Home » Posts tagged 'gpl' (Page 5)

Tag Archives: gpl

The Most Versatile VoIP Provider: FREE PORTING

Rolling Your Own: Creating a Custom Incredible PBX ISO for Asterisk

We promised to provide the Incredible PBX 13.2 ISO build environment for those of you that wanted to learn how to roll your own ISO. Why would you want to do such thing? Well, we can think of a number of reasons. First, you may just want to learn how sh*t works. Or you may want to impress your boss by building a custom ISO with the corporate logo splattered all over the place. Then there are those that want to add a feature or function that we haven’t included yet so you can share your creation with your friends. For us, the motivation was to provide an Asterisk® aggregation that others could build upon without legal hassles about copyrights and trademarks… you know, a real open source project based upon the GPL license.

Regardless of your motivation, today’s your lucky day. We’re providing an exact duplicate of the build environment that was used to create the Incredible PBX 13.2 ISO. It’s released under the same GPL license that applies to the ISO itself. Copy it, enhance it, give it to your friends, and share your additions so that all of us can learn from you. In addition to the code, we’re actually going to document how to modify it and use it… you know, real instructions.


The Schmoozers were back in full force last week with one accusing us of "stealing" their code and another with this gem:


For the record, we use GPL code of others with full credit to the authors. That’s what the GPL and Asterisk aggregations have always been about. Let’s compare that to our Sangoma® friends who rip the covers off RedHat’s GPL ISO, brand it as their own, and then have the balls to distribute it as closed source code. Repeating a lie over and over doesn’t make it come true!


Getting Started. Before you can use today’s code, you’ll need a suitable platform on which to play. You’ve got a couple of choices. First, you can actually install Incredible PBX 13.2 using last week’s ISO. A second option is to build yourself a virtual machine or a cloud-based server with Scientific Linux 6.7 or even CentOS 6.7 minimal. We recommend 32-bit architecture because the Incredible PBX 3.2 ISO build environment as configured is 32-bit to assure maximum hardware compatibility. The server hardware platform doesn’t really matter. Cheaper means it takes a little longer, but you’ll get the same results.

Installing the Incredible PBX 13.2 ISO Build Environment. Once you have your server up and running, log in as root. This usually isn’t a good idea for a build environment, by the way. We’re doing it because we’re assuming you have a machine dedicated to just building ISOs on which to experiment. Issue these commands to put the ISO build platform in place:

cd /root
setenforce 0
yum -y install wget nano
wget http://incrediblepbx.com/create-ISO-new.tar.gz
tar zxvf create-ISO-new.tar.gz
rm -f create-ISO-new.tar.gz

Creating Your First ISO. Why waste time? Let’s actually build an Incredible PBX ISO to show you how easy it is. Issue the following command to kick off the process: /root/create-ISO-new. Depending upon your server’s specs, the whole build procedure should take a minute or two to complete. When it’s finished, you’ll have a shiny new ISO that can be burned to a DVD or USB thumb drive following the steps documented in our previous tutorial:

ls -all /root/kickstart_build/*.iso

-rw-r--r-- 1 root root 890241024 Nov 24 12:45 /root/kickstart_build/IncrediblePBX13.2.iso

ISO Design Overview. There are lots of ways to design an ISO architecture. We’ve chosen a hybrid approach with a two-phase install. When you first boot from the ISO installer, you get the operating system platform. The server then reboots, and Phase II downloads and then runs the latest Incredible PBX installer. Our main reason for choosing this design is that you don’t have to create a new ISO every time you make changes in the Incredible PBX installer. For those of you that remember the Asterisk@Home and trixbox days, this was a major shortcoming. The ISOs were released about every three to six months, and invariably a major glitch was discovered about a week after the new ISO was introduced. With our two-phase installer, slipstream changes are easy to implement by simply adding a line to the Incredible PBX install script. The ISO itself never has to be updated until a major operating system refresh is necessary.

Adding Packages to Your ISO. With Incredible PBX, RHEL 6.7-compatible packages are added to new servers in a couple of ways. First, there are packages actually included within the ISO itself that are loaded during Phase I of the install, i.e. when Scientific Linux 6.7 platform is installed. These packages must include all necessary dependencies. The kickstart process actually resolves and loads package dependencies as part of the Phase I ISO install procedure. Once the base install is completed, the end-user’s server reboots and then the Phase II install kicks off by downloading and running the Incredible PBX 13-12R installer. Additional RPM packages and a number of other applications in tarball format are downloaded and installed during this Phase II process. Today, we’ll show you how to modify both pieces of the ISO install procedure.

To add RPMs to the ISO itself, keep in mind that the new RPMs must match the architecture of the default build environment. In the case of Incredible PBX, it’s a 32-bit architecture which means you’ll need 32-bit versions of RPMs you wish to add. Otherwise, you will need to replace all of the packages in the build environment with their 64-bit cousins.

There are 3 steps to adding new packages to the ISO build environment.

First, create a temporary directory (/tmp/packages) to use for gathering up the RPMs to be added. This is so you can check your work without screwing up your build environment. To add an RPM, you first need to download it from a repository to your temporary directory. The syntax looks like this where NetworkManager is the name of the RPM you wish to install:

yum -y install --downloadonly --downloaddir=/tmp/packages NetworkManager

Second, move the RPMs from /tmp/packages into your build environment. This must include RPM package dependencies (as was the case when adding NetworkManager):

mv /tmp/packages/*.rpm /root/kickstart_build/isolinux/Packages/.

Third, add the names of your new RPMs to the kickstart config files (ks*.cfg) in /root/kickstart_build/isolinux. The package names go in the section of each kickstart file labeled %packages.

NOTE: You do not have to add the names of RPMs being added because of dependencies in step 3. You DO have to add the actual RPMs and RPM dependencies in step 2. For example, with NetworkManager, only NetworkManager itself needed to be added to the %packages list in the ks*.cfg config files. But the collection of NetworkManager RPMs and its dependencies for step 2 looked like this:

avahi-autoipd-0.6.25-15.el6.i686.rpm
dnsmasq-2.48-14.el6.i686.rpm
libdaemon-0.14-1.el6.i686.rpm
mobile-broadband-provider-info-1.20100122-4.el6.noarch.rpm
ModemManager-0.4.0-5.git20100628.el6.i686.rpm
NetworkManager-0.8.1-99.el6.i686.rpm
NetworkManager-glib-0.8.1-99.el6.i686.rpm
ppp-2.4.5-10.el6.i686.rpm
rp-pppoe-3.10-11.el6.i686.rpm
wpa_supplicant-0.7.3-6.el6.i686.rpm

Changing the ISO Default Boot Menu. Once you have burned the ISO to a DVD-ROM or USB flash drive and booted your server-to-be, a default kickstart menu will be presented: /root/kickstart_build/isolinux/isolinux.cfg. Edit it to customize the splash screen and make any desired changes in the screen title and options displayed to those using your ISO. WARNING: If you modify the ks*.cfg options in the file, you also will need to make similar modifications in the create-ISO-new build script as well as adding new matching ks config files in /root/kickstart_build/isolinux.

Modifying the Phase II ISO Install Procedure. The Phase I install setup already provided in the Incredible PBX ISO will work for any number of ISO requirements you might have because it provides a robust Scientific Linux 6.7 base platform. Now for the fun part. You can modify the Phase II install in any way you like by simply adjusting the download script and hosting it on your own public server.

The Phase II magic is housed in the %post section of the kickstart config files (ks*.cfg). The initial setup in this section will work for almost any setup. It addresses the quirks of getting a working network connection functioning on most server platforms. This got much more complicated with the introduction of UEFI on newer Intel-based servers. But we’ve addressed all of that. To customize the install to run your own Phase II script, you need only modify the last few lines of the %post section:

/bin/echo "cd /root" >> /tmp/firstboot
/bin/echo "/usr/bin/wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "/bin/tar zxvf incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "/bin/rm -f incrediblepbx13-12.2-centos.tar.gz" >> /tmp/firstboot
/bin/echo "./Inc*" >> /tmp/firstboot
/bin/chmod +x /tmp/firstboot
eject
%end

These last few lines tell the ISO installer where to find your Phase II script and manage the procedure for downloading it, untarring it, and then running it. To deploy your own Phase II install script, simply modify lines 2, 3, 4, and 5 above. In line 2, provide the public server location of your script in .tar.gz format. In line 3, untar the script in the /root folder of the new server. In line 4, remove the .tar.gz file after it’s been decompressed. In line 5, run the shell script included in your tarball. The remaining lines shown above should be preserved as shown. Once you finish making changes in ks.cfg, copy the %post section to your other kickstart config files and then rerun /root/create-ISO-new to build your new ISO. Enjoy!

Originally published: Friday, December 11, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

The FUD Factor: Why Does the Asterisk Community Shoot Itself in the Foot?



2015 has been quite the year for the Asterisk® VoIP community. First came the surprise announcement that Sangoma® had acquired FreePBX®. Next, Digium® caved on Asterisk-GUI and adopted FreePBX as their "free" distribution giving Sangoma a virtual monopoly in the Asterisk graphical user interface and aggregation market. And then the fireworks began. There were only two open source and GPL-compliant Asterisk aggregations left: Elastix® and PBX in a Flash™.

We had been on a downhill slide with the Schmoozers for quite a while after their "commercial tech support" for PBX in a Flash morphed into a sales pitch to switch users to the FreePBX Distro. What they left out of the narrative was the fact that the FreePBX Distro is neither open source nor a GPL product. Not only is it laced with NagWare and CrippleWare, but you are prohibited from redistributing or reusing the code. While it’s copyrighted and trademarked up the ying yang, it’s also full of "trade secrets" and GPL code obtained for free from the open source community. So much for the GPL. The Free Software Foundation has long since lost its appetite for lawsuits. Digium has kept a low profile through all of this. That’s probably because they’re now 100% dependent upon FreePBX, an integral component in their morphed AsteriskNOW® product.

If you’ve been involved in the technology business, you already know that the marketing strategy for many companies is full of examples of the traditional Good Cop/Bad Cop routine: beat you up with the bad guy and then let the good guy swoop in to close the deal. With free software, there’s another hurdle. You’ve first got to persuade customers that they really don’t want something for nothing. They’ll be much better off paying for everything: software, add-ons, updates/upgrades, and support. Remember the old adage: "Nobody ever got fired for choosing IBM®." Same song, different verse!

In the Asterisk VoIP community, there’s been another secret ingredient: fear, uncertainty, and doubt. Yes, good old FUD. This strategy relies upon confusing everybody to the point that they throw up their hands and stop believing anything anybody says. Then the good guy swoops in to close the commercial deal for the "safe company." Classic IBM!

