Home » Incredible PBX » Wazo & XiVO (Page 3)
Category Archives: Wazo & XiVO
Game Changer: Hooking Up Facebook with Incredible PBX
There aren’t many VoIP discoveries that get us this excited about the future of telecom. But merging with 1.5 billion users plus Facebook’s enormous talent pool and technology resources is definitely something worthy of your attention. What a Facebook marriage with the VoIP platform could mean for the future of telecommunications is nothing short of earth-shattering. Few people still have home phones. Almost everyone has a Facebook account and a cellphone. If VoIP solutions for businesses fail to take those last two sentences into account, commercial PBX’s days are numbered… and it’s not a big number.
So why integrate Facebook Messenger into your PBX? The screenshot above says it all.
Think of the possibilities. Using Facebook Messenger on your smartphone or desktop PC, you could query a CRM database running on your VoIP server and instantly connect to anyone in the world by making a free call or sending a free text message. Using Facebook Messenger, you or any designated employee could receive instant alerts when a new voicemail or fax arrived on your PBX. Using Facebook Messenger, the Call Center possibilities are virtually endless as documented here. Using Facebook Messenger, you as an administrator could literally manage your entire fleet of PBXs from the convenience of your smartphone… anywhere in the world. While the Facebook Messenger platform does not independently support phone calls between its users today, it’s just a matter of time. Look at the name of the product. Is there any doubt where this project is headed given the fact that Apple already supports free calling with Facetime, Microsoft supports free calling with Skype, Google supports free calling with Google Voice, and Amazon supports free calling with its Echo platform?
Facebook integration is revolutionary in another way as well. It heralds the arrival of chatbots to do the heavy lifting for telecom businesses as well as system administrators. Just as ATMs revolutionized banking, chatbots are poised to do much the same thing for communications and Internet support. Down the road, we’ll document how to take advantage of this chatbot technology using Facebook Messenger.
We need to learn to walk before we can run. So today we’ve developed a Facebook webhooks integration project for Incredible PBX® that is perfect for administrators, whether you manage a home PBX or a dozen PBXs for an organization. We’ll get to some of the other possibilities in future articles. Setting this up is the best way we can think of to get your creative juices flowing to consider what’s possible and to identify where to go next. When we’re finished, you’ll have a Facebook Messenger platform from which you can issue any Linux® or Asterisk® command to your server. And, you’ll be able to send messages from your PBX to Facebook Messenger to identify any events you wish to monitor, whether it’s phone calls, or voicemails, or receipt of faxes, or even VoIP provider outages. In addition, you can even reroute calls by entering simple call forwarding commands in Messenger.
Before we get started, let’s get all of the legal stuff out of the way up front. WE PROVIDE OPEN SOURCE, GPL CODE TO OUR READERS AT NO COST. ALWAYS HAVE. ALWAYS WILL. THE TRADEOFF IS YOU MUST AGREE TO ACCEPT ALL RISKS INHERENT IN USING THE SOFTWARE, WHETHER THOSE RISKS ARE KNOWN OR UNKNOWN TO YOU OR TO US. THE SOFTWARE IS PROVIDED "AS IS" AND MAY BE USED AS DELIVERED, OR YOU MAY MODIFY IT TO MEET YOUR OWN NEEDS SUBJECT TO THE TERMS OF THE GPL 2 LICENSE AVAILABLE HERE. IF YOU ARE UNWILLING TO AGREE TO THESE TERMS AND CONDITIONS, STOP READING HERE AND MOVE ON TO SOME OTHER WEB SITE. OTHERWISE, LET’S BEGIN WHAT WE PROMISE WILL BE A TERRIFIC ADVENTURE.
Overview of Facebook Messenger Webhooks Project
Here is a thumbnail sketch of what we’ll be covering today. Once you get an SSL certificate installed for your server, the remaining steps are a walk in the park. When we’re finished, you’ll have a Facebook Messenger platform that is seamlessly integrated with your PBX. The current software release supports Incredible PBX 13 with CentOS 6, Incredible PBX for Issabel, and Incredible PBX for Wazo. Minor tweaking required for other Asterisk platforms.
- SSL Certificate – Obtaining and installing an SSL certificate for your web server
- Security – Locking down your server for safe, secure Facebook Messenger access
- Incredible PBX Webhooks App – Installing the server-side webhooks software
- Facebook Integration – Interconnecting Facebook Messenger and Incredible PBX
- Outbound Call Setup – Configuring Incredible PBX to make outbound calls from FB
- Incoming Call Alerts – Configuring Incredible PBX for FB Messenger call alerts
- Webhooks Feature Set – Our tutorial covering all supported webhook commands
- SMS Messaging – Configuring Incredible PBX for SMS Messaging support with FB
- Webhooks Tips & Tricks – Adjusting our code to meet your own requirements
Obtaining and Installing an SSL Certificate
Believe it or not, the hardest part of today’s project was covered in last week’s Nerd Vittles tutorial. It walked you through obtaining and installing an SSL Certificate on any of the major Incredible PBX platforms. This gets your server configured to use secure and encrypted web communications via HTTPS which is both a Facebook requirement and a smart idea. There’s no need to read further until you get your server working properly with an SSL certificate because the Facebook integration component will fail until you get HTTPS access squared away. So start there and return here when you’re finished.
The Most Important Piece of the Puzzle: SECURITY
If you’ve been following Nerd Vittles over the years, you already know that our most important consideration with any PBX deployment is security. A PBX without a secure firewall is an invitation for an astronomical phone bill. Today’s setup assumes you already have deployed Incredible PBX with its Travelin’ Man 3 firewall that provides a whitelist of IP addresses that may access (or even see) your server. By definition, Facebook Messenger is a public platform available to everyone in the world. So how do we safely integrate it into your PBX while preserving the security of your server and its telecom resources? We do it in several ways. First, Facebook Messenger Webhooks are tied to a commercial Facebook page even though you don’t need a business in order to create the page. As the owner of that Facebook Page, you have to authorize users to access the page. DON’T! Make this a page that is solely dedicated to managing your PBX through Messenger. DO NOT USE THIS FACEBOOK PAGE AS THE PUBLIC FACE FOR YOUR BUSINESS! Also make certain that your Facebook credentials include a very secure password… as if the integrity of your PBX depended upon it. IT DOES! So long as you follow these guidelines, Facebook’s own security mechanisms will protect your PBX from intrusion. If this discussion makes you nervous, our last topic today will show you how to remove components from the code to eliminate any functionality you wish to turn off.
As configured, Facebook Messenger Webhooks won’t work at all with Incredible PBX because the firewall should block all web access to your server. This requires a change on the Incredible PBX for Wazo platform which we will cover momentarily. The way we will provide Facebook access is by adding the Facebook server IP addresses to the existing whitelist, and then we’ll run a bash script every night to keep the Facebook IP addresses current.
In the past, we opened TCP port 443 (HTTPS) to public access on the firewall with Incredible PBX for Wazo. Instead, we relied upon web server authentication for access to the Wazo, Telephone Reminders, and AsteriDex services. That needs to be changed before you interconnect with Facebook Messenger, and we’ll include that in the commands to whitelist the Facebook servers below.
1. To secure port 443 in your firewall, be sure that the port is not exposed in /etc/sysconfig/iptables (CentOS) or /etc/iptables/rules.v4 (Debian/Ubuntu/Raspbian). And then restart the Incredible PBX firewall.
sed -i 's|443|450|' /etc/sysconfig/iptables sed -i 's|443|450|' /etc/iptables/rules.v4 iptables-restart
2. Verify your new configuration: iptables -nL
. Search for 443 and make certain it is NOT in the whitelist.
3. Verify that the whois package is installed on your server by issuing the command: whois. If you get a file not found error, install the package using the top line for CentOS and the bottom line for Debian/Ubuntu/Raspbian:
yum install whois apt-get install whois
4a. For Issabel and Incredible PBX 13, add to the end of /usr/local/sbin/iptables-restart these lines to whitelist the FB servers. Then restart the firewall: iptables-restart
whois -h whois.radb.net -- '-i origin AS32934' | grep ^route: | sed "s|route: |/usr/sbin/iptables -A INPUT -s |" | sed "s|$| -p tcp -m tcp --dport 443 -j ACCEPT|" > /usr/local/sbin/iptables-facebook chmod +x /usr/local/sbin/iptables-facebook /usr/local/sbin/iptables-facebook
4b. For Incredible PBX for Wazo, add to end of /usr/local/sbin/iptables-restart these lines to whitelist the FB servers. Then restart the firewall: iptables-restart
whois -h whois.radb.net -- '-i origin AS32934' | grep ^route: | sed "s|route: |/sbin/iptables -A INPUT -s |" | sed "s|$| -p tcp -m tcp --dport 443 -j ACCEPT|" > /usr/local/sbin/iptables-facebook chmod +x /usr/local/sbin/iptables-facebook /usr/local/sbin/iptables-facebook
5. Verify your new configuration: iptables -nL
. You should see numerous whitelist entries for port 443 at the end of the listing.
