Home » Posts tagged 'freepbx' (Page 43)

Tag Archives: freepbx

The Most Versatile VoIP Provider: FREE PORTING

The Incredible PBX: Safely Interconnecting Asterisk Servers

blank

 
WOW! What a couple of weeks it has been. The response to Incredible PBX for Asterisk® 1.8 has been, well, incredible. Just last week, SlickDeals and FatWallet introduced over 50,000 bargain hunters to the beauties of Asterisk and Google Voice using Incredible PBX. They joined our regular 50,000 weekly visitors in discovering what may be the best VoIP calling platform on the planet, free or otherwise.

But we’ve also heard from long-time users of PBX in a Flash: "How can we take advantage of this new Google Voice technology without breaking our existing server?" Well, starting today, it’s easy! We’re going to show you how to interconnect as many Asterisk servers as you like using a simple FreePBX tweak to make free calls using your Incredible PBX. To begin, just set up a second server or virtual machine running Incredible PBX 1.8. Then we’ll walk you through interconnecting it with any other Asterisk server that’s running FreePBX. It really is a 5 minute project… once you’ve finished reading this article.

Don’t be intimidated by all of the screen shots shown below. We’re just showing multiple ways of doing the same thing. So you don’t need to use all of them. Once you’ve added one trunk entry on each of your servers and an outbound route on your existing Asterisk server, all of the users on your primary server can instantly begin making free outbound calls through the Google Voice setup on your Incredible PBX. Keep in mind that, at least for now, there is no limit to the number of simultaneous (free) outbound calls you can make within the U.S. and Canada using the Incredible PBX 1.8 platform. And you can interconnect as many Asterisk servers as you like assuming you have the 100kbps VoIP bandwidth to support each simultaneous call.

To get started, follow our last article to get an Incredible PBX 1.8 server set up. As shown in the diagram above, we’re going to assume you’ve got both your new and old Asterisk servers running on the same subnet behind a very secure hardware-based firewall. But this isn’t really required from a technical standpoint. One or more additional servers could be strung all around the globe if that’s your requirement. Or you may wish to take advantage of the incredible deal at RentPBX.com and let them host Incredible PBX 1.8 for you at $15 a month. Just use this special coupon code: BACK10. Then all of your other Asterisk servers can take advantage of today’s free-calling solution. We would hasten to add that, once you’re using the Internet as the transport mechanism for interconnecting servers, we recommend you read and use the secure VPN setup outlined in our VPN in a Flash knol, but the IAX setup outlined below is secure except your voice data is not encrypted. So that’s your call to make.

Today’s Drill. We’re going to show you how to make calls from your existing Asterisk server through The Incredible PBX today. We’ll leave it to you to get things working in the other direction if that is a requirement for your project. First, we’ll create a new trunk on The Incredible PBX, and then we’ll create both a new trunk and a new outbound route on your existing server. We’ll also cover two different interconnection setups. First, we’ll do it using SIP. And then we’ll show you a similar setup using Asterisk’s IAX.

If both servers are sitting on the same private LAN, then the SIP setup is a little easier because the Linux firewall running on Incredible PBX allows SIP traffic to flow freely without any adjustment. It assumes you have added the recommended hardware firewall layer of protection with SIP access to your servers closed off. If one or more of your servers are outside the hardware firewall that is protecting Incredible PBX 1.8, then we recommend the VPN solution referenced above first and the IAX solution outlined here as a second option because the data is unencrypted. Both of these options avoid having to open up any SIP ports on your hardware firewall, and require only a minor adjustment to IPtables, the Linux-based firewall running on The Incredible PBX.

Naming Conventions. To keep things simple, we’re going to refer to the two servers in our example as incredible-pbx and piaf-main where incredible-pbx is your new Incredible PBX 1.8 server that will host the outbound Google Voice calls for users on your piaf-main server. You can obviously adjust these names in any way you like. The only gotcha is that Asterisk attempts to match an incoming call’s username against one of its corresponding trunk names before allowing the call. If there’s no match, the call will fail. So make sure that, if you change the names in the example, do it for both the username and trunk name entries on both servers. Better yet, follow the naming convention in our example, and it just works. 😉

Security Implications. If any of your Asterisk servers allow direct SIP traffic from the Internet, then you need to be extra careful in setting up this interconnectivity since it may allow anyone to attempt to make calls through your Incredible PBX depending upon how your primary server’s dialplan is configured. For example, once a server is interconnected with Incredible PBX, anyone could dial 6789876543@youripaddress and the call might be processed by Google Voice. To avoid this, the simple solution is to password-protect every Outbound Route on your Incredible PBX by adding a Route Password. Or, better yet, don’t expose any of your Asterisk servers to Internet SIP access. Whatever you do, be sure to test making a SIP URI call such as the one shown here once you have all of the pieces in place. Then you’ll know whether you have a security issue or not.

Setting Up Incredible PBX for Interconnecting Servers. Let’s set up a SIP and IAX trunk on your Incredible PBX first. You really don’t need both of these. To repeat, if The Incredible PBX is located on the same private subnet as your other Asterisk server, just use the SIP trunk. If you need access from an Asterisk server outside your private LAN, use the IAX setup. To begin, login to FreePBX using maint and the password you set up with passwd-master. To create a trunk, first choose Setup, Trunks.

To create a SIP trunk, click Add SIP Trunk. For the Trunk Name, enter piaf-main. Then skip down to the Outgoing Settings and use the following as a guide. Then clear out the Incoming Settings, leave the Registration String blank, and click Submit Changes. Replace 192.168.0.50 with the actual IP address of your piaf-main server. Replace password with a very secure alphanumeric password. Leave the other entries as they are.

blank

 
To create an IAX trunk, click Add IAX2 Trunk. For the Trunk Name, enter piaf-main. Then skip down to the Outgoing Settings and use the following as a guide. Then clear out the Incoming Settings, leave the Registration String blank, and click Submit Changes. Replace 192.168.0.50 with the actual IP address of your piaf-main server. Replace password with a very secure alphanumeric password. Leave the other entries as they are.

blank

With either or both trunks, you have the option of tightening up how calls placed from the other server are routed. To force all calls to go out through the Google Voice trunk, just change context=from-internal to context=gvoice. If you want extensions on the other server to be able to call extensions on The Incredible PBX directly, leave the context entry the way it is shown.

While we don’t recommend it, if you’re going to have multiple Asterisk servers connecting to The Incredible PBX to place Google Voice calls and you’re too lazy to create separate trunks to support each server, you can eliminate the IP address checking mechanism in Asterisk by replacing host=192.168.0.50 with insecure=port,invite. The security implications should be obvious.

Setting Up The Other Asterisk Server. There are two steps in setting up any other server that you wish to interconnect with The Incredible PBX. First, you have to create a compatible trunk to handle the calls. Then we’ll add an Outbound Route to send certain calls to Incredible PBX for processing. If you’re using SIP on the Incredible PBX, then you have to use SIP on the other Asterisk server. Same goes for IAX. We’ll set up both a SIP and IAX trunk on the PIAF main server just to show you what the entries should look like. And, to repeat, you really don’t need both of these. If your other Asterisk server is located on the same private subnet as Incredible PBX, use the SIP trunk. If you need access to Incredible PBX from elsewhere, use the IAX setup. To begin, login to FreePBX on your other PIAF server using maint and the password you set up with passwd-master. To create a trunk, first choose Setup, Trunks.

To create a SIP trunk, click Add SIP Trunk. For the Trunk Name, enter incredible-pbx. Then skip down to the Outgoing Settings and use the following as a guide. Then clear out the Incoming Settings, leave the Registration String blank, and click Submit Changes. Replace 192.168.0.212 with the actual IP address of your incredible-pbx server. Replace password with the same secure alphanumeric password you used on the Incredible PBX SIP trunk to which you will be connecting. Leave the other entries as they are.

blank

 
To create an IAX trunk, click Add IAX2 Trunk. For the Trunk Name, enter incredible-pbx. Then skip down to the Outgoing Settings and use the following as a guide. Then clear out the Incoming Settings, leave the Registration String blank, and click Submit Changes. Replace 192.168.0.212 with the actual IP address of your incredible-pbx server. Replace password with the same secure alphanumeric password you used on the Incredible PBX IAX trunk to which you will be connecting. Leave the other entries as they are.

blank

You’ll notice in the Dial Rules, we’ve used 48 (which is GV on a phone) as the prefix to be dialed on your other Asterisk server to route calls out through Google Voice on The Incredible PBX. So, to place a call from your other Asterisk server via Google Voice, a user would dial something like this: 48-678-987-6543. Before the call leaves the Asterisk server, the 48 prefix will be stripped off. You can make this prefix anything you’d like. Just be sure to use the same prefix when you set up the Outbound Route in the next step.

Adding an Outbound Route. The final configuration step is to add a new outbound route on your other Asterisk server to actually send calls to The Incredible PBX. As noted, we use a dialing prefix so that we can identify the calls to be sent. Create a new route called GoogleVoice and make your entries look like the following if you’re using IAX. If you’re using SIP, just change Trunk Sequence 0 to SIP/incredible-pbx. Click Submit Change and reload FreePBX when prompted.

blank

 

Keep in mind that FreePBX processes Outbound Routes in top down order, and the first matching route is the only route that is used to place the call even if the call fails. So the trick here is to move your new GoogleVoice route up the list so that it’s at least above the default calling route (which is a route with no specified dial patterns to match) and any other routes consisting of 12 or 13-digit dial strings which might match our GoogleVoice dial patterns.

IAX Firewall Adjustments. If you’re using the IAX method above, you’ll need to adjust the IPtables firewall rules on Incredible PBX to allow communications with your other Asterisk server. If your other Asterisk server is PBX in a Flash, you may need to add a similar entry in the IPtables rules on that machine as well. In addition, you’ll need to map UDP 4569 on your hardware-based firewall to the private IP address of your Asterisk server. Otherwise, calls will never make it past your firewall.

On each server, edit /etc/sysconfig/iptables and add an entry with the IP address of the other server with which you’ll be communicating. If your Incredible PBX is on a different public network than your other server, we’d need to add an entry near the end of the file and above COMMIT allowing IAX communications with the public (not private!) IP address of the piaf-main server assuming that server is outside the LAN, e.g. something like this:

-A INPUT -p udp -m udp -s 222.68.100.150 –dport 4569 -j ACCEPT

If you’re using IAX and both servers are on the same private subnet or interconnected private subnets, then the entry might look like this:

-A INPUT -p udp -m udp -s 192.168.0.50 –dport 4569 -j ACCEPT

Once you’ve saved your change, restart the firewall: service iptables restart

Testing Things Out. Now you’re ready to place a test call. Pick up an extension on your piaf-main system and dial 48-800-322-7300. You’ll be greeted by American Airlines courtesy of Google Voice. The CallerID of your outbound calls will be your Google Voice number regardless of the extension or server from which the call originates. Enjoy!

Originally published: Monday, November 15, 2010


Introducing The Incredible PBX for Asterisk 1.8

Adding Skype to The Incredible PBX

Adding Incredible Backup… and Restore to The Incredible PBX

Adding Remotes, Preserving Security with The Incredible PBX

Remote Phone Meets Travelin’ Man with The Incredible PBX


blankSupport Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! We maintain a thread with the latest Patches and Bug Fixes for Incredible PBX. Please have a look. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of ordinary users just like you. So you won’t have to wait long for an answer to your questions.


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest…

It’s TeleYapper 5.0: The Ultimate RoboDialer for Asterisk

blankWe don't normally take a month off at Nerd Vittles which should tell you something about today's 10/10/10 column. We're pleased to introduce TeleYapper 5.0, a completely rewritten, Asterisk® 1.4 and 1.6.2-compatible version of our telephone broadcasting service.1 Using Cepstral text-to-speech, TeleYapper 5.0 brings individualized, text-based messaging and customized reminders coupled with the ability to capture recorded responses from every call.

WARNING: Because of changes in Cepstral, this application now requires an additional $200 license from Cepstral. We no longer recommend Cepstral for obvious reasons and will have a comparable system using Google's new Speech-to-Text application soon. Our apologies.

As part of the message delivery process, you now can customize and capture any one of four different responses from those that are called. And TeleYapper 5.0 will email you a CSV and/or XML file with the RoboResponseâ„¢ results when the calling process is completed including a list of failed calls and calls that were answered by an answering machine. In addition, you can have TeleYapper email certain call results to various individuals as the calls are processed if your requirements demand it.

For those with multiple outbound trunks, TeleYapper 5.0 supports simultaneous calls using multiple trunks. And now there are significant enhancements that detect answering machines and real people. This lets you deliver customized messages depending upon whether an actual human answers the phone.

Version 5 has been tested extensively with the Gold, Silver, and Bronze editions of PBX in a Flash 1.7.5.5, which provides support for the latest and greatest versions of Asterisk 1.4 and 1.6.2. And it should work well with other Asterisk aggregations with MySQL, Cepstral TTS support, and FreePBX 2.5 or later.

Overview. For those that have never used TeleYapper, here's a quick summary of how the new version works. It's an automated message broadcasting service commonly known as a call blasting or phone blasting system. In addition to loads of creepy uses, phone blasting has legitimate purposes as well. TeleYapper is licensed in several different ways for the following purposes: prerecorded phone messages for neighborhood association announcements, medical appointment reminders, school closings, tornado alerts, little league practices, municipal government reminders. It's free to use for non-profit, civic, and non-political purposes provided you don't solicit money or seek to sway someone's opinion or encourage a particular vote on an issue or candidate. All other uses require a commercial license. For commercial, political, and medical applications, please review our licensing terms below.

How it Works. Step #1 is to create a CSV or XML export from your favorite database application with the information that will be used to send the messages or reminders. This could be as simple as a list of phone numbers or as complex as a listing of doctors and patients with the dates, times, and places of their next medical appointments together with special patient instructions for activity preceding their visit, e.g. "Please remember to start flossing a month before your next dental appointment."

Step #2 is to create a config file with the robodial settings as well as the text which will actually be spoken during each customized call. If you remember form letters from your word processing days, TeleYapper's config file offers the same flexibility. A message can be as simple as "Take cover immediately. A tornado has been spotted at the end of your street." Or it could be a medical appointment reminder such as the following:

Hi. This is Allison from Charleston Family Clinic calling to confirm Jan's appointment with Doctor Quack on Tuesday, October 5th, 2010, at 10:30 a.m. in our Charleston office. Please remember not to eat or drink anything after midnight on the night before your scheduled appointment.

To confirm your appointment, press 1. To reschedule your appointment, press 2. To cancel your appointment, press 3. If we have reached you in error or if you do not wish to receive further automated medical appointment reminders, press 4. To hear this message again, please press 5 now.

And you can create a separate message which would be delivered in the event an answering machine takes the call:

Hi. This is Allison from Charleston Family Clinic calling to confirm Jan's appointment with Doctor Quack on Tuesday, October 5th, 2010, at 10:30 a.m. in our Charleston office. Please remember not to eat or drink anything after midnight on the night before your scheduled appointment.

If you need to change or cancel your appointment or if we have reached you in error, please call our office at your earliest convenience. The number is 800-123-4567. Goodbye.

Step #3 is to use your web browser to access a password-protected web page that will let you upload your CSV or XML data and your config file to kick off the dialing spree. Once the files have been uploaded, everything else is automatic.

Step #4 is to sit back and relax while TeleYapper executes your instructions and calling list. When the calling has been completed, the email address in your config file will be sent both CSV and XML reports of the results of all the calls. Either of these reports is suitable for import and manipulation using most spreadsheet applications.

Status Codes. Every call that is processed gets a status code entry whether the call is successful or fails. A status code of 0 means a call failed to both phone numbers provided for a particular callee. The second phone number is entirely optional. A status code of 5 means the call was answered but no response was provided by the called party. This typically would mean the call was picked up by an answering machine although it could mean Granny answered the call using a rotary dial phone. 🙄 Status codes of 1 through 4 have whatever meaning you choose to assign to each option when setting up a configuration for a particular calling campaign.

