Home » Security (Page 2)
Category Archives: Security
The Most Versatile VoIP Provider: FREE PORTING
JUST RELEASED: Visit the Incredible PBX WikiBlink Cameras: The Travelin’ Man’s Dream Come True
Okay, I’ll admit it. Our family has morphed into a band of traveling gypsies. We’re spreading our time between four cities and four "homes." Not many folks are that crazy, but many of you have vacation homes thanks to Covid. And one of the first things that pops up on your to-do list is how to secure your residences when you’re not at home. Yes, you can pay a monitoring service in every location a hefty monthly fee to do little more than call the police if someone breaks in. We had a better idea, and it’s also saved some of our neighbors and us a hefty monthly bill. Here’s our hands-on review.
Some of you may know that Amazon bought a little company called Blink in 2017. They made some cute little WiFi cameras that do almost everything the cameras of the big security company’s cameras do. They monitor for motion. They listen for noise and can let you communicate with the burglars. And, most importantly, they send you email alerts and record 30-second video clips with audio. The good news is the indoor Blink mini retails for $35, or you can buy 3 for $85. Setup on your iPhone or Android phone only takes a couple minutes. Plug in the camera using the included adapter, fire up the Blink app on your smartphone, point to the QR Code on the back of the camera, enter your WiFi credentials, and presto. Your camera goes live. Give it a name and a location. You can set up multiple locations, and each can have multiple camera types: indoor, outdoor, wired or battery-operated.
You get 30 days to try out the cloud-based repository for your video clips after which you can sign up for a year of 60-day revolving storage. It runs $30 a year for one camera or $100 a year for unlimited cameras. If you’re a savvy shopper, try things out with a couple cameras and then load up when the cameras go on sale. We got 3 for $53 during the usual sale events.
You can monitor your cameras and recordings in a number of ways: use the smartphone apps, use any of the Echo Show devices with Alexa, use a FireTV-enabled Smart TV, or Fire TV Stick with your favorite television. HINT: Most of the Echo Show devices have an option to also purchase a Blink mini for almost nothing. If you look at our screenshot above, here’s how we get a first-hand look at the weather conditions in Vero Beach using any Echo Show device in our account: "Alexa. Show me the Sea Oaks Beach Camera." On your Blink smartphone app, you’ll note that the camera locations are listed at the top of the screen. You can tap on any location to reveal all of the cameras at that location, or you can scroll through the camera locations by dragging your finger across the locations. For each location, you can "arm" the cameras to enable motion detection and recording. And, with each individual camera, you can enable or disable motion detection. Whew!
Did we mention these cameras are amazing? Don’t leave home without them!
Originally published: Monday, July 12, 2021
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
SPAM Blocker & CNAM Cornucopia for Incredible PBX 2020
If you enjoy calls from politicians and car warranty offers as much as we do, then today’s your lucky day. Blocking spam phone calls has been a challenge to put it charitably. Thanks to some earlier work by Stewart Nelson on the DSLR forum as well as Stewart’s considerable hand-holding in the development of our previous tutorials, we want to introduce a refined call screening approach to block these calls. The way it works is first time callers that are not on your WhiteList will be prompted to "press 5 to connect." Since most spam calls sit in a queue for several seconds before a live person chimes in, that person won’t hear the prompt. After 10 seconds or an invalid response, the call is sent to voicemail. In the alternative, you can play a SIT tone and disconnect the call or you can send the call to your favorite uncle, Lenny. When a successful caller calls again, the caller will be connected without a prompt.1
While today’s approach won’t block every robocaller, our testing suggests that it will catch more than 95% of these annoying calls. Using CallerID Superfecta coupled with the Asterisk® Phanebook will provide an extremely low-cost solution both for blocking spammers AND for displaying accurate CNAM data for incoming calls. The silver lining is you’ll only pay for CNAM lookups from legitimate callers once, and you have a choice of using OpenCNAM or BulkCNAM with the scripts we’ll provide today. Last, but not least, you’ll also get CNAM data for outgoing calls in your CDR logs.
Here’s the actual dialplan addition that will monitor your incoming calls:
[sub-log-caller]
exten => s,1,NoOp(*** begin sub-log-caller ***)
exten => s,n,GotoIf(${DB_EXISTS(cidname/${CALLERID(num)})}?CNAMOK)
exten => s,n,Playback(silence/1)
exten => s,n,Playback(to-call-num-press)
exten => s,n,Playback(digits/5)
exten => s,n,Read(MYCODE,beep,1,n,1,10)
exten => s,n,GotoIf($["${MYCODE}" = "5"]?ANONTEST)
exten => s,n(FLUNKED),NoOp(*** Caller FLUNKED screening ***)
;exten => s,n,Dial(local/*701@from-internal) ; uncomment to send to 701 VM
exten => s,n,Dial(local/53669@from-internal) ; uncomment to send to Lenny
exten => s,n,Zapateller()
exten => s,n,Hangup
exten => s,n,Return()
exten => s,n(CNAMOK),Set(CALLERID(name)=${DB(cidname/${CALLERID(number)})})
exten => s,n,Goto(WHITELISTED)
exten => s,n(ANONTEST),GotoIf($[${CALLERID(num)} > 0]?WHITELISTNOW:CONNECTNOW)
exten => s,n(WHITELISTNOW),Set(DB(cidname/${CALLERID(number)})=${CALLERID(name)})
exten => s,n,Set(CALLERID(all)="${CALLERID(name)} <${CALLERID(number)}>")
exten => s,n,Goto(SENDEMAIL)
exten => s,n(WHITELISTED),Set(CALLERID(all)="${CALLERID(name)} <${CALLERID(number)}>")
exten => s,n,Goto(CONNECTNOW)
exten => s,n(SENDEMAIL),NoOp(WhiteListed: ${CALLERID(all)})
exten => s,n,Set(email="root")
exten => s,n,GotoIf($[${email} = "root"]?CONNECTNOW)
exten => s,n,system(echo "In Asterisk Phone Book, verify new CNAM entry of ${CALLERID(name)} for ${CALLERID(number)}." | /usr/bin/mail -s "Incredible PBX CNAM Reminder" ${email})
exten => s,n(CONNECTNOW),NoOp(*** end of sub-log-caller ***)
exten => s,n,Return()
;-------------------------------------------------------------------------------
The beauty of today’s design is that it won’t interfere with your existing call processing rules. In other words, FreePBX® Inbound Routes sent to IVRs, Ring Groups, Conferences, and even incoming Faxes still will be processed exactly as they have been in the past once the CallerID number makes it onto your WhiteList. In order to preserve all of this existing functionality, we’ve tweaked the FreePBX Core module slightly, but it will be transparent going forward. The only caveat is that whenever you upgrade the Core module, you’ll always need to run the /root/sig-fix script to reimplement this new call screening process and to disable Module Signature Checking which has always been an integral part of Incredible PBX.
We first introduced some of these concepts in our previous article in 2018. That article also documented the procedure for adding inbound call processing logic into FreePBX. If you already have implemented the steps outlined in that article, then today’s installer will back up your prior version and overwrite it with this new, improved release.
Here are the basic steps to get this working:
- Configuring CallerID Superfecta in FreePBX
- Enabling CallerID Superfecta on Inbound Routes
- Setting the Proper Context for Your Trunks
- Downloading & Installing Call Screener
- Importing Previous Callers into WhiteList
1. Configuring CallerID Superfecta in FreePBX
CallerID Superfecta is an integral component in today’s new call screening design. It will be used both to populate the Asterisk Phonebook’s WhiteList and to provide CallerID Name (CNAM) data about your callers while assuring that you only pay for one CNAM query even though grandma may call you a dozen times a day. We use the Asterisk Phonebook as the whitelist of authorized callers. The way CallerID Superfecta works is it checks multiple sources for a match on the incoming CallerID Number. As soon as a match is found, the checking ends and the CallerID Number and Name are passed to our Call Screening script.
The CallerID Superfecta lookup sequence needs to be set as follows in the United States: AsteriDex, Asterisk Phonebook, and then one of the following commercial CNAM lookup services: OpenCNAM or BulkCNAM. In other countries, there still may be free CNAM services, but they’ve all disappeared in the U.S. market. We’ve documented the other available sources in a previous Nerd Vittles article.
Low-volume OpenCNAM Value pricing provides global lookups for $0.0028 each. BulkCNAM provides CNAM queries with RoboCall identification for $0.002 per query. If you sign up with OpenCNAM, you will need your Account SID and Auth Token to configure CallerID Superfecta and to populate our Call Screening script. If you sign up with BulkVS, you will need your API Key from the API Credentials tab in your BulkVS Dashboard.
With your credentials in hand, login into FreePBX as admin and navigate to Admin -> CID Superfecta -> Default. Arrange and enable the lookup sources in the following order: AsteriDex, Asterisk Phonebook, and then either OpenCNAM or BulkCNAM (in the U.S. market) or your country’s best CNAM lookup source. Be sure to enter your credentials for the CNAM provider by clicking on the wrench icon beside the provider. If your incoming trunks already provide CNAM lookups (such as BulkVS and Incredible PBX Trunking), then you can substitute Trunk Provided as your CNAM lookup service. With Incredible PBX Trunking, in addition to free CNAM lookups, you also get SPAM detection at no additional cost. For details on the service, follow this link. Then we typically set Telco Data as the last lookup source which will at least give you the city and state of the caller.
2. Enabling CallerID Superfecta on Inbound Routes
By default, CallerID Superfecta is not enabled for incoming calls to your PBX. You must enable it on every Inbound Route by navigating to Connectivity -> Inbound Routes and then editing each of your routes. Then click on the Other tab and set Enable Superfecta Lookup to YES and set the Superfecta Scheme to DEFAULT. Click SUBMIT to save your route settings and then reload the dialplan when prompted.
3. Setting the Proper Context for Your Trunks
It’s equally important to make certain that the CallerID Numbers for all of your incoming calls arrive in the same format. Computers are stupid. 8005551212 and 18005551212 and +18005551212 are completely different callers as far as your PBX is concerned. If different trunks deliver calls with CallerID Numbers formatted differently, then you would need to whitelist ALL of the various permutations for every caller in the Asterisk Phonebook. For those in the U.S. and Canada that primarily receive calls from the U.S. and Canada, we recommend setting the context entry in every trunk to from-pstn-e164-us. This will handle the translation of all 3 number formats above into 10-digit numbers. Calls from other countries will not be affected.