6. Add the following command at the bottom of /etc/crontab to assure that the Facebook server IP addresses are kept current:
20 0 * * * root /usr/local/sbin/iptables-restart >/dev/null 2>&1
7a. For Issabel and Incredible PBX 13, create new web directory, set ownership/permissions to house the Facebook Messenger webhooks, and add a sample web page:
mkdir /var/www/html/fb echo "Hello World" > /var/www/html/fb/index2.php chown -R asterisk:asterisk /var/www/html/fb
7b. For Incredible PBX for Wazo, create web directory, set ownership/permissions to house the Facebook Messenger webhooks, and add a sample web page:
mkdir /var/www/html/fb echo "Hello World" > /var/www/html/fb/index2.php chown -R asterisk:www-data /var/www/html/fb chmod -R 775 /var/www/html/fb
8a. For Issabel and Incredible PBX 13, no further configuration is required.
8b. For Incredible PBX for Wazo, we need to enable access to the fb web directory. Edit /etc/nginx/locations/https-available/01_incrediblepbx:
At the top of the file, add the following:
location ~* ^/fb/. *\(?:ico|css|js|gif|jpe?g|png)${ root /var/www/html; }
At the bottom of the file, add the following:
location ~ /fb/ { root /var/www/html; index index.php; try_files $uri $uri/ =404; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fasstcgi_index index.php; include fastcgi_params; fastcgi_pass unix:/var/run/php5-fpm.sock; }
Finally, restart the NGINX web server: service nginx restart
9. Using a browser, verify access to sample page: https://SERVER-FQDN/fb/index2.php
Installing Incredible PBX Webhooks Application
Now it’s time to install the Incredible PBX webhooks application on your PBX:
cd /var/www/html/fb wget http://incrediblepbx.com/incrediblewebhooks.tar.gz tar zxvf incrediblewebhooks.tar.gz rm incrediblewebhooks.tar.gz
For Issabel and Incredible PBX 13, adjust the file ownership and permissions like this:
chown -R asterisk:asterisk /var/www/html/fb chmod -R 775 /var/www/html/fb
For Incredible PBX for Wazo, adjust the file ownership and permissions like this:
chown -R asterisk:www-data /var/www/html/fb chmod -R 775 /var/www/html/fb
Hooking Up with Facebook
1. Visit the Facebook Developer’s Page and click Add a New App. Give your app a Display Name and provide your Contact Email. Match the letters in the box to get past the Security Check to display the Facebook Product List.
2. When the Facebook Product List appears, click Messenger and choose Setup.
3. In the Token Generation section, click Create a new Facebook Business Page to open a separate browser tab. Do NOT use a page that you use for other purposes! Company, Organization, or Institution is a good choice because there’s a Telecom Company category. Give your new page a Descriptive Name: incrediblepbx-podunk.
4. Return to your Token Generation browser tab and Select the Page you just created from the pull-down list (see Token Generation section of image below). Click Continue and OK to accept the default settings. Facebook then will generate a Page Access Token.
5. Copy the Page Access Token to your clipboard and paste it into the $access_token variable in the config.inc.php template in /var/www/html/fb. Write it down and keep it in a safe place. You’ll always need it to create new webhooks applications. This is the important link to talk to your Facebook Webhooks.
6. In the Webhooks section, click Setup Webhooks. In the Page Subscription form, enter the callback URL for your page. This is the https address to access your Facebook directory with a browser, e.g. https://YOUR-FQDN/fb. Make up a very secure Verify Token and enter it on the form and in the $verify_token variable in the config.inc.php template. This is the code Facebook will send to initially shake hands with your web page. The two entries must match to successfully set up your webhooks linkage. For Subscription Fields, check the Messages box. Then click Verify and Save. If it worked, you’ll get a Complete checkmark in the Webhooks section (see below). The last step is to again Select your Page in the Webhooks section to interconnect Facebook with your PBX. After choosing your page, be sure to click Subscribe or nothing will work. Here’s what a successful setup looks like:
7. To test things out, open Facebook Messenger on a desktop PC, Mac, or smartphone. Search Messenger for the Facebook page you linked to in the previous step. Then click on it to open it. Type howdy in the Message Box at the bottom of the dialog and click Send.
8. You should get an automated response that looks like this:
Hi there and welcome to BotWorld. SenderID: 13824822489535983
9. Copy the SenderID and paste it into cli-message.php together with Page Access Token from step #5, above.
Outbound Call Setup for Facebook Messenger
Outbound calling with Facebook Messenger works like this. You can connect to a specific number using the dial command. Or you can use the call command to look up an entry in your AsteriDex database. Messenger then will display the matching phone number and give you the option of placing the call. When the call is initiated, Incredible PBX will first call your designated CALL-PICKUP-NUMBER. It could be an extension or ring group of your choice. You could even specify a mobile phone number as the pickup destination provided your PBX supports at least two simultaneous outbound calls. Google Voice and many SIP providers can handle this with a single DID. Our personal preference is to route the pickup call to a trunk on a 3CX server which then sends the call to every 3CX client registered with the 3CX server. No NAT issues ever! Once you pick up the call on your designated phone, Incredible PBX will place the second call to the number you requested in Facebook Messenger. The two calls then are connected as if you had placed the call directly. The brief video below demonstrates how this works and the flexibility of using Acer’s $250 Chromebook Flip with Messenger and a 3CX client as a (free) WiFi-based web communications platform with Google Voice. It lets you place and take calls from anywhere in the world so long as you have Wi-Fi access. It’s a dirt cheap travel companion.
To make all of this work, you need to designate a phone in /var/www/html/fb/.cli-call to take outbound calls initiated from Facebook Messenger. This is either an extension number or a 10-digit CALL-PICKUP-NUMBER in the examples below. To set this up, edit .cli-call and choose one of the following examples. Comment out the other Channel options.
For Issabel and Incredible PBX 13, choose from the following:
#echo "Channel: SIP/701" > /tmp/cli.call #echo "Channel: SIP/vitel-outbound/1CALL-PICKUP-NUMBER" > /tmp/cli-call echo "Channel: Motif/gSOME-GV-NAMEgmailcom/1CALL-PICKUP-NUMBER@voice.google.com" > /tmp/cli.call
For Incredible PBX for Wazo, choose from the following:
echo "Channel: Local/701@default" > /tmp/cli.call #echo "Channel: Local/CALL-PICKUP-NUMBER@default" > /tmp/cli.call
Incoming Call Alerts with Facebook Messenger
If you’ve always wished for screenpops to announce your incoming calls, you’re going to drool at the FB Messenger Webhooks implementation with Incredible PBX. It works (simultaneously) on desktop PCs, Macs, iPhones/iPads, Android devices, and Apple Watch:
To set up incoming call alerts with Facebook Messenger, just issue the commands for your platform as outlined below.