With a legal background, we’d be the first to admit that the FUD strategy is difficult to deal with. You’re trying to explain fairly complex technical material in a logical way and all of a sudden you’re bombarded with completely off-the-wall comments that have no basis in fact. If you love Fox News, you’re accustomed to this already. Never mind the images on the screen don’t match the story that’s being told. The point is to make things look worse than they are so that the blonde bombshell can swoop in and say literally anything… and you’ll believe it.

If you watched Tag Team Wrestling as a kid, you’ll appreciate this sales strategy. Here we use one of our employees to publish a position on social media such as Twitter or one of the forums. Then other employees chime in with how brilliant the first employee’s idea really was. Better yet, get a handful of anonymous resellers to join in. This is especially effective when the general public has no clue that these folks are affiliated with the company and its marketing strategy.

If all else fails, bring on the personal attacks. Anyone that doesn’t agree with your position is labeled a troll and the piling on begins from other employees and resellers. Of course, there are always a few that stay above the fray urging everyone to "just get along" for the sake of the Asterisk "community." Classic Rodney King.

In the meantime, we’re watching an already fractured VoIP market that seems headed for oblivion. Have you watched how your kids communicate lately? Do you really think they’re going to be relying on PBXs ten or fifteen years down the road when all of their smartphone calls and messaging are basically free? Did we mention the other elephants in the room: Skype, Hangouts, and FaceTime? America’s Big 3 already provide free worldwide telecommunications and video conferencing with any smartphone or desktop computer. And TV support is becoming commonplace. So… Party On, FUD Masters.

Let’s look at a few examples of how this has played out. The best example is security. No sane IT guy would ever run a VoIP server fully exposed to the Internet without several layers of security including either a hardware or software-based firewall. That’s Networking 101. Yet there was a group of folks in the Asterisk community that, over the course of 10 years, never mentioned firewalls at all… until a few months ago. Guess who? And guess who’s server platform consistently got hacked? The response: FUD, and lots of it. When users began reporting totally compromised servers, "the team" response was disbelief and, of course, a post documenting a vulnerability in PBX in a Flash. The difference? The PBX in a Flash vulnerability still required administrator permission and an admin password for access. But, hey, it was a vulnerability and all vulnerabilities are alike, right? Wrong. Pure FUD but the equal billing of both vulnerabilities on their forum for months presumably achieved the goal of demonstrating that all software has "issues" from time to time.


And then there was the FreePBX Firewall, a recent creation that runs within the FreePBX GUI and is accessible within a web browser without root user permissions. There’s only one catch. A vulnerability in the firewall gave the intruder root access to the server without ever obtaining root user credentials. It doesn’t get much more dangerous than that. And, sure enough, while the developer was at AstriCon crowing about his awards and firewall accomplishments, a root exploit was identified less than a week after the product hit the market. The response? We fixed the only known vulnerability. Well, not so fast. The problem with the design is that users were continually locking themselves out of their own servers because they didn’t quite know what they were doing in implementing the new firewall rules. After bad-mouthing PortKnocker as an overly complex magic incantation, the developer couldn’t quite bring himself to go that route to get users back into their servers. After all, firewalls are supposed to be easy. Instead, he chose to disable the firewall entirely during the first 5 minutes after a server was rebooted. Sounds great, right? Wrong again. Almost any DDOS attack has the potential to crash a server and force a reboot. Guess who gets the easy pass to hack your server after the server comes crashing down? You may be wondering how a root vulnerability occurs when FreePBX runs as the asterisk user. Good question. And the answer is you have to load the encrypted SysAdmin module which reportedly gives itself root permissions to servers. In response… FUD and more FUD.


The latest FUD involves the so-called Module Signature Checking mechanism in FreePBX 12. Sangoma claims it was to protect end-users by throwing up glaring error messages whenever you install or use a FreePBX module that wasn’t produced by (you guessed it!) Sangoma. Our take is it was a not-so-subtle attempt to freeze everyone else out of the FreePBX module development market where Sangoma hopes to make a fortune in license fees and renewal contracts. Dream on. The downside is that, with the exception of a single module to support Digium® phones, there hasn’t been a non-Sangoma module for FreePBX produced in years! The FUD hit the fan when we published (OPTIONAL) code to let administrators remove the module signature checking mechanism if they chose to do so. This meant FreePBX 12 GPL modules worked exactly like those in every previous version of FreePBX. Suddenly, lack of module signatures became a security issue… except in earlier FreePBX releases, of course. What’s particularly disingenuous about this latest FUD attack is that FreePBX 2.11 and prior releases are still in active use. None of those releases even had the option to enable module signature checking whether an administrator wanted it or not. And, of course, all Incredible PBX builds include a preconfigured firewall that blocks all of the bad guys from even seeing your server much less attacking it. But suddenly our giving the administrator the option to use module signature checking has become a critical "security issue" that will cause users to "get hacked and lose money." That’s the Sangoma FUD mentality we’re dealing with folks.

Finally, let’s talk about hardware. Sangoma loves hardware. It is or, more accurately, was their bread and butter. First, they touted their Session Border Controller as the only way to protect an Asterisk server. For the FUD scorecard on SBCs, read our SBC article. And then there are the Asterisk appliances, preconfigured FreePBX Distro boxes running on generic (overpriced) computer platforms. In a recent article, we noted that a $200 Intel® NUC could run circles around the entry-level $579 FreePBX Phone System 50. And, for $500, a high performance Intel NUC could actually run a half-dozen or more Asterisk servers. Didn’t take long for a FreePBX cheerleader to crank up the FUD proclaiming that Intel NUC’s won’t boot:


Of course, if Mr. Messano had bothered to read the Nerd Vittles article, he would have learned that it only took about 10 seconds to apply a BIOS tweak that solved the booting problem forever. But, again, the damage was done. Believe it or not, many casual observers derive much of their technical expertise from 140-character tweets. And some will no doubt conclude that there must be a problem with the Intel hardware. Otherwise, why would some stranger suggest such a thing.

The point of all this is to document why those relying upon Asterisk for their bread and butter would do well to start devising a backup plan. Many in the business, medical, and government communities are reluctant to touch Asterisk with a 10-foot pole and now you know why. Over 500,000 people read Nerd Vittles each year. That’s not to suggest that they all agree with everything we suggest. But you can rest assured that they will continue to hear both sides when these hit-and-run attacks occur. As a CEO in the Asterisk "community," we’d be asking whether this approach is really worth the cost to the shareholders? While the derisive comments of some employees may play well to backslapping coworkers, the long-term consequence of alienating actual decision-makers reading this misleading FUD will be to drive serious customers to other platforms permanently. "Where there’s smoke, there’s probably fire" goes the old saying. And, while Asterisk 13 has proven itself to be a good platform for a business phone system, the end-user alienation and disingenuous FUD ultimately are going to have repercussions for businesses that have chosen to earn a living using Asterisk. As an Asterisk evangelist and a shareholder of Sangoma, we view these developments as unfortunate because the wounds are mostly self-inflicted.

For the rest of the story…

Originally published: Wednesday, November 18, 2015



Need help with Asterisk? Come join the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Introducing Incredible PBX GUI for AsteriskNOW and the FreePBX Distro


Before we get started today, let’s clear the air on a few things that have been brought to our attention. We’re not opposed to any organization making money. That includes Digium® and Sangoma®. And we fully appreciate that both of these companies need to make money to continue to deliver first rate products like Asterisk® and FreePBX®. Our fundamental disagreement with SchmoozeCom and now Sangoma stems from their sales methodology. In a nutshell, they’ve taken what purports to be an open source GPL product and turned it into a marketing tool for a whole host of commercial, closed source, time-restricted add-ons. If this were done in keeping with the GPL requirement for clear separation between the GPL components and the commercial ones, we would have no objection at all. As it stands, the Sangoma commercial bundling approach is functionally identical to distributing commercial components tied to the Linux GPL kernel, a practice that is specifically prohibited by the GPL. The prohibition stems from hooking commercial components to any GPL component, not merely the Linux kernel. Hence, hooking commercial FreePBX components to the open source GPL FreePBX and Linux ISO platforms is just as problematic as hooking a commercial driver to the Linux kernel. You’re profiting off the free work of others while confusing consumers on what’s free software and what’s not.

Sangoma’s decision to commingle and intertwine the GPL and commercial components in such a way that end-users have no choice but to install the entire bundle including the NagWare and CrippleWare hooks is problematic in another way as well. It also means users cannot legally redistribute the SHMZ ISO (even though it includes the functionally identical components found in the RedHat Enterprise Linux GPL ISO) because consumers also would be redistributing non-GPL software without a license to do so.

If you really want to have some fun (on a non-production machine, of course), try setting the clock up about 26 years and experience time bomb software in all its glory. And we thought this disappeared in the shareware days. Heh.

Last, but not least, Sangoma has shrouded the essential Cloud components of the FreePBX distribution in secrecy with encrypted signatures to prevent others from adding to the GPL-advertised project without encountering nasty error messages suggesting that your server has been compromised. Issuing keys while keeping exclusive control over issuance and rescission of those keys doesn’t help. That is a textbook example of PROPRIETARY software.

Until these issues are addressed, we believe everyone is better served by converting your GUI platform to the Incredible PBX GUI which offers GPL-compatible modules and an open source, GPL-based Cloud platform for all to see. That’s what FREEDOM really means, Sangoma. And that’s our objective for today, no more and no less.

Installing the SHMZ Base Operating System

If you’ve installed Incredible PBX on another operating system platform, today’s exercise isn’t that different. You’ll start by downloading and installing a fresh copy of AsteriskNOW or FreePBX Distro 6.12. You need a fresh install because all of your setup will be modified as part of the Incredible PBX install anyway. Both the 32-bit and 64-bit platforms are supported. Once the install begins, we recommend choosing the NO RAID setup because upgrading to FreePBX 13 down the road reportedly leaves you with a kernel that does not support RAID.

Begin by installing the 32-bit or 64-bit version of your choice on your favorite hardware or Desktop. Or you may prefer to use a Cloud provider1 that already offers a preconfigured image. In the latter case, you can skip this section.

For those using a dedicated hardware platform or wishing to install as a virtual machine, the drill is the same. Start by downloading the ISO. Then burn the ISO to a DVD unless you’ll be booting from the ISO on a virtual machine platform such as VirtualBox. On virtual platforms, we recommend at least 1GB RAM and a 20GB dedicated drive. For VirtualBox, here are the settings:

Type: Linux
Version: RedHat 64-bit or 32-bit
RAM: 1024MB
Default Drive Options with 20GB+ space
Create
Settings->System: Enable IO APIC and Disable HW Clock (leave rest alone)
Settings->Audio: Enable
Settings->Network: Enable, Bridged
Settings->Storage: Far right CD icon (choose your ISO)
Start

Boot your server with the ISO, and start the install. Here are the simplest installation steps:

Choose NO-RAID install and Click Continue
Choose Whether to Enable IPv6 Support
Choose Time Zone and Uncheck System Clock Uses UTC
Create Root Password: somepassword, somepassword, Click Done
Wait for Install and Setup to finish (about 30 minutes)

Installing Incredible PBX for SHMZ 6.5

Unlike other Linux operating systems, today’s ISOs will leave you with a functioning Asterisk platform with the FreePBX GUI. Both are built from RPMs rather than being compiled on the fly from source. We’ve chosen to leave the Asterisk platform in place for those that prefer the ease of use of an RPM solution. Be advised that this means adjustments to Asterisk modules are extremely difficult should you ever decide you need some functionality that is not provided in the default build. The FreePBX GUI platform will be replaced with the Incredible PBX GUI using GPL-compatible modules from version 12.

