putty. Do NOT disable it as it is used to load important fixes and security updates when necessary. We recommend logging into your server at least once a week.
pbxstatus (shown above) displays status of all major components of Incredible PBX LITE.
Call Detail Records available in spreadsheet format at /var/log/asterisk/cdr-csv/Master.csv.
Originally published: Monday, July 1, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Skyetel Introduces a Spring Boatload of New VoIP Features
Spring is sprung and what better time for our Platinum Sponsor, Skyetel, to introduce a boatload of new features for their already outstanding, triple-redundant VoIP platform. Better yet, you still can take advantage of their half-price VoIP offer on up to $500 of communications services. Whether your wish list included SMS and MMS messaging , or faxing, or SPAM call filtering, or endpoint monitoring, or call recording and transcription, today’s your lucky day. You get all of them in the same familiar Dashboard you’ve been using. Let’s begin with a quick pricing overview and the sign up procedure, then on to the good stuff.
Skyetel Pricing Overview
This summary is not intended to be an exhaustive listing of all Skyetel services. Follow this link for a complete summary of fees and services. Incoming conversational calls are a penny a minute. Traditional DIDs are $1 per month. Toll free numbers are an additional 20¢ per month. Outbound conversational calls are $0.012 per minute. DIDs can be SMS/MMS enabled for 10¢ per month. Incoming SMS messages are a half penny apiece. Outbound SMS messages are a penny. MMS messages are 2¢ each. E911 service is $1.50 per month. CallerID lookups are $0.004 per call. Spam call filtering is $0.006 per inbound call. Voicemail transcription is available for 10¢ per message. Call recording is $.0025/minute. Call transcription is an additional $.005/minute. Storage of call recordings for up to 30 days is free. Effective 10/1/2023, $25/month minimum spend required.
Divide all these prices by 2 when you take advantage of the Nerd Vittles BOGO special below.
Signing Up for Skyetel Service
So here’s the drill to sign up for Skyetel service and take advantage of the Nerd Vittles special. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request the BOGO credit for your account by referencing the Nerd Vittles special offer. Greed will get you nowhere. Credit is limited to one per person/company/address/location. If you want to take advantage of the 10% discount on your current service, open another ticket and attach a copy of your last month’s bill. See footnote 1 for the fine print.1 If you have high call volume requirements, document these in your Prequalification Form, and Skyetel will be in touch.
Original Skyetel Deposit | Skyetel Deposit Match | Available SIP Service $'s |
---|---|---|
$20 | $20 | $40 |
$50 | $50 | $100 |
$100 | $100 | $200 |
$200 | $200 | $400 |
$250 | $250 | $500 |
SMS and MMS Messaging with Postcards
In our original Skyetel article, we documented a simple way to send and receive SMS messages using your Skyetel DIDs. Now Skyetel has released a terrific, open source Docker app, Postcards, that lets you build an SMS and MMS messaging platform for your entire organization. Suffice it to say, anything you ever wanted to do with SMS and MMS messaging, you can do with Postcards. We won’t repeat Skyetel’s excellent tutorial, but you certainly need to visit their site and take Postcards for a spin.
Introducing Skyetel’s New Fax Platform
Every time we read an article predicting the demise of fax technology, we have to chuckle. We’ve been reading the articles for about 30 years now, and fax still is the goto solution for many organizations. Can you spell HIPPA? Finally, Skyetel has dipped its toes in the fax waters by offering an easy-to-use fax solution for receipt of traditional and T.38 faxes. Simply purchase a Skyetel DID and configure it for vFax routing. Enter an email address for delivery of the faxes, and you’re done.
Sending faxes from the Skyetel portal still is on the drawing boards, but it’s coming. In the meantime, Incredible Fax™ which is bundled with all Incredible PBX® platforms will let you send faxes ’til the cows come home with our easy-to-use Hylafax/AvantFax implementation.
Implementing the New Spam Call Filter
One of the most often requested features for any PBX is spam call filtering. Skyetel takes it to the next level by dealing with the spammers before the calls ever reach your PBX. For each of your Skyetel phone numbers, click on the Features tab and set the Spam Call Filter as desired.
Recording and Transcribing Skyetel Calls
As with spam call filtering, recording and/or transcribing Skyetel calls is only a click away. For each of your Skyetel phone numbers, click on the Features tab and set the option desired for Recording and/or Transcribing calls. Recordings and Transcriptions can be managed from your Skyetel Dashboard. Storage is free for up to 30 days, after which they are deleted.
Skyetel Expansion for Canadian Users
Here’s some great news for our Canadian friends. Skyetel has been listening!
- Porting to Skyetel in Canada now is significantly easier and faster
- Awesome reductions in audio round trip times
- Epic reductions in time-to-deliver
- Faster response times to technical issues (and fewer of them!)
- Audio for Canadian calls will now originate from Canadian data centers
- SMS and MMS available on Canadian ported numbers
Skyetel Monitoring of Endpoint Health
In addition to monitoring and reporting the health of all Skyetel services in your web portal, today’s addition allows you to configure Skyetel to not only monitor the State of every registered endpoint but also its Health with realtime metrics of the Latency, Packet Loss, and Jitter of each of your endpoints. Simply check the Network QOS options desired.