For Incredible PBX 13, add the following to the end of extensions_override_freepbx.conf in /etc/asterisk directory. Then reload Asterisk dialplan: asterisk -rx "dialplan reload"
[cidlookup] include => cidlookup-custom exten => cidlookup_1,1,Set(CURLOPT(httptimeout)=7) exten => cidlookup_1,n,Set(CALLERID(name)=${CURL(https://api.opencnam.com/v2/phone/${CALLERID(num)}?format=pbx&ref=freepbx)}) exten => cidlookup_1,n,Set(current_hour=${STRFTIME(,,%Y-%m-%d %H)}) exten => cidlookup_1,n,Set(last_query_hour=${DB(cidlookup/opencnam_last_query_hour)}) exten => cidlookup_1,n,Set(total_hourly_queries=${DB(cidlookup/opencnam_total_hourly_queries)}) exten => cidlookup_1,n,ExecIf($["${last_query_hour}" != "${current_hour}"]?Set(DB(cidlookup/opencnam_total_hourly_queries)=0)) exten => cidlookup_1,n,ExecIf($["${total_hourly_queries}" = ""]?Set(DB(cidlookup/opencnam_total_hourly_queries)=0)) exten => cidlookup_1,n,Set(DB(cidlookup/opencnam_total_hourly_queries)=${MATH(${DB(cidlookup/opencnam_total_hourly_queries)}+1,i)}) exten => cidlookup_1,n,ExecIf($[${DB(cidlookup/opencnam_total_hourly_queries)} >= 60]?System(${ASTVARLIBDIR}/bin/opencnam-alert.php)) exten => cidlookup_1,n,Set(DB(cidlookup/opencnam_last_query_hour)=${current_hour}) exten => cidlookup_1,n,System(/usr/bin/php /var/www/html/fb/cli-message.php "Incoming call: ${CALLERID(number)} - ${CALLERID(name)}.") exten => cidlookup_1,n,Return() exten => cidlookup_return,1,ExecIf($["${DB(cidname/${CALLERID(num)})}" != ""]?Set(CALLERID(name)=${DB(cidname/${CALLERID(num)})})) exten => cidlookup_return,n,Return() ;--== end of [cidlookup] ==--;
For Incredible PBX for Issabel, add this to the end of extensions_override_issabel.conf in /etc/asterisk directory. Then reload Asterisk dialplan: asterisk -rx "dialplan reload"
[cidlookup] include => cidlookup-custom exten => cidlookup_5,1,Set(CURLOPT(httptimeout)=7) exten => cidlookup_5,n,Set(CALLERID(name)=${CURL(https://api.opencnam.com/v2/phone/${CALLERID(num)}?format=pbx&ref=issabelpbx)}) exten => cidlookup_5,n,Set(current_hour=${STRFTIME(,,%Y-%m-%d %H)}) exten => cidlookup_5,n,Set(last_query_hour=${DB(cidlookup/opencnam_last_query_hour)}) exten => cidlookup_5,n,Set(total_hourly_queries=${DB(cidlookup/opencnam_total_hourly_queries)}) exten => cidlookup_5,n,ExecIf($["${last_query_hour}" != "${current_hour}"]?Set(DB(cidlookup/opencnam_total_hourly_queries)=0)) exten => cidlookup_5,n,ExecIf($["${total_hourly_queries}" = ""]?Set(DB(cidlookup/opencnam_total_hourly_queries)=0)) exten => cidlookup_5,n,Set(DB(cidlookup/opencnam_total_hourly_queries)=${MATH(${DB(cidlookup/opencnam_total_hourly_queries)}+1,i)}) exten => cidlookup_5,n,ExecIf($[${DB(cidlookup/opencnam_total_hourly_queries)} >= 60]?System(${ASTVARLIBDIR}/bin/opencnam-alert.php)) exten => cidlookup_5,n,Set(DB(cidlookup/opencnam_last_query_hour)=${current_hour}) exten => cidlookup_5,n,System(/usr/bin/php /var/www/html/fb/cli-message.php "Incoming call: ${CALLERID(number)} - ${CALLERID(name)}.") exten => cidlookup_5,n,Return() exten => cidlookup_return,1,ExecIf($["${DB(cidname/${CALLERID(num)})}" != ""]?Set(CALLERID(name)=${DB(cidname/${CALLERID(num)})})) exten => cidlookup_return,n,Return() ;--== end of [cidlookup] ==--;
For Incredible PBX for Wazo, edit /etc/asterisk/extensions_extra.d/cid-superfecta.conf. In the [xivo-subrgbl-did] context just below the n(keepon),Gosub(cid-superfecta,s,1) line, insert the following. Then reload the Asterisk dialplan: asterisk -rx "dialplan reload"
same = n,System(/usr/bin/php /var/www/html/fb/cli-message.php "Incoming call: ${XIVO_SRCNUM} - ${CALLERID(name)}.")
Incredible PBX Webhooks Feature Set
Now that we’ve got all the pieces in place and properly configured, let’s briefly walk through the various options that are available. With all commands, you use Facebook Messenger with your designated web page on any platform supported by Messenger.
dial 8005551212 – connects to designated extension and then calls 8005551212
call Delta – looks up Delta in AsteriDex and provides button to place the call
lookup Delta – looks up Delta in AsteriDex and provides button to place the call
!command – executes a Linux command, e.g. !asterisk -rx "sip show registry"
howdy – returns greeting and SENDER ID of your FB page (Hookup, item #9)
help – provides links to phone help as well as PIAF and Asterisk forums
sms 10-digit-SMS-number "Some message" – sends SMS message through GV
update – updates Messenger platform for Incredible PBX to the latest & greatest
anything else – returns whatever you typed as a response (for now)
Configuring Incredible PBX for SMS Messaging
We’ve implemented a traditional SMS messaging function in this build that let’s you send an SMS message to any phone if you have a Google Voice account and assuming you have pygooglevoice functioning properly on your PBX. The Google Voice account need not be registered as a trunk on the PBX. To use the feature, insert your Google Voice credentials including your plain-text password for a working Google Voice account in /var/www/html/fb/.smssend. Then test the SMS functionality by issuing the following command from the Linux CLI:
/var/www/html/fb/.smssend 10-DIGIT-SMS-NUMBER "Hello SMS World"
If an error occurs, the script will tell you what to try to fix it. Begin by Enabling Less Secure Apps. Then follow this link to relax Google Voice security on your account. If it still fails after trying both of these methods, you may have an old build of pygooglevoice. Here are the commands to bring your system up to current specs. Then try again.
cd /root rm -r pygooglevoice git clone https://github.com/wardmundy/pygooglevoice.git cd pygooglevoice python setup.py install cp -p bin/gvoice /usr/bin/.
Once you’ve sent an SMS message successfully using .smssend, you can start sending SMS messages from within Messenger. Syntax: sms 10-digit-SMS-number "Some message"
Incredible PBX Webhooks Tips & Tricks
There’s lots to learn with Facebook Messenger Webhooks. When we started two weeks ago, there were no PHP resources on the web that offered much help. Lucky for you, our pain is your gain. The meat of the coconut is primarily stored in the index.php in your fb directory. Print it out and it will tell you everything you ever wanted to know about coding webhooks with PHP.
Disabling Shell Access. While shell access only provides asterisk or www-data permissions depending upon your platform, we’ve nevertheless heard from more than one source exclaiming what a dumb idea it is to put a webhooks shell command out in the wild. We trust our readers to use it responsibly and to always place it behind a firewall with public access to TCP port 443 blocked. If that design and the Facebook security mechanisms still leave you queasy, the short answer is to remove that block of code on your server or change the access code from ! to something much more obscure, e.g. YuKFoo!
. This is easy to do but just be aware that if you change the access code or even remove the block of code, running the update command to load the latest release from Incredible PBX Headquarters will overwrite your changes. So it’s probably a better idea to rename the update command (line 248) as well so you don’t accidentally run it. You’ll find the shell command block of code beginning at line 64 in the 170928 version. If you change the access code to a different string, remember to change the substring "1″ reference in that line and the subsequent line to the actual length of your access code, e.g. YukFoo! is seven characters long so the number 1 would be replaced with 7 in BOTH lines 64 and 65.
Other Security Measures. We don’t trust anybody (and that includes Facebook) when it comes to accessing resources from our paid VoIP providers. We would encourage you to run this application on a dedicated Incredible PBX in the Cloud server that has only a single Google Voice trunk with no funds balance in that particular Google account. In this way, if your server is compromised, the worst thing that can happen is your Google account gets compromised or some stranger makes U.S. and Canadian calls without financial cost to you. Now that Cloud servers are available for less than $2 a month, it makes good sense to separate out applications that pose heightened security issues for you and yours. If you do decide to use a SIP provider rather than a Google Voice trunk, we strongly recommend restricting international calls and keeping a minimal balance in your account with no automatic replenishment enabled.
Getting Rid of Lenny. The help command included in the feature set provided is more of a traditional web page with buttons simulating hot links. We’ve included a nifty telephone option in the help features. It let’s you embed a phone number that is called using client-side integration whenever help is entered and the "Talk to Lenny" option is clicked:
What client-side integration means is the calls use any dialer available on the Messenger client’s platform. They are not sent to your PBX for processing. On a Mac or iPhone, Facetime provides free calls. On Windows, Skype provides paid calls. On Android devices, the Google Hangouts Dialer provides free calls. Facebook basically passes tel: +18005551212 to the client’s browser, and it’s up to the client’s browser to figure out how to process the call. We currently have the feature configured to "Talk to Lenny," but you could change it to Phone Home or Call the Office and enter your own phone number. Here are the commands to do it. Just replace "Phone Home" in the first command below with whatever label desired. Replace "8005551212″ in the second line with the number to be called. Leave the other Lenny entry and phone number as they are since they will be overwritten by these two commands. As noted above, your modifications will be overwritten whenever you execute the update command.
sed -i 's|Talk to Lenny|Phone Home|' /var/www/html/fb/index.php sed -i 's|8436060444|8005551212|' /var/www/html/fb/index.php
Enhanced Calling Option. Beginning with the October 1 update which you can obtain by entering the update command in Messenger, you now have two calling options on some smartphone platforms. The call command still triggers an AsteriDex lookup on your PBX. But now you have a choice in how to place the call. (1) You can click the dial button to place the outbound call through your PBX, or (2) you can click on the retrieved phone number link to place the outbound call using the client-side resource available on your Messenger platform, e.g. Facetime, Skype, or Google Hangouts. In some circumstances, the client-side call may be preferable since it avoids the two-step calling procedure used by Asterisk. The choice is yours and may depend upon the availability and cost of the client-side call when placed from your calling location.
Special Thanks. Our special hat tip to Scott T. Tabor (@ABSGINC) for his pioneering work on Facebook Webhooks. You can visit the PIAF Forum and Scott’s blog to review how far we have come in just two weeks. Thanks, Scott.
