Home » Incredible PBX » Raspberry Pi (Page 9)
Category Archives: Raspberry Pi
ClearlyIP Introduces New Features for Incredible PBX Phones
We’re excited to announce a host of new features for the new Incredible PBX IP phones. For locations where dynamic IP addresses and NAT-based routers pose challenges, the Clearly Devices GUI now offers direct support for OpenVPN. For environments in which security is critically important such as banks and schools, a new Panic button provides unique protection for employees and workplaces. And, for those that have always wanted an "Answered Elsewhere" indication for business communications, your search is over.
Configuring Incredible PBX Phones with OpenVPN
To get started, log into the FreePBX GUI with your admin credentials and navigate to Admin -> Module Admin -> Check Online and update the Clearly Devices module, if necessary. Next, create an OpenVPN server and generate a client template using the MAC address of each of your Incredible PBX phones following the steps in our previous tutorial. Copy the new client templates to the tftpboot folder of your Incredible PBX server. Next, open this ClearlyIP tutorial in a separate window and follow the steps to set up each of your phones. NOTE: When you create a template in Clearly Devices, it will provide a default provision URL at the top of the template that should also be used as the Custom Client Location when you enable the VPN in the User Management template, e.g. http://abc:xyz@192.168.0.3:2580/%%MAC%%.ovpn
Adding a PANIC Button to Incredible PBX Phones
Adding ‘Answered Elsewhere’ As A Call Destination
One of the complaints of many administrators has been the destination entries made in call logs when a call to a ring group is answered on another extension. With the latest release, the "Answered Elsewhere" notation is included in the phone’s firmware. Give these phones a careful look when you are in the market for new SIP phones. There’s nothing quite like them for Asterisk® platforms. Enjoy!
Originally published: Tuesday, May 19, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
BulkVS: A Bargain SIP Provider for Incredible PBX Platforms
At every opportunity I always tell new VoIP enthusiasts that one of the true advantages of switching to a VoIP platform is the fact that you don’t have to put all your eggs in one basket. Just this morning, I read a Facebook post from one of the elders in my family lamenting the fact that her MaBell landline had failed in the midst of this week’s snowstorm in North Carolina. Her local WiFi and cable TV still worked but not her landline or cellphone.
With that background, we are pleased to introduce BulkVS trunking as another option to add to your collection. Unlike Skyetel, ClearlyIP, Vitelity, and VoIP.ms, we receive no commissions from BulkVS so chalk this article up as a good example of biting off your nose to spite your face. There is a PayPal link to the right if you’re feeling grateful. 😉
Why does BulkVS matter? In the words of Alex Trebek, it’s The 3 P’s: Price, Price, and Price. An inbound US48 Tier0 phone number (DID) will set you back 6¢ a month with a 25¢ setup fee. And calls are billed at $.0003 per minute. Toll-free numbers in the U.S. and Canada are 14¢ a month with a per minute rate of $.0055. CNAM lookups are $.002. Outbound calls are $0.004/minute. E911 service is 49¢/month. Billing increment: 6 seconds. Those aren’t typos.
Getting Started with BulkVS
To get started, click the sign up link on the main BulkVS page. Then fund your account with $25 using PayPal. Or you can sign up for Net 15 billing and pay by check or credit card if you’re not in a rush to get started.
BulkVS offers two ways to set up your BulkVS trunking: IP-based authentication and SIP registration. If you don’t have a firewall which means you’re not using Incredible PBX, the first method is a little safer because nobody can spoof the IP address of your Asterisk® PBX. But it’s not for everyone. For example, if you’re behind a NAT-based firewall or if your server has a dynamic IP address, then IP-based authentication really isn’t an option. Similarly, if you don’t have control of the router that your PBX is sitting behind, then IP-based authentication won’t work since you have to forward both the SIP port (UDP 5060) and the RTP ports (10000-20000) to your PBX. The beauty of SIP registrations is they work from almost anywhere including double-NAT environments. So today, we’ll cover the SIP registration approach which will work for everyone.
There are three setup procedures: one using the BulkVS Control Panel, a second using the Linux CLI, and a third using the FreePBX® GUI included in Incredible PBX®.
BulkVS Setup with SIP Registration
Step 1: Go to Inbound -> DIDs – Purchase and buy one or more DIDs for your PBX.
Step 2: Go to Interconnection -> Host – Add and add your PBX’s public IP address. Leave the port as 5060 for both chan_sip and chan_pjsip setups.
Step 3: Go to Interconnection -> Trunk Group – Add and create a Trunk Group.
Step 4: Go to Interconnection -> Trunk Group – Manage and add the Primary IP Address for your new Trunk Group. Set Delivery Type to 11DIGITS.
Step 5: Go to Interconnection -> SIP Registration and write down the credentials for one of the SIP credentials you wish to use to register your new trunks.
Step 6: Go to Inbound -> DIDs – Manage and select each telephone number. Then set the Trunk Group to the SIPREG Trunk Group you chose in the previous step. Click Update button.
Step 7: Wait 15 minutes for the new IP and Trunk Group settings to propagate to SBC nodes.
Linux CLI Setup for BulkVS
First, log into your server as root and edit iptables-custom in /usr/local/sbin. Add the following just above the # End of Trusted Provider Section marker:
# BulkVS WhiteList /usr/sbin/iptables -A INPUT -p udp -m udp -s 162.249.171.198 --dport 5060:5069 -j ACCEPT /usr/sbin/iptables -A INPUT -p udp -m udp -s 76.8.29.198 --dport 5060:5069 -j ACCEPT /usr/sbin/iptables -A INPUT -p udp -m udp -s 69.12.88.198 --dport 5060:5069 -j ACCEPT /usr/sbin/iptables -A INPUT -p udp -m udp -s 192.9.236.42 --dport 5060:5069 -j ACCEPT /usr/sbin/iptables -A INPUT -p udp -m udp -s 52.206.134.245 --dport 5060:5069 -j ACCEPT
For chan_sip trunk implementations, while logged into your server as root, edit sip_custom_post.conf in /etc/asterisk. Add the following:
[bulkvs1](bulkvs); host=192.9.236.42 [bulkvs2](bulkvs); host=162.249.171.198 [bulkvs3](bulkvs); host=69.12.88.198 [bulkvs4](bulkvs); host=76.8.29.198 [bulkvs5](bulkvs); host=52.206.134.245
Finally, restart the IPtables firewall and reload Asterisk:
iptables-restart fwconsole reload
FreePBX PJsip Setup with SIP Registration
The PJsip alternative is considerably easier. First, you don’t need sip_custom_post.conf entries at all. To begin, navigate to Connectivity -> Trunks and choose Add a PJsip trunk. Name the trunk BulkVS and then click on the pjsip Settings tab. Fill out the form as shown below substituting the BulkVS registration account name you chose above. Any of the three SIP registrations offered for your account under Interconnection -> SIP Registration in the BulkVS Dashboard will work as long as you use the matching password.
Next, click on the Advanced tab and enter the following in the Match (Permit) field.
162.249.171.198,76.8.29.198,69.12.88.198,192.9.236.42,52.206.134.245
In the Codecs tab, enable ULAW and ALAW. Then click Submit and reload your dialplan.
With PJsip registrations, you may also need to add the following lines to the end of extensions_custom.conf in /etc/asterisk using your actual DID. Then reload your dialplan: asterisk -rx "dialplan reload"
[from-sip-external] ; BulkVS exten => 18005551212,3,Goto(from-trunk,${DID},1)
FreePBX chan_sip Setup with SIP Registration
If you prefer to set up your BulkVS trunk the old-fashioned way, navigate to Connectivity -> Trunks -> Add chan_sip trunk and enter:
In the Incoming tab, enter a Registration String in the following format where 19991234567 is one of your actual BulkVS DIDs. Then Save the settings and reload the dialplan.
yourBulkVSacctname:yourBulkVSpassword@sip.bulkvs.com/19991234567
Finally, navigate to Settings -> Asterisk SIP Settings and the chan_SIP tab, then set the Registration Minimum Expiry and Registration Default Expiry entries to 25. Then click Submit and reload the dialplan.
FreePBX Inbound & Outbound Route Configuration
Finally, we need to tell FreePBX how to route BulkVS calls into and out of your PBX. In the FreePBX GUI under Connectivty -> Inbound Routes, add a new route for BulkVS specifying the 11-digit DID you purchased from BulkVS. Choose a Destination for the incoming calls, save your settings, and reload the dialplan. Repeat this process for each of your BulkVS DIDs. HINT: The monthly cost of the DIDs is inexpensive enough to assign a DID to every extension on your PBX.