Don’t forget to whitelist all of the Skyetel data centers in Incredible PBX:
- /root/add-ip Skyetel-NW 52.41.52.34
- /root/add-ip Skyetel-SW 52.8.201.128
- /root/add-ip Skyetel-NE 52.60.138.31
- /root/add-ip Skyetel-SE 50.17.48.216
- /root/add-ip Skyetel-EU 35.156.192.164
Continue reading the original Nerd Vittles Skyetel tutorial.
Originally published: Tuesday, May 28, 2019 Updated: Wednesday, June 12, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- In the unlikely event that Skyetel cannot provide a 10% reduction in your current origination rate and/or DID costs, Skyetel will give you an additional $50 credit to use with the Skyetel service. [↩]
Interconnecting a Mobile PBX to the Asterisk Mothership
The Holy Grail for a mobile VoIP solution is a simple way to connect back to your primary Asterisk® PBX via Wi-Fi from anywhere in the world to make and receive calls as if you never left. Let’s tick off the potential problems. First, many home-based PBXs are sitting behind NAT-based routers. Second, almost all remote Wi-Fi connections are made through a NAT-based router. Third, chances are the remote hosting platform blocks outgoing email from downstream servers such as a mobile PBX. Fourth, deciphering the IP address of your remote connection can be problematic. Fifth, the chances of experiencing one-way audio or no audio on your VoIP calls is high because of NAT-based routers at both ends of your connection.
Last week we introduced OpenVPN as a solution for those with multiple VoIP sites to interconnect. But there’s a much simpler solution for those that travel regularly and want to avoid the complexity of configuring OpenVPN. Here is a quick thumbnail of the setup we recommend as your mobile companion, and you’ll never have a one-way audio problem again. In terms of hardware, you’ll need a Raspberry Pi 3B+ with its native WiFi support and a Windows or Mac notebook computer for traveling. You’ll also need a NeoRouter VPN server to make this process seamless. If you’ve already set up an OpenVPN server platform, it will work equally well. One advantage of NeoRouter is that clients can be added from the client side without having to create a config file on the VPN server. All you need is a username and password. But the choice of VPN platform is totally a matter of preference. The objective using either OpenVPN or NeoRouter is secure communications to your home base. We don’t want to have to reconfigure either your home PBX or your traveling PBX or your notebook PC based upon changes in your public and private IP addresses.
Today we’ll walk you through the easiest way to set up a (free) NeoRouter server on the Internet. It can be used to connect up to 254 devices on an encrypted private LAN. We’re delighted to have finally found a perfect use for the (free) Google Cloud instance.
Using a RaspberryPi 3B+, build an Incredible PBX 13-13.10 platform by following our previous tutorial. We’ll set this up on your home WiFi network so that you only have to throw the Raspberry Pi and its power supply in your suitcase when you travel. As part of the setup, we’ll download NeoRouter and activate private IP addresses for your notebook computer as well as both of your PBXs (using nrclientcmd
). Next, we’ll interconnect the two PBXs using SIP trunks and the NeoRouter private LAN IP addresses. We’ll take advantage of a neat little Raspberry Pi trick by storing a wpa_supplicant.conf
template on your PC for the remote WiFi setup even though we don’t yet know anything about the remote LAN. Once we know the SSID and password at the remote destination, we’ll use your notebook computer to edit the template and transfer the file to the /boot folder of your RasPi’s microSD card. When the card then is inserted and the RasPi is booted, it will automatically move the template to the proper /etc/wpa_supplicant folder to successfully activate your WiFi connection. We’ll also load links, a fast text-based browser, just in case you encounter a hotel that requires some sort of acknowledgement or password before establishing your WiFi connection to the Internet.
Setting Up a (free) NeoRouter Server in the Cloud
Because NeoRouter uses a star-based VPN architecture, that means the NeoRouter Server must always be available at the same IP address for all of the NeoRouter Clients (aka Nodes) to talk to. If you already have a cloud-based server that has a static IP address and can handle the traffic cop duties of NeoRouter Server, then that’s an ideal place to install NeoRouter Server. Simply download the Free flavor of NeoRouter Server that matches your existing platform and install it. Add an FQDN for your server’s IP address, and you’re all set. A detailed summary of available management options is included in our previous NeoRouter v2 article.
We devoted a couple weeks to Google Cloud instances last month, and it turned out to be a pretty awful platform for hosting Asterisk. But the free offering looks to be a perfect fit as a hosting platform for NeoRouter Server. You also won’t have to worry about Google going out of business anytime soon. So let us walk you through an abbreviated setup process on the Google Cloud platform. If you’re just getting started with Google Cloud, read our previous article to take advantage of Google’s generous $300 offer to get you started and to generally familiarize yourself with the mechanics of setting up an instance in the Google Cloud.
For NeoRouter Server, navigate to https://console.cloud.google.com. Click the 3-bar image in the upper left corner of your Dashboard. This exposes the Navigation Menu. In the COMPUTE section of the Dashboard, click Compute Engine -> VM Instances. Then click CREATE PROJECT and name it. Now click CREATE INSTANCE and Name it nrserver. The instance name becomes the hostname for your virtual machine. If you want to remain in the Free Tier, choose f1-micro instance as the Machine Type and choose a U.S. Region (us-central1, us-east1 or us-west1). For the Boot Disk, choose CentOS 6 and expand the disk storage to at least 20GB (30GB is available with the Free Tier). For the Firewall setting, leave HTTP and HTTPS disabled. Check your entries carefully and then click the Create button.