Published: Monday, October 2, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
VoIP Security: Installing SSL Certificates with Incredible PBX
We’ve got some revolutionary VoIP projects coming your way over the next several weeks, but I’m sorry to say the hardest part of them is getting your server configured to use secure and encrypted web communications via HTTPS. This is quickly becoming a universal requirement of most of the major technology players. So what might not be the most glamorous VoIP topic for a Monday morning is not only necessary but long overdue. The good news is that obtaining, installing, configuring, and maintaining an SSL certificate for your VoIP server is not the royal pain that it once was. And, by this time next week, you’ll be glad you went through the exercise. Thankfully, the EFF’s Certbot project is available to assist in installing free certificates from Let’s Encrypt.
Before we begin, here’s a word to the wise. You will save yourself a thousand headaches by deploying your Incredible PBX server in the cloud where you get a dedicated IP address and can easily assign a fully-qualified domain name (FQDN) to your server. Options now are available for as little as $1.50 to $3.50/month including Vultr which provides an incredibly reliable platform in many cities for as little as $2.50 a month. And another 50¢ buys you weekly image backups without lifting a finger. They can be restored with one click! If reliability and redundancy matter, you can’t beat Vultr’s price or the feature set, and we have tutorials to get you started with either Wazo or Issabel. If cost is your sole criteria, you can’t beat WootHosting at $1.50 a month. You’ll find a tutorial here. If performance is critical, you can’t beat OVH at $3.50/month with a Wazo tutorial here and an Issabel tutorial here. Finally, if you’re technically challenged, our corporate sponsor, RentPBX, will do all of the cloud migration for you and provide a turnkey, high performance VoIP platform for just $15/month. So what are you waiting for? Now’s the time. No excuses! It’s not going to get any cheaper or more reliable. And next week you’ll be thanking us. For these reasons, we’re saying goodbye our home-based servers sitting behind NAT-based firewalls. With the projects coming down the pike, the mountain is just too steep to continue that trek unless you have the technical expertise to pull it off yourself.
Obtaining and Installing an SSL Certificate
For CentOS 6 running Incredible PBX 13 or CentOS 7 running Incredible PBX for Issabel 4, begin by making certain that you can access your site using its FQDN with HTTP, e.g. http://myserver.mydomain.org. Get that working first. Next, log into your server as root using SSH/Putty and issue the following commands:
yum -y install python-devel python-pip python-setuptools python-virtualenv --enablerepo=epel yum -y install centos-release-scl yum -y install python27 scl enable python27 bash pip -V # should show python 2.7 pip install --upgrade pip pip install requests registry urllib3 pyOpenSSL --force --upgrade pip install certbot-apache --force --upgrade cd /root wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto service iptables stop ./certbot-auto --authenticator webroot --installer apache -w /var/www/html -d FQDN.here iptables-restart service httpd restart exit
During the automated setup, you can decide whether to force all web traffic to the secure site. We recommend it. Once the install finishes, test access to your server by going to your FQDN using HTTPS. Don’t continue with the setup until you get HTTPS working and your browser shows you have a SECURE site! Remember that you must renew your free certificate every 90 days by using the following /root/certbot-update script:
#!/bin/bash echo "Before you begin, type: scl enable python27 bash" echo "Then rerun this update script and press ENTER." read -p "If you already have done so, press Enter. Otherwise, Ctrl-C now" service iptables stop ./certbot-auto --authenticator webroot --installer apache -w /var/www/html -d FQDN.here iptables-restart echo "Type exit when this script completes." exit
For Debian 8 running Incredible PBX for Wazo, things are a bit more complicated because Wazo forces HTTPS access even though you do not yet have a certificate for your FQDN. Because of its NGINX web server platform, with Wazo you’ll have to manually install and configure certificates with certbot and LetsEncrypt. The silver lining with Wazo is HTTPS access gets you a WebRTC phone with a couple button clicks. Go to this link, click on the Config wheel (bottom right), click on the Pencil icon and plug in the FQDN of your server. Click SAVE. Enter your login name as 701 and the password assigned to the extension which you can obtain by running: /root/show-701-pw. That’s probably the quickest phone setup you’ll ever find. But we’re getting ahead of ourselves…
1. Let’s get certbot installed. Login to your server as root using SSH or Putty and issue the following commands:
cd /etc/apt echo "deb http://ftp.debian.org/debian jessie-backports main" >> sources.list apt-get update apt-get install certbot -t jessie-backports
2. Temporarily, turn off HTTPS since the certificate install requires HTTP access. In /etc/nginx/sites-enabled/xivo, comment out these 3 lines and save the updated file:
In server section for port 80: # include /etc/nginx/locations/http-enabled/*; In server section for port 443: # listen 443 default_server; # server_name $domain;
Then restart the web server: /etc/init.d/nginx restart. Now you have a basic http web server. If you want to verify that it’s working, use a browser and go to http://YOUR-FQDN/asteridex4/index.php. It should download the file to your desktop which isn’t desirable, but this is only temporary.
3. In /var/www/html, issue the following commands:
cd /var/www/html mkdir .well-known cd .well-known mkdir acme-challenge cd acme-challenge chown -R asterisk:www-data /var/www/html/.well-known
Leave this SSH/Putty session running temporarily and open a second SSH/Putty connection to your server logging in as root.
4. Disable your firewall temporarily: /etc/init.d/netfilter-persistent flush
5. Start the certbot installation script: certbot certonly –manual
6. You’ll be prompted for the FQDN of your server to generate the certificates. Then you’ll be given an oddball name AND an expected oddball response. With these two entries in hand, temporarily switch back to your other SSH session and issue these commands while positioned in /var/www/html/.well-known/acme-challenge:
mkdir ODDBALL-NAME cd ODDBALL-NAME echo "ODDBALL-RESPONSE > index.html" chown -R asterisk:www-data /var/www/html/.well-known
7. Use a browser to (quickly) go to http://YOUR-FQDN/.well-known/acme-challenge/ODDBALL-NAME/ and be sure your web server displays the expected ODDBALL-RESPONSE. You’ve got to get this working before you continue with the certbot install or it will fail. You only have a few minutes to do this before certbot will change the ODDBALL-NAME and ODDBALL-RESPONSE credentials. 3 consecutive failures and you have to wait an hour to try again. Guess how we know?
8. Once you get the expected response, switch back to your SSH session running the certbot installer and press ENTER to continue with the certificate install. When it completes, you’ll get a congratulatory note and a reminder that, in less than 90 days, you’ll need to run certbot renew to update your certificate.
9. Install the new certificates in NGINX and put things back together again:
cd /etc/nginx/sites-enabled nano -w xivo
10. Begin by removing the 3 # signs that we inserted to get HTTP working in step #2.
11. Near the bottom of the file, comment out these existing certificate lines:
# ssl_certificate /usr/share/xivo-certs/server.crt; # ssl_certificate_key /usr/share/xivo-certs/server.key; # ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:!SEED:+HIGH:+MEDIUM;
12. Add the following new lines just below the lines you commented out. Be sure to replace YOUR.FQDN in each line with the actual FQDN of your server:
ssl_certificate /etc/letsencrypt/live/YOUR.FQDN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/YOUR.FQDN/privkey.pem; ssl_ciphers HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA;
13. Save the file and then restart your firewall and NGINX:
iptables-restart /etc/init.d/nginx restart
14. Edit /etc/apt/sources.list and comment out the jessie-backports line from step #1.
15. Reload your aptitude sources: apt-get update
16. Remember that you must renew your free certificate every 90 days by issuing this command: certbot renew --quiet
.
Better yet, issue the following command to set up a cron job to auto-renew your certificate every week:
echo "5 3 * * 0 root /usr/bin/certbot renew --quiet > /dev/null 2>&1" >> /etc/crontab
17. Test things out with a web browser by visiting your FQDN. Your browser should now show the site as SECURE.
18. Now try out that new WebRTC phone.
Published: Monday, September 25, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
RTPbleed Security Alert: Asterisk Calls Can Be Intercepted
If you’ve installed Asterisk® during the past 4½ years, your server has a MAJOR security problem. If you didn’t already know, with Asterisk, your VoIP conversations actually are carried over a random UDP port using the Real Time Protocol (RTP), not the SIP port (UDP 5060) which handles the setup and teardown of your VoIP connections. It turns out that, since March 2013, all of that RTP traffic and thus your conversations could be intercepted and redirected by anyone on the Internet. As this recent article in The Register noted:
The problem occurs when [communications] systems like IP telephony have to get past network address translation (NAT) firewalls. The traffic has to find its way from the firewall’s public IP address to the internal address of the device or server, and to do that, RTP learns the IP and port addresses to associate with a call.
The problem is, the process doesn’t use any kind of authentication.
This is exacerbated by the fact that, by default, Asterisk and FreePBX® traditionally use the NAT=yes setting (whether needed or not) to enable this navigational magic just in case your calls need it. Without it, you may end up with no audio or one-way audio on your calls. Traditional wisdom was that an attacker needed to be positioned between the caller and the Asterisk server in order to intercept this media stream. As luck would have it, it turns out the man in the middle didn’t need to be in the middle after all. He could be anywhere on the Internet. The old adage to talk on the phone as if someone else were listening turns out to have been pretty good advice in the case of Asterisk communications. Even if you had a firewall, chances are you protected UDP port 5060 while exposing and forwarding UDP 10000-20000 to Asterisk without any safeguards.