To begin, log in to your server as root and issue the following commands:

cd /root
wget http://incrediblepbx.com/incrediblepbx11-12.1.shmz.tar.gz
tar zxvf incrediblepbx*
./IncrediblePBX*

Once you have agreed to the license agreement and terms of use, press Enter and go have a long cup of coffee. The Incredible PBX installer runs unattended so find something to do for the next 30-60 minutes unless you just like watching code compile. When the installation is complete, run /root/admin-pw-change to set the admin password for GUI access using a browser. Log out and back into your server. After the Automatic Update Utility runs, you’ll be greeted by the status display:

Press ENTER and perform at least the first 5 steps below:

Make your root password very secure: passwd
Set an admin GUI password: ./admin-pw-change
Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin
Set your correct time zone: ./timezone-setup
Restart Asterisk: amportal restart
Reload the GUI: amportal a r
Clean Up GUI Module Signature Mess: gui-fix
Make a copy of your Knock codes: cat knock.FAQ
Decipher IP address and other info about your server: status

Incredible PBX includes an Automatic Update Utility which downloads important updates whenever you log into your server as root. We recommend you log in once a week to keep your server current. If you haven’t done so already, now would be a good time to log out and back into your server at the Linux command line to bring your server up to current specs.

You can access the Incredible PBX GUI using your favorite web browser to configure your server. Just enter the IP address shown in the status display.

Choose Incredible GUI Administration from the Admin menu of the Kennonsoft GUI (shown above). The default username is admin and the password is what you set above. Now edit extension 701 so you can figure out (or change) the randomized passwords that were set up for your 701 extension and voicemail account: Applications -> Extensions -> 701. If you’re behind a hardware-based firewall, change the NAT setting to: YES. NOTE: The fax option will not appear until you’ve run the Incredible FAX installation script in /root.

Setting Up a Soft Phone to Use with Incredible PBX

Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:


947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History

Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to set up a free Google Voice account. Google has threatened to shut this down but as this is written, it still works. The more desirable long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax 11, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to set up your Google Voice trunk in the GUI. After logging in with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!

IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.

Troubleshooting Audio and DTMF Problems

You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in the GUI: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

A Few Words about the Incredible PBX Security Model

Today’s Incredible PBX install joins our previous builds as our most secure turnkey PBX implementation, ever. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. The latest release also includes Port Knocker for simple, secure access from any remote computer or smartphone. You can get up to speed on how the technology works by reading the Nerd Vittles tutorial. Your Port Knocker credentials are stored in /root/knock.FAQ together with activation instructions for your server and mobile devices. The NeoRouter VPN client also is included for rock-solid, secure connectivity to remote users. Read our previous tutorial for setup instructions. As configured, nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. You can whitelist additional IP addresses by running the command-line utility /root/add-ip. You can remove whitelisted IP addresses by running /root/del-acct. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking. We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. And it’s your phone bill. 😉

The IPtables firewall is a complex piece of software. If you need assistance with configuring it, visit the PIAF Forum for some friendly assistance.

Incredible Backup and Restore

We’re pleased to introduce our latest backup and restore utilities for Incredible PBX. Running /root/incrediblebackup will create a backup image of your server in /tmp. This backup image then can be copied to any other medium desired for storage. To restore it to another Incredible PBX server on the same platform, simply copy the image to a server running Asterisk 11 and the same version of the Incredible PBX GUI. Then run /root/incrediblerestore. Doesn’t get much simpler than that.

Switching Major Versions of Asterisk

One of the unique features of this aggregation is the ability to quickly switch from one major version of Asterisk to another, e.g. from Asterisk 11 to 13 or from Asterisk 13 back to 11. It will also bring your particular Asterisk version up to the current release. This functionality has been retained in the Incredible PBX implementation.

WARNING: You will lose your free faxing capability with HylaFax/AvantFax if you deployed it before switching Asterisk versions! You may be able to restore the fax functionality by running the incrediblefax installer again. No guarantees.

To switch versions, issue the following commands after logging into your server as root:

sed -i 's|enabled=0|enabled=1|' /etc/yum.repos.d/FreePBX.repo
asterisk-version-switch
sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/FreePBX.repo

Incredible PBX Automatic Update Utility

Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along.

A Word to the Wise: yum update can be a very dangerous tool. We have disabled the FreePBX repositories as part of the Incredible PBX install. We recommend you keep it that way. Security updates, if necessary, are distributed through the Automatic Update Utility. This puts an additional layer of protection between your server and yum repos. Keep it that way!

In the meantime, we encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie.

Originally published: Wednesday, August 19, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.

NEWS FLASH: There’s a message thread to handle Bugs & Fixes for this new release. If you have issues with your install, start there.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. Some of our links refer users to Amazon or other service providers when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from these providers to help cover the costs of our blog. We never recommend particular products solely to generate commissions. However, when pricing is comparable or availability is favorable, we support these providers because they support us. []

Introducing the FUD-Free Firewall for FreePBX Distro and AsteriskNOW

After frequent complaints from our FreePBX® users, we introduced a firewall application for the PBX in a Flash™ and Incredible PBX™ platforms that protected FreePBX resources. That was over 5 years ago. The product became Travelin’ Man™ 3, an IPtables-based WhiteList that totally eliminated access to your Asterisk® server unless a WhiteList entry had been authorized by the administrator. The application was further embellished over the years to facilitate access by remote users. First, we introduced PortKnocker™ for Asterisk® and later we introduced Travelin’ Man 4 to let users call in with a passcode to authorize server access. For the past several years, a preconfigured firewall has been an integral component in what has become the 7-Layer Security Model included in all Incredible PBX builds. TIP: Security is not a new idea for us.

During this evolution, the FreePBX developers introduced their own distribution, the FreePBX Distro™. Conspicuously absent was a functioning firewall. We believed that the shortcoming would be remedied quickly. Hasn’t happened! In the meantime, a number of serious security vulnerabilities arose in the FreePBX product that compromised numerous servers running their distribution because of the absence of a functioning firewall. Digium® recently reintroduced AsteriskNOW™ as a clone of the FreePBX Distro. But still no firewall.

About a month ago, we decided to close the loophole for everyone’s security and develop a firewall for the only FreePBX-based distributions without a firewall, the FreePBX Distro and AsteriskNOW. Last week we began the rollout with a Nerd Vittles article explaining why this was essential, as if an explanation were necessary. Today, you get the GPL code.

Suffice it to say, our article was not well received. The usual Sangoma® players went into Damage Control Mode with what has become a predictable scenario whenever security issues are raised concerning the FreePBX design or vulnerabilities.

Meet The Sangoma 7.

  • The Good Cop: If only you’d purchase Genuine Sangoma Hardware, all of your security problems would disappear
  • The Bad Cop: Enjoy this nice Cup of FUD about your own distro which proves we’re all just alike
  • The Techie Cop: We thought of developing an open source firewall just the other day, and now you’re complaining
  • The Rest of "The Team": Let the Astroturfing Begin… Retweet, favorite, and cheer for the brilliance of My 3 Cops

The Good Cop offered to solve all your security woes if you’d just buy (some more Sangoma) hardware.

The Bad Cop suggested that, with "cookie cutter security, you might as well hand out your password." Just in case you have any doubts about whose approach has stood the test of time, let’s Google the FreePBX Security Vulnerability Track Record.

The Techie Cop claimed we had stolen his 2-day old idea to create an Open Source Firewall. Really?
Earth to Techie Cop: Where have you been for the past five years??

Funny stuff… if it weren’t so damaging to the Asterisk community and those trying to decide whether to put their faith in open source communications software.

Firewall Basics.

We’ve written dozens of articles on Asterisk security and firewall approaches so we won’t repeat all of the information. Here’s what you need to know. Software-based firewalls on Linux servers need to be integrated into the Linux kernel to be secure. IPtables is kernel-based and extremely reliable. Blacklist-based firewall designs, i.e. those that seek to identify the IP addresses of every bad guy on the planet don’t work very well. Bad guys aren’t stupid. They can do their damage by commandeering a little old lady’s Windows machine so you’re never going to collect all of the necessary "bad" IP addresses. They’re also smart enough to poison the blacklists with Internet resources you need such as DNS servers. So don’t waste your time with blacklists. WhiteLists work very well. You identify the IP addresses and FQDNs of all the Internet sites you need to support and all the SIP providers you wish to use. Nobody else even sees your server on the Internet. If the bad guys can’t see your server, they can’t attack it. Simple as that.

Travelin’ Man 3 WhiteList Tutorial.

Here are the fundamentals of the Travelin’ Man 3 design. We allow access from anybody and everybody on your private LAN. They still need a password to access FreePBX or to gain root access, but they can "see" your server. Private LAN addresses are non-routable over the Internet which means the bad guys can’t access your 192.168.0.4 IP address if you’re sitting behind a NAT-based hardware firewall. All of your internal phones will work with no firewall modifications. You may need to adjust these settings if you’re using a Cloud resource such as Amazon because they actually route non-routable IP addresses which would leave your server vulnerable without removing these entries (especially the 172 subnet for Amazon):

#-A INPUT -s 10.0.0.0/8 -j ACCEPT
#-A INPUT -s 172.16.0.0/12 -j ACCEPT
#-A INPUT -s 192.168.0.0/16 -j ACCEPT

Travelin’ Man 3 also authorizes access for certain mandatory services that are needed to keep your server operating properly. In addition, during installation, Travelin’ Man 3 whitelists localhost and the public and private IP addresses of your server as well as your PC or workstation. You obviously don’t want to lock yourself out of your own server.

As of today, Travelin’ Man 3 is primarily an IPv4 whitelist toolkit. IPv6 addresses are only supported to allow localhost access to your server. Any other IPv6 addresses must be added manually in /etc/sysconfig/ip6tables. We recommend not using FQDNs with IPv6 for the time being. And always restart IP6tables after adding new entries: service ip6tables restart.

You have the option of enabling the Incredible PBX collection of IP addresses used by many of the leading SIP providers around the world. Just run the enable-trusted-providers script in /root. The list of included providers is available here. You also have the option of adding (whitelisting) or deleting users’ and providers’ IP addresses and FQDNs yourself. Use the included scripts in the /root folder: add-ip, add-fqdn, and del-acct. For each account you set up, you get to define which access permission or combination of permissions will be available:

0 – ALL Services
1 – SIP (UDP)
2 – SIP (TCP)
3 – IAX
4 – Web
5 – WebMin
6 – FTP
7 – TFTP
8 – SSH
9 – FOP

Once you have made your selection, a user account will be created in /root with the name of the account and an extension of .iptables. Do NOT delete these files. They keep track of current IP addresses and accounts authorized for server access.