When your virtual machine instance comes on line, jot down the assigned public IP address. We’ll need it in a minute. Now click on the SSH pull-down tab and choose Open in a Browser Window. Now we need to set a root password and adjust the SSH settings so that you can login from your desktop computer using SSH or Putty:
sudo passwd root su root nano -w /etc/ssh/sshd_config
When the editor opens the SSH config file, add the following entries. Then save the file and restart SSH: service sshd restart
PermitRootLogin yes PasswordAuthentication yes
You now should be able to log in to your instance as root from your desktop computer using SSH or Putty. Test it to be sure: ssh root@server-IP-address
Before we leave the Google Cloud Dashboard, let’s make the assigned public IP address permanent so that it doesn’t get changed down the road. Keep in mind that, if you ever delete your instance, you also need to remove the assigned static IP address so you don’t continue to get billed for it. From Home on the Dashboard, scroll down to the NETWORKING section and choose VPS Network -> External IP Addresses. Change the Type of your existing address to Static and Name it staticip. Next, choose Firewall Rules in the VPS Network section and click CREATE FIREWALL RULE. Fill in the template like the following leaving the other fields with their default entries. Then click CREATE.
- Name: neorouter
- Target Tags: neorouter
- Source IP Range: 0.0.0.0/0
- Protocols/Ports: check tcp: 32976
CAUTION: Before this firewall rule will be activated for your instance, it also must be specified in the Network Tags section for your instance. Shut down your instance and add the neorouter tag by editing your instance. Then restart your instance.
Now we’re ready to install NeoRouter Free v2 Server on your instance. Be sure to choose the Free v2 variety. Log back into your server as root using SSH/Putty and issue these commands:
yum -y update yum -y install nano wget http://download.neorouter.com/Downloads/NRFree/Update_2.3.1.4360/Linux/CentOS/nrserver-2.3.1.4360-free-centos-x86_64.rpm rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm /etc/rc.d/init.d/nrserver.sh restart nrserver -setdomain <DOMAINNAME> <DOMAINPASSWORD> nrserver -adduser <USERNAME> <PASSWORD> admin nrserver -enableuser <USERNAME> nrserver -showsettings
Finally, add the following command to /etc/rc.local so that NeoRouter Server gets started whenever your instance is rebooted:
echo "/etc/rc.d/init.d/nrserver.sh start" >> /etc/rc.local
Installing Incredible PBX 13-13.10 on a Raspberry Pi
Configuring NeoRouter Client on Your Computers
On Linux-based (non-GUI) platforms, setting up the NeoRouter Client is done by issuing the command: nrclientcmd
. You’ll be prompted for your NeoRouter Server FQDN as well as your username and password credentials. Perform this procedure on both your home PBX and the Raspberry Pi.
To add your Windows or Mac notebook to the NeoRouter VPN, download the appropriate client and run the application which will prompt for your NeoRouter Server FQDN as well as your NeoRouter credentials. Once completed, you should see all three machines in your NeoRouter Free Client Dashboard: your PC as well as your home PBX and Raspberry Pi-based Incredible PBX. Make note of the private VPN addresses (10.0.0.X) of both your home PBX and your Raspberry Pi. These VPN addresses never change, and we’ll need them to interconnect your PBXs and to set up a softphone on your notebook computer.
Admininistrative Tools to Manage NeoRouter
Here are a few helpful commands for monitoring and managing your NeoRouter VPN.
To access your NeoRouter Linux client: nrclientcmd
To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart
To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart
To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword
For a list of client devices: nrserver -showcomputers
For a list of existing user accounts: nrserver -showusers
For the settings of your NeoRouter VPN: nrserver -showsettings
To add a user account: nrserver -adduser username password user
To add admin account: nrserver -adduser username password admin
For a complete list of commands: nrserver –help
Interconnecting Your Raspberry Pi and Home PBX
To keep things simple, our setup examples below assume the following NeoRouter VPN addresses: Home PBX (10.0.0.1) and Raspberry Pi (10.0.0.2). Using a browser, you’ll need to login to the GUI of your Home PBX and Raspberry Pi and add a Trunk to each PBX. Be sure to use the same secret on BOTH trunk setups. We don’t recommend forwarding incoming calls from your Home PBX to your Raspberry Pi because most folks won’t be sitting in their hotel room all day to answer incoming calls. Instead, add the number of your smartphone to a Ring Group on the Home PBX and don’t forget the # symbol at the end of the number. On the Raspberry Pi side, we are assuming that whenever a call is dialed from a registered softphone with the 9 prefix, the call will be sent to the Home PBX for call processing (without the 9). For example, 98005551212 would send 800-555-1212 to the Home PBX for outbound routing and 9701 would send 701 to the Home PBX for routing to the 701 extension. You can obviously adjust your dialplan to meet your own local requirements.