Legalese. TeleYapper 5.0 is free for use by non-profit, civic, and non-political organizations provided you absolve us from all financial and other responsibility in conjunction with your use of the software. Non-profit use further requires that no financial benefit be derived from the substance of the calls. Simply stated, your Little League team can use the software at no cost to remind kids to attend practice, but it cannot be used to solicit charitable contributions or to sell doughnuts without obtaining a commercial license.

By using this software, you also agree to strictly comply with federal and state regulations including 16 C.F.R. Part 310. In addition, you agree to assume all risks associated with use of the software. NO WARRANTIES EXPRESS OR IMPLIED INCLUDING ITS FITNESS FOR USE OR MERCHANTABILITY ARE PROVIDED WITH THIS SOFTWARE.

WARNING: With certain limited exceptions, most robocalling now requires prior written approval from those being called. See this link for a summary of the federal requirements. Be advised that improper use of this software may subject the user to penalties of up to $16,000 per call plus monetary damages to injured consumers.

Creative Commons LicenseLicensing. You are licensed to use this software under certain conditions. You do not own it. We do, and we also own the copyright. It is licensed for use under the terms of the Creative Commons Attribution Non-Commercial license. A Plain English summary is available here. We've done this primarily to do our part to stamp out the telemarketing creeps of the world. Those wishing to use TeleYapper for commercial or political purposes must first request and then purchase a commercial license after outlining your proposed terms of use. Telemarketers need not apply! For doctors, lawyers, and others falling outside the scope of our free license who wish to obtain a commercial use license, please contact us for pricing and details. Be sure to summarize your intended use in your request together with a sufficient factual summary to demonstrate that your use is in compliance with 16 C.F.R. Part 310. Please also indicate whether you will require assistance with installation and setup.

Prerequisites. As mentioned, you'll need a Linux-based Asterisk aggregation such as PBX in a Flash to use TeleYapper 5.0. This means you need a system with Asterisk 1.4 or 1.6 as well as FreePBX 2.5 or higher. For quality reasons, we strongly recommend you purchase a commercial Cepstral text-to-speech license for your server. While Flite would technically work, most folks don't respond well to calls from Egor so we have customized the code for use solely with Cepstral. You'll find Cepstral installation instructions in this Nerd Vittles article. The TeleYapper 5.0 code also relies heavily on Apache and PHP, both of which are included in every PBX in a Flash system.

Installing Cepstral. Cepstral installation is not the simplest application to get working with Asterisk so here are the commands for those running 32-bit systems with Asterisk 1.4 or 1.6.2. For details on purchasing and registering Cepstral (and a discount) and for 64-bit installs, read our previous article including the comments.

For Asterisk 1.4 systems running under 32-bit CentOS, log into your server as root and issue the following commands accepting the Cepstral defaults. Be sure to create the Cepstral directory when prompted!

cd /root
wget http://nerd.bz/bnTVjX
tar -zxvf Cepstral*
cd Cepstral_Allison-8kHz_i386-linux_5.1.0
./install.sh
echo /opt/swift/lib > /etc/ld.so.conf.d/cepstral.conf
ldconfig
cd /usr/src
wget http://pbxinaflash.net/source/app_swift/app_swift-1.4.2.tar.gz
tar -zxvf app_swift*
cd app_swift-1.4.2
make
make install
ln -s /opt/swift/bin/swift /usr/bin/swift
sed -i 's|David-8kHz|Allison-8kHz|' /etc/asterisk/swift.conf
amportal restart
asterisk -rx "core show application swift"
ls /opt/swift/voices
swift --reg-voice

For Asterisk 1.6.2 systems running under 32-bit CentOS, log into your server as root and issue the following commands accepting the Cepstral defaults. Be sure to create the Cepstral directory when prompted!

cd /root
wget http://nerd.bz/bnTVjX
tar -zxvf Cepstral*
cd Cepstral_Allison-8kHz_i386-linux_5.1.0
./install.sh
echo /opt/swift/lib > /etc/ld.so.conf.d/cepstral.conf
ldconfig
cd /usr/src
wget http://pbxinaflash.net/source/app_swift/app_swift-1.6.2.tar.gz
tar -zxvf app_swift*
cd app_swift-1.6.2
make
make install
ln -s /opt/swift/bin/swift /usr/bin/swift
sed -i 's|David-8kHz|Allison-8kHz|' /etc/asterisk/swift.conf
amportal restart
asterisk -rx "core show application swift"
ls /opt/swift/voices
swift --reg-voice

Installing TeleYapper 5.0 The real beauty of PBX in a Flash as an Asterisk platform is demonstrated by the ease with which you can install new applications such as this one. The drill is very simple. You download an install script, make it executable, and run it. Less than a minute later, the TeleYapper install is done. Here are the commands to execute to install TeleYapper 5.0 after logging into your PBX in a Flash system as root. On other systems, you are well advised to carefully review the install script and tailor it to meet the individual requirements of the platform on which you are installing it.

cd /root
wget http://bestof.nerdvittles.com/applications/teleyapper5/teleyapper5.pbx
chmod +x teleyapper5.pbx
./teleyapper5.pbx

The TeleYapper Database. We use the MySQL database management system to manage the list of callees for TeleYapper to dial. It can handle a database of almost any size and generally stands up well in performance comparisons with Oracle. So you're covered on the database front. For most users, you never should need to access the MySQL database directly. TeleYapper 5.0 handles the importing of CSV or XML files for processing, manages the call queue, and processes and emails CSV and/or XML-formatted reports to you when the calls are completed.

The install script creates the MySQL database to support TeleYapper 5.0. Should you need or want to manage the database directly, the easiest tool to use is phpMyAdmin which is accessible through the Tools tab in FreePBX on PBX in a Flash systems. You'll need to login as maint with your maint password to access phpMyAdmin. After phpMyAdmin loads, click on the reminders database in the left column. Then click the reminders table entry in the left column to open the file. Unless you really, really know what you are doing and appreciate how much coding will be required to support new or different fields in the reminders file, don't improve it.

Here's the layout of the MySQL database table for TeleYapper 5.0:

  • id - System generated record ID
  • acctno - Account Number (12 alphanumeric characters)
  • provider - Provider Name (30 alphanumeric characters)
  • recipient - Recipient Name (30 alphanumeric characters)
  • apptdt - Appointment Date (MM/DD/YY format)
  • appttime - Appointment Time (HHMM format using 24-hr clock)
  • apptplace - Appointment Location (30 alphanumeric characters)
  • instructions - Free-form text (65535 alphanumeric characters)
  • phone1 - Primary Phone (NNN-NNN-NNNN or NNNNNNNNNN)
  • phone2 - Alternate Phone (NNN-NNN-NNNN or NNNNNNNNNN)
  • status - Status: 0=failedcall 5=ansmachine 1,2,3,4=user-defined
  • failedcalls - System Generated Number of Failed Calls

Tweaking PHP for TeleYapper. Depending upon your PHP setup and the number of calls you plan to process, you may need to adjust the default PHP resource settings on your server. The main reason is because TeleYapper generates a custom sound file for every call to be processed before the calling ever starts. If you plan to make thousands of calls, this can take some time. The PHP settings are stored in /etc/php.ini. You must log in as root and restart Apache after making changes to these settings: service httpd restart. The settings that matter are the following:

max_execution_time = 30 (we recommend 900 which is 15 minutes to process)
max_input_time = 60 (we recommend 300 which is 5 minutes to upload a file)
memory_limit = 100M (OK as is)

post_max_size = 8M (we recommend 100 megabytes which should be ample)

file_uploads = On (OK as is on most systems)
upload_max_filesize = 100M (we recommend 100 megabytes which should be ample)

Tweaking Crontab. TeleYapper relies upon a cron job to kick off its calling sprees so you'll need the following entry in your /etc/crontab file unless you used the install script which inserts it automatically:

* * * * * root /var/www/html/appt-reminders/gen-reminders.php > /dev/null 2>&1

Formatting CSV Data For Import. You don't necessarily need an external database in order to use TeleYapper 5.0 although it is designed to support almost any database or spreadsheet application in the marketplace so long as it can export data in CSV or XML format. A CSV (comma-separated values) or XML file is the middleware that makes everything work. Each line in a CSV file represents an entry to be processed by TeleYapper 5.0 when the CSV file is uploaded. Each item in a line is called a field. Every field begins and ends with double-quotes, and fields are separated from each other with commas. Do NOT include any quotation marks in your actual text, or you'll get a disaster. All fields are required, by the way, but only the Phone1 field must have an actual entry. The remaining fields may each consist of nothing more than a pair of double-quotes. Note also that the id, status, and failedcalls fields (shown in red below) must consist of a pair of double-quotes and nothing more. Here's the actual CSV format which must be used, and all of the data must appear on the same line so disregard the WordPress formatting below:

"id","acctno","provider","recipient","apptdt","appttime","apptplace","instructions","phone1","phone2",
"
status","failedcalls"

Here's what the CSV entry used for our sample medical reminder shown near the top of this article would look like. We've excluded the special instructions and Phone2 entries below only to simplify the display because of constraints inherent in our blog formatting:

"","12345","Quack","Jan","10/05/10","1030","Charleston","","4049876543","","",""

The XML Alternative. If you'd prefer to upload XML file templates for your calls instead of CSV data, a sample XML file is included in the distribution to show you the proper formatting. Here's a sample entry that matches the CSV data above:

<!-- Database: reminders -->
<reminders>
   <!-- Table: reminders -->
    <reminders>
       <id></id>
       <acctno>12345</acctno>
       <provider>Quack</provider>
       <recipient>Jan</recipient>
       <apptdt>10/05/10</apptdt>
       <appttime>1030</appttime>
       <apptplace>Charleston</apptplace>
       <instructions></instructions>
       <phone1>4049876543</phone1>
       <phone2></phone2>
       <status></status>
       <failedcalls></failedcalls>
    </reminders>
</reminders>

Direct Uploading with SAMBA. If you've activated SAMBA on your Asterisk server, you can upload TeleYapper files for processing directly. Be sure to name your CSV or XML file as reminders.csv or reminders.xml. And name your config file: config.php. Copy the files to the /var/www/html/appt-reminders/upload directory on your Asterisk server. That's all there is to it. If you need hints on SAMBA installation, see our Best of Nerd Vittles tutorial. Pay particular attention to the sections on Security Considerations and Firewall Settings. Before using the SAMBA, be sure to upload some test CSV/XML files using the web interface. There is no error checking when you use the SAMBA option!

Configuring TeleYapper 5.0 Calling Scripts. Now let's address how we transform a CSV or XML entry such as the ones shown above into a personalized phone call to Jan, the actual patient in our example. Every TeleYapper session can have an individual configuration file associated with it. If none is specified, then a default configuration is used. In this way, you can customize call procedures and calling scripts for different tasks. The easiest approach is to always upload a config file with your CSV or XML data file. Then you won't get unexpected results when the calling begins.

HINT: It's a very good idea to create a sample upload with your own phone number and some sample configuration data to test things out before you start calling thousands of clients.

A default configuration file (config.default.php) as well as sample CSV and XML templates (reminders.csv and reminders.xml) come with TeleYapper 5.0 and can be found on your Asterisk server in the /var/www/html/appt-reminders directory. Make a copy of them, and move the copies to your Mac or PC. Then, using TextEdit or Notepad, open the files and have a look. Before addressing other configuration options in config.php, let's tackle the setup procedure for calling scripts.

The actual boilerplate message to be delivered to the called party is stored in $msg. Notice that you can substitute data out of your database in the boilerplate template by enclosing any desired fields in braces. Just make sure the fieldname exactly matches one of the fields in the reminders database. So our entry for the sample call above would look like this:

$msg="Hi: This is Allison from Charleston Family Clinic calling to confirm an appointment for {recipient}, with Doctor {provider}, on {apptdt}, at {appttime}, in our {apptplace} office. {instructions}";

Just a comment that, for those with large data processing systems, you may find it more convenient to generate the actual text for each reminder on your mega-machine. In this case, all of the data (up to 65,535 characters) could be loaded into the instructions field for each callee. So each upload record might consist of nothing more than phone numbers and instructions. In this scenario, the $msg entry in config.php would look like this: $msg="{instructions}";

The key press choices that are provided to the called party are configured using the $options field which would look like this for our example:

$options = "To confirm your appointment, please press 1. To reschedule your appointment, press 2. To cancel your appointment, press 3. If we have reached you in error or if you do not wish to receive appointment reminders, press 4. To hear this message again, please press 5 now.";

Don't confuse the 5 option which is automatically included in the TeleYapper dialplan code with status code 5 which means an answering machine picked up a call. Status code 5 is system-generated and is not stored based upon a callee choosing to listen to a recorded message more than once. The two 5's are not the same even though options 1-4 are actually used to define what the first four status codes mean on your system.

As we mentioned, the system has the smarts to usually figure out if an answering machine took the call. When it detects this, the $ansmach message is played instead of $options. A sample entry might look like this:

$ansmach = "If you need to cancel or reschedule this appointment, if we reached you in error, or if you do not wish to receive appointment reminders in the future, please call 777-123-4567 at your earliest convenience. Thank you for your assistance. Goodbye.";

Finally, for each of the four choices (1 through 4), there is a response message which is played if the callee chooses that option. Here's a sample template to get you started:

$chose1 = "Thank you for making Charleston Family Clinic your medical home. Your appointment has been confirmed. Goodbye.";
$chose2 = "Thank you. A representative will be calling you to reschedule your appointment. Goodbye.";
$chose3 = "Thank you for making Charleston Family Clinic your medical home. Your appointment has been cancelled. Goodbye.";
$chose4 = "Thank you. We will update our systems and apologize for the call. Goodbye.";

Thus, when a callee responds to the boilerplate call by pressing 1, $chose1 is played in response. If an email address has been entered for $chose1email, then a copy of the log entry for that call is sent to the specified email address using the customized email subjects (shown below) in addition to being placed in the master call log. The same process occurs when the other options are chosen. Particularly with medical appointment cancellations, it may be important to receive immediate notification when an appointment is canceled or a patient requests a change in scheduling. So the software includes the flexibility to generate instant emails to various email addresses depending upon which option is pressed. As noted, the optional instant emails will be generated using the email subjects entered for the following fields in your customized configuration file:

$chose1subj = "APPOINTMENT NOTIFICATION CONFIRMED BY PHONE";
$chose2subj = "APPOINTMENT RESCHEDULING REQUEST BY PHONE";
$chose3subj = "APPOINTMENT CANCELLATION REQUEST BY PHONE";
$chose4subj = "APPOINTMENT SCHEDULING ERROR REPORTED BY PHONE";
$chose5subj = "APPOINTMENT NOTIFICATION LEFT ON ANSWERING MACHINE";

Uploading Data & Config Files to TeleYapper. Simple web pages are used to upload CSV and XML data with config files to TeleYapper 5.0. WARNING: These web pages have NOT been sanitized for use on the Internet. They are designed for use on your local area network behind a secure firewall. On PBX in a Flash systems, the web pages are password-protected and require a valid user account login for access. This will NOT be the case on other Asterisk aggregations without tweaking your Apache configuration. Sample entries can be found in teleyapper.conf in the /var/www/html/appt-reminders directory. On PBX in a Flash systems, you can log in using maint, wwwadmin, or meetme accounts. Or you can create an additional account to use with TeleYapper 5.0:

htpasswd /usr/local/apache/passwd/wwwpasswd teleyapper

There are separate web pages depending upon whether you wish to upload CSV or XML data. For CSV data, the web address is http://ipaddress/appt-reminders/uploadcsv/. For XML data, the web address is http://ipaddress/appt-reminders/uploadxml/. Substitute the private IP address of your Asterisk server for ipaddress. Here's a sample of the CSV web form. You can, of course, substitute your own logo on the right if desired.

CSV Web Form

Other TeleYapper 5.0 Config Options. In addition to the boilerplate text for TeleYapper calls, there are a number of other settings which can be adjusted to meet your individual requirements.