4. Downloading & Installing Call Screener
Now let’s put all the Call Screener components in place and configure the screening setup to meet your own requirements. To get started, log into Incredible PBX as root and issue the following commands:
mkdir /tmp/CALL-SCREENER cd /tmp/CALL-SCREENER wget http://incrediblepbx.com/CallScreener.tar.gz tar zxvf CallScreener.tar.gz rm -f CallScreener.tar.gz ./install
Once the install is begun, the editor will open to the dialplan code. In the [sub-log-caller] context, you have a few options. First, you need to choose how to handle incoming calls where the caller does not enter the "press 5″ number prompt in a timely manner. The default setup (line 9) sends these callers to voicemail for extension 701. You can change the voicemail extension, or you can elect to treat the calls differently. We’ve provided two additional options. Line 10 will send the calls to Lenny at extension 53669. Line 11 will send the calls to Zapateller which is the universal tone for numbers that are not in service. You should enable only one of these three options and comment out the other two by placing a semicolon (;) at the start of the other two lines. If you have fax detection enabled on your PBX, you probably would not want to send failed calls to either Lenny or Zapateller since you may never know the incoming faxes failed. Similarly, if you get calls from people with rotary dial phones such as Grandma, you probably don’t want her talking to Lenny or listening to Zapateller tones.
The next option is which number to prompt callers to press. The default is 5. But you can change it by modifying the existing 5 entry on BOTH lines 5 and 7.
The final option in the [sub-log-caller] context is to activate email notifications for new callers that pass the screening test. This is especially important if you receive lots of calls from cellphone users. Most of those calls will arrive with a CNAM entry of nothing more than the caller’s City and State. Activating an email reminder will notify you to update the Asterisk Phonebook entry for such callers to replace the City, State entry with the caller’s actual name so that your CDR listings and future calls provide accurate CNAM information for the caller. To activate email reminders, replace root in Set(email="root") line with your actual email.
The [macro-dialout-trunk-predial-hook] context handles populating the Asterisk Phonebook WhiteList for outbound calls you make to people that are not yet in your Asterisk Phonebook. These numbers will automatically be added to your whitelist, but you also have the option of adding CNAM entries for these outbound calls using either OpenCNAM or BulkCNAM for outbound calls to numbers that are not yet in your Asterisk Phonebook. To activate CNAM lookups, simply uncomment either line 4 or 5 in the context. For the service you have activated, remember to also enter your Account SID and Auth Token in the case of OpenCNAM or your API Key in the case of BulkCNAM. If you leave both lines commented out which is the default, the callee’s phone number will be entered as both the CNAM and CNUM entry in the Asterisk Phonebook.
Once you have made all the changes desired, save the template by pressing Ctl-X, then Y, then ENTER. The installer then will complete installation of the Call Screener components.
5. Importing Previous Callers into WhiteList
We appreciate that you may not want to aggravate callers that have been calling you for years by making them jump through hoops the next time they call. So here’s a quick way to populate your Asterisk Phonebook with the names and numbers of previous callers. For entries where the CNAM is merely the CallerID Number, future calls from these numbers still will be looked up with OpenCNAM or BulkCNAM to obtain an actual CNAM match. We’ve made a couple of assumptions that you are more than welcome to adjust to meet your own needs. First, we’ve limited the list to callers from the past two calendar years. Second, we’ve only captured calls that lasted more than 15 seconds. We’ll drop down to the Linux CLI to build the list of callers to import. Then we’ll use the FreePBX GUI to import the list into the Asterisk Phonebook. While building the import list, you’ll have an opportunity to prune the list and remove any undesirable entries using nano. To generate the .csv file, issue the following commands:
cd /root ./export-CDR
Now you should have a 2YR-clean.csv file in its final form for import. Copy the file to your desktop PC and open FreePBX in your browser. Navigate to Admin -> Asterisk Phonebook. Click Import Phonebook and then Browse. Select the 2YR-clean.csv file from your desktop. Then click Upload. Take a final look at the new entries in your Asterisk Phonebook to make sure nothing came unglued, and you’re all set.
Originally published: Monday, September 14, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- Once installed, you can change the voice prompt to a number other than 5 by modifying lines 10 and 12 of the context sub-log-caller which you will find in extensions_custom.conf in the /etc/asterisk directory at the completion of this install. [↩]
A New VPN for All Seasons: Introducing OpenVPN for Asterisk
This month marks our twentieth anniversary wrestling with virtual private networks. Here’s a quick walk down memory lane. Our adventure began with the Altiga 3000 series VPN concentrators which we introduced in the federal courts in 1999. It was a near perfect plug-and-play hardware solution for secure communications between remote sites using less than secure Windows PCs. Cisco quickly saw the potential, gobbled up the company, and promptly doubled the price of the rebranded concentrators. About 10 years ago, we introduced Hamachi® VPNs to interconnect Asterisk® and PBX in a Flash servers. At the time, Hamachi was free, but that was short-lived when they were subsequently acquired by LogMeIn®. What followed was a short stint with PPTP VPNs which worked great with Macs, Windows PCs, and many phones but suffered from an endless stream of security vulnerabilities. Finally, in April 2012, we introduced the free NeoRouter® VPN. Version 2 still is an integral component in every Incredible PBX® platform today, and PPTP still is available as well. While easy to set up and integrate into multi-site Asterisk deployments, the Achilles’ Heel of NeoRouter remains its inability to directly interconnect many smartphones and stand-alone SIP phones, some of which support the OpenVPN platform and nothing else.
The main reason we avoided OpenVPN® over the years was its complexity to configure and deploy.1 In addition, it was difficult to use with clients whose IP addresses were frequently changing. Thanks to the terrific work of Nyr, Stanislas Angristan, and more than a dozen contributors, OpenVPN now has been tamed. And the new server-based, star topology design makes it easy to deploy for those with changing or dynamic IP addresses. Today we’ll walk you through building an OpenVPN server as well as the one-minute client setup for almost any Asterisk deployment and most PCs, routers, smartphones, and VPN-compatible soft phones and SIP phones including Yealink, Grandstream, Snom, and many more. And the really great news is that OpenVPN clients can coexist with your current NeoRouter VPN.
Finally, a word about the OpenVPN Client installations below. We’ve tested all of these with current versions of Incredible PBX 13-13, 16-15, and Incredible PBX 2020. They should work equally well with other server platforms which have been properly configured. However, missing dependencies on other platforms are, of course, your responsibility.
Building an OpenVPN Server Platform
There are many ways to create an OpenVPN server platform. The major prerequisites are a supported operating system, a static IP address for your server, and a platform that is extremely reliable and always available. If the server is off line, all client connections will also fail. While we obviously have not tested all the permutations and combinations, we have identified a platform that just works™. It’s the CentOS 7, 64-bit cloud offering from Vultr. If you use our referral link at Vultr, you not only will be supporting Nerd Vittles through referral revenue, but you also will be able to take advantage of their $50 free credit for new customers. For home and small business deployments, we have found the $5/month platform more than adequate, and you can add automatic backups for an additional $1 a month. Cheap insurance!
To get started, create your CentOS 7 Vultr instance and login as root using SSH or Putty. Immediately change your password and update and install the necessary CentOS 7 packages:
passwd yum -y update yum -y install net-tools nano wget tar iptables-services systemctl stop firewalld systemctl disable firewalld systemctl enable iptables
We recommend keeping your OpenVPN server platform as barebones as possible to reduce the vulnerability risk. By default, this installer routes all client traffic through the VPN server which wastes considerable bandwidth. The sed commands below modify this design to only route client VPN traffic through the OpenVPN server.
cd /root curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh chmod +x openvpn-install.sh sed -i "s|\\techo 'push \\"redirect-gateway|#\\techo 'push \\"redirect-gateway|" openvpn-install.sh sed -i "s|push \\"redirect-gateway|#push \\"redirect-gateway|" openvpn-install.sh sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' openvpn-install.sh ./openvpn-install.sh
Here are the recommended entries in running the OpenVPN installer:
- Server IP Address: using FQDN strongly recommended to ease migration issues
- Enabled IPv6 (no): accept default
- Port (1194): accept default
- Protocol (UDP): accept default
- DNS (3): change to 9 (Google)
- Compression (no): accept default
- Custom encrypt(no): accept default
- Generate Server
- Client name: firstclient
- Passwordless (1): accept default
In the following steps, we will use IPtables to block all server access except via SSH or the VPN tunnel. Then we’ll start your OpenVPN server:
cd /etc/sysconfig wget http://incrediblepbx.com/iptables-openvpn.tar.gz tar zxvf iptables-openvpn.tar.gz rm -f iptables-openvpn.tar.gz echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p systemctl -f enable openvpn@server.service systemctl start openvpn@server.service systemctl status openvpn@server.service systemctl enable openvpn@server.service systemctl restart iptables
Once OpenVPN is enabled, the server can be reached through the VPN at 10.8.0.1. OpenVPN clients will be assigned by DHCP in the range of 10.8.0.2 through 10.8.0.254. You can list your VPN clients like this: cat /etc/openvpn/ipp.txt. You can list active VPN clients like this: cat /var/log/openvpn/status.log | grep 10.8. And you can add new clients or delete old ones by rerunning /root/openvpn-install.sh.
For better security, change the SSH access port replacing 1234 with desired port number:
PORT=1234 sed -i "s|#Port 22|Port $PORT|" /etc/ssh/sshd_config systemctl restart sshd sed -i "s|dport 22|dport $PORT|" /etc/sysconfig/iptables systemctl restart iptables
04/16 UPDATE: We’ve made changes in the Angristan script to adjust client routing. By default, all packets from every client flowed through the OpenVPN server which wasted considerable bandwidth. Our preference is to route client packets destined for the Internet directly to their destination rather than through the OpenVPN server. The sed commands added to the base install above do this; however, if you’ve already installed and run the original Angristan script, your existing clients will be configured differently. Our recommendation is to remove the existing clients, make the change below, and then recreate the clients again by rerunning the script. In the alternative, you can execute the command below to correct future client creations and then run it again on each existing client platform substituting the name of the /root/.ovpn client file for client-template.txt and then restart each OpenVPN client.
cd /etc/openvpn sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' client-template.txt
Creating OpenVPN Client Templates
In order to assign different private IP addresses to each of your OpenVPN client machines, you’ll need to create a separate client template for each computer. You do this by running /root/openvpn-install.sh again on the OpenVPN server. Choose option 1 to create a new .ovpn template. Give each client machine template a unique name and do NOT require a password for the template. Unless the client machine is running Windows, edit the new .ovpn template and comment out the setenv line: #setenv. Save the file and copy it to the /root folder of the client machine. Follow the instructions below to set up OpenVPN on the client machine and before starting up OpenVPN replace firstclient.ovpn in the command line with the name of .ovpn you created for the individual machine.
Renewing OpenVPN Server’s Expired Certificate
The server certificate will expire after 1080 days, and clients will no longer be able to connect. Here’s what to do next:
systemctl stop openvpn@server.service cd /etc/openvpn/easy-rsa ./easyrsa gen-crl cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem systemctl start openvpn@server.service
Installing an OpenVPN Client on CentOS/RHEL
cd /root yum -y install epel-release yum --enablerepo=epel install openvpn -y # copy /root/firstclient.ovpn from server to client /root # and then start up the VPN client openvpn --config /root/firstclient.ovpn --daemon # adjust Incredible PBX 13-13 firewall below iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT cd /usr/local/sbin echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom
Running ifconfig should now show the VPN client in the list of network ports:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:855 (855.0 b) TX bytes:17254 (16.8 KiB)
And you should be able to login to the VPN server using its VPN IP address:
# enter actual SSH port replacing 1234 PORT=1234 ssh -p $PORT root@10.8.0.1
Installing an OpenVPN Client on Ubuntu 18.04.2
cd /root apt-get update apt-get install openvpn unzip dpkg-reconfigure tzdata # copy /root/firstclient.ovpn from server to client /root # and then start up the VPN client openvpn --config /root/firstclient.ovpn --daemon # adjust Incredible PBX 13-13 firewall below iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT cd /usr/local/sbin echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom
Running ifconfig should now show the VPN client in the list of network ports:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:855 (855.0 b) TX bytes:17254 (16.8 KiB)
And you should be able to login to the VPN server using its VPN IP address:
# enter actual SSH port replacing 1234 PORT=1234 ssh -p $PORT root@10.8.0.1
Installing an OpenVPN Client on Raspbian
Good news and bad news. First the bad news. Today’s OpenVPN server won’t work because of numerous unavailable encryption modules on the Raspberry Pi side. The good news is that NeoRouter is a perfect fit with Raspbian, and our upcoming article will show you how to securely interconnect a Raspberry Pi with any Asterisk server in the world… at no cost.
04/16 Update: We now have OpenVPN working with Incredible PBX for the Raspberry Pi. The trick is that you’ll need to build the latest version of OpenVPN from source before beginning the client install. Here’s how. Login to your Raspberry Pi as root and issue these commands:
apt-get remove openvpn apt-get update apt-get install libssl-dev liblzo2-dev libpam0g-dev build-essential -y cd /usr/src wget https://swupdate.openvpn.org/community/releases/openvpn-2.4.7.tar.gz tar zxvf openvpn-2.4.7.tar.gz cd openvpn-2.4.7 ./configure --prefix=/usr make make install openvpn --version
Now you should be ready to install a client config file, start up OpenVPN, and adjust firewall:
cd /root dpkg-reconfigure tzdata # copy /root/firstclient.ovpn from server to client /root # and then start up the VPN client openvpn --config /root/firstclient.ovpn --daemon # adjust Incredible PBX 13-13 firewall below iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT cd /usr/local/sbin echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom
Installing an OpenVPN Client on a Mac
While there are numerous OpenVPN clients for Mac OS X, none hold a candle to Tunnelblick in terms of ease of installation and use. First, create a new client config on your server and copy it (/root/*.ovpn) to a folder on your Mac where you can find it. Download Tunnelblick and install it. Run Tunnelblick and then open Finder. Click and drag your client config file to the Tunnelblick icon in the top toolbar. Choose Connect when prompted. Done.
Installing an OpenVPN Client for Windows 10
The installation procedure for Windows is similar to the Mac procedure above. Download the OpenVPN Client for Windows. Double-click on the downloaded file to install it. Create a new client config on your server and copy it (/root/*.ovpn) to a folder on your PC where you can find it. Start up the OpenVPN client and click on the OpenVPN client in the activity tray. Choose Import File and select the config file you downloaded from your OpenVPN Server. Right-click on the OpenVPN icon again and choose Connect. Done.
Installing an OpenVPN Client for Android
Our favorite OpenVPN client for Android is called OpenVPN for Android and is available in the Google Play Store. Download and install it as you would any other Android app. Upload a client config file from your OpenVPN server to your Google Drive. Run the app and click + to install a new profile. Navigate to your Google Drive and select the config file you uploaded.
Installing an OpenVPN Client for iOS Devices
The OpenVPN Connect client for iOS is available in the App Store. Download and install it as you would any other iOS app. Before uploading a client config file, open the OpenVPN Connect app and click the 4-bar Settings icon in the upper left corner of the screen. Click Settings and change the VPN Protocol to UDP and IPv6 to IPV4-ONLY Tunnel. Accept remaining defaults.
To upload a client config file, the easiest way is to use Gmail to send yourself an email with the config file as an attachment. Open the message with the Gmail app on your iPhone or iPad and click on the attachment. Then choose the Upload icon in the upper right corner of the dialog. Next, choose Copy to OpenVPN in the list of apps displayed. When the import listing displays in OpenVPN Connect, click Add to import the new profile. Click ADD again when the Profile has been successfully imported. You’ll be prompted for permission to Add VPN Configurations. Click Allow. Enter your iOS passcode when prompted. To connect, tap once on the OpenVPN Profile. To disconnect, tap on the Connected slider. When you reopen the OpenVPN Connect app, the OVPN Profiles menu will display by default. Simply tap once on your profile to connect thereafter.
Installing a Web Interface to Display Available Clients
One advantage of NeoRouter is a simple way for any VPN client to display a listing of all VPN clients that are online at any given time. While that’s not possible with OpenVPN, we can do the next best thing and create a simple web page that can be accessed using a browser but only from a connected OpenVPN client pointing to http://10.8.0.1.
To set this up, log in to your OpenVPN server as root and issue the following commands:
yum --enablerepo=epel install lighttpd -y systemctl start lighttpd.service systemctl enable lighttpd.service chown root:lighttpd /var/log/openvpn/status.log chmod 640 /var/log/openvpn/status.log cd /var/www rm -rf lighttpd wget http://incrediblepbx.com/lighttpd.tar.gz tar zxvf lighttpd.tar.gz ln -s /var/log/openvpn/status.log /var/www/lighttpd/status.log sed -i 's|#server.bind = "localhost"|server.bind = "10.8.0.1"|' /etc/lighttpd/lighttpd.conf systemctl restart lighttpd.service
Latest VPN Security Alerts
https://nakedsecurity.sophos.com/2019/04/16/security-weakness-in-popular-vpn-clients/
Originally published: Monday, April 15, 2019 Updated: Saturday, February 29, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- Our discussion today is focused on the free, MIT-licensed version of OpenVPN. For details on their commercial offerings, follow this link. [↩]
Dare to Compare: The Best (free) VoIP Offerings for 2018
Last week we showed you how to get 10 months of free hosting for your Incredible PBX® in the Cloud. And today we present our semi-annual survey of the latest and greatest VoIP offerings for 2018. The beauty of the cloud platform is you can try all of them for less than a penny an hour and decide for yourself which free offering best meets your needs. This year we’ve ushered in new Asterisk® 13 LTS releases of Incredible PBX® on the CentOS, Ubuntu, and Raspberry Pi platforms as well as new versions for Issabel 4 and VitalPBX. To sweeten the pot even further, we nailed down a new Cloud-based offering for $10 a year that makes a perfect VOIP sandbox for our CentOS platform. For 2018, we also secured new (free) DID offerings in the U.S. and announced a Nerd Vittles exclusive providing access to 300+ VoIP providers worldwide, all at wholesale prices. And, last but not least, we introduced Digium’s newest IP phones for Asterisk including a $59 model that makes a perfect VoIP companion.
Choosing the Best VoIP Platform for Your Needs
Choosing a VoIP platform is partially a subjective decision, but there also are some glaring red flags to consider. We suggest you begin by deciding whether your preferences include any must-have’s. Do your requirements mandate an open source solution? Do you need text-to-speech and voice recognition? Does the operating system have to be Linux-based and, if so, must it be CentOS, Debian, or Ubuntu? If you’ll be using SIP phones, must the platform include phone provisioning software for your phones, or is the ability to purchase it as an add-on sufficient? Is paid support important in making your platform decision and how much are you prepared to pay? Are automatic or pain-free software updates critical in making your selection? Is migration from an existing platform a factor? Does a preconfigured, secure firewall matter, or are you prepared to do it yourself or take your chances? Before choosing to ignore security, read this RIPS analysis of FreePBX®. Here’s a snippet from the article. Read it carefully. It’s your phone bill.
Since FreePBX is written completely in PHP, we decided to throw it into our code analysis tool RIPS. The results were more than surprising and should tell you why a rock-solid firewall is absolutely essential.
The total amount of detected vulnerabilities is very high. Luckily, the majority of the detected vulnerabilities are inside the administration control panel, such that attackers either need to steal a valid account or they have to trick an administrator into visiting a malicious website that triggers one of the critical vulnerabilities. For example, a remote command execution vulnerability could be triggered by a less critical cross-site scripting vulnerability. By chaining both vulnerabilities, the severity is increased drastically and can lead to full server compromise.
In choosing which platforms to include today, we eliminated platforms which we considered too complicated for the average new user to configure. We also eliminated any platform that did not offer at least a free tier of service with a reasonably complete feature set as part of their offering. So here’s our Pick of the Litter.
We must confess that we are partial to the Incredible PBX offerings because they provide a turnkey GPL platform with minimal configuration required on your part. Regardless of platform, all come standard with a preconfigured firewall and about three dozen applications for Asterisk that will help you learn everything there is to know about VoIP telephony.
VoIP Platform Feature Summary
Aggregation: Incredible PBX 13-13 for CentOS/SL
License: Open Source GPL
VoIP Platform: Asterisk 13
GUI: FreePBX 13 GPL modules
O/S: CentOS/SL 6.9 or 7
Phone Provisioning: Open Source
Text-to-Speech/Voice Recognition: Yes/Yes
Software Updates: Automatic Update Utility included
Migration Tools: No
Security: Fail2Ban + Preconfigured Firewall Whitelist
Security Rating (as delivered): Secure
Comments: Lean & Mean or Whole Enchilada installers as well as ISO available
Aggregation: Incredible PBX 13-13 for Raspbian
License: Open Source GPL
VoIP Platform: Asterisk 13
GUI: FreePBX 13 GPL modules
O/S: Raspbian 7
Phone Provisioning: Open Source
Text-to-Speech/Voice Recognition: Yes/Yes
Software Updates: Automatic Update Utility included
Migration Tools: No
Security: Fail2Ban + Preconfigured Firewall Whitelist
Security Rating (as delivered): Secure
Aggregation: Incredible PBX 13-13 for Ubuntu
License: Open Source GPL
VoIP Platform: Asterisk 13
GUI: FreePBX 13 GPL modules
O/S: Ubuntu 18.04
Phone Provisioning: Open Source
Text-to-Speech/Voice Recognition: Yes/Yes
Software Updates: Automatic Update Utility included
Migration Tools: No
Security: Fail2Ban + Preconfigured Firewall Whitelist
Security Rating (as delivered): Secure
Comments: Lean & Mean or Whole Enchilada installers
Aggregation: VitalPBX
License: Closed Source
VoIP Platform: Asterisk 13
GUI: Free and Commercial modules
O/S: CentOS 7
Phone Provisioning: Free
Text-to-Speech/Voice Recognition: Optional/Optional
Software Updates: Automatic
Migration Tools: Yes
Security: Fail2Ban + User-Configurable Firewall
Security Rating (as delivered): Insecure
Comments: Incredible PBX add-on now available including TM3 firewall.