On the Home PBX, the chan_sip trunk entries should look like this:
Trunk Name: raspi-remote PEER DETAILS host=10.0.0.2 type=friend context=from-internal username=home-pbx fromuser=home-pbx secret=some-password canreinvite=no insecure=port,invite qualify=yes nat=yes
On the Raspberry Pi, the chan_sip trunk entries should look like this:
Trunk Name: home-pbx PEER DETAILS host=10.0.0.1 type=friend context=from-internal username=raspi-remote fromuser=raspi-remote secret=some-password canreinvite=no insecure=port,invite qualify=yes nat=yes
On the Raspberry Pi, add an Outbound Route named Out9-home-pbx pointed to home-pbx Trunk with the following Dial Patterns. For each Dial Pattern, prepend=blank and prefix=9:
dial string: 1NXXNXXXXXX dial string: NXXNXXXXXX dial string: *98X. dial string: XXX dial string: XXXX dial string: XXXXX
Tweaking Your Raspberry Pi for WiFi Mobility
wpa_supplicant.conf
config file to the /boot directory on the card once you arrive at your destination and know the SSID and password of the local WiFi network. When the Raspberry Pi is subsequently booted, the operating system will move the config file to the /etc/wpa_supplicant directory so that your WiFi network will come on line. Here’s what a typical wpa_supplicant.conf
file should look like using your actual credentials. The last network section handles open WiFi network connections (think: McDonald’s) if you want to enable them:
country=US update_config=1 network={ ssid="your-SSID" psk="your-SSID-password" key_mgmt=WPA-PSK scan_ssid=1 priority=5 } network={ key_mgmt=NONE priority=1 }
The other gotcha is that some public WiFi networks require some type of web login procedure before you can actually access the Internet even though an IP address may have been assigned to your Raspberry Pi. To handle this situation, you’ll need a text-based web browser on the Raspberry Pi that can be accessed through your notebook PC using SSH and your Raspberry Pi’s VPN address. Our favorite is links which can be installed on your Raspberry Pi before you pack up.
apt-get install links -y
Once you arrive at your destination, connect both your notebook PC and Raspberry Pi to the same WiFi network, login to the RasPi with SSH at the VPN address assigned to your RasPi, and run links
to start the browser. Press <esc> to access the links menu options. If you can’t access your RasPi at the VPN IP address, try its WiFi-assigned local IP address.
Adding a Softphone to Your Notebook PC
We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for an extension on your Raspberry Pi. Then enter the VPN IP address of your server plus your extension’s password. Click OK to save your entries.
If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.
Adding a Softphone to Your Smartphone
Enjoy your pain-free traveling!
Originally published: Monday, April 22, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
A New VPN for All Seasons: Introducing OpenVPN for Asterisk
This month marks our twentieth anniversary wrestling with virtual private networks. Here’s a quick walk down memory lane. Our adventure began with the Altiga 3000 series VPN concentrators which we introduced in the federal courts in 1999. It was a near perfect plug-and-play hardware solution for secure communications between remote sites using less than secure Windows PCs. Cisco quickly saw the potential, gobbled up the company, and promptly doubled the price of the rebranded concentrators. About 10 years ago, we introduced Hamachi® VPNs to interconnect Asterisk® and PBX in a Flash servers. At the time, Hamachi was free, but that was short-lived when they were subsequently acquired by LogMeIn®. What followed was a short stint with PPTP VPNs which worked great with Macs, Windows PCs, and many phones but suffered from an endless stream of security vulnerabilities. Finally, in April 2012, we introduced the free NeoRouter® VPN. Version 2 still is an integral component in every Incredible PBX® platform today, and PPTP still is available as well. While easy to set up and integrate into multi-site Asterisk deployments, the Achilles’ Heel of NeoRouter remains its inability to directly interconnect many smartphones and stand-alone SIP phones, some of which support the OpenVPN platform and nothing else.
The main reason we avoided OpenVPN® over the years was its complexity to configure and deploy.1 In addition, it was difficult to use with clients whose IP addresses were frequently changing. Thanks to the terrific work of Nyr, Stanislas Angristan, and more than a dozen contributors, OpenVPN now has been tamed. And the new server-based, star topology design makes it easy to deploy for those with changing or dynamic IP addresses. Today we’ll walk you through building an OpenVPN server as well as the one-minute client setup for almost any Asterisk deployment and most PCs, routers, smartphones, and VPN-compatible soft phones and SIP phones including Yealink, Grandstream, Snom, and many more. And the really great news is that OpenVPN clients can coexist with your current NeoRouter VPN.
Finally, a word about the OpenVPN Client installations below. We’ve tested all of these with current versions of Incredible PBX 13-13, 16-15, and Incredible PBX 2020. They should work equally well with other server platforms which have been properly configured. However, missing dependencies on other platforms are, of course, your responsibility.
Building an OpenVPN Server Platform
There are many ways to create an OpenVPN server platform. The major prerequisites are a supported operating system, a static IP address for your server, and a platform that is extremely reliable and always available. If the server is off line, all client connections will also fail. While we obviously have not tested all the permutations and combinations, we have identified a platform that just works™. It’s the CentOS 7, 64-bit cloud offering from Vultr. If you use our referral link at Vultr, you not only will be supporting Nerd Vittles through referral revenue, but you also will be able to take advantage of their $50 free credit for new customers. For home and small business deployments, we have found the $5/month platform more than adequate, and you can add automatic backups for an additional $1 a month. Cheap insurance!