The database settings should never need adjusting so just leave them alone. They look like this:

$db="reminders";
$fi="reminders";
$dbuser="root";
$dbpass="passw0rd";

You can manually set a starting and ending time to begin and end the calling sequence for a particular upload. Never set these in the default configuration! Only set them in a config file to be uploaded. If the entries are blank, calls will commence shortly after the upload completes and will end when all of the entries have been processed. Note that there is no current flexibility to schedule individual calls based upon the time of the appointment. This typically would be handled by selecting particular records for processing in your primary database. For example, for medical appointments, you would select records in which an appointment is scheduled for tomorrow and then upload the list to TeleYapper which would place the calls today. We probably will expand this functionality down the road, but it's not there yet. So it's up to you to upload call lists which basically are ripe for calling now.

If you wish to use the $startcalls and $endcalls features in your custom config files, the syntax should look like this: YYYYMMDD,HHMM where YYYY is a 4-digit year, MM is a 2-digit month, DD is a 2-digit day of the month, HH is the 2-digit hour based upon a 24-hour clock (aka Military Time), and MM is the 2-digit minute. Note that calls will not end precisely at the $endcalls time. Any existing calls already in process will be completed including redials and calls to an alternate $phone2 number. This process can take up to 10 minutes to complete.

CAUTION: Be very careful using the $startcalls option! Nothing precludes your scheduling a thousand reminder calls to kick off at 0200 which is 2 a.m. Not really a good thing if job security matters to you.

To restart the calling process on the following day, log into your server as root and switch to the /var/www/html/appt-reminders directory. Then edit config.php and adjust the $startcalls and $endcalls for the remaining calls. Then run: ./gen-calls.php. Any existing database entry with a status=0 will be called when the calling process resumes. You can monitor the calling process by running: ./showcalls.sh. Press Ctrl-C to terminate the call display. It usually takes a minute or two for the first call to be placed.

$callerid is used to set the CallerID of outbound calls if your telephony provider supports it.

$trunk is used to set the outbound dialing trunk for calls. The default works for most purposes.

$channel is used to set the outbound dialing channel for calls. The default works for most purposes.

$maxcalls and $spacing are used to set the number of simultaneous calls and spacing between calls respectively. Be very careful with these settings. You must have sufficient outbound trunks to handle the number of simultaneous calls you schedule with $maxcalls, or you will get circuit busy conditions which are recorded as calls to busy numbers. Keep in mind that TeleYapper tries every call twice with 2 minutes of separation. So, if you only have two outbound trunks, don't set $maxcalls above 1, or you will get trunk busy conditions whenever original calls to an individual fail, i.e. line busy or no answer situations. In addition, remember that TeleYapper 5.0 supports a second phone number for each called party. These are triggered whenever the original two calls to the primary number fail and must also be considered in setting $maxcalls properly. If your logs show a disproportionate number of failed calls (status=0), this may be a tell-tale sign of trunk busy conditions.

$waittime is the number of seconds a call to any given number will ring. 45 seconds is about 7 rings.

$email is the email address that will be used to send the logs at the completion of the calling process. $chose1email through $chose5email are the optional email addresses if you want instantaneous feedback on certain types of status results. This means you get an immediate email if a certain call results in a certain status code. Leave the ones blank for $status conditions on which you want no immediate feedback and simply wait for the logs to arrive.

$csvreport and $xmlreport are used to set which type of completion report you wish to receive. If you want both of them, set them both to 1. Otherwise, set the one you don't want to 0.

The Old Fashioned Way. For those of you that preferred the older method of entering data directly into MySQL, you still can use phpMyAdmin or some other front-end tool to enter the data directly into the reminders.reminders table. Just leave the id field blank since it automatically gets generated by MySQL. And either leave the status and failedcalls fields blank or set them to 0. They also are system-generated. Once you have your data in place, log into your server as root, and...

cd /var/www/html/appt-reminders
Configure config.php for your calling campaign
Run ./gen-mysql.php to kick off TeleYapper 5.0

In Closing... Finally, let us issue our usual tinkerer's warning. Don't delete anything from the /var/www/html/appt-reminders directory tree. Just because you don't know its function doesn't mean it doesn't have one. Aside from that, the documentation above should get you started today. Be advised that TeleYapper 5.0 still is a work in progress. So check back every week or so for new comments on this article to see what's been changed, added, or fixed since you originally downloaded the application. Enjoy!


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

  1. Special thanks to my dear wife, Mary, who did much of the system design work for this project, and to Community Health Centers of Florida for underwriting some of the design and development costs. []

It’s PBX in a Flash 1.7.5.5: The Lean, Mean Asterisk Machine

It’s been 18 months since a new version of PBX in a Flash was officially released. And we’ll explain the reasons why it’s quite unnecessary with our product in a few minutes. But, today, we’re proud to introduce the latest and greatest version 1.7.5.5 of PBX in a Flash featuring your choice of Asterisk® 1.4 or 1.6.2 with Zaptel or DAHDI support and FreePBX 2.6. It’s lean, mean, and incredibly flexible.

You don’t get the kitchen sink with the base PBX in a Flash ISO installs. Instead you get a rock-solid CentOS 5.5 operating system with the latest CentOS kernel on which to build an Internet telephony server that meets your specific needs. If we had to sum up this new release in a word, it would be refined. Newer hardware devices now are supported, and Mondo backups and other scripts have been tweaked to work with these new devices including Atom-based machines which are proving to be the ideal telephony platform for SOHO and small business deployments. As usual, documentation was not an afterthought. There’s a new installation tutorial and our award-winning knol has been updated to cover everything you’ll ever want to know about PBX in a Flash. And there’s loads of additional documentation on the PBX in a Flash web site. For the reading impaired, there’s even a 7-minute YouTube video to walk you through the installation process.

The installation procedure has been simplified. For most users, downloading the ISO, burning the ISO to a CD, booting from the CD, and pressing the Enter key is all the complexity you’ll face with a new PBX in a Flash install. For experts and resellers, there are the familiar options to perform network installs or to select different disk architectures including software RAID. Newer device drivers can be loaded as part of the installation process as well. And TM1000’s EndPoint Manager automatically configures almost any telephone on the planet for use with PBX in a Flash. All it takes is a quick download from SourceForge. For those with a physical handicap, you now can install the complete system with no user intervention by typing ksauto at the first prompt.

Overview. For those that prefer quick checklists to long articles, here’s the 30-minute, annotated, Baker’s Dozen PBX in a Flash 1.7.5.5 installation drill:

1. Download PBX in a Flash ISO
2. Burn ISO to a CD-ROM
3. Install system behind secure firewall
4. Boot target machine to be reformatted from CD
5. Press Enter key at first prompt
6. Choose keyboard for your country
7. Choose timezone for your location
8. Create a secure root password
9. Choose GOLD, SILVER, or BRONZE edition
10. Login as root & run update-scripts
11. Run update-fixes
12. Run passwd-master
13. Load FreePBX Modules OR Install Incredible PBX

A Better Mousetrap. Asterisk-based LAMP aggregations thankfully are more plentiful today, but we think we have a better mousetrap. Here are a few reasons why? First, PBX in a Flash is the only distribution that is totally source-based with Asterisk compiled from source as part of the install. What that means is when you purchase add-on hardware and it has a problem for some reason, all of the tools are already in place for you to contact the manufacturer or reseller and have them reconfigure or recompile whatever is necessary on your system to get you back in business quickly. It also means that most of our applications are compiled from source on your specific hardware which assures a more reliable and stable software platform on which to build your telephony system.

Second, we don’t release PBX in a Flash ISOs every other week. We don’t have to. Every time a new security patch is released for Asterisk, the "other guys" have to create a new RPM or ISO to support it. That means your system is vulnerable for weeks or months while that process is underway. In some cases, it means installing a new ISO and starting over. I wish I had a nickel for every time I reinstalled and basically started over with Asterisk@Home or trixbox. With PBX in a Flash, you simply type update-source and then update-fixes at the command prompt, and your system is brought current without missing a beat. The total server downtime is typically under 15 minutes!

Third, PBX in a Flash uses a two-step install process that all but eliminates the ISO obsolescence issues that have plagued other distributions. The PBX in a Flash ISO is used to install either the 32-bit or the 64-bit CentOS 5.5 operating system and kernel. When that process completes and after performing a yum update on CentOS 5.5, the installer then searches multiple sites on the Internet for our "payload files" which contain the latest, greatest versions of Asterisk to meet your specific requirements. The payload script also installs FreePBX and many of the customized features that make PBX in a Flash unique. If you need additional functionality, we have an entire web site, pbxinaflash.org, dedicated to add-on scripts. Most of these add-on scripts are available by typing help-pbx at the command prompt. All of them install without user intervention in a minute or two. Using this design, most bugs are eliminated as well without your having to do much of anything. Translation: More time to enjoy your production-quality VoIP PBX… and less all-nighters! Finally, if you’re new to Asterisk or just want to take advantage of a decade of expertise from the PIAF developers, just load the Incredible PBX over the top of your new PBX in a Flash install. In just 15 minutes, you’ll have an incredibly secure, turnkey PBX with dozens of add-on apps that can make and receive unlimited free calls in the U.S. and Canada thanks to Google Voice.

And, speaking of security, PBX in a Flash is the only distribution that brings you multiple layers of security out of the box. There’s the preconfigured Linux IPtables firewall. And, in addition, there’s the latest and greatest version of Fail2Ban which blocks malicious intruders attempting to guess your passwords and break into your system. We also strongly recommend adding a hardware-based firewall/router to block all access to your system unless you really know what you’re doing. Does all of this matter? Well, it’s your phone bill. Here’s a link to our article about a company that recently received an unexpected $120,000 phone bill in the mail. So you decide. If you read nothing else before embarking on your VoIP adventure, read our Primer on Asterisk Security!

So today we’re proud to introduce the 1.7.5.5 release of PBX in a Flash. It’s still the Lean, Mean Asterisk Machine designed to meet the needs of hobbyists as well as business users. And FreePBX 2.6 provides a rock-solid, graphical user interface to Asterisk that competes with any commercial PBX on the planet.

Getting Started with PBX in a Flash 1.7.5.5. Begin by downloading either the 32-bit or 64-bit ISO image for PBX in a Flash from SourceForge, Google, or from one of our download mirrors. Torrents are also available. And don’t worry. If you try to run the 64-bit install on a system that doesn’t support it, it’ll just sit there so you’ve got nothing to lose by trying the Ferrari first. Once you’ve got the ISO image in hand, use your favorite tool to burn it to a bootable CD. This next step is the most important. Do some reading!! There also are loads of helpful tutorials that are free for the downloading from our support site. Before you begin the install process, be aware that all drives (including USB devices) on your target system will be erased as part of the install process. So be sure to use a dedicated server for PBX in a Flash.

Update: A new PBX in a Flash installer is now available for USB Flash Drives.

What About Hardware? If you’re new to all of this, let us recommend you try either one of Dell’s entry-level PowerEdge servers or one of the newer Intel Atom-based small-footprint PCs or netbooks such as the Acer Aspire One or Acer Aspire Revo. On sale pricing is typically in the $200-$300 range. You can save an additional 2% plus $5 by using our coupon link in the right margin. Any of these systems is just about perfect for a home or small business server.

Basic Install. Once you have your new system, just insert the CD containing the ISO and then reboot the machine you wish to dedicate to PBX in a Flash. After reading this tutorial and the initial prompts and warnings, choose an option and press the <Enter key> to begin the installation. Choose your default keyboard and then choose your time zone and leave the UTC system clock option unchecked. Next choose a root password for your new system. Make it secure, and write it down (not on your shoe). IMPORTANT: Your server must have its system clock set correctly and be connected to the Internet before the install process begins! In about 15 minutes depending upon the speed of your PC, the machine will reboot when the installation of CentOS 5.5 is complete. Be sure to eject the CD at this point, or your system will boot again from the CD and start over.

After the reboot, the system will boot CentOS 5.5 and then prompt you to choose the version of Asterisk you’d like to install. Here are the three choices:

A – GOLD with Asterisk 1.4.21.2 and Zaptel
B – SILVER with latest Asterisk 1.4 version and DAHDI
C – BRONZE with latest Asterisk 1.6.2 version and DAHDI

If you plan to expose your server to the Internet in any way, we recommend you choose the SILVER version which is the most secure. And just to repeat, if you don’t have Internet connectivity, then the installation cannot complete. When the installation finishes, reboot your system and log in as root. The IP address of your PBX in a Flash system will be displayed once you log in. If it’s blank, type service network restart after assuring that you have Internet connectivity and access to a DHCP server that hands out IP addresses. Typing ifconfig should display your IP address on the eth0 port. Write it down. We’ll need it in a minute.

Now that you’ve logged in as root, you should see the IP address displayed with the following command prompt: root@pbx:~/. If instead you see bash displayed as the command prompt and it’s not green, then the installation has not completed successfully. This is probably due to network problems but also could be caused by the time being set incorrectly on your server. You can’t compile Asterisk if the time on your computer is a date in the past! For this glitch you basically have to start over. If it’s a network issue, fix it and then reboot and watch for the eth0 connection to complete. Assuming it doesn’t fail the second time around, the installation will continue. Likewise, if you do not have DHCP on your network, the installation will fail because the PBX will not be given an IP address.

Three Steps to Complete the Install. There are three important things to do to complete the installation. First, run the following commands after logging into your new server as root with your root password:

update-scripts (gets the latest PIAF scripts)
update-fixes (applies PIAF security patches and bug-fixes)
passwd-master (sets your FreePBX maint password)

Second, from the command prompt, run genzaptelconf or gendahdiconf if you have ZAP/DAHDI hardware. This sets up your hardware as well as a timing source for conferencing. If you’re using additional hardware for your Asterisk system, we recommend removing any modem before you install the cards. This will help avoid interrupt conflicts.

Third, decide how to handle the IP address for your PBX in a Flash server. The default is DHCP, but you don’t want the IP address of your PBX changing. Phones and phone calls need to know how to find your PBX, and if your internal IP address changes because of DHCP, that’s a problem. You have two choices. Either set your router to always hand out the same DHCP address to your PBX in a Flash server by specifying its MAC address in the reserved IP address table of your router, or run netconfig at the command prompt and assign a permanent IP address to your server. Be aware that netconfig no longer is a part of CentOS 5.5. Run install-netconfig to reinstall it. If you experience problems with the process, see this message thread on the forum.

If you’ve used one of the dLink firewall/routers we recommend and you plan to install the Incredible PBX, you can skip the rest of this article. We’ve done all of the work for you!

blank

blankThe Incredible PBX Inventory. For those wondering what’s included with The Incredible PBX, here’s a feature list of components you get in addition to the base install of PBX in a Flash with CentOS 5.5, Asterisk, FreePBX 2.6, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Please note that A2Billing, Cepstral TTS, Hamachi VPN, and Mondo Backups are optional and may be installed using provided scripts.

If you’ve decided to roll your own and skip The Incredible PBX, then let’s continue…

Getting Rid of One-Way Audio. There are some settings you’ll need to add to /etc/asterisk/sip_custom.conf if you want to have reliable, two-way communications with Asterisk: nano -w /etc/asterisk/sip_custom.conf. The entries depend upon whether your Internet connection has a fixed IP address or a DHCP address issued by your provider. In the latter case, you also need to configure your router to support Dynamic DNS (DDNS) using a service such as dyndns.org. If you have a fixed IP address, then enter settings like the following using your actual public IP address and your private IP subnet:

externip=180.12.12.12
localnet=192.168.1.0/255.255.255.0     

If you have a public address that changes and you’re using DDNS, then the settings would look something like the following:

externhost=myserver.dyndns.org
localnet=192.168.0.0/255.255.255.0     

(NOTE: The first 3 octets in the above localnet entries need to match your private IP addresses!)

Once you’ve made your entries, save the file: Ctrl-X, Y, then Enter. Reload Asterisk: amportal restart. If you assigned a permanent IP address, reboot your server: shutdown -r now.