If you have remote users on the Internet, e.g. traveling salespeople, you can individually authorize access for them using a dynamic FQDN (add-fqdn) coupled with a dynamic DNS server that keeps IP addresses current as folks move around. Just load a dynamic DNS updater on their smartphone. Then plug the user entries into the included ipchecker script and execute a cron job on your server every few minutes to keep the FQDN entries refreshed. Simple.

echo "*/10 * * * * root /root/ipchecker > /dev/null 2>&1" >> /etc/crontab

IPtables does not directly support FQDN rules through the kernel. However, IPtables lets you configure your firewall rules using FQDNs which get translated into IP addresses whenever IPtables is restarted. The gotcha here is that, if an FQDN is not resolvable, IPtables fails to load, and you’re left with a vulnerable server. Travelin’ Man 3 takes care of this by employing a special restart script that temporarily disables unresolvable IP addresses.

The moral of the story:

ALWAYS USE iptables-restart TO RELOAD IPTABLES OR YOUR SERVER MAY END UP WITH NO FIREWALL!

We’ve also included support for a neat little trick that lets you whitelist remote SIP access to your server using a special FQDN. No further firewall adjustments are necessary. This is supported on most platforms except OpenVZ containers. The way this works is you first assign an obscure FQDN to your server’s IP address. It needs to be obscure because anyone with the FQDN gains SIP access to your server. But chances are pretty good that the bad guys will have a hard time figuring out that xq356jq.dyndns.org points to your server. You then can embed this FQDN in the SIP phone credentials for all of your remote users. The final step is to uncomment the last few lines in /etc/sysconfig/iptables after plugging in your obscure FQDN. Then restart IPtables: iptables-restart.

-A INPUT -p udp --dport 5060:5061 -m string --string "REGISTER sip:xq356jq.dyndns.org" --algo bm -j ACCEPT
-A INPUT -p udp --dport 5060:5061 -m string --string "REGISTER sip:" --algo bm -j DROP
-A INPUT -p udp --dport 5060:5061 -m string --string "OPTIONS sip:" --algo bm -j DROP

Finally, a word of caution about deploying Travelin’ Man 3 on the FreePBX Distro and AsteriskNOW platforms. We currently don’t have a vehicle in place to push security updates out to you as we do with Incredible PBX. This means you will have to remain vigilant to what’s happening in the telecommunications world and load updates yourself. You can stay current in a number of ways. We will post updates to this article in comments below so you can simply check back here periodically. An easier way to keep up with the latest security alerts and updates is to subscribe to the PBX in a Flash RSS Feed. This can be added to the FreePBX Status page by editing RSS Feeds in Settings -> Advanced Settings and adding:

http://pbxinaflash.com/rssfeed.xml

As you can see, there’s nothing "cookie cutter" about Travelin’ Man 3. It’s totally customizable to meet your own unique requirements. All we have done is tame IPtables and eliminate much of its complexity so that you can get a functional firewall up and running quickly. Now it’s deployment time!

Installing Travelin’ Man 3 for the FreePBX Distro & AsteriskNOW.

Log into your server as root from a desktop PC using SSH or Putty. This assures that you will have access from a device other than the console when you are finished. Then issue the following commands:

cd /root
wget http://incrediblepbx.com/tm3-firewall.tar.gz
tar zxvf tm3-firewall.tar.gz
./enable-iptables-whitelist

If you wish to enable the Incredible PBX trusted providers whitelist, issue the following command:

./enable-trusted-providers

ALWAYS use the following command to start or restart IPtables:

iptables-restart

NEVER use the following syntax with Travelin’ Man 3:

service iptables...

CHECK the status of your server at any time:

/root/status

The GPL Is NOT Dead: Coming Soon to FreePBX Distro and AsteriskNOW…

Stay tuned for Incredible PBX GUI, all of the GPL modules you know and love with NO NAGWARE and NO GOTCHAS. This also will assist users that got duped by the Sangoma offer to convert PBX in a Flash into a proprietary FreePBX Distro. After reading the Sangoma disclaimer about the script being donated by an anonymous user, ask yourself this question. When was the last time Sangoma republished code that they did not own or create themselves? Try NEVER.

BEFORE:

AFTER:

Originally published: Monday, August 10, 2015



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

60 Seconds to Real Independence: Incredible PBX GUI Comes to VirtualBox

As we continue the march toward a truly free, RealGPL, open source VoIP platform for Asterisk®, we couldn’t think of a better time of the year for this announcement. Today we’re pleased to introduce our first virtual machine platform with an Incredible PBX™ GUI image that you can install in less than 60 seconds on virtually any desktop computer in the world. When the install is finished you’ll have the latest Asterisk 11 running atop Scientific Linux™ 6.6 with version 12 of the new Incredible PBX GUI. You’ll also have the very first Asterisk aggregation with native support for OAUTH authentication and secure communications using Google Voice. And it’s all FREE. No Gotchas!

Think of Incredible PBX as the glue stick that assembles all the necessary VoIP components into a state of the art Linux platform and holds them together seamlessly. As with all Incredible PBX builds, you also get the full complement of goodies including dozens of text-to-speech apps, voice dialing, SMS messaging, free fax support, reminders and wakeup calls, and SECURITY! The difference with the VirtualBox® platform is you get a turnkey install of everything on any desktop computer in less than one minute! That includes Windows PCs, Macs, Linux desktops, and even Solaris machines.

Is VirtualBox merely a sandbox for experimentation? Absolutely not. With any of the beefier desktop computers today, running Incredible PBX as a 24/7 VirtualBox image is every bit as feature rich with stellar performance, and it’s equivalent to using dedicated hardware. And there are some added advantages. Obviously, deploying a turnkey VoIP platform in under a minute is a major plus. But, unlike using a dedicated Linux platform, you also get the ability to take snapshots of your system and do full backups in minutes instead of the hours required to bring down dedicated hardware, load a different backup application using a different operating system, perform a backup, and then reboot your VoIP server. And your backups won’t just run on the one server on which the backup was performed. You can restore the backup to any other computer that can run VirtualBox. For any of you that came from a network management background, you know what a big deal that really is. And there’s one more bonus. With Incredible Backup and Restore, you can move to dedicated hardware running the same operating system with Asterisk 11 and the same version of the Incredible PBX GUI in minutes.

Need to deploy VoIP servers at dozens of sites around the globe? Not a problem with VirtualBox. Just send a preconfigured VirtualBox image to each site and install VirtualBox on a local desktop computer. In 60 seconds, you’ll have a functional VoIP server including interconnectivity to all of your other VoIP servers with a virtual private network already in place to provide secure VoIP connectivity between all of your sites.

Are there security compromises using the VirtualBox platform? Not at all. Incredible PBX comes preconfigured with the Linux IPtables firewall that is locked down to a whitelist of local area networks, preferred providers, and your own IP addresses. You can expand the whitelist using the add-ip and add-fqdn scripts or use PortKnocker and Travelin’ Man 4 tools to let remote users gain instant access.

So What’s All the GPL Fuss About? It’s about FREEDOM, the freedom to use or not use the GPL modules you wish to use without enduring false alerts that your system has been compromised and without being blocked from removing components that produce revenue for Sangoma®… as the GPL requires. It’s about FREEDOM to redistribute or resell the product AS IS… as the GPL requires. It’s about FREEDOM to examine and modify ALL of the source code using ALL of the tools and components necessary, not just ones Sangoma has chosen to provide… as the GPL requires. It’s about FREEDOM to add GUI components to your server with No Gotchas whether or not the individual modules were produced by Sangoma… as the GPL requires.


If you support the GPL and use open source projects, then you owe it to yourself and to the GPL community to get up to speed and get involved! Can’t we all just get along? You bet… when everyone does what they’ve agreed to do. Spend an hour or two of your Independence Day reading some of the Nerd Vittles commentary on FreePBX® and the GPL.

BUY 3 STAMPS and let Sangoma and Digium hear from you. Don’t be shy. It’s about your FREEDOM.

William J. Wignall, President and CEO
Sangoma Technologies
100 Renfrew Drive, Suite 100
Markham ON L3R 9R6 CANADA

Danny Windham, CEO
Digium, Inc.
445 Jan Davis Drive Northwest
Huntsville, AL 35806 USA

Mark Spencer, Founder and CTO
Digium, Inc.
445 Jan Davis Drive Northwest
Huntsville, AL 35806 USA

Getting Started. For today, we’ll provide a refresher course on loading VirtualBox and the Incredible PBX virtual image. Then we want to spend a little time explaining the secret sauce that goes into building these images so that you can do it yourself either to migrate to a different network or to deploy at multiple sites. It’s called open source for a reason! When we’re finished, you’ll know everything we’ve learned about deploying VirtualBox machines and, unlike Grandma and some GUI platforms, we won’t leave an important ingredient out of the recipe just to be sure you never forget how good Grandma’s cookies really were. So let’s get started.

Installing Oracle VM VirtualBox

Oracle’s virtual machine platform inherited from Sun is amazing. It’s not only free, but it’s pure GPL2 code. VirtualBox gives you a virtual machine platform that runs on top of any desktop operating system. In terms of limitations, we haven’t found any. We even tested this on an Atom-based Windows 7 machine with 2GB of RAM, and it worked without a hiccup. So step #1 today is to download one or more of the VirtualBox installers from VirtualBox.org or Oracle.com. Our recommendation is to put all of the 100MB installers on a 4GB thumb drive.1 Then you’ll have everything in one place whenever and wherever you happen to need it. Once you’ve downloaded the software, simply install it onto your favorite desktop machine. Accept all of the default settings, and you’ll be good to go. For more details, here’s a link to the Oracle VM VirtualBox User Manual.

Downloading the Incredible PBX GUI Virtual Machine

A word of warning on the front end. Today’s Incredible PBX image featuring Asterisk 11 for VirtualBox is huge! The Scientific Linux 6.6 image with version 12 of Incredible PBX GUI is nearly 3GB. Be patient. You only have to download it once. Just click on the 11-12.3 .OVA image in this SourceForge link and start the download to your desktop. Then go have a nice lunch.

Importing & Configuring Incredible PBX Virtual Machines in VirtualBox

You only perform the import step one time. Once imported into VirtualBox, Incredible PBX is ready to use. There’s no further installation required, just like an OpenVZ template… only better. Double-click on the .ova file you downloaded to begin the procedure and load it into VirtualBox. When prompted, be sure to check the Reinitialize the Mac address of all network cards box and then click the Import button. Once the import is finished, you’ll see a new Incredible PBX virtual machine in your VM List on the VirtualBox Manager Window. We need to make a couple of one-time adjustments to the Incredible PBX VM configuration to account for differences in sound and network cards on different host machines.

