Home » Incredible PBX » Ubuntu/Debian (Page 14)
Category Archives: Ubuntu/Debian
The Most Versatile VoIP Provider: FREE PORTING
JUST RELEASED: Visit the Incredible PBX WikiThe New Hybrid PBX: Why Settle for a One Trick Pony?
Let’s face it. It’s hard not to like the application development flexibility that Asterisk® offers, especially if you’re part of an organization that has very specific telephony needs. But the price you pay for "free" and putting all of your eggs in the Asterisk basket is painful. Here are a few of the hurdles that come to mind: security, NAT, one-way audio, remote users, CRM support, conferencing, painful upgrades to address frequent bug fixes, and, more generally, telephone management and support. We love Asterisk, but…
Most folks don’t buy all of their cars or groceries or computer software from a single company. So why do it with your phone system when you can take advantage of the best of all worlds, open source and commercial? To us, that’s the compelling case for integrating a 3CX commercial PBX into your Asterisk infrastructure. It’s a new iteration of what we used to call a hybrid PBX. And you can do it without cost for a full year to kick the 3CX tires and provide your mobile users with transparent phone service regardless of where they are roaming. Using the special Nerd Vittles signup link, you get a custom version of 3CX that supports 4 simultaneous calls, 10-user web meetings, unlimited trunks, and 10 or more extensions. After the first year, you can either spring for less than $100 a year to maintain the 3CX free PBX platform and mobile clients with pain-free updates, or you can upgrade to a more robust 3CX Pro commercial offering with a much expanded feature set including call center technology and seamless CRM integration with MS Exchange, Salesforce, Microsoft Dynamics, Microsoft Outlook, Office 365, Google Contacts, Exact Online, Freshdesk, Datev, Zendesk, Nutshell, vtiger, EBP, Insightly, amoCRM, Bitrix24 and Act. What’s not to like?
If you’re a frequent Nerd Vittles visitor, you already know that the 3CX clients for iOS, Android, Windows, and Macs are one of our favorite telephony apps of all time. The ease with which the 3CX client can be configured with a single click on an email attachment is revolutionary. And, once configured, the fact that you never again experience a NAT problem with a SIP call is nothing short of miraculous. As we’ve previously mentioned, the 3CX Client provides a nearly perfect mobile client for those that rely upon Asterisk. Now 3CX is poised to release an even easier configuration procedure for their mobile clients in update 2 for version 15.5. Simply log into your 3CX web client on a PC or Mac and choose the Settings:QR Code option from the menu bar. 3CX will present a QR code to activate the 3CX Client for your smartphone. Scan it using the 3CX Client app on your smartphone and, presto, your phone is instantly provisioned. It doesn’t get any easier than this…
Let’s spend a little time reviewing our favorite Hybrid PBX setup. In this scenario which is perfect for small businesses with a mobile workforce, the setup looks like this. An Asterisk server is deployed to manage company trunks including Google Voice, voicemail, IVRs, custom apps, and extensions for every employee. Then we add a 3CX free PBX, interconnect it with the Asterisk PBX, and assign a 3CX extension for every employee. The 3CX extensions will all tie back to the employee extensions on the Asterisk PBX. It obviously simplifies things if you keep your number schemes consistent. For example, extension 7000 on the Asterisk PBX could be matched to extension 000 on the 3CX PBX. Then we set up outbound trunks on both the Asterisk PBX and 3CX to dial a 9 prefix to reach extensions on the other PBX. So dialing 9000 on the Asterisk PBX would connect the caller to extension 000 on the 3CX PBX. On the 3CX side, dialing 9000 would connect the caller to extension 7000 on the Asterisk PBX in our example. And, of course, 3CX Clients can reach any number worldwide using Asterisk outbound trunks by dialing a 9 prefix and then the long distance number. Our previous tutorials will walk you through setting this up with Incredible PBX® 13, Issabel™, any FreePBX®-based PBX, or even Wazo. Once you complete the 5-minute setup, mobile users can take advantage of all the powerful features on any 3CX Client platform while still receiving their incoming calls from the Asterisk-based office PBX by simply forwarding their extension to their matching 9XXX destination on the 3CX platform. This will ring their 3CX Client anywhere in the world with nothing but a Wi-Fi connection! And it’s a free call.
Published: Monday, October 16, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
The Ultimate Voice Dialer for Asterisk and Incredible PBX
Let’s face it. Voice recognition with Google has been hit and miss, and that’s on a good day. So we’re delighted to shift gears and introduce a new platform powered by IBM Watson’s Speech-to-Text (STT) engine. While it’s not free, that’s really theoretical for most of our readers. Your first month on the platform is entirely free. And, after that, you get 1,000 minutes a month of free voice recognition services. If you still want more, it’s 2¢ a minute.
We first introduced IBM’s STT platform back in March when we documented how to use the service to transcribe voicemails and deliver them via email. Today, we’re introducing the Incredible Voice Dialer for Asterisk. It runs on all of the major Incredible PBX platforms: CentOS, Wazo, and Issabel. It’s married to our AsteriDex phonebook application that is deployed with Incredible PBX using MySQL, MariaDB, or SQLite3 depending upon platform.
The way it works is a user picks up an extension on your PBX and dials 411. The caller will be prompted for the name of the person or company to call. Once the caller says the name, the Incredible Voice Dialer will send the recording to IBM’s Watson STT engine for transcription. The result is then passed to AsteriDex where the text will be matched against the phone number saved for that person or company. The number is then passed to your default outbound trunk to place the call. All of the magic happens in less than two seconds, and the call begins ringing at your destination. You can try it out for yourself on our demo server this week. Just dial: , choose option 1 when the IVR answers, and then say "Delta Airlines" or "American Airlines" when prompted for a name. The queries support wildcard matching. If you say "Delta", you’ll still be connected to Delta Airlines.