Be aware that some people experience problems with the externhost approach outlined above. If your provider only gives you a dynamic IP address, you still can use the externip approach above so long as you have a method to frequently verify your IP address. The approach we actually use on our home network is to run a little script every 5 minutes. If it finds that your outside IP address has changed, it will automatically update your sip_custom.conf file with the new address. To use our approach, create a file in /var/lib/asterisk/agi-bin names ip.sh. Here’s the code:2

#!/bin/bash
# File to log the IP Address
IPFILE='/var/log/asterisk/externip'
# Your local lan ip block
localnet=192.168.1.0
# Nothing else needs to be changed.
if [ ! -f "$IPFILE" ]; then
echo "creating $IPFILE"
echo first_time_usage > $IPFILE
fi
lastip=`cat $IPFILE`
externip=$(curl -s -S --user-agent "PIAF 1.4"↩
http://myip.pbxinaflash.com | awk 'NR==2')
if [ $externip != $lastip ]; then
# Writes new IP address (if it has changed) to file.
echo "$externip" > $IPFILE
echo "externip=$externip" > /etc/asterisk/sip_custom.conf
echo "localnet=$localnet/255.255.255.0" >>↩
/etc/asterisk/sip_custom.conf
echo "srvlookup=yes" >> /etc/asterisk/sip_custom.conf
echo "nat=yes" >> /etc/asterisk/sip_custom.conf
asterisk -rx "dialplan reload" ;
else
exit 0;
fi
exit;

On line 5, enter the internal subnet for your server as the localnet entry. This is usually 192.168.0.0 or 192.168.1.0. YMMV!

Save the file and give it execute permissions: chmod +x /var/lib/asterisk/agi-bin/ip.sh. Then make asterisk the file owner: chown asterisk:asterisk /var/lib/asterisk/agi-bin/ip.sh.

Finally, add the following entry to the bottom of /etc/crontab:

*/5 * * * * asterisk /var/lib/asterisk/agi-bin/ip.sh > /dev/null

Activating Email Delivery of Voicemail Messages. We’ve previously shown how to configure systems to reliably deliver email messages whenever a voicemail arrives unless your ISP happens to block downstream SMTP mail servers. Here’s the link in case you need it. As it happens, you really don’t have to use a real fully-qualified domain name to get this working. So long as the entry (such as pbx.dyndns.org) is inserted in both the /etc/hosts file and /etc/asterisk/vm_general.inc with a matching servermail entry of vm@pbx.dyndns.org (as explained in the link above), your system will reliably send emails to you whenever you get a voicemail if you configure your extensions in FreePBX to support this capability. You can, of course, put in real host entries if you prefer. For 90% of the systems around the world, if you just want your server to reliably e-mail you your voicemail messages, make line 3 of /etc/hosts look like this with a tab after 127.0.0.1 and spaces between the domain names:

127.0.0.1     pbx.dyndns.org pbx.local pbx localhost.localdomain localhost

And then make line 6 of /etc/asterisk/vm_general.inc look like the following:

serveremail=voicemail@pbx.dyndns.org

Now issue the following two commands to make the changes take effect:

service network restart
amportal restart

The command "setup-mail" can be used from the Linux prompt to set the fully-qualified domain name (FQDN) of the mail that is sent out from your server. This may help mail to be delivered from the PBX. One of things mail servers do to reduce spam is to do a reverse lookup on where the mail has come from, checking that there is actually a mailserver at the other end. You can only do this if you have set up dynamic DNS or if you have pointed a hostname at your fixed IP address. Once you have done this, and assuming your ISP is cooperative, then you will receive your voicemails via email if you wish (this is set within FreePBX),and your PBX will email you when FreePBX needs an update. You set this feature in FreePBX General Settings.

If your hosting provider blocks downstream SMTP servers to reduce spam, here’s a simple way to use your Gmail account (free!) as your SMTP Relay Host. Then you never have to worry about this again!

Setting Passwords and Other Stuff. Be aware that major security issues are reported from time to time with FreePBX. We strongly recommend that you not use FreePBX admin security alone to protect your system from a web attack. It may compromise root access to your entire server. For this reason, we recommend that you log in as root and immediately run passwd-master after completing the update-scripts and update-fixes scenario. This establishes Apache htaccess security on your FreePBX web interface. After running this conversion utility, you can only log into the FreePBX admin interface with the username maint (not admin) and the password which you establish when you run the utility.

Other passwords can be set in your system with these commands:

passwd... reset your root user password
passwd-maint... reset your FreePBX maint password
passwd-wwwadmin... for users needing FOP and MeetMe access
passwd-meetme... for users needing only MeetMe access
passwd-webmin... for users needing WebMin access to your server (very dangerous!)

There’s also an Administration password that you can set in the KennonSoft UI that displays when you point your browser to the IP address of your server. Do NOT use the same password here that you use elsewhere as it is not overly secure.

Configuring WebMin. WebMin is the Swiss Army Knife of Linux. It provides TOTAL access to your system through a web interface. Search Nerd Vittles for webmin if you want more information. Be very careful if you decide to enable it on the public Internet. You do this by opening port 9001 on your router and pointing it to the private IP address of your PBX in a Flash server. Before using WebMin, you need to set up a username and password for access. From the Linux prompt while logged in as root, type the following command where admin is the username you wish to set up and foo is the password you’ve chosen for the admininstrator account. HINT: Don’t use admin and foo as your username and password for WebMin unless you want your server trashed!

/usr/libexec/webmin/changepass.pl /etc/webmin root password

To access WebMin on your private network, go to http://192.168.0.123:9001 where 192.168.0.123 is the private IP address of your PBX in a Flash server. Then type the username and password you assigned above to gain entry. To stop WebMin: /etc/webmin/stop. To start WebMin: /etc/webmin/start. For complete documentation, go here.

Updating and Configuring FreePBX. FreePBX 2.6 is installed as part of the PBX in a Flash 1.7.5.5 implementation. This incredible, web-based tool provides a complete menu-driven user interface to Asterisk. The entire FreePBX project is a model of how open source development projects ought to work. And having Philippe Lindheimer’s as the Captain of the Ship is just icing on the cake. All it takes to get started with FreePBX is a few minutes of configuration, and you’ll have a functioning Asterisk PBX complete with voicemail, music on hold, call forwarding, and a powerful interactive voice response (IVR) system. There is excellent documentation for FreePBX which you should read at your earliest convenience. It will answer 99% of your questions about how to use and configure FreePBX. For the one percent that is not covered in the Guide, visit the FreePBX Forums which are frequented regularly by the FreePBX developers. Kindly post FreePBX questions on their forum rather than the PBX in a Flash Forum. This helps everybody. Now let’s get started.

Now move to a PC or Mac and, using your favorite web browser, go to the IP address you deciphered above for your new server. Be aware that FreePBX has a difficult time displaying properly with IE6 and IE7 and regularly blows up with older versions of Safari. Be safe. Use Firefox. From the PBX in a Flash Main Menu in your web browser, click on the Administration link and then click the FreePBX button. Once FreePBX loads, click the Module Administration option in the left frame. Now click Check for Updates online in the upper right panel. Next, click Download All which will select all but two modules for download and install. Scroll to the bottom of the page and click Process, then Confirm, then Return. Now repeat the process once more, then Process, Confirm, Return, Apply Config Changes, and Continue with Reload. Finally, scroll down the Modules listing until you get to the Maintenance section. Click on each of the following and choose Install: ConfigEdit, Sys Info, and phpMyAdmin. Then click Process, then Confirm, then Return once the apps are downloaded and installed, then Apply, then Continue with Reload. All three of these tools now are installed in the Maintenance section of the Tools tab of FreePBX. You now have an up-to-date version of FreePBX. You’ll need to repeat the drill every few weeks as new updates are released. This will assure that you have all of the latest and greatest software. To change your Admin password, click on the Setup tab in the left frame, then click Administrators, then Admin in the far right column, enter a new password, and click Submit Changes, Apply Configuration Changes, and Continue with reload. We’re going to be repeating this process a number of times in the next section so… when instructed to Save Your Changes, that means "click Submit Changes, Apply Configuration Changes, and Continue with reload." Finally, don’t worry about the warnings alerting you that you’re using default passwords. Your system is behind a secure firewall, and these passwords are only accessible to someone that has access to your system and has your root password.

Choosing Internet Telephony Hosting Providers for Your System. Before you can place calls to users outside your system or to receive incoming calls, you’ll need at least one provider (each) for your incoming phone number (DID) and incoming calls as well as a provider for your outbound calls (terminations). We have a list of some of our favorites here, and there are many, many others. You basically have two choices with most providers. You can either pay as you go or sign up for an all-you-can-eat plan. Most of the latter plans also have caps on minutes so it’s more akin to all-they-care-for-you-to-eat, and there are none of the latter plans for business service. In the U.S. market, the going rate for pay as you go service is about 1.5¢ per minute rounded to the tenth of a minute. The best deal on DIDs is from Vitelity. They charge $3.99 a month for a DID with unlimited, free incoming calls. There’s a link to the Nerd Vittles discount on this service for PBX in a Flash users below.

Before you sign up for any all-you-can-eat plan, do some reading about the service providers. Some of them are real scam artists with backbilling and all sorts of unconscionable restrictions. You need to be careful. Our cardinal rule in the VoIP Wild West is never, ever entrust your entire PBX to a single hosting provider. As Forrest Gump would say, "Stuff happens!" And life’s too short to have dead telephones, even if it’s a rarity.

Setting Up FreePBX to Make Your First Call. There are four components in FreePBX that need to be configured before you can place a call or receive one from outside your PBX in a Flash system. So here’s FreePBX for Dummies in less than 50 words. You need to configure Trunks, Extensions, Outbound Routes, and Inbound Routes. Trunks are hosting provider specifications that get calls delivered to and transported from your PBX to the rest of the world. Extensions are internal numbers on your PBX that connect your PBX to telephone hardware or softphones. Inbound Routes specify what should be done with calls coming in on a Trunk. Outbound Routes specify what should be done with calls going out to a Trunk. Everything else is bells and whistles.

Trunks. When you sign up with most of the better ITHP’s that support Asterisk, they will provide documentation on how to connect their service with your Asterisk system. If they have a trixbox tutorial, use that since it also uses FreePBX as the web front end to Asterisk. Here’s an example from les.net. And here’s the Vitelity support page although you will need to set up an account before you can access it. We also have covered the setups for a number of providers in previous articles. Just search the Nerd Vittles site for the name of the provider you wish to use. You’ll also find many Trunk setups in the trixbox Trunk Forum. Once you find the setup for your provider, add it in FreePBX by going to Setup, Trunks, Add SIP Trunk. Our AxVoice setup (which is all entered in the Outgoing section with a label of axvoice) looks like this with a Registration String of yourusername:yourpassword@sip.axvoice.com:

allow=ulaw
authname=yourusername
canreinvite=no
context=all-incoming
defaultip=sip.axvoice.com
disallow=all
dtmfmode=inband
fromdomain=sip.axvoice.com
fromuser=yourusername
host=sip.axvoice.com
insecure=very
nat=yes
secret=yourpassword
type=friend
user=phone
username=yourusername

And our Vitelity Outbound Trunk looks like the following (labeled vitel-outbound) with no registration string:

allow=ulaw&gsm
canreinvite=no
context=from-pstn
disallow=all
fromuser=yourusername
host=outbound1.vitelity.net
secret=yourpassword
sendrpid=yes
trustrpid=yes
type=friend
username=yourusername

Extensions. Now let’s set up a couple of Extensions to get you started. A good rule of thumb for systems with less than 50 extensions is to reserve the IP addresses from 192.x.x.201 to 192.x.x.250 for your phones. Then you can create extension numbers in FreePBX to match those IP addresses. This makes it easy to identify which phone on your system goes with which IP address and makes it easy for end-users to access the phone’s GUI to add bells and whistles. To create extension 201 (don’t start with 200), click Setup, Extensions, Generic SIP Device, Submit. Then fill in the following blanks USING VERY SECURE PASSWORDS and leaving the defaults in the other fields for the time being.

User Extension … 201
Display Name … Home
Outbound CID … [your 10-digit phone number if you have one; otherwise, leave blank]
Emergency CID … [your 10-digit phone number for 911 ID if you have one; otherwise, leave blank]
Device Options
secret … 1299864 < -- make this unique AND secure! dtmfmode ... rfc2833 Voicemail & Directory ... Enabled voicemail password ... 1299864 <-- make this unique AND secure! email address ... yourname@yourdomain.com [if you want voicemail messages emailed to you] pager email address ... yourname@yourdomain.com [if you want to be paged when voicemail messages arrive] email attachment ... yes [if you want the voicemail message included in the email message] play CID ... yes [if you want the CallerID played when you retrieve a message] play envelope ... yes [if you want the date/time of the message played before the message is read to you] delete Vmail ... yes [if you want the voicemail message deleted after it's emailed to you] vm options ... callback=from-internal [to enable automatic callbacks by pressing 3,2 after playing a voicemail message] vm context ... default

Now create several more extensions using the template above: 202, 203, 204, and 205 would be a good start. Keep the passwords simple. You’ll need them whenever you configure your phone instruments.

Extension Security. We cannot overstress the need to make your extension passwords secure. All the firewalls in the world won’t protect you from malicious phone calls on your nickel if you use your extension number or something like 1234 for your extension password because the SIP and IAX ports typically are exposed to allow connections to your providers. In addition to making up secure passwords, the latest version of FreePBX also lets you define the IP address or subnet that can access each of your extensions. Use it!!! Once the extensions are created, edit each one and modify the permit field to specify the actual IP address or subnet of each phone on your system. A specific IP address entry should look like this: 192.168.1.142/255.255.255.255. If most of your phones are on a private LAN, you may prefer to use a subnet entry like this: 192.168.1.0/255.255.255.0 using your actual subnet, of course.

Outbound Routes. The idea behind multiple outbound routes is to save money. Some providers are cheaper to some places than others. We’re going to skip that tutorial today. You can search the site for lots of information on choosing providers. Assuming you have only one or two for starters, let’s just set up a default outbound route for all your calls. Using your web browser, access FreePBX on your server and click Setup, Outbound Routes. Enter a route name of Everything. Enter the dial patterns for your outbound calls. In the U.S., you’d enter something like the following:

1NXXNXXXXXX
NXXNXXXXXX

Click on the Trunk Sequence pull-down and choose your providers in the order you’d like them to be used for outbound calls.Click Submit Changes and then save your changes. Note that a second choice in trunk sequence only gets used if the calls fail to go through using your first choice. You’ll notice there’s already a 9_outside route which we don’t need. Click on it and then choose Delete Route 9_outside. Save your changes.

Inbound Routes. We’re also going to abbreviate the inbound routes tutorial just to get you going quickly today. The idea here is that you can have multiple DIDs (phone numbers) that get routed to different extensions or ring groups or departments. For today, we recommend you first build a Ring Group with all of the extension numbers you have created. Once you’ve done that, choose Inbound Routes, leave all of the settings at their default values and move to the Set Destination section and choose your Ring Group as the destination. Now click Submit and save your changes. That will set up a default incoming route for your calls. As you add bells and whistles to your system, you can move the Default Route down the list of priorities so that it only catches calls that aren’t processed with other inbound routing rules.

General Settings. Last, but not least, we need to enter an email address for you so that you are notified when new FreePBX updates are released. Scroll to the bottom of the General Settings screen after selecting it from the left panel. Plug in your email address, click Submit, and save your changes. Done!

Adding Plain Old Phones. Before your new PBX will be of much use, you’re going to need something to make and receive calls, i.e. a telephone. For today, you’ve got several choices: a POTS phone, a softphone, or a SIP phone. Option #1 and the best home solution is to use a Plain Old Telephone or your favorite cordless phone set (with 8-10 extensions) if you purchase a little device known as a Sipura SPA-3102. It’s under $70. Be sure you specify that you want an unlocked device, meaning it doesn’t force you to use a particular service provider. This device also supports connection of your PBX to a standard office or home phone line as well as a telephone.