Click on the Incredible PBX Virtual Machine in the VM List. Then click Settings -> Audio and check the Enable Audio option and choose your sound card. Save your setup by clicking the OK button. Next click Settings -> Network. For Adapter 1, check the Enable Network Adapter option. From the Attached to pull-down menu, choose Bridged Adapter. Then select your network card from the Name list. Then click OK. Finally, click Settings -> System, uncheck Hardware clock in UTC time, and click OK. That’s all the configuration that is necessary for your Incredible PBX Virtual Machine. The rest is automagic.

Running Incredible PBX Virtual Machines in VirtualBox

Once you’ve imported and configured the Incredible PBX Virtual Machine, you’re ready to go. Highlight IncrediblePBX Virtual Machine in the VM List on the VirtualBox Manager Window and click the Start button. The boot procedure with your chosen operating system will begin just as if you had installed Incredible PBX on a standalone machine. You’ll see a couple of dialogue boxes pop up that explain the keystrokes to move back and forth between your host operating system desktop and your virtual machine. Remember, you still have full access to your desktop computer. Incredible PBX is merely running as a task in a VirtualBox window. Always gracefully halt Incredible PBX just as you would on a dedicated computer.

Here’s what you need to know. To work in the Incredible PBX Virtual Machine, just left-click your mouse while it is positioned inside the VM window. To return to your host operating system desktop, press the right Option key on Windows machines or the left Command key on any Mac. For other operating systems, read the dialogue boxes for instructions on moving around. To access the Linux CLI, login as root with the default password: password. To access Incredible PBX GUI with a browser, point to the IP address of your virtual machine. Then, in the Administrator window, click on Incredible GUI Administration. Login as admin with the admin password you set below. For the security of your server, we recommend that you log in to the Linux CLI at least once a week so that Incredible PBX updates get applied to your server regularly. This is critically important if you care about your phone bill.

When logging in for the first time, Incredible PBX will go through some setup steps and then reboot. Login again to complete the setup. status will always provide a snapshot of your system. To shut down Incredible PBX gracefully, click in the VM window with your mouse, log in as root, and type: halt. Be sure to complete the following setup steps from the Linux CLI:

  • Change your root password: passwd
  • Set your Incredible GUI admin password: /root/admin-pw-change
  • Set the admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin
  • Set your correct time zone: /root/timezone-setup
  • Add WhiteList entries to firewall if needed: /root/add-ip or /root/add-fqdn
  • Store PortKnocker credentials in a safe place: cat /root/knock.FAQ
  • Enable Incredible Fax support if desired: /root/incrediblefax11.sh
  • Login to your NeoRouter VPN server if desired: /root/neorouter-login

Upgrading Modules with Module Admin in the GUI. The GUI includes a Module Administration component in the Admin tab which will let you check online for new modules and upgrade to newer releases. Once you have added or updated any modules, you will get some nasty error messages in the System Status display because we allow installation of all GPL-compatible modules, not just those of Sangoma. It’s one of the proprietary gotchas that we have been writing about. Simply click on the X option in the upper right corner of each window to remove the warnings. Log out of the GUI. Then login to your Linux CLI as root and issue the following command to permanently clear the error messages: gui-fix. Now you can log back in and the warning messages will be gone… until you add or update modules again. Sangoma calls it a feature. 🙄

Command Line Management of Incredible PBX with VirtualBox

One of the real beauties of VirtualBox is you don’t have to use the VirtualBox GUI at all. The entire process can be driven from the command line. Other than on a Mac, here is the procedure to import, configure, and run Incredible PBX:
 
VBoxManage import IncrediblePBX-11-12.3-SL66.ova
VBoxManage modifyvm "IncrediblePBX-11-12.3-SL66" --nic1 nat
VBoxManage modifyvm "IncrediblePBX-11-12.3-SL66" --acpi on --nic1 bridged
VBoxHeadless --startvm "IncrediblePBX-11-12.3-SL66" &
# Wait 1 minute for Incredible PBX to load. Then decipher IP address like this:
VBoxManage guestproperty get "IncrediblePBX-11-12.3-SL66" /VirtualBox/GuestInfo/Net/0/V4/IP
# Now you can use SSH to login to Incredible PBX at the displayed IP address
# Shutdown the Incredible PBX Virtual Machine with the following command:
VBoxManage controlvm "IncrediblePBX-11-12.3-SL66" acpipowerbutton

On a Mac, everything works the same way except for deciphering the IP address. Download our findip script for that. Be sure to plug in the correct name of your virtual machine: ./findip IncrediblePBX-11-12.3-SL66

Deploying Google Voice Secure Communications with Incredible PBX

As with all prior releases of Incredible PBX, free calling in the U.S. and Canada with Google Voice is an integral component of this GPL platform. You still add Google Voice trunks using the GUI in exactly the same way: Connectivity -> Google Voice (Motif). What has changed under the covers with this release is what happens behind the scenes. Google has warned (for years) that they plan to phase out plain text passwords using your actual Google Voice credentials. This is for your protection! Unfortunately, until today, the only way to take advantage of the new OAUTH authentication method with Asterisk was to use one of the external SIP gateways to Google Voice. Now you no longer have to. The new 11-12.3 release of Incredible PBX adds native OAUTH authentication support to Asterisk and the Incredible PBX GUI. When prompted for the password in setting up your Google Voice accounts in the GUI, now you’ll enter your OAUTH token instead of your plain text password. It’s that easy. Obviously, you first need to obtain a free OAUTH token for each of your Google Voice accounts that you wish to activate. This tutorial on the PIAF Forum will walk you through the simple, one-time procedure.

IMPORTANT: Once you have added one or more Google Voice trunks in the GUI, you must restart Asterisk to activate the trunks: amportal restart

We want to take a moment and express our heartfelt thanks to Ryan Tilton of GVsip.com for setting up and maintaining the free platform to support OAUTH tokens for Google Voice. And a special shoutout to Martin Dindos (a.k.a. @dziny on the PIAF Forum) for his truly Herculean efforts in getting this to work properly with Asterisk 11, no small feat. This is yet another amazing testament to how the open source community should really function. Thank you!

Preparing Incredible PBX Virtual Machine for Backups & Migration

To us, the most compelling feature of the virtual machine platform is the ease with which you can make a perfect backup of your server in minutes! From that backup, you can restore a working platform in the same 60 seconds it took to build today’s platform on your desktop. One of the drawbacks as the Linux operating systems have become more turnkey is the shortcut that was implemented on both the RedHat and Debian/Ubuntu platforms to store your network setup so that the server reboots more quickly. While that’s fine for rebooting on the same server, it’s a real problem if you attempt to move your setup to different hardware or a new network because your network configuration will not load properly on the new platform. That means no IP address! Here’s the easy way to assure that things will actually work after the move. It assumes you will have a DHCP server at the new location just as you did at your existing site.

The Easy Way. If you have console access after the VM image is restored on the new platform (which means you don’t need a network IP address for the server in order to log in as root), then the easy way to prepare any of the Incredible PBX machines for relocation is to issue the following commands before you halt the system and make a VirtualBox backup:

touch /etc/update_hostconfig
touch /etc/update_serverconfig
rm -f /etc/ssh/ssh_host*
rpm -e openssh-server openssh-xinetd
yum -y install openssh-server openssh-xinetd
rm /etc/ssh/*.rpmsave

Once you have halted the server, edit both the sound card and network card settings and disable both of them in VirtualBox Manager. Then choose File -> Export Appliance from the VirtualBox title bar and create an .ova backup image on your desktop. You now have an image that is similar to the Incredible PBX image that you originally downloaded, except it has all of your data and settings. All you have to do is repeat the install drill above at the new location using the .ova image you created and log in with whatever your current root password happens to be. You’ll get a two-pass automatic setup just as you did when you began today’s adventure.

The only drawback to this procedure is the fact that the extension 701 and default DISA passwords as well as your firewall configuration will be initialized when you first boot from your .ova image at the other location. Aside from that, you’ll have a clean platform with new SSH and DUNDI credentials as well as mostly sanitized log files.

What’s Next. Now that you have a functioning server, it’s time to learn all about the Incredible PBX applications that are ready for use. Jump over to the latest Nerd Vittles application tutorial for a quick look at what’s available. Even though it was written for the Asterisk-GUI, everything will work exactly the same way. That’s the beauty of the Incredible PBX platform. Enjoy!

Originally published: Monday, June 29, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Our forum is extremely friendly and is supported by literally hundreds of Asterisk gurus.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. []

Keeping It Real: Holey Socks! It’s the Missing FreePBX GPL Source Code, Or Is It?

If you’ve ever shopped at the outlet malls, you quickly learn that things are often not quite as they appear on first blush. Labels inside shirts have either been removed or mangled in some way to keep you from returning the merchandise to a ‘real store’ for a refund at full retail price. Socks in particular always have a habit of sprouting a hole after you’ve worn them about twice. For those that were ever in the military, you may recall that the Post Exchange always had name-brand shirts for about half the price of the regular men’s stores. They were quite a deal… as long as your favorite colors were pink and purple. Let’s face it. These manufacturers think they’re smarter than we are, and all these sleights of hand are no accident. They’re purposeful actions engineered to assure that we don’t get something for nothing.

All FreePBX gpl source is available at http://t.co/7z6lXPVwVo and mirrored at https://t.co/n9Cu46hFRV #asterisk #showyourcode

— James Finstrom (@geek3point0) June 8, 2015
Source: twitter.com/geek3point0/status/607910432385441793


All FreePBX gpl source is available at http://t.co/7z6lXPVwVo and mirrored at https://t.co/n9Cu46hFRV #asterisk #showyourcode

— James Finstrom (@geek3point0) June 15, 2015
Source: twitter.com/geek3point0/status/610447235852201986


So what do retail merchandising tricks have to do with Sangoma® and FreePBX® source code? You’ve probably seen the weekly ads on Twitter touting the availability of GPL source code for FreePBX.1 So life is good, right? What’s the problem?

If you tell a lie big enough and keep repeating it, people will eventually come to believe it.
Dr. Joseph Goebbels… among others*

‘CliffsNotes-like Version’ of the GPL… with apologies to CliffsNotes™

Ever Dealt with a DOP? That’s not a typo for DOPE. Quite the contrary, these aren’t dumb people. In fact, they are folks that think they’re smarter than the rest of us. Our new word "DOP" means somebody you suspect is being Dense on Purpose. We’ve gone around and around on Twitter this week with the FreePBX developers who repeatedly have claimed they’ve released "ALL FreePBX GPL source code" while we have suggested just the opposite. So let’s dumb it down to a single paragraph with short sentences that even a Fifth Grader can understand…

FreePBX is a GPL product. FreePBX consists of TWO components. A GUI generates Asterisk code. A Cloud-based CDN provides updated modules to make FreePBX continue to work. FreePBX won’t continue to function properly without its CDN. Thus, the GPL says BOTH components must be licensed as GPL code. The GPL requires ALL corresponding source for ALL integral components. A GPL toolkit that generates crippled source doesn’t cut it. A toolkit with strings attached doesn’t suffice. A toolkit that only functions properly if you agree to pay Sangoma’s legal expenses does not comply with the GPL source requirement. Toolkits are fine and may be required components under the GPL but… Source means SOURCE CODE. The source requirement means ALL the actual code necessary to replicate ALL of the uncrippled functionality of the original GPL product. GPL Source "means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities." Source means ALL the same source that the FreePBX product itself uses to make the product fully functional in an uncrippled, unrestricted manner.