According to last week’s Asterisk advisory, “To exploit this issue, an attacker needs to send RTP packets to the Asterisk server on one of the ports allocated to receive RTP. When the target is vulnerable, the RTP proxy responds back to the attacker with RTP packets relayed from the other party. The payload of the RTP packets can then be decoded into audio.” Specifically, if UDP ports 10000-20000 are publicly exposed to the Internet, anybody and everybody can intercept your communications without credentials of any kind. WOW!
So, there’s a patch to fix this, right? Well, not exactly:
Note that as for the time of writing, the official Asterisk fix is vulnerable to a race condition. An attacker may continuously spray an Asterisk server with RTP packets. This allows the attacker to send RTP within those first few packets and still exploit this vulnerability.
The other recommended "solutions" aren’t much better:
- When possible the nat=yes option should be avoided
- To protect against RTP injection, encrypt media streams with SRTP
- Add config option for SIP peers to prioritize RTP packets
The nat=no option doesn’t work if you or your provider employs NAT-based routers. The SRTP option only works on more recent releases of Asterisk, and it also requires SRTP support on every SIP phone. Prioritizing RTP packets is not a task for mere mortals.
Surprisingly, the one solution that is not even mentioned is hardening your firewall to block incoming UDP 10000-20000 traffic that originates outside your server. Our recognized SIP expert on the PIAF Forum had the simple solution. Bill Simon observed:
If the SDP in the INVITE or subsequent re-INVITE contains routable IP addresses, then use them for media. If the SDP contains non-routable IP addresses, then the client is behind a NAT and not using any NAT traversal techniques like SIP ALG, ICE/STUN, so send to the originating IP. Why are we making allowances here for media to come from anywhere? I think you can probably clamp down your firewall as much as you want, because symmetric RTP should allow media to get through by way of establishing an outbound stream (inbound stream comes back on the same path).
Our testing confirms that simply blocking incoming RTP traffic on your firewall solves the problem without any Asterisk patch. In short, RTP traffic cannot originate from anonymous sources on the Internet.
For those using Incredible PBX® or Travelin’ Man 3 or an IPtables firewall, the fix is easy. Simply remove or comment out the INPUT rule that looks like this and restart IPtables:
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
On RedHat/CentOS servers, the rule is in /etc/sysconfig/iptables. On Debian/Ubuntu and Raspbian servers, you’ll find the rule in /etc/iptables/rules.v4. On Incredible PBX for Issabel servers, you’ll find the rule in /usr/local/sbin/iptables-custom. On all Incredible PBX platforms, remember to restart IPtables using only this command: iptables-restart.
Published: Friday, September 8, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Another Perfect Pair: Flawless VoIP with Wazo and 3CX
We previously documented how to interconnect an Issabel PBX with 3CX to take advantage of the best of both worlds. Today, we’ll again use the Nerd Vittles free 3CX server offering and interconnect it with a Wazo PBX. An added benefit of using Wazo is the fact that you can set up redundant (and free) HA servers with Wazo in minutes. Once we get the pieces in place, from Wazo extensions, you’ll be able to call your 3CX Clients by dialing 4 digits. And, from 3CX Clients, you can call Wazo extensions as well as all of your Asterisk® applications in the same way with the added bonus of being able to make outbound calls through your Wazo trunks by dialing any number with an 8 prefix from 3CX extensions. Once you have both of your PBXs running, the setup time to interconnect them is under 5 minutes.
Why would you want to maintain two PBXs? As we previously noted, the simple answer is the added flexibility you achieve coupled with a 99% reduction in VoIP headaches. If you haven’t yet used 3CX Clients on a PC or Mac desktop or on an iOS or Android device, you have missed perhaps the greatest VoIP advancement of the last decade. As the name suggests 3CX Clients connect to a 3CX server with less than a one-minute setup. They work flawlessly from anywhere using WiFi or cellular. Every function you’re accustomed to on a top-of-the-line desktop SIP phone works exactly the same on the 3CX clients: phonebook, hold, transfer, voicemail, chat, conferencing, and WebMeeting. It’s what every Unified Communications system should deliver. The silver lining is you can kiss all of your Asterisk NAT woes goodbye! If you ever travel or if you need remote phone access to your PBX infrastructure, you owe it to yourself to try a 3CX Client. We promise. You’ll never go back!
Building Your Wazo and 3CX Server Platforms
The prerequisite for interconnecting Wazo and 3CX servers is, of course, to install the two PBXs on platforms of your choice. Our preference is cloud-based servers because it avoids many of the stumbling blocks with NAT-based routers. If you know what you’re doing, you obviously can deploy the PBXs in any way you like. For the Wazo PBX, start with our latest Wazo tutorial. For 3CX, start with our introductory tutorial which includes a link to obtain a free perpetual license supporting 4 simultaneous calls and unlimited trunks. Then secure your server by adding the Travelin’ Man 3 firewall for 3CX. Once both servers are up and running, whitelist the IP address or FQDN of the Wazo PBX on the 3CX server and vice versa. You’ll find the add-ip and add-fqdn utilities in /root of each server.
Overview of Interconnection Methodology
If you’re new to all of this, suffice it to say that 3CX is a powerful, commercial PBX while Wazo provides a robust Asterisk RealTime implementation for basic telephony operation. The two systems are quite different in terms of their approaches to interconnectivity. While you can transparently interconnect one 3CX server to another one, you cannot accomplish the same thing when the second PBX is Asterisk-based. Instead, Wazo is configured as a SIP trunk on the 3CX platform. The limitation this causes is that extensions on the Wazo PBX can only direct dial extensions on the 3CX platform. Wazo-based extensions cannot utilize 3CX trunks to place outbound calls. There’s more flexibility on the 3CX side of things. 3CX extensions can place direct calls to Wazo extensions. They also can take advantage of Wazo’s trunks to place outbound calls. Additionally, as we noted above, 3CX extensions can take advantage of every Asterisk application hosted on the Wazo platform including all of the Incredible PBX® enhancements. This actually works out perfectly because you can deploy 3CX Clients for your end-users, and they can take advantage of all the extension and trunk resources on both the 3CX and Wazo platforms. It also greatly simplifies remote deployment by removing NAT one-way audio hassles while allowing almost instantaneous setup of remote 3CX Clients, even by end-users.
For our setup today, we’re assuming you have elected to use 3-digit extensions on both the Wazo and 3CX platforms. To call extensions connected directly to the alternate server, we will simply dial 8 + the extension number on the remote PBX. To make external calls from 3CX extensions using Wazo trunks, we will dial 8 + a 10-digit number. For international users, you can adjust the dialplan on both PBXs accordingly.
By default, SIP trunks are associated with a DID on the 3CX platform. We will register the 3CX DID trunk with Wazo to maintain connectivity; however, we will not register the corresponding trunk on the Wazo side with the 3CX server. Keep in mind that you can only route a 3CX DID to a single destination, i.e. an extension, a ring group, or an IVR. But we can use 3CX’s CallerID routing feature to send calls to specific 3CX extensions from Wazo extensions even using a single 3CX trunk. For each 3CX extension, we’ll create an Outbound Route on the Wazo side with a CallerID number that matches the 3CX extension number we wish to reach. On the 3CX side, we’ll create an Inbound CID Rule that specifies the extension number to which each matching CallerID number should be routed. This sounds harder than it actually is. So keep reading, and it’ll all make sense momentarily. Once you’ve set all of this up, we think you’ll agree that it makes sense to create the bulk of your extensions exclusively on the 3CX side.
Configuring Wazo for Interconnection to 3CX
Let’s begin by creating a Trunk on the Wazo side to connect to your 3CX server. In the Wazo GUI, choose IPBX:Trunk Management:SIP Protocol and + Add SIP Trunk.
In the General tab, fill in the blanks as shown below. Make up a very secure Password:
In the Signalling tab, fill in the blanks identified by arrows as shown below:
In the Advanced tab, fill in the blanks as shown below. Then SAVE the trunk settings.
Because we set up the Wazo trunk with a Default destination context, we don’t need an Incoming Route for the 3CX calls since they will be processed exactly as if they were dialed from a local extension on the Wazo PBX, i.e. local calls will be routed to extensions and outgoing calls through trunks will be routed using your existing Outbound Routes.
Finally, we need to create the Outbound Routes for calls originating from Wazo extensions that should be directed to specific extensions on the 3CX platform. You’ll need a list of the 3CX extension numbers you wish to enable on the Wazo platform, and we’ll need to create a separate Outbound Route for each 3CX extension to be enabled. Create the Outbound Routes using the template below after accessing Call Management:Outgoing Calls:+ Add Route.
In the General tab, we recommend including the 3CX extension in the Name field. The Context should be Outcalls, and the Trunk should be the 3CX001 trunk we created above.
In the Exten tab, specify the dialing prefix (9) followed by the 3CX extension number in the Exten field. Then choose 1 in the Stripnum field to tell Wazo to strip off the dialing prefix before sending the call to the 3CX PBX. Click SAVE to save your new outbound route settings. Repeat for each 3CX extension that should be accessible from the Wazo PBX.
Configuring 3CX for Interconnection to Issabel PBX
Now we’re ready to set up the 3CX side to interconnect with your Wazo PBX. Start by creating a SIP Trunk and fill out the template as shown below using one of the phone numbers associated with your Wazo PBX as the Main Trunk No.
Fill in the Trunk Details using the example below. Be sure to specify the actual IP address or FQDN of your Wazo server as well as the SIP credentials of 3CX for username and the actual password you set up on the Wazo side of things. The Main Trunk No will be the same as you entered in the previous step. Choose a Default Destination for the Trunk.
When the SIP Trunks listing redisplays, highlight your new Asterisk trunk and click Refresh Registration. The icon beside the Trunk should turn green. If not, be sure your IP address and password match the settings on the Wazo side. Remember to also whitelist the IP address of your 3CX server on the Wazo PBX using /root/add-ip and do the same for the Wazo PBX on the 3CX side. Don’t proceed until you get a green light!
Now we need two Outbound Routes for calls placed from 3CX extensions. One will handle calls destined for Local Extensions on the Wazo side. Our design is to place calls to Wazo extensions by dialing 8 + the 3-digit extension number. Adjust this to meet your own requirements. Be sure to set the Route as Wazo with a value of 1 for Strip Digits.
The other Outbound Route will handle calls destined for external calling with a Wazo trunk using a similar methodology. 3CX users will dial 8 + 10-digit number for calls to be processed by Trunks on the Wazo server.
Finally, we need an Inbound Rule for every 3CX extension that you wish to enable for remote calling from Wazo extensions. Use the Add CID Rule option to create each Inbound Rule using the sample below. In our example, we’re authorizing incoming calls to 3CX extension 003 where the CallerID number of the incoming call is 003. This template is exactly the same as what we used with the 3CX-Issabel setup previously.
Test Drive Your Interconnected Servers
Now we’re ready to try things out. From an extension on the 3CX server, dial 8 plus any 3-digit extension that exists on the Wazo server. Next, dial 8 plus a 10-digit number such as your smartphone. The call should be routed out of your Wazo server using the Trunk associated with the NXXNXXXXXX rule in your Wazo Outbound Routes. Finally, from an extension on your Wazo PBX, dial 9 plus 000 which should route the call to extension 000 on your 3CX server. Enjoy!
Published: Tuesday, September 5, 2017
Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a difficult place to address support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
A VPN for All Seasons: Introducing NeoRouter v2
Today, we want to revisit our favorite client-server VPN, NeoRouter. It’s included with all versions of Incredible PBX® and eases the pain of setting up air-tight firewalls as well as High Availability (HA) redundant servers with VoIP. NeoRouter relies upon a central server and uses a star topology to connect remote nodes. The major difference between NeoRouter and PPTP VPNs is that only registered devices participate in the virtual private network so there is no direct access to other machines on the LANs of the registered devices. If you have servers or users scattered all over the countryside, NeoRouter is an excellent (and free) way to manage and interconnect them. All data and communications between the nodes can then be routed through the encrypted VPN tunnel for rock-solid security.
With NeoRouter’s latest 2.3 (free) software, you can set up your VPN server using a PC, a Mac, a Linux or FreeBSD machine, OpenWrt Backfire, Tomato, or even a Raspberry Pi. With all versions of Incredible PBX, the NeoRouter Free Client is automatically installed. To bring up NeoRouter, all you need to do is install the NeoRouter Free Server on one of your machines and then login to the server from each NeoRouter Client using your server credentials. VPN clients also are available for PCs, Macs, Linux and FreeBSD machines, Raspberry Pi, OpenWrt, Tomato as well as Android and iOS phones and tablets. There’s even an HTML5 web application in addition to a Chrome browser plug-in. With the OpenWrt and Tomato devices or if you’re an extreme techie, you can broaden your NeoRouter star configuration and bridge remote LANs. See pp. 58-63 of the NeoRouter User’s Manual.
You can interconnect up to 256 devices to the NeoRouter Free Server at no cost. For $999, you can enlarge your VPN to support 1,000 devices. Screen sharing, remote desktop connections, HTTP, and SSH access all work transparently using private IP addresses of the VPN nodes which are automatically assigned in the 10.0.0.0 private network.
Today we are introducing the second generation of the NeoRouter VPN solution. It’s suitable for use on a dedicated server or running as a virtual machine. Whether to run NeoRouter Free server on a dedicated machine is your call. We never do. And NeoRouter never requires exposure of your entire server to the Internet. Only a single TCP port needs to be opened in your hardware-based firewall or IPtables Linux firewall. The only real requirement is a dedicated IP address for your server so that the client nodes can always find the mothership. We typically run the NeoRouter server component on our failover VoIP server with Wazo HA. We’ll finish up today by showing you how to back up the critical components of NeoRouter Server so that, if your server platform ever should fail, it only takes a few minutes to get back in business on a new server platform. Let’s get started.
Creating Your NeoRouter Server Platform
We’re assuming you already have an Incredible PBX server of some flavor running on a dedicated IP address with the IPtables firewall. If not, start there.
First, on your IPtables firewall, make certain that TCP port 32976 has been whitelisted for public access. On Incredible PBX platforms, this is automatic. You can double-check by running iptables -nL and searching for an entry that looks like this:
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32976
Second, we need to download and install the NeoRouter Free Server for your platform. Be sure you choose the version that matches your operating system, CPU architecture, and type. Debian and Ubuntu servers use the same code. We do not recommend Raspberry Pi as a suitable platform for your NeoRouter server!
For RedHat/CentOS 64-bit platforms, here’s the download link. While logged into your server as root, issue the following command using the downloaded 64-bit RPM:
rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm
For Ubuntu/Debian 64-bit platforms, use this link. While logged into your server as root, issue the following command using the downloaded 64-bit .deb image:
dpkg -i nrserver-2.3.1.4360-free-ubuntu-amd64.deb
Third, each administrator (admin) and user is going to need a username to access your NeoRouter VPN. You can use the same credentials to log in from multiple client machines, something you may or may not want to do. Here are the commands to create admin and user accounts. Don’t use any special characters in the username and password!
nrserver -adduser username password admin
nrserver -adduser username password user
You’re done. Now let’s register your NeoRouter server with the mothership.
After your NeoRouter Free Server is installed, you can optionally go to the NeoRouter web site and register your new VPN by clicking Create Standalone Domain. Make up a name you can easily remember with no periods or spaces. You’ll be prompted for the IP address of your server in the second screen. FQDNs are NOT permitted.
When a VPN client attempts to login to your server, the server address is always checked against this NeoRouter database first before any attempt is made to resolve an IP address or FQDN using DNS. If no matching entry is found, it will register directly to your server using a DNS lookup of the FQDN. Whether to register your VPN is totally up to you. Logins obviously occur quicker using this registered VPN name, but logins won’t happen at all if your server’s dynamic IP address changes and you’ve hard-coded a different IP address into your registration at neorouter.com.
Configuring and Connecting Your NeoRouter Client
As mentioned previously, there are NeoRouter clients available for almost every platform imaginable, including iPhones, iPads, and our beloved Raspberry Pi. NeoRouter Client software is included in all Incredible PBX builds. If you’re using some other platform, Step #1 is to download whatever client is appropriate to meet your requirements. Here’s the NeoRouter Download Link. Make sure you choose a client for the Free version of NeoRouter. Obviously, the computing platform needs to match your client device. The clients can be installed in the traditional way with Windows machines, Macs, etc. Once enabled, you can use your NeoRouter Client to create a VPN tunnel to connect to any other resource in your virtual private network using SSH, VoIP clients, and web browsers.
To activate the NeoRouter client while logged in as root, type: nrclientcmd. You’ll be prompted for your Domain, Username, and Password. You can use the registered domain name from neorouter.com if you completed that step above. Otherwise, be sure to use the FQDN assigned to your NeoRouter Server. Once you’re logged in, you will be presented with the names and private IP addresses of all of your connected nodes.
To exit from NeoRouter Explorer, type: quit. The NeoRouter client will continue to run so you can use the displayed private IP addresses to connect to any other online devices in your NeoRouter VPN. All traffic from connections to devices in the 10.0.0.0 network will flow through NeoRouter’s encrypted VPN tunnel. This includes inter-office SIP and IAX communications between Asterisk® endpoints. These private IP addresses can also be used to create a High Availability (HA) platform with Wazo even if the servers are not colocated.
Admininistrative Tools to Manage NeoRouter
Here are a few helpful commands for monitoring and managing your NeoRouter VPN.