Next, navigate to Connectivity -> Outbound Routes and create a new Outbound Route for calls you wish to process using BulkVS termination services. Name the Outbound Route BulkVS and assign the bulkvs trunk as the first entry in the call sequence. In the Dial Patterns tab, you would want match patterns for 1NXXNXXXXXX and NXXNXXXXXX. For the latter entry, be sure to add a Prepend entry of 1. Then save your settings and reload the dialplan.
SMS Message Delivery from BulkVS Trunks
BulkVS also supports SMS messaging on most of their DIDs. To deliver SMS messages from BulkVS, you’ll need a public-facing web server (not Incredible PBX). Assuming you already have that in place, delivery of SMS messages from BulkVS DIDs to your email address or smartphone’s messaging app is straight-forward. Begin by enabling SMS messaging on your DID: Inbound -> DIDs Manage. Next, assign a web address to process the incoming messages on your web server, e.g. http://yourdomain.com/bulkvs-sms/index.php. Then create the index.php file using the sample code below after inserting your email address for delivery of the incoming messages:
<?php // Syntax for delivery from bulkvs.com SMS Forwarding Service $deliverto = "yourname@yourdomain.org"; // $deliverto = "18431234567@txt.att.net"; $from = htmlspecialchars($_REQUEST['from']); $to = htmlspecialchars($_REQUEST['to']); $message = htmlspecialchars($_REQUEST['message']); $subject="SMS Message from $from to $to"; $comment="SMS Message\\n\\nFROM: $from\\n\\nTO: $to\\n\\nMSG: $message\\n\\n"; mail("$deliverto", "$subject", "$comment", "$from"); echo "OK"; ?>
To send an SMS message from one of your BulkVS DIDs, you’ll need your API credentials from the BulkVS web site. Simply insert them together with one of your 11-digit DIDs in the script below, and you can send SMS messages to your heart’s content.
from="18005551212" apikey="aaabbbccc" apisecret="dddeeefff" if [ -z "$1" ]; then echo 'Syntax: send-sms-bulkvs 18005551212 "Your SMS message"' exit fi if [ -z "$2" ]; then echo 'Syntax: send-sms-bulkvs 18005551212 "Your SMS message"' exit fi to=$1 msg=$2 curl --header "Content-Type: application/json" --request POST --data \\ '{"apikey":"'"$apikey"'","apisecret":"'"$apisecret"'","from":"'"$from"'","to":"'"$to"'","message":"'"$msg"'"}' \\ https://portal.bulkvs.com/sendSMS
To send SMS messages from a Windows machine, see this post from @jerrm.
Originally published: Tuesday, May 12, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Introducing the Incredible Redialer for Asterisk
If you’ve been a VoIP regular during the past decade then you’re probably already aware that the automatic redial function has disappeared from both Asterisk® and most SIP phones. In these difficult times of trying to connect with critical services and radio contests, we thought it was a good time to introduce the Incredible Redialer. It should perform well on most Asterisk platforms with FreePBX® as well as current releases of Incredible PBX®.
How It Works. The Incredible Redialer assumes you have an Outbound Route to process 10-digit calls. If not, you can adjust the code to meet your local or international calling patterns. For the default install, a caller simply dials 2 plus a 10-digit number, and the Incredible Redialer will repeatedly dial the 10-digit number every five seconds until the call completes without a busy signal. No CDR entries are logged to avoid clutter.
Installation. On FreePBX-based systems including Incredible PBX platforms, edit extensions_custom.conf in /etc/asterisk. Just below the [from-internal-custom] line at the top of the file, insert the following code:
;# // BEGIN Redialer exten => _2NXXNXXXXXX,1,Answer exten => _2NXXNXXXXXX,n(dialnow),Wait(5) exten => _2NXXNXXXXXX,n,Set(NUM2CALL=${EXTEN:1}) exten => _2NXXNXXXXXX,n,Dial(local/${NUM2CALL}@from-internal) exten => _2NXXNXXXXXX,n,Goto(dialnow) exten => s-CANCEL,1,Hangup exten => s-NOANSWER,1,Hangup exten => s-BUSY,1(redial),Goto(dialnow) exten => s-CONGESTION,1(congestion),Goto(dialnow) exten => s-CHANUNAVAIL,1,Hangup exten => s-,1,Hangup exten => _s-.,1,Hangup ;# // END Redialer
If your dialplan requires 11-digit numbers beginning with a 1, then edit the five lines beginning with _2 and change the entries to _21. You can make similar changes to support international dialing prefixes. If you’d prefer a dialing prefix other than 2, then replace the 2 in the _2 lines with the prefix of your choice. Save the file and then reload your Asterisk dialplan: asterisk -rx "dialplan reload"
Testing Incredible Redialer. We’ve set up a test number in the United States that always rings busy. Feel free to call it to try things out from your own PBX: 843-606-0555. Enjoy!
Originally published: Monday, May 4, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Election Protection: Deploying Lenny to Block Robocalls
In the United States, some may be unaware that the FCC exempted elected federal officials and businesses with whom you do business from the stringent restrictions enacted against robocalls. That’s the reason you typically hear from your favorite politicians at about the time you sit down for that evening meal. In 2013, we implemented Brian West’s Lenny scripts for use with Asterisk®. We won’t regurgitate all of the background and legal considerations, but they are available in our original article if you’re interested. The idea behind the Lenny robot is a series of voice prompts that keep robocallers chasing their tails for lengthy periods of time without interfering with your regular phone calls. A number of these recordings are available on YouTube for your listening pleasure. Here’s one of our favorites:
A Word to the Wise: Pay particular attention to the rules on recording your phone calls. WE ACCEPT NO RESPONSIBILITY FOR VERIFYING THE LEGALITY OF USING THE LENNY VOICE PROMPTS WHICH WERE PART OF THE POSSA MODULE PUBLISHED ON GITHUB!
Even though access to Lenny through SIP URI calls has never wavered over the years, actual deployment of the code to implement Lenny on local servers disappeared because of the inability to verify the author of the original Lenny recordings. We still have been unable to do that, but seven years have passed without anyone voicing a complaint so we’ve decided to once again make the recordings available in this new deployment for Incredible PBX® 2020. A similar module is also available for Ombutel and VitalPBX. If anyone wishes to claim ownership of the recordings and desires that they be removed, simply contact us.
Prerequisites. To install today’s version of Lenny, you’ll need an Incredible PBX 2020 platform for CentOS 7 or the Raspberry Pi 3 or 4.
Installation. To install Lenny on your server, log into the Linux CLI as root. Then…
cd /var/www/html/admin/modules wget http://incrediblepbx.com/lenny2020.tgz tar zxvf lenny2020.tgz rm -f lenny2020.tgz fwconsole ma install itslenny fwconsole reload cd /var/lib/asterisk/sounds/en ln -s /var/www/html/admin/modules/itslenny/sounds/lenny lenny
Configuration. Next, you’ll need to configure Lenny to answer calls on your Blacklist and, optionally, to replace the existing 53669 (L-E-N-N-Y) SIP URI extension so that non-blacklisted incoming calls can be transferred easily to Lenny as desired. Let’s first tackle the Blacklist setup. Log into the FreePBX GUI with a web browser using your admin credentials. Navigate to Third Party AddOn: Its Lenny. Make sure the Enable checkbox is checked and optionally check the Record option, if desired. The default Silence Detection Delay and Iterations settings should be fine on most platforms. Click Submit to save the settings.
NOTE: The PBX Open Source Software Alliance (POSSA) no longer maintains this module.
If you want to replace the existing 53669 SIP URI extension with access to this new module using the same 53669 setting, here are the steps:
1. Delete the existing 53669 extension under Applications:Extensions.
2. Under Admin:Custom Destinations, Add app-nv-itslenny,s,1 and name it Lenny. Submit.
3. Under Application:Misc Application, Add:
Enable: YES
Description: Lenny
Feature Code: 53669
Destination: Custom Destination -> Lenny
Submit
Operation. Here’s how we envision a typical deployment. When an incoming call arrives that you believe is a spammer, say, "Just a moment. Let me transfer you to the man of the house." Using your SIP phone, hit the Transfer button and dial 53669 to send the call to Lenny. Next, blacklist the last caller by picking up the phone again and dialing *32. In the future, when calls arrive from this number, the call will automatically be answered by Lenny. You can add and remove entries in the Blacklist by navigating to Admin:BlackList in the FreePBX GUI.
Continue Reading: Spam Phone Call Blocker and CNAM Caching for FreePBX
Originally published: Monday, April 20, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
The Big 30: Incredible PBX 2020 Application User’s Guide
For those just beginning the Incredible PBX® 2020 adventure, start here for CentOS 7 or here for the Raspberry Pi. Once your system is up and running, you’ll be ready to kick the tires. And today we’ll cover 30 applications for Asterisk® and FreePBX® that are included in the latest and greatest Incredible PBX server. Now that you have some time on your hands, continue learning about this powerful platform by reading this documentation. If you still have questions, post them on the PIAF Forum for some quick and friendly assistance.