What About the Quality? Here’s the bottom line. Speech recognition isn’t all that useful if it fails miserably in recognizing everyday speech. The good news is that IBM Watson’s speech recognition engine is now the best in the business. If you want more details, read the article below which will walk you through IBM’s latest speech recognition breakthrough:
Why IBM's speech recognition breakthrough matters for AI and IoT. Via @techrepublic https://t.co/AJi8MA3E20
— IBM Developer (@IBMDeveloper) March 15, 2017
Creating an IBM Bluemix Speech to Text Account
NOV. 1 UPDATE: IBM has moved the goal posts effective December 1, 2018:
1. Create Bluemix account here.
2. Confirm your registration by replying to email from IBM.
3. Login to Bluemix using your new credentials.
4. Agree to terms and conditions, name your organization, and name your space (STT).
5. Choose Watson Speech to Text service and click Create.
6. When Speech to Text-kb opens, click Service Credentials tab (on the left).
7. In Actions column, click View Credentials. Write down your username and password.
8. Logout by clicking on image icon in upper right corner of dialog window.
Install Voice Dialer with Incredible PBX for Wazo
1. Login to your server as root using SSH/Putty and issue the following commands:
cd / wget http://incrediblepbx.com/ibmstt-411-wazo.tar.gz tar zxvf ibmstt-411-wazo.tar.gz rm -f ibmstt-411-wazo.tar.gz sed -i '\\:// BEGIN Call by Name:,\\:// END Call by Name:d' /etc/asterisk/extensions_extra.d/xivo-extrafeatures.conf sed -i '/\\[xivo-extrafeatures\\]/r /tmp/411.txt' /etc/asterisk/extensions_extra.d/xivo-extrafeatures.conf asterisk -rx "dialplan reload"
2. Edit /var/lib/asterisk/agi-bin/getnumber.sh and insert your IBM credentials from step #7 above into these variables:
API_USERNAME="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" API_PASSWORD="XXXXXXXXXXXX"
3. Save the file.
Install Voice Dialer on Other Incredible PBX Platforms
1. Login to your server as root using SSH/Putty and issue the following commands:
cd / wget http://incrediblepbx.com/ibmstt-411.tar.gz tar zxvf ibmstt-411.tar.gz rm -f ibmstt-411.tar.gz sed -i '\\:// BEGIN Call by Name:,\\:// END Call by Name:d' /etc/asterisk/extensions_custom.conf sed -i '/\\[from-internal-custom\\]/r /tmp/411.txt' /etc/asterisk/extensions_custom.conf asterisk -rx "dialplan reload"
2. Edit /var/lib/asterisk/agi-bin/getnumber.sh and insert your IBM credentials from step #7 above into these variables:
API_USERNAME="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" API_PASSWORD="XXXXXXXXXXXX"
3. Save the file.
Take Incredible Voice Dialer for a Test Drive
1. From an extension connected to your PBX, dial 411. When prompted for the name to call, say "Delta Airlines" or "American Airlines."
2. Quicker than you could actually dial the number, you’ll be connected.
Building Voice-Enabled Applications with Asterisk
All of our code is open source, GPL2 code so you’re more than welcome to use it, learn from it, and then build your own voice-enabled applications. Just abide by the terms of the license and share. When you review /var/lib/asterisk/agi-bin/getnumber.sh, you’ll see that it’s incredibly easy to change the backend database. Here’s the Wazo flavor of the script:
API_USERNAME="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" API_PASSWORD="XXXXXXXXXXXX" thisfile="$1" # sending the recording to IBM Watson for transcription curl -k -u $API_USERNAME:$API_PASSWORD -X POST --limit-rate 40000 --header "Content-Type: audio/wav" --data-binary @/tmp/$thisfile.wav "https://stream.watsonplatform.net/speech-to-text/api/v1/recognize?continuous=true&model=en-US_NarrowbandModel" 1>/tmp/$thisfile.txt # grabbing the text out of the IBM Watson response msg=`cat /tmp/$thisfile.txt | grep transcript | cut -f 2 -d ":" | cut -f 2 -d '"' | sed 's| *$||' | sed -e "s/\b\(.\)/\u/g"`% # passing text to MySQL (1st line) or SQLite3 (2nd line) for name lookup. answer is num2call. #num2call=$(mysql -uroot -ppassw0rd asteridex -ss -N -e "SELECT user1.out FROM user1 where name LIKE '$msg'"); num2call=`/usr/bin/sqlite3 /var/lib/asterisk/agi-bin/asteridex.sqlite "select out from user1 where name LIKE '$msg'"` # clearing out our temporary files rm -f /tmp/$thisfile.* # passing the results to the Asterisk dialplan echo "SET VARIABLE PTY2CALL "\""$msg"\""" echo "SET VARIABLE NUM2CALL "\""$num2call"\""" # we're done with the AGI bash script so let's exit gracefully exit 0
The Asterisk dialplan code could be modified for any number of applications. Here’s what it looks like on the Incredible PBX 13 platform. It’s slightly different with Wazo to accomodate their dialplan syntax.
;# // BEGIN Call by Name
exten => 411,1,Answer
exten => 411,n,Playback(custom/411)
exten => 411,n,Set(RANDFILE=${RAND(8000,8599)})
exten => 411,n,Record(/tmp/${RANDFILE}.wav,3,10)
exten => 411,n,Playback(/tmp/${RANDFILE})
exten => 411,n,AGI(getnumber.sh,${RANDFILE})
exten => 411,n,NoOp(Party to call : ${PTY2CALL})
exten => 411,n,NoOp(Number to call: ${NUM2CALL})
exten => 411,n,Goto(outbound-allroutes,${NUM2CALL},1)
exten => 411,n,Hangup()
;# // END Call by Name
There’s nothing magical about it. (1) It answers the call to 411. (2) It plays back a recording that prompts the user to say the name of the person or company to call. (3) It generates a random number to use for the filenames associated with the STT process. (4) It records the caller’s speech and saves it to the random filename as a .wav file which IBM STT can understand. (5) It passes the call to the AGI bash script to send the recording to IBM Watson and obtain the transcription and to pass the text to MySQL or SQLite3 to lookup the text in the AsteriDex database. (6) We display the called party’s name on the Asterisk CLI. (7) We display the called party’s phone number on the Asterisk CLI. (8) We place the call using the PBX’s default outbound route. (9) We hangup the call when it’s completed.
Published: Monday, October 9, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
VoIP Security: Installing SSL Certificates with Incredible PBX
We’ve got some revolutionary VoIP projects coming your way over the next several weeks, but I’m sorry to say the hardest part of them is getting your server configured to use secure and encrypted web communications via HTTPS. This is quickly becoming a universal requirement of most of the major technology players. So what might not be the most glamorous VoIP topic for a Monday morning is not only necessary but long overdue. The good news is that obtaining, installing, configuring, and maintaining an SSL certificate for your VoIP server is not the royal pain that it once was. And, by this time next week, you’ll be glad you went through the exercise. Thankfully, the EFF’s Certbot project is available to assist in installing free certificates from Let’s Encrypt.