To get started, create your CentOS 7 Vultr instance and login as root using SSH or Putty. Immediately change your password and update and install the necessary CentOS 7 packages:
passwd yum -y update yum -y install net-tools nano wget tar iptables-services systemctl stop firewalld systemctl disable firewalld systemctl enable iptables
We recommend keeping your OpenVPN server platform as barebones as possible to reduce the vulnerability risk. By default, this installer routes all client traffic through the VPN server which wastes considerable bandwidth. The sed commands below modify this design to only route client VPN traffic through the OpenVPN server.
cd /root curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh chmod +x openvpn-install.sh sed -i "s|\\techo 'push \\"redirect-gateway|#\\techo 'push \\"redirect-gateway|" openvpn-install.sh sed -i "s|push \\"redirect-gateway|#push \\"redirect-gateway|" openvpn-install.sh sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' openvpn-install.sh ./openvpn-install.sh
Here are the recommended entries in running the OpenVPN installer:
- Server IP Address: using FQDN strongly recommended to ease migration issues
- Enabled IPv6 (no): accept default
- Port (1194): accept default
- Protocol (UDP): accept default
- DNS (3): change to 9 (Google)
- Compression (no): accept default
- Custom encrypt(no): accept default
- Generate Server
- Client name: firstclient
- Passwordless (1): accept default
In the following steps, we will use IPtables to block all server access except via SSH or the VPN tunnel. Then we’ll start your OpenVPN server:
cd /etc/sysconfig wget http://incrediblepbx.com/iptables-openvpn.tar.gz tar zxvf iptables-openvpn.tar.gz rm -f iptables-openvpn.tar.gz echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p systemctl -f enable openvpn@server.service systemctl start openvpn@server.service systemctl status openvpn@server.service systemctl enable openvpn@server.service systemctl restart iptables
Once OpenVPN is enabled, the server can be reached through the VPN at 10.8.0.1. OpenVPN clients will be assigned by DHCP in the range of 10.8.0.2 through 10.8.0.254. You can list your VPN clients like this: cat /etc/openvpn/ipp.txt
. You can list active VPN clients like this: cat /var/log/openvpn/status.log | grep 10.8
. And you can add new clients or delete old ones by rerunning /root/openvpn-install.sh
.
For better security, change the SSH access port replacing 1234 with desired port number:
PORT=1234 sed -i "s|#Port 22|Port $PORT|" /etc/ssh/sshd_config systemctl restart sshd sed -i "s|dport 22|dport $PORT|" /etc/sysconfig/iptables systemctl restart iptables
04/16 UPDATE: We’ve made changes in the Angristan script to adjust client routing. By default, all packets from every client flowed through the OpenVPN server which wasted considerable bandwidth. Our preference is to route client packets destined for the Internet directly to their destination rather than through the OpenVPN server. The sed commands added to the base install above do this; however, if you’ve already installed and run the original Angristan script, your existing clients will be configured differently. Our recommendation is to remove the existing clients, make the change below, and then recreate the clients again by rerunning the script. In the alternative, you can execute the command below to correct future client creations and then run it again on each existing client platform substituting the name of the /root/.ovpn client file for client-template.txt and then restart each OpenVPN client.
cd /etc/openvpn sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' client-template.txt
Creating OpenVPN Client Templates
In order to assign different private IP addresses to each of your OpenVPN client machines, you’ll need to create a separate client template for each computer. You do this by running /root/openvpn-install.sh again on the OpenVPN server. Choose option 1 to create a new .ovpn template. Give each client machine template a unique name and do NOT require a password for the template. Unless the client machine is running Windows, edit the new .ovpn template and comment out the setenv line: #setenv. Save the file and copy it to the /root folder of the client machine. Follow the instructions below to set up OpenVPN on the client machine and before starting up OpenVPN replace firstclient.ovpn in the command line with the name of .ovpn you created for the individual machine.
Renewing OpenVPN Server’s Expired Certificate
The server certificate will expire after 1080 days, and clients will no longer be able to connect. Here’s what to do next:
systemctl stop openvpn@server.service cd /etc/openvpn/easy-rsa ./easyrsa gen-crl cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem systemctl start openvpn@server.service
Installing an OpenVPN Client on CentOS/RHEL
cd /root yum -y install epel-release yum --enablerepo=epel install openvpn -y # copy /root/firstclient.ovpn from server to client /root # and then start up the VPN client openvpn --config /root/firstclient.ovpn --daemon # adjust Incredible PBX 13-13 firewall below iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT cd /usr/local/sbin echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom
Running ifconfig should now show the VPN client in the list of network ports:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:9 errors:0 dropped:0 overruns:0 frame:0 TX packets:39 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:855 (855.0 b) TX bytes:17254 (16.8 KiB)
And you should be able to login to the VPN server using its VPN IP address:
# enter actual SSH port replacing 1234 PORT=1234 ssh -p $PORT root@10.8.0.1
Installing an OpenVPN Client on Ubuntu 18.04.2
cd /root apt-get update apt-get install openvpn unzip dpkg-reconfigure tzdata # copy /root/firstclient.ovpn from server to client /root # and then start up the VPN client openvpn --config /root/firstclient.ovpn --daemon # adjust Incredible PBX 13-13 firewall below iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT cd /usr/local/sbin echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom
Running ifconfig should now show the VPN client in the list of network ports:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:9 errors:0 dropped:0 overruns:0 frame:0 TX packets:39 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:855 (855.0 b) TX bytes:17254 (16.8 KiB)
And you should be able to login to the VPN server using its VPN IP address:
# enter actual SSH port replacing 1234 PORT=1234 ssh -p $PORT root@10.8.0.1
Installing an OpenVPN Client on Raspbian
Good news and bad news. First the bad news. Today’s OpenVPN server won’t work because of numerous unavailable encryption modules on the Raspberry Pi side. The good news is that NeoRouter is a perfect fit with Raspbian, and our upcoming article will show you how to securely interconnect a Raspberry Pi with any Asterisk server in the world… at no cost.