Here’s a Table of Contents to the Incredible PBX 2020 Applications with hotlinks. Enjoy!
- Checking System Status
- Enabling Speech Recognition for Asterisk
- Wolfram Alpha for Siri-like queries by phone*
- Automatic Update Utility
- Resetting Incredible PBX Passwords
- Apache Authentication for Apps
- IPtables Firewall WhiteList
- PortKnocker Remote Access
- Travelin’ Man 4 Remote Access by Phone
- Conference Bridge
- CallerID Name (CNAM) Lookups
- Faxing with Incredible PBX
- Voicemail 101 with Incredible PBX
- Email Delivery of MP3 Voicemails
- Reconfiguring SendMail for SmartHosts
- SMS Messaging with VoIP.ms
- SIP URI Calling with Speed Dials
- IVR Demo of Incredible PBX Applications*
- Backup and Restore Options
- AsteriDex – The Poor Man’s Rolodex®
- Voice Dialing with AsteriDex*
- Speed Dialing with AsteriDex
- Scheduling Reminders by Phone or Web
- DISA Access with Incredible PBX
- Yahoo! News Headlines
- Weather Forecasts with Incredible PBX*
- ODBC Application Support
- Today in History
- Time of Day
- WebMin
* Requires Voice Recognition implementation. See #2 above.
1. Checking Current Status of Incredible PBX
There are several ways to check the status of your server. First, log into your server as root and type: pbxstatus
. You can even add the default phone number for your server by inserting it in /etc/pbx/.phone.
The second option is to use a browser to access your server. Choose the Incredible PBX Admin option after pointing a browser to the IP address of your server:
Once you log in with your admin password, the Dashboard of your server will display the status of trunks, users, and active calls on your server. In addition, you can review the latest news and security alerts from the RSS Feeds of Nerd Vittles, Incredible PBX, FreePBX, and Asterisk. For additional status information, choose Reports:Asterisk Info.
2. Adding Speech Recognition to Asterisk
We no longer recommend Google Speech Recognition because of the licensing issues and Google’s propensity to break things regularly. Instead, we recommend IBM’s Speech Recognition and TTS engines. For most users, there will be no cost. And the services are second to none. For a complete installation and setup tutorial, see our tutorial. Once speech recognition is enabled, the Incredible PBX 2020 feature set grows exponentially. You’ll have access to the Voice Dialer for AsteriDex as well as SMS Voice Messaging and Wolfram Alpha for a Siri-like encyclopedia.
3. Using Wolfram Alpha with Incredible PBX
Ever wished your Asterisk server could harness the power of a 10,000 CPU Supercomputer to answer virtually any question you can dream up about the world we live in? Well, so long as it’s for non-commercial use, today’s your lucky day. Apple demonstrated with Siri™ just how amazing this technology can be by coupling Wolfram Alpha® to a speech-to-text engine on the iPhone. Now you can do much the same thing using voice recognition with Incredible PBX 2020.
Before using Wolfram Alpha from any phone connected to your PBX, you first must configure it by obtaining and adding a Wolfram Alpha application ID to Incredible PBX. Here are the simple steps:
1. Obtain your free Wolfram Alpha APP-ID here.
2. Log into your server as root and issue the following command:
nano -w /var/lib/asterisk/agi-bin/wolfram.sh
3. When the nano editor opens, insert your IBM STT and Wolfram APP-ID credentials in the spaces provided. Then save the file.
To use Wolfram Alpha, dial 4747 (that’s S-I-R-I backwards) from any extension.
Here are some sample queries to get you started:
Weather in Charleston South Carolina
Weather forecast for Washington D.C.
Next solar eclipse
Otis Redding
Define politician
Who won the 1969 Superbowl? (Broadway Joe)
What planes are flying overhead now?
Ham and cheese sandwich (nutritional information)
Holidays 2015 (summary of all holidays for 2015 with dates and DOW)
Medical University of South Carolina (history of MUSC)
Star Trek (show history, air dates, number of episodes, and more)
Apollo 11 (everything you ever wanted to know)
Cheapest Toaster (brand and price)
Battle of Gettysburg (sad day 🙂 )
Daylight Savings Time 2015 (date ranges and how to set your clocks)
Tablets by Samsung (pricing, models, and specs)
Doughnut (you don’t wanna know)
Snickers bar (ditto)
Weather (local weather at your server’s location)
4. Automatic Update Utility for Incredible PBX
A key security component of Incredible PBX is its Automatic Update Utility. Each time you log into your server as root, the Automatic Update Utility is run. It installs the latest fixes and security patches for your server. Don’t disable it! In fact, don’t delete anything from the /root folder. You’ll need all of it sooner or later.
We recommend you log into your server as root at least once a week to keep your server current. Ditto for the web interface to Incredible PBX. Insofar as security is concerned, we make a best effort to keep the components of Incredible PBX up to date. The Linux operating system was installed by you before the Incredible PBX install began. That’s a nice way of saying Linux security is primarily your responsibility. When an egregious Linux vulnerability comes along that we know about, we will try to notify you of the issue on the PIAF Forum and on the RSS Feed that is part of the Incredible PBX GUI. Check the RSS Feeds at least once a week as well. As a condition of use of the free Incredible PBX product, you accepted ultimate responsibility for the security and reliability of your server. Be SAFE!
5. Resetting Incredible PBX Passwords
Yes. It happens to all of us. We forget our passwords. Incredible PBX includes a convenient utility that lets you reset many of the passwords associated with Incredible PBX. Just log into your server as root and issue the command: /root/update-passwords
To reset Incredible PBX GUI admin password, issue command: /root/admin-pw-change
To reset Apache admin password, issue command: /root/apache-pw-change
. Apache credentials control access to the web interface of Telephone Reminders and AsteriDex from within the web GUI.
To reset the AvantFax admin password which is accessible within the Incredible PBX GUI, issue the following command: /root/avantfax-pw-change
6. Apache Authentication with Incredible PBX
With the exception of the Admin GUI and WebMin, all web-based applications included in Incredible PBX require successful Apache authentication to gain access. When you installed Incredible PBX, you should have created an admin account for Apache. If not, issue the following command using a secure password after logging in as root:
htpasswd -cb /etc/pbx/wwwpasswd admin newpassword
With the exception of AsteriDex and Reminders, you gain access to other Incredible PBX applications with the admin Apache account. For the remaining apps, you may wish to (but don’t have to) assign different account names and passwords to various departments in your organization. To set up these accounts, use the syntax above substituting the name of the department for "admin" and the department password for "newpassword."
7. Managing the IPtables Linux Firewall
As installed, Incredible PBX includes a preconfigured, locked-down Linux firewall that restricts incoming IPv6 traffic to localhost and, via a Travelin’ Man 3 WhiteList application, limits incoming IPv4 traffic to your server’s public and private IP addresses, your desktop computer’s IP address (that was used for the install), private LAN and NeoRouter VPN traffic, and a collection of our favorite VoIP providers. You can WhiteList additional IP addresses for additional providers or for SIP and IAX phones located outside your firewall. The following firewall management scripts are accessible from the /root directory:
- ./add-ip — WhiteList an additional IP address or IP address range (CIDR)
- ./add-fqdn — WhiteList a site using a fully-qualified domain name (FQDN)
- ./del-acct — Remove previously designated entry from the WhiteList
- ./ipchecker — Check whether specified FQDNs have changed & update IPtables
- iptables-restart — Used exclusively to restart IPtables and test for failed FQDNs
- iptables -nL — Check the current status of your IPtables firewall
On CentOS platforms, IPtables can be manually configured (if you know what you’re doing) by editing iptables and ip6tables in /etc/sysconfig. On the Raspberry Pi, the rules are stored in /etc/iptables/rules.v4. Additional IPtables rules are included and managed in /usr/local/sbin/iptables-custom. All FQDN entries must be entered in iptables-custom. The reason is because a failed FQDN entry in the main IPtables config file will cause the firewall to fail on startup. Also, NEVER use traditional iptables commands such as iptables save to update your IPtables configuration, or you will permanently delete all of your FQDN entries! Instead, use the provided utilities to whitelist additional sites and then restart IPtables using iptables-restart. This protects the FQDN entries in your setup while also checking for invalid FQDN entries and removing them temporarily so that IPtables will successfully restart. If you use service iptables restart to restart IPtables and there happens to be an FQDN entry for a host that is either down or has disappeared, IPtables will fail to restart and your server will be left with NO firewall protection! Using the traditional IPtables mechanisms also will disable Fail2Ban and the rules in iptables-custom will never be loaded. Incredible PBX periodically checks for changed FQDN entries using the ipchecker script as configured in /etc/crontab.