Aggregation: Incredible PBX for Issabel 4
License: Open Source GPL
VoIP Platform: Asterisk 13
GUI: FreePBX 11 GPL modules
O/S: CentOS 7
Phone Provisioning: Open Source
Text-to-Speech/Voice Recognition: No/No
Software Updates: Semi-Automatic
Migration Tools: No
Security: Fail2Ban + Unconfigured Firewall
Security Rating (as delivered): Secure with Incredible PBX add-on
Comments: Incredible PBX add-on provides secure platform
Aggregation: FusionPBX for FreeSWITCH
License: Open Source MPL 1.1
VoIP Platform: FreeSWITCH 1.6
GUI: FusionPBX
O/S: Debian 8
Phone Provisioning: Free
Text-to-Speech/Voice Recognition: Optional/Optional
Software Updates: Automatic
Security: Fail2Ban + User-Configurable Firewall
Security Rating (as delivered): Secure with mods below
Comments: Incredible PBX firewall add-on now available .
Aggregation: Incredible PBX for Wazo
License: GPL3 Open Source
VoIP Platform: Asterisk 15 RealTime
GUI: Wazo GPL3 modules
O/S: Debian 9
Phone Provisioning: Extensive Open Source
Text-to-Speech/Voice Recognition: Yes/Yes
Software Updates: Automatic or 2-minute Manual
Migration Tools: No
Security: Fail2Ban + Preconfigured Firewall
Security Rating (as delivered): Secure WhiteList with Incredible PBX add-on
Comments: High Availability & Call Center GPL3 Modules
Aggregation: FreePBX Distro a.k.a. AsteriskNOW
License: Closed Source
VoIP Platform: Asterisk 13/14/15
GUI: FreePBX GPL and Commercial modules
O/S: Closed-source CentOS fork
Phone Provisioning: Open Source (minimal) or Commercial
Text-to-Speech/Voice Recognition: Optional/No
Software Updates: Manual from Hidden Repo
Migration Tools: Yes
Security: Fail2Ban + User-Configurable Firewall
Security Rating (as delivered): Insecure
Comments: Extensive commercial NagWare preinstalled
Deploying a Local Server vs. Cloud Platform
We’ve always been big fans of local servers because you have almost total control of your own destiny. This was especially true when the Raspberry Pi came along to take the financial pain out of the server equation. But the price of Cloud-based servers has continued to plummet. For 2018, you can run any of our favorites on the least expensive platform at Vultr or Digital Ocean for $2.50 a month. And, if you hurry, your first 10 months are free at Vultr. Spending another 50 cents buys you automatic backups.1 And, for the Incredible PBX 13-13 build with CentOS 6.9 (64-bit), we’ve found a deal at HiFormance that offers a high-performance OpenVZ platform at an annual cost of just $10. The technical specs are impressive (even better if you sign up for 3 years), and we don’t think you’ll find a comparable deal with anything near comparable performance and specs anywhere, period. You get your choice of hosting sites including New York, Chicago, Los Angeles, Buffalo, Atlanta, and Dallas. Complete tutorial available here.
NOTE: OpenVZ/SolusVM platforms not suitable for CentOS 7, Debian 9, or Ubuntu 18 implementations, and some providers do not yet support Ubuntu 18.04 platform although Vultr and Digital Ocean both do.
Available Free Trunks for VoIP Servers
For many years, we’ve offered free Google Voice connectivity with our VoIP platforms. And that remains true at least for a few more weeks. On all of the Incredible PBX platforms, Google Voice trunks can be set up to make free calls in the U.S. and Canada provided you have a U.S. residence and a U.S. cellphone number to verify that you are who you say you are. There’s even a ray of hope that the Simonics gateway may allow you to continue using Google Voice after Google Voice’s mid-June drop-dead date for XMPP. Details here. But what about the rest of the world. For 2018, we solved the problem by offering free DID trunks for inbound calls and a collection of 300 wholesale VoIP carriers worldwide to make outbound calls at the same wholesale rates offered to the very largest resellers. Simply pay a 13% surcharge in lieu of the $650 annual fee, and TelecomsXchange (TCXC) will provide you access to their entire suite of wholesale carriers together with state-of-the-art tools to manage all of the services.2 The Nerd Vittles setup tutorial is available here. Enjoy!
Published: Monday, March 5, 2018 Updated: Sunday, May 27, 2018
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
- On the Vultr and Digital Ocean $2.50 platforms, be sure to (1) create a 1GB swapfile once you’ve chosen your operating system. (2) Then, for Vultr, issue the following command before beginning the Incredible PBX install: apt-get install cloud-init.
(3) Now complete the steps outlined in your preferred Nerd Vittles tutorial, and you’ll be all set in about 15 minutes. [↩] - Our special thanks to TelecomsXchange. They have generously offered to contribute a portion of the wholesale surcharge to support the Incredible PBX open source project. [↩]
One Minute Wonder: Introducing VitalPBX for VirtualBox
Last week we took VitalPBX to the Cloud with our rock-solid firewall. And this week we’ll show you how to get VitalPBX up and running on any desktop computer in less than a minute using VirtualBox®. If you’ve followed Nerd Vittles over the years, you already know that VirtualBox from Oracle® is one of our favorite platforms. Almost any desktop computer can serve as a VirtualBox hosting platform. And once VirtualBox is installed, adding VitalPBX is a snap. Download the VitalPBX image, initialize your MAC address, start up the VM, and boom. Instant PBX perfection! The really nice thing about our tutorials is it doesn’t cost you a dime to try things out for yourself. And the Incredible PBX® feature set is included as well. Just add your credentials and speech-to-text, voice recognition, and a Siri-like interface are as close as your nearest SIP phone. Splurge with a $4.99 one-time purchase to add Google Voice, and you’ve got unlimited free calling in the U.S. and Canada. So why wait? Let’s get started.
Installing Oracle VM VirtualBox
Oracle’s virtual machine platform inherited from Sun is amazing. It’s not only free, but it’s pure GPL2 code. VirtualBox gives you a virtual machine platform that runs on top of any desktop operating system. In terms of limitations, we haven’t found any. We even tested this on an Atom-based Windows 7 machine with 2GB of RAM, and it worked without a hiccup. So step #1 today is to download one or more of the VirtualBox installers from VirtualBox.org or Oracle.com. Our recommendation is to put all of the 100MB installers on a 4GB thumb drive.1 Then you’ll have everything in one place whenever and wherever you happen to need it. Once you’ve downloaded the software, simply install it onto your favorite desktop machine. Accept all of the default settings, and you’ll be good to go. For more details, here’s a link to the Oracle VM VirtualBox User Manual.
Installing Incredible PBX for VitalPBX VM
To begin, download the Incredible PBX for VitalPBX .ova image (1.0 GB) to the computer on which you installed VirtualBox.
Next, double-click on the VitalPBX .ova image on your desktop. Be sure to check the box to initialize the MAC address of the image and then click Import. Once the import is finished, you’ll see a new VitalPBX virtual machine in the VM List of the VirtualBox Manager Window. Let’s make a couple of one-time adjustments to the VitalPBX configuration to account for differences in sound and network cards on different host machines.
(1) Click once on the VitalPBX virtual machine in the VM List. Then (2) click the Settings button. In the Audio tab, check the Enable Audio option and choose your sound card. In the Network tab for Adapter 1, check the Enable Network Adapter option. From the Attached to pull-down menu, choose Bridged Adapter. Then select your network card from the Name list. Then click OK. That’s all the configuration that is necessary for VitalPBX.
Running VitalPBX in VirtualBox
Once you’ve imported and configured the VitalPBX Virtual Machine, you’re ready to go. Highlight the VitalPBX virtual machine in the VM List on the VirtualBox Manager Window and click the Start button. The standard CentOS boot procedure will begin and, within a few seconds, you’ll get the familiar Linux login prompt. During the bootstrap procedure, you’ll see a couple of dialogue boxes pop up that explain the keystrokes to move back and forth between your host operating system desktop and your virtual machine. Remember, you still have full access to your desktop computer. Incredible PBX for VitalPBX is merely running as a task in a VM window. Always gracefully halt VitalPBX just as you would on any computer.
Here’s what you need to know. To work in the VitalPBX virtual machine, just left-click your mouse while it is positioned inside the VM window. To return to your host operating system desktop, press the right Option key on Windows machines or the left Command key on any Mac. For other operating systems, read the dialogue boxes for instructions on moving around. To access the Linux CLI, login as root with the default password: password. Change your root password immediately by typing: passwd.
VitalPBX comes preconfigured so we need to login to the virtual machine for one primary reason, to obtain the IP address of VitalPBX. Once you’ve deciphered the IP address, point your favorite web browser at the IP address you wrote down. You’ll be prompted to create an admin password for your PBX and then you’ll be asked to register the PBX with Telesoft.
We’re assuming your VitalPBX VM is set up behind a hardware-based firewall. If not, you should immediately configure the firewall as documented in our VitalPBX in the Cloud article.
First, you’ll need to change the password for Extension 701: PBX:Extensions:Edit:701. The Edit option is the four-bar icon in the upper right corner of the VitalPBX dialog window. Click Save and Reload your Dialplan.
Next, you’ll need to register a Google Voice trunk with the Simonics SIP/GV Gateway for a one-time fee of $4.99. This gets you unlimited incoming and outgoing calls to the U.S. and Canada if you live in the U.S. Otherwise, set up a SIP trunk and enter your credentials in PBX:External:Trunks:SIP. If you’re using the Simonics gateway, the SIP trunk already has been set up. Just enter your credentials and change Disable Trunk to NO as shown below:
CAUTION: In choosing a DID for outbound calls with Incredible PBX, we strongly recommend that you use a Google Voice trunk. The reason is that, as long as your Google Voice account has no money allocated to it, Google will manage outbound calls to 10 and 11-digit phone numbers and block those that may incur enormous long distance charges from unscrupulous "merchants" in certain Caribbean countries. If you don’t heed our recommendation, we urge you NOT to link an Inbound Route to the Incredible PBX custom context. It’s your phone bill.
If you plan to use VitalPBX for "real work," then you’ll also want to change the Conference credentials for 2663 (C-O-N-F): PBX:Applications:Conference.
The VitalPBX virtual machine comes preconfigured to direct all incoming calls to Allison’s Demo IVR for Incredible PBX. If you’d prefer some other setup, change the Destination of the Default Inbound Route: PBX:External:Inbound Route:Default.
Configuring Incredible PBX for VitalPBX
In order to take advantage of all the Incredible PBX applications, you’ll need to obtain IBM text-to-speech (TTS) and speech-to-text (STT) credentials as well as a (free) Application ID for Wolfram Alpha.
NOV. 1 UPDATE: IBM has moved the goal posts effective December 1, 2018:
This Nerd Vittles tutorial will walk you through getting your IBM account set up and obtaining both your TTS and STT credentials. Be sure to write down BOTH sets of credentials which you’ll need in a minute. For home and SOHO use, IBM access and services are FREE even though you must provide a credit card when signing up. The IBM signup process explains their pricing plans.
To use Wolfram Alpha, sign up for a free Wolfram Alpha API account. Just provide your email address and set up a password. It takes less than a minute. Log into your account and click on Get An App ID. Make up a name for your application and write down (and keep secret) your APP-ID code. That’s all there is to getting set up with Wolfram Alpha. If you want to explore costs for commercial use, there are links to let you get more information.
In addition to your Wolfram Alpha APPID, there are two sets of IBM credentials to plug into the Asterisk AGI scripts. Keep in mind that there are different usernames and passwords for the IBM Watson TTS and STT services. The TTS credentials will look like the following: $IBM_username and $IBM_password. The STT credentials look like this: $API_USERNAME and $API_PASSWORD. Don’t mix them up. 🙂
All of the scripts requiring credentials are located in /var/lib/asterisk/agi-bin so switch to that directory after logging into your server as root. Edit each of the following files and insert your TTS credentials in the variables already provided: nv-today2.php, ibmtts.php, and ibmtts2.php. Edit each of the following files and insert your STT credentials in the variables already provided: getquery.sh, getnumber.sh, and getnumber2.sh. Finally, edit 4747 and insert your Wolfram Alpha APPID.
Using Asteridex with VitalPBX
AsteriDex is a web-based dialer and address book application for Asterisk and VitalPBX. It lets you store and manage phone numbers of all your friends and business associates in an easy-to-use SQLite3 database. You simply call up the application with your favorite web browser: http://vitalpbx-ip-address/asteridex4/. When you click on a contact that you wish to call, AsteriDex first calls you at extension 701, and then AsteriDex connects you to your contact through another outbound call made using your default outbound trunk that supports numbers in the 1NXXNXXXXXX format.
Before AsteriDex Click-to-Call will work, you must authorize AsteriDex to access Asterisk from your browser. After logging into your server as root, edit the following file in /etc/asterisk/ombutel: manager__50-ombutel-user.conf. For each public IP address you wish to authorize, add an entry like the following immediately below the existing permit entry in the file. The non-routable IP address subnets already have been configured so, if you’re using a browser behind the same firewall as VitalPBX, you can skip this step. Otherwise reload the dialplan after adding public IP addresses: asterisk -rx "dialplan reload"
permit=12.34.56.78
Taking Incredible PBX for a Test Drive
You can take Incredible PBX for VitalPBX on a test drive in two ways. You can call our server, and then you can try things out on your own server and compare the results. Call our IVR by dialing 1-843-606-0555. For our international friends, you can use the following SIP URI for a free call: 10159591015959@atlanta.voip.ms. For tips on setting up your own secure, hybrid SIP URI with VitalPBX, see our original tutorial. The FreePBX® setup is virtually identical except for the location of the custom SIP setting for match_auth_username=yes. On a VitalPBX server, you will enter it here: Settings:Technology Settings:SIP Settings:CUSTOM.
With Allison’s Demo IVR, you can choose from the following options:
- 0. Chat with Operator — connects to extension 701
- 1. AsteriDex Voice Dialer – say "Delta Airlines" or "American Airlines" to connect
- 2. Conferencing – log in using 1234 as the conference PIN
- 3. Wolfram Alpha Almanac – say "What planes are flying overhead"
- 4. Lenny – The Telemarketer’s Worst Nightmare
- 5. Today’s News Headlines — courtesy of Yahoo! News
- 6. Weather by ZIP Code – enter any 5-digit ZIP code for today’s weather
- 7. Today in History — courtesy of OnThisDay.com
- 8. Chat with Nerd Uno — courtesy of SIP URI connection to 3CX iPhone Client
- 9. DISA Voice Dialer — say any 10-digit number to be connected
- *. Current Date and Time — courtesy of VitalPBX
You can call your own IVR in two ways. From an internal VitalPBX phone, dial D-E-M-O (2663) to be connected. Or simply dial the number of the DID you routed to the Incredible PBX Custom Context. Either way, you should be connected to the Incredible PBX IVR running on your VitalPBX server. Be sure that you heed AND test the CAUTION documented above. Enjoy!
Originally published: Monday, April 9, 2018
Got Friends? 7 Countries Have Never Visited Nerd Vittles. 2018 Is Calling! https://t.co/wMfmlhAr16 #asterisk #freepbx #wazo #issabel #IncrediblePBX #3CX pic.twitter.com/kAmAEnwVIw
— Ward Mundy (@NerdUno) January 9, 2018
Need help with VitalPBX? Visit the VitalPBX Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. [↩]
VitalPBX in the Cloud: Providers, Backups, & Airtight Security
Last month we introduced VitalPBX, a terrific new (free) VoIP platform that’s about as intuitive as software can get. We followed up with a dozen Incredible PBX applications that really showed off the flexibility of this new Asterisk® platform. And today we’re pleased to introduce two new cloud solutions that offer our whitelist firewall design for security plus automatic backups. Both Digital Ocean and Vultr offer terrific performance coupled with a $5/month price point that is easy on your wallet. Our tip of the hat goes to Digital Ocean this month because they are again offering a $10 credit on new accounts while also generously supporting Nerd Vittles. That translates into two free months of VitalPBX in the Cloud service for you to kick the tires. If you like what you see, you can spring for the extra $1 a month and add automatic backups to your $5/mo. bill going forward. With a $10 credit, what’s to lose?
To get started, set up an account with one of these cloud providers and create a $5 a month server with 64-bit CentOS 7 in your choice of cities. Once you have your root password, log into your new server as root using SSH or Putty. On Digital Ocean, you will be prompted to change your password the first time you login. On Vultr, you have to manually do it by issuing the command: passwd. Then you’re ready to begin the VitalPBX install. Just issue the following commands and then grab a cup of coffee.
cd /root yum -y install wget nano tar wget https://raw.githubusercontent.com/wardmundy/VPS/master/vps.sh chmod +x vps.sh ./vps.sh
The base install takes less than 15 minutes to complete. When it’s finished, use a web browser from your desktop PC and log into the IP address of your new VitalPBX server. You’ll be prompted to set up an admin password for GUI access and then you register your server with Telesoft. Should you ever forget your admin password, here’s how to force a reset on your next login from a browser:
mysql ombutel -e 'update ombu_settings set value = "yes" where name = "reset_pwd"'
After logging in, you’ll be presented with the VitalPBX Dashboard:
From here, the drill is pretty much the same as what was outlined in our original VitalPBX tutorial. So jump over there to complete your set up and configure extensions, trunks, routes, and a few other settings for your new PBX. Then pick back up here to secure your server!
Security Methodology. What is different on the cloud platform is you don’t have a hardware-based firewall to protect your server. So we’ll need to configure VitalPBX using its built-in firewalld and Fail2Ban applications. Our preference is to use a whitelist of IP addresses to access your server and its resources. In that way, the Bad Guys never even see your server on the Internet. Our security philosophy is simple. If you can’t see it, you can’t hack it.
In addition to a WhiteList of public IP addresses, we also will enable a secure NeoRouter VPN front door to your server as well as a PortKnocker backdoor thereby providing three separate and secure ways to gain server access without publicly exposing VitalPBX to the Internet. If you have a better way, by all means go for it. After all, it’s your phone bill.
Firewall and Fail2Ban Setup. To begin, login to the VitalPBX GUI with a browser using your admin credentials. Then do the following:
(1.) Add NeoRouter VPN Protocol TCP Port 32976 in Admin:Security:Firewall:Services.
(2.) Add NeoRouter VPN Action ACCEPT rule in Admin:Security:Firewall:Rules.
(3.a.) WhiteList your client and server IP addresses in Admin:Security:Firewall:WhiteList.
(3.b.) WhiteList 127.0.0.1 (for localhost) and 10.0.0.0/24 (for NeoRouter VPN).
(3.c.) WhiteList the IP addresses of any potential unregistered trunk providers.
(3.d.) WhiteList the public IP addresses of any extensions you plan to install.
(4.) Enable Fail2Ban in Admin:Security:Intrusion Detection.
(5.a.) WhiteList your client IP address(es) in Admin:Security:Intrusion Detection:Whitelist.
(5.b.) WhiteList the NeoRouter VPN subnet, 10.0.0.0/24, as well.
(6.) Remove the following rules from Admin:Security:Firewall:Rules
SIP HTTP HTTPS SSH IAX2 PJSIP
(7.) Reload the VitalPBX dialplan by clicking the Red indicator (upper right of the GUI).
(8.) Verify IPtables WhiteList: iptables -nL | grep ACCEPT
(9.) Verify Fail2Ban WhiteList: grep -r ignoreip /etc/fail2ban/jail.d/*
Travelin’ Man 3 Addition. One of the major shortcomings in the firewalld implementation of IPtables is the lack of any support for fully-qualified domain names in their WhiteList. For those that want to use dynamic DNS updating services with custom FQDNs to manage remote user access to your server, this is a serious limitation even though PortKnocker alleviates some of the misery. So here’s our solution. We have reworked the Travelin’ Man 3 toolkit for VitalPBX so that you can use command line scripts to add (add-ip and add-fqdn), remove (del-acct), and manage (ipchecker) your WhiteList using either IP addresses (add-ip) or FQDNs (add-fqdn). The automatic update utility (ipchecker) will keep your FQDNs synchronized with your dynamic IP address service by updating the WhiteList every 10 minutes between 5 a.m. and 10 p.m. daily. Keep in mind that this is a supplement to the existing VitalPBX firewall setup documented above. And we only recommend that you add it if you plan to implement automatic management of dynamic IP addresses with FQDNs for your extensions and remote users.
If you plan to use the TM3 addition, you are strongly urged to not make further firewall changes using the VitalPBX GUI unless (1) you can also remember to keep your desktop PC’s IP address whitelisted in VitalPBX and (2) you remember to restart IPtables (iptables-restart) in the CLI after having made firewall changes in the VitalPBX GUI. Otherwise, you will lose your Travelin’ Man 3 WhiteList entries which means folks will get locked out of your server until the TM3 WhiteList is updated by running iptables-restart. All TM3 WhiteListed entries are stored and managed in individual text files in /root with a file extension of .iptables. Do not manually delete them!
To install the TM3 addition, issue the following commands:
cd / wget http://incrediblepbx.com/tm3-vitalpbx.tar.gz tar zxvf tm3-vitalpbx.tar.gz rm -f tm3-vitalpbx.tar.gz echo "/usr/local/sbin/iptables-boot" >> /etc/rc.d/rc.local chmod +x /etc/rc.d/rc.local systemctl enable rc-local echo "*/10 5-22 * * * root /usr/local/sbin/ipchecker > /dev/null 2>&1" >> /etc/crontab
Using DynDNS to Manage FQDNs. The key ingredient with Travelin’ Man 3 is automatic management of dynamic IP addresses. When a user or even the administrator moves to a different location or IP address, we don’t want to have to manually adjust anything. So what you’ll first need is a DynDNS account. Other free providers are available but are less flexible. For $40 a year, DynDNS lets you set up 30 FQDNs and keep the IP addresses for those hostnames current. That’s more than ample for almost any small business but, if you need more horsepower, DynDNS.com can handle it. What we recommend is setting up a separate FQDN for each phone on your system that uses a dynamic IP address. This can include the administrator account if desired because it works in exactly the same way. When the administrator extension drops off the radar, a refresh of IPtables will bring all FQDNs back to life including the administrator’s account. Sounds simple? It is.
Getting Started with Travelin’ Man 3. Here are the 5 tools that are included in the TM3 suite for VitalPBX:
- add-ip some-label ip-address – Allows you to add an IP address to the WhiteList
- add-fqdn some-label FQDN – Allows you to add an FQDN to the WhiteList
- del-acct some-label.iptables – Deletes an IP address or FQDN from WhiteList
- ipchecker – Runs every 10 minutes to synchronize FQDNs; do NOT run manually
- iptables-restart – Restarts IPtables and adds TM3 WhiteListed IPs and FQDNs
- iptables-boot – Loads TM3 WhiteListed IPs and FQDNs on boot only
- show-whitelist – Displays contents of both VitalPBX and TM3 WhiteLists
Using Email to Manage Your WhiteList. We have one new addition to Travelin’ Man 3 for the VitalPBX platform. Now your authorized users can send an email to the VitalPBX server to whitelist an IP address and gain access. Two different passwords are supported and can be handed out to different classes of PBX users, e.g. administrators and ordinary users. Using the "permanent" password lets someone add an IP address to the VitalPBX whitelist permanently. Using the "temporary" password lets a user add an IP address to the whitelist until the next reboot or firewall restart. In both cases, the administrator gets an immediate email showing the whitelisted IP address, who requested it, and the type of whitelist entry that was requested. The syntax for the email request is straight-forward. Just send an email to the special email account set up to handle these requests and include a Subject for the message that looks exactly like this where 8.8.8.8 is the IP address to be whitelisted and some-password is one of the two passwords: WhiteList 8.8.8.8 PW some-password
As most of you know, we’re sticklers for security, and there’s plenty of it here. First, we recommend you use an obscure FQDN for your server so that it is not easily guessed by someone wanting to do harm. Second, we assume your IP address also won’t be published. Third, the email account name also should be obscure. Think of it as another password. For example, martin432 would be a good choice while whitelist would be pretty lousy. Keep in mind that the only people sending mail to this account will be folks that need immediate access to your PBX. Finally, BOTH of the passwords to use the email feature need to be long and difficult to decipher. A mix of alphanumeric characters and upper and lowercase letters is strongly recommended because it makes successful penetration nearly impossible.
To begin, we need to reconfigure your VitalPBX Firewall to accept incoming email on TCP port 25. In Admin:Security:Firewall:Services, Add a new service that looks like the following: Name: SMTP Protocol: TCP Port: 25. Then SAVE your entry.
Next, we need to add a VitalPBX Firewall Rule that allows incoming SMTP traffic. In Admin:Security:Firewall:Rules, Add a new rule: Service: SMTP Action: Accept. Then SAVE.
Next, we need to log into the Linux CLI as root to do a couple of things. First, we need to reconfigure Postfix to accept emails from outside our server. Replace 8.8.8.8 with the actual IP address of your server. Replace smtp.myserver.com with the actual FQDN of your server. If you don’t have one, simply remove the FQDN from the command.
yum -y install mailx postconf -e "mynetworks = 127.0.0.0/8, 8.8.8.8" postconf -e "mydestination = smtp.myserver.com, localhost.localdomain, localhost" postconf -e "inet_interfaces = all" postconf -e "recipient_delimiter = +" service postfix restart
Second, we need to add an email account to process the incoming emails. Replace someuser on each line with that obscure account name you plan to use for incoming emails. Then send yourself a test email and be sure it arrives. The last command cleans out the mail account.
adduser someuser --shell=/bin/false --no-create-home --system -U echo "test" | mail -s "Hello World" someuser mail -u someuser > /var/mail/someuser
Finally, we need to set up your passwords and admin email address in /root/mailcheck. To begin, insert your actual mail account name in the following command by replacing realuser and then execute the command:
sed -i 's|someuser|realuser|' /root/mailcheck
Now edit /root/mailcheck with nano or your favorite editor and change the TempPW, PermPW, and MyEMail entries. Then save the file and add the following entry to /etc/crontab:
*/3 5-22 * * * root /root/mailcheck > /dev/null 2>&1
CAUTION: Because of the bifurcated nature of the integration of TM3’s WhiteList into the VitalPBX firewall setup, be advised that you never want to make a change in the VitalPBX GUI’s firewall configuration without assuring that the desktop machine from which you are making that change is already included in the VitalPBX Whitelist (see #3.a., above). The same applies to issuing an iptables-restart from the Linux CLI. The reason is there are two separate whitelists and either of these actions would temporarily disable the TM3 WhiteList until the iptables-restart procedure was executed AND completed. In both situations, you most probably would be locked out of web and SSH access to your own server. A VitalPBX firewall reload only restarts firewalld with the VitalPBX WhiteList, and an iptables-restart from the CLI first restarts firewalld without the TM3 WhiteList rules and then adds the TM3 WhiteList rules after the firewalld reload is completed. We have added safeguards to some of the TM3 utilities to keep you from shooting yourself in the foot by requiring the VitalPBX WhiteList addition before you can use the TM3 iptables-restart and del-acct utilities; however, this is not the case with ipchecker which typically runs as a cron job from localhost. Because there is no safeguard mechanism, do NOT run it manually unless you’re sure you first have whitelisted your desktop PC’s IP address in the VitalPBX GUI (see #3.a., above). Without getting down in the weeds, we also have no ability to control the internal workings of the VitalPBX firewall. Should you get locked out of your server, there are three remedies. The first is the email solution documented above. The second is to use PortKnocker to regain access. The third is to use the localhost console in the Digital Ocean or Vultr control panel to issue the iptables-restart command. You might want to print this out for a rainy day. 🙂
PortKnocker Installation. You may not know the remote IP addresses of everyone using your PBX, and some of your users may travel to different sites and need a temporary IP address whitelisted while using a WiFi hotspot. And, not that it would happen to you, but once in a while an administrator locks himself out of his own server by changing IP addresses without first whitelisting the new address. The solution to all of these problems is easy with PortKnocker. The user simply sends three sequential pings to ports known only by you and your users using the machine or smartphone that needs access. You can read our original tutorial for more detail. For today, let’s get PortKnocker installed and configured with your three random ports. You can review the assignment at any time by displaying /root/knock.FAQ which also explains how to send the knocks using a desktop machine or a smartphone.
cd /root wget http://incrediblepbx.com/knock-vitalpbx.sh chmod +x knock-vitalpbx.sh ./knock-vitalpbx.sh
As with other Incredible PBX Travelin’ Man 3 implementations, IP addresses whitelisted using PortKnocker only last until the next reboot, or until you issue the following command firewall-cmd --reload (does not reload TM3 WhiteList), or until you execute a firewall update from within the VitalPBX GUI (does not reload TM3 WhiteList), or until you issue the command iptables-restart which restarts the firewall AND loads the TM3 WhiteList entries. To permanently WhiteList IP addresses, follow the procedure in Step #3 above or add the entries using the TM3 utilities documented in the previous section.
NeoRouter Installation. A virtual private network (VPN) is perhaps the safest way to access any server including VitalPBX. All of your communications is securely encrypted and you connect to the server through a network tunnel using a non-routable, private IP address. There are many VPNs from which to choose. Our personal favorite is NeoRouter because up to 256 devices can be interconnected at zero cost, and you can set the whole thing up in minutes with virtually no networking expertise. If you want all of the background on NeoRouter, see our latest tutorial.
NeoRouter uses a star topology which means you must run the NeoRouter Server application on a computer platform that is accessible over the Internet all the time. Then each of the remote devices or servers runs the NeoRouter Client application, connects to the server to obtain a private IP address, and then can communicate with all of the other devices connected to the VPN. If you already have a NeoRouter Server in place, then you can skip the server installation step and skip down to installing the NeoRouter Client on your VitalPBX server.
NeoRouter Server Setup. If you’re just getting started with NeoRouter, the first step is setting up the NeoRouter Server on a platform of your choice. If you’re using the Automatic Backup feature of Digital Ocean or Vultr, then your VitalPBX server is probably as good a site as any. NeoRouter Server uses minimal resources, and outages shouldn’t be a problem except for hurricanes, tornados, and bombs. But, just so you know, if the NeoRouter Server is down, none of the NeoRouter Clients can access the VPN or any other clients so you’d have to resort to public IP addresses for network access.
To install NeoRouter Server on your VitalPBX platform, log into your server as root and issue the following commands:
cd /root wget http://download.neorouter.com/Downloads/NRFree/Update_2.3.1.4360/Linux/CentOS/nrserver-2.3.1.4360-free-centos-x86_64.rpm rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm
Next, create at least one account with administrator privileges and one account with user privileges to your NeoRouter VPN:
nrserver -adduser admin-name admin-password admin nrserver -adduser user-name user-password user
The commands to manage NeoRouter Server are a little different on the CentOS 7 platform. Here’s what you’ll need:
Start on boot: systemctl enable nrserver.service
Check status: systemctl status nrserver.service
Restart server: systemctl restart nrserver.service
Change settings: nrserver -help
NeoRouter Client Setup. Whether you’re running NeoRouter Server on your VitalPBX platform or not, you’ll still need to install and configure the NeoRouter Client software in order to access the server through the VPN using a remote computer, smartphone, or tablet. NeoRouter Clients for Linux, Windows, Macs, FreeBSD, Mobile, OpenWRT, Tomato, and HTML5 are available here. Be sure to choose the NRFree V2 platform tab before downloading a client, or you’ll get the wrong client software and nothing will work! Ask us how we know.
To install NeoRouter Client on your VitalPBX platform, log into your server as root and issue the following commands:
cd /root wget http://download.neorouter.com/Downloads/NRFree/Update_2.3.1.4360/Linux/CentOS/nrclient-2.3.1.4360-free-centos-x86_64.rpm rpm -Uvh nrclient-2.3.1.4360-free-centos-x86_64.rpm
As with NeoRouter Server, the commands to manage NeoRouter Client are a little different on the CentOS 7 platform. Here’s what you’ll need:
Start on boot: systemctl enable nrservice.service
Check status: systemctl status nrservice.service
Restart client: systemctl restart nrservice.service
Login to VPN: nrclientcmd
The main requirement after installing the software is to login to your VPN: nrclientcmd. You’ll be prompted for the FQDN or IP address of your NeoRouter Server and then the admin or user credentials. If successful, you’ll get a display of all the machines logged into the VPN, including the VitalPBX server.