04/16 Update: We now have OpenVPN working with Incredible PBX for the Raspberry Pi. The trick is that you’ll need to build the latest version of OpenVPN from source before beginning the client install. Here’s how. Login to your Raspberry Pi as root and issue these commands:
apt-get remove openvpn apt-get update apt-get install libssl-dev liblzo2-dev libpam0g-dev build-essential -y cd /usr/src wget https://swupdate.openvpn.org/community/releases/openvpn-2.4.7.tar.gz tar zxvf openvpn-2.4.7.tar.gz cd openvpn-2.4.7 ./configure --prefix=/usr make make install openvpn --version
Now you should be ready to install a client config file, start up OpenVPN, and adjust firewall:
cd /root dpkg-reconfigure tzdata # copy /root/firstclient.ovpn from server to client /root # and then start up the VPN client openvpn --config /root/firstclient.ovpn --daemon # adjust Incredible PBX 13-13 firewall below iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT cd /usr/local/sbin echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom
Installing an OpenVPN Client on a Mac
While there are numerous OpenVPN clients for Mac OS X, none hold a candle to Tunnelblick in terms of ease of installation and use. First, create a new client config on your server and copy it (/root/*.ovpn) to a folder on your Mac where you can find it. Download Tunnelblick and install it. Run Tunnelblick and then open Finder. Click and drag your client config file to the Tunnelblick icon in the top toolbar. Choose Connect when prompted. Done.
Installing an OpenVPN Client for Windows 10
The installation procedure for Windows is similar to the Mac procedure above. Download the OpenVPN Client for Windows. Double-click on the downloaded file to install it. Create a new client config on your server and copy it (/root/*.ovpn) to a folder on your PC where you can find it. Start up the OpenVPN client and click on the OpenVPN client in the activity tray. Choose Import File and select the config file you downloaded from your OpenVPN Server. Right-click on the OpenVPN icon again and choose Connect. Done.
Installing an OpenVPN Client for Android
Our favorite OpenVPN client for Android is called OpenVPN for Android and is available in the Google Play Store. Download and install it as you would any other Android app. Upload a client config file from your OpenVPN server to your Google Drive. Run the app and click + to install a new profile. Navigate to your Google Drive and select the config file you uploaded.
Installing an OpenVPN Client for iOS Devices
The OpenVPN Connect client for iOS is available in the App Store. Download and install it as you would any other iOS app. Before uploading a client config file, open the OpenVPN Connect app and click the 4-bar Settings icon in the upper left corner of the screen. Click Settings and change the VPN Protocol to UDP and IPv6 to IPV4-ONLY Tunnel. Accept remaining defaults.
To upload a client config file, the easiest way is to use Gmail to send yourself an email with the config file as an attachment. Open the message with the Gmail app on your iPhone or iPad and click on the attachment. Then choose the Upload icon in the upper right corner of the dialog. Next, choose Copy to OpenVPN in the list of apps displayed. When the import listing displays in OpenVPN Connect, click Add to import the new profile. Click ADD again when the Profile has been successfully imported. You’ll be prompted for permission to Add VPN Configurations. Click Allow. Enter your iOS passcode when prompted. To connect, tap once on the OpenVPN Profile. To disconnect, tap on the Connected slider. When you reopen the OpenVPN Connect app, the OVPN Profiles menu will display by default. Simply tap once on your profile to connect thereafter.
Installing a Web Interface to Display Available Clients
One advantage of NeoRouter is a simple way for any VPN client to display a listing of all VPN clients that are online at any given time. While that’s not possible with OpenVPN, we can do the next best thing and create a simple web page that can be accessed using a browser but only from a connected OpenVPN client pointing to http://10.8.0.1
.
To set this up, log in to your OpenVPN server as root and issue the following commands:
yum --enablerepo=epel install lighttpd -y systemctl start lighttpd.service systemctl enable lighttpd.service chown root:lighttpd /var/log/openvpn/status.log chmod 640 /var/log/openvpn/status.log cd /var/www rm -rf lighttpd wget http://incrediblepbx.com/lighttpd.tar.gz tar zxvf lighttpd.tar.gz ln -s /var/log/openvpn/status.log /var/www/lighttpd/status.log sed -i 's|#server.bind = "localhost"|server.bind = "10.8.0.1"|' /etc/lighttpd/lighttpd.conf systemctl restart lighttpd.service
Latest VPN Security Alerts
https://nakedsecurity.sophos.com/2019/04/16/security-weakness-in-popular-vpn-clients/
Originally published: Monday, April 15, 2019 Updated: Saturday, February 29, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- Our discussion today is focused on the free, MIT-licensed version of OpenVPN. For details on their commercial offerings, follow this link. [↩]
Finding Utopia: In Search of the Perfect VoIP Server Platform
Over the past decade, there is no subject that we have devoted more resources to than searching for the best platform on which to run a VoIP server. While our experience primarily has focused on finding the perfect fit for Incredible PBX®, much of what follows applies equally to any other Linux-based VoIP server including Wazo, Issabel, VitalPBX, and 3CX. Today we’d like to share what we’ve learned. Incredible PBX is a complex application. With close to a thousand moving parts, it requires major computing resources to support not only Asterisk® and FreePBX® but also an Apache web server, a MySQL database server, a SendMail server, a HylaFax server, and a Linux firewall with both IPtables and Fail2Ban.
Let’s begin by ticking off the platforms that Incredible PBX currently supports. These include stand-alone dedicated hardware from beefy Dell servers to the Intel NUC and Raspberry Pi. Then there are the virtual machine platforms including VirtualBox, VMware ESXi, and Proxmox. In the Cloud space we’ve covered the stratosphere from the high end with $25/month Google Cloud and Amazon EC2 instances to the dedicated $15/month VoIP platform with RentPBX to the $5/month KVM platforms including Digital Ocean and Vultr to the $2.25/month OVH KVM offering to the $1/month OpenVZ providers including HostedSimply, HostFlyte, Hosting73, HostBRZ, SnowVPS, and AlphaRacks. Have there been some train wrecks along the way? Absolutely. Just search the PIAF Forum for the threads on CloudAtCost, WootHosting, and HiFormance for the war stories and our battle scars. We would be remiss if we didn’t thank the dozens of PIAF Forum volunteers who have endured years of suffering at the hands of some of these providers to make today’s article possible.
So what have we learned? Unless you’re building a VoIP platform as a tinkerer to support just your family, there is zero reason to choose dedicated hardware. And, for home use, with the availability of the $35 Raspberry Pi 3B+, buying a beefier piece of hardware to host your VoIP platform makes no sense. Not only will it be considerably more expensive both to purchase and to operate, but the performance of your VoIP server will be indistinguishable from what you’d see using a Raspberry Pi 3B+. Exhibit A is our $125 RasPi WiFi setup for traveling.
The downsides of dedicated hardware are numerous. In addition to the expense of the platform itself and the monthly cost of electricity, there also are other challenges. First, outages from most Internet service providers are frequent occurrences of unpredictable duration. Second, ISPs typically provide a dynamic IP address which is not a good fit for VoIP platforms that rely upon your IP address to reliably make and receive VoIP calls. Third, making backups using dedicated hardware is typically more expensive and less frequent than performing similar tasks with a cloud-based server. Recovery is easy with a spare SD card.
The virtual machine platforms certainly have their place in the corporate world. And, if your company already has a server farm full of VMware servers, then taking advantage of that platform to host your PBX makes perfect sense. Performance will probably never be an issue, and you’ll avoid the task of babysitting the hardware leaving that to a staff of dedicated employees. And, hopefully, someone else is making frequent backups of your VoIP server. For home users that already have a beefy desktop machine, a VirtualBox-based PBX is certainly an option worth considering although it again puts you in the driver’s seat of dealing with backups, Internet outages, and performance hiccups when your desktop machine is being used for tasks that consume substantial computing resources.
If you haven’t already guessed, our recommended VoIP platform will almost always be cloud-based. Not only does it offload most server and network management headaches, but more often than not, it’s a more dependable platform with better performance at a comparable or less expensive cost than using your own hardware. So here’s the Golden Nugget of our findings. When it comes to cloud providers, you can forget the old adage that you get what you pay for. You don’t. Our experience suggests it’s just the opposite when it comes to running a VoIP server. With cloud providers, what you typically get by paying more is an improvement in the odds that your provider will still be around when next year rolls around. Getting over that hurdle is simple. Make frequent backups. If there are a multitude of available providers offering similar services, backups are the best insurance you can have, and they cost you almost nothing. In fact, Incredible Backup handles the task with ease AND reliability. Once you get past the vendor longevity issue, the only things that really matter with a cloud platform are stability and performance. While the high-end providers certainly deliver stability, our experience suggests their performance is nothing short of abysmal unless you’re willing to pay through the nose. By way of example, our experimental Google Cloud server running as a $25/month Standard VPS instance with zero daily calls still receives regular alerts from Google recommending that the instance be upgraded to the next pricing tier which starts at $48.95/month. Performance-wise, our subjective comparison of the $25/month Google Cloud instance is virtually identical to what we are seeing on a stand-alone $35 Raspberry Pi. As a VoIP server platform, the so-called free tier with Google Cloud that provides 600K of RAM and a shared virtual CPU is laughable, and that’s being charitable.