If you elect to integrate Facebook into your Incredible PBX setup, you will need to manually uncomment the last 3 lines in /usr/local/sbin/iptables-custom in order to whitelist the Facebook servers. Then restart the firewall: iptables-restart
WARNING: By default, Incredible PBX whitelists all of the non-routable LAN subnets including 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. If you elect to install Incredible PBX in the Cloud, be advised that some cloud platforms including Amazon treat the 172.16.0.0/12 subnet as routable IP addresses. This means that anyone in the Amazon Cloud (including the bad guys) will have direct access to your server. While they still need a password or vulnerability to gain access, it nevertheless exposes your server to needless hacking attempts. We strongly recommend that you comment out the 172.16.0.0/12 entry in /usr/local/sbin/iptables-custom if you intend to deploy your server in the Amazon Cloud. Then restart the firewall: iptables-restart
8. PortKnocker Remote Access
IPtables is a powerful firewall that keeps the bad guys out. It also will keep legitimate users (including you) from gaining remote access to your server unless you had the forethought to WhiteList your remote IP address before you left on that family vacation. Unfortunately, you don’t always know your IP address in advance. And dynamic IP addresses assigned with hotel WiFi frequently change. To address this problem, Incredible PBX includes a preconfigured PortKnocker utility. This lets you send three secret "knocks" on random TCP ports to your server to tell it to let you in either temporarily (until IPtables is restarted) or permanently.
To reconfigure PortKnocker to permanently whitelist IP addresses from which you issue a successful knock, login as root and issue the command: iptables-knock activate
For PortKnocker to work, you obviously need to know the secret knocks. You’ll find them in /root/knock.FAQ. Record them in your wallet or inside your suitcase for that rainy day! There are PortKnocker apps for almost all smartphones as well as for Windows, Mac, and Linux computers. Install your favorite AND test access before you leave town. You can change the ports by editing /etc/knockd.conf. Then restart PortKnocker: service knockd restart
Finally, be aware that PortKnocker does not need any special access to your server to work; however, if your server is behind a hardware-based firewall, then you must map the three PortKnocker TCP ports to the private IP address of your server, or the knocks obviously will never get delivered to your server.
If you installed Incredible PBX 2020 on a cloud platform, then your server may use a network port other than eth0. Typically, it’s venet0:0 on OpenVZ servers. You can decipher the name of your network port for your public IP address by issuing the command: ifconfig. In this case, the CentOS config file needs to be modified and then PortKnocker needs to be restarted. Edit /etc/sysconfig/knockd and insert the following: OPTIONS="-i venet0:0"
. Restart PortKnocker with the command: service knockd restart
Review our PortKnocker tutorial for additional configuration tips.
9. Travelin’ Man 4 Remote Access (dial TM4)
In addition to PortKnocker, Incredible PBX also includes a telephone-based solution to temporarily gain remote access to your server. This does require a bit of preplanning since you must create account credentials for the person to whom you wish to give remote access via a phone call. The complete tutorial for Travelin’ Man 4 is available on the PIAF Forum. All of the pieces already are in place on your server so skip down to the Configuration & Operation sections for details on implementation.
10. Using the Conference Bridge (dial CONF)
A turnkey Conference Bridge is included in Incredible PBX 2020. A conference bridge allows a group of people to participate in a joint phone call. Typically, participants dial into a virtual meeting room from their own phone. This virtual meeting room supports dozens or even hundreds of participants depending upon server capacity.
You do not need a timing source for conferencing with Incredible PBX 2020! Old-style Asterisk Conference Rooms which required a timing source are disabled.
To access the Conference Bridge, dial C-O-N-F (2663) from any phone connected to your server. Remote users can be added to a conference by providing a DID that points to an IVR which includes Conference Bridge access. Once connected to the conference bridge, a caller is prompted for the Conference Bridge PIN and his or her name. The user and admin access PINs are randomly generated when you install Incredible PBX. You can decipher or modify the user and admin passwords to access the Conference Bridge in the Incredible PBX GUI: Applications:Conferences. Then edit 2663 and review or change the User and Admin PINs.
11. CallerID Name (CNAM) Lookups
By default, Incredible PBX is configured to automatically provide OpenCNAM CallerID name lookups for the first ten calls received each hour. These lookups are only from cached entries in the OpenCNAM database; however, you can enable the commercial lookup service if desired. The cost is four tenths of a cent per successful query.
To enable the OpenCNAM Professional Tier, set up an account at OpenCNAM.com. Once you’ve obtained your credentials, edit the OpenCNAM entry in Admin:CID Superfecta:Default. You may also wish to enable AsteriDex lookups and move the scheme to the top of your list of lookup schemes.
To activate CallerID Superfecta for incoming calls, edit each of your Inbound Routes and Enable Superfecta Lookup with the Default Scheme in the Other tab.
12. Faxing with Incredible PBX 2020
If you can press the ENTER key 25 times, you are fully capable of installing Incredible Fax on your new server. On the latest Raspberry Pi builds of Incredible PBX 2020, Incredible Fax is preinstalled. On other platforms, log into your server as root and run /root/incrediblefax2020.sh. Provide an email address for delivery of incoming faxes and press ENTER each time you are prompted to make a selection. Once you reboot your server, you’re all set. As part of the install, you provided an email address for delivery of incoming faxes. That’s all the setup that is required to have incoming faxes sent to most of your DIDs delivered via SendMail in PDF format. The best way to figure out whether a particular provider supports fax technology on their DIDs is to send a test fax to yourself. FaxZERO lets you send 5 free (in the U.S. only) faxes of up to 3 pages every day. Give it a whirl.
You also can send faxes using standard document types with the AvantFax web application. Log into AvantFax from the main Incredible PBX GUI by clicking on the AvantFax icon. The default credentials are admin:password. Choose the Send a Fax option from the main menu, fill in the blanks, and attach your document. AvantFax uses the default dialplan so use the prefix desired to send the fax using your preferred provider.
With the latest release of Incredible PBX 2020, fax recognition is supported on incoming calls. Edit each of your Inbound Routes and enable Detect Faxes with Detection Type=SIP, Fax Ring=Yes, Fax Detection Time=4, and Fax Destination=Custom Destination:Fax (HylaFax) in the Fax tab.
On the Raspberry Pi platform, you can change the destination email address for incoming faxes by issuing the command: /root/avantfax-email-change.
Copies of all incoming faxes also are available for retrieval within AvantFax.
13. Voicemail 101 for Incredible PBX 2020
Voicemail functionality is enabled on an extension-by-extension basis as part of the extension setup under the Voicemail tab. Once enabled, you can set up your mailbox and retrieve your messages by dialing *97 from the mailbox extension, or dial *98 to retrieve messages from any extension. Shortcut dialing is also supported, e.g. *98707 would retrieve messages for extension 707. You can leave a message for or forward calls to any extension’s mailbox without actually calling the extension. Just prepend * to any extension number before dialing, e.g. *701. A number of the system settings for voicemail can be tweaked under the Voicemail tab as well. For example, you can automatically delete voicemails once they have been delivered by email. Voicemail Blasting to multiple mailboxes is also supported. Just choose this option under the Applications tab and follow your nose.
14. Email Delivery of MP3 Voicemails
Speaking of email delivery, your voicemails also can be delivered to any email address of your choosing. For every extension under the Voicemail tab for the Extension, simply add an Email Address and enable the Email Attachment. With Incredible PBX 2020, the voicemail message will be attached to the email in MP3 format so it’s suitable for playback with most email clients on desktop PCs, Macs, and smartphones. Be advised that some Internet service providers (such as Comcast) block downstream SMTP servers. You can check whether your outbound email is flowing by issuing the command mailq from the Linux command line. Issuing the command mail will tell you whether outgoing emails are bouncing. You can test sending an email by issuing the following command using your destination email address:
echo "test" | mail -s testmessage your-name@your-email-provider.com
If you find outbound mail is accumulating, add your ISP’s SMTP server address as a SmartHost for SendMail as documented in the next section.
15. Reconfiguring SendMail for a SmartHost
Many residential Internet service providers block downstream SMTP servers such as the SendMail server running with Incredible PBX 2020. If you’re sending emails but they never arrive and you’ve checked your SPAM folder, then chances are your ISP is the culprit. The simple solution is to add your ISP’s SMTP server as a SmartHost for SendMail. This means outbound emails will be forwarded to your ISP for actual email transmission over the Internet. Here’s how. On CentOS platforms, edit /etc/mail/sendmail.cf and search for DS. Immediately after DS, add the FQDN of your ISP’s SMTP server, e.g. DSsmtp.comcrap.net (no spaces!). Save the file and then restart SendMail: service sendmail restart. Your email and voicemail messages with attachments should begin flowing without further delay.