NeoRouter Network Explorer – somebody@vultr.guest
> My Computers
10.0.0.2 vultr.guest
Available Commands: changeview, wakeonlan, setproxy, changepassword, quit
Enter command:
The next step is to download and install NeoRouter Client software on your desktop computer and smartphone. Then you can remotely connect to your VitalPBX server from those platforms. In our example above, you could login to 10.0.0.2 with either SSH or your web browser and never have to worry about whitelisting your remote machines with VitalPBX.
Checking VitalPBX Status. As with other Incredible PBX platforms, we have reworked the pbxstatus utility to support VitalPBX. Running it from the command prompt will display the status of all of the key services on your PBX. Note the addition of the VPN’s IP address which tells you that NeoRouter Client is alive and well:
Configuring Automatic Backups. When you’re ready to enable backups for a Digital Ocean droplet, navigate to the list of droplets for your account. Click the Droplet name for which you’d like to enable backups, and then click the Backups menu item. This will display the cost of backups for the given droplet. Click the Enable Backups button to enable backups.
The Vultr setup is similar. Automatic backup settings are managed through the Vultr control panel. Once you log into your account, visit the server’s management area, click on your server in the dialog, and then click on the "Backups" tab for your VPS. Click Enable Backups. On either platform, the backup option adds a $1 a month to the cost of the $5 server. That’s pretty cheap insurance.
Originally published: Monday, April 2, 2018
Got Friends? 7 Countries Have Never Visited Nerd Vittles. 2018 Is Calling! https://t.co/wMfmlhAr16 #asterisk #freepbx #wazo #issabel #IncrediblePBX #3CX pic.twitter.com/kAmAEnwVIw
— Ward Mundy (@NerdUno) January 9, 2018
Need help with VitalPBX? Visit the VitalPBX Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Meet the New Kid on the Block: Introducing (free) VitalPBX
If you liked Ombutel, you’re going to love VitalPBX. If you’ve never heard of Ombutel but you live and breathe Asterisk®, you’re still going to love VitalPBX. For everyone else, you’re going to love VitalPBX. In addition to an impressive collection of commercial modules, this month’s release of the VitalPBX 2.0 Unified Communications Platform provides the slickest user interface in the VoIP universe. It includes new support for PJsip, DPMA and Digium phones, XMPP chat, video conferencing, WebRTC, and our favorite, Custom Contexts. What began several years ago as a joint development project between Telesoft and Xorcom is now an independent venture of Telesoft. If you love Features, VitalPBX has no equal:
VitalPBX has many open source and GPL components including Asterisk 13.19.0, however, VitalPBX is a freeware product much like FreePBX® which blends commercial modules and proprietary components into its distribution. It’s not our favorite business model, but we certainly understand the rationale given the disappointing GPL history in the VoIP space. For our testing purposes, Telesoft has generously provided free licenses to commercial modules. We would hasten to add that no features requiring payment were used in this article or in the demo applications accompanying it. We will cover the commercial applications requiring payment at a later date.
Incidentally, when you get around to exploring the commercial offerings, keep in mind that all of them come with a free tier to let you try things out:
- Custom Contexts – 1 free context
- IVR Stats – 1 free IVR
- Sonata Switchboard – 1 free layout for 15 extensions
- Sonata Billing – free for 8 extensions
- Sonata Recordings – free for 8 extensions
- Domotic – completely free
- Phone Books – completely free
- Bulk Extensions – completely free
Today we want to walk you through getting a VitalPBX server set up so that you can kick the tires for yourself. Down the road, we’ll demonstrate the ease with which you can add your own components including Incredible PBX® to the mix. If you are accustomed to setting up FreePBX-based Asterisk servers, then installation and configuration of VitalPBX will be a walk in the park. Currently, you install VitalPBX from an ISO so you have a choice of platforms: dedicated hardware, VMware ESXi, VirtualBox, or a limited number of cloud platforms such as Vultr that support custom ISO installs. Be sure to read our security warnings below before choosing a cloud-based platform without a hardware-based firewall.
A Word About Security. VitalPBX includes both an IPtables firewall configurator for firewalld and a Fail2Ban intrusion detection setup that is impressive. Having said that, the IPtables firewall is activated but allows unrestricted SIP and web access with no rules to thwart SipVicious-style attacks. Unless you’re an expert in firewall design, we strongly recommend deployment of VitalPBX on a private LAN behind a hardware-based firewall or home router with no port forwarding. That will block intrusion attempts without encountering NAT problems which VitalPBX and Asterisk 13 now handle with ease.
Getting Started. Begin by downloading the VitalPBX 2.0 ISO to your desktop. The ISO installation process is a traditional CentOS® 7 procedure so you can follow one of our existing VoIP tutorials to get things set up on the platform of your choice. Once the install finishes, use a web browser to access the IP address of your VitalPBX server. You’ll be prompted to set up an admin password for GUI access and then you register your server with Telesoft. Should you ever forget your admin password, here’s how to force a reset on your next login from a browser:
mysql ombutel -e 'update ombu_settings set value = "yes" where name = "reset_pwd"'
After logging in, you’ll be presented with the VitalPBX Dashboard:
Navigation Tips. The GUI is incredibly intuitive, but there’s always a learning curve with something new. We’ll save you a little stumbling around looking for things or wondering why your settings in the UI didn’t take. Here’s a quick cheat sheet. All of the UI features are housed under menus in the left column. When you choose an option, it opens a submenu. And, when you click + beside an item on the submenu, it exposes additional choices. For example, to work on Outbound Routes, you’d choose PBX, External +, Outbound Routes:
Two other important icons are housed in the upper right corner of the GUI. Whenever you add or make changes to settings in the GUI, you need to reload the Asterisk dialplan by clicking on (1) the flashing icon. Otherwise, your settings will not be available. Ask us how we know. 🙂
After you add a new extension, trunk, or route, you’ll see (2) the four-bar icon which you click to access existing settings which you’ve already entered. Otherwise, you’ll be staring at a blank screen without your new entries. There’s nothing more disconcerting than adding a few extensions only to have them disappear the next time you navigate to PBX:Extensions. 🙂
Finally, at the top of the center panel of the GUI, VitalPBX (literally) keeps tabs on items you’ve recently worked on. It makes it extremely convenient to return to the item without having to once again drill down through the menus:
Initial Setup. As with most PBXs, the initial setup involves creating some Extensions, connecting some Trunks, and setting up Outbound and Inbound Routes to process calls to and from your PBX. The other hundreds of features are pure gravy which you can explore at your leisure. If we covered them all, you’d be reading a book instead of an article.
Extension Setup looks like this using VitalPBX to generate the extension password:
Trunk Setup. You can use Google Voice with the Simonics GV/SIP Gateway for free calling in the U.S. and Canada. There is a one-time setup charge of $4.99 if you follow this Nerd Vittles link. We recommend using Google Voice for outbound calls where possible. Then, for inbound calls and redundancy, add a separate trunk with a customized DID from a provider such as our platinum sponsor, Vitelity. See the end of this article for a deal you can’t refuse. The VitalPBX Trunk setup in PBX:External:Trunks:SIP would look like the following for the Simonics GV/SIP gateway:
Outbound Route Setup is virtually identical to the FreePBX format. Here’s a typical Google Voice route to let users dial 10-digit numbers while letting Google discard expensive NANPA calls to problematic area codes in the Caribbean and elsewhere. We actually recommend adding a second Dial Pattern for 1NXXNXXXXXX so that calls dialed with both 10 and 11-digits are supported. This will also facilitate implementation of some of the Incredible PBX add-ons down the road.
Inbound Route Setup also is similar to FreePBX. A default route can be configured by simply defining the Route Description as Default and specifying a Destination for all incoming calls that don’t otherwise have a matching inbound route.
Email Configuration. One of the other things you’ll want to get working is email delivery for Voicemails. The VitalPBX solution is the best in the business. It supports Gmail as a RelayHost out of the box. For residential users where your ISP blocks downstream SMTP mail servers, this is a godsend. Setup couldn’t be easier. Navigate to Admin:System Settings:Email Settings. For Server, click Use External Mail Server. For Provider, click Gmail and enter your full Gmail account name and password. Click Save and Reload your Dialplan. Then send yourself a test message by entering an email address and clicking the Envelope icon.
Updating Time Zone. If the date command incorrectly displays the time on your server, you can change it with the following commands using your correct zone in the second command:
timedatectl list-timezones timedatectl set-timezone America/New_York
What’s Next? You now have a perfectly functioning PBX. Connect one or more softphones or SIP phones, and you’re ready to go. As we mentioned at the outset, the next step is to explore all of the menu options and review the VitalPBX Reference Guide. It really is a book!
The Fun Stuff. The icing on the VitalPBX cake is the add-on applications. Some are free, some are limited in some way, and some are commercial. You can review what’s available here. Then load the currently available listing into the GUI by choosing Admin:Add-ons:Add-ons:Check Online. To get started, install Bulk Extensions (free), Custom Contexts (one free context or $50 for unlimited), and Phone Books (free). Once you’ve installed all three, refresh your browser and go to PBX:Applications:Custom Contexts.
Step #1. Set up a Custom Context like this. Then click Save/Update and Reload Dialplan.
Step #2. Adjust Destination of Inbound Route to point to Incredible PBX Custom Context.
Step #3. From the Linux CLI while logged in as root, use nano to create the following file: /etc/asterisk/ombutel/extensions__80-1-incrediblepbx.conf:
[incrediblepbx] exten => s,1,Answer exten => s,n,NoOp(My custom context) exten => s,n,Dial(SIP/701,30) exten => s,n,return()
Step #4. Reload your Asterisk dialplan: asterisk -rx "dialplan reload"
Step #5. Place a call to an incoming trunk on your PBX while watching the Asterisk CLI. The tail of the incoming call should look something like the following which shows the incoming call directed to the Custom Context and from there to extension 701.
Now that you understand the VitalPBX theory behind Custom Contexts, you’ll be ready to dive into Incredible PBX applications which will be coming soon to a VitalPBX platform near you.
NOV. 1 UPDATE: IBM has moved the goal posts effective December 1, 2018:
Homework. Yes. Everyone needs a little homework once in a while. Before our next chapter in the VitalPBX saga, you’re going to need an IBM Cloud account with access to Watson TTS and Watson STT. It’s free. These services will be used for the Incredible PBX TTS and Voice Recognition apps for Asterisk including News and Weather reports as well as Voice Dialing with AsteriDex. This Nerd Vittles tutorial will walk you through getting your IBM account set up. Don’t install any of the scripts in that tutorial. We’ll have fresh ones in coming weeks customized for VitalPBX. For home and SOHO use, both IBM access and our scripts are FREE.
Coming Attractions. We’ve set up a VitalPBX demo server with VMware ESXi running on our private LAN. Most of the Incredible PBX demo applications already are operational, and you’re more than welcome to try them out by calling the IVR at 1-843-606-0555. Many of these apps make use of the IBM Cloud services for voice recognition and text-to-speech content rendering so you can preview what you’ll be getting in our next VitalPBX chapter.