Downloading a Free Softphone. Unless you already have an IP phone, the easiest way to get started and make sure everything is working is to install an IP softphone. You can download a softphone for Windows, Mac, or Linux from CounterPath. Or download the pulver.Communicator or the snom 360 Softphone which is a replica of perhaps the best IP phone on the planet. Here’s another great SIP/IAX softphone for all platforms that’s great, too, and it requires no installation: Zoiper 2.0 (formerly IDEfisk). All are free! Just install and then configure with the IP address of your PBX in a Flash server. For username and password, use one of the extension numbers and passwords which you set up with freePBX. Once you make a few test calls, don’t waste any more time. Buy a decent SIP telephone. Visit the PBX in a Flash Forum for lots of suggestions on telephones. Our personal favorite and the phone that PBX in a Flash officially supports is the Aastra 57i or 57iCT which also includes cordless DECT phone. Do some reading before you buy.

Where To Go From Here. The PBX in a Flash script repository at pbxinaflash.org also has gotten a facelift. That should be your next stop because it is the home of all the goodies that make PBX in a Flash shine. Tom King, the ultimate scripting guru, manages that site. So check it often. You’ll also find all of our Nerd Vittles Goodies work with this new release. Most of our original collection work flawlessly with Asterisk 1.4 including AsteriDex, Yahoo News Headlines, Weather by Airport Code, Weather by Zip Code, Worldwide Weather Forecasts, Telephone Reminders, MailCall for Asterisk, and TeleYapper. We have not yet completed testing with Asterisk 1.6, but most should work. Complete documentation for each application also is provided at the link above. And, if you still have a DBT-120 Bluetooth adapter, you’ll be happy to learn that it works out-of-the-box with PBX in a Flash. Dust off our recent article on Proximity Detection, and you should be in business in under 10 minutes. Enjoy!


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest…

  1. For Asterisk 1.6 or for 64-bit systems with Asterisk 1.4 or 1.6, use the Cepstral install procedures outlined in this Nerd Vittles article. []
  2. Join the following line to the original line of code whenever you encounter the ↩ character. []

The Incredible PBX: Adding Remotes, Preserving Security

blankUnlike most Asterisk®-based PBXs which are insecure as installed and leave it to you to implement sufficient safeguards to preserve the integrity of your system, the Incredible PBX is delivered with rock-solid, air-tight security already in place. Because it is designed to operate behind a hardware- based firewall, what you'll be doing when you want to add functionality with the Incredible PBX is loosening security rather than tightening it. The trick, of course, is to do it in a way that doesn't compromise the overall integrity of your system. As delivered, the Incredible PBX relies upon four layers of network security: a hardware-based firewall of your choice1, a preconfigured IPtables software-based Linux firewall, preconfigured Fail2Ban to monitor your logs for suspicious activity and to block specific IP addresses when abuse is detected, and random passwords for all extensions and DISA connections.

If you installed the Incredible PBX using SIPgate as the intermediate provider with Google Voice, then your hardware-based firewall should have no ports opened and forwarded to your server. If you used IPkall, then only UDP 4569 has been opened and forwarded to your server. And the Incredible PBX IPtables setup for IAX restricts access to just a few IP addresses to support IPkall.

There are obviously situations in which you will want or need additional connectivity. The most likely one involves activation of SIP telephones at remote locations, such as a branch office, or Grandma's house or a relative in college. The other obvious use is with cellphones and PDAs that support SIP clients such as Android phones, iPhones, and iPads.2

What we'd recommend you not do is open the SIP floodgate to your PBX by providing unrestricted inbound SIP access, but we'll show you how if you really want or need this functionality. As desirable as this can be, it is accompanied by an array of security issues that really are not worth the risks unless you know what you're doing and you're willing to stay on top of security updates and keep your system patched.

blank

Let's first tackle how to provide limited inbound SIP functionality without selling the farm. If the remote site has a fixed IP address, the procedure to allow remote access to your server is fairly straight-forward: just map the SIP ports on the hardware-based firewall to your server (UDP 5000:5082 and UDP 10000:20000) and then restrict SIP access using IPtables to the remote IP address as well as the subnet of your private LAN. You can decipher your private subnet by running status. If your server's IP address is 192.168.0.123, then your private subnet would be 192.168.0.0. The IPtables firewall settings are stored in /etc/sysconfig/iptables. Edit that file and find the line that looks like this:

-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT

Delete or comment out this entry with a leading # and insert new entries that look like the following using the public IP address(es) you wish to add plus the private subnet:

-A INPUT -p udp -m udp -s 141.146.20.10 --dport 5000:5082 -j ACCEPT
-A INPUT -p udp -m udp -s 141.146.20.11 --dport 5000:5082 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/255.255.0.0 --dport 5000:5082 -j ACCEPT


After making the changes, save the file: Ctrl-X, Y, then Enter. Then restart IPtables: service iptables restart.

Unfortunately, in many situations, the remote phone or cellphone uses an Internet connection with a dynamic IP address. So we don't know the actual IP address that will be assigned. There are a number of solutions to this problem, and we'll rank them in our order of preference. First, spend the $200 and install another Incredible PBX at the remote site. Then the two servers can be linked with IAX connections between the servers making connectivity between the systems totally transparent. Second, install VPN routers at both sites and use a private IP address to establish connectivity with the host system. In this situation, you will have the equivalent of a fixed IP address for the remote device which makes it the equivalent of the fixed IP address solution above. Third, install OpenVPN on your host system and purchase a SIP phone or cellphone that supports VPN connectivity. Most of the high-end SNOM SIP phones have this functionality as do Android phones, iPhones, and iPads. With this setup you also have the equivalent of a fixed IP address, even though it's on a virtual private network. Fourth, talk to the Internet service provider at your remote site and obtain the range of IP addresses that DHCP hands out to those using their services... or just make an educated guess.3

BEFORE Activating Full SIP Connectivity. OK. We hear you. You travel for a living, and the IP address of your cellphone changes hourly, all day, every day of the year. Then, yes, you are a candidate for a full-fledged Asterisk server with unlimited SIP access. Before covering how, let's review what responsibilities go with running such a server. Bear in mind that one compromised SIP password or otherwise vulnerable application on your server (including Asterisk, FreePBX, SSH, and hundreds of others), and you may very well be the proud owner of a whopping phone bill. And we're not talking hundreds of dollars. It could very well be tens of thousands of dollars. And it doesn't take weeks or months. It could be a few hours.

Baker's Dozen SIP Security Checklist

1. Keep Asterisk Current & Patched
2. Keep FreePBX Current & Patched
3. Make Frequent Backups
4. Visit PBX in a Flash Forums Regularly
5. Subscribe to PBX in a Flash RSS Feed
6. Secure Alphanumeric Extension Passwords
7. Secure DISA, VMail, Root, FreePBX Passwords
8. Lock Down Extensions with Deny/Permit
9. Turn Off Recurring Payments with Providers
10. Restrict Trunks to 1-2 Simultaneous Calls
11. Tighten Dialplan by Removing Wildcards
12. Eliminate Intl & Toll Calls With Providers
13. Check FreePBX Call Logs Daily for Abuse

Baker's Dozen SIP Security Checklist. Before opening the floodgates, let's review what you need to do. First, you'll need to run the very latest version of Asterisk... all the time. This means you need to monitor asterisk.org, and keep your system up to date by running update-scripts, update-source, and update-fixes regularly. The default version of Asterisk on current PBX in a Flash and Incredible PBX builds is extremely reliable, but it contains SIP and IAX vulnerabilities which should not be exposed directly to the Internet! Second, you need to run the latest version of FreePBX and apply all patches as they are released. Third, you need to make frequent backups appreciating that sometimes the Asterisk and FreePBX developers get things horribly wrong, and stuff that used to work no longer does. Believe it or not, they're human! Fourth, you need to visit the PBX in a Flash Forums daily and keep abreast of security alerts and bug reports on CentOS, Asterisk, and FreePBX. Fifth, you need to subscribe to the PBX in a Flash RSS Feed which provides regular security alerts when there are reported problems. Sixth, you need to really secure your extension passwords with very long, complex alphanumeric passwords. Ditto for your root and FreePBX passwords! Seventh, for DISA and voicemail, these passwords need to be numeric, complex, and extra long. Eighth, you need to lock down as many of your extensions as possible with deny/permit settings to restrict the IP addresses of those extensions. If you only have one or two remote SIP extensions with dynamic IP addresses, then all of the rest should have deny/permit entries! Ninth, turn off recurring payments with all of your telephony providers and keep minimal funds available in all of your accounts. This means you'll have to monitor these accounts to make sure they are not deactivated for lack of funds. Tenth, restrict all of your trunks to one or at most two simultaneous calls to reduce your call exposure in the event someone breaks into your system. Eleventh, tighten up your Trunk Dial Rules and eliminate any entries that would permit calls to anywhere in the world! If you don't regularly make international calls, there's absolutely no reason to have such entries in your dialplan. If you still have Ma Bell PSTN lines, this is even more important. In fact, consider eliminating long distance access to all of these trunks. Twelfth, where possible, configure your provider accounts to eliminate international and toll calls of all varieties. Finally, check your FreePBX call log every day to make certain no one is making calls on your nickel.

If you are unwilling or unable to perform these Baker's Dozen steps while continuing to monitor the sites provided and recheck your setup regularly (at least every week), don't activate unrestricted SIP access to your server.

Other Options. Consider using an intermediate provider such as voip.ms to provide SIP URI access to your server. Keep in mind that having a registered connection between your server and a VoIP provider alleviates the need to punch a hole in your firewall. So the idea here is to sign up for an inexpensive voip.ms account and set up the trunk connection with your server as either an IAX or SIP account with an always-on connection. Then voip.ms gives you the option of activating a SIP URI as part of a subaccount setup. Just create an internal extension on their server, and this will generate a SIP URI, e.g. 123456666@sip.us4.voip.ms where 12345 is your voip.ms account number and 6666 is the internal extension you created. This lets you connect directly with your server through the SIP URI from anywhere once you map this subaccount to an extension or IVR on your server. The charge for SIP URI calls is only $.001 per minute. The last step is to use this SIP URI in your remote SIP phone to connect back to your server. You can take advantage of the full range of Asterisk functions once these calls reach your server including IVRs and DISA. The approach is not only simple to implement, but it's also safe and economical.

There are some other alternatives as well. Use something like Google Voice or Ooma to redirect calls to your cellphone when you're traveling. Or buy an Ooma for Grandma or a MagicJack for Joe College. These options also are safe, secure, and quite inexpensive.

Just Released: Remote Phone Meets Travelin' Man

blank

Activating Inbound SIP on Your Server. If you still are hell-bent on opening SIP access to your server, the Incredible PBX already is preconfigured to support it. Just map the SIP ports on your hardware- based firewall to your server (UDP 5000:5082 and UDP 10000:20000). Once activated, anyone can reach you through the following SIP URI using the actual public IP address of your server: mothership@12.34.56.78. You also can adjust the e164 trunk in FreePBX to route inbound calls to any destination desired. Then register your phone number on e164.org and others can call you at no cost using your traditional phone number. Enjoy!


The Incredible PBX: Basic Installation Guide

Adding Skype to The Incredible PBX

Adding Incredible Backup... and Restore to The Incredible PBX

Adding Multiple Google Voice Trunks to The Incredible PBX

Remote Phone Meets Travelin' Man with The Incredible PBX

Continue reading Basic Installation Guide, Part II.

Continue reading Basic Installation Guide, Part III.

Continue reading Basic Installation Guide, Part IV.

blankSupport Issues. With any application as sophisticated as this one, you're bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It's the best Asterisk tech support site in the business, and it's all free! We maintain a thread with the latest Patches and Bug Fixes for Incredible PBX. Please have a look. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of ordinary users just like you. So you won't have to wait long for an answer to your questions.


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

  1. We, of course, continue to recommend a dLink Router/Firewall. Low Cost: $35 WBR-2310  Better: DIR-825  Best: DGL-4500 []
  2. We recommend the free SipAgent client for Android devices and the commercial Acrobits Softphone for iPods and iPads. []
  3. Adding an entry like the following would dramatically reduce the likelihood of a SIP attack: -A INPUT -p udp -m udp -s 141.146.0.0/255.255.0.0 --dport 5000:5082 -j ACCEPT []

The Incredible PBX: Adding Multiple Google Voice Trunks

blankAbout the only drawback to Google Voice's free U.S. and Canada calling with the Incredible PBX has been the fact that you could only make one outbound call at a time... at least on Google's nickel. So today we'll fix that, and you can enjoy simultaneous outbound calls using as many Google Voice trunks as you have signed up for. If you're in the U.S., you're eligible and no invitation is required. Just head over to the Google Voice site to register.

Today's Incredible PBX enhancement also will permit you to set up multiple inbound DIDs for different area codes across the country which may save your out-of-town friends and relatives a little change when they want to contact you. And to think we had $200 a month phone bills in our college days just to call the hometown honey. The wonders of modern technology!

Prerequisites. Here's what you'll need to get started today. First, you need a functioning Incredible PBX. So start by installing Incredible PBX. Second, you'll need a second Google Voice account. And finally, you'll need an additional SIPgate One number.

Installation Assumptions. We'll walk you through the steps to get a second account activated with the Incredible PBX. If you need more than two, just repeat the steps below and substitute a new number for 2 in every step. As with baking cookies, if you skip a step, the cookies taste like crap. 🙂 For security reasons, we're using an additional SIPgate One account for the second setup. This avoids having to open up SIP access in your firewall which would require additional locking down of IPtables to specific SIP IP addresses.

Setting Up New SIPgate and Google Voice Accounts. As was true with the initial Incredible PBX setup, the first steps in activating a second line are to create and configure your SIPgate account and then tie that number into your new Google Voice account. For ease of reference, we've repeated below the pertinent portions of the original Nerd Vittles article.

blankConfiguring SIPgate. If you live in the U.S. and have a cellphone, we'd recommend the SIPgate option since no adjustment of your hardware-based firewall is required. Otherwise, skip to the IPkall setup below. Step #1 is to request a SIPgate invite at this link. You'll need to enter your U.S. cellphone number to receive the SMS message with your invitation code. Don't worry. You can erase your cellphone number from your account once it is set up and working properly. Once you receive the invite code, enter it and choose the option to set up a residential account. Next, choose a phone number and write it down. The area code really doesn't matter because Google Voice is the only one that will be calling this number after we get things set up. For now, leave your cellphone number in place so that you can receive your confirmation call from Google Voice in the next step. After that, you'll want to revisit SIPgate and remove all parallel calling numbers. Finally, click on the Settings link and write down your SIP ID and SIP Password. You'll need these in a few minutes to complete the configuration of The Incredible PBX. Now place a call to your new SIPgate number and make certain that your cellphone rings before proceeding.

blankConfiguring Google Voice. Once you've signed up for a new Google Voice account, choose a telephone number and plug in your new SIPgate number as the destination for your Google Voice calls and choose Office as the Phone Type.

Google Voice will place a test call to your number which SIPgate will forward to your cellphone. Enter the two-digit code that's displayed when you're prompted to do so.

While you're still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call Screening - OFF
  • Call Presentation - OFF
  • Caller ID (In) - Display Caller's Number
  • Caller ID (Out) - Don't Change Anything
  • Do Not Disturb - OFF

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Once you've confirmed your Google Voice number, revisit SIPgate and remove all parallel calling numbers including your cell number. Be sure you've written down your SIPid and SIPpassword while you're there!

FreePBX Overview. Don't be intimidated by the FreePBX setup instructions which follow. All we're really doing is cloning the original pieces of information that made Google Voice work in the initial Incredible PBX setup. For most of the items, we'll just tack a 2 onto the names previously used. Nothing prevents your adding 3, 4, and 5 accounts down the road if you have additional Google Voice and SIPgate accounts to support each iteration.

To begin, use a web browser to open FreePBX on your Incredible PBX. Using the actual private IP address of your server, go to the following link: http://192.168.0.33/admin.