On Raspberry Pi platforms, here’s how to set it up using a Gmail account without two-step authentication. Log into your server as root and run dpkg-reconfigure exim4-config. Choose "mail sent by smarthost; received via SMTP or fetchmail." Accept all the defaults until you get to Outgoing Smarthost prompt. Enter: smtp.gmail.com::587. At the following prompts, choose NO, NO, mbox, and NO. When the setup completes, edit /etc/exim4/passwd.client and insert the following line using your Gmail AcctName and AcctPW. NOTE: If you are using a Gmail account with 2-step verification enabled, you MUST use a Gmail App Key instead of your Gmail account password. You also must enable Less Secure Apps access to your Gmail account.
smtp.gmail.com:AcctName@gmail.com:AcctPW
Save the file and then issue the following commands to complete the setup:
update-exim4.conf systemctl restart exim4 exim4 -qff
Now send yourself a test email message to make sure things are working properly:
echo "test" | mail -s testmessage yourname@yourmailprovider.com
16. SMS Messaging with VoIP.ms
Incredible PBX 2020 supports SMS messaging through VoIP.ms if you have an account and an SMS-enabled DID. See the VoIP.ms wiki for setup info on the VoIP.ms side.
To install the VoIP.ms SMS scripts, follow these steps:
cd /root mkdir sms-voip.ms cd sms-voip.ms wget http://incrediblepbx.com/voipms-SMS.tar.gz tar zxvf voipms-SMS.tar.gz
Edit voipms-sms.php and insert your VoIP.ms number that supports SMS messaging (no spoofing allowed!):
$SMSsender="8005551212";
Edit class.voipms.php and insert your VoIP.ms API credentials:
/*******************************************\ * VoIPms - API Credentials \*******************************************/ var $api_username = 'yourname@youremail.com'; var $api_password = 'yourpassword';
Send an SMS message through VoIP.ms with the following command where smsnumber is the 10-digit number of the SMS recipient and "sms message" is the text message surrounded by quotes:
/root/sms-voip.ms/voipms-sms.php smsnumber "sms message"
NOTE: VoIP.ms has indicated that sooner or later there will be a penny per message charge for SMS messages; however, as of today, they’re still free.
17. SIP URI Calling with Incredible PBX
With one line of dialplan code, you can add Speed Dials for free SIP URI calling worldwide. The dialplan code is stored in the [CallingRule_SIP_URI] context in extensions_custom.conf. Just clone one of the existing entries, designate an extension to dial to connect to the SIP URI, and enter the SIP URI for the destination. Numerous SIP providers support assignment of SIP URI’s to DIDs for unlimited free calling from anywhere in the world. Here’s a sample using a speed dial code of 53669 that connects you to SIP URI 2233435945@sip2sip.info: exten = 53669,1,Dial(SIP/2233435945@sip2sip.info)
18. IVR Demo of Incredible PBX Apps
The easiest way to try out a number of the Incredible PBX applications is to take the IVR Demo for a spin. Just pick up any phone on a CentOS-based platform and dial 3366 (D-E-M-O). The sample code for the IVR is available for review and modification in the IVR section of the GUI. There’s also a sample Stealth AutoAttendant. This plays a brief greeting and then rings an extension or ring group. During the greeting, you could configure the application to allow button presses to branch to other applications on your PBX, hence the Stealth name since the codes are not disclosed to callers.
On the Raspberry Pi platform, our detailed tutorial will walk you through setting up the Demo IVR application.
19. Backup & Restore with Incredible PBX
Incredible Backup and Restore scripts are provided in the /root folder. In addition, the FreePBX GUI also provides Backup and Restore utilities under the Admin tab. If backups are important to you, we strongly recommend you consider a $3/month cloud server at Vultr using our referral code. For an additional 20% per month (60 cents), you get weekly image backups of your server that can be restored with a couple of button clicks. It’s the cheapest insurance you can buy for your PBX!
20. AsteriDex – The Poor Man’s Rolodex
AsteriDex is a web-based phonebook application for Incredible PBX. You can access it from the main web menu. Scripts are also available to import your contacts from Outlook and Google Contacts.
21. Voice Dialing with AsteriDex (dial 411)
If you have voice recognition enabled on your server, you can call anyone in your AsteriDex database by dialing 411.
22. Speed Dialing with AsteriDex (dial 000+)
For those without voice recognition, Incredible PBX 2020 includes two speed dialing utilities. The first is accessed by dialing 412. Then enter any 3-digit dialcode from your AsteriDex database to complete the call. If you’d prefer to skip the intermediate step, dial 000 + the 3-digit speed dial code desired. The call will be placed immediately using your default outbound routes.
For a complete listing of your AsteriDex dial codes, execute this query:
mysql -u root -ppassw0rd asteridex -e "select name,dialcode from user1 order by name"
To automatically generate the 3-digit speed dial codes for everyone in your AsteriDex database using the first three letters of each name, run the following script from your web browser: http://your-server-ip/asteridex4/dialcode.php.
23. Telephone Reminders (dial 123)
Incredible PBX 2020 includes a sophisticated reminders system that lets you schedule individual or recurring reminders using your phone by dialing 123 or a web browser. A complete tutorial is available here. For phone reminders, a password is required to access the reminder system. Typically, these reminders set up a return call at a scheduled time that then plays back either a recorded message or a TTS message generated from the text you entered in the browser application. Incredible PBX also includes a new addition that lets you schedule web reminders that are delivered by email or SMS message.
24. DISA Access with Incredible PBX 2020
Direct Inward System Access (aka DISA) is one of the great PBX inventions of the last 50 years. It’s also one of the most dangerous. It lets someone connect to your PBX and obtain dial tone to place an outbound call using your trunks… on your nickel. Typically, it is offered as an option with an IVR or AutoAttendant. The DISA extension is not preconfigured with Incredible PBX; however, you can easily set it up in the GUI by choosing Applications:DISA. Make up a very secure PIN before exposing DISA access to the outside world. It’s your phone bill.
25. Yahoo! News (Dial 951)
Yahoo! news headlines are available by dialing 951. The news option also is included in the sample IVR application.
26. Weather Forecasts by Phone (dial 947)
You can obtain a current weather forecast for most zip codes by dialing 947 (Z-I-P) and entering the 5-digit zip code.
27. ODBC Application Support for Asterisk
If you’ve recently logged into your server as root, Automatic Update #4 added ODBC/MySQL application support for Asterisk. You can try out a few sample applications that are included to get you started. Dial 222 and enter 12345 for the employee number. This retrieves an employee name from the MySQL timeclock database using Asterisk. Dial 223 to retrieve an AsteriDex name and phone number by entering the 3-character dialcode. You then have the option of placing the call by pressing 1. Once you have created accounts for Travelin’ Man 4, you can dial 864 (T-M-4) to WhiteList an IP address for that account after entering the account number and matching PIN. Use the * key for periods in the IP address.
28. Today in History (Dial T-O-D-A-Y)
It’s always interesting to find out what happened Today in History. And Incredible PBX now delivers it by phone. Just dial 86329 (T-O-D-A-Y) for a walk down memory lane.
29. Time of Day
Speaking of yesteryear, if you grew up dialing TI-4-1212 for the time of day, Ma Bell may have discontinued the service, but we haven’t. Now you can do it on your very own PBX.
If you want your users to be able to dial in for the time directly by dialing extension, here’s how. In the GUI, choose Admin:Custom Destinations:Add Destination. Set up a Time of Day description with a target of new-time,s,1 and save your entry. Now Enable an Application:Misc Application:Add Application with a Feature Code of 8463, Time of Day description, and point it to Custom Destination:Time of Day. Save your entry and then dial 8463 (T-I-M-E) for the Time of Day.
30. WebMin: The Linux Swiss Army Knife
There is no finer Linux application than WebMin. There is no more dangerous Linux application than WebMin. You’ve been warned. We heartily recommend WebMin as a tool to LOOK at your server’s settings. We strongly discourage changing anything in WebMin unless you totally know what you are doing. This is especially true with management of Linux applications that make up the core of Incredible PBX: the Linux kernel, SendMail, IPtables, Apache, MySQL, PHP, and…
To access WebMin on the CentOS platform, visit the following link with a web browser using the actual IP address of your server: https://ip-address:9001/. The username is root. The password is your root password. WebMin has root privileges to your server. Reread paragraph 1 and act accordingly.
Due to space and performance constraints, WebMin is no longer installed by default on the Raspberry Pi platform. To install WebMin, follow these steps after logging into your Raspberry Pi as root:
cd /root apt-get update apt-get install python perl openssl libnet-ssleay-perl apt-get install libauthen-pam-perl libio-pty-perl libpam-runtime wget http://prdownloads.sourceforge.net/webadmin/webmin_1.941_all.deb dpkg --install webmin_1.941_all.deb
For an exhaustive tutorial on WebMin, download The Book of WebMin by Joe Cooper. For a more recent commercial offering, take a look at Michal Karzyński’s WebMin Administrator’s Cookbook.
Originally published: Monday, April 13, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Interconnect Incredible PBX 2020 to the Asterisk Mothership
The Holy Grail for a mobile VoIP solution is a simple way to connect back to your primary Asterisk® PBX via Wi-Fi from anywhere in the world to make and receive calls as if you never left. Let’s tick off the potential problems. First, many home-based PBXs are sitting behind NAT-based routers. Second, almost all remote Wi-Fi connections are made through a NAT-based router. Third, chances are the remote hosting platform blocks outgoing email from downstream servers such as a mobile PBX. Fourth, deciphering the IP address of your remote connection can be problematic. Fifth, the chances of experiencing one-way audio or no audio on your VoIP calls is high because of NAT-based routers at both ends of your connection.
For those that travel regularly or those that are living elsewhere during the Coronavirus pandemic and want to avoid the complexity of configuring OpenVPN, here is a quick thumbnail of the setup we recommend as your mobile companion. We use it regularly. You’ll never have a one-way audio problem again. In terms of hardware, you’ll need a Raspberry Pi 4B or 3B+ with its native WiFi support plus a Windows or Mac notebook computer for traveling. You’ll also need a NeoRouter VPN server to make this process seamless. If you’ve already set up an OpenVPN server platform, it will work equally well. One advantage of NeoRouter is that clients can be added from the client side without having to create a config file on the VPN server. All you need is a username and password. But the choice of VPN platform is totally a matter of preference. The objective using either OpenVPN or NeoRouter is secure communications to your home base. We don’t want to have to reconfigure either your home PBX or your traveling Raspberry Pi or your notebook PC based upon changes in your public and private IP addresses.
Today we’ll walk you through the easiest way to set up a (free) NeoRouter server on the Internet. It can be used to connect up to 254 devices on an encrypted private LAN. We’re delighted to have finally found a perfect use for the (free) Google Cloud instance.
Using a Raspberry Pi, build an Incredible PBX 2020 platform by following our latest tutorial. We’ll set this up on your home WiFi network so that you only have to throw the Raspberry Pi and its power supply in your suitcase when you travel. As part of the setup, we’ll download NeoRouter and activate private IP addresses for your notebook computer as well as both of your PBXs (using nrclientcmd
). Next, we’ll interconnect the two PBXs using SIP trunks and the NeoRouter private LAN IP addresses. We’ll take advantage of a neat little Raspberry Pi trick by storing a wpa_supplicant.conf
template on your PC for the remote WiFi setup even though we don’t yet know anything about the remote LAN. Once we know the SSID and password at the remote destination, we’ll use your notebook computer to edit the template and transfer the file to the /boot folder of your RasPi’s microSD card. When the card then is inserted and the RasPi is booted, it will automatically move the template to the proper /etc/wpa_supplicant folder to successfully activate your WiFi connection. We’ll also load links, a fast text-based browser, just in case you encounter a remote site that requires some sort of acknowledgement or password before establishing your WiFi connection to the Internet.
Setting Up a (free) NeoRouter Server in the Cloud
Because NeoRouter uses a star-based VPN architecture, that means the NeoRouter Server must always be available at the same IP address for all of the NeoRouter Clients (aka Nodes) to talk to. If you already have a cloud-based server that has a static IP address and can handle the traffic cop duties of NeoRouter Server, then that’s an ideal place to install NeoRouter Server. Simply download the Free flavor of NeoRouter Server that matches your existing platform and install it. Add an FQDN for your server’s IP address, and you’re all set. A detailed summary of available management options is included in our previous NeoRouter v2 article.
We devoted a couple weeks to Google Cloud instances, and it turned out to be a pretty awful platform for hosting Asterisk. But the free offering looks to be a perfect fit as a hosting platform for NeoRouter Server. You also won’t have to worry about Google going out of business anytime soon. So let us walk you through an abbreviated setup process on the Google Cloud platform. If you’re just getting started with Google Cloud, read our previous article to take advantage of Google’s generous $300 offer to get you started and to generally familiarize yourself with the mechanics of setting up an instance in the Google Cloud.
For NeoRouter Server, navigate to https://console.cloud.google.com. Click the 3-bar image in the upper left corner of your Dashboard. This exposes the Navigation Menu. In the COMPUTE section of the Dashboard, click Compute Engine -> VM Instances. Then click CREATE PROJECT and name it. Now click CREATE INSTANCE and Name it nrserver. The instance name becomes the hostname for your virtual machine. If you want to remain in the Free Tier, choose f1-micro instance as the Machine Type and choose a U.S. Region (us-central1, us-east1 or us-west1). For the Boot Disk, choose CentOS 6 and expand the disk storage to at least 20GB (30GB is available with the Free Tier). For the Firewall setting, leave HTTP and HTTPS disabled. Check your entries carefully and then click the Create button.
When your virtual machine instance comes on line, jot down the assigned public IP address. We’ll need it in a minute. Now click on the SSH pull-down tab and choose Open in a Browser Window. Now we need to set a root password and adjust the SSH settings so that you can login from your desktop computer using SSH or Putty:
sudo passwd root su root nano -w /etc/ssh/sshd_config
When the editor opens the SSH config file, add the following entries. Then save the file and restart SSH: service sshd restart
PermitRootLogin yes PasswordAuthentication yes
You now should be able to log in to your instance as root from your desktop computer using SSH or Putty. Test it to be sure: ssh root@server-IP-address
Before we leave the Google Cloud Dashboard, let’s make the assigned public IP address permanent so that it doesn’t get changed down the road. Keep in mind that, if you ever delete your instance, you also need to remove the assigned static IP address so you don’t continue to get billed for it. From Home on the Dashboard, scroll down to the NETWORKING section and choose VPS Network -> External IP Addresses. Change the Type of your existing address to Static and Name it staticip. Next, choose Firewall Rules in the VPS Network section and click CREATE FIREWALL RULE. Fill in the template like the following leaving the other fields with their default entries. Then click CREATE.
- Name: neorouter
- Target Tags: neorouter
- Source IP Range: 0.0.0.0/0
- Protocols/Ports: check tcp: 32976
CAUTION: Before this firewall rule will be activated for your instance, it also must be specified in the Network Tags section for your instance. Shut down your instance and add the neorouter tag by editing your instance. Then restart your instance.
Now we’re ready to install NeoRouter Free v2 Server on your instance. Be sure to choose the Free v2 variety. Log back into your server as root using SSH/Putty and issue these commands:
yum -y update yum -y install nano wget http://download.neorouter.com/Downloads/NRFree/Update_2.3.1.4360/Linux/CentOS/nrserver-2.3.1.4360-free-centos-x86_64.rpm rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm /etc/rc.d/init.d/nrserver.sh restart nrserver -setdomain <DOMAINNAME> <DOMAINPASSWORD> nrserver -adduser <USERNAME> <PASSWORD> admin nrserver -enableuser <USERNAME> nrserver -showsettings
Finally, add the following command to /etc/rc.local so that NeoRouter Server gets started whenever your instance is rebooted:
echo "/etc/rc.d/init.d/nrserver.sh start" >> /etc/rc.local
Installing Incredible PBX 2020 on a Raspberry Pi
Configuring NeoRouter Client on Your Computers
On Linux-based (non-GUI) platforms, setting up the NeoRouter Client is done by issuing the command: nrclientcmd
. You’ll be prompted for your NeoRouter Server FQDN as well as your username and password credentials. Perform this procedure on both your home PBX and the Raspberry Pi.
To add your Windows or Mac notebook to the NeoRouter VPN, download the appropriate client and run the application which will prompt for your NeoRouter Server FQDN as well as your NeoRouter credentials. Once completed, you should see all three machines in your NeoRouter Free Client Dashboard: your PC as well as your home PBX and Raspberry Pi-based Incredible PBX. Make note of the private VPN addresses (10.0.0.X) of both your home PBX and your Raspberry Pi. These VPN addresses never change, and we’ll need them to interconnect your PBXs and to set up a softphone on your notebook computer.
Admininistrative Tools to Manage NeoRouter
Here are a few helpful commands for monitoring and managing your NeoRouter VPN.
To access your NeoRouter Linux client: nrclientcmd
To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart
To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart
To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword
For a list of client devices: nrserver -showcomputers
For a list of existing user accounts: nrserver -showusers
For the settings of your NeoRouter VPN: nrserver -showsettings
To add a user account: nrserver -adduser username password user
To add admin account: nrserver -adduser username password admin
For a complete list of commands: nrserver –help
Interconnecting Your Raspberry Pi and Home PBX
To keep things simple, our setup examples below assume the following NeoRouter VPN addresses: Home PBX (10.0.0.1) and Raspberry Pi (10.0.0.2). Using a browser, you’ll need to login to the GUI of your Home PBX and Raspberry Pi and add a Trunk to each PBX. Be sure to use the same secret on BOTH trunk setups. We don’t recommend forwarding incoming calls from your Home PBX to your Raspberry Pi because most folks won’t be sitting in their hotel room all day to answer incoming calls. Instead, add the number of your smartphone to a Ring Group on the Home PBX and don’t forget the # symbol at the end of the number. On the Raspberry Pi side, we are assuming that whenever a call is dialed from a registered softphone with the 9 prefix, the call will be sent to the Home PBX for call processing (without the 9). For example, 98005551212 would send 800-555-1212 to the Home PBX for outbound routing and 9701 would send 701 to the Home PBX for routing to the 701 extension. You can obviously adjust your dialplan to meet your own local requirements.
On the Home PBX, the chan_sip trunk entries should look like this:
Trunk Name: raspi-remote PEER DETAILS host=10.0.0.2 type=friend context=from-internal username=home-pbx fromuser=home-pbx secret=some-password canreinvite=no insecure=port,invite qualify=yes nat=yes
On the Raspberry Pi, the chan_sip trunk entries should look like this:
Trunk Name: home-pbx PEER DETAILS host=10.0.0.1 type=friend context=from-internal username=raspi-remote fromuser=raspi-remote secret=some-password canreinvite=no insecure=port,invite qualify=yes nat=yes
On the Raspberry Pi, add an Outbound Route named Out9-home-pbx pointed to home-pbx Trunk with the following Dial Patterns. For each Dial Pattern, prepend=blank and prefix=9:
dial string: 1NXXNXXXXXX dial string: NXXNXXXXXX dial string: *98X. dial string: XXX dial string: XXXX dial string: XXXXX
Tweaking Your Raspberry Pi for WiFi Mobility
wpa_supplicant.conf
config file to the /boot directory on the card once you arrive at your destination and know the SSID and password of the local WiFi network. When the Raspberry Pi is subsequently booted, the operating system will move the config file to the /etc/wpa_supplicant directory so that your WiFi network will come on line. Here’s what a typical wpa_supplicant.conf
file should look like using your actual credentials. The last network section handles open WiFi network connections (think: McDonald’s) if you want to enable them:
country=US update_config=1 network={ ssid="your-SSID" psk="your-SSID-password" key_mgmt=WPA-PSK scan_ssid=1 priority=5 } network={ key_mgmt=NONE priority=1 }
The other gotcha is that some public WiFi networks require some type of web login procedure before you can actually access the Internet even though an IP address may have been assigned to your Raspberry Pi. To handle this situation, you’ll need a text-based web browser on the Raspberry Pi that can be accessed through your notebook PC using SSH and your Raspberry Pi’s VPN address. Our favorite is links which can be installed on your Raspberry Pi before you pack up.
apt-get install links -y
Once you arrive at your destination, connect both your notebook PC and Raspberry Pi to the same WiFi network, login to the RasPi with SSH at the VPN address assigned to your RasPi, and run links
to start the browser. Press <esc> to access the links menu options. If you can’t access your RasPi at the VPN IP address, try its WiFi-assigned local IP address.
Adding a Softphone to Your Notebook PC
For Windows PCs, we recommend VitalPBX Communicator. It’s a free download from here.
Another good choice is YateClient for Windows which also is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for an extension on your Raspberry Pi. Then enter the VPN IP address of your server plus your extension’s password. Click OK to save your entries.
If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.
Adding a Softphone to Your Smartphone
Enjoy your pain-free Home Away from Home!
Originally published: Tuesday, April 2, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Coping with Coronavirus: Working from Home with Asterisk
If one can only claim to be an expert in one subject matter, ours would be working from home building and deploying Asterisk®-based VoIP servers. We’ve been doing it for more than a decade. And, as the need for social distancing becomes imperative with the spread of COVID-19, working from home is by far the best antidote. For those with jobs in an actual office, you still need your computer and you still need transparent office phone call access. With an Internet connection, we will assume you can handle setting up a home computer on your own. So our focus today will be on showing you how to add your office phone to your home with VoIP to make and receive business calls with less pain than a WalMart checkout lane.
Here’s what you need:
- Home Internet Connection (15DN/5UP Mbps or faster)
- WiFi Router (Google Nest strongly recommended)
- Desktop or Notebook Computer (recent vintage)
- SIP Telephone (Incredible PBX SIP Phone recommended)
- Incredible PBX 2020 platform (VirtualBox or Raspberry Pi – both are free)
- VirtualBox software for your PC/Mac or a Raspberry Pi 4 for stand-alone PBX
- A quiet room at home with no screaming kids or barking dogs
- Smartphone with SIP software (optional for those that continue to travel)
We’ve written extensively about most of the components listed above so we will refer you to appropriate articles as we proceed. The plan is to build a free Incredible PBX® platform in your home and use it to receive calls from your office number and to make calls spoofing your office number so that those on the other end of the calls never know you’re not sitting at your desk in the office but are instead working from home.
Choosing an Incredible PBX Platform for Home Use
Once you have your network and desktop PC, Mac, or notebook computer set up at home, you have a decision to make. You can either run Incredible PBX as a task on this computer using VirtualBox, which means the computer needs to be operational all the time, or you can elect to build your Incredible PBX platform on a $35 Raspberry Pi 4 in which case your PBX is independent from your desktop or notebook computer. If you elect to run Incredible PBX on your home computer as a VirtualBox virtual machine, then follow this tutorial to install VirtualBox and the Incredible PBX 2020 virtual machine. If you decide to go the stand-alone route using a Raspberry Pi 4 as a dedicated platform for Incredible PBX 2020, then follow this tutorial to put all the pieces in place.
We typically run our remote systems using a Raspberry Pi 4 and a SIP phone, both with Wi-Fi connections. This means you can find a quiet place in your home to set up your office without worrying about network cables. Assuming you have good Internet service and a modern WiFi router such as the Google Nest device, you’ll never miss a beat. You can even drink on the job.
Choosing a VoIP Provider To Make & To Receive Calls
Even with your own PBX, you still need a connection to one or more VoIP service providers before you can communicate with those outside your network. Because we want to emulate your office phone environment, you probably will want a dedicated phone number and separate telephone to receive incoming calls from your office. This preserves the caller’s perception that he or she is dealing with you in your business capacity. We don’t want Junior answering incoming calls and shouting, "Daddy, somebody wants to talk to you."
We’re assuming that most business phone systems have the capacity to forward incoming calls to an external number. In this case, we recommend a new phone number known as a DID in the VoIP world. For outbound calls from your dedicated SIP phone, we will show you how to reset the outbound CallerID number to match your existing office phone number. Thus, both incoming and outgoing calls will appear to be emanating from your office.
As some of you know, in the VoIP world with Incredible PBX, the VoIP merchant providing your DID for incoming calls need not be the same as the company providing outbound call service. The cost of DIDs typically ranges from a few cents a month to a dollar or more. Most impose a per minute charge of about a penny a minute or less for both incoming and outgoing calls. The only mandatory requirement is that you choose an outbound call service that allows you to spoof your office’s CallerID number on the outbound calls. You probably will also want a CallerID Name (CNAM) service that associates names with incoming calls.
Both the Incredible PBX for VirtualBox and IncrediblePBX for the Raspberry Pi articles (links above) have extensive tutorials to deploy the various VoIP providers that we recommend. Just keep in mind that you usually get what you pay for. Cheaper isn’t always better when it comes to business communications.
Setting Up a SIP Phone for Incredible PBX 2020
You can connect virtually any kind of telephone to your new PBX. You don’t want callers and people you call to think you’re living in a tunnel so we recommend dedicated hardware for your SIP phone. The Incredible PBX SIP Phones are second to none and are very reasonably priced. In the FreePBX® GUI, simply navigate to Settings -> Clearly Devices. Here’s a tutorial to get you started and link your phone to the preconfigured SIP extension 701 on your PBX.
If price is your primary consideration, take a look at the Grandstream WiFi SIP phones. Refurbished Grandstream GXV3240 phones (a favorite of ours) are available for under $120.