Browser access to NeoRouter Configuration Explorer (requires user with Admin privileges)
Browser access to NeoRouter Remote Access Client (user with Admin or User privileges)
Manage your account on line at this link
To access your NeoRouter Linux client: nrclientcmd
To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart
To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart
To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword
For a list of client devices: nrserver -showcomputers
For a list of existing user accounts: nrserver -showusers
For the settings of your NeoRouter VPN: nrserver -showsettings
To add a user account: nrserver -adduser username password user
To add admin account: nrserver -adduser username password admin
Test VPN access: http://www.neorouter.com/checkport.php
For a complete list of commands: nrserver –help
To change client name from default pbx.local: rename-server OR…
- Edit /etc/hosts
- Edit /etc/sysconfig/network
- Edit /etc/sysconfig/network-scripts/ifcfg-eth0
- Edit /etc/asterisk/vm_general.inc
- reboot
For the latest NeoRouter happenings, visit the NeoRouter blog and forum.
Backing Up NeoRouter Server for That Rainy Day
Yes, servers fail sooner or later. So it’s best to plan ahead and avoid having to recreate your NeoRouter VPN from scratch. Backing up your server is easy. Log into your server as root and issue the following command:
tar cvzf nr-server-db.tar.gz /usr/local/ZebraNetworkSystems/NeoRouter/NeoRouter_0_0_1.db /usr/local/ZebraNetworkSystems/NeoRouter/Feature.ini
Copy nr-server-db.tar.gz and your NeoRouter Server installer to a safe place!
When that sad day arrives, be sure that your original NeoRouter Server is off line. Then reinstall NeoRouter Server on a new server platform using your original NeoRouter Server installer. If necessary, change the DNS entry for your original NeoRouter server to the new IP address. Then shut down new NeoRouter Server, load your backup, and restart server:
/etc/rc.d/init.d/nrserver.sh stop cd / tar zxvf nr-server-db.tar.gz /etc/rc.d/init.d/nrserver.sh start
Published: Monday, August 21, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Twofer Tuesday: $1.50 Cloud Bargains for VoIP Deployments
We’ve been big fans of $5/month VPS offerings of Digital Ocean and Vultr for many years. When Vultr reduced their lowest tier to $2.50/month, we were ecstatic. These weren’t ideal VoIP platforms because of their 512MB memory constraint, but they were perfectly suitable as a sandbox for experimentation. And then along came OVH with a 2GB VPS that was nearly perfect for VoIP at $3.49/month. As we all know, the Earth does not stand still, and WootHosting now has once again changed the landscape with two different $1.50/month offerings that include 2GB of RAM. That’s cheaper than the cost of electricity to run a server in your home or office. Never mind that you also have to purchase a server.
As most of you know, we eat our own dog food before recommending products, and we’ve deployed both the Wazo and Issabel PBXs on the WootHosting platform being reviewed today. In addition, we’ve deployed a multi-purpose web server to host more than a dozen of our personal sites using an even better second offering that we also will cover today.
The first offering (pictured above) actually provides a platform for two separate VoIP servers. For each of the servers, you have a choice of sites: New York, Miami, or Los Angeles. Why would you want two servers? The most obvious answer is redundancy. Wazo already offers High Availability (HA) redundant servers with the click of a button. Our deployment tutorial is available here. By deploying identical servers in two cities, you have a failsafe VoIP platform that can survive almost any natural or man-made disaster. And the total cost for both cloud servers is just $3 a month. A similar implementation for other Incredible PBX platforms is now under development on the PIAF Forum. Compare these free options to HA solutions from other VoIP providers costing $3,000 plus maintenance.
If a New York-based cloud offering will meet your needs, the second WootHosting offer is even more impressive with 4 CPU core allocations, 2GB RAM and swap space, a whopping 150GB of storage, 3TB of monthly bandwidth, and advanced DDOS protection for $1.50/mo.:
As we mentioned, we actually use this second VPS offering to host more than a dozen of our personal web sites without a hiccup. But it is sufficiently robust to host very large VoIP implementations with support for dozens of simultaneous calls. A deployment guide for Wazo is available here. As with all cloud-based servers, we strongly recommend redundant system deployments in separate locations. Additional WootHosting specials in their various locations are documented on the New York ordering page. Enjoy!
Published: Tuesday, August 15, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
The 5-Minute PBX: Incredible PBX with Wazo for VirtualBox
We’ve sung the praises of VirtualBox for many years because it provides a wonderful platform for experimentation as well as production-ready systems using almost any hardware and any operating system. Versions of VirtualBox are available for Windows PCs, Macs, Linux desktops, and even Solaris machines. And, once you have VirtualBox in place, you can load gigabyte-sized turnkey virtual machines in a couple minutes. It literally transforms complex computer setups into child’s play.
We’ve received dozens of emails about Wazo, and many of them go something like this:
I’d love to experiment with Wazo as an Asterisk® platform, but I worry that the environment is just too different and the learning curve too steep. I just wish there were a simple way to get started so that I could learn the basics.
Today, your prayers have been answered. You don’t have to buy any hardware. You can use the desktop computer you already have. We’ve taken the Incredible PBX for Wazo tutorial and turned it into a turnkey virtual machine for VirtualBox. You can load it in a couple minutes and be ready to go. It’s got all of the Incredible PBX bells and whistles, and extensions already are configured for a SIP phone and WebRTC so that you can hit the ground running. Just install VirtualBox. Next, load the Incredible PBX for Wazo image. Install your favorite SIP phone or run WebRTC in your browser. A complete WebRTC tutorial is available here. Once you finish configuring your SIP or WebRTC client, you’re ready to start making calls. You can add a SIP trunk using one of preconfigured setups by following one of SIP provider tutorials we’ve provided. Or, if you live in the United States, you can add a Google Voice trunk and make free calls in the U.S. and Canada. Let’s get started!
Installing Oracle VM VirtualBox
Oracle’s virtual machine platform inherited from Sun is amazing. It’s not only free, but it’s pure GPL2 code. VirtualBox gives you a virtual machine platform that runs on top of any desktop operating system. In terms of limitations, we haven’t found any. We even tested this on an Atom-based Windows 7 machine with 2GB of RAM, and it worked without a hiccup. So step #1 today is to download one or more of the VirtualBox installers from VirtualBox.org or Oracle.com. Our recommendation is to put all of the 100MB installers on a 4GB thumb drive.1 Then you’ll have everything in one place whenever and wherever you happen to need it. Once you’ve downloaded the software, simply install it onto your favorite desktop machine. Accept all of the default settings, and you’ll be good to go. For more details, here’s a link to the Oracle VM VirtualBox User Manual.
Installing Incredible PBX for Wazo VM
To begin, download Incredible PBX for Wazo .ova image (1.9 GB) to the computer on which you installed VirtualBox.
When the download completes, double-click on the .ova file you downloaded to load it into VirtualBox. When prompted, be sure to check the Reinitialize the Mac address of all network cards box, agree to the license agreement, and then click the Import button. Once the import is finished, you’ll see a new (1) Incredible PBX for Wazo virtual machine in the VM List of the VirtualBox Manager Window. We need to make a couple of one-time adjustments to the Incredible PBX for Wazo configuration to account for differences in sound and network cards on different host machines.
(1) Click once on the Incredible PBX for Wazo virtual machine in the VM List. Then (2) click the Settings button. In the Audio tab, check the Enable Audio option and choose your sound card. In the Network tab for Adapter 1, check the Enable Network Adapter option. From the Attached to pull-down menu, choose Bridged Adapter. Then select your network card from the Name list. Then click OK. That’s all the configuration that is necessary for your Incredible PBX for Wazo.
Running Incredible PBX for Wazo VM
Once you’ve imported and configured the Incredible PBX for Wazo Virtual Machine, you’re ready to go. Highlight Incredible PBX for Wazo virtual machine in the VM List on the VirtualBox Manager Window and click the Start button. The standard Wazo boot procedure will begin and, within a short time, you’ll get the familiar Linux login prompt. During the bootstrap procedure, you’ll see a couple of dialogue boxes pop up that explain the keystrokes to move back and forth between your host operating system desktop and your virtual machine. Remember, you still have full access to your desktop computer. Incredible PBX for Wazo is merely running as a task in a VirtualBox window. Always gracefully halt Incredible PBX just as you would on a dedicated computer.
Here’s what you need to know. To work in the Incredible PBX for Wazo virtual machine, just left-click your mouse while it is positioned inside the VM window. To return to your host operating system desktop, press the right Option key on Windows machines or the left Command key on any Mac. For other operating systems, read the dialogue boxes for instructions on moving around. To access the Linux CLI, login as root with the default password: password.
Once you log into your virtual machine, a startup script will briefly configure a few things and then advise you that it’s time to reboot. If prompted for the hostname, type xivo. Write down the IP address provided because for Phase 2 of the setup, we need to use SSH or Putty on the desktop that you will actually be using to manage your server. The reason for this is that Incredible PBX automatically creates a whitelist of IP addresses that the firewall will allow to access your server. If the IP address isn’t in your whitelist, you may lock yourself out except from the VirtualBox console window.
Once the VirtualBox console window shows that your server has rebooted by displaying the Linux login prompt, switch to SSH or Putty and login as root using the IP address you wrote down. You’ll then be prompted to change your root password for Linux as well as your root password for Wazo GUI access using a web browser. You’ll also need to set a PIN that will be used to authorize access to extension 123 to schedule Telephone Reminders on your server. This completes the configuration. You’ll get a final screen showing the credentials for the preconfigured 701 and 702 extensions as well as a reminder that your PortKnocker credentials are stored in /root/knock.FAQ in the event you ever lock yourself out of your machine. It’s a good idea to leave this screen displayed while you install and configure a softphone since you can cut-and-paste your extension 702 credentials without having to type anything. Extension 701 comes preconfigured to support WebRTC using a Chrome or Firefox browser.
Once you complete the SIP or WebRTC setup below, you can return to the SSH window and press ENTER to finish the install. The Incredible PBX Automatic Update Utility will run, and then you will be presented with the pbxstatus display. You can access the Asterisk CLI by typing: asterisk -rvvvvvvvvvv. Exit from the CLI by typing quit. As mentioned previously, always shut down your server gracefully by typing halt. When prompted for the hostname, type xivo. Once the shutdown procedure finishes, it’s safe to turn off your virtual machine.
Choosing a SIP Softphone for Incredible PBX
Softphones tend to be a matter of taste for most folks so we’ll keep our suggestions to a minimum. On the Windows platform, it’s hard to go wrong with X-Lite. It works out of the box by simply plugging in the IP address of your server and your SIP username and password. It also happens to be free. The only downside is that X-Lite has a nasty habit of embedding time bombs in their free software so you may have to reinstall it from time to time. If you know what you’re doing, Zoiper is another alternative but be advised that it doesn’t work out of the box on servers behind NAT-based routers.
On the Mac platform, our favorite free softphone is Telephone. It’s a barebones SIP client that just works. As with X-Lite, you plug in your server’s IP address and SIP credentials, and you’re in business.
On the Linux or Solaris platforms, we assume that you know what you’re doing and that you are perfectly capable of choosing and installing a SIP phone that meets your requirements.
Incredible PBX Application Quick Start Guide
We’ve finished the basic Incredible PBX for Wazo setup. You now have a functioning PBX with dozens of applications for Asterisk that work out of the box. It’s probably a good idea to spend a little time getting acquainted with Incredible PBX for Wazo before you add trunks to communicate with the outside world.
Here’s a handy cheat sheet for some of the Incredible PBX applications that have been installed or are available as add-ons. There’s also a link for more information.
- Google Voice CLI interface and SMS Message Blasting (Add-On)
- CallerID Superfecta – Match Names to CallerID Numbers
- CallerID Blacklist – Block Calls from Spammers and Old Girlfriends
- CDR Reports in CSV Format
- CDR Reports in SQLite3 Format
- Asteridex – The Poor Man’s Rolodex (SQLite3 version)
- AsteriDex Click-to-Dial with Wazo Phonebook
- NeoRouter VPN for Wazo
- FCC RoboCall BlackList
- CallerID WhiteList Override
- Dial 123 – Telephone Reminders
- Dial 411 – Call by Name from AsteriDex
- Dial 947 – Weather Forecasts by ZIP Code
- Dial 951 – Latest Yahoo News
- Dial 2663 – Conference Call
- Dial 3472 – DISA Access
- Dial 4871 – Allison’s Sample IVR
- Dial *881400 – Schedule an Alarm for 2 p.m. (1400 military time)
- Dial 53669 – Meet Lenny, the Robocaller’s Worst Nightmare
Configuring Trunks and Routes with Wazo
The next step in your Wazo adventure is connecting your PBX to the outside world so that you can make and receive phone calls from anywhere in the world. For this you’ll need one or more trunks. Unlike the Ma Bell world, there’s no reason to put all your eggs in one basket. You can use one or more trunk providers for incoming calls with separate phone numbers for each. And you can use one or more trunk providers for outgoing calls and save money on calls to certain countries by choosing the best provider for where you want to call. And, of course, if you live in the United States, you can set up one or more Google Voice trunks and make calls to the U.S. and Canada for free. We’ve written a number of tutorials to make it easy to set up these trunks.
To get started, point a web browser to the IP address of your PBX. Login as root with the Wazo GUI password you set up above. If you ever forget your password, you can run /root/admin-pw-change to reconfigure it.
Wazo Trunk Implementation Tutorials
- Wazo Trunks Tutorial: Installing a Vitelity SIP Trunk2
- Wazo Trunks Tutorial: Installing a VoIP.ms SIP Trunk
- Wazo Trunks Tutorial: Installing a FreeVoipDeal (Betamax) SIP Trunk
- Wazo Trunks Tutorial: Installing a Google Voice-Simonics SIP Trunk
- Wazo Trunks Tutorial: Deploying Native Google Voice with OAuth Trunks
- Wazo Trunks Tutorial: Installing an Anveo Direct Outbound SIP Trunk
- Wazo Trunks Tutorial: Installing a Skype Connect SIP Trunk
Once you’ve added one or more trunks, you’ll need to tell Wazo how to route outgoing and incoming calls. Here are our step-by-step tutorials on setting up Outbound Calling Routes and Incoming Call Routes:
Wazo Call Routing Tutorials
- Wazo Call Routing Tutorial: Creating Outbound Routes for PSTN Calling
- Wazo Call Routing Tutorial: Creating Inbound Routes for DIDs
Now you’re ready to explore. We recommend you read through the Incredible PBX for Wazo tutorial to familiarize yourself with the inner workings of Wazo. Enjoy the ride!
Originally published: Monday, June 12, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
- Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. [↩]
- Vitelity is a platinum sponsor of Nerd Vittles, and they also happen to be the best in the business. You’ll find a discount coupon to get a great deal on a DID and 4-channel trunk toward the end of this article. [↩]
Postfix + Gmail: A Pain-Free SMTP Relay for Wazo PBX
Let’s face it. As the number of Internet service providers blocking downstream email servers continues to proliferate, getting a reliable email server configured with Incredible PBX™ and other VoIP servers has become painful. If you’re new to all of this, here’s the simple explanation. Internet providers such as Comcast intentionally block outbound email from mail servers managed by their residential customers. While it may appear arbitrary, there actually is a good reason. The bad guys quickly discovered that many folks setting up SendMail and Postfix servers didn’t much know what they were doing, and it became fairly easy to turn these servers into anonymous email relay hosts for spammers. The sledgehammer solution was to simply block all of these servers from sending outbound email except through Comcast’s SMTP servers. In the VoIP world, that meant you could no longer depend upon your server to notify you when critical services came unglued.
We previously have posted tutorials showing how to configure SendMail to send outbound emails using either your Gmail account or your Comcast account. There’s one major problem on the Wazo platform. It uses Postfix instead of SendMail. More importantly, you can’t replace the mail server without breaking Wazo.
Configuring Gmail as an SMTP Relay Host for Postfix
So here’s the step-by-step procedure to configure Wazo to use Gmail as your SMTP relay:
1. Log into your server as root and issue the following command:
dpkg-reconfigure postfix
Click OK on the first dialog. Choose Internet Site as your Type of Mail Configuration. Accept the defaults for the System Mail Name, Root and Postmaster Recipient, and Other Destinations. Choose Yes for Forced Synchronous updates. Accept the defaults for the Local Networks, Default Mailbox Size, and Local Address Extension Character. Choose IPv4 for the Internet Protocol.
2. Once Postfix is reconfigured, edit /etc/postfix/main.cf. In the second section of code beginning with relayhost =
, replace it with the following block of commands:
relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_fallback_relay =
3. Install the following package: apt-get install libsasl2-modules
4. Create the following new file using your Gmail account name and password.
nano -w /etc/postfix/sasl_passwd:
[smtp.gmail.com]:587 yourname@gmail.com:yourpassword
5. Change the permissions on the sasl_passwd file:
chmod 600 /etc/postfix/sasl_passwd
6. Use postmap to compile and hash the sasl_passwd file:
postmap /etc/postfix/sasl_passwd
7. Restart Postfix: /etc/init.d/postfix restart
8. Send yourself a test email: echo "test" | mail -s "Test Mail" somebody@gmail.com
What Could Possibly Go Wrong?
In a perfect world, you’d be all set, and your emails would start arriving as scheduled. But things aren’t always that simple.
If you happen to be using a Gmail account with 2-Step Verification enabled, then your standard Gmail password obviously isn’t going to work. Instead, you’ll need to create an App Password for exclusive use with Postfix. Here’s how. Once you’ve generated the password, just substitute it for your standard Gmail password in step #4 above. Then recompile and hash the sasl_passwd file in step #6 and restart Postfix in step #7.
If your Gmail account was created from an IP address that differs from the IP address of your Wazo server, then you may also need to relax Google’s security mechanisms before attempting to send your first email in step #8. Login to your Gmail account and perform the Google Reset Procedure. Then enable Less Secure Apps using this Google tool. Now attempt to send yourself a test email as documented in step #8 above. Enjoy!
Published: Monday, May 29, 2017
Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a difficult place to address support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…