Adding Parking Lot Slots. As originally configured, the Incredible PBX provides 5 parking lot slots for use on your PBX. These are numbers that let you temporarily "park" calls so that they can be picked up on another extension. One of those slots (75) is used by the Incredible PBX to place outbound Google Voice calls. If you want the ability to place simultaneous outbound Google Voice calls using multiple trunks, then we need additional parking lot slots for each simultaneous call. We recommend bumping up the number of parking lot slots from 5 to 9. Then you can use 75-79 for up to 5 simultaneous outbound calls with Google Voice. Here's how. In FreePBX, choose Setup, Parking Lot, Number of Slots: 9. Your entries should look like this screen shot:

blank

When you've made the change, click Submit Changes, Apply Configuration Changes, Continue with Reload.

Creating Additional Custom Destinations. You'll recall that Google Voice actually places two calls when you make an outbound call. First, Google Voice calls you back. Then Google Voice places a call to your desired destination. The callback to you is handled transparently in Incredible PBX using pygooglevoice and Asterisk®'s parking lot feature. To handle multiple simultaneous calls, you'll need additional custom destinations. Here's how. In FreePBX, choose Tools, Custom Destinations, Add Custom Destination. Then make your new entries for custom-park2 look like this:

blank

When you've made the entries and carefully checked them, click Submit Changes, Apply Configuration Changes, Continue with Reload.

Creating Additional Inbound Routes. Now we need an additional Inbound Route to handle the second incoming call generated by Google Voice. Here's how. In FreePBX, choose Setup, Inbound Routes, Add Incoming Route, gv-ringback2. Make the entries shown in the screenshot below substituting your 10-digit SIPgate/IPkall and Google Voice numbers in the appropriate fields. Be sure to choose Custom GV-Park2 as the Custom Destination for this Inbound Route. Check your entries carefully, a typo here will kill completion of the calls!

blank

When you've made the entries and carefully checked them, click Submit, Apply Configuration Changes, Continue with Reload.

Creating Additional Custom Trunks. With every telephony provider, Asterisk needs a Trunk. In the case of Google Voice, we need a Custom Trunk for each Google Voice number to be used on your Incredible PBX. Think of a trunk as the bucket where Asterisk dumps an outbound call for processing. Two calls require two buckets. Three calls, three buckets. And so on. Well, that's almost true. Some providers can handle multiple calls, but Google Voice doesn't. So we need to make two changes in your trunk setup. First, we'll adjust the original Custom Trunk for Google Voice and limit it to one simultaneous call at a time. Then, we'll add a new Custom Trunk to support the second Google Voice account. Here's how.

In FreePBX, choose Setup, Trunks. In the right column, you'll see a list of all your existing trunks. Click on the second entry that looks like this: local/$OUTNUM$@ (custom). Be sure the Custom Dial String looks like what is shown below. If not, choose another trunk until you find the right one. Then make an entry of 1 in the Maximum Channels field:

blank

When you've made the entry and carefully checked it, click Submit Changes, Apply Configuration Changes, Continue with Reload.

Now we're ready to Add the additional Custom Trunk. In FreePBX, choose Setup, Trunks, Add Custom Trunk. Make your entries look like what's shown below:

blank

When you've made the Maximum Channels and Custom Dial String entries shown above and carefully checked them, click Submit Changes, Apply Configuration Changes, Continue with Reload.

Creating Additional Outbound Routes. FreePBX uses Outbound Routes to do just what the name implies: to route outbound calls to their destination. Outbound Routes are processed in the order in which they appear in the FreePBX Outbound Routes listing. We need to make three changes in the Outbound Routes processing to support a second Google Voice call path. First, we want to modify the existing Default Outbound Route to accommodate the second Google Voice account. Second, we want to add a new Outbound Route for the second Google Voice account so that calls can be placed directly with this route using a different dialing prefix. You'll recall that Google Voice calls in the Incredible PBX can optionally be dialed using the 48 prefix followed by a 10-digit number. The 48 spells GV on the phone key pad. So we'll add a new Outbound Route with a 482 (GV2) prefix which will tell Asterisk to route these calls out using the second Google Voice account. These prefixes can be anything you desire incidentally. Third, we'll need to move this new route UP the routes list so that it appears above and gets processed before the Default route. Here's how.

In FreePBX, choose Setup, Outbound Routes, Default. In the blank Trunk Sequence pulldown, choose the following entry: local/$OUTNUM#@custom-gv2. Now click the Add button. This should leave you with 3 outbound routes numbered 0, 1, and 2. Be sure your entries match the following:

blank

When you've made the entry and carefully checked it, click Submit Changes, Apply Configuration Changes, Continue with Reload.

Now we're ready to add a new Outbound Route to support a custom dialing prefix for the second Google Voice account. In FreePBX, choose Setup, Outbound Routes. In the Add Route form, make the following entries:

blank

When you've made the entries, click Submit Changes, Apply Configuration Changes, Continue with Reload.

Finally, look at the listing of Routes in the Right Margin. Using the arrow beside GoogleVoice2, move it up until it is just beneath the GoogleVoice entry. Then click Apply Config Changes, Continue with Reload.

Adding Additional SIPgate Trunks. If you set up your Incredible PBX originally using IPkall, then there already will be a sipgate trunk that can be used for this second line. Otherwise, you'll need to create a new sipgate2 trunk and clone the setup from the original sipgate trunk. Within FreePBX, goto Setup, Trunks and either Add a new SIP trunk or edit the existing sipgate trunk if it isn't already in use. If this is a newly added trunk, enter sipgate2 as the Trunk Name. The PEER Details under Outgoing Settings should be added so they look like this (substituting your actual SIPid and SIPpassword that were obtained from the SIPgate registration page:

type=peer
username=SIPid
fromuser=SIPid
secret=SIPpassword
context=from-trunk
host=sipgate.com
fromdomain=sipgate.com
insecure=very
caninvite=no
canreinvite=no
nat=yes
disallow=all
allow=ulaw&alaw

Blank out any data that's entered in the Incoming Settings section of the form. Then enter a Registration String with your actual SIPid, SIPpassword, and 10-digit SIPgate phone number:

SIPid:SIPpassword@sipgate.com/SIPphonenumber

Check your entries carefully for typos. Then click Submit Changes, Apply Configuration Changes, Continue with Reload.

Now is a good time to check and be sure the new SIPgate trunk registered with SIPgate. In FreePBX, choose Tools, Asterisk Info, SIP Info. Your newly created SIPgate trunk should display as Registered. If it says Request Sent, then you've got a typo in your credentials.

That takes care of all the FreePBX settings needed to support a second Google Voice number. Now we just need to add a chunk of dialplan code to Asterisk and restart Asterisk. Then you'll be ready to go. All of this is handled by a simple Nerd Vittles script so... not to worry! It's easy.

Adding Dialplan Code for Additional Trunks. Log into your server as root, and issue the following commands to download and run the dialplan configuration script. For future reference, be advised that there are configuration scripts for gv2, gv3, gv4, and gv5 with corresponding names.

cd /root
wget http://incrediblepbx.com/configure-gv2
chmod +x configure-gv2
./configure-gv2

When prompted, enter your 10-digit Google Voice phone number, your Google Voice email address, your Google Voice password, and your 10-digit SIPgate RingBack number. Check your work and then press the Enter key to adjust your dialplan and reload Asterisk. You now have a 2-line Incredible PBX. Enjoy!

The Incredible PBX: Basic Installation Guide

Adding Skype to The Incredible PBX

Adding Incredible Backup... and Restore to The Incredible PBX

Adding Remotes, Preserving Security with The Incredible PBX

Remote Phone Meets Travelin' Man with The Incredible PBX

Continue reading Basic Installation Guide, Part II.

Continue reading Basic Installation Guide, Part III.

Continue reading Basic Installation Guide, Part IV.

blankSupport Issues. With any application as sophisticated as this one, you're bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It's the best Asterisk tech support site in the business, and it's all free! We maintain a thread with the latest Patches and Bug Fixes for Incredible PBX. Please have a look. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of ordinary users just like you. So you won't have to wait long for an answer to your questions.


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

CallerID Superfecta 2.2.2: International CNAM Directories

blankUnlike Willie Nelson, we’ve always nurtured our software projects hoping some would grow up to be cowboys. Thanks to Tony Shiffer, Jeremy Jacobs, and a whole host of new contributors (Patrick, Zorka, Nixi, UKstevef, and others), nothing even comes close to the success that CallerID Superfecta has enjoyed. What began as Asterisk® CallerID lookups from three sources with the original CallerID Trifecta four short years ago now provides an astonishing 27 CallerID lookup sources from around the world in the latest CallerID Superfecta 2.2.2. And the real beauty of this new beast is the utility permitting new lookup sources to be added without any further software modifications. That’s the tip of the iceberg.

For those that are new VoIP telephony, a brief history lesson will get you up to speed. When you make a phone call, telephone providers have traditionally passed your CallerID number to the receiving carrier while throwing your CallerID name in the bit bucket. The duty fell on the receiving carrier to look up your name in its directory and associate it with the CallerID number for delivery to the receiving telephone. If this sounds absolutely crazy, you’d be right. Who is in a better position to know the name of the calling party: the company initiating the call or the company receiving the call? Duh! That, of course, ignores the fact that the Bell System in particular was in monopoly preservation mode. Since they initially owned both companies, it really didn’t matter. Well, it does today and government regulators for some reason have completely missed this last vestige of the Good Old Boys telephone network. Does it make any sense that over half the phones in the world are mobile phones and you never know who’s calling? </rant>

When VoIP telephony came along, we obviously had to do something about that. Thus was born the CallerID Trifecta, an Asterisk/FreePBX tool allowing you to associate names with phone numbers using your computer and publicly available resources on the Internet. Version 2.2.1 introduced worldwide CallerID lookups. Unfortunately, there was a big gotcha. Some names in other countries use special non-ASCII characters, and delivery of those characters to some telephones sent the phones into the ozone. Not exactly our problem (HINT!), but folks did still want their phones to work. 🙄 CallerID Superfecta 2.2.2 fixes that by adjusting special characters to pure ASCII until the phone manufacturers catch up with the times.

blank

The CallerID Superfecta Design. As originally implemented, CallerID Superfecta let you choose one or more lookup sources for incoming CallerID numbers. When an inbound call arrived, the sources were queried in a specified order, and the first source that provided a matching CallerID name won. The CNAM search result was returned to Asterisk for display on your phone instruments, and the lookup procedure ended. The problem with the original design was that newer and better lookup providers continued to appear so the hard-coded search order wasn’t necessarily ideal for every user or organization, and the providers kept changing formats to make lookups more challenging. In addition, when you receive a call from another country, it made little sense to look up that number in directories in which it obviously would not appear. CallerID Superfecta 2.2.2 fixes that with its new CallerID Schemes support. This lets you tailor CallerID lookups based upon dial strings just as you would do with FreePBX inbound and outbound routes.

What Else Is New? For openers there are a number of new lookup sources as well as some tweaks to older sources that stamped out a few (more) bugs from our previous, sloppy code. 🙂 You’ll also note there’s a new checkbox to Check for New Lookup Sources Online. This lets you easily import all the new lookup sources as they are added to the repository. The web user interface (UI) for FreePBX also has been reworked. You can prioritize the lookups in the order that best meets your needs, and you can tailor lookup sources to match specific CallerID number sequences. There’s also a debug function built directly into the web user interface. By entering a telephone number in the debug field and pressing the debug button on the form, the results from your selected lookup sources together with the latency of each enabled data source can be displayed on the form for you to review. This debug function greatly enhances troubleshooting while serving as a terrific tool to assist you in fine tuning which providers to actually enable and in what order. Providers who can’t be reached, or who perform too slowly, or who provide lousy results can be turned off completely or moved to the bottom of the search order. Finally, CallerID Superfecta 2.2.2 introduces prefix code hooks. This gives developers the ability to trigger an additional outside process when the Caller ID function is initiated. For example, this feature might be used in a call center to allow the system to automatically perform an ODBC query and bring up a customer record for use by a customer service representative.

Installing CallerID Superfecta 2.2.2 Installation or upgrade should be a snap on any of the FreePBX-based Asterisk aggregations including PBX in a Flash, trixbox, and Elastix. First, using a browser on your desktop PC, download CallerID Superfecta 2.2.2 from the Superfecta repository. Do not decompress the .tgz archive. Second, open FreePBX with your browser and choose Admin, Module Admin, Upload Module. Browse and select the superfecta-2.x.x.tgz module from your desktop and click the Upload button. When the upload completes, click local module administration. Scroll down and click CID Superfecta. Click the Install or Upgrade radio button depending upon whether you have previously installed the Superfecta FreePBX module. Click Process, Confirm, Return to install the new module. Reload the Asterisk dialplan when prompted.

Configuring CallerID Superfecta 2.2.2. There really are only two steps to bring CallerID Superfecta on line. First , we’ll configure the lookup sources and search order of the lookups. And then, for each inbound route on your Asterisk system, we’ll tell FreePBX to use CallerID Superfecta as the CallerID lookup source.

blank


To configure CallerID Superfecta, click Admin, Setup, CID Superfecta in FreePBX. If you’re using PBX in a Flash or trixbox, be sure to insert the UserName maint and your FreePBX maint password in the fields provided under General Options. Then choose the Services you’d like to use for queries by clicking on the corresponding Enabled buttons. For those in the U.S., if you’re unfamiliar with previous versions of the product, we’d recommend you start with Addresses, White Pages, Yellow Pages, Any Who, and Telco Data. If you use the Asterisk Phonebook, AsteriDex, or SugarCRM, enable those options as well. Our rule of thumb in prioritizing the searches is to move your personal directories (Asterisk Phonebook, AsteriDex, and SugarCRM) to the top of the list. For the remaining choices, we recommend you start with the following search order: Addresses, White Pages, Yellow Pages, Any Who, and then Telco Data. Telco Data normally returns only the city and state of the caller, not the caller’s name. Who Called requires registration. Once you get everything squared away, click the Save button. Then key in a few known phone numbers in the Debug section of the form and click the Debug button to make sure everything is working as you expected. Take note of the retrieval times and the results and adjust the search order to meet your needs. Remember, the first match on a name using the search sources from top to bottom wins. The other search sources are never consulted for this number.

For additional configuration options and tips on configuring SugarCRM, see this thread on the PBX in a Flash Forum.

Once you’re satisfied with your lookup sources and the search order, the only remaining step is to designate CID Superfecta as the CallerID lookup source in your inbound routes. For each inbound route on which you want CallerID lookups performed, click Admin, Setup, Inbound Routes and choose the desired route from the column of routes on the right margin. Scroll to the CID Lookup Source section of the form and choose CID Superfecta from the dropdown box. Click Submit, Apply Config Changes, Continue to save your entry.

Adding Support for More Countries. So… here’s the challenge. We need to finish the rest of the world. If your country is not yet supported in the following list of directories, do us all a favor and post a comment with a good Internet source for reverse name directory lookups in your area of the globe. This means you can plug in a phone number and the directory will return the name of the person or business associated with that number. Even if you’re not a programmer, providing this information will assist greatly in making even more sources available to everyone down the road. Here’s the list as it stands today:

blank

Adding Your Number to Directories. We know some of you are wondering how to get your VoIP number or Google Voice number added to the phone directories. It’s easy at least in the United States! Just go to www.listyourself.net and sign up. Enjoy!