Configuring an Inbound Route for Your Business Calls
For purposes of this tutorial, we will assume that you connected your new SIP phone to extension 701 on your PBX. Now we need to tell the PBX to route incoming calls from your office to your newly registered SIP phone on extension 701. Using a web browser, open the FreePBX GUI by pointing to the IP address of your PBX. Login as admin using the password you configured with /root/admin-pw-change. Once the FreePBX Dashboard displays, navigate to Connectivity -> Inbound Routes. Add a new route using the 10-digit number of the DID you acquired. As the Destination for the calls, choose Extension: 701. Click SAVE and reload your dialplan when prompted. Be sure you have also forwarded your office number to the new DID. Then place a test call to your office to verify everything is working properly.
Configuring an Outbound Route for Your Business Calls
A Default Outbound Route is automatically configured for Incredible PBX 2020. We need to modify it to route calls to your preferred trunk provider AND to specify the Outbound CallerID number for the calls as your 10-digit office number. In the FreePBX GUI, navigate to Connectivity -> Outbound Routes. Click on the pencil icon to the right of the Default route. In the Route CID field, enter the 10-digit number of your office. Change the Override Extension field from NO to YES. In the top entry of Trunk Sequences, use the pulldown menu to choose the Trunk Provider you want to use for outbound calls. Then click Submit and reload the dialplan when prompted. Place a test call from your SIP phone to a smartphone and make certain the incoming call displays your office phone number. If not, check with your SIP provider for the necessary steps to enable CallerID number spoofing.
Taking The Show On The Road
Once your home PBX is operational, there’s no reason you have to be tied to your desk at home all day. It’s easy to take the show on the road with an Android phone to make and receive your office calls. We use Android phone advisedly. Our experience with VoIP softphone connections using iPhones has always been hit and miss. And, with your business calls, we don’t think the platform is sufficiently reliable to recommend it. When you get incoming calls from your PBX, you want your smartphone to ring. When you make or receive calls on your smartphone, you want both ends of the conversation to be crystal clear. On the Android platform using the VitalPBX Communicator (free), it just works. We’ve had very different results using an iPhone.
If all you care about is receiving business calls (not making them) when away from your home, then an iPhone will work just as well as an Android phone. To set this up, just add your 10-digit cellphone number plus a # symbol after the number to the 777 Ring Group and make that ring group the destination for the Inbound Route for your office number in the FreePBX GUI. But if you prefer to make calls in both directions just as if you were sitting at your office desk, you’ll need a softphone on an Android device. Keep reading to learn how to set this up.
To get started, you’ll need to set up an OpenVPN server on some platform with a static IP address. Many businesses already have an OpenVPN server in which case you can ride on that one. Our OpenVPN tutorial will walk you through setting up your own and adding OpenVPN clients to both your Raspberry Pi and your Android smartphone. Once you have the clients installed, write down the private VPN addresses of both the Raspberry Pi and your Android phone. Next, on your Android phone, download and install the VitalPBX Communicator from the Google Play Store. In the FreePBX GUI, choose one of your preinstalled extensions to host the Android softphone and make note of the extension number and its password. Then use the Account Assistant in the Communicator to configure the connection on the smartphone end. Once it is registered, place a test call to make sure everything is working. Next we recommend changing the destination of the inbound calls to Ring Group 777 which will attempt to ring all five of the default extensions. Place a call to your office number and make sure that both your SIP phone and VitalPBX Communicator on your Android phone ring.
Continue Reading: Interconnecting a Mobile PBX to the Asterisk Mothership
Originally published: March 15, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Travelin’ Man 3: A Plug-and-Play Firewall for Incredible PBX
Seven years ago we introduced Travelin’ Man 3 to simplify the task of securing the Incredible PBX® VoIP platforms. Today we want to reexamine the Travelin’ Man 3 firewall design for the benefit of those that are new to Asterisk® and FreePBX®. In the old days, FreePBX-based VoIP servers were notoriously vulnerable because of numerous bugs in the original FreePBX code which was developed by dozens of developers around the world with very different skill sets. Not only did you risk having your server compromised, but there also was a very real risk of receiving a staggering phone bill for calls that neither you nor your users made.
Travelin’ Man 3 introduced a new security model by providing a whitelist-based, plug-and-play firewall for Incredible PBX servers using the Linux IPtables firewall platform. If the IP address of a device wasn’t listed in the firewall, then that device could not even see your PBX much less access it. SSH access, web access, SIP and IAX2 access all were blocked.
The whitelist design worked great so long as your PBX and all of your phones shared the same private network. But then came deployment of PBXs in the cloud on the wide open Internet. And, of course, there were traveling salesmen that moved from place to place with new IP addresses at every new hotel. And then there were the users with dynamic IP addresses whose IP address identity changed without much warning.
To address these limitations, Travelin’ Man 3 provided the add-ip script to whitelist new IP addresses. The setup included the ability to limit IP addresses to a certain group of features on the PBX such as SIP, IAX2, SSH, and web access. Or the administrator could enable full access to the PBX for a given IP address.
That solved the new IP address issue, but it wasn’t of much use to those with ever-changing dynamic IP addresses. Thus was born the add-fqdn addition which could be used in combination with a dynamic DNS provider to assign a fully-qualified domain name to a device and keep it regularly updated. An additional ipchecker script was also added as a cron job to pass IP address changes along to the IPtables firewall every 10 minutes.
To round out the Incredible PBX whitelist design, we added PortKnocker to protect administrators from locking themselves out of their own server. We added Travelin’ Man 4, OpenVPN and the NeoRouter VPN to facilitate easy access without resorting to the add-ip and add-fqdn utilities. Private LAN addresses are automatically whitelisted with Travelin’ Man 3 so deploying SIP phones with native VPN capability remains the simplest and safest connectivity option.
One key feature that sets Travelin’ Man 3 apart from other firewall alternatives is the fact that it’s plug-and-play. When you install any of the Incredible PBX 2020 platforms, your IPtables firewall and whitelist are automatically configured. The only requirement is that you perform the second phase of the Incredible PBX install using SSH or Putty from a desktop machine that will be used to manage your PBX. In that way, your desktop PC gets automatically whitelisted as part of the install process. And, as previously noted, all devices on the same private LAN or VPN as your Incredible PBX server have total access without jumping through any additional configuration hoops.
Let’s take a moment to examine how Travelin’ Man 3 works under the covers. First, it’s important to note that IPtables does not support FQDNs, only IP addresses. So, if you add an FQDN entry to the IPtables startup file, it gets translated into a static IP address when IPtables is started. More importantly, if that FQDN happens to be unresolvable when IPtables is started because the remote computer is off-line for some reason, then IPtables crashes and never deploys any of its other rules leaving your PBX totally exposed. For this reason, Travelin’ Man 3 handles firewall startup in a unique way. First, it loads some basic firewall rules, all of which have static IP addresses. These rules are found in the startup script: /etc/sysconfig/iptables on RedHat and CentOS platforms and /etc/iptables/rules.v4 on Debian, Ubuntu, and Raspbian platforms. Then, once IPtables is running, it executes the /usr/local/sbin/iptables-custom script with individual IPtables commands to deploy the remaining whitelist entries including FQDNs. When an individual IPtables command fails in this BASH script, the script simply moves on to the next rule without burning down the house. The only damage is an individual FQDN is not whitelisted. But the computer with this FQDN was off-line anyway so there’s no impact on the operation of your PBX. Once that computer comes back on line, it’s simple enough to whitelist the FQDN again. This is a long-winded explanation of why it’s important on Incredible PBX platforms to start and restart IPtables with the iptables-restart script rather than using systemctl restart iptables. The latter would only load the basic IPtables rules in the startup script and not iptables-custom.
Now that you know how Travelin’ Man 3 works, you may be wondering why FQDN support was never integrated into the IPtables design. We’ve wondered much the same thing and never got much of an answer from the developers other than a cryptic response that IPtables worked as designed. Oh well. What we also have found is there is substantial institutional resistance to whitelist firewall implementations even though they provide the most secure computing environment for most deployments. Blacklists, standing alone, simply don’t work because either the bad guys poison the blacklist with legitimate IP addresses (such as the DNS servers upon which you rely) or the bad guys move on to a new IP address which has not yet been added to the blacklist.
We’d be the first to admit that additional flexibility may be desirable in certain edge cases particularly where end-users must rely upon a smartphone on the road with little more than a softphone app available to connect back to the mothership. But, again, we would strongly recommend deploying OpenVPN on all your devices and sticking with a whitelist solution for most scenarios. For those that can’t or won’t, take a look at the Incredible PBX PUBLIC offering as an alternative. It strikes a good balance using a combination of blacklists, some security through obscurity tricks, and implementation of rules blocking most script kiddies.
Originally published: Monday, March 9, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.