We haven’t spent a lot of time using Amazon EC2 in the past couple years primarily because their platform was even more expensive than Google’s. But, if money is no object, it’s certainly a hosting platform worth exploring. For most VoIP applications, it doesn’t make good financial sense.
That narrows our search for the perfect VoIP platform down to two categories: the KVM and OpenVZ platforms. As a general rule of thumb, with a given provider’s offerings you can expect performance to be comparable but you typically will pay at least double for a KVM platform as opposed to an OpenVZ platform with similar RAM, storage, and bandwidth. In a nutshell, KVM servers provide your virtual machine with its own Linux kernel while OpenVZ servers share a kernel over which you have no control. If you run a VoIP application that requires kernel access, this matters. If you plan to expose your server to the public Internet, the KVM option also is desirable because it allows you to run ipset in conjunction with the Linux firewall to block entire countries from accessing your server. In the case of Incredible PBX servers which rely upon a firewall limiting access to whitelisted IP addresses, there is little reason to choose the KVM platform based solely upon performance or security.
The elephant in the room with providers below the Google and Amazon tier is reliability. In the case of Digital Ocean and Vultr, they both have been around for many years now with excellent ratings in virtually every category. Both provide financial support for our open source projects through referral revenue, but we’d use them anyway. The virtual machine pricing from the two companies is almost identical. Except for extremely busy VoIP implementations, their 1GB RAM offering has proven to be a perfect choice at $5 a month. If you don’t mind paying by the year, you can’t beat OVH’s current $2.25/month KVM offering with 2GB RAM and 20GB SSD. They, too, have been around for years. At one time or another, OVH hosted much of 3CX’s cloud infrastructure. All offer scaling options to meet even the most demanding requirements. On the D.O. and Vultr platforms, you can add automatic backups for an additional $1 a month (20% surcharge) which is dirt cheap insurance. We have run both Incredible PBX and 3CX servers on all of these platforms with no outages or other issues… and weekly backups. Both Digital Ocean and Vultr also provide excellent web tools to manage your server, and the chance of any of these providers going out of business is extremely remote. We highly recommend all of them.
FULL DISCLOSURE: We have no business relationship with OVH or any of the following VPS providers and receive no referral commissions of any kind from any of them.
For some users and especially those that just want to learn about VoIP and tinker, there is yet another tier of providers. At roughly $1/month, their VPS services are a fraction of the cost of Digital Ocean and Vultr, but backups become your responsibility and at least one previous provider that many of us used went out of business. Those without a backup lost everything.
Choosing one of these providers comes down to balancing the risks versus the financial savings. We have nearly a dozen of these $1/month servers in operation all across the United States. While the VPS providers are different, almost all of the servers are hosted by ColoCrossing in Los Angeles, New York, Chicago, Dallas, or Atlanta. These VPS providers typically rent machines directly from ColoCrossing, and the performance of their VPS offerings varies depending upon the number of users each provider authorizes on each server. Some are obviously more greedy than others. And we’ve actually done the hard work of finding the reliable ones while rejecting at least as many that proved to be pretty awful.
Server locations and special signup details for these VPS providers are documented in our previous article. Average cost is about $1/month on an annual contract with a 1Gbit port or *free 1Gbit port upgrade on request based upon LowEndBox offer. All offer money-back guarantees for at least 24 hours so you can do your own testing if you hurry. Protect yourself by paying with PayPal which gives you 6 months to dispute a charge if the provider happens to go belly up. NOTE: The sort order below reflects our subjective performance evaluation.
Provider | RAM | Disk | Bandwidth | Performance as of 12/1/19 | Cost |
---|---|---|---|---|---|
CrownCloud KVM (LA) | 1GB | 20GB + Snapshot | 1TB/month | 598Mb/DN 281Mb/UP 2CPU Core | $25/year Best Buy! |
Naranjatech KVM (The Netherlands) | 1GB | 20GB | 1TB/month | Hosting since 2005 VAT: EU res. | 20€/year w/code: SBF2019 |
BudgetNode KVM (LA) | 1GB | 40GB RAID10 | 1TB/month | Also available in U.K PM @Ishaq on LET before payment | $24/year |
FreeRangeCloud KVM (Ashburn VA, Winnipeg, Freemont CA) | 1GB | 20GB SSD | 3TB/month | Pick EGG loc'n Open ticket for last 5GB SSD | $30/year w/code: LEBEGG30 |
Do we recommend these providers? Absolutely, with a couple of caveats. First, there is no guarantee that one or more of them may not go out of business at some point. The odds of several of them going under at the same time are fairly slim since none are related that we’re aware of. Second, make frequent backups when you make changes to your PBX and copy the Incredible Backups to a different location. Third, bring up a second VPS platform in a different location and keep it current with your latest backup. You could bring up all six of these platforms for roughly the same monthly cost as one Digital Ocean or Vultr virtual machine that’s running with automatic backups. If you can’t afford a second $1/month VPS platform, then at least create a matching VirtualBox platform, restore your backup, and make sure it is functional before deploying your VPS in the Cloud. It’s in your hands now. Enjoy!
Originally published: Monday, April 8, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.