Twitter Feeds on Nerd Vittles. If you glance over to the right column just above the Google Maps, you’ll see the current Twitter feed for @NerdUno. But did you know you also can read anyone else’s tweets or list from the same UI? Just scroll to the bottom of the frame and try one of these: voipusers (for the VoIP Users Conference feed) or voipusers/voip-users-conference (for recent tweets from all members of VUC). No need to type @. We’ll handle that keystroke for you. 🙂


Enhanced Google Maps. In case you haven’t noticed, we’ve added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We’ll show you how to add something similar to any LAMP-based Linux system in coming weeks. It’s a powerful technology that has enormous potential. If you’re unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest…

Welcome to IP Country: A New Layer of Asterisk Security

image courtesy of fail2ban.org One of the problems with writing a blog like Nerd Vittles is it's more than double the work of your typical blog where a writer pontificates about something and then moves on. What makes Nerd Vittles a little different is that, with help from a number of very gifted developers, we actually create useful applications and then write about how to use them. So you get a bonus for the same low price: free! This obviously imposes some time constraints in order to get fresh material into your hot little hands every week.

This week we turn our attention to Asterisk® Security again and unfortunately the Whole Enchilada is not yet ready. So today you get Chapter I of this topic with a comment that we're still mulling over some enhancements. When those pieces are finished or at least properly evaluated, we'll produce a sequel. Software houses spend years developing applications. And sometimes it takes us more than a week. 🙂

Let's start with a few observations which should be quite obvious to those who have wrestled with VoIP or Asterisk for a while. Internet security is a bitch. And Asterisk security is much, much worse. When a few disgruntled people can bring Twitter to its knees because they're mad about some particular tweet or Twitter user, it tells you what we're all up against. Hate to say it but we can all thank Microsoft for years of security neglect that rendered the Windows operating system less than optimum in preventing the spread and deployment of BOTs. And the tools have gotten more dangerous as well. Strangers (our euphemism for these folks) write new software, too. blank

If you're using PBX in a Flash (and you really should be!), you know that we've devoted enormous resources to Asterisk security. Two years ago when PBX in a Flash was introduced, the majority of people using Asterisk still were using 1234 as the extension password on all or most of their extensions. A couple $100,000 phone bills and lots of public education, and that situation hopefully is behind us. Two years ago, no Asterisk aggregation included a firewall... except PBX in a Flash. Believe it or not, there were individuals running Asterisk servers on the public Internet with a default root password of password. That added more than a few more BOTs to the Internet kettle of fish. Then there were the brute force password hacks that hit Asterisk servers thousands of times per minute guessing passwords. Nothing stood in the way of these attacks until PBX in a Flash introduced Fail2Ban which automatically blacklisted IP addresses after a certain number of failed login attempts. We followed Fail2Ban with our Atomic Flash product which provided a turnkey Hamachi VPN implementation for rock-solid safe remote computing. And, of course, there was a one-minute Hamachi VPN install script for standard PBX in a Flash systems. No other aggregation has it to this day.

The purpose of the history lesson isn't to crow about PBX in a Flash although we're mighty proud of it. Rather we wanted to make you aware that precious little development effort is actually going into security while enormous resources are devoted to things such as Internet faxing, Skype, and Google Voice integration. We'll be the first to admit that we love the latest gee whiz gizmos as much as anybody. But come on. A handful of us who do this purely for fun somehow manage to turn out loads of security enhancements while huge, for-profit companies are devoting virtually zero resources to making Asterisk, SIP, and the VoIP community safer. SIP is about as secure as whispering at a movie theater. Google releases Google Voice with SIP access protected by a 4-digit password. 🙄 That approach to security needs to change, or we're all going to wake up sorry one day soon. If this is preaching to the choir, then feel free to pass this article on to one of your brethren who has not yet seen the light! Start by reading our Primer on Asterisk Security.

If you have extremely secure passwords on your Asterisk extensions and trunks, and you have deployed a properly configured firewall with Fail2Ban to protect against brute force attacks, then you're ahead of the curve insofar as Asterisk security is concerned. But what we think is still missing is access restrictions based upon what the military calls a "need to know." Simply stated, it means folks shouldn't get access of any kind to your Asterisk server unless they have a need to be there. And, if we find someone there that doesn't belong, they should be kicked off and banned from further access.

So today we have a new security tool for your Asterisk toolbox: IP Country, country-based network filtering by IP address. In a nutshell, it means configuring your Asterisk server to dramatically reduce the number of IP addresses which can reach your server at all. If you receive anonymous SIP connections from all around the globe that you actually need or if you're attacked from a BOT running on grandma's Windows machine down the block, this may not work for you, but it's another tool in your quiver of arrows. For most servers, it has the potential to reduce the vulnerability from random outside threats substantially. It's taken a lot of research to come up with much of what follows, and we want to express our special thanks to Sandro Gauci and Joe Roper for their assistance. Some of this technology has been around for many years, but unfortunately it was expensive. So we also want to express our special appreciation to MaxMind for releasing their open source GeoLite Country database which is now free for downloading. That is the critical ingredient in much of what follows. So here's a word from our sponsor:

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

Scope of Protection. An obvious question is just exactly what are we trying to protect. In our view, it's several things. First, we don't want strangers logging in to extensions on our server and making free calls around the globe using pilfered or hacked passwords. We also don't want strangers using our extensions to masquerade as us for any other purpose. Second, we don't want strangers randomly calling our server using SIP URI's that they've dreamed up. And third, we don't want strangers accessing any other applications on our server including SSH and FTP as well as web and email services.

IP Country Design. As with other security features in Asterisk, FreePBX, and IPtables, our implementation of IP Country uses permit and deny access tables that consist of authorized and unauthorized ranges of IP addresses. There's also a table with the latest GeoLite Country information which is used as the data source for your permit table. When a connection to the server is made, the IP address is checked against the permit table of authorized addresses. If there's no match, we'll consider the connection a stranger. If there is a match, then we'll check the deny table to make certain this particular IP address hasn't been banned. Unless you alter all of our scripts, your system must be using the default MySQL account name of root with a password of passw0rd. As configured in PBX in a Flash, this is NOT a security risk since MySQL access is limited to your server, and your server requires root credentials to log in.

Today's Objective. To get everyone started, we're going to tackle the first two objectives today. The solutions offered should work fine on any FreePBX-based Asterisk system... even those that hide the existence of FreePBX.

For outgoing calls, we'll introduce a new script which runs periodically to examine the IP addresses attached to every SIP and IAX extension and trunk on your Asterisk server. If a stranger's IP address is identified (as explained above), we'll add an IPtables firewall rule to permanently block access to your server from this IP address. These rules are stored in /etc/sysconfig/iptables should you ever need to remove an IP address that has been blocked. You can adjust the script execution frequency based upon the thickness of your wallet. After all, it's your phone bill. This functionality is mutually independent from the incoming call protection outlined below so you can use either or both of the functions to meet your own requirements. For systems that use enormous numbers of SIP URI's for communications around the globe, you might choose to implement just this piece for extension and trunk IP Country protection without altering your incoming dialplan at all. Keep in mind that FreePBX now supports permit and deny IP address filters on extensions, something you really should be using even if you decide against implementing the IP Country security protection layer.

For incoming calls, we're going to modify FreePBX's existing Blacklist functionality to also look up the calling IP address in our IP Country permit and deny tables. If the IP address is authorized, the call will go through. Otherwise, the call will be treated just as if the caller's number were blacklisted. Be aware that incoming calls to one of your commercial DIDs may reflect the IP address of your provider since the caller may be calling from a Plain Old Telephone rather than an IP address. The existing Blacklist functionality can be used to block these unwanted callers. If you live in the United States, you'll probably also want to call 888-382-1222 and place your DIDs in the Do Not Call database. Just call from a phone using the CallerID of the number you wish to block.

Installing GeoLite Country. To get started, log into your server as root and issue the following commands:

cd /
wget http://bestof.nerdvittles.com/applications/ipcountry/ipcountry.tgz
tar zxvf ipcountry.tgz
rm ipcountry.tgz
cd /root/ipcountry
./nv-ipcountry

Once the nv-ipcountry script begins to run, it will download and install the GeoLite Country database into MySQL. You then will be asked whether to add countries to your permit table. Since your permit table is empty at this point, the answer should be yes. You'll then get a list of country codes. Choose the two-character country code desired and type it in UPPERCASE, e.g. US. If you want to add one or more additional countries, just rerun ./nv-ipcountry and do NOT initialize the permit table (which erases all of its contents).

New GeoLite Country databases are released every month or two so get used to the procedure. You'll be using it periodically to keep your list of IP addresses current. We'll cover the update procedure after we get you up and running.

Remember: If no IP addresses for any country are added to the permit table, you will not be able to make calls or register trunks with your providers! The only default entries added to the permit table are the non-routable, private IP address ranges, e.g. 192.168.0, etc. The geolite table is merely a data repository of the latest GeoLite Country database and has no effect on the daily operation of your system! You use it only as a data source for populating your permit table.

Testing IP Country. Before we actually turn anything on, we need to be sure we're not going to blow your Asterisk system out of the water! In short, we want to make sure that every extension that's supposed to be able to make a connection to your PBX still can. And we need to make sure all of your trunk registrations still are working. While you're still in the /root/ipcountry directory, issue the following command: ./test.sh. This script will display all of your SIP and IAX connections and then will tell you whether each connection will pass muster with IP Country security in place. Each IP address should display ok. If any of them show ko, you have a problem. This means that you have an extension or trunk with an IP address that is not included in your permit table. You can scan through the show peers listings in the display to figure out which providers or extensions are associated with any problem IP addresses. Be sure it's not a bad guy first. Then you have a couple of options. You can either manually add the IP address to the permit table as outlined below. Or you can add additional countries which include the missing IP address(es). To decipher the country of any problem IP address, go to this link and plug in the IP address. Once you've made entries in your permit table to cover all of your needed IP addresses, run the test script again just to be sure everything shows ok. Do NOT proceed until you get all ok's, and don't write us if you do.

Manually Adding IP Addresses to IP Country. We've provided a command-line utility which makes it easy to add IP addresses and address ranges to either the permit or deny tables of IP Country. Be very careful using this tool! There's limited error-checking which means it's easy to create a mess. You'll find iputility.php in the /root/ipcountry folder. Since all IP addresses are stored as integers, you can use it to merely discover the integer value of an IP address, or you can actually insert IP addresses into either the permit or deny tables. Here are a few examples to show how the utility works:

./iputility.php 156.130.20.10
Returns the integer value for this IP address; no database update
./iputility.php 156.130.20.10 156.130.20.255
Returns integer values for this IP address range; no database update
./iputility.php 156.130.20.10 deny
Adds this IP address to IP Country deny table
./iputility.php 156.130.20.10 156.130.20.255 permit
Adds this address range to IP Country permit table)

A couple of points worth noting. First, all custom entries in your permit and deny tables using iputility will show a country code of AA. This makes them easy to find using phpMyAdmin if you make a mistake. Second, if you attempt to enter the same IP address range more than once, you'll get a database error since all entries in the tables must be unique. Third, remember that entries in the deny table take precedence over entries in the permit table. So, if the same IP address or address range is in both tables, access will be denied. The reason for this is to make it easy to exclude a few bad apples from a country that you might otherwise find unobjectionable. Finally, keep in mind that manual entries added to the permit table will have to be added again each time you initialize the table and insert new country IP codes after a GeoLite Country refresh. The deny table is unaffected by database refreshes. So make yourself a list of entries you manually insert into the permit table and keep it in a safe place for future reference.

Activating the IP Address Checker. In the /root/ipcountry directory, you'll find the script that we'll use to check your system periodically to be sure all of the extensions and trunks are registered at permitted IP addresses. To run the script manually, log into your server as root and type: /root/ipcountry/ip-checker.sh. When you run it, you shouldn't see any modifications to IPtables, just a string of ok's. So now we want to added the script as a cron job that will be run periodically to watch your system. Edit /etc/crontab and insert the following line at the bottom of the file:

*/1 * * * * /root/ipcountry/ip-checker.sh > /dev/null

*/1 means run the script once a minute, all day and night, every day. */5 means every 5 minutes. You make the call on how safe you'd like your system to be. If you'd like to receive an email or text message every time an IP address is blocked by ip-checker.sh, just edit the filecheck.php script, uncomment the two lines that begin with // and replace yourname@gmail.com with your email or text message address.

WARNING: For ip-checker.sh to work properly with IPtables, there are a couple of prerequisites. First, IPtables must be running on your system with the iptables file located in /etc/sysconfig. Second, your IPtables setup must include an SSH permit rule that looks like this:

-A INPUT -p tcp -m tcp --dport ssh -j ACCEPT

We use this rule as a place finder to determine where to insert new rules to block stranger's IP addresses. If you don't have the above rule, filecheck.php (used by ip-checker.sh) won't be able to insert new rules. So you'll need to manually edit filecheck.php to provide a "hook" that can be used to insert rules into your iptables file. PBX in a Flash systems come preconfigured to support this. With other aggregations, YMMV!

Activating the Incoming Call Checker. To screen incoming calls using your IP Country permit and deny tables, the setup is straight-forward assuming you are running the latest version of FreePBX 2.5. We're going to adjust the Blacklist context to also perform IP address lookups from IP Country when new calls arrive on your PBX. Just log into your server as root and add the following lines to the bottom of the extensions_override_freepbx.conf file in /etc/asterisk:

[app-blacklist-check]
include => app-blacklist-check-custom
exten => s,1,LookupBlacklist()
exten => s,n,GotoIf($["${LOOKUPBLSTATUS}"="FOUND"]?blacklisted)
exten => s,n,Set(TESTAT=${CUT(SIP_HEADER(From),@,2)})
exten => s,n,GotoIf($["${TESTAT}" != ""]?hasat)
exten => s,n,Set(FROM_IP=${CUT(CUT(SIP_HEADER(From),>,1),:,2)})
exten => s,n,Goto(gotip)
exten => s,n(hasat),Set(FROM_IP=${CUT(CUT(CUT(SIP_HEADER(From),@,2),>,1),:,1)})
exten => s,n(gotip),NoOp(Gateway IP is ${FROM_IP})
exten => s,n,NoOp(IP Country Lookup in Progress...)
; put authorized special calls like sipgate's Google Voice ringbacks below
exten => s,n,GotoIf($["${FROM_IP}"="sipgate.com"]?keepon)
exten => s,n,AGI(nv-ipcountry.php|${FROM_IP})
exten => s,n,GotoIf($["${STRANGER}"="true"]?blacklisted)
exten => s,n(keepon),NoOp(** AUTHORIZED CALLER **)
exten => s,n,Return()
exten => s,n(blacklisted),Answer
exten => s,n,Wait(1)
exten => s,n,Zapateller()
exten => s,n,Playback(ss-noservice)
exten => s,n,Hangup

Make sure you remove the line-wrap in the s,n(hasat) line and any others that may have wrapped in the display above! Then save the file and reload your Asterisk dialplan: asterisk -rx "dialplan reload". You're all set! If you'd like email notices when a stranger calls and is blacklisted, edit nv-ipcountry.php in /var/lib/asterisk/agi-bin. Plug in your actual email address in the $email variable and set $emailalerts = 1.

Housekeeping 101. As we mentioned above, the pool and location of IP addresses continues to change so periodic updates are necessary, or you'll end up blocking calls that otherwise should be permitted. MaxMind updates GeoLite Country on the first day of every month so add it to your TO-DO list. We strongly recommend that you perform these steps through an SSH connection from a remote PC. Why? Because, if you forget step 1 while logged directly into your server, you could inadvertently lock yourself out of your own system if the ip-checker script happens to run while your permit table is empty. If you do it from a remote machine, you can simply move to another machine and follow these instructions properly. Otherwise, you've got a serious problem on your main server. If this server provides phones to your business, do the update when the server is idle. So here's the drill:

  1. Comment out the ip-checker.sh /etc/crontab entry
  2. Download new GeoLite Country database from MaxMind
  3. Initialize the ipcountry.permit table
  4. Add authorized countries back into ipcountry.permit table
  5. Add back any custom entries to permit table
  6. Test your IP Country system to make sure you get all ok's
  7. Reactivate ip-checker.sh in /etc/crontab

1. Log into your server as root. To comment out the ip-checker.sh line in /etc/crontab, just add # as the first character on the line and save the file.

2. Change to the /root/ipcountry directory and run ./nv-GeoIPrefresh.

3. While still in the /root/ipcountry directory, run ./nv-ipcountry and choose 1-Yes to initialize your ipcountry.permit table.