Before we begin, here’s a word to the wise. You will save yourself a thousand headaches by deploying your Incredible PBX server in the cloud where you get a dedicated IP address and can easily assign a fully-qualified domain name (FQDN) to your server. Options now are available for as little as $1.50 to $3.50/month including Vultr which provides an incredibly reliable platform in many cities for as little as $2.50 a month. And another 50¢ buys you weekly image backups without lifting a finger. They can be restored with one click! If reliability and redundancy matter, you can’t beat Vultr’s price or the feature set, and we have tutorials to get you started with either Wazo or Issabel. If cost is your sole criteria, you can’t beat WootHosting at $1.50 a month. You’ll find a tutorial here. If performance is critical, you can’t beat OVH at $3.50/month with a Wazo tutorial here and an Issabel tutorial here. Finally, if you’re technically challenged, our corporate sponsor, RentPBX, will do all of the cloud migration for you and provide a turnkey, high performance VoIP platform for just $15/month. So what are you waiting for? Now’s the time. No excuses! It’s not going to get any cheaper or more reliable. And next week you’ll be thanking us. For these reasons, we’re saying goodbye our home-based servers sitting behind NAT-based firewalls. With the projects coming down the pike, the mountain is just too steep to continue that trek unless you have the technical expertise to pull it off yourself.
Obtaining and Installing an SSL Certificate
For CentOS 6 running Incredible PBX 13 or CentOS 7 running Incredible PBX for Issabel 4, begin by making certain that you can access your site using its FQDN with HTTP, e.g. http://myserver.mydomain.org. Get that working first. Next, log into your server as root using SSH/Putty and issue the following commands:
yum -y install python-devel python-pip python-setuptools python-virtualenv --enablerepo=epel yum -y install centos-release-scl yum -y install python27 scl enable python27 bash pip -V # should show python 2.7 pip install --upgrade pip pip install requests registry urllib3 pyOpenSSL --force --upgrade pip install certbot-apache --force --upgrade cd /root wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto service iptables stop ./certbot-auto --authenticator webroot --installer apache -w /var/www/html -d FQDN.here iptables-restart service httpd restart exit
During the automated setup, you can decide whether to force all web traffic to the secure site. We recommend it. Once the install finishes, test access to your server by going to your FQDN using HTTPS. Don’t continue with the setup until you get HTTPS working and your browser shows you have a SECURE site! Remember that you must renew your free certificate every 90 days by using the following /root/certbot-update script:
#!/bin/bash echo "Before you begin, type: scl enable python27 bash" echo "Then rerun this update script and press ENTER." read -p "If you already have done so, press Enter. Otherwise, Ctrl-C now" service iptables stop ./certbot-auto --authenticator webroot --installer apache -w /var/www/html -d FQDN.here iptables-restart echo "Type exit when this script completes." exit
For Debian 8 running Incredible PBX for Wazo, things are a bit more complicated because Wazo forces HTTPS access even though you do not yet have a certificate for your FQDN. Because of its NGINX web server platform, with Wazo you’ll have to manually install and configure certificates with certbot and LetsEncrypt. The silver lining with Wazo is HTTPS access gets you a WebRTC phone with a couple button clicks. Go to this link, click on the Config wheel (bottom right), click on the Pencil icon and plug in the FQDN of your server. Click SAVE. Enter your login name as 701 and the password assigned to the extension which you can obtain by running: /root/show-701-pw. That’s probably the quickest phone setup you’ll ever find. But we’re getting ahead of ourselves…
1. Let’s get certbot installed. Login to your server as root using SSH or Putty and issue the following commands:
cd /etc/apt echo "deb http://ftp.debian.org/debian jessie-backports main" >> sources.list apt-get update apt-get install certbot -t jessie-backports
2. Temporarily, turn off HTTPS since the certificate install requires HTTP access. In /etc/nginx/sites-enabled/xivo, comment out these 3 lines and save the updated file:
In server section for port 80: # include /etc/nginx/locations/http-enabled/*; In server section for port 443: # listen 443 default_server; # server_name $domain;
Then restart the web server: /etc/init.d/nginx restart. Now you have a basic http web server. If you want to verify that it’s working, use a browser and go to http://YOUR-FQDN/asteridex4/index.php. It should download the file to your desktop which isn’t desirable, but this is only temporary.
3. In /var/www/html, issue the following commands:
cd /var/www/html mkdir .well-known cd .well-known mkdir acme-challenge cd acme-challenge chown -R asterisk:www-data /var/www/html/.well-known
Leave this SSH/Putty session running temporarily and open a second SSH/Putty connection to your server logging in as root.
4. Disable your firewall temporarily: /etc/init.d/netfilter-persistent flush
5. Start the certbot installation script: certbot certonly –manual
6. You’ll be prompted for the FQDN of your server to generate the certificates. Then you’ll be given an oddball name AND an expected oddball response. With these two entries in hand, temporarily switch back to your other SSH session and issue these commands while positioned in /var/www/html/.well-known/acme-challenge:
mkdir ODDBALL-NAME cd ODDBALL-NAME echo "ODDBALL-RESPONSE > index.html" chown -R asterisk:www-data /var/www/html/.well-known
7. Use a browser to (quickly) go to http://YOUR-FQDN/.well-known/acme-challenge/ODDBALL-NAME/ and be sure your web server displays the expected ODDBALL-RESPONSE. You’ve got to get this working before you continue with the certbot install or it will fail. You only have a few minutes to do this before certbot will change the ODDBALL-NAME and ODDBALL-RESPONSE credentials. 3 consecutive failures and you have to wait an hour to try again. Guess how we know?
8. Once you get the expected response, switch back to your SSH session running the certbot installer and press ENTER to continue with the certificate install. When it completes, you’ll get a congratulatory note and a reminder that, in less than 90 days, you’ll need to run certbot renew to update your certificate.
9. Install the new certificates in NGINX and put things back together again:
cd /etc/nginx/sites-enabled nano -w xivo
10. Begin by removing the 3 # signs that we inserted to get HTTP working in step #2.
11. Near the bottom of the file, comment out these existing certificate lines:
# ssl_certificate /usr/share/xivo-certs/server.crt; # ssl_certificate_key /usr/share/xivo-certs/server.key; # ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:!SEED:+HIGH:+MEDIUM;
12. Add the following new lines just below the lines you commented out. Be sure to replace YOUR.FQDN in each line with the actual FQDN of your server:
ssl_certificate /etc/letsencrypt/live/YOUR.FQDN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR.FQDN/privkey.pem;
ssl_ciphers HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA;
13. Save the file and then restart your firewall and NGINX:
iptables-restart /etc/init.d/nginx restart
14. Edit /etc/apt/sources.list and comment out the jessie-backports line from step #1.
15. Reload your aptitude sources: apt-get update
16. Remember that you must renew your free certificate every 90 days by issuing this command: certbot renew --quiet.
Better yet, issue the following command to set up a cron job to auto-renew your certificate every week:
echo "5 3 * * 0 root /usr/bin/certbot renew --quiet > /dev/null 2>&1" >> /etc/crontab
17. Test things out with a web browser by visiting your FQDN. Your browser should now show the site as SECURE.
18. Now try out that new WebRTC phone.
Published: Monday, September 25, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
RTPbleed Security Alert: Asterisk Calls Can Be Intercepted
If you’ve installed Asterisk® during the past 4½ years, your server has a MAJOR security problem. If you didn’t already know, with Asterisk, your VoIP conversations actually are carried over a random UDP port using the Real Time Protocol (RTP), not the SIP port (UDP 5060) which handles the setup and teardown of your VoIP connections. It turns out that, since March 2013, all of that RTP traffic and thus your conversations could be intercepted and redirected by anyone on the Internet. As this recent article in The Register noted:
The problem occurs when [communications] systems like IP telephony have to get past network address translation (NAT) firewalls. The traffic has to find its way from the firewall’s public IP address to the internal address of the device or server, and to do that, RTP learns the IP and port addresses to associate with a call.
The problem is, the process doesn’t use any kind of authentication.
This is exacerbated by the fact that, by default, Asterisk and FreePBX® traditionally use the NAT=yes setting (whether needed or not) to enable this navigational magic just in case your calls need it. Without it, you may end up with no audio or one-way audio on your calls. Traditional wisdom was that an attacker needed to be positioned between the caller and the Asterisk server in order to intercept this media stream. As luck would have it, it turns out the man in the middle didn’t need to be in the middle after all. He could be anywhere on the Internet. The old adage to talk on the phone as if someone else were listening turns out to have been pretty good advice in the case of Asterisk communications. Even if you had a firewall, chances are you protected UDP port 5060 while exposing and forwarding UDP 10000-20000 to Asterisk without any safeguards.
According to last week’s Asterisk advisory, “To exploit this issue, an attacker needs to send RTP packets to the Asterisk server on one of the ports allocated to receive RTP. When the target is vulnerable, the RTP proxy responds back to the attacker with RTP packets relayed from the other party. The payload of the RTP packets can then be decoded into audio.” Specifically, if UDP ports 10000-20000 are publicly exposed to the Internet, anybody and everybody can intercept your communications without credentials of any kind. WOW!
So, there’s a patch to fix this, right? Well, not exactly:
Note that as for the time of writing, the official Asterisk fix is vulnerable to a race condition. An attacker may continuously spray an Asterisk server with RTP packets. This allows the attacker to send RTP within those first few packets and still exploit this vulnerability.
The other recommended "solutions" aren’t much better:
- When possible the nat=yes option should be avoided
- To protect against RTP injection, encrypt media streams with SRTP
- Add config option for SIP peers to prioritize RTP packets
The nat=no option doesn’t work if you or your provider employs NAT-based routers. The SRTP option only works on more recent releases of Asterisk, and it also requires SRTP support on every SIP phone. Prioritizing RTP packets is not a task for mere mortals.
Surprisingly, the one solution that is not even mentioned is hardening your firewall to block incoming UDP 10000-20000 traffic that originates outside your server. Our recognized SIP expert on the PIAF Forum had the simple solution. Bill Simon observed:
If the SDP in the INVITE or subsequent re-INVITE contains routable IP addresses, then use them for media. If the SDP contains non-routable IP addresses, then the client is behind a NAT and not using any NAT traversal techniques like SIP ALG, ICE/STUN, so send to the originating IP. Why are we making allowances here for media to come from anywhere? I think you can probably clamp down your firewall as much as you want, because symmetric RTP should allow media to get through by way of establishing an outbound stream (inbound stream comes back on the same path).
Our testing confirms that simply blocking incoming RTP traffic on your firewall solves the problem without any Asterisk patch. In short, RTP traffic cannot originate from anonymous sources on the Internet.
For those using Incredible PBX® or Travelin’ Man 3 or an IPtables firewall, the fix is easy. Simply remove or comment out the INPUT rule that looks like this and restart IPtables:
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
On RedHat/CentOS servers, the rule is in /etc/sysconfig/iptables. On Debian/Ubuntu and Raspbian servers, you’ll find the rule in /etc/iptables/rules.v4. On Incredible PBX for Issabel servers, you’ll find the rule in /usr/local/sbin/iptables-custom. On all Incredible PBX platforms, remember to restart IPtables using only this command: iptables-restart.
Published: Friday, September 8, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
A VPN for All Seasons: Introducing NeoRouter v2
Today, we want to revisit our favorite client-server VPN, NeoRouter. It’s included with all versions of Incredible PBX® and eases the pain of setting up air-tight firewalls as well as High Availability (HA) redundant servers with VoIP. NeoRouter relies upon a central server and uses a star topology to connect remote nodes. The major difference between NeoRouter and PPTP VPNs is that only registered devices participate in the virtual private network so there is no direct access to other machines on the LANs of the registered devices. If you have servers or users scattered all over the countryside, NeoRouter is an excellent (and free) way to manage and interconnect them. All data and communications between the nodes can then be routed through the encrypted VPN tunnel for rock-solid security.
With NeoRouter’s latest 2.3 (free) software, you can set up your VPN server using a PC, a Mac, a Linux or FreeBSD machine, OpenWrt Backfire, Tomato, or even a Raspberry Pi. With all versions of Incredible PBX, the NeoRouter Free Client is automatically installed. To bring up NeoRouter, all you need to do is install the NeoRouter Free Server on one of your machines and then login to the server from each NeoRouter Client using your server credentials. VPN clients also are available for PCs, Macs, Linux and FreeBSD machines, Raspberry Pi, OpenWrt, Tomato as well as Android and iOS phones and tablets. There’s even an HTML5 web application in addition to a Chrome browser plug-in. With the OpenWrt and Tomato devices or if you’re an extreme techie, you can broaden your NeoRouter star configuration and bridge remote LANs. See pp. 58-63 of the NeoRouter User’s Manual.
You can interconnect up to 256 devices to the NeoRouter Free Server at no cost. For $999, you can enlarge your VPN to support 1,000 devices. Screen sharing, remote desktop connections, HTTP, and SSH access all work transparently using private IP addresses of the VPN nodes which are automatically assigned in the 10.0.0.0 private network.
Today we are introducing the second generation of the NeoRouter VPN solution. It’s suitable for use on a dedicated server or running as a virtual machine. Whether to run NeoRouter Free server on a dedicated machine is your call. We never do. And NeoRouter never requires exposure of your entire server to the Internet. Only a single TCP port needs to be opened in your hardware-based firewall or IPtables Linux firewall. The only real requirement is a dedicated IP address for your server so that the client nodes can always find the mothership. We typically run the NeoRouter server component on our failover VoIP server with Wazo HA. We’ll finish up today by showing you how to back up the critical components of NeoRouter Server so that, if your server platform ever should fail, it only takes a few minutes to get back in business on a new server platform. Let’s get started.
Creating Your NeoRouter Server Platform
We’re assuming you already have an Incredible PBX server of some flavor running on a dedicated IP address with the IPtables firewall. If not, start there.
First, on your IPtables firewall, make certain that TCP port 32976 has been whitelisted for public access. On Incredible PBX platforms, this is automatic. You can double-check by running iptables -nL and searching for an entry that looks like this:
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32976
Second, we need to download and install the NeoRouter Free Server for your platform. Be sure you choose the version that matches your operating system, CPU architecture, and type. Debian and Ubuntu servers use the same code. We do not recommend Raspberry Pi as a suitable platform for your NeoRouter server!
For RedHat/CentOS 64-bit platforms, here’s the download link. While logged into your server as root, issue the following command using the downloaded 64-bit RPM:
rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm
For Ubuntu/Debian 64-bit platforms, use this link. While logged into your server as root, issue the following command using the downloaded 64-bit .deb image:
dpkg -i nrserver-2.3.1.4360-free-ubuntu-amd64.deb
Third, each administrator (admin) and user is going to need a username to access your NeoRouter VPN. You can use the same credentials to log in from multiple client machines, something you may or may not want to do. Here are the commands to create admin and user accounts. Don’t use any special characters in the username and password!
nrserver -adduser username password admin
nrserver -adduser username password user
You’re done. Now let’s register your NeoRouter server with the mothership.
After your NeoRouter Free Server is installed, you can optionally go to the NeoRouter web site and register your new VPN by clicking Create Standalone Domain. Make up a name you can easily remember with no periods or spaces. You’ll be prompted for the IP address of your server in the second screen. FQDNs are NOT permitted.
When a VPN client attempts to login to your server, the server address is always checked against this NeoRouter database first before any attempt is made to resolve an IP address or FQDN using DNS. If no matching entry is found, it will register directly to your server using a DNS lookup of the FQDN. Whether to register your VPN is totally up to you. Logins obviously occur quicker using this registered VPN name, but logins won’t happen at all if your server’s dynamic IP address changes and you’ve hard-coded a different IP address into your registration at neorouter.com.
Configuring and Connecting Your NeoRouter Client
As mentioned previously, there are NeoRouter clients available for almost every platform imaginable, including iPhones, iPads, and our beloved Raspberry Pi. NeoRouter Client software is included in all Incredible PBX builds. If you’re using some other platform, Step #1 is to download whatever client is appropriate to meet your requirements. Here’s the NeoRouter Download Link. Make sure you choose a client for the Free version of NeoRouter. Obviously, the computing platform needs to match your client device. The clients can be installed in the traditional way with Windows machines, Macs, etc. Once enabled, you can use your NeoRouter Client to create a VPN tunnel to connect to any other resource in your virtual private network using SSH, VoIP clients, and web browsers.
To activate the NeoRouter client while logged in as root, type: nrclientcmd. You’ll be prompted for your Domain, Username, and Password. You can use the registered domain name from neorouter.com if you completed that step above. Otherwise, be sure to use the FQDN assigned to your NeoRouter Server. Once you’re logged in, you will be presented with the names and private IP addresses of all of your connected nodes.
To exit from NeoRouter Explorer, type: quit. The NeoRouter client will continue to run so you can use the displayed private IP addresses to connect to any other online devices in your NeoRouter VPN. All traffic from connections to devices in the 10.0.0.0 network will flow through NeoRouter’s encrypted VPN tunnel. This includes inter-office SIP and IAX communications between Asterisk® endpoints. These private IP addresses can also be used to create a High Availability (HA) platform with Wazo even if the servers are not colocated.
Admininistrative Tools to Manage NeoRouter
Here are a few helpful commands for monitoring and managing your NeoRouter VPN.
Browser access to NeoRouter Configuration Explorer (requires user with Admin privileges)
Browser access to NeoRouter Remote Access Client (user with Admin or User privileges)
Manage your account on line at this link
To access your NeoRouter Linux client: nrclientcmd
To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart
To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart
To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword
For a list of client devices: nrserver -showcomputers
For a list of existing user accounts: nrserver -showusers
For the settings of your NeoRouter VPN: nrserver -showsettings
To add a user account: nrserver -adduser username password user
To add admin account: nrserver -adduser username password admin
Test VPN access: http://www.neorouter.com/checkport.php
For a complete list of commands: nrserver –help
To change client name from default pbx.local: rename-server OR…
- Edit /etc/hosts
- Edit /etc/sysconfig/network
- Edit /etc/sysconfig/network-scripts/ifcfg-eth0
- Edit /etc/asterisk/vm_general.inc
- reboot
For the latest NeoRouter happenings, visit the NeoRouter blog and forum.
Backing Up NeoRouter Server for That Rainy Day
Yes, servers fail sooner or later. So it’s best to plan ahead and avoid having to recreate your NeoRouter VPN from scratch. Backing up your server is easy. Log into your server as root and issue the following command:
tar cvzf nr-server-db.tar.gz /usr/local/ZebraNetworkSystems/NeoRouter/NeoRouter_0_0_1.db /usr/local/ZebraNetworkSystems/NeoRouter/Feature.ini
Copy nr-server-db.tar.gz and your NeoRouter Server installer to a safe place!
When that sad day arrives, be sure that your original NeoRouter Server is off line. Then reinstall NeoRouter Server on a new server platform using your original NeoRouter Server installer. If necessary, change the DNS entry for your original NeoRouter server to the new IP address. Then shut down new NeoRouter Server, load your backup, and restart server:
/etc/rc.d/init.d/nrserver.sh stop cd / tar zxvf nr-server-db.tar.gz /etc/rc.d/init.d/nrserver.sh start
Published: Monday, August 21, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Twofer Tuesday: $1.50 Cloud Bargains for VoIP Deployments
We’ve been big fans of $5/month VPS offerings of Digital Ocean and Vultr for many years. When Vultr reduced their lowest tier to $2.50/month, we were ecstatic. These weren’t ideal VoIP platforms because of their 512MB memory constraint, but they were perfectly suitable as a sandbox for experimentation. And then along came OVH with a 2GB VPS that was nearly perfect for VoIP at $3.49/month. As we all know, the Earth does not stand still, and WootHosting now has once again changed the landscape with two different $1.50/month offerings that include 2GB of RAM. That’s cheaper than the cost of electricity to run a server in your home or office. Never mind that you also have to purchase a server.
As most of you know, we eat our own dog food before recommending products, and we’ve deployed both the Wazo and Issabel PBXs on the WootHosting platform being reviewed today. In addition, we’ve deployed a multi-purpose web server to host more than a dozen of our personal sites using an even better second offering that we also will cover today.
The first offering (pictured above) actually provides a platform for two separate VoIP servers. For each of the servers, you have a choice of sites: New York, Miami, or Los Angeles. Why would you want two servers? The most obvious answer is redundancy. Wazo already offers High Availability (HA) redundant servers with the click of a button. Our deployment tutorial is available here. By deploying identical servers in two cities, you have a failsafe VoIP platform that can survive almost any natural or man-made disaster. And the total cost for both cloud servers is just $3 a month. A similar implementation for other Incredible PBX platforms is now under development on the PIAF Forum. Compare these free options to HA solutions from other VoIP providers costing $3,000 plus maintenance.
If a New York-based cloud offering will meet your needs, the second WootHosting offer is even more impressive with 4 CPU core allocations, 2GB RAM and swap space, a whopping 150GB of storage, 3TB of monthly bandwidth, and advanced DDOS protection for $1.50/mo.:
As we mentioned, we actually use this second VPS offering to host more than a dozen of our personal web sites without a hiccup. But it is sufficiently robust to host very large VoIP implementations with support for dozens of simultaneous calls. A deployment guide for Wazo is available here. As with all cloud-based servers, we strongly recommend redundant system deployments in separate locations. Additional WootHosting specials in their various locations are documented on the New York ordering page. Enjoy!
Published: Tuesday, August 15, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Choosing the Best (free) PBX for SOHO Deployments
[iframe-popup id="6″]
When it comes to choices in free PBXs, times have indeed changed. A decade ago your options went something like this. There was Asterisk@Home or Asterisk@Home. Then along came trixbox® and Elastix® and PBX in a Flash™ and AsteriskNOW®. What remained constant throughout this evolution was the underlying Asterisk® platform. With the exception of Digium’s offering, the remaining products all included the FreePBX® GUI. Then came a whole new way of looking at things with FreeSWITCH®. Another morphing occurred when the FreePBX developers introduced their own distribution which bundled free software with a collection of commercial demoware, better known as NagWare. Along the way we introduced Incredible PBX™ which let you choose an underlying platform and then an installer preconfigured the entire PBX together with dozens of applications. We also discovered an open source sleeper called XiVO that morphed into Wazo. It wasn’t long until commercial companies discovered that there might be gold in them hills. Sangoma® purchased FreePBX and 3CX acquired PBX in a Flash and Elastix. Digium’s AsteriskNOW product morphed into a rebranded FreePBX Distro®. Another popular commercial company that had been around the Asterisk community for more than a decade was Xorcom, and in 2016, they introduced their own freeware PBX called Ombutel. Another well-respected commercial provider, 3CX, quickly followed suit and introduced a collection of freeware PBXs1 including PBX in a Flash 5, Elastix 5, and a free edition of its popular 3CX UC platform running under Debian. Whew! What a ride it has been. But now what?
We’ve gone from rags to riches, but how do you sort out which solution is best for you? I’m reminded of some advice my dad gave me when I was trying to choose a college to attend. He said, "Make yourself a list of what’s important to you, and then rank each school from 1 to 10 on each of those criteria. Add up the columns, and there’s your answer." I would offer you the same advice in choosing a PBX. So let’s start with our list of 10 criteria in no particular order that should be considered in choosing a PBX. Then we’ll drill down on each of these and provide some tips on what to consider when you develop your own scorecard.
- Reputation of the Provider
- Reliability of the Product
- Feature Set
- Security
- Performance
- Redundancy
- Ease of Deployment
- Ease of Use
- Support Availability
- Long-Term Cost
A couple other factors will weigh into your ratings. First, your own level of expertise matters. And, second, the intended use for your PBX is critically important. If you’re deploying a PBX in your home where the only Happy Campers have to be you and the Little Mrs., that’s obviously a different use case than a business that relies upon telephones for its livelihood. If you have 30 years of telephony and networking experience, that makes some of these criteria less important than others. You can adjust your ratings scale accordingly or simply remove the criteria that don’t matter in your particular situation.
1. Reputation of the Provider
Depending upon whether you’ve chosen an open source PBX and your own level of expertise, the reputation of the provider matters. And, for those that aren’t do-it-yourselfers, the reputation of the installer or reseller is also important. There’s a reason that people pay big bucks for Cisco phone systems. Provider reputation becomes even more significant if you’re installing a closed source system and there’s a risk that the vendor won’t be around in a couple of years. If, on the other hand, you’re choosing a free PBX as a sandbox to learn about telephony, then provider reputation is obviously less important than some of the other factors. One of the real beauties of the Internet is that it’s easy to obtain information on and customer ratings of providers. So do your homework!
2. Reliability of the Product
Forums such as the PIAF Forum and DSL Reports provide a limitless supply of information about PBX offerings. Take the time to read user comments about their experience with the various offerings. Most of the free PBX products we’ve listed above have been around for many years, but that doesn’t always tell you everything you need to know. Visit the provider’s own forum so you can see for yourself what problems are being reported by their own users. If there are dozens of postings about bugs and non-working components with no proffered solutions, that’s usually a pretty good hint to start looking elsewhere.
3. Feature Set
Whenever we provide consulting services to companies, the first thing we do is ask everyone in the organization to provide a list of the top 10 features they need in an ideal phone system. You then can take that survey and match it against available offerings for free and commercial PBXs. If 90% of your users travel and need their smartphones integrated into the company’s PBX, that’s important. If your organization depends upon incoming phone calls for 90% of your new business, then deployment of a PBX that never hands out busy signals is critical. If IVRs need to be integrated into your existing corporate databases to check availability of product without employee intervention, then write it down as a "must have." You get the idea. Figure out what really matters to everyone that will actually be using phones connected to your PBX. Then find the offerings that are the best fit insofar as features are concerned.
4. Security
The last thing anyone wants to see is a whopping phone bill because some creep on the other side of the globe managed to make expensive calls on your nickel. Do all the research that time permits to discover which phone systems have a history of security breaches. Does the phone system you are considering have its own firewall? Is it self-configured or are you on your own? Will you need to hire a consultant just to keep your phone system secure? What’s your budget for security mistakes? A PBX isn’t free if you get an unexpected $100,000 phone bill. Visit the forums including the forums of the providers you are considering and look for any mentions of security breaches, hacking, and bugs related to software vulnerabilities. Google is your friend as well. Search for the name of the PBX you’re considering together with the word "vulnerability" and see how long a list you receive. Last, but not least, visit CVE Details and look up the scorecard of your vendor and product. One final consideration worth mentioning is the procedure required to update the PBX when security vulnerabilities are discovered. Is it a manual upgrade process or is it automatic when you log into your server? Do you have to keep abreast of security developments by regularly visiting some web site or are the alerts prominently displayed on the admin interface whenever you log into your PBX? Are you responsible for keeping the underlying operating system vulnerabilities patched or does your vendor handle that as well? Suffice it to say, you get what you pay for when it comes to a secure PBX. Do your homework and decide whether a free PBX really is the best choice for your situation.
5. Performance
There’s a big difference in a phone system for a home or SOHO deployment with a handful of phones versus a small business PBX with dozens of phones and hundreds or thousands of calls every day. Lots of external factors weigh into the actual performance you will see with any given phone system. For VoIP-based PBXs, your calls are only as good as your Internet connection and the ability of your server to handle the workload. Whether you plan to deploy your PBX on local hardware or in the Cloud also impacts performance. There are cloud providers and cloud providers. Some put you on an overloaded shared server to maximize profits while others (such as our own advertiser, RentPBX) carefully monitor the time slice that every PBX receives to assure reliable PBX performance all the time. As we’ve previously noted, you get what you pay for. Don’t expect a Cloud at Cost server for which you paid a one-time fee to provide the same level of performance and phone quality as a dedicated server or a provider such as RentPBX. Our best advice is to try your desired platform with your desired PBX. You’ll know quickly whether the combination will meet your performance requirements.
6. Redundancy
If your business depends upon reliable telephone calls, redundancy would be a requirement at the top of our list. How long can your business go without incoming or outgoing phone service? Do you have a dedicated administrator on staff? Does your support provider offer 24/7 assistance? Answers to those questions will narrow down your options. With a dedicated administrator on site and a hot standby server, you probably have all the redundancy you need unless criticality is judged in minutes. In the latter case, a High Availability failover system may be what you need. You can spend thousands of dollars on software and hardware to achieve an acceptable level of High Availability. What is your budget? Luckily, Wazo is a free alternative that also includes free HA support. All you need is a second server which could be a second hardware device on site or a Cloud-based server at minimal cost. We’ve documented the Wazo HA setup procedure here if you want to evaluate whether it will meet your requirements.
7. Ease of Deployment
Determining the ease with which you can deploy a new server is obviously subjective and depends upon your skill set, the expertise of others in your organization, and the complexity of the system you will be deploying. Bringing up and configuring the various systems is the only way you’re going to get an accurate picture of what’s involved. If you will be relying upon a vendor to perform the heavy lifting, then get some references and start making calls to judge the satisfaction level of similarly situated customers. Then ask yourself what the likelihood is that your vendor will still be around five years down the road. Is there a competitor that could step in and perform the same tasks? Are your available choices limited to telephone support or are on site services available to assist with or perform setup and configuration tasks? Be sure to get an accurate estimate of the overall cost of deployment including server and telephone configuration as well as staff training.
8. Ease of Use
Nothing holds a candle to letting employees at all levels in your organization actually use the system you’ve chosen before you purchase it. Particularly with a phone system, a free evaluation period is worth its weight in gold. The beauty of a free PBX is you can install it and kick the tires to your heart’s content. To end users, the ease of use determination is pretty simple. There’s a phone sitting on the desk. Does it do what I need it to do to get my job done?
9. Support Availability
There are three kinds of support: in-house, free, and paid. If you have in-house staff to manage and support your PBX, this criteria may be less important to you. If not, then the free and paid options are important. We have tens of thousands of administrators who have relied upon the PIAF Forum for support over the years. With the latest PBXs that have been around for a very long time, that’s probably all you need if you have made backups and have a recovery plan or a redundant system. As for paid support, the sky’s the limit quite literally. Telephone support does not equal on site support. If your business demands 24×7 phone service, then choose a support option that can make that happen.
10. Long-Term Cost
Last, but not least, is factoring in the overall cost of your phone system. Just because your PBX may be free, it doesn’t mean that add-ons and software maintenance and support are. Do the math and figure out what the long-term cost actually is to get the feature set and support level that your business requires. It may very well turn out that $395 a year for a fully-supported commercial PBX such as our corporate sponsor’s 3CX PBX may be a downright bargain compared to a free PBX for which you’d easily spend that much with a single call for commercial support. Do the math before you jump feet first into the free fire.
Originally published: Monday, May 8, 2017
| SECURITY ALERT: The Sangoma® Portal reportedly has been compromised. According to Sangoma’s Chief Operating Officer, customers’ root passwords were stored on Sangoma servers as a favor to customers to facilitate future support access by Sangoma staff. That procedure now has been discontinued. Although not acknowledged, the root passwords were apparently stored in unencrypted format unbeknownst to customers. More than a dozen customers have since reported their servers were compromised using their own root credentials. Sangoma maintains there is a "theoretical possibility" that their portal was the culprit although the COO indicates that they have been unable to find any evidence of an intrusion. Rootkit appears to be a word missing from the Sangoma lexicon. If you do business with Sangoma through their web portal, you are well advised to check your server immediately to determine if your PBX also has been compromised. Full details regarding breach detection and a link to Sangoma’s response are available on the PIAF Forum. If your server has been hacked, prudence would dictate rebuilding your server from the ground up. There was no mention whether Sangoma did the same after a previous unauthorized intrusion. As this incident reinforces, attempting to patch a compromised server is extremely risky. |
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
- Don’t confuse a free PBX with Sangoma’s FreePBX® GUI. The former means a truly free PBX. The latter is a code generator for Asterisk that commingles free components with commercial nagware for which you have to pay registration fees before use and maintenance fees annually after purchase. [↩]
IBM’s Speech Recognition Engine Comes to Asterisk
Eight years ago, we introduced transcription for Asterisk® voicemail messages. When the messages were delivered by email, you got both a recording and the transcribed text courtesy of Google. As with most things Google, the licensing terms changed regularly and voicemail transcription became more convoluted until it became next to worthless. Today we begin our new exploration of IBM’s Watson Developer Cloud. It offers a rich collection of services at unbelievably low price points. We’re kicking things off by introducing a better Speech-to-Text (STT) solution with IBM’s Bluemix. The STT API performs better than any speech recognition engine in the world. And you won’t have to worry about Google breaking our middleware every month. On the Lite plan, up to 100 minutes per month are free. Or you can opt for the Standard pay-as-you-go plan for 2¢ per minute and let your customers yack all they like. That works out to $1.20 an hour which still is pretty cheap secretarial help. In coming weeks, we will introduce IBM’s Text-to-Speech (TTS) offering and Lisa. Up to a million characters of TTS service monthly are free. Here’s a sample to give you a taste of the voice quality:
[soundcloud url="https://api.soundcloud.com/tracks/312693441″ params="auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true" width="100%" height="350″ iframe="true" /]
NOV. 1 UPDATE: IBM has moved the goal posts effective December 1, 2018:
For new deployments, your API Username will be apikey, and your API Password will be your actual APIkey.
Overview. What we’ve done today is integrate the STT Bluemix API directly into existing Asterisk voicemail systems. We started with Nicolas Bernaerts’ terrific sendmailmp3 script. It works on both the Wazo and FreePBX® platforms. If you have deployed Incredible PBX, then the setup takes a couple of minutes. For everyone else, there’s an additional configuration step using your favorite GUI. To get started, you’ll sign up for a Bluemix account and obtain your credentials. Next, you download today’s script for your platform and insert your credentials. Finally, you set up voicemail on the extensions desired and insert an email address for each voicemail account. On generic FreePBX systems, you’ll need to add the name of our script to manage your voicemail recordings.
What About the Quality? Here’s the bottom line. Speech recognition isn’t all that useful if it fails miserably in recognizing everyday speech. The good news is that IBM Watson’s speech recognition engine is now the best in the business. If you want more details, read the article below which will walk you through IBM’s latest speech recognition breakthrough:
Why IBM's speech recognition breakthrough matters for AI and IoT. Via @techrepublic https://t.co/AJi8MA3E20
— IBM Developer (@IBMDeveloper) March 15, 2017
Creating an IBM Bluemix Speech to Text Account
Follow this link to set up your IBM account and obtain credentials for both Speech to Text (STT) and Text to Speech (TTS) services. Please note that your STT and TTS API keys will NOT be the same. So don’t accidentally use the wrong one.
Installing STT Engine with Incredible PBX for Wazo
1. After logging into your Incredible PBX for Wazo server as root using SSH/Putty:
cd /usr/sbin wget http://incrediblepbx.com/sendmailibm.tar.gz tar zxvf sendmailibm.tar.gz rm -f sendmailibm.tar.gz
2. Edit sendmailibm and insert Bluemix STT credentials on lines 29 and 30. Save the file.
3. Edit bluemix-test and insert Bluemix STT credentials on first two lines. Save the file.
4. Copy the updated sendmailibm file to sendmail:
cd /usr/sbin cp -p sendmailibm sendmail
5. Test your Bluemix STT setup: bluemix-test
6. Result should be: please record your message after the beep
7. Set up voicemail account for a Wazo extension with your email address.
8. Place a test call to the extension and record a voicemail when prompted.
9. Your message will be transcribed and delivered via email.
Installing STT Engine with Incredible PBX for RasPi
1. After logging into your Raspberry Pi server as root using SSH/Putty:
cd /usr/sbin wget http://incrediblepbx.com/sendmailibm-raspi.tar.gz tar zxvf sendmailibm-raspi.tar.gz rm -f sendmailibm-raspi.tar.gz
2. Edit sendmailmp3.ibm and insert Bluemix STT credentials on lines 28 and 29. Save file.
3. Edit bluemix-test and insert Bluemix STT credentials on first two lines. Save the file.
4. Copy the updated sendmailmp3.ibm file to sendmailmp3:
cd /usr/sbin cp -p sendmailmp3.ibm sendmailmp3
5. Test your Bluemix STT setup: bluemix-test
6. Result should be: your dictation is now being processed and emailed please wait
7. Set up voicemail for a RasPi extension with your email address.
8. Place a test call to the extension and record a voicemail when prompted.
9. Your message will be transcribed and delivered via email.
Installing STT Engine with Incredible PBX 13
1. After logging into your Incredible PBX 13 server as root using SSH/Putty:
cd /usr/local/sbin wget http://incrediblepbx.com/sendmailibm-13.tar.gz tar zxvf sendmailibm-13.tar.gz rm -f sendmailibm-13.tar.gz
2. Edit sendmailmp3.ibm and insert Bluemix STT credentials on lines 28 and 29. Save file.
3. Edit bluemix-test and insert Bluemix STT credentials on first two lines. Save the file.
4. Copy the updated sendmailmp3.ibm file to sendmailmp3:
cd /usr/local/sbin cp -p sendmailmp3.ibm sendmailmp3
5. Test your Bluemix STT setup: bluemix-test
6. Result should be: we are now transferring you out of the company directory…
7. Set up voicemail for an extension and include your email address.
8. Place a test call to the extension and record a voicemail when prompted.
9. Your message will be transcribed and delivered via email.
Installing STT Engine with Legacy FreePBX® Servers
1. Follow steps #1 through #7 from the Incredible PBX 13 tutorial above.
2. Choose Settings -> Voicemail Admin -> Settings in the GUI.
3. In the format field, insert: wav|wav49
4. In the mailcmd field, insert: /usr/local/sbin/sendmailmp3
5. Click Submit to save your settings and then Reload the FreePBX Dialplan.
6. Place a test call to the extension and record a voicemail when prompted.
7. Your message will be transcribed and delivered via email.
Update: Matt Darnell reports that, depending upon your existing setup, you may need to add the unix2dos and lame packages with legacy FreePBX servers to get MP3 messages delivered correctly.
Originally published: Monday, March 20, 2017
9 Countries Have Never Visited Nerd Vittles. Got a Friend in Any of Them https://t.co/wMfmlhiQ9y #asterisk #freepbx pic.twitter.com/TPFGZbqWB6
— Ward Mundy (@NerdUno) April 22, 2016
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Free Asterisk Solutions