- 0. Chat with Operator — connects to extension 701
- 1. AsteriDex Voice Dialer – say "Delta Airlines" or "American Airlines" to connect
- 2. Conferencing – log in using 1234 as the conference PIN
- 3. Wolfram Alpha Almanac – say "What planes are flying overhead"
- 4. Lenny – The Telemarketer’s Worst Nightmare
- 5. Today’s News Headlines — courtesy of Yahoo! News
- 6. Weather by ZIP Code – enter any 5-digit ZIP code for today’s weather
- 7. Today in History — courtesy of OnThisDay.com
- 8. Chat with Nerd Uno — courtesy of SIP URI connection to 3CX iPhone Client
- 9. DISA Voice Dialer — say any 10-digit number to be connected
- *. Current Date and Time — courtesy of VitalPBX
Continue Reading:
Introducing the Incredible PBX Custom Context for VitalPBX
VitalPBX in the Cloud: Two $6/month Providers with Backups
VitalPBX Security: Firewall, PortKnocker, & NeoRouter VPN
VitalPBX on the Desktop: Introducing VitalPBX for VirtualBox
Originally published: Monday, March 19, 2018
Got Friends? 7 Countries Have Never Visited Nerd Vittles. 2018 Is Calling! https://t.co/wMfmlhAr16 #asterisk #freepbx #wazo #issabel #IncrediblePBX #3CX pic.twitter.com/kAmAEnwVIw
— Ward Mundy (@NerdUno) January 9, 2018
Need help with VitalPBX? Visit the VitalPBX Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Beginner’s Navigation Guide to VoIP PBXs and Nerd Vittles
Here at Nerd Vittles, we cover a lot of VoIP territory over the course of a year. To kick off the new year, we thought it might be helpful for those just beginning their VoIP adventure to sketch out the VoIP lay of the land for you. We’re assuming that you came to our site because you wanted a VoIP solution that gives you something to play with and to learn from. That’s not for everybody, and there are less flexible, turnkey VoIP solutions that function pretty much like a toaster. At the top of that short list would be the Ooma Telo and OBi200. Both offer (almost) free calling in the U.S. and Canada.
Keep in mind that all of us started as beginners so there’s no reason to be intimidated if you choose to deploy your own PBX. We’ve gotten a dozen years of enjoyment out of our adventures with VoIP telephony, and there’s no reason you can’t do the same. Let’s begin.
Choosing a Hardware Platform for Your VoIP PBX
First, you’ll need to choose a platform for your VoIP-based PBX: dedicated hardware, virtual machine, or cloud-based PBX. In no small part, this choice depends upon the target audience for your PBX. If it’s for home use or a SOHO business, a $35 Raspberry Pi may suffice. On the other hand, if your PBX will be supporting more than a dozen users or more than a handful of simultaneous calls, we’d look elsewhere. Many of Intel’s Atom-based PCs work very well. And a VirtualBox virtual PBX running atop an iMac or beefy Dell PC can support dozens of users if you have the necessary Internet bandwidth to handle your call volume. Cloud-based servers come in all shapes and sizes as well. As prices have plummeted, cloud solutions have become our favorite. For $3 to $6 a month, you now can host your PBX in the cloud with automatic image backups of your entire server every week. If you’re willing to forfeit backups, here is a cloud solution that will only set you back about a dollar a month. If your server is primarily for business use, we strongly recommend our Platinum Sponsor, RentPBX, that offers dozens of VoIP choices for $14.99 a month with coupon code: NOGOTCHAS.
Choosing the Best PBX to Meet Your Requirements
Once you’ve nailed down your hardware platform, the next step is choosing an operating system and PBX to support your individual requirements. As you might have guessed, there are dozens from which to choose. In both the open source and commercial PBX world, most systems require a specific version of Linux so your operating system choice typically is dependent upon the PBX you choose. In the open source world, the PBX learning curve is often related to the feature set being offered. More sophisticated feature sets typically have a steeper learning curve. If you’re just getting started with VoIP and you want a platform for learning, experimenting, or home use, you can’t beat Incredible PBX 13-13 Whole Enchilada. It was designed by us to be a turnkey PBX for first-time users with rock-solid security and all of the features you will ever need. It includes 31 applications for Asterisk® that cover every imaginable function that can be performed with a telephone including faxing, voice dialing, SMS messaging, wakeup calls and telephone reminders, free calling, conferencing, text-to-speech applications such as News Headlines and Weather Forecasts, Wolfram Alpha for Siri-like queries, plus all the usual PBX features: blacklists, call forwarding, call waiting, call transfer, call parking, call recording, intercom, voicemail including voicemail transcription with email delivery, IVRs, paging, AutoAttendants, DISA, and many more.
If you’re an experienced Asterisk developer that just wants a lean PBX where you can customize it to meet individual customer’s requirements, then Incredible PBX 13-13 Lean should be just the ticket. All of its components are configurable including Asterisk which can be recompiled from the included source code.
At the sophisticated end of the spectrum is Incredible PBX for Wazo which is based upon the Wazo PBX, an Asterisk 15 realtime implementation with full support for High Availability redundancy, multi-party videoconferencing, WebRTC, and automatic nightly backups. It includes API libraries from which you literally can build your own customized PBX from the ground up. The Incredible PBX feature set provides a platform with virtually identical applications to those found in Incredible PBX 13-13.
Sandwiched in between Incredible PBX 13-13 and Incredible PBX for Wazo is Incredible PBX 13 for Issabel. Issabel is an enhanced fork of the previous Elastix 4.0 PBX. The 2018 release includes Asterisk 13, the LTS version of the Asterisk platform. With the new Incredible PBX 13 add-on, you get the best of all worlds with Google Voice support and dozens of applications for Asterisk. Issabel provides a Unified Communications platform that is second to none in the open source world.
Thus far, all of our recommendations have been to open source, GPL-licensed PBX platforms. But you’d be making a mistake to limit your search for business telephony platforms to open source offerings. Our corporate sponsor, 3CX, offers a full year of their commercial PBX running in the Google Cloud at no cost. It’s incredibly simple to install and configure. And the beauty of the 3CX commercial platform is it can scale to any size as your business grows. And the 3CX feature set can be expanded geometrically as your business requirements mature. We added free text-to-speech applications for News and Weather reports just last week. Our favorite open source deployment strategy is to install a 3CX PBX alongside Incredible PBX which yields literally the best of both worlds. The 3CX clients for Windows and Macs, Android, and iOS make VoIP telephony available from anywhere with a couple of button clicks, and 3CX users experience none of the traditional communications problems that invariably crop up on platforms deployed by novice VoIP users running Asterisk.
Getting Started with Extensions, Trunks, and Routes
The Big 3 when it comes to PBX configuration are extensions, trunks, and routes. Extensions carry calls between phones on the PBX and other phones either inside or outside your home or office. Trunks actually provide the links between your PBX and the outside telephony world. Inbound routes tell your PBX where to send incoming calls while Outbound routes tell your PBX which trunk to use when calls are made to numbers outside your PBX. We’ve covered this in more detail including dozens of trunk setups in this Nerd Vittles tutorial.
Making Free U.S./Canada Calls within the United States
There are three ways to make free calls using your PBX. If you’re in the United States, you can use Google Voice to make free calls to the U.S. and Canada if your PBX supports Google Voice trunks, e.g. Incredible PBX 13-13 Whole Enchilada and Incredible PBX for Issabel. An alternative, if your PBX does not directly support Google Voice trunks, e.g. Incredible PBX for Wazo and 3CX, is to use the Simonics SIP to Google Voice Gateway service. For Nerd Vittles users, there is a one-time $4.99 signup fee with no additional charges ever. Whether you live in the U.S or not, all the PBXs we’ve covered today can make free SIP calls to anyone in the world that has a SIP URI address and a SIP phone. Most SIP softphones are free.
Mastering the Incredible PBX Feature Set
Configuring the Travelin’ Man 3 Firewall
All Incredible PBX servers include a firewall that is configured automatically as part of the installation process. On the 3CX platform, you’ll need to add the Travelin’ Man 3 firewall after installing your 3CX PBX. Here’s how:
Configuring a Firewall WhiteList:
WhiteListing Users with Travelin’ Man 3 and IPtables Firewall
Learning to Build Effective IVRs
Interactive Voice Response (IVR) systems and AutoAttendants are the bread-and-butter applications for businesses. If you’ve ever called a business and actually spoken to a live person without encountering an IVR, lucky you! But, believe it or not, IVRs can actually be a useful tool including our Stealth AutoAttendant which lets you intercept incoming calls with a greeting which provides a slight delay to allow the caller (or you) to reroute the call to a specific destination before the default destination kicks in. Nerd Vittles and the Incredible PBX offerings provide all of the tools you’ll need to build any type of IVR imaginable. Mastering Allison Smith’s Top 15 is an excellent starting point.
Harnessing Nerd Vittles Resources
Google is your friend when it comes to finding tutorials of interest in the VoIP world. To narrow searches to just Nerd Vittles, use the following syntax:
stealth autoattendant site:nerdvittles.com
And the Nerd Vittles site itself provides several powerful ways to drill down into topics of interest. In the upper right column of any article, you’ll find a search function which will return a list of matching articles to peruse. At the bottom of every article, check out the all-new Articles of Interest section of Nerd Vittles arranged by topic. Also in the right column of Nerd Vittles, you’ll find a listing of Categories with Nerd Vittles articles conveniently grouped by topic. And, finally, you can quickly jump to the lead article on every major Incredible PBX implementation in the color-coded tabs labeled: GPL VOIP SOLUTIONS FOR ALL.
Happy New Year!
Originally published: Monday, January 1, 2018
Support Issues. With any application as sophisticated as a VoIP PBX, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk and 3CX gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.
NEW YEAR’S TREAT: If you could use one or more free DIDs in the U.S. with unlimited inbound calls and unlimited simultaneous channels, then today’s your lucky day. TelecomsXChange and Bluebird Communications have a few hundred thousand DIDs to give away so you better hurry. You have your choice of DID locations including New York, New Jersey, California, Texas, and Iowa. The DIDs support Voice, Fax, Video, and even Text Messaging (by request). The only requirement at your end is a dedicated IP address for your VoIP server. Once you receive your welcome email with your number, be sure to whitelist the provider’s IP address in your firewall. For Incredible PBX servers, use add-ip to whitelist the UDP SIP port, 5060, using the IP address provided in your welcoming email.
Here’s the link to order your DIDs.
Your DID Trunk Setup in your favorite GUI should look like this:
Trunk Name: IPC
Peer Details:
type=friend
qualify=yes
host={IP address provided in welcome email}
context=from-trunk
Your Inbound Route should specify the 11-digit DID beginning with a 1. Enjoy!
Need help with Asterisk or 3CX? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Free Asterisk Solutions