4. Continue running or rerun ./nv-ipcountry to add each desired country to your ipcountry.permit table.

5. Run ./iputility.php to add custom IP address entries to your ipcountry.permit table. You do NOT need to reenter addresses in the deny table. It is unaffected by this update procedure.

6. Test your system again to make sure all extensions and trunks get an ok by running ./test.sh.

7. Edit /etc/crontab and remove the # at the beginning of the ip-checker.sh line and save the file.

What's Next. We're still exploring another possibility with IP Country, and that is integrating GeoLite Country directly into IPtables. This would validate every packet coming into your firewall using IP Country-like rules in IPtables. If you want to look at how it could be done, see this excellent writeup. Well, not so fast. Unfortunately, it won't compile under CentOS 5.2. Here's a link to the problem code if there are any Linux gurus in the house. Our reluctance in doing this has to do with performance. Keep in mind that, without stateful packet inspection, every single packet coming into your server would presumably trigger a database lookup. On a busy telephony system generating hundreds of thousands of packets per second, it would take a beast of a server with sufficient memory to cache the entire IP Country database in order to handle the processing load. So now we've got to either learn about or find an expert on the IPtables State Machine. If anyone wants to experiment, please share your expertise with the rest of us. There's a Google Voice invite in it for you, too.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...

Tweaking Asterisk for Free Google Voice Calling

Lips from Google Now that the Asterisk® and Google Voice marriage is finally underway, we wanted to step back today and revise the original methodology a bit to take advantage of some of the terrific comments which were offered in response to our last article. First, the good news. U.S. calls through Google Voice using Asterisk work! They sound great, and they're free. The not so good news was that the MeetMe conferencing trick to join your outbound call with the Google Voice click-to-dial return call from your destination worked great so long as a real person answered the phone. But, if an answering machine picked up or no one answered the call at all, there were problems because these calls already had been transferred to the MeetMe conference and there was no simple way to disconnect them. And the need for two DIDs to support a single Google Voice interface just seemed a bit wasteful.

9/1/2010 Update: A good bit has changed with Google Voice since this article was first published. For the definitive guide and installation procedure, we highly recommend The Incredible PBX and accompanying article which can be found at this link. Google Voice (and much more) already is included in our new PBX which is literally Plug-and-Play. If you prefer to roll your own, be sure to also have a look at this excellent update on the Michigan Telephone Blog.

Today we want to try to eliminate these two quirks while stiill providing a seamless interface between Google Voice and Asterisk. We also appreciate that thousands of you already have implemented the previous approach. So we want your transition to the new way of doing things to be as painless as possible. On the other hand, for frequent readers, we hope you'll bear with us as we repeat some of what already has been covered in previous articles so new visitors don't have to jump around between articles to get the complete picture of what we're trying to accomplish.

The objective remains the same. We want a methodology that lets us make outbound calls from any Asterisk phone using the Google Voice service to take advantage of free calling in the United States and Canada. And we want calls to our Google Voice number delivered to our Asterisk system for transparent call processing. Yes, SIP is still on our wish list for both outbound and inbound calls with Google Voice, but we'll make do with PSTN calls particularly while Google is footing the bill for all of the calls.

Update: There's now a turnkey Asterisk solution that implements Google Voice calling without getting your hands dirty. Check out our new Orgasmatron V.

blankTweaked Design. Here's the new design. You obviously still need a free Google Voice account. If you don't have one, you can request an invite here. At last report, it's only taking a few days from application to invite which is really great news. Don't use a space in your Google Voice password! Once you have a Google Voice account and phone number (Google has reserved a million of them so... not to worry!), then you'll need a DID that provides unlimited, free incoming calls. Once you get your DID set up on your Asterisk system, we'll set up a forwarding phone number for this DID in your Google Voice account so that Google Voice calls can be connected to your Asterisk server.

For outbound calls, we'll combine a little dialplan voodoo with pygooglevoice to instruct Asterisk to place a click-to-dial call using your Google Voice forwarding number. Then we'll stuff in the destination U.S. phone number. When you dial GV-678-1234567 from any of your Asterisk phones, Asterisk will park your initial call in a reserved parking lot slot and then join the called party to the originally parked call. The entire procedure is virtually transparent both to the caller and the callee. And, unlike the MeetMe conference, the parking lot fades out of the picture as soon as the call is connected. Thus, if either party hangs up, the active channel for the call is terminated on your Asterisk server.

For inbound calls from your Google Voice number, we'll tweak the dialplan so that it can distinguish between a RingBack call that Google Voice initiated and a true inbound call. We'll peel off the real inbound calls and route them to a separate Inbound Route in FreePBX for processing in any way you desire.

Finally, for those that implemented the methodology in our previous article, we'll walk you through the steps to revise your existing setup to take advantage of these new tweaks. You can skip over the initial installation process if you already have gone through the Google Voice setup from our earlier article. Just skip down to Tweaking Previous Setups.

blankSpecial Thanks. At the outset, we again want to express our sincere appreciation to Jacob Feisley and Paul Marks for their pioneering work on a Python interface to Google Voice. We also stumbled upon another Python development project, Google Voice for Python. While we originally had planned to rely upon Jacob and Paul's script, we ultimately decided to implement pygooglevoice because of the additional flexibility it provided for down the road. With pygooglevoice, you not only can make Google Voice calls, but you also can send SMS messages with no muss or fuss. Jacob Feisley has now joined that project as well. So, our special tip of the hat goes to the entire Google Voice for Python development team. It's a terrific product as you will see.

Prerequisites. Today's setup requires a CentOS-based Asterisk aggregation with a current version of FreePBX. Be aware that today's solution requires Python 2.4 or higher and reportedly will not work with Python 2.3 found in some Linux distributions. We've tested everything with PBX in a Flash and, on that platform, you're good to go. The install script should work equally well with the other CentOS-based Asterisk aggregations, but we haven't tested them. Be our guest, and let us know if you encounter any problems. Finally, a word of caution. We don't ordinarily distribute solutions using development tools we don't use. Our knowledge of Python wouldn't fill a thimble. We've made an exception today because of the extraordinary interest in Google Voice by the Asterisk community. But, if something comes unglued, we can't fix it. So have a backup plan in place just in case. 🙂

Today's Drill. To get everything working today, there are six steps: (1) obtaining and configuring a DID to manage calls between Google Voice and Asterisk, (2) configuring a Google Voice forwarding number for this DID to manage your outbound and inbound calls, (3) configuring FreePBX to route all outbound calls with a GV prefix to your special Google Voice dialplan context, (4) configuring an inbound route to manage incoming calls from your Google Voice number, (5) setting up a series of Parked Call extensions, one of which will be used to manage your outbound Google Voice calls, and (6) running our install script which adds the dialplan code for Google Voice calling with your credentials and puts the Python application into place on your server. It sounds more complicated than it is. So hang on to your hat. Here we go!

blankDedicated DID. Before you can use Google Voice with Asterisk, you'll need a DID that can be dedicated to your Google Voice interface to Asterisk. We'd recommend a free IPkall or SIPgate DID. To get started, use one of the links above to obtain and configure the DID. Temporarily point the DID to an extension on your Asterisk system that can be used to verify your requests for the number. Since all of these calls are free, the area code of the DID really doesn't matter because you're never going to publish the fact that it exists.

The easiest method for setting up the DID is to first create a SIP URI for the DID on your Asterisk system. Next route the SIP URI to an Inbound Route in FreePBX where you can manage the destination for calls to that DID. Initially, you want the destination to be an extension on your Asterisk system that you can answer to verify both the DID setup and the GV setup below. Finally, point the DID you obtained to the SIP URI defined above.

HINT: The entry in extensions_override_freepbx.conf would look something like this for a SIP URI called ipkall-1:

exten => ipkall-1,1,Goto(from-trunk,${DID},1)

Then you would create an inbound route named ipkall-1 using FreePBX and designate some existing extension on your server as the destination for these inbound calls.

When you set up the SIP forwarding for the DID at ipkall.com, you'd specify the SIP URI as:

ipkall-1@ipaddress_of_your-Asterisk_server

We've previously covered in detail how to do this so read the article if you need a refresher course. To reiterate, the area code of this DID really doesn't matter because you're never going to give out the number. So use one of the free sources and save yourself some money. The real trick is you want to use a DID with unlimited, free inbound calls. Both IPkall and SIPgate provide that functionality at no cost.

blankGoogle Voice Setup. Log into your Google Voice account and click Settings, Phones, Add Another Phone. Add the area code and phone number of your DID. Be sure the DID is pointed to an extension on your PBX that you can answer since you have to go through Google's confirmation drill to successfully register the number. After the DID is confirmed, be sure there's a check mark beside this Google Voice destination so that incoming calls to your GV number will be routed to your Asterisk server.

While you're still in the Google Voice Setup, click on the General tab. Uncheck Enable Call Screening. Turn Call Presentation Off. And set CallerID to Display Caller's Number. Be aware that IPkall DIDs only forward your IPkall number as the CallerID number while SIPgate DIDs reportedly forward the actual number of the person calling you. If this matters to you, then you may prefer the SIPgate DID option. Finally, uncheck Do Not Disturb. Now click the Save Changes button.

Integrating Google Voice into Asterisk with FreePBX. Open FreePBX with a web browser and choose Setup, Trunks, Add Custom Trunk. Insert your GV number in the Outbound CallerID field and add the following Custom Dial String on the form and Submit Changes and reload the dialplan:

local/$OUTNUM$@custom-gv

Next, choose Setup, Outbound Routes, Add Route and fill in the following entries on the form:


Route Name: GoogleVoice
Dial Pattern: 48|NXXNXXXXXX
Trunk Seq: local/$OUTNUM$@custom-gv

blankInbound Routes. Next, we need two Inbound Routes to get everything working. In setting up your DID with IPkall or SIPgate, you already should have created one inbound route for that provider. It already should be routing calls to an extension on your PBX. Now we need to create a Custom Destination for this inbound route and then reroute these calls there. In that way, your RingBack calls will be routed to some special dialplan code that drops these calls into a custom parking lot where the RingBack call is married up to the extension from which you placed the original call. Then we need to create another inbound route to manage normal incoming calls that are forwarded to your PBX whenever someone dials your Google Voice number.

To begin, choose Tools, Custom Destinations, Add Custom Destination and add an entry like this and then click the Submit Changes button:

Custom Destination: custom-park,s,1
Description: Custom GV-Park

Next choose Setup, Inbound Route and click on the inbound route you created previously for IPkall or SIPgate. Change the destination for these calls to Custom Destination: Custom GV-Park.

Now click on Add Incoming Route and create a new route for your incoming Google Voice calls. Give it any description you like but, for the DID number, it must be gv-incoming. You can leave most of the other defaults. Just be sure you set a destination for your incoming calls from Google Voice. It could be an extension, ring group, IVR, or whatever best meets your needs. The important entry here is gv-incoming for the DID number. Click the Submit button to save your entries. Ignore the warning that you've entered an oddball DID. We know what we're doing. 🙂

blankSetting Up the Parking Lot. While still in FreePBX, we need to create or adjust your existing settings in Setup, Parking Lot. The parking lot is used by FreePBX to simulate old key telephones where you could place a call on hold and then someone else in the office could pick up the call by clicking on the blinking key on their phone. The Asterisk equivalent is to press the flash hook and dial your Parking Lot Extension which then places the call in a Parking Lot space and tells you what the space number is. Someone else then can dial the number of that space to pick up the call. Our little trick today works like this. When you place an outbound call through Google Voice, your extension will be dumped into a reserved parking lot space. When Google Voice initiates the RingBack call before connecting the destination number you've dialed, that call will be sent to the same reserved parking lot space. The two calls then are joined, and you'll hear the parking lot number followed by ring tones as your call is connected by GV to its final destination. Our special thanks to Richard Bateman for his comment on the previous article and this terrific tip! He wins an Atomic Flash installer from Nerd Vittles. In addition, A. Godong wins an Atomic Flash installer for his tip on consolidating two DIDs into a single DID to manage both inbound and outbound GV calls. Just send us your addresses.

Now, where were we? Most FreePBX systems have a default setup for the Parking Lot. What we need to do is be sure you have reserved one more space in the parking lot than you actually need for day to day operation of your PBX. We'll use the last parking lot space number to manage outbound calling through Google Voice. Our entries look like the following:

Enable Parking Lot Feature: checked
Parking Lot Extension: 70
Number of Slots: 5
Parking Timeout: 30 seconds
Parking Lot Context: parkedcalls

Destination for Orphaned Calls: Terminate Call: Hangup

If you use our setup above, the Magic Number is 75 which is the fifth slot in the Parking Lot. If you use a different Parking Lot extension or number of slots, here's how to calculate the Magic Number. Start counting the slots beginning with one more than the Parking Lot Extension. When you get to the last slot in the number of slots you've specified, that's your Parking Lot Magic Number. Write it down. You'll need it in a second when you run our GV installation script.

Save your entries and reload the Asterisk dialplan when prompted.

Integrating pygooglevoice. Now we're ready to complete the setup by running our revised script which loads pygooglevoice and sets up your dialplan in extensions_custom.conf. You'll need 5 pieces of information to run the script so write them down before you begin:

1. Your 10-digit Google Voice phone number
2. Your Google Voice email address
3. Your Google Voice password (no spaces!)
4. Your 11-digit RingBack DID (16781234567)
5. Your Parking Lot Magic Number

blankA word of caution: If you used a gMail address to set up your Google Voice account, it's possible to have different gMail and Google Voice passwords. For this to work, you'll need to enter your gMail password, not your Google Voice password (assuming they're different).

Now log into your Asterisk server as root and issue the following commands:

cd /root
wget http://bestof.nerdvittles.com/applications/gv/install-gv-new
chmod +x install-gv-new
./install-gv-new

Google Voice Speed Dials. For frequently called numbers, you can add speed dials by inserting entries in the [from-internal-custom] context of extensions_custom.conf that look like the example below where 333 is the speed dial number and 6781234567 is the area code and number to call. Be sure to reload your Asterisk dialplan to activate them.

exten => 333,1,Dial(local/6781234567@custom-gv,300)

Congratulations! You now have what we hope will be flawless and free U.S. calling on your Asterisk system using Google Voice. No gimmicks, no strings, no cost. Enjoy!

Finally, one additional word of caution. Both Google Voice and this call design are set up for a single call at a time. There are no safeguards to prevent multiple calls, but that may violate the Google Voice terms of service.

Asterisk 1.6 Solution. Several readers now have documented the procedure for implementing the Asterisk 1.6 bridge technology to make outbound Google Voice calls. You can read all about it here.

blankTweaking Previous Setups. If you installed pygooglevoice using our previous tutorial, here's what you need to do. First, log into your Asterisk server as root and issue the following commands:

cd /etc/asterisk
nano -w extensions_custom.conf

Scroll to the bottom of the file by pressing Ctrl-W then Ctrl-V. Move up the file using up arrow until you reach [custom-gv]. Press Ctrl-K repeatedly to delete all of the lines in the [custom-gv] context. If you get to another line that starts with a label in brackets like [this], STOP deleting. Once you've deleted all of the lines in the [custom-gv] context, save the file: Ctrl-X, Y, and press Enter.

Now continue reading this article by jumping up to the Google Voice Setup topic. The Custom Trunk entry and the GoogleVoice outbound route will already be in your FreePBX system so there's no need to repeat those two steps. You will need to perform the remaining FreePBX steps beginning at the Inbound Routes topic and continuing on with Setting Up the Parking Lot. Finally, when you run the new installation script, it will detect that pygooglevoice is already on your system and will skip that step but will install the new custom contexts in extensions_custom.conf using your new settings. Enjoy!


Thought for the Day. Which is more arbitrary: (1) Apple snubs Google Voice or (2) Google Voice snubs SIP? Pays to look in the mirror occasionally.


Best Read of the Week. Memo to Steve Jobs and Apple: Stop Being A Jerk!


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest...