Home » Posts tagged 'asterisk' (Page 21)
Tag Archives: asterisk
Interconnecting a Mobile PBX to the Asterisk Mothership
The Holy Grail for a mobile VoIP solution is a simple way to connect back to your primary Asterisk® PBX via Wi-Fi from anywhere in the world to make and receive calls as if you never left. Let’s tick off the potential problems. First, many home-based PBXs are sitting behind NAT-based routers. Second, almost all remote Wi-Fi connections are made through a NAT-based router. Third, chances are the remote hosting platform blocks outgoing email from downstream servers such as a mobile PBX. Fourth, deciphering the IP address of your remote connection can be problematic. Fifth, the chances of experiencing one-way audio or no audio on your VoIP calls is high because of NAT-based routers at both ends of your connection.
Last week we introduced OpenVPN as a solution for those with multiple VoIP sites to interconnect. But there’s a much simpler solution for those that travel regularly and want to avoid the complexity of configuring OpenVPN. Here is a quick thumbnail of the setup we recommend as your mobile companion, and you’ll never have a one-way audio problem again. In terms of hardware, you’ll need a Raspberry Pi 3B+ with its native WiFi support and a Windows or Mac notebook computer for traveling. You’ll also need a NeoRouter VPN server to make this process seamless. If you’ve already set up an OpenVPN server platform, it will work equally well. One advantage of NeoRouter is that clients can be added from the client side without having to create a config file on the VPN server. All you need is a username and password. But the choice of VPN platform is totally a matter of preference. The objective using either OpenVPN or NeoRouter is secure communications to your home base. We don’t want to have to reconfigure either your home PBX or your traveling PBX or your notebook PC based upon changes in your public and private IP addresses.
Today we’ll walk you through the easiest way to set up a (free) NeoRouter server on the Internet. It can be used to connect up to 254 devices on an encrypted private LAN. We’re delighted to have finally found a perfect use for the (free) Google Cloud instance.
Using a RaspberryPi 3B+, build an Incredible PBX 13-13.10 platform by following our previous tutorial. We’ll set this up on your home WiFi network so that you only have to throw the Raspberry Pi and its power supply in your suitcase when you travel. As part of the setup, we’ll download NeoRouter and activate private IP addresses for your notebook computer as well as both of your PBXs (using nrclientcmd
). Next, we’ll interconnect the two PBXs using SIP trunks and the NeoRouter private LAN IP addresses. We’ll take advantage of a neat little Raspberry Pi trick by storing a wpa_supplicant.conf
template on your PC for the remote WiFi setup even though we don’t yet know anything about the remote LAN. Once we know the SSID and password at the remote destination, we’ll use your notebook computer to edit the template and transfer the file to the /boot folder of your RasPi’s microSD card. When the card then is inserted and the RasPi is booted, it will automatically move the template to the proper /etc/wpa_supplicant folder to successfully activate your WiFi connection. We’ll also load links, a fast text-based browser, just in case you encounter a hotel that requires some sort of acknowledgement or password before establishing your WiFi connection to the Internet.
Setting Up a (free) NeoRouter Server in the Cloud
Because NeoRouter uses a star-based VPN architecture, that means the NeoRouter Server must always be available at the same IP address for all of the NeoRouter Clients (aka Nodes) to talk to. If you already have a cloud-based server that has a static IP address and can handle the traffic cop duties of NeoRouter Server, then that’s an ideal place to install NeoRouter Server. Simply download the Free flavor of NeoRouter Server that matches your existing platform and install it. Add an FQDN for your server’s IP address, and you’re all set. A detailed summary of available management options is included in our previous NeoRouter v2 article.
We devoted a couple weeks to Google Cloud instances last month, and it turned out to be a pretty awful platform for hosting Asterisk. But the free offering looks to be a perfect fit as a hosting platform for NeoRouter Server. You also won’t have to worry about Google going out of business anytime soon. So let us walk you through an abbreviated setup process on the Google Cloud platform. If you’re just getting started with Google Cloud, read our previous article to take advantage of Google’s generous $300 offer to get you started and to generally familiarize yourself with the mechanics of setting up an instance in the Google Cloud.
For NeoRouter Server, navigate to https://console.cloud.google.com. Click the 3-bar image in the upper left corner of your Dashboard. This exposes the Navigation Menu. In the COMPUTE section of the Dashboard, click Compute Engine -> VM Instances. Then click CREATE PROJECT and name it. Now click CREATE INSTANCE and Name it nrserver. The instance name becomes the hostname for your virtual machine. If you want to remain in the Free Tier, choose f1-micro instance as the Machine Type and choose a U.S. Region (us-central1, us-east1 or us-west1). For the Boot Disk, choose CentOS 6 and expand the disk storage to at least 20GB (30GB is available with the Free Tier). For the Firewall setting, leave HTTP and HTTPS disabled. Check your entries carefully and then click the Create button.
When your virtual machine instance comes on line, jot down the assigned public IP address. We’ll need it in a minute. Now click on the SSH pull-down tab and choose Open in a Browser Window. Now we need to set a root password and adjust the SSH settings so that you can login from your desktop computer using SSH or Putty:
sudo passwd root su root nano -w /etc/ssh/sshd_config
When the editor opens the SSH config file, add the following entries. Then save the file and restart SSH: service sshd restart
PermitRootLogin yes PasswordAuthentication yes
You now should be able to log in to your instance as root from your desktop computer using SSH or Putty. Test it to be sure: ssh root@server-IP-address
Before we leave the Google Cloud Dashboard, let’s make the assigned public IP address permanent so that it doesn’t get changed down the road. Keep in mind that, if you ever delete your instance, you also need to remove the assigned static IP address so you don’t continue to get billed for it. From Home on the Dashboard, scroll down to the NETWORKING section and choose VPS Network -> External IP Addresses. Change the Type of your existing address to Static and Name it staticip. Next, choose Firewall Rules in the VPS Network section and click CREATE FIREWALL RULE. Fill in the template like the following leaving the other fields with their default entries. Then click CREATE.
- Name: neorouter
- Target Tags: neorouter
- Source IP Range: 0.0.0.0/0
- Protocols/Ports: check tcp: 32976
CAUTION: Before this firewall rule will be activated for your instance, it also must be specified in the Network Tags section for your instance. Shut down your instance and add the neorouter tag by editing your instance. Then restart your instance.
Now we’re ready to install NeoRouter Free v2 Server on your instance. Be sure to choose the Free v2 variety. Log back into your server as root using SSH/Putty and issue these commands:
yum -y update yum -y install nano wget http://download.neorouter.com/Downloads/NRFree/Update_2.3.1.4360/Linux/CentOS/nrserver-2.3.1.4360-free-centos-x86_64.rpm rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm /etc/rc.d/init.d/nrserver.sh restart nrserver -setdomain <DOMAINNAME> <DOMAINPASSWORD> nrserver -adduser <USERNAME> <PASSWORD> admin nrserver -enableuser <USERNAME> nrserver -showsettings
Finally, add the following command to /etc/rc.local so that NeoRouter Server gets started whenever your instance is rebooted:
echo "/etc/rc.d/init.d/nrserver.sh start" >> /etc/rc.local
Installing Incredible PBX 13-13.10 on a Raspberry Pi
Configuring NeoRouter Client on Your Computers
On Linux-based (non-GUI) platforms, setting up the NeoRouter Client is done by issuing the command: nrclientcmd
. You’ll be prompted for your NeoRouter Server FQDN as well as your username and password credentials. Perform this procedure on both your home PBX and the Raspberry Pi.
To add your Windows or Mac notebook to the NeoRouter VPN, download the appropriate client and run the application which will prompt for your NeoRouter Server FQDN as well as your NeoRouter credentials. Once completed, you should see all three machines in your NeoRouter Free Client Dashboard: your PC as well as your home PBX and Raspberry Pi-based Incredible PBX. Make note of the private VPN addresses (10.0.0.X) of both your home PBX and your Raspberry Pi. These VPN addresses never change, and we’ll need them to interconnect your PBXs and to set up a softphone on your notebook computer.
Admininistrative Tools to Manage NeoRouter
Here are a few helpful commands for monitoring and managing your NeoRouter VPN.
To access your NeoRouter Linux client: nrclientcmd
To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart
To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart
To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword
For a list of client devices: nrserver -showcomputers
For a list of existing user accounts: nrserver -showusers
For the settings of your NeoRouter VPN: nrserver -showsettings
To add a user account: nrserver -adduser username password user
To add admin account: nrserver -adduser username password admin
For a complete list of commands: nrserver –help
Interconnecting Your Raspberry Pi and Home PBX
To keep things simple, our setup examples below assume the following NeoRouter VPN addresses: Home PBX (10.0.0.1) and Raspberry Pi (10.0.0.2). Using a browser, you’ll need to login to the GUI of your Home PBX and Raspberry Pi and add a Trunk to each PBX. Be sure to use the same secret on BOTH trunk setups. We don’t recommend forwarding incoming calls from your Home PBX to your Raspberry Pi because most folks won’t be sitting in their hotel room all day to answer incoming calls. Instead, add the number of your smartphone to a Ring Group on the Home PBX and don’t forget the # symbol at the end of the number. On the Raspberry Pi side, we are assuming that whenever a call is dialed from a registered softphone with the 9 prefix, the call will be sent to the Home PBX for call processing (without the 9). For example, 98005551212 would send 800-555-1212 to the Home PBX for outbound routing and 9701 would send 701 to the Home PBX for routing to the 701 extension. You can obviously adjust your dialplan to meet your own local requirements.
On the Home PBX, the chan_sip trunk entries should look like this:
Trunk Name: raspi-remote PEER DETAILS host=10.0.0.2 type=friend context=from-internal username=home-pbx fromuser=home-pbx secret=some-password canreinvite=no insecure=port,invite qualify=yes nat=yes
On the Raspberry Pi, the chan_sip trunk entries should look like this:
Trunk Name: home-pbx PEER DETAILS host=10.0.0.1 type=friend context=from-internal username=raspi-remote fromuser=raspi-remote secret=some-password canreinvite=no insecure=port,invite qualify=yes nat=yes
On the Raspberry Pi, add an Outbound Route named Out9-home-pbx pointed to home-pbx Trunk with the following Dial Patterns. For each Dial Pattern, prepend=blank and prefix=9:
dial string: 1NXXNXXXXXX dial string: NXXNXXXXXX dial string: *98X. dial string: XXX dial string: XXXX dial string: XXXXX
Tweaking Your Raspberry Pi for WiFi Mobility
wpa_supplicant.conf
config file to the /boot directory on the card once you arrive at your destination and know the SSID and password of the local WiFi network. When the Raspberry Pi is subsequently booted, the operating system will move the config file to the /etc/wpa_supplicant directory so that your WiFi network will come on line. Here’s what a typical wpa_supplicant.conf
file should look like using your actual credentials. The last network section handles open WiFi network connections (think: McDonald’s) if you want to enable them:
country=US update_config=1 network={ ssid="your-SSID" psk="your-SSID-password" key_mgmt=WPA-PSK scan_ssid=1 priority=5 } network={ key_mgmt=NONE priority=1 }
The other gotcha is that some public WiFi networks require some type of web login procedure before you can actually access the Internet even though an IP address may have been assigned to your Raspberry Pi. To handle this situation, you’ll need a text-based web browser on the Raspberry Pi that can be accessed through your notebook PC using SSH and your Raspberry Pi’s VPN address. Our favorite is links which can be installed on your Raspberry Pi before you pack up.
apt-get install links -y
Once you arrive at your destination, connect both your notebook PC and Raspberry Pi to the same WiFi network, login to the RasPi with SSH at the VPN address assigned to your RasPi, and run links
to start the browser. Press <esc> to access the links menu options. If you can’t access your RasPi at the VPN IP address, try its WiFi-assigned local IP address.
Adding a Softphone to Your Notebook PC
We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for an extension on your Raspberry Pi. Then enter the VPN IP address of your server plus your extension’s password. Click OK to save your entries.
If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.
Adding a Softphone to Your Smartphone
Enjoy your pain-free traveling!
Originally published: Monday, April 22, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
A New VPN for All Seasons: Introducing OpenVPN for Asterisk
This month marks our twentieth anniversary wrestling with virtual private networks. Here’s a quick walk down memory lane. Our adventure began with the Altiga 3000 series VPN concentrators which we introduced in the federal courts in 1999. It was a near perfect plug-and-play hardware solution for secure communications between remote sites using less than secure Windows PCs. Cisco quickly saw the potential, gobbled up the company, and promptly doubled the price of the rebranded concentrators. About 10 years ago, we introduced Hamachi® VPNs to interconnect Asterisk® and PBX in a Flash servers. At the time, Hamachi was free, but that was short-lived when they were subsequently acquired by LogMeIn®. What followed was a short stint with PPTP VPNs which worked great with Macs, Windows PCs, and many phones but suffered from an endless stream of security vulnerabilities. Finally, in April 2012, we introduced the free NeoRouter® VPN. Version 2 still is an integral component in every Incredible PBX® platform today, and PPTP still is available as well. While easy to set up and integrate into multi-site Asterisk deployments, the Achilles’ Heel of NeoRouter remains its inability to directly interconnect many smartphones and stand-alone SIP phones, some of which support the OpenVPN platform and nothing else.
The main reason we avoided OpenVPN® over the years was its complexity to configure and deploy.1 In addition, it was difficult to use with clients whose IP addresses were frequently changing. Thanks to the terrific work of Nyr, Stanislas Angristan, and more than a dozen contributors, OpenVPN now has been tamed. And the new server-based, star topology design makes it easy to deploy for those with changing or dynamic IP addresses. Today we’ll walk you through building an OpenVPN server as well as the one-minute client setup for almost any Asterisk deployment and most PCs, routers, smartphones, and VPN-compatible soft phones and SIP phones including Yealink, Grandstream, Snom, and many more. And the really great news is that OpenVPN clients can coexist with your current NeoRouter VPN.
Finally, a word about the OpenVPN Client installations below. We’ve tested all of these with current versions of Incredible PBX 13-13, 16-15, and Incredible PBX 2020. They should work equally well with other server platforms which have been properly configured. However, missing dependencies on other platforms are, of course, your responsibility.
Building an OpenVPN Server Platform
There are many ways to create an OpenVPN server platform. The major prerequisites are a supported operating system, a static IP address for your server, and a platform that is extremely reliable and always available. If the server is off line, all client connections will also fail. While we obviously have not tested all the permutations and combinations, we have identified a platform that just works™. It’s the CentOS 7, 64-bit cloud offering from Vultr. If you use our referral link at Vultr, you not only will be supporting Nerd Vittles through referral revenue, but you also will be able to take advantage of their $50 free credit for new customers. For home and small business deployments, we have found the $5/month platform more than adequate, and you can add automatic backups for an additional $1 a month. Cheap insurance!
To get started, create your CentOS 7 Vultr instance and login as root using SSH or Putty. Immediately change your password and update and install the necessary CentOS 7 packages:
passwd yum -y update yum -y install net-tools nano wget tar iptables-services systemctl stop firewalld systemctl disable firewalld systemctl enable iptables
We recommend keeping your OpenVPN server platform as barebones as possible to reduce the vulnerability risk. By default, this installer routes all client traffic through the VPN server which wastes considerable bandwidth. The sed commands below modify this design to only route client VPN traffic through the OpenVPN server.
cd /root curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh chmod +x openvpn-install.sh sed -i "s|\\techo 'push \\"redirect-gateway|#\\techo 'push \\"redirect-gateway|" openvpn-install.sh sed -i "s|push \\"redirect-gateway|#push \\"redirect-gateway|" openvpn-install.sh sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' openvpn-install.sh ./openvpn-install.sh
Here are the recommended entries in running the OpenVPN installer:
- Server IP Address: using FQDN strongly recommended to ease migration issues
- Enabled IPv6 (no): accept default
- Port (1194): accept default
- Protocol (UDP): accept default
- DNS (3): change to 9 (Google)
- Compression (no): accept default
- Custom encrypt(no): accept default
- Generate Server
- Client name: firstclient
- Passwordless (1): accept default
In the following steps, we will use IPtables to block all server access except via SSH or the VPN tunnel. Then we’ll start your OpenVPN server:
cd /etc/sysconfig wget http://incrediblepbx.com/iptables-openvpn.tar.gz tar zxvf iptables-openvpn.tar.gz rm -f iptables-openvpn.tar.gz echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p systemctl -f enable openvpn@server.service systemctl start openvpn@server.service systemctl status openvpn@server.service systemctl enable openvpn@server.service systemctl restart iptables
Once OpenVPN is enabled, the server can be reached through the VPN at 10.8.0.1. OpenVPN clients will be assigned by DHCP in the range of 10.8.0.2 through 10.8.0.254. You can list your VPN clients like this: cat /etc/openvpn/ipp.txt
. You can list active VPN clients like this: cat /var/log/openvpn/status.log | grep 10.8
. And you can add new clients or delete old ones by rerunning /root/openvpn-install.sh
.
For better security, change the SSH access port replacing 1234 with desired port number:
PORT=1234 sed -i "s|#Port 22|Port $PORT|" /etc/ssh/sshd_config systemctl restart sshd sed -i "s|dport 22|dport $PORT|" /etc/sysconfig/iptables systemctl restart iptables
04/16 UPDATE: We’ve made changes in the Angristan script to adjust client routing. By default, all packets from every client flowed through the OpenVPN server which wasted considerable bandwidth. Our preference is to route client packets destined for the Internet directly to their destination rather than through the OpenVPN server. The sed commands added to the base install above do this; however, if you’ve already installed and run the original Angristan script, your existing clients will be configured differently. Our recommendation is to remove the existing clients, make the change below, and then recreate the clients again by rerunning the script. In the alternative, you can execute the command below to correct future client creations and then run it again on each existing client platform substituting the name of the /root/.ovpn client file for client-template.txt and then restart each OpenVPN client.
cd /etc/openvpn sed -i 's|tls-client|tls-client\\npull-filter ignore "redirect-gateway"|' client-template.txt
Creating OpenVPN Client Templates
In order to assign different private IP addresses to each of your OpenVPN client machines, you’ll need to create a separate client template for each computer. You do this by running /root/openvpn-install.sh again on the OpenVPN server. Choose option 1 to create a new .ovpn template. Give each client machine template a unique name and do NOT require a password for the template. Unless the client machine is running Windows, edit the new .ovpn template and comment out the setenv line: #setenv. Save the file and copy it to the /root folder of the client machine. Follow the instructions below to set up OpenVPN on the client machine and before starting up OpenVPN replace firstclient.ovpn in the command line with the name of .ovpn you created for the individual machine.
Renewing OpenVPN Server’s Expired Certificate
The server certificate will expire after 1080 days, and clients will no longer be able to connect. Here’s what to do next:
systemctl stop openvpn@server.service cd /etc/openvpn/easy-rsa ./easyrsa gen-crl cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem systemctl start openvpn@server.service
Installing an OpenVPN Client on CentOS/RHEL
cd /root yum -y install epel-release yum --enablerepo=epel install openvpn -y # copy /root/firstclient.ovpn from server to client /root # and then start up the VPN client openvpn --config /root/firstclient.ovpn --daemon # adjust Incredible PBX 13-13 firewall below iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT cd /usr/local/sbin echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom
Running ifconfig should now show the VPN client in the list of network ports:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:9 errors:0 dropped:0 overruns:0 frame:0 TX packets:39 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:855 (855.0 b) TX bytes:17254 (16.8 KiB)
And you should be able to login to the VPN server using its VPN IP address:
# enter actual SSH port replacing 1234 PORT=1234 ssh -p $PORT root@10.8.0.1
Installing an OpenVPN Client on Ubuntu 18.04.2
cd /root apt-get update apt-get install openvpn unzip dpkg-reconfigure tzdata # copy /root/firstclient.ovpn from server to client /root # and then start up the VPN client openvpn --config /root/firstclient.ovpn --daemon # adjust Incredible PBX 13-13 firewall below iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT cd /usr/local/sbin echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom
Running ifconfig should now show the VPN client in the list of network ports:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:9 errors:0 dropped:0 overruns:0 frame:0 TX packets:39 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:855 (855.0 b) TX bytes:17254 (16.8 KiB)
And you should be able to login to the VPN server using its VPN IP address:
# enter actual SSH port replacing 1234 PORT=1234 ssh -p $PORT root@10.8.0.1
Installing an OpenVPN Client on Raspbian
Good news and bad news. First the bad news. Today’s OpenVPN server won’t work because of numerous unavailable encryption modules on the Raspberry Pi side. The good news is that NeoRouter is a perfect fit with Raspbian, and our upcoming article will show you how to securely interconnect a Raspberry Pi with any Asterisk server in the world… at no cost.
04/16 Update: We now have OpenVPN working with Incredible PBX for the Raspberry Pi. The trick is that you’ll need to build the latest version of OpenVPN from source before beginning the client install. Here’s how. Login to your Raspberry Pi as root and issue these commands:
apt-get remove openvpn apt-get update apt-get install libssl-dev liblzo2-dev libpam0g-dev build-essential -y cd /usr/src wget https://swupdate.openvpn.org/community/releases/openvpn-2.4.7.tar.gz tar zxvf openvpn-2.4.7.tar.gz cd openvpn-2.4.7 ./configure --prefix=/usr make make install openvpn --version
Now you should be ready to install a client config file, start up OpenVPN, and adjust firewall:
cd /root dpkg-reconfigure tzdata # copy /root/firstclient.ovpn from server to client /root # and then start up the VPN client openvpn --config /root/firstclient.ovpn --daemon # adjust Incredible PBX 13-13 firewall below iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT cd /usr/local/sbin echo "iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT" >> iptables-custom
Installing an OpenVPN Client on a Mac
While there are numerous OpenVPN clients for Mac OS X, none hold a candle to Tunnelblick in terms of ease of installation and use. First, create a new client config on your server and copy it (/root/*.ovpn) to a folder on your Mac where you can find it. Download Tunnelblick and install it. Run Tunnelblick and then open Finder. Click and drag your client config file to the Tunnelblick icon in the top toolbar. Choose Connect when prompted. Done.
Installing an OpenVPN Client for Windows 10
The installation procedure for Windows is similar to the Mac procedure above. Download the OpenVPN Client for Windows. Double-click on the downloaded file to install it. Create a new client config on your server and copy it (/root/*.ovpn) to a folder on your PC where you can find it. Start up the OpenVPN client and click on the OpenVPN client in the activity tray. Choose Import File and select the config file you downloaded from your OpenVPN Server. Right-click on the OpenVPN icon again and choose Connect. Done.
Installing an OpenVPN Client for Android
Our favorite OpenVPN client for Android is called OpenVPN for Android and is available in the Google Play Store. Download and install it as you would any other Android app. Upload a client config file from your OpenVPN server to your Google Drive. Run the app and click + to install a new profile. Navigate to your Google Drive and select the config file you uploaded.
Installing an OpenVPN Client for iOS Devices
The OpenVPN Connect client for iOS is available in the App Store. Download and install it as you would any other iOS app. Before uploading a client config file, open the OpenVPN Connect app and click the 4-bar Settings icon in the upper left corner of the screen. Click Settings and change the VPN Protocol to UDP and IPv6 to IPV4-ONLY Tunnel. Accept remaining defaults.
To upload a client config file, the easiest way is to use Gmail to send yourself an email with the config file as an attachment. Open the message with the Gmail app on your iPhone or iPad and click on the attachment. Then choose the Upload icon in the upper right corner of the dialog. Next, choose Copy to OpenVPN in the list of apps displayed. When the import listing displays in OpenVPN Connect, click Add to import the new profile. Click ADD again when the Profile has been successfully imported. You’ll be prompted for permission to Add VPN Configurations. Click Allow. Enter your iOS passcode when prompted. To connect, tap once on the OpenVPN Profile. To disconnect, tap on the Connected slider. When you reopen the OpenVPN Connect app, the OVPN Profiles menu will display by default. Simply tap once on your profile to connect thereafter.
Installing a Web Interface to Display Available Clients
One advantage of NeoRouter is a simple way for any VPN client to display a listing of all VPN clients that are online at any given time. While that’s not possible with OpenVPN, we can do the next best thing and create a simple web page that can be accessed using a browser but only from a connected OpenVPN client pointing to http://10.8.0.1
.
To set this up, log in to your OpenVPN server as root and issue the following commands:
yum --enablerepo=epel install lighttpd -y systemctl start lighttpd.service systemctl enable lighttpd.service chown root:lighttpd /var/log/openvpn/status.log chmod 640 /var/log/openvpn/status.log cd /var/www rm -rf lighttpd wget http://incrediblepbx.com/lighttpd.tar.gz tar zxvf lighttpd.tar.gz ln -s /var/log/openvpn/status.log /var/www/lighttpd/status.log sed -i 's|#server.bind = "localhost"|server.bind = "10.8.0.1"|' /etc/lighttpd/lighttpd.conf systemctl restart lighttpd.service
Latest VPN Security Alerts
https://nakedsecurity.sophos.com/2019/04/16/security-weakness-in-popular-vpn-clients/
Originally published: Monday, April 15, 2019 Updated: Saturday, February 29, 2020
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- Our discussion today is focused on the free, MIT-licensed version of OpenVPN. For details on their commercial offerings, follow this link. [↩]
Finding Utopia: In Search of the Perfect VoIP Server Platform
Over the past decade, there is no subject that we have devoted more resources to than searching for the best platform on which to run a VoIP server. While our experience primarily has focused on finding the perfect fit for Incredible PBX®, much of what follows applies equally to any other Linux-based VoIP server including Wazo, Issabel, VitalPBX, and 3CX. Today we’d like to share what we’ve learned. Incredible PBX is a complex application. With close to a thousand moving parts, it requires major computing resources to support not only Asterisk® and FreePBX® but also an Apache web server, a MySQL database server, a SendMail server, a HylaFax server, and a Linux firewall with both IPtables and Fail2Ban.
Let’s begin by ticking off the platforms that Incredible PBX currently supports. These include stand-alone dedicated hardware from beefy Dell servers to the Intel NUC and Raspberry Pi. Then there are the virtual machine platforms including VirtualBox, VMware ESXi, and Proxmox. In the Cloud space we’ve covered the stratosphere from the high end with $25/month Google Cloud and Amazon EC2 instances to the dedicated $15/month VoIP platform with RentPBX to the $5/month KVM platforms including Digital Ocean and Vultr to the $2.25/month OVH KVM offering to the $1/month OpenVZ providers including HostedSimply, HostFlyte, Hosting73, HostBRZ, SnowVPS, and AlphaRacks. Have there been some train wrecks along the way? Absolutely. Just search the PIAF Forum for the threads on CloudAtCost, WootHosting, and HiFormance for the war stories and our battle scars. We would be remiss if we didn’t thank the dozens of PIAF Forum volunteers who have endured years of suffering at the hands of some of these providers to make today’s article possible.
So what have we learned? Unless you’re building a VoIP platform as a tinkerer to support just your family, there is zero reason to choose dedicated hardware. And, for home use, with the availability of the $35 Raspberry Pi 3B+, buying a beefier piece of hardware to host your VoIP platform makes no sense. Not only will it be considerably more expensive both to purchase and to operate, but the performance of your VoIP server will be indistinguishable from what you’d see using a Raspberry Pi 3B+. Exhibit A is our $125 RasPi WiFi setup for traveling.
The downsides of dedicated hardware are numerous. In addition to the expense of the platform itself and the monthly cost of electricity, there also are other challenges. First, outages from most Internet service providers are frequent occurrences of unpredictable duration. Second, ISPs typically provide a dynamic IP address which is not a good fit for VoIP platforms that rely upon your IP address to reliably make and receive VoIP calls. Third, making backups using dedicated hardware is typically more expensive and less frequent than performing similar tasks with a cloud-based server. Recovery is easy with a spare SD card.
The virtual machine platforms certainly have their place in the corporate world. And, if your company already has a server farm full of VMware servers, then taking advantage of that platform to host your PBX makes perfect sense. Performance will probably never be an issue, and you’ll avoid the task of babysitting the hardware leaving that to a staff of dedicated employees. And, hopefully, someone else is making frequent backups of your VoIP server. For home users that already have a beefy desktop machine, a VirtualBox-based PBX is certainly an option worth considering although it again puts you in the driver’s seat of dealing with backups, Internet outages, and performance hiccups when your desktop machine is being used for tasks that consume substantial computing resources.
If you haven’t already guessed, our recommended VoIP platform will almost always be cloud-based. Not only does it offload most server and network management headaches, but more often than not, it’s a more dependable platform with better performance at a comparable or less expensive cost than using your own hardware. So here’s the Golden Nugget of our findings. When it comes to cloud providers, you can forget the old adage that you get what you pay for. You don’t. Our experience suggests it’s just the opposite when it comes to running a VoIP server. With cloud providers, what you typically get by paying more is an improvement in the odds that your provider will still be around when next year rolls around. Getting over that hurdle is simple. Make frequent backups. If there are a multitude of available providers offering similar services, backups are the best insurance you can have, and they cost you almost nothing. In fact, Incredible Backup handles the task with ease AND reliability. Once you get past the vendor longevity issue, the only things that really matter with a cloud platform are stability and performance. While the high-end providers certainly deliver stability, our experience suggests their performance is nothing short of abysmal unless you’re willing to pay through the nose. By way of example, our experimental Google Cloud server running as a $25/month Standard VPS instance with zero daily calls still receives regular alerts from Google recommending that the instance be upgraded to the next pricing tier which starts at $48.95/month. Performance-wise, our subjective comparison of the $25/month Google Cloud instance is virtually identical to what we are seeing on a stand-alone $35 Raspberry Pi. As a VoIP server platform, the so-called free tier with Google Cloud that provides 600K of RAM and a shared virtual CPU is laughable, and that’s being charitable.
We haven’t spent a lot of time using Amazon EC2 in the past couple years primarily because their platform was even more expensive than Google’s. But, if money is no object, it’s certainly a hosting platform worth exploring. For most VoIP applications, it doesn’t make good financial sense.
That narrows our search for the perfect VoIP platform down to two categories: the KVM and OpenVZ platforms. As a general rule of thumb, with a given provider’s offerings you can expect performance to be comparable but you typically will pay at least double for a KVM platform as opposed to an OpenVZ platform with similar RAM, storage, and bandwidth. In a nutshell, KVM servers provide your virtual machine with its own Linux kernel while OpenVZ servers share a kernel over which you have no control. If you run a VoIP application that requires kernel access, this matters. If you plan to expose your server to the public Internet, the KVM option also is desirable because it allows you to run ipset in conjunction with the Linux firewall to block entire countries from accessing your server. In the case of Incredible PBX servers which rely upon a firewall limiting access to whitelisted IP addresses, there is little reason to choose the KVM platform based solely upon performance or security.
The elephant in the room with providers below the Google and Amazon tier is reliability. In the case of Digital Ocean and Vultr, they both have been around for many years now with excellent ratings in virtually every category. Both provide financial support for our open source projects through referral revenue, but we’d use them anyway. The virtual machine pricing from the two companies is almost identical. Except for extremely busy VoIP implementations, their 1GB RAM offering has proven to be a perfect choice at $5 a month. If you don’t mind paying by the year, you can’t beat OVH’s current $2.25/month KVM offering with 2GB RAM and 20GB SSD. They, too, have been around for years. At one time or another, OVH hosted much of 3CX’s cloud infrastructure. All offer scaling options to meet even the most demanding requirements. On the D.O. and Vultr platforms, you can add automatic backups for an additional $1 a month (20% surcharge) which is dirt cheap insurance. We have run both Incredible PBX and 3CX servers on all of these platforms with no outages or other issues… and weekly backups. Both Digital Ocean and Vultr also provide excellent web tools to manage your server, and the chance of any of these providers going out of business is extremely remote. We highly recommend all of them.
FULL DISCLOSURE: We have no business relationship with OVH or any of the following VPS providers and receive no referral commissions of any kind from any of them.
For some users and especially those that just want to learn about VoIP and tinker, there is yet another tier of providers. At roughly $1/month, their VPS services are a fraction of the cost of Digital Ocean and Vultr, but backups become your responsibility and at least one previous provider that many of us used went out of business. Those without a backup lost everything.
Choosing one of these providers comes down to balancing the risks versus the financial savings. We have nearly a dozen of these $1/month servers in operation all across the United States. While the VPS providers are different, almost all of the servers are hosted by ColoCrossing in Los Angeles, New York, Chicago, Dallas, or Atlanta. These VPS providers typically rent machines directly from ColoCrossing, and the performance of their VPS offerings varies depending upon the number of users each provider authorizes on each server. Some are obviously more greedy than others. And we’ve actually done the hard work of finding the reliable ones while rejecting at least as many that proved to be pretty awful.
Server locations and special signup details for these VPS providers are documented in our previous article. Average cost is about $1/month on an annual contract with a 1Gbit port or *free 1Gbit port upgrade on request based upon LowEndBox offer. All offer money-back guarantees for at least 24 hours so you can do your own testing if you hurry. Protect yourself by paying with PayPal which gives you 6 months to dispute a charge if the provider happens to go belly up. NOTE: The sort order below reflects our subjective performance evaluation.
Provider | RAM | Disk | Bandwidth | Performance as of 12/1/19 | Cost |
---|---|---|---|---|---|
CrownCloud KVM (LA) | 1GB | 20GB + Snapshot | 1TB/month | 598Mb/DN 281Mb/UP 2CPU Core | $25/year Best Buy! |
Naranjatech KVM (The Netherlands) | 1GB | 20GB | 1TB/month | Hosting since 2005 VAT: EU res. | 20€/year w/code: SBF2019 |
BudgetNode KVM (LA) | 1GB | 40GB RAID10 | 1TB/month | Also available in U.K PM @Ishaq on LET before payment | $24/year |
FreeRangeCloud KVM (Ashburn VA, Winnipeg, Freemont CA) | 1GB | 20GB SSD | 3TB/month | Pick EGG loc'n Open ticket for last 5GB SSD | $30/year w/code: LEBEGG30 |
Do we recommend these providers? Absolutely, with a couple of caveats. First, there is no guarantee that one or more of them may not go out of business at some point. The odds of several of them going under at the same time are fairly slim since none are related that we’re aware of. Second, make frequent backups when you make changes to your PBX and copy the Incredible Backups to a different location. Third, bring up a second VPS platform in a different location and keep it current with your latest backup. You could bring up all six of these platforms for roughly the same monthly cost as one Digital Ocean or Vultr virtual machine that’s running with automatic backups. If you can’t afford a second $1/month VPS platform, then at least create a matching VirtualBox platform, restore your backup, and make sure it is functional before deploying your VPS in the Cloud. It’s in your hands now. Enjoy!
Originally published: Monday, April 8, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
A Better Way to Deploy Incredible PBX in the Google Cloud
Last week we introduced you to Incredible PBX 13-13.10 for the Google Cloud. This week we’ll take off the training wheels and show you how to deploy Incredible PBX in the Google Cloud in exactly 3 minutes using Google Cloud’s Image repository. And you can repeat the drill to deploy as many PBXs as you like at 3 minutes a pop. If you’re still cruising along on your $300 credit from Google, then your PBX should be cost-free for the entire first year. After that, you can decide which Google Cloud Machine Type best meets your requirements and those of your wallet. The free tier is an option, but don’t expect much more performance-wise than what you’d get with the original Raspberry Pi. As the saying goes, "It ain’t pretty, but it works." We would encourage you to move up to the Standard machine type for consistent performance.
Before we get started, let us just offer a little constructive criticism regarding Google’s methodology. If a developer builds an application as we have and wants to make it publicly available at no cost, wouldn’t it make sense to allow the developer to host the image in the Google Cloud (for a fee) so that other users could quickly deploy it on their own Google Cloud platforms? That apparently makes too much sense so Google requires you to jump through all sorts of hoops to use free software unless we’re willing to type in the Google email address of every user authorized to deploy the software. Sorry but we’ve got better ways to waste our time. This is the corporate mentality run amuck. Don’t Be Evil, Google. Remember?
So here’s the drill to get you to the place that Google already should have provided. Download the 3GB tarball image to your desktop from SourceForge. After you’ve created your Google Cloud account, create a Bucket (storage locker) on the platform to house your files and upload the tarball into your own Bucket. Next, transform the tarball into what Google calls an Image that can be used to quickly build VM Instances (5 minutes). Finally, start up the instance. The Incredible PBX installer will work its magic letting you set your passwords, and then your PBX platform is ready for use (3 minutes). The real install time is under 10 minutes, but Google has managed to turn it into a project of an hour or more depending upon the speed of your Internet connection. Our apologies, but it beats the tedium of last week’s methodology.
Downloading Incredible PBX for the Google Cloud
Unlike Google and to its eternal credit, SourceForge still hosts open source projects with tarballs of enormous size which can be downloaded at no cost other than what your Internet service provider may charge for bandwidth. Begin your Incredible PBX adventure by downloading the tarball image (3GB) which was designed specifically for the Google Cloud. Depending upon the speed of your Internet connection, this takes some time. Here’s the link.
Creating a Google Cloud Account
If you haven’t already done so, hop over to https://cloud.google.com/free and claim your $300 credit by signing up for a Google Cloud account.
Creating a Bucket in the Google Cloud
To begin, log in to your Google Cloud Console using your Google credentials. If you haven’t already done so, Create a Project from your Dashboard. This Project will house your Compute Engine VM Instances. In Plain English, a Google Cloud VM Instance is nothing more than an application that happens to run in the Google Cloud.
Next, click on the 3-bar image in the upper left corner of your Dashboard. This exposes the Navigation Menu. Scroll down to the STORAGE section and choose Storage -> Browser.
Click on the CREATE BUCKET button. When the dialog window opens, Name your bucket something unique and creative in lower case letters. Fill in the rest of the form as shown and choose the Region in which you want to store your stuff. Then click Create.
Uploading Incredible PBX into Google Cloud Bucket
Once you have created your Bucket, the Bucket Details dialog will open. Click on the Upload Files tab and choose the Incredible PBX tarball that you downloaded from SourceForge. Or you can simply drag the file to the area reserved for uploads in the dialog window.
Once the file upload completes, the Browser window will appear displaying your Bucket. You can click on the Bucket name to display the files in your Bucket which should now include the uploaded Incredible PBX tarball:
Transforming Incredible PBX Tarball into an Image
Google Cloud can create Instances from Images, but not from tarballs in your Bucket. So the next step is to create an Image from the Incredible PBX tarball. Once that is done, you can delete the tarball and bucket from your Google Cloud platform so you don’t have to pay monthly storage fees. Up to this step is where Google could have handled setup transparently by simply allowing us to share our bucket with anonymous users without this knuckle drill, but…
So now we need to create an Image which will transform the Incredible PBX tarball into a format that can be used to create Instances.
Click on the Navigation Menu (the 3-bar image in the upper left corner of your Dashboard). Navigate to COMPUTE -> Compute Engine -> Images. Click CREATE IMAGE.
When the Create Image dialog opens, fill in the form as shown below and click on the Browse button to choose the Incredible PBX tarball from your Bucket. Then click Create.
Creating an Instance from a Cloud Image
It takes about 5 minutes for Google Cloud to transmogrify the Incredible PBX tarball into an Image that can actually be used to create Instances. So be patient. Once your image has been created, it will appear at the top of the Images listing.
Click on the checkbox to the left of the Image to select it as shown above. Then click CREATE INSTANCE at the top of the form.
The Create Instance dialog window will appear. Fill in the form as shown above using a unique Name for your Instance. Adjust the Region to match your closest location. This choice may also affect the performance of your instance so picking the default is not a good idea if you want to stick with the freebie platform. Note that the Standard Machine Type (1vCPU) is selected by default. If you still have remaining credits, this won’t be a problem. Otherwise, you’ll have to pay about $25/month for this Machine Type level once your credits expire. We’ve had fair to good results using the Small Machine Type which costs under $15/month.
HINT #1: Never use the default zone for your PBX if you plan to use one of the shared vCPU machine types (micro or small). If you prefer the freebie which we strongly discourage because of performance issues, change the Machine Type to micro in the pull-down. Also note that the Boot Disk defaults to 10GB in size. This won’t work for long, and we’d recommend upping it to at least 20GB. Up to 30GB is provided at no cost using the micro Machine Type. Simply click the Change button to adjust the disk size. Once you’ve made your desired changes, click Create to build the Incredible PBX instance and bring it on line.
HINT #2: If you’re not going to move up to at least the small Machine Type, we would strongly urge you try one of our recommended $1/month VPS providers, all of whom offer considerably better performance at much less cost. In fact, you can bring up a redundant platform with a second VPS provider and still spend about the same money for a year that you would spend with a Google Cloud Standard VPS for one month.
While your Instance is being created and activated, navigate to COMPUTE -> Compute Engine -> VM Instances to display the status of your instances and to decipher the public IP address of your server. After you complete the next section, we’ll make a couple additional modifications using the Google Cloud Console by changing your public IP address from ephemeral (dynamic) to static and and adjusting the Google Cloud firewall. Delay making these changes at this time for the reason covered in the Word of Caution which follows.
A Word of Caution: Incredible PBX for the Google Cloud installs with a default root password of That obviously makes your running instance susceptible to compromise if someone else reads this article. So IMMEDIATELY after creating and activating a new Incredible PBX instance, make sure you complete the setup process in the next step during which you will be prompted to reset all of your passwords including the root password.
Completing the Incredible PBX Setup Process
Login to Incredible PBX as root using the default password at the public IP address of your instance using SSH or Putty. The Incredible PBX license agreement should display. If not, your server may have already been compromised. Accept the license agreement and enter very secure passwords for your server when prompted. Once the setup process finishes, reboot your server and wait about a minute for the reboot process to finish. Then log back into your server and allow the Automatic Update Utility to bring your server up to current specs. Once the pbxstatus screen displays, make sure everything is up and running. If not, wait another minute and rerun pbxstatus. Now issue the command user and make certain that you are the only root user on your server. If not, or if you didn’t see the license agreement when you first logged in, or if you couldn’t log in with the default root password, immediately shut down and destroy your instance and create a new one from your Google Cloud Image as documented in the previous section. TIP: If you see connection refused when you first attempt to log in, don’t be alarmed. Just count to 60 and try to log in again. The instance has to have time to boot up after activation before you can log in.
Finalizing Your Google Cloud Setup
Now that you’ve completed the Incredible PBX setup process, here are a couple of changes that need to be made using the Google Cloud GUI. First, you’ll need to permanently assign your IP address to your instance so that you don’t risk having Google change it when your server is rebooted. We also need to make a couple adjustments in the Google Cloud Firewall. Login again to the Google Cloud Console using your Google credentials.
From the Navigation Menu scroll down to the NETWORKING section and choose VPS Network -> External IP Addresses. Change the Type of your existing address to Static and Name it staticip. Next, choose Firewall Rules in the VPS Network section and click CREATE FIREWALL RULE. Fill in the template like the following leaving the other fields with their default entries. Then click CREATE.
Name: incrediblepbx-udp Target Tags: udp-in Source IP Range: 0.0.0.0/0 Protocols/Ports: udp: all
If you plan to use HTTPS with your server, you’ll also need to add another firewall rule similar to the existing default-allow-http rule. Simply change the Port to tcp:443 and Name it default-allow-https with a Target Tag of https-in.
CAUTION: Before these firewall rules will be activated for your instance, they also must be specified in the Network Tags section for your instance by adding the udp-in and https-in tags and restarting your instance.
It should be noted that Incredible PBX includes its own Travelin’ Man 3 firewall that manages a whitelist of IP addresses that are allowed ANY access to your server. So we will primarily use the firewall component of the Google Cloud instance to allow sufficient access to Incredible PBX to allow it to actually control server access.
Once you’ve verified that your instance is functioning properly, it’s safe to go back to your Bucket and delete it together with its contents. This will save you having to pay monthly storage fees even though they are quite reasonable.
Getting Started with Incredible PBX
Most of the configuration of your PBX will be performed using the web-based Incredible PBX GUI with its FreePBX® 13 GPL modules. Use a browser pointed to the IP address of your server and choose Incredible PBX Admin. Log in as admin with the password you configured above. HINT: You can always change it if you happen to forget it: /root/admin-pw-change
Configuring Trunks with Incredible PBX
Before you can actually make and receive calls, you’ll need to add one or more VoIP trunks with providers, create extensions for your phones, and add inbound and outbound routes that link your extensions to your trunks. Here’s how a PBX works. Phones connect to extensions. Extensions connect to outbound routes that direct calls to specific trunks, a.k.a. commercial providers that complete your outbound calls to any phone in the world. Coming the other way, incoming calls are directed to your phone number, otherwise known as a DID. DIDs are assigned by providers. Some require trunk registration using credentials handed out by these providers. Others including Skyetel use the IP address of your PBX to make connections. Incoming calls are routed to your DIDs which use inbound routes telling the PBX how to direct the calls internally. A call could go to an extension to ring a phone, or it could go to a group of extensions known as a ring group to ring a group of phones. It could also go to a conference that joins multiple people into a single call. Finally, it could be routed to an IVR or AutoAttendant providing a list of options from which callers could choose by pressing various keys on their phone.
We’ve done most of the prep work for you with Incredible PBX. We’ve set up an Extension to which you can connect a SIP phone or softphone. We’ve set up an Inbound Route that, by default, sends all incoming calls from registered trunks to a Demo IVR. And we’ve built dozens of trunks for some of the best providers in the business. Sign up with the ones you prefer, plug in your credentials, and you’re done.
Unlike traditional telephone service, you need not and probably should not put all your eggs in one basket when it comes to telephone providers. In order to connect to Plain Old Telephones, you still need at least one provider. But there is nothing wrong with having several. And a provider that handles an outbound call (termination) need not be the same one that handles an incoming call (origination) and provides your phone number (DID). Keep in mind that you only pay for the calls you make with each provider so you have little to lose by choosing several. The PIAF Forum also has dozens of recommendations on VoIP providers.
With the preconfigured trunks in Incredible PBX, all you need are your credentials for each provider and the domain name of their server. Log into Incredible PBX GUI Administration as admin using a browser. From the System Status menu, click Connectivity -> Trunks. Click on each provider you have chosen and fill in your credentials including the host entry. Be sure to uncheck the Disable Trunk checkbox! Fill in the appropriate information for the Register String. Save your settings by clicking Submit Changes. Then click the red Apply Config button.
Introducing Skyetel SIP Trunking for Incredible PBX
As frequent visitors already know, Skyetel is a Platinum Sponsor of Nerd Vittles and our open source projects including Incredible PBX. Their financial support keeps the lights on while all of our software remains free for the taking. Today we’re pleased to introduce a special new Skyetel offering for Nerd Vittles readers. If you loved BOGO deals at your favorite grocery store, then you’re going to love this new Skyetel offer which starts today. By signing up through this Nerd Vittles link, Skyetel will match any deposit originally made to your new account up to $250. For example, if you deposit $50, you’ll get $100 of SIP trunking service credit. Deposit $250, and you’ll get $500 of SIP trunking service credit. Basically, it’s half price service, and you get to choose how much you’d like. Skyetel also offers free porting of your DIDs for the first 60 days after you open your account plus a 10% reduction in your current origination rate and DID costs by presenting your last month’s bill.1 Complete details and configuration instructions on the Skyetel service are available in this tutorial. It only takes a minute or two to get up and running. Effective 10/1/2023, $25/month minimum spend at Skyetel is required.
Adding Skyetel Trunks to Incredible PBX
The Skyetel trunks were configured as part of the default install of Incredible PBX. All that’s required on your part is to sign up for Skyetel service to take advantage of the Nerd Vittles special offer. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request the BOGO credit for your account by referencing the Nerd Vittles special offer. Greed will get you nowhere. Credit is limited to one per person/company/address/location. If you want to take advantage of the 10% discount on your current service, open another ticket and attach a copy of your last month’s bill. See footnote 1 for the fine print. If you have high call volume requirements, document these in your Prequalification Form, and we will be in touch. Easy Peasy!
Unlike many VoIP providers, Skyetel does not use SIP registrations to make connections to your PBX. Instead, Skyetel utilizes Endpoint Groups to identify which servers can communicate with the Skyetel service. An Endpoint Group consists of a Name, an IP address, a UDP or TCP port for the connection, and a numerical Priority for the group. For incoming calls destined to your PBX, DIDs are associated with an Endpoint Group to route the calls to your PBX. For outgoing calls from your PBX, a matching Endpoint Group is required to authorize outbound calls through the Skyetel network. Thus, the first step in configuring the Skyetel side for use with your PBX is to set up an Endpoint Group. A typical setup for use with Incredible PBX®, Asterisk®, or FreePBX® would look like the following:
- Name: MyPBX
- Priority: 1
- IP Address: PBX-Public-IP-Address
- Port: 5060
- Protocol: UDP
- Description: server1.incrediblepbx.com
To receive incoming PSTN calls, you’ll need at least one DID. On the Skyetel site, you acquire DIDs under the Phone Numbers tab. You have the option of Porting in Existing Numbers (free for the first 60 days after you sign up for service) or purchasing new ones under the Buy Phone Numbers menu option.
Once you have acquired one or more DIDs, navigate to the Local Numbers or Toll Free Numbers tab and specify the desired SIP Format and Endpoint Group for each DID. Add SMS/MMS and E911 support, if desired. Call Forwarding and Failover are also supported. That completes the VoIP setup on the Skyetel side. System Status is always available here.
Configuring a Skyetel Inbound Route
Because there is no SIP registration with Skyetel, incoming calls to Skyetel trunks will NOT be sent to the Default Inbound Route configured on your PBX because FreePBX treats the calls as blocked anonymous calls without an Inbound Route pointing to the 11-digit number of each Skyetel DID. From the GUI, choose Connectivity -> Inbound Routes -> Add Inbound Route. For both the Description and DID fields, enter the 11-digit phone number beginning with a 1. Set the Destination for the incoming DID as desired and click Submit. Reload the Dialplan when prompted. Place a test call to each of your DIDs after configuring the Inbound Routes.
With the included Incredible Fax add-on, you can enable Fax Detection under the Fax tab. And, if you’d like CallerID Name lookups using CallerID Superfecta, you can enable it under the Other tab before saving your setup and reloading your dialplan.
Configuring a Skyetel Outbound Route
If Skyetel will be your primary provider, you can use both 10-digit and 11-digit dialing to process outbound calls through your Skyetel account. It’s preconfigured to support Skyetel in Connectivity -> Outbound Routes -> Add Outbound Route. The recommended setup is shown below. Just add the CallerID Number you wish to associate with your outbound calls through Skyetel:
Under the Dial Patterns tab, you’ll find the default rules as shown below. Adjust them to meet your own requirements.
There are a million ways to design outbound calling schemes on PBXs with multiple trunks. One of the simplest ways is to use no dial prefix for the primary trunk and then use dialing prefixes for the remaining trunks.
Another outbound calling scheme would be to assign specific DIDs to individual extensions on your PBX. Here you could use NXXNXXXXXX with the 1 Prepend as the Dial Pattern with every Outbound Route and change the Extension Number in the CallerID field of the Dial Pattern. With this setup, you’d need a separate Outbound Route for each group of extensions using a specific trunk on your PBX. Additional dial patterns can be added for each extension designated for a particular trunk. A lower priority Outbound Route then could be added without a CallerID entry to cover extensions that weren’t restricted or specified.
HINT: Keep in mind that Outbound Routes are processed by FreePBX in top-down order. The first route with a matching dial pattern is the trunk that is selected to place the outbound call. No other outbound routes are ever used even if the call fails or the trunk is unavailable. To avoid failed calls, consider adding additional trunks to the Trunk Sequence in every outbound route. In summary, if you have multiple routes with the exact same dial pattern, then the match nearest to the top of the Outbound Route list wins. You can rearrange the order of the outbound routes by dragging them into any sequence desired.
Audio Issues with Skyetel
If you experience one-way or no audio on some calls, make sure you have filled in the NAT Settings section in the GUI under Settings -> Asterisk SIP Settings -> General. In addition to adding your external and internal IP addresses there, be sure to add your external IP address in /etc/asterisk/sip_general_custom.conf like the following example and restart Asterisk:
externip=xxx.xxx.xxx.xxx
If you’re using PJSIP trunks or extensions on your PBX, implement this fix as well.
Receiving SMS Messages Through Skyetel
Most Skyetel DIDs support SMS messaging. Once you have purchased one or more DIDs, you can edit each number and, under the SMS & MMS tab, you can redirect incoming SMS messages to an email or SMS destination of your choice using the following example:
Sending SMS Messages Through Skyetel
We’ve created a simple script that will let you send SMS messages from the Linux CLI using your Skyetel DIDs. In order to send SMS messages, you first will need to create an SID key and password in the Skyetel portal. From the Settings icon, choose API Keys -> Create. Once the credentials appear, copy both your SID and Password. Then click SAVE.
Next, from the Linux CLI, issue the following commands to download the sms-skyetel script into your /root folder. Then edit the file and insert your SID, secret, and DID credentials in the fields at the top of the script. Save the file, and you’re all set.
cd /root wget http://incrediblepbx.com/sms-skyetel chmod +x sms-skyetel nano -w sms-skyetel
To send an SMS message, use the following syntax where 18005551212 is the 11-digit SMS destination: sms-skyetel 18005551212 "Some message"
Configuring a Softphone for Incredible PBX
We’re in the home stretch now. You can connect virtually any kind of telephone to your new PBX. Plain Old Phones require an analog telephone adapter (ATA). With a cloud-based PBX, you need a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.
We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Applications _> Extensions -> 701 and write down your SIP/IAX Password. You can also find it in /root/passwords.FAQ. Fill in the blanks using the IP address of your Server, 701 for your Username, and whatever Password you assigned to the extension when you installed Incredible PBX. Click OK to save your entries.
Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:
DEMO - Apps Demo
123 - Reminders
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
TODAY - Today in History
If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.
One cautionary note if you have multiple SIP softphones behind the same NAT-based router. Getting SIP packets routed back to the appropriate desktop machine can be problematic and typically results in missing audio on calls. The easy workaround is to set up the NeoRouter VPN on both your instance and each of your desktop computers. Then register the softphones to the NeoRouter private IP address of your instance. The NeoRouter client already is installed on your server, but you’ll need to set up a NeoRouter server somewhere and connect to it by running nrclientcmd
.
Introducing the Incredible PBX Security Model
Incredible PBX includes one of the most secure turnkey PBX implementations on the planet. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. This release also includes Port Knocker for simple, secure access from any remote computer or smartphone. You can get up to speed on how the technology works by reading the Nerd Vittles tutorial. Your Port Knocker credentials are stored in /root/knock.FAQ together with activation instructions for your server and mobile devices. The NeoRouter VPN client also is included for rock-solid, secure connectivity to remote users. Read our previous tutorial for setup instructions. As configured, nobody can access your PBX without your credentials AND an IP address that matches the IP address of your server or the PC from which you installed Incredible PBX. You can whitelist additional IP addresses by running the command-line utility /root/add-ip. You can remove whitelisted IP addresses by running /root/del-acct. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking. The Google Cloud firewall adds an extra layer of protection.
The IPtables firewall is a complex piece of software. If you need assistance with configuring it, visit the PIAF Forum for some friendly assistance.
Incredible Backup and Restore
We’re pleased to introduce our latest backup and restore utilities for Incredible PBX. Running /root/incrediblebackup13 will create a backup image of your server in /tmp. This backup image then can be copied to any other medium desired for storage. To restore it to another Incredible PBX server, simply copy the image to a server running Asterisk 13 and the same version of the Incredible PBX GUI. Then run /root/incrediblerestore13. Doesn’t get much simpler than that.
Incredible PBX Automatic Update Utility
Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along.
In the meantime, we encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie.
Upgrading to IBM Speech Engines
If you’ve endured Google’s Death by a Thousand Cuts with text-to-speech (TTS) and voice recognition (STT) over the years, then we don’t have to tell you what a welcome addition IBM’s new speech utilities are. We can’t say enough good things about the new IBM Watson TTS and STT offerings. With IBM’s services, you have a choice of free or commercial tiers. Let’s put the pieces in place so you’ll be ready to play with the Whole Enchilada.
Getting Started with IBM Watson TTS Service
We’ve created a separate tutorial to walk you through obtaining and configuring your IBM Watson credentials. Start there.
Next, login to your Incredible PBX server and issue these commands to update your Asterisk dialplan and edit ibmtts.php:
cd /var/lib/asterisk/agi-bin ./install-ibmtts-dialplan.sh nano -w ibmtts.php
Insert your credentials in $IBM_username and $IBM_password. For new users, your $IBM_username will be apikey. Your $IBM_password will be the TTS APIkey you obtained from IBM. Next, verify that $IBM_url matches the entry provided when you registered with IBM. Then save the file: Ctrl-X, Y, then ENTER. Now reload the Asterisk dialplan: asterisk -rx "dialplan reload"
. Try things out by dialing 951 (news) or 947 (Weather) from an extension registered on your PBX.
Getting Started with IBM Watson STT Service
Now let’s get IBM’s Speech to Text service activated. Log back in to the IBM Cloud. Click on the Speech to Text app. Choose a Region to deploy in, choose your Organization from the pull-down menu, and select STT as your Space. Choose the Standard Pricing Plan. Then click Create. When Speech to Text Portal opens, click the Service Credentials tab. In the Actions column, click View Credentials and copy down your STT username and password.
Finally, login to your Incredible PBX server and issue these commands to edit getnumber.sh:
cd /var/lib/asterisk/agi-bin nano -w getnumber.sh
Insert apikey as your API_USERNAME and your actual STT APIkey API_PASSWORD in the fields provided. Then save the file: Ctrl-X, Y, then ENTER. Update your Voice Dialer (411) to use the new IBM STT service:
sed -i '\\:// BEGIN Call by Name:,\\:// END Call by Name:d' /etc/asterisk/extensions_custom.conf sed -i '/\\[from-internal-custom\]/r ibm-411.txt' /etc/asterisk/extensions_custom.conf asterisk -rx "dialplan reload"
Now try out the Incredible PBX Voice Dialer with AsteriDex by dialing 411 and saying "Delta Airlines."
Using Gmail as a SmartHost for SendMail
Many Internet service providers including Google block email transmissions from downstream servers (that’s you) to reduce spam. The simple solution is to use your Gmail account as a smarthost for SendMail. Here’s how. Log into your server as root and issue the following commands:
cd /etc/mail hostname -f > genericsdomain touch genericstable makemap -r hash genericstable.db < genericstable mv sendmail.mc sendmail.mc.original wget http://incrediblepbx.com/sendmail.mc.gmail cp sendmail.mc.gmail sendmail.mc mkdir -p auth chmod 700 auth cd auth echo AuthInfo:smtp.gmail.com \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" > client-info echo AuthInfo:smtp.gmail.com:587 \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" >> client-info echo AuthInfo:smtp.gmail.com:465 \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" >> client-info nano -w client-info
When the nano editor opens the client-info file, change the 3 user_id entries to your Gmail account name without @gmail.com and change the 3 password entries to your actual Gmail password. Save the file: Ctrl-X, Y, then ENTER.
Now issue the following commands:
chmod 600 client-info makemap -r hash client-info.db < client-info cd .. make service sendmail restart
Finally, send yourself a test message. Be sure to check your spam folder!
echo "test" | mail -s testmessage yourname@yourdomain.com
Check mail success with: tail /var/log/mail.log
. If you have trouble getting a successful Gmail registration (especially if you have previously used this Google account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.
Originally published: Monday, April 1, 2019
Continue Reading: Configuring Extensions, Trunks & Routes
Don't Miss: Incredible PBX Application User's Guide covering the 31 Whole Enchilada apps
Support Issues. With any application as sophisticated as this one, you're bound to have questions. Blog comments are a difficult place to address support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It's the best Asterisk tech support site in the business, and it's all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won't have to wait long for an answer to your question.
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- In the unlikely event that Skyetel cannot provide a 10% reduction in your current origination rate and/or DID costs, Skyetel will give you an additional $50 credit to use with the Skyetel service. [↩]
Spring Is Sprung: Taking Incredible PBX to the Google Cloud
Let’s chat about Google. We’ve had a love-hate relationship with Google for the past decade. For every good deed they do, they always manage to follow it up with a swift kick in the teeth… or lower. Business Insider recently catalogued all of the Google carnage over the years. And that ignores the train wreck that many VoIP users experienced with Google Voice. So we have mixed emotions about writing this column at all. But, suffice it to say, you won’t have to worry about Google’s Cloud Platform disappearing. It’s as well entrenched in the Google profit center as their advertising juggernaut.
I’ll begin with a story about a former neighbor of ours that was the IT Director at a major university. Maintaining their server farm with staff, labor, and hardware had simply become too expensive and too painful for the university to absorb so he made what at the time appeared to be a very brave decision. He decided to move all of the computing resources of the university to the Google Cloud. I haven’t spoken to him recently, but I can tell you the day it was completed was one of the happiest days of his life. Taking hardware acquisition, hardware maintenance, and facilities management out of the IT equation is great for your blood pressure. And the university actually has saved boatloads of money.
Is the Google Cloud right for everyone? Of course not. But you’ve got nothing to lose by trying it because Google is going to spot you $300 for the first year to get started. So we’d recommend you make the decision whether to continue AFTER you’ve spent the $300 you found lying on the sidewalk. Today we’ll show you how to build the always-free platform which probably will suffice for home users and small businesses in perpetuity. After your first year, the only charge would be a little chump change for bandwidth each month. If you decide not to use it as your PBX platform, it still would come in handy as a VPN server platform for an application such as NeoRouter. Pricing details here.
We want to start today by thanking Stewart Nelson on the DSLR Forum for his pioneering work on this beginning over a year ago. To start, hop over to https://cloud.google.com/free and claim your $300 by signing up for a Google Cloud account.
CAUTION: Before you embark on this adventure, we would encourage you to read through this article AND read our followup article which documented a much easier and simpler implementation scheme.
Creating a Google Cloud Instance for Incredible PBX
Once you have your account set up, it’s time to create your first project. Navigate to https://console.cloud.google.com. In the COMPUTE section of the dashboard, click Compute Engine -> VM Instances. Then click CREATE PROJECT and name it. Now click CREATE INSTANCE and Name it incrediblepbx. The instance name becomes the hostname for your virtual machine. If you want to remain in the Free Tier, choose f1-micro instance as the Machine Type and choose a U.S. Region (us-central1, us-east1 or us-west1). We strongly recommend installing your VPS using the N1-standard-1 as the Machine Type. It costs about 3 cents an hour and will save you several hours of tedious waiting. Once you complete the install, you then can shut down the server, downgrade to the f1-micro Machine Type, and restart your instance. For the Boot Disk, choose CentOS 6 and expand the disk storage to at least 20GB (30GB is available with the Free Tier). For the Firewall setting, enable HTTP and optionally HTTPS, if desired. Check your entries carefully and then click the Create button.
When your virtual machine instance comes on line, jot down the assigned public IP address. We’ll need it in a minute. Now click on the SSH pull-down tab and choose Open in a Browser Window. Now we need to set a root password and adjust the SSH settings so that you can login from your desktop computer using SSH or Putty. This is important since the Incredible PBX installer will whitelist the IP address of your desktop PC as part of the setup process. You don’t want to lock yourself out of your virtual machine.
sudo passwd root su root nano -w /etc/ssh/sshd_config
When the editor opens the SSH config file, add the following entries. Then save the file and restart SSH: service sshd restart
PermitRootLogin yes PasswordAuthentication yes
You now should be able to log in to your instance as root from your desktop computer using SSH or Putty. Test it to be sure: ssh root@server-IP-address
Before we leave the Google Cloud Dashboard, let’s make the assigned public IP address permanent so that it doesn’t get changed down the road. Keep in mind that, if you ever delete your instance, you also need to remove the assigned static IP address so you don’t continue to get billed for it. From Home on the Dashboard, scroll down to the NETWORKING section and choose VPS Network -> External IP Addresses. Change the Type of your existing address to Static and Name it staticip. Next, choose Firewall Rules in the VPS Network section and click CREATE FIREWALL RULE. Fill in the template like the following leaving the other fields with their default entries. Then click CREATE.
- Name: incrediblepbx-udp
- Target Tags: udp-in
- Source IP Range: 0.0.0.0/0
- Protocols/Ports: check udp: all
If you plan to use HTTPS with your server, you’ll also need to add another firewall rule similar to the existing default-allow-http rule. Simply change the Port to tcp:443 and Name it default-allow-https with a Target Tag of https-in.
CAUTION: Before these firewall rules will be activated for your instance, they also must be specified in the Network Tags section for your instance by adding the udp-in and https-in tags and restarting your instance.
It should be noted that Incredible PBX includes its own Travelin’ Man 3 firewall that manages a whitelist of IP addresses that are allowed ANY access to your server. So we will primarily use the firewall component of the Google Cloud instance to allow sufficient access to Incredible PBX to allow it to actually control server access.
Installing Incredible PBX in the Google Cloud
If you’ve installed previous iterations of Incredible PBX, here is a thumbnail sketch of the install procedure. After logging into your server as root from a desktop PC using SSH or Putty, issue the following commands:
yum -y update yum -y install net-tools nano wget tar wget http://incrediblepbx.com/incrediblepbx-13-13-LEAN.tar.gz tar zxvf incrediblepbx-13-13-LEAN.tar.gz rm -f incrediblepbx-13-13-LEAN.tar.gz # add swap file to your instance ./create-swapfile-DO # kick off Phase I install ./IncrediblePBX-13-13.sh # after reboot, kick off Phase II install ./IncrediblePBX-13-13.sh # adjust TM3 firewall to block Google Cloud locals sed -i 's|10.0.0.0/8|10.0.0.0/24|' /usr/local/sbin/iptables-custom iptables-restart # add Full Enchilada apps (see below) ./Enchilada-upgrade.sh # add HylaFax/AvantFax (see below) ./incrediblefax13.sh # after reboot, set passwords ./update-passwords # set desired timezone ./timezone-setup # fix permissions clobbered by Google Cloud install chown -R asterisk:asterisk /var/lib/asterisk amportal restart # set up NeoRouter client, if desired nrclientcmd # check network speed wget -O speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py chmod +x speedtest-cli ./speedtest-cli
WebMin is also installed and configured as part of the base install. The root password for access is the same as your Linux root password. We strongly recommend that you not use WebMin to make configuration changes to your server. You may inadvertently damage the operation of your PBX beyond repair. WebMin is an excellent tool to LOOK at how your server is configured. When used for that purpose, we highly recommend WebMin as a way to become familiar with your Linux configuration.
Using the Incredible PBX 13-13 Web GUI
NOTE: If you plan to upgrade to the Whole Enchilada, you can skip this section. It’s for those that wish to roll their own PBX from the ground up.
Most of the configuration of your PBX will be performed using the web-based Incredible PBX GUI with its FreePBX 13 GPL modules. Use a browser pointed to the IP address of your server and choose Incredible PBX Admin. Log in as admin with the password you configured in the previous step. HINT: You can always change it if you happen to forget it.
To get a basic system set up so that you can make and receive calls, you’ll need to add a VoIP trunk, create one or more extensions, set up an inbound route to send incoming calls to an extension, and set up an outbound route to send calls placed from your extension to a VoIP trunk that connects to telephones in the real world. You’ll also need a SIP phone or softphone to use as an extension on your PBX. Our previous tutorial will walk you through this setup procedure. Over the years, we’ve built a number of command line utilities including a script to preconfigure SIP trunks for more than a dozen providers in seconds. You’ll find links to all of them here.
Continue Reading: Configuring Extensions, Trunks & Routes
Upgrading to Incredible PBX Whole Enchilada
There now are two more pieces to put in place. The sequence matters! Be sure to upgrade to the Whole Enchilada before you install Incredible Fax. If you perform the steps backwards, you may irreparably damage your fax setup by overwriting parts of it.
The Whole Enchilada upgrade script now is included in the Incredible PBX LEAN tarball. If you have an earlier release, you may need to download the Whole Enchilada tarball as documented below. Upgrading to the Whole Enchilada is simple. Log into your server as root and issue the following commands. Try issuing just the last command first to see if the enchilada upgrade script already is in place. Otherwise, execute all of the commands below. Be advised that the upgrade will overwrite all of your existing Incredible PBX setup including any extensions, trunks, and routes you may have created previously. You also will be prompted to reset all of your passwords as part of the upgrade.
cd /root ./Enchilada*
If you accidentally installed Incredible Fax before upgrading to the Whole Enchilada, you may be able to recover your Incredible Fax setup by executing the following commands. It’s worth a try anyway.
amportal a ma install avantfax amportal a r
Installing Incredible Fax with HylaFax/AvantFax
You don’t need to upgrade to the Whole Enchilada in order to use Incredible Fax; however, you may forfeit the opportunity to later upgrade to the Whole Enchilada if you install Incredible Fax first. But the choice is completely up to you. To install Incredible Fax, log into your server as root and issue the following commands:
cd /root ./incrediblefax13.sh
After entering your email address to receive incoming faxes, you’ll be prompted about two dozen times to choose options as part of the install. Simple press the ENTER key at each prompt and accept all of the defaults. When the install finishes, make certain that you reboot your server to bring Incredible Fax on line. There will be a new AvantFax option in the Incredible PBX GUI. The default credentials for AvantFax GUI are admin:password; however, you first will be prompted for your Apache admin credentials which were set when you installed Incredible PBX 13-13 LEAN or the Whole Enchilada. Then you’ll be asked to change your AvantFax password.
Upgrading to IBM Speech Engines
If you’ve endured Google’s Death by a Thousand Cuts with text-to-speech (TTS) and voice recognition (STT) over the years, then we don’t have to tell you what a welcome addition IBM’s new speech utilities are. We can’t say enough good things about the new IBM Watson TTS and STT offerings. With IBM’s services, you have a choice of free or commercial tiers. Let’s put the pieces in place so you’ll be ready to play with the Whole Enchilada.
Getting Started with IBM Watson TTS Service
We’ve created a separate tutorial to walk you through obtaining and configuring your IBM Watson credentials. Start there.
Next, login to your Incredible PBX server and issue these commands to update your Asterisk dialplan and edit ibmtts.php:
cd /var/lib/asterisk/agi-bin ./install-ibmtts-dialplan.sh nano -w ibmtts.php
Insert your credentials in $IBM_username and $IBM_password. For new users, your $IBM_username will be apikey. Your $IBM_password will be the TTS APIkey you obtained from IBM. Next, verify that $IBM_url matches the entry provided when you registered with IBM. Then save the file: Ctrl-X, Y, then ENTER. Now reload the Asterisk dialplan: asterisk -rx "dialplan reload"
. Try things out by dialing 951 (news) or 947 (Weather) from an extension registered on your PBX.
Getting Started with IBM Watson STT Service
Now let’s get IBM’s Speech to Text service activated. Log back in to the IBM Cloud. Click on the Speech to Text app. Choose a Region to deploy in, choose your Organization from the pull-down menu, and select STT as your Space. Choose the Standard Pricing Plan. Then click Create. When Speech to Text Portal opens, click the Service Credentials tab. In the Actions column, click View Credentials and copy down your STT username and password.
Finally, login to your Incredible PBX server and issue these commands to edit getnumber.sh:
cd /var/lib/asterisk/agi-bin nano -w getnumber.sh
Insert apikey as your API_USERNAME and your actual STT APIkey API_PASSWORD in the fields provided. Then save the file: Ctrl-X, Y, then ENTER. Update your Voice Dialer (411) to use the new IBM STT service:
sed -i '\\:// BEGIN Call by Name:,\\:// END Call by Name:d' /etc/asterisk/extensions_custom.conf sed -i '/\\[from-internal-custom\]/r ibm-411.txt' /etc/asterisk/extensions_custom.conf asterisk -rx "dialplan reload"
Now try out the Incredible PBX Voice Dialer with AsteriDex by dialing 411 and saying "Delta Airlines." Check back next week for the Whole Enchilada apps tutorial.
Adding Skyetel Trunks to Incredible PBX
The Skyetel trunks were configured as part of the default install of Incredible PBX. All that’s required on your part is to sign up for Skyetel service and take advantage of the exclusive Nerd Vittles BOGO offer beginning April 1. Skyetel will match your original deposit of up to $250 which translates into as much as $500 of half-price SIP trunking service. Effective 10/1/2023, $25/month minimum spend required. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request the BOGO credit for your account by referencing this Nerd Vittles special offer. Greed will get you nowhere. Credit is limited to one per person/company/address/location. If you want to take advantage of the 10% discount on your current service, open another ticket and attach a copy of your last month’s bill. See footnote 1 for the fine print.1 If you have high call volume requirements, document these in your Prequalification Form, and we will be in touch. Easy Peasy!
Unlike many VoIP providers, Skyetel does not use SIP registrations to make connections to your PBX. Instead, Skyetel utilizes Endpoint Groups to identify which servers can communicate with the Skyetel service. An Endpoint Group consists of a Name, an IP address, a UDP or TCP port for the connection, and a numerical Priority for the group. For incoming calls destined to your PBX, DIDs are associated with an Endpoint Group to route the calls to your PBX. For outgoing calls from your PBX, a matching Endpoint Group is required to authorize outbound calls through the Skyetel network. Thus, the first step in configuring the Skyetel side for use with your PBX is to set up an Endpoint Group. A typical setup for use with Incredible PBX®, Asterisk®, or FreePBX® would look like the following:
- Name: MyPBX
- Priority: 1
- IP Address: PBX-Public-IP-Address
- Port: 5060
- Protocol: UDP
- Description: server1.incrediblepbx.com
To receive incoming PSTN calls, you’ll need at least one DID. On the Skyetel site, you acquire DIDs under the Phone Numbers tab. You have the option of Porting in Existing Numbers (free for the first 60 days after you sign up for service) or purchasing new ones under the Buy Phone Numbers menu option.
Once you have acquired one or more DIDs, navigate to the Local Numbers or Toll Free Numbers tab and specify the desired SIP Format and Endpoint Group for each DID. Add SMS/MMS and E911 support, if desired. Call Forwarding and Failover are also supported. That completes the VoIP setup on the Skyetel side. System Status is always available here.
Configuring a Skyetel Inbound Route
Because there is no SIP registration with Skyetel, incoming calls to Skyetel trunks will NOT be sent to the Default Inbound Route configured on your PBX because FreePBX treats the calls as blocked anonymous calls without an Inbound Route pointing to the 11-digit number of each Skyetel DID. From the GUI, choose Connectivity -> Inbound Routes -> Add Inbound Route. For both the Description and DID fields, enter the 11-digit phone number beginning with a 1. Set the Destination for the incoming DID as desired and click Submit. Reload the Dialplan when prompted. Place a test call to each of your DIDs after configuring the Inbound Routes.
If you have installed the Incredible Fax add-on, you can enable Fax Detection under the Fax tab. And, if you’d like CallerID Name lookups using CallerID Superfecta, you can enable it under the Other tab before saving your setup and reloading your dialplan.
Configuring a Skyetel Outbound Route
If Skyetel will be your primary provider, you can use both 10-digit and 11-digit dialing to process outbound calls through your Skyetel account. From the GUI, choose Connectivity -> Outbound Routes -> Add Outbound Route. For the setup, we recommend the following using the CallerID Number you wish to associate with your outbound calls through Skyetel:
Enter the Dial Patterns under the Dial Patterns tab before saving your outbound route. Here’s what you would enter for 10-digit and 11-digit dialing. If you want to require a dialing prefix to use the Skyetel Outbound Route, enter it in the Prefix field for both dial strings.
There are a million ways to design outbound calling schemes on PBXs with multiple trunks. One of the simplest ways is to use no dial prefix for the primary trunk and then use dialing prefixes for the remaining trunks.
Another outbound calling scheme would be to assign specific DIDs to individual extensions on your PBX. Here you could use NXXNXXXXXX with the 1 Prepend as the Dial Pattern with every Outbound Route and change the Extension Number in the CallerID field of the Dial Pattern. With this setup, you’d need a separate Outbound Route for each group of extensions using a specific trunk on your PBX. Additional dial patterns can be added for each extension designated for a particular trunk. A lower priority Outbound Route then could be added without a CallerID entry to cover extensions that weren’t restricted or specified.
HINT: Keep in mind that Outbound Routes are processed by FreePBX in top-down order. The first route with a matching dial pattern is the trunk that is selected to place the outbound call. No other outbound routes are ever used even if the call fails or the trunk is unavailable. To avoid failed calls, consider adding additional trunks to the Trunk Sequence in every outbound route. In summary, if you have multiple routes with the exact same dial pattern, then the match nearest to the top of the Outbound Route list wins. You can rearrange the order of the outbound routes by dragging them into any sequence desired.
Audio Issues with Skyetel
If you experience one-way or no audio on some calls, make sure you have filled in the NAT Settings section in the GUI under Settings -> Asterisk SIP Settings -> General. In addition to adding your external and internal IP addresses there, be sure to add your external IP address in /etc/asterisk/sip_general_custom.conf like the following example and restart Asterisk:
externip=xxx.xxx.xxx.xxx
If you’re using PJSIP trunks or extensions on your PBX, implement this fix as well.
Receiving SMS Messages Through Skyetel
Most Skyetel DIDs support SMS messaging. Once you have purchased one or more DIDs, you can edit each number and, under the SMS & MMS tab, you can redirect incoming SMS messages to an email or SMS destination of your choice using the following example:
Sending SMS Messages Through Skyetel
We’ve created a simple script that will let you send SMS messages from the Linux CLI using your Skyetel DIDs. In order to send SMS messages, you first will need to create an SID key and password in the Skyetel portal. From the Settings icon, choose API Keys -> Create. Once the credentials appear, copy both your SID and Password. Then click SAVE.
Next, from the Linux CLI, issue the following commands to download the sms-skyetel script into your /root folder. Then edit the file and insert your SID, secret, and DID credentials in the fields at the top of the script. Save the file, and you’re all set.
cd /root wget http://incrediblepbx.com/sms-skyetel chmod +x sms-skyetel nano -w sms-skyetel
To send an SMS message, use the following syntax where 18005551212 is the 11-digit SMS destination: sms-skyetel 18005551212 "Some message"
Using Gmail as a SmartHost for SendMail
Many Internet service providers including Google block email transmissions from downstream servers (that’s you) to reduce spam. The simple solution is to use your Gmail account as a smarthost for SendMail. Here’s how. Log into your server as root and issue the following commands:
cd /etc/mail hostname -f > genericsdomain touch genericstable makemap -r hash genericstable.db < genericstable mv sendmail.mc sendmail.mc.original wget http://incrediblepbx.com/sendmail.mc.gmail cp sendmail.mc.gmail sendmail.mc mkdir -p auth chmod 700 auth cd auth echo AuthInfo:smtp.gmail.com \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" > client-info echo AuthInfo:smtp.gmail.com:587 \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" >> client-info echo AuthInfo:smtp.gmail.com:465 \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" >> client-info nano -w client-info
When the nano editor opens the client-info file, change the 3 user_id entries to your Gmail account name without @gmail.com and change the 3 password entries to your actual Gmail password. Save the file: Ctrl-X, Y, then ENTER.
Now issue the following commands:
chmod 600 client-info makemap -r hash client-info.db < client-info cd .. make service sendmail restart
Finally, send yourself a test message. Be sure to check your spam folder!
echo "test" | mail -s testmessage yourname@yourdomain.com
Check mail success with: tail /var/log/mail.log
. If you have trouble getting a successful Gmail registration (especially if you have previously used this Google account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.
Finally, let's clean up Fail2Ban so you don't get bombarded by useless email messages. Issue the following commands and, when the editor opens, search for the nobody: line and change the destination from root to devnull. Save the file and then reload your aliases with the last command below:
sed -i 's|you@example.com|nobody@localhost|' /etc/fail2ban/jail.conf nano -w /etc/aliases newaliases
Continue Reading: A Better Way to Deploy Incredible PBX in the Google Cloud
Originally published: Tuesday, March 26, 2019
News Flash: Turn Incredible PBX into a Fault-Tolerant HA Platform for $1/Month
Continue Reading: Configuring Extensions, Trunks & Routes
Don't Miss: Incredible PBX Application User's Guide covering the 31 Whole Enchilada apps
Support Issues. With any application as sophisticated as this one, you're bound to have questions. Blog comments are a difficult place to address support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It's the best Asterisk tech support site in the business, and it's all free! Please have a look and post your support questions there. Unlike some forums, the PIAF Forum is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won't have to wait long for an answer to your question.
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- In the unlikely event that Skyetel cannot provide a 10% reduction in your current origination rate and/or DID costs, Skyetel will give you an additional $50 credit to use with the Skyetel service. [↩]
A Golden Newbie: Incredible PBX 13-13.10 for Ubuntu 18.04.2
If you’re as big a fan of Ubuntu as we are, then you’ll be pleased to know that the month-old update to Ubuntu 18.04 LTS is rock-solid. It takes a brave soul to name anything Bionic Beaver, but Ubuntu pulls it off and makes you want to meet one face-to-face, just not in a bar after midnight. Well, St. Paddy would be proud. Today’s new Incredible PBX® 13-13.10 release brings you everything you could want in a PBX, and the icing on the cake is Ubuntu 18.04.2. The only drawback to Ubuntu 18.04 is that none of our $1/month VPS cloud providers support the platform just yet. But have no fear, both Digital Ocean and Vultr already do.1
Introducing 2019 Edition of Incredible PBX
This is our third major release of our flagship Incredible PBX 13-13 platform. In addition to today’s release for Ubuntu 18.04.2, it’s also available for Raspbian 8 as well as CentOS 6 and 7. It features 70+ new FreePBX® GPL modules plus all the latest components for OSS Endpoint Manager making SIP phone deployment with Asterisk® 13 a breeze. There also are terrific new backup and restore utilities which make migration and restoration of Incredible PBX platforms a snap. Finally, we’ve incorporated Skyetel SIP trunking in the build. It literally makes configuration of outbound and incoming calling a one-minute process. On the Skyetel side, create an Endpoint Group pointing to the IP address of your PBX, order one or more DIDs and point them to the new EndPoint Group. Done. On the Incredible PBX side, add Inbound Routes specifying the 11-digit numbers of your Skyetel DIDs and point each of them to the desired destination for incoming calls. Done. Outbound calls are automatically configured to use your Skyetel account. Our complete Skyetel tutorial is available here and includes up to a $250 usage credit with Skyetel’s new BOGO deposit match.2 Effective 10/1/2023, $25/month minimum spend required.
Creating an Ubuntu 18.04.2 Platform
If you plan to install Incredible PBX 13-13.10 using a cloud provider that supports Ubuntu 18.04.2, then creation of the Ubuntu 18.04.2 platform is as simple as clicking on the 64-bit OS as part of the creation of your 1GB RAM virtual machine. If you plan to use your own hardware, then any modern desktop computer will suffice. Begin by downloading the Ubuntu 18.04.2 ISO from here. Then create a bootable USB stick or assign the ISO as the boot device on your virtual machine platform. Here are steps for Ubuntu install using the server console:
- Preferred language: English
- Keyboard: English (US)
- Install Ubuntu
- Network interface (eth or wlan) from DHCP
- Proxy (leave blank)
- Ubuntu mirror (accept default entry)
- Partitioning: Use Entire Disk
- Choose Disk for Install (accept default usually)
- File System Setup (choose Done)
- Confirm Disk Install (Continue)
- Profile Setup (create a username and password)
- Install OpenSSH server (press Space Bar then Done)
- Featured Server Snaps (leave blank)
- Reboot Now (when prompted)
- Remove installation media
- Login using username created above
- sudo passwd root
- exit
- Login as root with new root password
- userdel username (that you created above)
- nano -w /etc/ssh/sshd_config
- Add: PermitRootLogin yes
- save file
- exit
- Login as root using SSH or Putty
CAUTION: Don’t make any "improvements" to Ubuntu 18.04.2 after the initial install, or the Incredible PBX install may fail. It is designed for a base platform only!
Installing Incredible PBX 13-13.10
If you haven’t already done so, log into your Ubuntu 18.04.2 server as root using SSH or Putty. It’s important to log in from a desktop computer that you will be using to make changes on your server since this IP address will be whitelisted in the firewall as part of the installation process. Do NOT use the server console to install Incredible PBX, or you may not be able to log in from your desktop computer thereafter.
Before we begin the install procedure, let’s determine whether a swap file exists on your platform. If not, you’ll need to create one below as one of the first steps after downloading the Incredible PBX installer. Issue this command to determine if you have swap space: free -h
Now let’s download and install Incredible PBX 13-13.10. There are two flavors: the base install with the 70+ FreePBX GPL modules that comprise the web-based GUI to manage your PBX and the Whole Enchilada which adds 30+ Asterisk applications to the base install to provide TTS support, voice recognition, news and weather TTS apps, AsteriDex, telephone reminders, and much more. Here are the steps. Be sure to uncomment the create-swapfile-DO entry if you are lacking a swapfile.
cd /root wget http://incrediblepbx.com/incrediblepbx-13-13.10U-LEAN.tar.gz tar zxvf incrediblepbx-13-13.10U-LEAN.tar.gz rm -f incrediblepbx-13-13.10U-LEAN.tar.gz #./create-swapfile-DO ./Incredible*
There are two phases to the base install. You’ve just completed Phase #1. After your server reboots, log back in and kick off the Incredible PBX installer a second time. Don’t disappear immediately. On some cloud platforms, you may be asked whether to preserve your existing SSH setup. Choose the Keep Local Version default. On all platforms, you’ll be prompted for two additional responses in the first few minutes. At the first prompt, simply press ENTER to continue. At the second prompt, enter the country code to associate with your PBX. For those in the United States, the code is 1. We assume others are more familiar with their country code than Americans are. 😉
cd /root ./Incredible*
Make some careful notes when the install finishes. Then press ENTER to reboot your server.
If you don’t plan to use the Incredible PBX applications, then your install is complete after the reboot. Each time you log in to your server, the Automatic Update Utility will run to provide late-breaking updates that may affect the security of your server. So make sure you log in to the Linux CLI at least once a week to stay safe!
Assuming you’ve already created a very secure root password (update it by running passwd), perform the following 5 Steps to get everything locked down:
- Create an admin password for GUI access: /root/admin-pw-change
- Create an admin password for Apache web access: htpasswd /etc/pbx/wwwpasswd admin
- Configure the correct timezone for your server: /root/timezone-setup
- Retrieve your PortKnocker setup like this: cat /root/knock.FAQ
- Add IPtables WhiteList entries for remote access: /root/add-ip or /root/add-fqdn
Most of the configuration of your PBX will be performed using the web-based Incredible PBX GUI with its FreePBX 13 GPL modules. Use a browser pointed to the IP address of your server and choose Incredible PBX Admin. Log in as admin with the password you configured in the first step above. HINT: You can always change it if you happen to forget it.
To get a basic system set up so that you can make and receive calls, you’ll need to add a VoIP trunk, create one or more extensions, set up an inbound route to send incoming calls to an extension, and set up an outbound route to send calls placed from your extension to a VoIP trunk that connects to telephones in the real world. You’ll also need a SIP phone or softphone to use as an extension on your PBX.
Continue Reading: Configuring Extensions, Trunks & Routes
Installing Incredible PBX 13-13 Whole Enchilada
There now are two more pieces to put in place. The sequence matters! Be sure to upgrade to the Whole Enchilada before you install Incredible Fax. If you perform the steps backwards, you may irreparably damage your fax setup by overwriting parts of it.
The Whole Enchilada upgrade script now is included in the Incredible PBX LEAN tarball. To run it, issue the following commands:
cd /root ./Enchilada*
If you accidentally installed Incredible Fax before upgrading to the Whole Enchilada, you may be able to recover your Incredible Fax setup by executing the following commands. It’s worth a try anyway.
amportal a ma install avantfax amportal a r
Installing Incredible Fax with HylaFax/AvantFax
You don’t need to upgrade to the Whole Enchilada in order to use Incredible Fax; however, you may forfeit the opportunity to later upgrade to the Whole Enchilada if you install Incredible Fax first. But the choice is completely up to you. To install Incredible Fax, log into your server as root and issue the following commands:
cd /root ./incrediblefax13_ubuntu18.sh
After entering your email address to receive incoming faxes, you’ll be prompted several times to choose options as part of the install. Simply press the ENTER key at each prompt and accept all of the defaults. When the install finishes, make certain that you reboot your server to bring Incredible Fax on line. There will be a new AvantFax option in the Incredible PBX GUI. The default credentials for AvantFax GUI are admin:password. Be advised that there remain a couple of quirks on the Ubuntu 18.04 platform. First, after entering your credentials, you may get a timeout error with your browser. Simply press the Reload/Refresh icon in your browser, and the default AvantFax menu will appear. Second, you will need to set your email delivery address and a new password for AvantFax manually. Click on the Settings option in the upper right corner of the dialog. When you save your settings, you may again experience a timeout event. Click the Reload/Refresh button on your browser again, and AvantFax will come back to life.
NAT-Based Router and Dynamic IP Wrinkles
If your PBX is sitting behind a NAT-based router, you’ll need to redirect incoming UDP 5060 traffic to the private IP address of your PBX. While this isn’t technically necessary to complete calls with registered trunk providers, there are others such as Skyetel that don’t use SIP registrations where failure to redirect UDP 5060 would cause inbound calls to fail.
The Incredible PBX GUI is accessed using a web browser pointed to the IP address of your server. As part of the password setup, you created an admin password for the Incredible PBX GUI, a.k.a. FreePBX GUI. Login now using your favorite browser. If you have forgotten your admin password, you can reset it by logging into your server as root using SSH: /root/admin-pw-change. Once you’ve logged into the GUI, your first task is to record the public and private IP addresses for your server. This eliminates 99% of the problems with one-way audio on calls where your server is sitting behind a NAT-based router. Navigate to Settings -> SIP Settings and click on Detect Network Settings in the NAT Settings section of the template. Verify that the entries shown are correct and then click Submit followed by Apply Config.
Many Internet service providers assign dynamic IP addresses to customers. This poses issues with a PBX because SIP phones positioned outside your LAN need to be able to connect to the PBX. It also complicates SIP routing which needs both the public IP address and the private IP address of the PBX in order to route calls properly. In the previous section, you configured your PBX with these two IP addresses. The problem, of course, is that this public IP address may change when your ISP assigns dynamic IP addresses. Luckily, many ISPs rarely update dynamic IP addresses of their customers. For example, our home network has had the same dynamic IP address for more than four years. If this is your situation, then you have little to worry about. If the IP address ever changes, you can simply repeat the steps in the previous section. However, if your ISP regularly changes your public IP address, then you need an automatic way to keep your PBX configured properly. Otherwise you will start experiencing calls with one-way audio or no audio, and remote phones will no longer be able to connect to the PBX. We’ve developed a script to update the public IP address of your PBX. Depending upon your situation, all you need to do is run it hourly or daily to keep your PBX configured properly. To begin, first download the updater script after logging into your server as root:
cd /root wget http://incrediblepbx.com/update-externip.tar.gz tar zxvf update-externip.tar.gz rm -f update-externip.tar.gz
Try running the script once to make sure it correctly identifies the public IP address of your server: /root/update-externip
. Then add an entry to the end of /etc/crontab that schedules the script to run at 12:30 a.m. each night:
30 0 * * * root /root/update-externip > /dev/null 2>&1
Configuring Trunks with Incredible PBX
Before you can actually make and receive calls, you’ll need to add one or more VoIP trunks with providers, create extensions for your phones, and add inbound and outbound routes that link your extensions to your trunks. Here’s how a PBX works. Phones connect to extensions. Extensions connect to outbound routes that direct calls to specific trunks, a.k.a. commercial providers that complete your outbound calls to any phone in the world. Coming the other way, incoming calls are directed to your phone number, otherwise known as a DID. DIDs are assigned by providers. Some require trunk registration using credentials handed out by these providers. Others including Skyetel use the IP address of your PBX to make connections. Incoming calls are routed to your DIDs which use inbound routes telling the PBX how to direct the calls internally. A call could go to an extension to ring a phone, or it could go to a group of extensions known as a ring group to ring a group of phones. It could also go to a conference that joins multiple people into a single call. Finally, it could be routed to an IVR or AutoAttendant providing a list of options from which callers could choose by pressing various keys on their phone.
We’ve done most of the prep work for you with Incredible PBX. We’ve set up an Extension to which you can connect a SIP phone or softphone. We’ve set up an Inbound Route that, by default, sends all incoming calls from registered trunks to a Demo IVR. And we’ve built dozens of trunks for some of the best providers in the business. Sign up with the ones you prefer, plug in your credentials, and you’re done. The next section of this tutorial will show you the easier way, using Skyetel.
Unlike traditional telephone service, you need not and probably should not put all your eggs in one basket when it comes to telephone providers. In order to connect to Plain Old Telephones, you still need at least one provider. But there is nothing wrong with having several. And a provider that handles an outbound call (termination) need not be the same one that handles an incoming call (origination) and provides your phone number (DID). Keep in mind that you only pay for the calls you make with each provider so you have little to lose by choosing several. The PIAF Forum also has dozens of recommendations on VoIP providers.
With the preconfigured trunks in Incredible PBX, all you need are your credentials for each provider and the domain name of their server. Log into Incredible PBX GUI Administration as admin using a browser. From the System Status menu, click Connectivity -> Trunks. Click on each provider you have chosen and fill in your credentials including the host entry. Be sure to uncheck the Disable Trunk checkbox! Fill in the appropriate information for the Register String. Save your settings by clicking Submit Changes. Then click the red Apply Config button.
Using Skyetel with Incredible PBX
On the Raspberry Pi platform, all of the Skyetel trunks are preconfigured. All you need to do is sign up for Skyetel service in March to take advantage of the $50 Nerd Vittles special offer. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request a $50 credit for your account by referencing the Nerd Vittles special offer. Greed will get you nowhere. Credit is limited to one per person/company/address/location. You can also take advantage of a 10% discount on your current service. Just open another ticket and attach a copy of your last month’s bill. See footnote 3 for the fine print.3 If you have high call volume requirements, document these in your Prequalification Form, and we will be in touch.
Unlike many VoIP providers, Skyetel does not use SIP registrations to make connections to your PBX. Instead, Skyetel utilizes Endpoint Groups to identify which servers can communicate with the Skyetel service. An Endpoint Group consists of a Name, an IP address, a UDP or TCP port for the connection, and a numerical Priority for the group. For incoming calls destined to your PBX, DIDs are associated with an Endpoint Group to route the calls to your PBX. For outgoing calls from your PBX, a matching Endpoint Group is required to authorize outbound calls through the Skyetel network. Thus, the first step in configuring the Skyetel side for use with your PBX is to set up an Endpoint Group. A typical setup for use with Incredible PBX®, Asterisk®, or FreePBX® would look like the following:
- Name: MyPBX
- Priority: 1
- IP Address: PBX-Public-IP-Address
- Port: 5060
- Protocol: UDP
- Description: server1.incrediblepbx.com
To receive incoming PSTN calls, you’ll need at least one DID. On the Skyetel site, you acquire DIDs under the Phone Numbers tab. You have the option of Porting in Existing Numbers (free for the first 60 days after you sign up for service) or purchasing new ones under the Buy Phone Numbers menu option.
Once you have acquired one or more DIDs, navigate to the Local Numbers or Toll Free Numbers tab and specify the desired SIP Format and Endpoint Group for each DID. Add SMS/MMS and E911 support, if desired. Call Forwarding and Failover are also supported. That completes the VoIP setup on the Skyetel side. System Status is always available here.
Configuring a Skyetel Inbound Route
Because there is no SIP registration with Skyetel, incoming calls to Skyetel trunks will NOT be sent to the Default Inbound Route configured on your PBX because FreePBX treats the calls as blocked anonymous calls without an Inbound Route pointing to the 11-digit number of each Skyetel DID. From the GUI, choose Connectivity -> Inbound Routes. You will note that we already have configured a Skyetel template for you. Simply edit the existing entry and plug in the 11-digit phone number (beginning with a 1) of your Skyetel DID . Set the Destination for the incoming DID as desired and click Submit. It defaults to extension 701.
If your PBX is sitting behind a NAT-based router, you’ll need to redirect incoming UDP 5060 traffic to the private IP address of your PBX. Then place a test call to each of your DIDs after configuring the Inbound Routes.
If you have installed the Incredible Fax add-on, you can enable Fax Detection under the Fax tab. And, if you’d like CallerID Name lookups using CallerID Superfecta, you can enable it under the Other tab before saving your setup and reloading your dialplan.
Configuring a Skyetel Outbound Route
If Skyetel will be your primary provider, it is preconfigured by default on the Raspberry Pi platform so you can use both 10-digit and 11-digit dialing to process outbound calls through your Skyetel account. If you prefer another setup, choose Connectivity -> Outbound Routes.
There are a million ways to design outbound calling schemes on PBXs with multiple trunks. One of the simplest ways is to use no dial prefix for the primary trunk and then use dialing prefixes for the remaining trunks.
Another outbound calling scheme would be to assign specific DIDs to individual extensions on your PBX. Here you could use NXXNXXXXXX with the 1 Prepend as the Dial Pattern with every Outbound Route and change the Extension Number in the CallerID field of the Dial Pattern. With this setup, you’d need a separate Outbound Route for each group of extensions using a specific trunk on your PBX. Additional dial patterns can be added for each extension designated for a particular trunk. A lower priority Outbound Route then could be added without a CallerID entry to cover extensions that weren’t restricted or specified.
HINT: Keep in mind that Outbound Routes are processed by FreePBX in top-down order. The first route with a matching dial pattern is the trunk that is selected to place the outbound call. No other outbound routes are ever used even if the call fails or the trunk is unavailable. To avoid failed calls, consider adding additional trunks to the Trunk Sequence in every outbound route. In summary, if you have multiple routes with the exact same dial pattern, then the match nearest to the top of the Outbound Route list wins. You can rearrange the order of the outbound routes by dragging them into any sequence desired.
Audio Issues with Skyetel
If you experience one-way or no audio on some calls, make sure you have filled in the NAT Settings section in the GUI under Settings -> Asterisk SIP Settings -> General. In addition to adding your external and internal IP addresses there, be sure to add your external IP address in /etc/asterisk/sip_general_custom.conf like the following example and restart Asterisk:
externip=xxx.xxx.xxx.xxx
If you’re using PJSIP trunks or extensions on your PBX, implement this fix as well.
Receiving SMS Messages Through Skyetel
Most Skyetel DIDs support SMS messaging. Once you have purchased one or more DIDs, you can edit each number and, under the SMS & MMS tab, you can redirect incoming SMS messages to an email or SMS destination of your choice using the following example:
Sending SMS Messages Through Skyetel
We’ve created a simple script that will let you send SMS messages from the Linux CLI using your Skyetel DIDs. In order to send SMS messages, you first will need to create an SID key and password in the Skyetel portal. From the Settings icon, choose API Keys -> Create. Once the credentials appear, copy both your SID and Password. Then click SAVE.
Next, from the Linux CLI, issue the following commands to download the sms-skyetel script into your /root folder. Then edit the file and insert your SID, secret, and DID credentials in the fields at the top of the script. Save the file, and you’re all set.
cd /root wget http://incrediblepbx.com/sms-skyetel chmod +x sms-skyetel nano -w sms-skyetel
To send an SMS message, use the following syntax where 18005551212 is the 11-digit SMS destination: sms-skyetel 18005551212 "Some message"
Configuring a Softphone for Incredible PBX
We’re in the home stretch now. You can connect virtually any kind of telephone to your new PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.
We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Applications _> Extensions -> 701 and write down your SIP/IAX Password. You can also reset it by running /root/update-passwords. Fill in the blanks using the IP address of your Server, 701 for your Username, and whatever Password you assigned to the extension when you installed Incredible PBX. Click OK to save your entries.
Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:
DEMO - Apps Demo
123 - Reminders
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
TODAY - Today in History
If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.
Upgrading to IBM Speech Engines
If you’ve endured Google’s Death by a Thousand Cuts with text-to-speech (TTS) and voice recognition (STT) over the years, then we don’t have to tell you what a welcome addition IBM’s new speech utilities are. We can’t say enough good things about the new IBM Watson TTS and STT offerings. With IBM’s services, you have a choice of free or commercial tiers. Let’s put the pieces in place so you’ll be ready to play with the Whole Enchilada.
Getting Started with IBM Watson TTS Service
We’ve created a separate tutorial to walk you through obtaining and configuring your IBM Watson credentials. Start there.
Next, login to your Incredible PBX server and issue these commands to update your Asterisk dialplan and edit ibmtts.php:
cd /var/lib/asterisk/agi-bin ./install-ibmtts-dialplan.sh nano -w ibmtts.php
Insert your credentials in $IBM_username and $IBM_password. For new users, your $IBM_username will be apikey. Your $IBM_password will be the TTS APIkey you obtained from IBM. Next, verify that $IBM_url matches the entry provided when you registered with IBM. Then save the file: Ctrl-X, Y, then ENTER. Now reload the Asterisk dialplan: asterisk -rx "dialplan reload"
. Try things out by dialing 951 (news) or 947 (Weather) from an extension registered on your PBX.
Getting Started with IBM Watson STT Service
Now let’s get IBM’s Speech to Text service activated. Log back in to the IBM Cloud. Click on the Speech to Text app. Choose a Region to deploy in, choose your Organization from the pull-down menu, and select STT as your Space. Choose the Standard Pricing Plan. Then click Create. When Speech to Text Portal opens, click the Service Credentials tab. In the Actions column, click View Credentials and copy down your STT username and password.
Finally, login to your Incredible PBX server and issue these commands to edit getnumber.sh:
cd /var/lib/asterisk/agi-bin nano -w getnumber.sh
Insert apikey as your API_USERNAME and your actual STT APIkey API_PASSWORD in the fields provided. Then save the file: Ctrl-X, Y, then ENTER. Update your Voice Dialer (411) to use the new IBM STT service:
sed -i '\\:// BEGIN Call by Name:,\\:// END Call by Name:d' /etc/asterisk/extensions_custom.conf sed -i '/\\[from-internal-custom\]/r ibm-411.txt' /etc/asterisk/extensions_custom.conf asterisk -rx "dialplan reload"
Now try out the Incredible PBX Voice Dialer with AsteriDex by dialing 411 and saying "Delta Airlines."
Transcribing Voicemails with IBM Watson STT Service
We’ve included the necessary script to transcribe your incoming voicemails using IBM’s STT service. Navigate to the /usr/local/sbin folder and edit sendmailmp3.ibm. Insert your APIKEY in the password field and save the file. Now copy the file to sendmailmp3 and make the file executable: chmod +x sendmailmp3.
Using Gmail as a SmartHost for SendMail
Many Internet service providers block email transmissions from downstream servers (that’s you) to reduce spam. The simple solution is to use your Gmail account as a smarthost for SendMail. Here’s how. Log into your server as root and issue the following commands:
cd /etc/mail hostname -f > genericsdomain touch genericstable makemap -r hash genericstable.db < genericstable mv sendmail.mc sendmail.mc.original wget http://incrediblepbx.com/sendmail.mc.gmail cp sendmail.mc.gmail sendmail.mc mkdir -p auth chmod 700 auth cd auth echo AuthInfo:smtp.gmail.com \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" > client-info echo AuthInfo:smtp.gmail.com:587 \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" >> client-info echo AuthInfo:smtp.gmail.com:465 \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" >> client-info nano -w client-info
When the nano editor opens the client-info file, change the 3 user_id entries to your Gmail account name without @gmail.com and change the 3 password entries to your actual Gmail password. Save the file: Ctrl-X, Y, then ENTER.
Now issue the following commands. In the last step, press ENTER to accept all of the default prompts:
chmod 600 client-info makemap -r hash client-info.db < client-info cd .. sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/sendmail.mc sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/sendmail.mc sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/Makefile sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/sendmail.cf sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/databases sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/sendmail.mc.gmail sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/sendmail.cf.errors make sendmailconfig
Finally, stop and restart SendMail and then send yourself a test message. Be sure to check your spam folder!
/etc/init.d/sendmail stop /etc/init.d/sendmail start apt-get install mailutils -y echo "test" | mail -s testmessage yourname@yourdomain.com
Check mail success with: tail /var/log/mail.log
. If you have trouble getting a successful Gmail registration (especially if you have previously used this Google account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.
Configuring a SIP URI Address for Your PBX
Setting up a SIP URI is a simple way to let anyone with a SIP phone call you from anywhere in the world and talk for as long and as often as you like FOR FREE. The drawback of SIP URIs is typically the security risk accompanying the SIP exposure you must provide to receive these calls. Here's the safe way using what we call a hybrid SIP URI. It works like this. Sign up for a VoIP.ms account and create a subaccount that you will register using the VoIPms trunk included in Incredible PBX. As part of the setup in the VoIP.ms portal, assign an Internal Extension Number to your subaccount, e.g. 789123. Make it random so you don't get surprise calls from anonymous sources. The extension can be up to 10 digits long. Next, sign up for a free iNUM DID, e.g. 883510009901234, in your VoIP.ms account. Using Manage DIDs in the portal, link the iNUM DID to your subaccount and assign one of the VoIP.ms POP locations for incoming calls, e.g. atlanta.voip.ms. Next, write down your VoIP.ms account number, e.g. 12345. Once you've completed these three steps and registered the VoIP.ms subaccount on your PBX, you now have two SIP URIs that are protected by your VoIP.ms credentials and don't require you to expose your SIP port to the outside world at all. These SIP URIs can be pointed to different destinations by setting up Inbound Routes using your VoIP.ms account number as one DID and setting up your iNUM number as the second DID. To reach your PBX via SIP URI, callers can use 12345789123@atlanta.voip.ms to reach the DID you set up for your VoIP.ms subaccount where 12345 is your VoIP.ms account number and 789123 is the Internal Extension Number for your subaccount. Or callers can use 8835100099012234@inum.net to reach the DID you set up using your iNUM number that was assigned by VoIP.ms. Don't forget to whitelist the VoIP.ms POP's FQDN for SIP UDP access to your PBX:
/root/add-fqdn voipms atlanta.voip.ms
If you wish to make SIP URI calls yourself, the easiest way is to first set up a free LinPhone SIP Account. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum. For today we'll get you started with one of our favorite (free) softphones, YateClient. It's available for almost all desktop platforms. Download YateClient from here. Run YateClient once you’ve installed it and enter the credentials for your LinPhone account. You’ll need LinPhone's FQDN (sip.linphone.org) plus your LinPhone account name and password. Fill in the Yate Client template and click OK to save your entries. Once the Yate softphone shows that it is registered, try a test call to one of our demo SIP URIs: sip:weather@demo.nerdvittles.com or sip:news@demo.nerdvittles.com.
Adding the NeoRouter Virtual Private Network
We've made it easy to set up a virtual private network between your PBX and your other computers. NeoRouter is a free VPN for up to 256 machines. It requires that you first set up a server for NeoRouter using a static IP address and preferably a fully-qualified domain name. This is covered in this Nerd Vittles tutorial. Once you have your NeoRouter server operational, adding your PBX to the VPN is easy. Simply run nrclientcmd and enter the FQDN of your VPN server together with your credentials. All clients on the VPN have an encrypted tunnel with private LAN addresses in the 10.0.0.x range. HINT: Setting up a NeoRouter VPN provides an easy way to get back into your server if the firewall ever locks you out since the 10.0.0.x subnet is automatically whitelisted as part of the initial install.
Using PortKnocker to Regain Access to Your PBX
And speaking of getting locked out of your server because you've forgotten to whitelist the IP address of your computer, there's another easy way to regain access: PortKnocker. The way the service works is you send sequential pings to 3 randomized TCP ports that are known only by you. They are listed in /etc/knock.FAQ. When your server detects a match, it will whitelist your new IP address allowing you to login using SSH or Putty. There also are PortKnocker utilities for both iOS and Android devices. Complete implementation details are available in this Nerd Vittles tutorial. If your PBX is sitting behind a router or firewall, don't forget to forward the three TCP ports from your router to the private LAN address of your PBX.
Planning Ahead for That Rainy Day
If you haven't already learned the hard way, let us save you from a future shock. Hardware fails. All of it. So spend an extra hour now so that you'll be prepared when (not if) disaster strikes. First, once you have your new PBX configured the way you plan to use it, make a backup of your PBX by running the Incredible Backup script: /root/incrediblebackup13
Copy down the name of the backup file that was created. You'll need it in a few minutes.
Second, build yourself a VirtualBox platform on your desktop PC using the Ubuntu ISO you previously downloaded. Once you complete the identical Incredible PBX install plus the Whole Enchilada upgrade and Incredible Fax (if used on your primary server), fire up the virtual machine and login as root with password as your password.
Next, create a /backup folder on your new VirtualBox PBX and copy the backup file from your main server to your VirtualBox server and restore it while logged into the VirtualBox PBX as root:
mkdir /backup scp root@main-pbx-ip-address:/backup/backup-file-name.tar.gz /backup/. /root/incrediblerestore13 /backup/backup-file-name.tar.gz
Verify that everything looks right by using a browser to access and review the settings in your new VirtualBox PBX. At a minimum, verify extensions, trunks, and routes.
Last but not least, if you're running Incredible PBX in the Cloud on Digital Ocean or Vultr, you can set up automatic backups of your server for only an extra dollar a month. It's the cheapest insurance your can buy. Enjoy!
Continue Reading: Configuring Extensions, Trunks & Routes
Don't Miss: Incredible PBX Application User's Guide covering the 31 Whole Enchilada apps
Originally published: Monday, March 18, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- With some providers including Digital Ocean and Vultr, Nerd Vittles receives referral credits when you sign up for service. This assists in keeping the Nerd Vittles lights burning brightly. So... thank you. [↩]
- Skyetel is a Platinum Sponsor of Nerd Vittles and open source projects of Ward Mundy & Associates, LLC. [↩]
- In the unlikely event that Skyetel cannot provide a 10% reduction in your current origination rate and/or DID costs, Skyetel will give you an additional $50 credit to use with the Skyetel service. [↩]
The New Gold Standard: Incredible PBX 13-13.10 for Raspbian
Today we are pleased to introduce the 2019 update for Incredible PBX® and the Raspberry Pi® 2 and 3 featuring 70+ new FreePBX® GPL modules and a native Skyetel SIP trunking platform with a $10 service credit and up to $500 of half-price service. In addition to dozens of under-the-covers tweaks, there also are new backup and restore utilities which should ease the pain of backups and future migrations. In fact, today’s build was created using those tools because the image now is perilously close to filling up a 4GB microSD card. Crossing that threshold would mean future images would literally double in size. As always, for diehard users of legacy features, we’ve retained the terrific features we all know and love.
07/01/2019 NEWS FLASH: Please note that this version is not compatible with the Raspberry Pi 4. However, we have just released Incredible PBX LITE for the Raspberry Pi 2, 3, and 4 featuring Raspbian 10 Buster. Tutorial here.
08/07/2019 UPDATE: And, for the pioneers, Incredible PBX 16-15 for the Raspberry Pi 2, 3, and 4 is now available as well.
In addition to becoming a Nerd Vittles Platinum Provider, we have chosen Skyetel as our recommended SIP provider for several reasons that will be important to you. First, their triple-redundant platform has no equal. Not only have they never had an outage affecting customers, but they also are unlikely to ever have such an outage because their servers are scattered across the entire country (and soon the entire world). Let’s put it this way. If Skyetel’s servers all fail, you’ll have a lot more to worry about than restoring your VoIP service. A second reason we chose the Skyetel platform was introduced by us just last week. You now can bring up a fault-tolerant HA server platform using the Skyetel backbone and a cloud-based redundant server for about $1 a month. For Nerd Vittles readers, you can snag up to a $250 usage credit with Skyetel’s new BOGO deposit match. Read our Skyetel article and sign up soon to claim your BOGO service credit. Effective 10/1/2023, $25/month minimum spend required.
Raspberry Pi 3 Performance. Gone are the days of worrying about Raspberry Pi performance. Both the user interface and call quality now match what you’d expect to find on a $300-$500 VoIP server. Even with a Raspberry Pi 2, we have detected no performance degradation thanks to the latest Raspbian 8 OS and a virtually flawless Asterisk 13 platform. For best results, we recommend 32GB Class 10 microSD cards which now are plentiful for under $10.1
Incredible PBX Feature Set. Where to begin? Let’s start with the Alphabet Stew: IAX, SIP, SMS, Opus, and SRTP functionality. Voice Recognition and Text-to-Speech VoIP application support using FLITE, GoogleTTS, PicoTTS, and IBM TTS. SIP URI support for free worldwide calling. And all of your Nerd Vittles favorites: Fax, AsteriDex, Click-to-Dial, News, Weather, Reminders, and Wakeup Calls. Plus hundreds of features that typically are found in commercial PBXs: Conferencing, IVRs and AutoAttendants, Email Delivery of Voicemail, Voicemail Blasting…
10-Layer Network Security Model. Most phone calls cost money. Unlike many of the other "free" VoIP solutions, our most important criteria for VoIP is rock-solid security. If your free server ends up costing you thousands of dollars in phone bills due to fraud, guess what? It wasn’t free at all. Once you plug into a network, there’s a bullseye painted on your checkbook.
No single network security system can protect you against zero-day vulnerabilities that no one has ever seen. Deploying multiple layers of security is not only smart, it’s essential with today’s Internet topology. It works much like the Bundle of Sticks from Aesop’s Fables. The more sticks there are in your bundle, the more difficult it is to break them apart. If a vulnerability suddenly appears in the Linux kernel, or in Asterisk, or in Apache, or in your favorite web GUI, you can continue to sleep well knowing that other layers of security have your back. No one else in the telecommunications industry has anything close. Ours is all open source GPL code so we would encourage everyone to get on board and do your part to make the Internet a safer place!
Do your homework, too. Comparison shop as if your phone bill matters! 😉 Here’s what the latest Incredible PBX release provides at a software cost of exactly zero:
- Preconfigured IPtables Linux Firewall
- Preconfigured Travelin’ Man 3 WhiteLists
- Randomized Port Knocker for Remote Access
- TM4 WhiteListing by Telephone (optional)
- Fail2Ban Log Monitoring for SSH, Apache, Asterisk
- Password Customization
- Automatic Update Utility for Security & Bug Fixes
- Asterisk Manager Lockdown to localhost
- Apache htaccess Security for Vulnerable Web Apps
- Security Alerts via RSS Feed in the Incredible PBX GUI
Assembling the Required Raspberry Pi Components
Before you can deploy Incredible PBX, you’ll first need the necessary Raspberry Pi hardware. Here’s the short list and, if you’re in a hurry, the $35 Raspberry Pi 3B+ will cost you 10% more to get it quickly from Amazon using our referral link. It remains one of the world’s best bargains! Assuming you already own an HDMI-compatible monitor and a USB keyboard…
$35* Raspberry Pi 3B+ from Newark or Amazon $10 Power Adapter (2.5 amps minimum!) $7 32GB microSDHC Class 10 card £12.95 Rainbow or Ninja Pibow case or $7.99 Official RasPi 3B+ case
Getting Started with Incredible PBX
Here’s everything to know about installation and setup. "Automatic" means just watch. Steps #1 and #2 are self-explanatory. For the remaining steps, we’ll further document the procedures in the sections below.
- Download and unzip Incredible PBX 13-13.10 image from SourceForge
- Transfer Incredible PBX image to microSD card
- Boot Raspberry Pi from new microSD card (16GB or larger)
- Login to RasPi console as root:password to initialize your server (Automatic)
- In raspi-config Advanced Options, Expand FileSystem to fill your SD card
- Reboot after writing down your server IP address (Automatic)
- Login via SSH or Putty as root:password to set passwords & setup firewall (Automatic)
- Register for and configure Skyetel for Incredible PBX, if desired
- Add Inbound Route for Skyetel, if desired
- Install Incredible Fax: /root/incrediblefax13_raspi3.sh (Credentials: admin:password)
First Boot of Incredible PBX Using Wi-Fi
Incredible PBX requires Internet connectivity to complete its automated install. If you’re using a wired network connection, you can skip to the next section. With the Raspberry Pi 3B+, WiFi is built into the hardware. But you still have to insert your SSID name and SSID password to make a connection to your WiFi network. To do so, follow these next steps carefully. Insert the Incredible PBX microSD card into your Raspberry Pi 3B+ and apply power to the hardware. When the bootup procedure finishes, login as root with the default password: password. At the first prompt, DO NOT PRESS THE ENTER KEY. Instead, press Ctrl-C to break out of the setup script. At the command prompt, issue the following commands to bring up the WiFi config file:
cd /etc/wpa_supplicant nano -w wpa_supplicant.conf
If your WiFi network does not require a password, then insert the four line below and save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.
network={ key_mgmt=NONE priority=1 }
If your WiFi network requires a password, scroll down to the SSID entry and replace YourSSID with the actual SSID of your WiFi network. Make sure you preserve the entry with the quotes as shown. Next, replace YourSSIDpassword with the SSID password of your WiFi network. Save the file: Ctrl-X, Y, then Enter. Now restart your server: reboot. When the reboot finishes, you now should have network connectivity.
Once the reboot process finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in a minute. Skip the next section since you are using a WiFi connection.
If you don’t see an IP address assigned to your server, then correct the network deficiency (invalid WiFi credentials, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.
First Boot of Incredible PBX Using Wired Connection
Incredible PBX requires Internet connectivity to complete its automated install. After connecting your server to your local network with a network cable, insert the Incredible PBX microSD card into your Raspberry Pi 3B+ and apply power to the hardware. When the bootup procedure finishes, you should see an entry on about the middle line displayed on your monitor which reads: "My IP address is…". Write down the IP address shown. You’ll need it in the next step.
If you don’t see an IP address assigned to your server, then correct the network deficiency (cable not connected, DHCP not working, Internet down), and reboot until you see an IP address assigned to your server. DO NOT PROCEED WITHOUT AN ASSIGNED IP ADDRESS.
Completing the Incredible PBX Initialization Procedure
The remainder of the install procedure should be completed from a desktop PC using SSH or Putty. This will assure that your desktop PC is whitelisted in the Incredible PBX firewall. Using the console to complete the install is NOT recommended as your desktop PC will not be whitelisted in the firewall. This may result in your not being able to log in to your server. Once you have network connectivity, log in to your server as root from a desktop PC using the default password: password. Accept the license agreement by pressing ENTER. You then will be redirected to raspi-config. This is the utility used to expand your Incredible PBX image to use your entire microSD card. If you fail to complete this step, your microSD card will be restricted to 4GB which already is 95% full. In the raspi-config utility, choose item 7 (Advanced Options). All of the defaults should be satisfactory with the exception of the first item: Expand Filesystem. Choose this option and activate the resizing directive. Review the other items and then exit and reboot your server.
Once your server reboots and you log back in as root, you will be prompted to change all of your passwords. Write them down and put your cheat sheet in a safe place. It’s your only way back into your server without starting over.
Finally, if your PBX is sitting behind a NAT-based router, you’ll need to redirect incoming UDP 5060 traffic to the private IP address of your PBX. While this isn’t technically necessary to complete calls with registered trunk providers, there are others such as Skyetel that don’t use SIP registrations where failure to redirect UDP 5060 would cause inbound calls to fail.
The First Login to the Incredible PBX GUI
The Incredible PBX GUI is accessed using a web browser pointed to the IP address of your server. As part of the password setup, you created an admin password for the Incredible PBX GUI, a.k.a. FreePBX GUI. Login now using your favorite browser. If you have forgotten your admin password, you can reset it by logging into your server as root using SSH: /root/admin-pw-change. Once you’ve logged into the GUI, your first task is to record the public and private IP addresses for your server. This eliminates 99% of the problems with one-way audio on calls where your server is sitting behind a NAT-based router. Navigate to Settings -> SIP Settings and click on Detect Network Settings in the NAT Settings section of the template. Verify that the entries shown are correct and then click Submit followed by Apply Config.
Managing a PBX with a Dynamic IP Address
Many Internet service providers assign dynamic IP addresses to customers. This poses issues with a PBX because SIP phones positioned outside your LAN need to be able to connect to the PBX. It also complicates SIP routing which needs both the public IP address and the private IP address of the PBX in order to route calls properly. In the previous section, you configured your PBX with these two IP addresses. The problem, of course, is that this public IP address may change when your ISP assigns dynamic IP addresses. Luckily, many ISPs rarely update dynamic IP addresses of their customers. For example, our home network has had the same dynamic IP address for more than four years. If this is your situation, then you have little to worry about. If the IP address ever changes, you can simply repeat the steps in the previous section. However, if your ISP regularly changes your public IP address, then you need an automatic way to keep your PBX configured properly. Otherwise you will start experiencing calls with one-way audio or no audio, and remote phones will no longer be able to connect to the PBX. We’ve developed a script to update the public IP address of your PBX. Depending upon your situation, all you need to do is run it hourly or daily to keep your PBX configured properly. To begin, first download the updater script after logging into your server as root:
cd /root wget http://incrediblepbx.com/update-externip.tar.gz tar zxvf update-externip.tar.gz rm -f update-externip.tar.gz
Try running the script once to make sure it correctly identifies the public IP address of your server: /root/update-externip
. Then add an entry to the end of /etc/crontab that schedules the script to run at 12:30 a.m. each night:
30 0 * * * root /root/update-externip > /dev/null 2>&1
Enabling OPUS Codec with Incredible PBX
@JoeOIVOV on the PIAF Forum has documented a method to activate the OPUS Codec on the Raspberry Pi. From the Linux CLI, issue the following commands while logged in as root:
cd /usr/lib/asterisk/modules wget http://incrediblepbx.com/codec_opus_open_source.so
Then, use a browser to open the Incredible PBX GUI as admin and navigate to Settings -> Asterisk SIP Settings and scroll down to the Audio Codecs section of the template. Place a check mark beside the opus codec option. Then click Submit and Apply Settings.
Return to the Linux CLI and issue the following commands to complete the setup and verify:
fwconsole restart asterisk -rx "core show codecs"
Special Thanks to: Walter Sonius on SourceForge
Configuring Trunks with Incredible PBX
Before you can actually make and receive calls, you’ll need to add one or more VoIP trunks with providers, create extensions for your phones, and add inbound and outbound routes that link your extensions to your trunks. Here’s how a PBX works. Phones connect to extensions. Extensions connect to outbound routes that direct calls to specific trunks, a.k.a. commercial providers that complete your outbound calls to any phone in the world. Coming the other way, incoming calls are directed to your phone number, otherwise known as a DID. DIDs are assigned by providers. Some require trunk registration using credentials handed out by these providers. Others including Skyetel use the IP address of your PBX to make connections. Incoming calls are routed to your DIDs which use inbound routes telling the PBX how to direct the calls internally. A call could go to an extension to ring a phone, or it could go to a group of extensions known as a ring group to ring a group of phones. It could also go to a conference that joins multiple people into a single call. Finally, it could be routed to an IVR or AutoAttendant providing a list of options from which callers could choose by pressing various keys on their phone.
We’ve done most of the prep work for you with Incredible PBX. We’ve set up an Extension to which you can connect a SIP phone or softphone. We’ve set up an Inbound Route that, by default, sends all incoming calls from registered trunks to a Demo IVR. And we’ve built dozens of trunks for some of the best providers in the business. Sign up with the ones you prefer, plug in your credentials, and you’re done. The next section of this tutorial will show you the easier way, using Skyetel.
Unlike traditional telephone service, you need not and probably should not put all your eggs in one basket when it comes to telephone providers. In order to connect to Plain Old Telephones, you still need at least one provider. But there is nothing wrong with having several. And a provider that handles an outbound call (termination) need not be the same one that handles an incoming call (origination) and provides your phone number (DID). Keep in mind that you only pay for the calls you make with each provider so you have little to lose by choosing several. The PIAF Forum also has dozens of recommendations on VoIP providers.
With the preconfigured trunks in Incredible PBX, all you need are your credentials for each provider and the domain name of their server. Log into Incredible PBX GUI Administration as admin using a browser. From the System Status menu, click Connectivity -> Trunks. Click on each provider you have chosen and fill in your credentials including the host entry. Be sure to uncheck the Disable Trunk checkbox! Fill in the appropriate information for the Register String. Save your settings by clicking Submit Changes. Then click the red Apply Config button.
Using Skyetel with Incredible PBX
On the Raspberry Pi platform, all of the Skyetel trunks are preconfigured. All you need to do is sign up for Skyetel service to take advantage of the $10 free credit and Nerd Vittles BOGO offer. First, complete the Prequalification Form here. You then will be provided a link to the Skyetel site to complete your registration. Once you have registered on the Skyetel site and your account has been activated, open a support ticket and request a $10 credit for your account by referencing the Nerd Vittles special offer. Greed will get you nowhere. Credit is limited to one per person/company/address/location. Once you’ve had a chance to kick the tires, fund your account with up to $250, and Skyetel will match your deposit. That gets you up to $500 of half-price VoIP service. Once you have funded your account, you can port in your phone numbers for 60 days at no cost. And you can also take advantage of a 10% discount on your current service. Just open another ticket and attach a copy of your last month’s bill. See footnote 2 for the fine print.2 If you have high call volume requirements, document these in your Prequalification Form, and we will be in touch.
Unlike many VoIP providers, Skyetel does not use SIP registrations to make connections to your PBX. Instead, Skyetel utilizes Endpoint Groups to identify which servers can communicate with the Skyetel service. An Endpoint Group consists of a Name, an IP address, a UDP or TCP port for the connection, and a numerical Priority for the group. For incoming calls destined to your PBX, DIDs are associated with an Endpoint Group to route the calls to your PBX. For outgoing calls from your PBX, a matching Endpoint Group is required to authorize outbound calls through the Skyetel network. Thus, the first step in configuring the Skyetel side for use with your PBX is to set up an Endpoint Group. A typical setup for use with Incredible PBX®, Asterisk®, or FreePBX® would look like the following:
- Name: MyPBX
- Priority: 1
- IP Address: PBX-Public-IP-Address
- Port: 5060
- Protocol: UDP
- Description: server1.incrediblepbx.com
To receive incoming PSTN calls, you’ll need at least one DID. On the Skyetel site, you acquire DIDs under the Phone Numbers tab. You have the option of Porting in Existing Numbers (free for the first 60 days after you sign up for service) or purchasing new ones under the Buy Phone Numbers menu option.
Once you have acquired one or more DIDs, navigate to the Local Numbers or Toll Free Numbers tab and specify the desired SIP Format and Endpoint Group for each DID. Add SMS/MMS and E911 support, if desired. Call Forwarding and Failover are also supported. That completes the VoIP setup on the Skyetel side. System Status is always available here.
Configuring a Skyetel Inbound Route
Because there is no SIP registration with Skyetel, incoming calls to Skyetel trunks will NOT be sent to the Default Inbound Route configured on your PBX because FreePBX treats the calls as blocked anonymous calls without an Inbound Route pointing to the 11-digit number of each Skyetel DID. From the GUI, choose Connectivity -> Inbound Routes. You will note that we already have configured a Skyetel template for you. Simply edit the existing entry and plug in the 11-digit phone number (beginning with a 1) of your Skyetel DID . Set the Destination for the incoming DID as desired and click Submit. It defaults to extension 701.
If your PBX is sitting behind a NAT-based router, you’ll need to redirect incoming UDP 5060 traffic to the private IP address of your PBX. Then place a test call to each of your DIDs after configuring the Inbound Routes.
If you have installed the Incredible Fax add-on, you can enable Fax Detection under the Fax tab. And, if you’d like CallerID Name lookups using CallerID Superfecta, you can enable it under the Other tab before saving your setup and reloading your dialplan.
Configuring a Skyetel Outbound Route
If Skyetel will be your primary provider, it is preconfigured by default on the Raspberry Pi platform so you can use both 10-digit and 11-digit dialing to process outbound calls through your Skyetel account. If you prefer another setup, choose Connectivity -> Outbound Routes.
There are a million ways to design outbound calling schemes on PBXs with multiple trunks. One of the simplest ways is to use no dial prefix for the primary trunk and then use dialing prefixes for the remaining trunks.
Another outbound calling scheme would be to assign specific DIDs to individual extensions on your PBX. Here you could use NXXNXXXXXX with the 1 Prepend as the Dial Pattern with every Outbound Route and change the Extension Number in the CallerID field of the Dial Pattern. With this setup, you’d need a separate Outbound Route for each group of extensions using a specific trunk on your PBX. Additional dial patterns can be added for each extension designated for a particular trunk. A lower priority Outbound Route then could be added without a CallerID entry to cover extensions that weren’t restricted or specified.
HINT: Keep in mind that Outbound Routes are processed by FreePBX in top-down order. The first route with a matching dial pattern is the trunk that is selected to place the outbound call. No other outbound routes are ever used even if the call fails or the trunk is unavailable. To avoid failed calls, consider adding additional trunks to the Trunk Sequence in every outbound route. In summary, if you have multiple routes with the exact same dial pattern, then the match nearest to the top of the Outbound Route list wins. You can rearrange the order of the outbound routes by dragging them into any sequence desired.
Audio Issues with Skyetel
If you experience one-way or no audio on some calls, make sure you have filled in the NAT Settings section in the GUI under Settings -> Asterisk SIP Settings -> General. In addition to adding your external and internal IP addresses there, be sure to add your external IP address in /etc/asterisk/sip_general_custom.conf like the following example and restart Asterisk:
externip=xxx.xxx.xxx.xxx
If you’re using PJSIP trunks or extensions on your PBX, implement this fix as well.
Receiving SMS Messages Through Skyetel
Most Skyetel DIDs support SMS messaging. Once you have purchased one or more DIDs, you can edit each number and, under the SMS & MMS tab, you can redirect incoming SMS messages to an email or SMS destination of your choice using the following example:
Sending SMS Messages Through Skyetel
We’ve created a simple script that will let you send SMS messages from the Linux CLI using your Skyetel DIDs. In order to send SMS messages, you first will need to create an SID key and password in the Skyetel portal. From the Settings icon, choose API Keys -> Create. Once the credentials appear, copy both your SID and Password. Then click SAVE.
Next, from the Linux CLI, issue the following commands to download the sms-skyetel script into your /root folder. Then edit the file and insert your SID, secret, and DID credentials in the fields at the top of the script. Save the file, and you’re all set.
cd /root wget http://incrediblepbx.com/sms-skyetel chmod +x sms-skyetel nano -w sms-skyetel
To send an SMS message, use the following syntax where 18005551212 is the 11-digit SMS destination: sms-skyetel 18005551212 "Some message"
Configuring a Softphone for Incredible PBX
We’re in the home stretch now. You can connect virtually any kind of telephone to your new PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.
We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Applications _> Extensions -> 701 and write down your SIP/IAX Password. You can also find it in /root/passwords.FAQ. Fill in the blanks using the IP address of your Server, 701 for your Username, and whatever Password you assigned to the extension when you installed Incredible PBX. Click OK to save your entries.
Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:
DEMO - Apps Demo
123 - Reminders
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
TODAY - Today in History
If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.
Upgrading to IBM Speech Engines
If you’ve endured Google’s Death by a Thousand Cuts with text-to-speech (TTS) and voice recognition (STT) over the years, then we don’t have to tell you what a welcome addition IBM’s new speech utilities are. We can’t say enough good things about the new IBM Watson TTS and STT offerings. With IBM’s services, you have a choice of free or commercial tiers. Let’s put the pieces in place so you’ll be ready to play with the Whole Enchilada.
Getting Started with IBM Watson TTS Service
We’ve created a separate tutorial to walk you through obtaining and configuring your IBM Watson credentials. Start there.
Next, login to your Incredible PBX server and issue these commands to update your Asterisk dialplan and edit ibmtts.php:
cd /var/lib/asterisk/agi-bin ./install-ibmtts-dialplan.sh nano -w ibmtts.php
Insert your credentials in $IBM_username and $IBM_password. For new users, your $IBM_username will be apikey. Your $IBM_password will be the TTS APIkey you obtained from IBM. Next, verify that $IBM_url matches the entry provided when you registered with IBM. Then save the file: Ctrl-X, Y, then ENTER. Now reload the Asterisk dialplan: asterisk -rx "dialplan reload"
. Try things out by dialing 951 (news) or 947 (Weather) from an extension registered on your PBX.
Getting Started with IBM Watson STT Service
Now let’s get IBM’s Speech to Text service activated. Log back in to the IBM Cloud. Click on the Speech to Text app. Choose a Region to deploy in, choose your Organization from the pull-down menu, and select STT as your Space. Choose the Standard Pricing Plan. Then click Create. When Speech to Text Portal opens, click the Service Credentials tab. In the Actions column, click View Credentials and copy down your STT username and password.
Finally, login to your Incredible PBX server and issue these commands to edit getnumber.sh:
cd /var/lib/asterisk/agi-bin nano -w getnumber.sh
Insert apikey as your API_USERNAME and your actual STT APIkey API_PASSWORD in the fields provided. Then save the file: Ctrl-X, Y, then ENTER. Update your Voice Dialer (411) to use the new IBM STT service:
sed -i '\\:// BEGIN Call by Name:,\\:// END Call by Name:d' /etc/asterisk/extensions_custom.conf sed -i '/\\[from-internal-custom\]/r ibm-411.txt' /etc/asterisk/extensions_custom.conf asterisk -rx "dialplan reload"
Now try out the Incredible PBX Voice Dialer with AsteriDex by dialing 411 and saying "Delta Airlines."
Transcribing Voicemails with IBM Watson STT Service
We’ve included the necessary script to transcribe your incoming voicemails using IBM’s STT service. Navigate to the /usr/local/sbin folder and edit sendmailmp3.ibm. Insert your APIKEY in the password field and save the file. Now copy the file to sendmailmp3 and make the file executable: chmod +x sendmailmp3.
Running Incredible PBX from an External USB Drive
CAUTION: If you wish to use an external USB-powered drive with your Raspberry Pi to get better performance and enhanced reliability, then you’ll want to stick with the Raspberry Pi B for the time being because the B+ does not yet support booting from an external drive that lacks an independent power source. See this thread for details.
With older versions of the Raspberry Pi, you may wish to consider an external USB drive to supplement your Incredible PBX for Raspberry Pi setup. If this is a production system on which you depend for important calls, we would highly recommend it. Begin by formatting the USB drive as a DOS FAT32 drive. Then install the Incredible PBX image on the USB drive using the same procedure outlined above for your microSD card. Be sure you choose the correct drive! Now boot your Raspberry Pi with the USB drive plugged in. Login as root and issue the command: mount /dev/sda2 /mnt. Using nano, edit /mnt/etc/fstab. Change /dev/mmcblk0p2 to /dev/sda2 and save the file. Edit /boot/cmdline.txt and change /dev/mmcblk0p2 to /dev/sda2. Then add the following to the end of the line: rootdelay=5. Save the file and reboot your server leaving the microSD card in place.
As configured, your server will now boot to the external USB drive, but the usable space on the drive will be the original 4GB partition. To expand it, do the following carefully. Log back into your server as root. Issue the command: fdisk -cu /dev/sda. List the partitions on your external drive by typing p. Write down the starting sector number for the sda2 partition. For example, on a 1 terabyte drive, it will be something like 131072. Now delete the sda2 partition by typing d and then choosing 2. Create a new primary partition by typing n then p then 2. When prompted for the starting sector, enter the number you wrote down for the sda2 partition above. Press ENTER. When prompted for the ending sector, just press ENTER to accept the default. Now type w to write your changes to the drive. Reboot. Log back into your server as root and issue the following command to expand the primary partition to use the entire disk: resize2fs /dev/sda2. Verify the new size of your drive: pbxstatus.
Using Gmail as a SmartHost for SendMail
Many Internet service providers block email transmissions from downstream servers (that’s you) to reduce spam. The simple solution is to use your Gmail account as a smarthost for SendMail. Here’s how. Log into your RasPi as root and issue the following commands:
cd /etc/mail hostname -f > genericsdomain touch genericstable makemap -r hash genericstable.db < genericstable mv sendmail.mc sendmail.mc.original wget http://incrediblepbx.com/sendmail.mc.gmail cp sendmail.mc.gmail sendmail.mc mkdir -p auth chmod 700 auth cd auth echo AuthInfo:smtp.gmail.com \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" > client-info echo AuthInfo:smtp.gmail.com:587 \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" >> client-info echo AuthInfo:smtp.gmail.com:465 \\"U:smmsp\\" \\"I:user_id\\" \\"P:password\\" \\"M:PLAIN\\" >> client-info nano -w client-info
When the nano editor opens the client-info file, change the 3 user_id entries to your Gmail account name without @gmail.com and change the 3 password entries to your actual Gmail password. Save the file: Ctrl-X, Y, then ENTER.
Now issue the following commands. In the last step, press ENTER to accept all of the default prompts:
chmod 600 client-info makemap -r hash client-info.db < client-info cd .. sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/sendmail.mc sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/sendmail.mc sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/Makefile sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/sendmail.cf sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/databases sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/sendmail.mc.gmail sed -i 's|sendmail-cf|sendmail\/cf|' /etc/mail/sendmail.cf.errors make sendmailconfig
Finally, stop and restart SendMail and then send yourself a test message. Be sure to check your spam folder!
/etc/init.d/sendmail stop /etc/init.d/sendmail start apt-get install mailutils -y echo "test" | mail -s testmessage you@yourdomain.com
Check mail success with: tail /var/log/mail.log
. If you have trouble getting a successful Gmail registration (especially if you have previously used this Google account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.
The last step is to add the following command to /etc/rc.local to send you an email with your PBX's IP addresses whenever the RasPi is rebooted. Insert the following one-line command just above the exit 0 line at the end of the file. Replace yourname@yourdomain.com with an email address to which you always have access.
echo LAN: $(ifconfig | grep "inet addr" | sed 's/^[[:space:]]*//' | sed 's/ .*$//g' | cut -f 2 -d " ") NET: $(curl -s -S --user-agent "Mozilla/4.0" http://myip.incrediblepbx.com | awk 'NR==2') | mail -s "Incredible PBX 13-13.10 RasPi IP Address" yourname@yourdomain.com
WebMin: Wherefore Art Thou?
Some of you may have noticed that WebMin is missing in this new release. For newcomers, WebMin is the Swiss Army Knife of Linux. You can do almost anything to Linux from the convenience of a browser. Unfortunately, in the PBX environment, WebMin is a two-edged sword. You can also permanently ruin your PBX in a matter of seconds if you don't know what you're doing because WebMin hides most of its magic under the covers so you really can't decipher what's been changed. Our best advice to those wanting to use WebMin is to use it as a tool to look (but don't touch) the Linux setup. The other major dilemma for us was that the current Incredible PBX build comes perilously close to filling a 4GB microSD card. And moving to an 8GB card to build a PBX would have doubled the size of the download image. Once you have installed Incredible PBX on a larger microSD card and expanded the filesystem to fill the new card, the commands below will get WebMin installed. Once installed, you can access WebMin with a browser pointed to https://ip-address:9001 using the same root credentials used to login with SSH.
echo "Installing WebMin..." echo "deb http://download.webmin.com/download/repository sarge contrib" \\ > /etc/apt/sources.list.d/sarge.list cd /root wget http://www.webmin.com/jcameron-key.asc apt-key add jcameron-key.asc apt-get update apt-get install webmin -y sed -i 's|10000|9001|g' /etc/webmin/miniserv.conf service webmin restart
Implementing Bluetooth Proximity Detection
You may find it convenient to have your calls transferred when you're away from your desk. The RasPi can do it automatically if you have a smartphone and a RasPi 3B+ with built-in bluetooth support.
1. Decipher the MAC address of your RasPi's Bluetooth adapter: hcitool dev
2. Turn on Bluetooth and enable discovery on your smartphone.
3. Search for your smartphone's MAC address from the RasPi CLI: hcitool scan
4. Install our Bluetooth Proximity Detection Utility on your RasPi:
cd /root wget http://nerdvittles.com/trixbox123/proximity.zip unzip proximity.zip chmod +x proximity
5. Edit the proximity script and fill in the blanks using the extension you want to forward when you're not "at home" and the 10-digit number of the smartphone to forward the calls to:
deviceuser=YourName devicemac=Mac:Address:Of:Your:Smartphone (with the colons from step #3) myextension=701 mycellphone=8435551212
6. Add a cron job to /etc/crontab to check for the presence of your cellphone every minute between 6 am and 9 pm:
* 6-21 * * * root /root/proximity > /dev/null
When you're home, your cellphone obviously must be within range of your Raspberry Pi and you need a working outbound trunk for outbound 10-digit calls for this to work while away.
/root/proximity: WARD.now IN - Update Required Sat Mar 9 13:51:07 EST 2019 Database entry removed.
Installing OSS Endpoint Manager
If you have dozens of SIP phones to configure, then you'll appreciate Andrew Nagy's terrific OSS Endpoint Manager Module. Here's how to install it once your Incredible PBX 13-13.10 server is up and running:
cd / wget http://incrediblepbx.com/epm.tar.gz tar zxvf epm.tar.gz ./install-epm.sh
You will also need to install and configure a TFTP server. We've included a setup script to make it easy:
cd /root ./tftp-setup
Pay particular attention to the firewall instructions which display at the end of the TFTP install procedure. Complete documentation for OSS Endpoint Manager is available here. Helpful tips on implementation can be found in this PIAF Forum thread.
Configuring a SIP URI Address for Your PBX
Setting up a SIP URI is a simple way to let anyone with a SIP phone call you from anywhere in the world and talk for as long and as often as you like FOR FREE. The drawback of SIP URIs is typically the security risk accompanying the SIP exposure you must provide to receive these calls. Here's the safe way using what we call a hybrid SIP URI. It works like this. Sign up for a VoIP.ms account and create a subaccount that you will register using the VoIPms trunk included in Incredible PBX. As part of the setup in the VoIP.ms portal, assign an Internal Extension Number to your subaccount, e.g. 789123. Make it random so you don't get surprise calls from anonymous sources. The extension can be up to 10 digits long. Next, sign up for a free iNUM DID, e.g. 883510009901234, in your VoIP.ms account. Using Manage DIDs in the portal, link the iNUM DID to your subaccount and assign one of the VoIP.ms POP locations for incoming calls, e.g. atlanta.voip.ms. Next, write down your VoIP.ms account number, e.g. 12345. Once you've completed these three steps and registered the VoIP.ms subaccount on your PBX, you now have two SIP URIs that are protected by your VoIP.ms credentials and don't require you to expose your SIP port to the outside world at all. These SIP URIs can be pointed to different destinations by setting up Inbound Routes using your VoIP.ms account number as one DID and setting up your iNUM number as the second DID. To reach your PBX via SIP URI, callers can use 12345789123@atlanta.voip.ms to reach the DID you set up for your VoIP.ms subaccount where 12345 is your VoIP.ms account number and 789123 is the Internal Extension Number for your subaccount. Or callers can use 8835100099012234@inum.net to reach the DID you set up using your iNUM number that was assigned by VoIP.ms. Don't forget to whitelist the VoIP.ms POP's FQDN for SIP UDP access to your PBX:
/root/add-fqdn voipms atlanta.voip.ms
If you wish to make SIP URI calls yourself, the easiest way is to first set up a free LinPhone SIP Account. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum. For today we'll get you started with one of our favorite (free) softphones, YateClient. It's available for almost all desktop platforms. Download YateClient from here. Run YateClient once you’ve installed it and enter the credentials for your LinPhone account. You’ll need LinPhone's FQDN (sip.linphone.org) plus your LinPhone account name and password. Fill in the Yate Client template and click OK to save your entries. Once the Yate softphone shows that it is registered, try a test call to one of our demo SIP URIs: sip:weather@demo.nerdvittles.com or sip:news@demo.nerdvittles.com.
Adding the NeoRouter Virtual Private Network
We've made it easy to set up a virtual private network between your PBX and your other computers. NeoRouter is a free VPN for up to 256 machines. It requires that you first set up a server for NeoRouter using a static IP address and preferably a fully-qualified domain name. This is covered in this Nerd Vittles tutorial. Once you have your NeoRouter server operational, adding your PBX to the VPN is easy. Simply run nrclientcmd and enter the FQDN of your VPN server together with your credentials. All clients on the VPN have an encrypted tunnel with private LAN addresses in the 10.0.0.x range. HINT: Setting up a NeoRouter VPN provides an easy way to get back into your server if the firewall ever locks you out since the 10.0.0.x subnet is automatically whitelisted as part of the initial install.
Using PortKnocker to Regain Access to Your PBX
And speaking of getting locked out of your server because you've forgotten to whitelist the IP address of your computer, there's another easy way to regain access: PortKnocker. The way the service works is you send sequential pings to 3 randomized TCP ports that are known only by you. They are listed in /etc/knock.FAQ. When your server detects a match, it will whitelist your new IP address allowing you to login using SSH or Putty. There also are PortKnocker utilities for both iOS and Android devices. Complete implementation details are available in this Nerd Vittles tutorial. If your PBX is sitting behind a router or firewall, don't forget to forward the three TCP ports from your router to the private LAN address of your PBX.
Planning Ahead for That Rainy Day
If you haven't already learned the hard way, let us save you from a future shock. Hardware fails. All of it. So spend an extra hour now so that you'll be prepared when (not if) disaster strikes. First, once you have your new PBX configured the way you plan to use it, make a backup of your PBX by running the Incredible Backup script: /root/incrediblebackup13
Copy down the name of the backup file that was created. You'll need it in a few minutes.
Second, build yourself a VirtualBox platform on your desktop PC. There's an Incredible PBX 13-13.10 Vbox image already available on SourceForge. Don't use the Vbox image for Raspbian. It has insufficient available disk space to support the new backups. Once you've downloaded the Vbox image, double-click on it to install. Then fire up the virtual machine, login as root with password as your password and install the latest Incredible Backup and Restore scripts
cd /root rm incrediblebackup rm incrediblerestore wget http://incrediblepbx.com/incrediblebackup13.tar.gz tar zxvf incrediblebackup13.tar.gz rm -f incrediblebackup13.tar.gz
Next, create a /backup folder on your new VirtualBox PBX and copy the backup file from your main server to your VirtualBox server and restore it after logging in to VirtualBox PBX as root:
mkdir /backup scp root@main-pbx-ip-address:/backup/backup-file-name.tar.gz /backup/. /root/incrediblerestore13 /backup/backup-file-name.tar.gz
Verify that everything looks right by using a browser to access and review the settings in your new VirtualBox PBX. At a minimum, verify extensions, trunks, and routes.
The Million Dollar Question, of course, is whether you can put Humpty back together again by installing a fresh Incredible PBX 13-13.10 Raspbian image to a new microSD card, going through the basic initialization steps 1-7 on your Raspberry Pi, and then copying the backup image from the VirtualBox desktop machine back over to the new Raspbian PBX and restoring it. And the answer is A-B-S-O-L-U-T-E-L-Y. In fact, you can even make changes in the VirtualBox GUI, create a fresh backup, and then restore that image to your Raspberry Pi. Keep in mind our original caveat that, if you add components, packages, or applications to your primary server, those same additions need to be made to the secondary platform since they will not get picked up as part of the backup. Try it for yourself. And sleep well.
Originally published: Monday, March 11, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. [↩]
- In the unlikely event that Skyetel cannot provide a 10% reduction in your current origination rate and/or DID costs, Skyetel will give you an additional $50 credit to use with the Skyetel service. [↩]
Yowza! A Fault-Tolerant Incredible PBX Platform for $1/Mo.
Not that you needed another reason to sign up for Skyetel’s triple-redundant SIP hosting platform, but we have a new one for you anyway. A fault-tolerant VoIP platform always has been the Holy Grail for many organizations. When your business depends on telephone calls, the very last thing you want to fail is your phone system. When most administrators think of fault-tolerant, high availability (HA) servers, the first word that comes to mind is expensive. For example, FreePBX® charges $1500/node just for HA software licenses. Using Skyetel trunks with Incredible PBX® 13-13.10, you now can deploy a fault-tolerant solution including the cloud-based secondary server for about a dollar a month. And, unlike the FreePBX design, the primary and secondary servers need not be colocated. Today we’ll get you up and running.
Many SIP providers require users to register their PBX with their service before you can make and receive calls. Skyetel does not.1 Instead, Skyetel relies upon the IP address of the PBX to determine whether to relay calls to and from your PBX. Dynamic IPs are supported. This is incredibly useful in designing a fault-tolerant PBX platform. If SIP registration is required with your SIP provider, then it obviously takes considerably more engineering effort to enable and disable the redundant server platform since you can’t be registered to two different servers using the same accounts at the same time. With Skyetel, that’s never a problem. Let’s quickly review the Skyetel setup process, and you’ll see why their design facilitates fault tolerance without spending a fortune on additional hardware and software. Effective 10/1/2023, $25/month minimum spend required.
Once your Skyetel account is set up, there are basically two steps to enable connections with your PBX. First, you create an Endpoint Group with the IP address of your PBX. Second, you purchase one or more DIDs and point each of them to the Endpoint Group you just created. With Incredible PBX platforms, the Skyetel trunk and firewall setup already is in place. All you need to do is create an Inbound Route for each of your Skyetel DIDs using its 11-digit phone number. Ten and eleven-digit outbound calls, by default, always are routed to Skyetel for processing. So how do we handle fault-tolerance on the Skyetel side? It’s easy. Just add the IP address of the secondary PBX to the Endpoint Group that you set up for your primary PBX. That’s it. When Skyetel can’t send inbound calls to your primary PBX, it now will send them to your secondary server.
Now let’s address what has to happen at your end to bring up a fault-tolerant platform. We will assume that you already have set up and configured extensions, trunks, routes, and all desired bells and whistles on an Incredible PBX 13-13.10 platform somewhere. It really doesn’t matter where. We will also assume you have deployed SIP telephones for all of your users and registered them with your PBX. There are five simple steps to implement a fault-tolerant PBX architecture. First, you need a cloud-based Incredible PBX 13-13.10 server with static IP address and nightly-refreshed mirror image of your primary server. Second, SSH needs to be configured for SSH key-based authentication between the two servers. We’ll use rsync and SSH on the primary server to keep voicemails synchronized between your primary and secondary servers during the day. Third, we’ll add the IP address of the secondary PBX as the secondary registration IP address on each of your SIP phones. Fourth, you’ll need to copy over the firewall and whitelist rules from your primary server to your second server and restart IPtables after making certain that you’ve whitelisted the IP addresses of BOTH servers on the primary server. Fifth, we’ll add the IP address of the secondary PBX to the Endpoint Group of your primary PBX on the Skyetel site. That’s it. Once you’ve completed these five steps, your users will never miss a call. Since Skyetel doesn’t sit in the middle of the RTP stream on calls that are underway, callers may never even know their primary PBX failed.
So let’s address the worst case scenario. Your primary server has an unrecoverable system failure in the middle of the work day, and you have no backup. What do you lose? Not phone calls! And, assuming you’re making hourly dumps of your voicemails to the secondary PBX, you only would lose whatever voicemails arrived during the minutes preceding the system failure. If an hour is too painful in your operation, then make voicemail dumps more frequently. The only other data that would be lost is the CDR data since the last nightly backup was restored. If that’s too painful, that data also can be archived on a more frequent basis using a simple bash script. And, just to repeat, the total additional cost for this fault-tolerant platform is approximately $1 a month depending upon the VPS provider you choose, and we have a half dozen that we recommend AND USE at that price point. Let’s get started.
Building a Secondary Redundant Server
Start by signing up for a cloud-based OpenVZ VPS platform with one of our recommended providers. Server locations and special signup details are documented in our article. Average cost is about $1/month on an annual contract with 1Gbit port or *free 1Gbit port upgrade on request based upon LowEndBox offer. Protect yourself by paying with PayPal which gives you 6 months to dispute a charge if the provider happens to go belly up. NOTE: Performance is almost directly proportional to annual cost with our Tier 1 and Tier 2 providers.
Provider | RAM | Disk | Bandwidth | Performance as of 12/1/19 | Cost |
---|---|---|---|---|---|
CrownCloud KVM (LA) | 1GB | 20GB + Snapshot | 1TB/month | 598Mb/DN 281Mb/UP 2CPU Core | $25/year Best Buy! |
Naranjatech KVM (The Netherlands) | 1GB | 20GB | 1TB/month | Hosting since 2005 VAT: EU res. | 20€/year w/code: SBF2019 |
BudgetNode KVM (LA) | 1GB | 40GB RAID10 | 1TB/month | Also available in U.K PM @Ishaq on LET before payment | $24/year |
FreeRangeCloud KVM (Ashburn VA, Winnipeg, Freemont CA) | 1GB | 20GB SSD | 3TB/month | Pick EGG loc'n Open ticket for last 5GB SSD | $30/year w/code: LEBEGG30 |
If you can’t bear repeating this step in the event of a provider implosion, then consider one of the $5/month cloud platforms offered by Digital Ocean or Vultr.2 Ask yourself if it’s worth $4/month to eliminate the risk of having to spend an hour rebuilding your secondary PBX platform. Regardless of what you decide, here’s the drill. Set up a 64-bit CentOS 6 platform on your VPS. Since you already are familiar with the Incredible PBX 13-13 setup procedure, just follow last week’s quick-and-dirty checklist to set up your new secondary server. If your primary server also has the Whole Enchilada or Incredible Fax installed, we recommend you install the same components on your secondary server. If your secondary server is CentOS 7-based, issue the following command to assure that key-based authentication will work: chmod 711 /root
. When you’re finished, write down the IP address of your secondary server.
Setting Up SSH Key-Based Authentication
In order to automate the process of loading updates from your primary server to your secondary one, we need a way to login between the servers without being prompted for a password. Key-based authentication provides that feature. Begin by whitelisting the IP addresses of BOTH your primary and secondary PBXs on BOTH of your servers. Using add-ip in /root, add server1 entry: ./addip server1 12.34.56.78
. Then add server2 entry: ./addip server2 23.45.67.89
. When prompted, choose the 0 option to whitelist all ports.
Next, store the IP addresses of server1 and server2 on your primary server so we can find them when we need them for future tasks:
echo 12.34.56.79 > /etc/pbx/server1 echo 23.45.67.89 > /etc/pbx/server2
Next, on your primary server, generate an SSH key-pair: ssh-keygen
. Press Enter when prompted for the key’s file name. Press Enter when prompted (twice) for a passphrase.
Then copy the new key to your secondary server using the IP address of your secondary server. Enter the root password for your secondary server when prompted.
ssh-copy-id root@$(cat /etc/pbx/server2)
Now test logging into your secondary server using SSH from your primary server. You should not be prompted for a password. Close the secondary server SSH session by typing exit.
ssh root@$(cat /etc/pbx/server2) exit
Restoring Backup Image to Secondary Server
We will automate these steps down the road, but let’s first test the procedure to make sure things work as expected. Begin by creating a /backup folder on both servers. Then install the latest backup and restore scripts on both of your servers:
mkdir /backup cd /root rm -f incrediblebackup rm -f incrediblerestore wget http://incrediblepbx.com/incrediblebackup13.tar.gz tar zxvf incrediblebackup13.tar.gz rm -f incrediblebackup13.tar.gz
On BOTH servers, verify that you have the latest backup and restore scripts. The following command should return the filenames of your backup and restore scripts:
grep PROCEEDNOW= /root/inc*
On BOTH servers, issue the following commands so that we can automate the backup and restore process without being prompted:
sed -i 's|PROCEEDNOW=false|PROCEEDNOW=true|' /root/incrediblebackup13 sed -i 's|PROCEEDNOW=false|PROCEEDNOW=true|' /root/incrediblerestore13
Finally, on both servers, make sure you have logged out and back in at least once so that the Automatic Update Utility has loaded the latest patches on both platforms.
Now let’s take a backup snapshot of your primary server: /root/incrediblebackup13
Copy the backup file to the secondary server at the server2 IP address below:
scp /backup/$(ls -t /backup | head -n 1) root@$(cat /etc/pbx/server2):/backup/.
Next, login to your secondary server as root using SSH. We want to restore the backup file that was just copied from the primary server. Keep in mind that our restore methodology overwrites files with the same names on the secondary server but it does not erase files on the secondary server which were not contained in the primary’s backup. With the exception of the /root directory, the latest iteration of Incredible Restore cleans out the other affected directories including voicemail files on the secondary server. This is especially important because voicemails may have been erased on the primary server since the last restore, and voicemail files get renumbered each time a voicemail is removed. Thus, failure to remove previous collections of voicemail files before restoring a new backup could produce a royal mess on the secondary server especially where the primary server processes numerous voicemails for multiple users every day. One other item of interest concerns primary servers behind NAT-based routers. Ordinarily, you would set the external IP address and local networks in SIP Settings to avoid NAT problems such as one-way audio. Since we may be copying a NAT-based backup to a public facing secondary PBX, we don’t want those settings carried over. We’ve addressed this by deleting the entries whenever you choose automated restores using the PROCEEDNOW=true flag. The full backup including these NAT settings is preserved if you execute a restore using the PROCEEDNOW=false flag. Finally, if you were using the backup and restore tools for normal server recovery, we obviously would want to include the /etc/crontab file in the restore. However, for fault tolerant deployments, we want to preserve separate cron jobs on the primary and secondary PBXs. We handle this using the PROCEEDNOW flag as described above. If you set it to true, we preserve /etc/crontab. Otherwise, we restore it from the backup file. Now restore the backup on the secondary PBX:
/root/incrediblerestore13 /backup/$(ls -t /backup | head -n 1)
Although not recommended, we’ve been successful restoring a CentOS6-based primary server to a CentOS7-based secondary platform. Take a minute to actually examine the contents of the backup on the secondary server by logging into the FreePBX GUI with a browser. Be sure to check the extensions, trunks, and routes to verify that they match the entries on your primary server. If your primary server is behind a NAT-based router, check the SIP Settings to make certain the NAT entries for external IP address and localnets weren’t carried over to the public-facing secondary PBX.
Refreshing Spool Data to Secondary Server with rsync
Now we want to test updating voicemails and recordings from your primary server to the secondary. Using a SIP phone, connect to *701 and leave yourself a new voicemail. Verify that it exists in /var/spool/asterisk/voicemail/default/701/INBOX. Simulate the procedure that will be used periodically to copy new voicemail messages and recordings to your secondary server. Execute the following commands to verify the new voicemail was transferred:
rsync -a -e "ssh" /var/spool/* root@$(cat /etc/pbx/server2):/var/spool ls -all /var/spool/asterisk/voicemail/default/701/INBOX
Adding the Secondary Server to Skyetel
As noted above, we need to add the IP address of your secondary server to the Endpoint Group of your primary server on Skyetel. After logging into your Skyetel account, choose Endpoints -> Endpoint Groups and click the gear icon beside your primary server’s endpoint group. Add an additional entry to the Group with a Priority of 2. Your entries should look similar to this:
Within a few minutes, the Endpoint Health dashboard should display three green dots for both of your servers signifying that all three Skyetel data centers can connect to both of your servers.
Adding Server2 Key-Based Authentication
On your secondary server, let’s set up key-based authentication to the primary PBX. Here are the commands to set it up and test it. You should get logged in and back out without a password prompt.
ssh-copy-id root@$(cat /etc/pbx/server1) ssh root@$(cat /etc/pbx/server1) exit
Choosing Compatible Phones for High Availability
Now that we have our HA platform in place, we need to configure your SIP phones to continue to work when the primary server fails and things switch over to the secondary PBX. For this to work, you’ll need SIP phones that are compatible with HA technology. Most are but some are not. Look through the registration menu on your SIP phone and enter the IP address of the secondary PBX in the field provided. Adjust the server timeout value to reflect the number of seconds your users can tolerate without a working phone. On the primary PBX, don’t forget to whitelist the public IP addresses associated with each of your SIP phones using add-ip! As for supported phones, here’s a hint. Most Digium, Snom, Yealink, Grandstream, Fanvil, and Aastra 6700i and 9000i series phones are safe bets. And here’s what a SIP extension setup would look like on Yealink’s popular T46G.
Reminder: Do NOT use a private IP address (as shown) for the secondary SIP registration, and only use a private IP address for the primary PBX if both the PBX and the SIP phone are behind the same NAT-based router.
Migrating Travelin’ Man 3 Firewall to Secondary PBX
You’ll find it much easier to manage one firewall and then copy those firewall settings from your primary server to your secondary PBX. There are 3 sets of files that need to be copied from the primary PBX before restarting the secondary’s firewall: (1) iptables and ip6tables from /etc/sysconfig, (2) all iptables* files in /usr/local/sbin, and (3) *.iptables files in /root. Make certain you have whitelisted the IP addresses of the primary and secondary PBXs using /root/add-ip before issuing these commands on the primary server:
cd /etc/pbx scp /etc/sysconfig/iptables root@$(cat server2):/etc/sysconfig/. scp /etc/sysconfig/ip6tables root@$(cat server2):/etc/sysconfig/. scp /usr/local/sbin/iptables* root@$(cat server2):/usr/local/sbin/. scp /root/*.iptables root@$(cat server2):/root/. ssh root@$(cat server2) "service iptables restart; service fail2ban restart" ssh root@$(cat server2) "iptables-custom"
Automating the Daily Synchronization Process
We’ll use three cron scripts to keep the data on your primary and secondary servers in sync. These scripts automatically manage the backup sets by removing all but the latest backup on both servers. Keep in mind that, if you add new packages to your primary server, you also will need to add the same packages to your secondary server. Aside from that caveat, everything else should remain synchronized using these three simple scripts. On the primary server, we’ll use backup1restore2 to make the nightly backup and copy it to the secondary server, and we’ll use rsync-spool-1to2 to execute the hourly spool sync to catch changes in voicemails, recordings, and fax data. On the secondary server, we’ll use restore2backup1 to restore the backup from the primary server each night. Let’s first put the cron scripts in place, and then we’ll set up the cron jobs.
On the primary server, issue the following commands to install the two scripts:
cd /root wget http://incrediblepbx.com/backup1restore2 chmod +x backup1restore2 wget http://incrediblepbx.com/rsync-spool-1to2 chmod +x rsync-spool-1to2
On the secondary server, issue the following commands to install the restore script:
cd /root wget http://incrediblepbx.com/restore2backup1 chmod +x restore2backup1
Before setting up the cron entries, you have a few decisions to make. First, decide how often you wish to run the backup/restore scripts. If your PBX configuration rarely changes, you may not need to run the backup and restore scripts every night. Second, decide what time to run the backup and restore scripts. The restore script on the secondary server should always be run about 30 minutes AFTER the backup script runs on the primary server. The reason should be obvious. Remember to take into consideration the time zones of your two servers when making the time calculations. Third, decide how frequently to run the spool synchronization script from the primary server. This will depend upon how busy your primary server is and how much data (voicemails) you’re willing to lose in the event of a catastrophic failure that occurs after the last sync operation. There’s probably little need to run the synchronization script while everyone is sleeping unless you get frequent fax deliveries overnight. Finally, the backup of the primary server requires that Asterisk be shut down for at most a few minutes so schedule the backups during a time when there is no server activity on your primary server. Your test backup that we ran above should provide some idea of how long the operation will take on your PBX. Once you have tackled these issues, edit /etc/crontab on both your primary and secondary servers. Add the cron jobs to the end of the files after verifying server time on BOTH servers using date.
NOTE: We strongly recommend setting the time zone on the secondary server to match the primary server’s time zone using the /root/timezone-setup script.
On the primary server, here is a sample entry to run the backup script as the root user once a day at 2:15 am (local time on primary server):
15 2 * * * root /root/backup1restore2 >/dev/null 2>&1
On the secondary server, this entry will run the restore script once a day at 2:45 am assuming secondary server is in the same time zone as primary server:
45 2 * * * root /root/restore2backup1 >/dev/null 2>&1
On the primary server, this entry runs rsync spool script every hour on the half hour:
30 * * * * root /root/rsync-spool-1to2 >/dev/null 2>&1
Testing Fault Tolerance on Your Platform
Once you’ve put all the pieces in place, the easiest way to test the HA functionality is to shut down Asterisk on the primary PBX: amportal stop
. Also disable the rsync cron job in /etc/crontab. Depending upon the timeout seconds you configured on your SIP phones, you should be able to make calls through the secondary server shortly. Don’t forget to restart Asterisk on your primary PBX: amportal start
. Note also that you will need to shut down Asterisk on the secondary server for a few minutes after restoring the primary server. This will force all of your SIP phones to re-register with the primary server. And, in a real-world outage of considerable duration, it may be necessary to do a reverse-rsync of the spool directories from the secondary server (using the template below as an example) to assure that no voicemails and other spool files were lost during the outage. Then it’s safe to once again enable the rsync cron job on the primary server.
amportal stop rsync -a -e "ssh" /var/spool/* root@$(cat /etc/pbx/server1):/var/spool sleep 900 amportal start
Originally published: Thursday, March 7, 2019
Need help with Asterisk? Visit the VoIP-info Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- Skyetel is a platinum sponsor of Nerd Vittles and the open source projects of Ward Mundy & Associates, LLC. March is the final month to take advantage of the Nerd Vittles $50 usage credit when you sign up with Skyetel. [↩]
- Digital Ocean and Vultr provide modest referral credits to Nerd Vittles for those that use our referral code. It in no way colors our recommendations regarding these two providers, both of whom we use extensively. [↩]