So Sangoma… SHOW ME (ALL) THE SOURCE!

CliffsNotes is a trademark of HOUGHTON MIFFLIN HARCOURT. Reference is a simile only. CliffsNotes makes no product associated with the GPL.

The Rest of the Story for Those That Enjoy Reading

For those that have used the FreePBX GUI, you quickly learn that the best feature of this GPL-touted product is its ability to automatically update all of its included modules with three button clicks. Clicking Check Online gives you an instantaneous snapshot of every component in the GUI and every update that’s available. Clicking Upgrade All tags all of your modules that have an update available. Clicking Process brings all of your modules current. It works exactly the same way whether you have one module to update or twenty. It’s simple, easy, and quick. You couldn’t ask for a better upgrade design.

The deal, of course, with GPL software is that you’re entitled to get the source code with the application itself so that you can make changes and improvements if you choose to do so. We’ve been outspoken critics of the fact that Sangoma doesn’t meet that requirement. And these weekly Twitter ads presumably are their response suggesting that they do. So let’s take a careful look at the ‘GPL Source’ that Sangoma says they’re providing and do a little experiment to find the hole in the socks.

To make this Module Admin component of FreePBX work, you need two pieces: the FreePBX GUI software itself AND the FreePBX Cloud component that houses the (hidden) GPL modules for FreePBX. Sangoma provides only one of the two necessary components. In a previous article, we showed how to build the cloud component to independently maintain the FreePBX GPL modules. The implication from the Twitter ads is that you can build the equally important cloud component using the ‘GPL source’ provided in either Sangoma’s GIT repository or on GitHub. Otherwise, the source code provided yields a crippled version of FreePBX in which the critical Module Admin component wouldn’t function properly. In other words, the GitHub ‘GPL Source’ wouldn’t be the real source code necessary to make the GPL product work as designed. It speaks volumes about the type of "open source" folks we’re dealing with when you come to appreciate that a single Apache command switch (Options +Indexes) is all that would be necessary for Sangoma to provide the Real Source Code™.

So let’s do a simple experiment. First, download the touted ‘GPL Source’ for the Core module that’s buried in GitHub. Next, download the Core module that’s hidden in Sangoma’s Cloud repository. This is the one that’s actually used to update FreePBX using the Module Admin tool explained above. Now let’s expand the tarballs and compare the contents. The GitHub-touted source is pictured on the left. The "real source" from the Sangoma repository is on the right. Can you guess which one will actually work in the cloud repository to make Module Admin and FreePBX function properly?

By comparing the contents of the two tarballs, you’ll notice several things. First, the file names are different. This naming convention is critically important to the FreePBX Module Admin component. One works. One doesn’t. Second, the time stamps on the individual components are different. This is a tell-tale sign that the two tarballs were generated using different programs, none of which have been provided. Third, the "real source" file is over 6,000 bytes larger than the GitHub version. Expanding the two files as we have done above tells you why. The "real source" (on the right) has an extra signature file that is missing from the GitHub version. Not only is the signature file missing, but so is the program to actually generate it.2 This is critically important because FreePBX 12 uses these signature files to determine whether a module is legitimate. Guess which one passes that test?

There’s actually another missing piece that the Sangoma ads and GitHub repositories fail to acknowledge: the XML file for each FreePBX version and the scripts to actually generate the contents of these files. These XML files tell the Module Admin component what modules have been updated and what the checksums for the modules are. The XML files in the cloud and for the individual modules are essential in assuring that you don’t destroy your server by installing a partially downloaded component that cripples the functionality of the FreePBX GUI or brings down your telephone system.

In conclusion, FreePBX is the antithesis of open source and violates the basic tenets of the GPL. Not only is the platform anything but open, but its real source is shrouded in secrecy together with the tools to make the product functional. This is not the way GPL open source projects are supposed to work, and Sangoma should know better. They’ve been a long-time supporter of the open source community.

The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. [Emphasis added.]

Pinocchio would be proud. Standing alone without its hidden components, FreePBX has become the poster child for CrippleWare with its missing pieces and half-baked source code. Giving Sangoma the benefit of the doubt, let’s assume that Sangoma had no knowledge of any of this and chalk it up to the Schmoozers pulling a fast one on the new boss to protect their still-to-be-paid profits from Year One sales of FreePBX commercial offerings. After all, that was the silver lining in the Sangoma purchase contract.

Dear Sangoma: NOW YOU KNOW!

What happens going forward is on your watch, not the previous owners. Sangoma now owns the FreePBX product and is obliged to provide the "real source code" for the program and all of its critical components in accordance with the GPL. We trust that after reading this (and we’ve mailed them a copy), Sangoma will choose to do the right thing for the Asterisk community upon which its livelihood depends. Abide by the terms of your GPL license and release the "real source code" for all of the critical components of FreePBX including all of its GPL modules and all of the pieces necessary to make the cloud repository, XML local and cloud components, and signature generation and checking mechanisms function as designed and integrated into your FreePBX product.

For the rest of the story…

Epilogue. After release of our article, the lead FreePBX developer, Philippe Lindheimer, finally documented Online Module Management… after 9 years of secrecy. Better late than never! This was followed by a posting from Rob Thomas that sought to document the process of writing a new FreePBX module. Anyone with an interest in the GPL and open source software should read both of them. Here are two guys whose entire livelihood is thanks to the open source community. Yet they both tout the FreePBX Distro which is neither open source nor GPL code. Here’s what’s missing with the current FreePBX GUI. Their focus appears to be on the process for introducing new modules into FreePBX, a process that remains proprietary. Our focus has been on obtaining the source for the existing components of the FreePBX GUI. There still is no way to independently replicate the Cloud-based CDN component of FreePBX 12 with the same modules that FreePBX uses because that "open source software" has not been provided. The new FreePBX 12 design requires a PROPRIETARY KEY in order to produce any modules for the FreePBX "GPL" platform. That includes any attempt to replicate the original FreePBX components. Bottom Line: You cannot replicate the same source code that FreePBX 12 uses in the Cloud using the tools provided by the FreePBX developers. And that is a no-no under the GPL unless the apparatus to produce and manage the original keys is also provided. The GPL requires release of the original source upon which the FreePBX platform operates, not a toolkit and not a reworked version using different source resulting in different modules. Providing proprietary tools to generate different source with different module components is NOT the same as original source code… as the GPL requires.

As one of our PIAF Forum users suggested, this design would make perfect sense for a proprietary platform such as the FreePBX Distro, and the developers would do everyone in the open source community a favor by migrating the technology there while restoring the original GPL design of the FreePBX GUI.3

Originally published: Monday, June 15, 2015  Updated: Friday, June 19, 2015   Epilogue: Monday, June 22, 2015



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. Following publication of our article, the ads on Twitter from the FreePBX Community Manager were removed from public view, not exactly the Sangoma response we had hoped for. Now the GPL Source Code AND the ads are hidden. NEWS FLASH: The ads have now reappeared. Coming on the heels of this article, that would appear to be an official FU from Sangoma that they do not intend to release the module source components hidden in their CDN cloud. []
  2. After release of this article, one of the FreePBX developers suggested that the GPL FreePBX Development Tools could be used to build your own Cloud component for FreePBX. There are several problems with that. First, these tools and their output are for development use only and were never intended for use with FreePBX in a production environment. Second, the tools require a (revocable) "key" issued by FreePBX. In and of itself, that makes FreePBX proprietary. Third, this key requires a user to sign a blank check legal indemnification agreement to cover all of Sangoma’s legal expenses (reasonable or otherwise) should they be sued for anything associated with that key. Without a key, unsigned modules (including those from FreePBX’s own GitHub source tree) would generate nasty compromised server messages in the GUI. So, no, providing a toolkit to build crippled source is not the same as providing the actual source code upon which FreePBX relies for proper operation, i.e. the XML and TGZ files hidden in the Sangoma Cloud which in Sangoma-speak is euphemistically described as their content delivery network (CDN). []
  3. We will not get into the developer’s claim in footnote 1 that these FreePBX security breaches were not caused by "a FreePBX exploit" but instead were the result of an "unauthorized module installed on them that was named ‘Admin Dashboard.'" In point of fact, the unauthorized module was detected by some early users of FreePBX 12; however, the exploit that resulted in the introduction of the Trojan module was most definitely caused by a FreePBX exploit, an acknowledged security vulnerability "within the legacy FreePBX ARI Framework module/Asterisk Recording Interface (ARI)." It was that exploit that allowed the introduction of the Trojan module in the first place. As we have often suggested, this vulnerability never would have occurred if all of the aggregations including the FreePBX Distro had provided a locked down firewall as part of their distribution. []

Introducing Incredible PBX 11-12 with Incredible GUI for the Ubuntu 14 Platform

On May 15, we turned the page on Asterisk® GUIs by introducing a new GUI that hopefully provides the best of both worlds. It preserves the GPL components of the FreePBX® product that many of us have nurtured for almost a decade while removing the commercial pieces that have introduced some friction into the equation for users and companies that simply wished to deploy or redistribute a graphical user interface for Asterisk in accordance with the free GPL licenses under which the product and its components were licensed. Last week we did much the same thing with the essential cloud component which serves as the lynchpin for GPL module administration within the GUI itself. Hopefully, these two tweaks will encourage Sangoma, the new owner of the FreePBX project, to do the right thing and get the non-commercial pieces of the project back on the right track moving forward. What we did not want to do was tarnish the incredibly hard work that dozens of developers in the open source community have poured into this project over the past decade. We continue to be amazed at what they’ve been able to achieve, and we salute their accomplishments. The Asterisk 12 and 13 revolution never would have been achieved without the contributions of the FreePBX development team. We think the new Incredible PBX GUI stands as a testament to what can be accomplished while preserving the true spirit of open source development and the terms of the GPL licenses under which this product and its numerous modules were licensed.

Two weeks ago, we introduced the all-new Incredible PBX with Incredible GUI for CentOS, Scientific Linux, and Oracle Linux. Last week we added a Cloud-based GPL repository and all the tools necessary to maintain it. Today we’re pleased to release the production-ready version for the Ubuntu 14 platform with all the bells and whistles including Incredible Fax featuring HylaFax and AvantFax. Today’s release mimics the functionality of the previous build for the CentOS platform with literally dozens of turnkey applications that show off the very best features of Asterisk®. In addition to Incredible PBX, you also get our new GPL repository to maintain release 12 of the GUI. No strings, no gotchas, and no murky licenses. Pure GPL!

Building an Ubuntu 14.04 Platform for Incredible PBX

As a result of the trademark and copyright morass, we’ve steered away from the bundled operating system in favor of a methodology that relies upon you to put in place the operating system platform on which to run PBX in a Flash or Incredible PBX. The good news is it’s easy! With many cloud-based providers1, you can simply click a button to choose your favorite OS flavor and within minutes, you’re ready to go. With many virtual machine platforms such as VirtualBox, it’s equally simple to find a pre-built Ubuntu 14.04 image or roll your own.

If you’re new to VoIP or to Nerd Vittles, here’s our best piece of advice. Don’t take our word for anything! Try it for yourself in the Cloud! You can build an Ubuntu 14.04 image on Digital Ocean in under one minute and install today’s Incredible PBX for Ubuntu 14.04 in about 15 minutes. Then try it out for two full months. It won’t cost you a dime. Use our referral link to sign up for an account. Enter a valid credit card to verify you’re who you say you are. Create an Ubuntu 14.04 (not 14.10!) 512MB droplet of the cheapest flavor ($5/mo.). Go to the Billing section of the site, and enter the following promo code: UBUNTUDROPLET. That’s all there is to it. A $10 credit will be added to your account, and you can play to your heart’s content. Delete droplets, add droplets, and enjoy the free ride!

For today, we’ll walk you through building your own stand-alone server using the Ubuntu 14.04 mini.iso. If you’re using Digital Ocean in the Cloud, skip down to Installing Incredible PBX 11-12 (HINT: 11 tells you the Asterisk release and 12 tells you the GUI release). If you’re using your own hardware, to get started, download the 64-bit Ubuntu 14.04 "Trusty Tahr" Minimal ISO from here. Then burn it to a CD/DVD or thumb drive and boot your dedicated server from the image. Remember, you’ll be reformatting the drive in your server so pick a machine you don’t need for other purposes.

For those that would prefer to build your Ubuntu 14.04 Wonder Machine using VirtualBox on any Windows, Mac, or existing Linux Desktop, here are the simple steps. Create a new virtual machine specifying the 64-bit version of Ubuntu. Allocate 1024MB of RAM (512MB also works fine with a swap file) and at least 20GB of disk space using the default hard drive setup in all three steps. In Settings, click System and check Enable I/O APIC and uncheck Hardware Clock in UTC Time. Click Audio and Specify then Enable your sound card. Click Network and Enable Network Adapter for Adapter 1 and choose Bridged Adapter. Finally, in Storage, add the Ubuntu 14.04 mini.iso to your VirtualBox Storage Tree as shown below. Then click OK and start up your new virtual machine. Simple!

Here are the steps to get Ubuntu 14.04 humming on your new server or virtual machine once you’ve booted up. If you can bake cookies from a recipe, you can do this:

UBUNTU mini.iso install:
Choose language
Choose timezone
Detect keyboard
Hostname: incrediblepbx < continue >
Choose mirror for downloads
Confirm archive mirror
Leave proxy blank unless you need it
< continue >
** couple minutes of whirring as initial components are loaded **
New user name: incredible
< continue >
Account username: incredible
< continue >
Account password: makeitsecure
< continue >
Encrypt home directory < no >
Confirm time zone < yes >
Partition disks: Guided - use entire disk and set up LVM
Confirm disk to partition
Write changes to disks and configure LVM
Whole volume? < continue>
Write changes to disks < yes> < -- last chance to preserve your disk drive!
** about 15 minutes of whirring during base system install ** < no touchy anything>
** another 5 minutes of whirring during base software install ** < no touchy anything>
Upgrades? Install security updates automatically
** another 5 minutes of whirring during more software installs ** < no touchy anything>
Software selection: *Basic Ubuntu server (only!)
** another couple minutes of whirring during software installs ** < no touchy anything>
Grub boot loader: < yes>
UTC for system clock: < no>
Installation complete: < continue> after removing installation media
** on VirtualBox, PowerOff after reboot and remove [-] mini.iso from Storage Tree & restart VM
login as user: incredible
** enter user incredible's password **
sudo passwd
** enter incredible password again and then create secure root user password **
su root
** enter root password **
apt-get update
apt-get install ssh -y
sed -i 's|without-password|yes|' /etc/ssh/sshd_config
sed -i 's|yes"|without-password"|' /etc/ssh/sshd_config
sed -i 's|"quiet"|"quiet text"|' /etc/default/grub
update-grub
ifconfig
** write down the IP address of your server from ifconfig results
reboot
** login via SSH to continue **

Installing Incredible PBX 11-12 on Your Ubuntu 14.04 Server

Adding Incredible PBX 11-12 to a running Ubuntu 14.04 server is a walk in the park. To restate the obvious, your server needs a reliable Internet connection to proceed. Using SSH (or Putty on a Windows machine), log into your new server as root at the IP address you deciphered in the ifconfig step at the end of the Ubuntu install procedure above. First, make sure to run the update step for Ubuntu below before you begin the install. This is especially important if you’re using a cloud-based Ubuntu 14 server.

WARNING: As of early June, 2016, Ubuntu has introduced a bug in their latest MySQL upgrade. Do NOT run apt-get upgrade for the time being, or your Incredible PBX install will fail.

apt-get update && touch /root/COPYING

WARNING: If you’re using a 512MB droplet at Digital Ocean, be advised that the DO Ubuntu setup does NOT include a swap file. This may cause serious problems when you run out of RAM. Uncomment ./create-swapfile-DO line below to create a 1GB swap file which will be activated whenever you exceed 90% RAM usage on Digital Ocean.

Now let’s begin the Incredible PBX 11-12 install. Log back in as root and issue the following commands:

cd /root
wget http://incrediblepbx.com/incrediblepbx11-12.2-ubuntu14.tar.gz
tar zxvf incrediblepbx*
#./create-swapfile-DO
./Incredible*

Once you have agreed to the license agreement and terms of use, press Enter and go have a 30-minute cup of coffee. The Incredible PBX installer runs unattended so find something to do for a bit unless you just like watching code compile. When you see "Have a nice day", your installation is complete. Write down your admin password for the GUI as well as your three "knock" ports for PortKnocker. If you forget your admin password or wish to change it, just run: /root/admin-pw-change. Retrieve your PortKnocker setup like this: cat /root/knock.FAQ.

Log out and back in as root and you should be greeted with a status display that looks something like this after the Automatic Update Utility runs:

Perform the following steps:

Make your root password very secure: passwd
Set your correct time zone: ./timezone-setup
Restart Asterisk: amportal restart
Create admin password for web apps: htpasswd -b /etc/pbx/wwwpasswd admin newpassword
Make a copy of your other passwords: cat passwords.FAQ
Make a copy of your Knock codes: cat knock.FAQ
Decipher IP address and other info about your server: status

Incredible PBX includes an automatic update utility which downloads important updates whenever you log into your server as root. We recommend you log in once a week to keep your server current. Now would be a good time to log out and back into your server at the Linux command line to bring your server up to current specs.

You can access the Incredible PBX GUI using your favorite web browser to configure your server. Just enter the IP address shown in the status display.

When the Kennonsoft menu (shown above) appears, click on the User tab to open the Admin menu. Then click on Incredible GUI Administration to access the Incredible PBX GUI. The default username is admin with the randomized password you wrote down above. If desired, you can change them after logging into the GUI by clicking Admin -> Administrators -> admin. Enter a new password and click Submit Changes then Apply Config. Now edit extension 701 so you can figure out (or change) the randomized passwords that were set up for default 701 extension and voicemail: Applications -> Extensions -> 701.

Setting Up a Soft Phone to Use with Incredible PBX

Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

123 - Reminders
222 - ODBC Demo (use acct: 12345)
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History

The next step is establishing an interface on your PBX to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to use an existing (free) Google Voice account. Google has threatened to shut this down but as this is written, it still works with previously set up Google Voice accounts. The more desirable long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax 11, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Google Voice account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Use a previously configured and dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX 11.

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you’re probably out of luck. Google has disabled the option in newly created accounts as well as some old ones that had Google Chat disabled. Now go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to set up your Google Voice trunk in the GUI. After logging in with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!

IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.

If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.

And here’s another way to access Google Voice securely using an inexpensive commercial SIP gateway:

Troubleshooting Audio and DTMF Problems

You can avoid one-way audio on calls and touchtones that don’t work by entering these simple settings in the GUI: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.

Adding Speech Recognition to Incredible PBX

To support many of our applications, Incredible PBX has included Google’s speech recognition service for years. These applications include Weather Reports by City (949), AsteriDex Voice Dialing by Name (411), and Wolfram Alpha for Asterisk (4747), all of which use Lefteris Zafiris’ terrific speech-recog AGI script. Unfortunately (for some), Google now has tightened up the terms of use for their free speech recognition service. Now you can only use it for "personal and development use." If you meet those criteria, keep reading.

First, log into your server as root and issue the following commands:

# for Ubuntu and Debian platforms
apt-get clean
apt-get install libjson-perl flac -y
# for RedHat and CentOS platforms
yum -y install perl-JSON
# for all Linux platforms
cd /var/lib/asterisk/agi-bin
mv speech-recog.agi speech-recog.last.agi
wget --no-check-certificate https://raw.githubusercontent.com/zaf/asterisk-speech-recog/master/speech-recog.agi
chown asterisk:asterisk speech*
chmod 775 speech*
nano -w speech-recog.agi

Here’s how to activate speech recognition on Incredible PBX. Don’t skip any steps!

Now you’re ready to try out the speech recognition apps. Dial 949 and say the name of a city and state/province/country to get a current weather forecast from Yahoo. Dial 411 and say "American Airlines" to be connected to American.

To use Wolfram Alpha by phone, you first must install it. Obtain your free Wolfram Alpha APP-ID here. Then run the one-click installer: /root/wolfram/wolframalpha-oneclick.sh. Insert your APP-ID when prompted. Now dial 4747 to access Wolfram Alpha by phone and enter your query, e.g. "What planes are overhead." Read the Nerd Vittles tutorial for additional examples and tips.

A Few Words about the Incredible PBX Security Model for Ubuntu

Incredible PBX for Ubuntu 14 is a very secure, turnkey PBX implementation. As configured, your server is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. Nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking.

You can whitelist additional IP addresses for remote access in several ways. First, you can use the command-line utilities: /root/add-ip and /root/add-fqdn. You can also remove whitelisted IP addresses by running /root/del-acct. Second, you can dial into extension 864 (or use a DID pointed to extension 864 aka TM4) and enter an IP address to whitelist. Before Travelin’ Man 4 will work, you’ll need to add credentials for each caller using the tools in /root/tm4. You must add at least one account before dial-in whitelisting will be enabled. Third, you can temporarily whitelist an IP address by successfully executing the PortKnocker 3-knock code established for your server. You’ll find the details and the codes in /root/knock.FAQ. Be advised that IP addresses whitelisted with PortKnocker (only!) go away whenever your server is rebooted or the IPtables firewall is restarted. For further information on the PortKnocker technology and available clients for iOS and Android devices, review the Nerd Vittles tutorial.

HINT: The reason that storing your PortKnocker codes in a safe place is essential is because it may be your only available way to gain access to your server if your IP address changes. You obviously can’t use the command-line tools to whitelist a new IP address if you cannot gain access to your server at the new IP address.

We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. If you use a hardware-based firewall, be sure to map the three PortKnocker ports to the internal IP address of your server!

The NeoRouter VPN client also is included for rock-solid, secure connectivity for remote users. Read our previous tutorial for setup instructions.

As one would expect, the IPtables firewall is a complex piece of software. If you need assistance configuring it, visit the PIAF Forum for some friendly assistance.

Adding Incredible Fax 11 to Your Server

Once you’ve completed the Incredible PBX install, log out and log back in to load the latest automatic updates. Then reboot. Now you’re ready to continue your adventure by installing Incredible Fax 11 for Ubuntu. Special thanks to Josh North for all his hard work on this! The latest download includes the Incredible Fax 11 installer. So just run the script:

cd /root
./incrediblefax11_ubuntu14.sh

Accept all of the defaults during the installation process. IMPORTANT: Once you complete the install, reboot your server. After rebooting, log into the GUI and choose Module Admin and enable the AvantFax module. When you log out of the GUI, there now will be an option for AvantFax on the GUI’s main login screen. Choose it and enter admin:password to login and change your default password. You also can set your AvantFax admin password by logging into the Linux CLI and… /root/avantfax-pw-change.

Incredible Backup and Restore

We’re pleased to introduce our latest backup and restore utilities for Incredible PBX. Running /root/incrediblebackup will create a backup image of your server in /tmp. This backup image then can be copied to any other medium desired for storage. To restore it to another Incredible PBX 11 server, simply copy the image to a server running Asterisk 11 and the Incredible PBX 11-12 GUI. Then run /root/incrediblerestore. Doesn’t get much simpler than that.

Incredible PBX Automatic Update Utility

Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along. Also be sure to check the PBX in a Flash RSS Feed inside the GUI for the latest security alerts.

Mastering the Incredible PBX Applications

Your next stop should be a quick read of the Application User’s Guide for Incredible PBX. Even though the target audience was Raspberry Pi users, the feature set is identical, and this guide will tell you everything you need to know about the dozens of applications for Asterisk that have been installed on your new server.

We also want to encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie. Come join us!

Originally published: Monday, June 1, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. With some providers including ones linked in this article, Nerd Vittles receives referral fees which assist in keeping the Nerd Vittles lights burning brightly. []

Freedom and the FreePBX Cloud: Is an Apple-like Ecosystem GPL-Compliant?

Short Answer: No way, José!     Right Answer: Sangoma should fix it.     Our Answer: New GPL Repo fixes it… today!

We began our series on FreePBX® by providing a GPL-compliant alternative to the base design of the FreePBX GUI minus the elements which have made redistribution and/or code modification difficult despite the clear language of the product’s GPL licenses. In our last article, we introduced new turnkey versions of Incredible PBX for CentOS featuring your choice of the 2.11 or 12.0 Incredible PBX GUI. Coming soon will be new releases of Incredible PBX for the Ubuntu, Debian, and Raspbian platforms so hang in there.

This week we begin our examination of the actual FreePBX design and the morphing that has taken place. We want to give you the full picture of why this led to our decision to no longer support the FreePBX approach to "GPL" software design. We also will provide some additional GPL tools that open up the platform in the way the GPL license requires.

It’s important for everyone to understand the impact of commercialization on project development when organizations bend the rules to suit their own commercial purposes. None of this was Sangoma’s doing. But FreePBX is now Sangoma’s GPL project, and it’s up to them to clean up the mess. For openers, nobody forced the FreePBX developers to release the FreePBX code with a GPL license. But they did it… almost 10 years ago! Only after the product became hugely popular did these folks apparently conclude that maybe giving away their software wasn’t such a good idea after all. You can track when the wheels came off the bus by looking at the project’s history on SourceForge. Not surprisingly, it coincides with SchmoozeCom’s entry into the picture. As Richard Stallman of the Free Software Foundation would tell you, this isn’t about whether code is open source software. Some FreePBX modules are and many are not. But providing source code is merely one aspect of the GPL. So let’s start with some of the actual language from the GPL license:

When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things.

To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. [Emphasis added.]

Today we want to cover the first of several topics you won’t ever hear about in a (commercial) "advanced" training class for FreePBX. In case you haven’t attended one of these lovefests, the training is intended to let (paying) students learn how to customize the settings of the GUI for others willing to pay someone to build them a PBX. There’s nothing particularly wrong with that unless you believe everything associated with free software should be free. We don’t. In any case, you’ll learn how to create extensions and ring groups, inbound and outbound routes, trunk setups, and many of the other (basic) things that Nerd Vittles has been covering (for free) for years. And, of course, you will learn how to market the FreePBX brand and Sangoma-produced commercial modules.

What you won’t hear is anything about the inner workings of FreePBX much less how to customize the product for your own use, i.e. the types of modifications envisioned by the clear terms of the GPL. Those GPL "features" are available on a per customer basis for substantial "customization fees." Translation: roughly the same cost as a new Hyundai for your kid headed off to college. And there’s one other hidden surprise. Even with custom branding of FreePBX, you will remain a captive in the so-called FreePBX ecosystem.

If you’ve enjoyed Apple’s App Store approach to system lock-in, then you’ll feel right at home with FreePBX. The wrinkle is that the FreePBX approach is even more restrictive than Apple’s. For openers, anyone wishing to sell their own commercial module need not apply. Unlike Apple, no commercial offerings from anyone but Sangoma are permitted in the FreePBX ecosystem. Imagine if Digium had adopted a similar approach by barring modules from competing hardware companies from interfacing with Asterisk®. Where would that have left Sangoma? In the case of FreePBX, even if you want to give away a FreePBX-compatible GPL module, you’re out of luck with FreePBX 12 unless you’re willing to underwrite Sangoma’s unlimited legal expenses if they ever get sued. Note our emphasis on unlimited. Sangoma claims they merely copied a general indemnification provision used by others such as Rackspace. But, as one of our readers pointed out:

The link that they claim they used as a template is one I would sign. Sangoma reworded things so that ALL liability is yours, even if an issue arises in their code that affects your code (after the fact). Sangoma in that case, is responsible but YOU have to pay for their legal fees. You cannot have a final say in settlements, they do. They can select whatever priced attorneys they want (you have no say). There is no ‘reasonable’ word usage. They dropped it.

As for your GPL module, yes, you can manually load it and run it without signing the indemnification agreement, but users will have to endure nasty warnings and emails every day which suggest that their server has been compromised.1 Apple, on the other hand, screens free and non-free additions to their App Store and includes literally thousands of third-party apps without anyone having to pay Apple’s legal fees. FreePBX proclaims that "Free Stands for Freedom" but…

I’m reminded of a book that was published during the Vietnam War era: "Military Justice is to Justice As Military Music is to Music." If this is Sangoma’s idea of freedom, I’m not quite sure why anyone would want it except for the fact that they’re the only GUI game in town. The Sherman Act may be unfamiliar territory in Canada, but it might be worth a careful look.

Here’s where the GPL breaks down. Despite the best of intentions, the GPL drafters believed that handing someone the source code for a program was the best way to insure freedom to redesign and redistribute computer programs. That works well when the computer program is a couple hundred lines of code, but it breaks down quickly when you’re dealing with a program that’s been commingled with a commercial Cloud-based hosting service shrouded in secrecy and you’re staring at a million lines of code that can best be described as "engineered obfuscation." Think of it as handing someone a plate of your grandma’s cookies and, when asked for the recipe, you say, "All of the ingredients are right there in front of you." Yes, but…

This is a critically important point so let’s cover it in the context of FreePBX. What do you get and what do you not get when you install or use the product? Because the FreePBX GPL modules are written in unencrypted PHP code, you automatically get the source code when you install each module. It used to be that you also could acquire the modules on a public web site provided by the developers, now Sangoma. As noted last week, that openness came to a screeching halt with FreePBX 12. Until our repository was made available, you could scour the web high and low, but you wouldn’t find the GPL "free" modules for FreePBX 12 in a format directly usable by the FreePBX GUI and its Module Admin update feature which is perhaps the best feature of the GUI. In fact, until today, the only way to acquire the modules in a usable format with error correction was through the FreePBX GUI interface itself using the proprietary, hidden "ecosystem" maintained by Sangoma. The acquisition process itself is buried deep in a million lines of spaghetti code. Yes, you can get the source code, but…



Sangoma hopefully will ponder the words of Richard Stallman, the Founder and President of the Free Software Foundation:

Clearly that server does not respect our freedom, and we should refuse to use it, for the most part.

If we use a GUI for PBX’s, we should load our modules in some way that treats us decently.

So why the mystery with acquisition of FreePBX modules? The simple is answer is that it restricts everyone’s freedom. You can’t redistribute FreePBX without keeping Sangoma and the "non-free" FreePBX ecosystem in the middle of the equation. This provides the ongoing platform for Sangoma to peddle the sale of (only) their branded SIP trunking service as well as (only) their commercial modules. This may be their idea of freedom, but…

Last week we provided the first glimpse of freedom providing a means to break away from the trademark gimmicks of the mothership by using our reengineered GPL GUI with our repository of GPL modules for the new product. What you still lacked was the freedom to break away from our universe and go your own way. Why? Because the FreePBX developers have never revealed their Cloud’s secret sauce much less the tools necessary to create your own GPL module repository and have it function properly within the GUI. Without the cloud access and control, you lose the key module update and monitoring capabilities of the product itself plus the ability to upgrade the GUI to a later version. We used to call this CrippleWare, software with only limited functionality unless you cough up the big bucks. They’ll tell you that it’s all in the source code…

Well, not quite all. FreePBX is open source GPL software minus the secret sauce hidden in Sangoma’s Cloud which is the antithesis of the freedom component of the GPL. If you don’t appreciate the difference and why this runs counter to the GPL, read Richard Stallman’s explanation here. Because Cloud access by design is the only means provided in the FreePBX GUI to load new GPL modules, or to check for and update existing modules, or to upgrade the FreePBX GUI itself,2 the Cloud component is clearly an integral component of FreePBX. As such, it also must be licensed under the GPL and all its source code made available. In the words of the Free Software Foundation:

I’d like to incorporate GPL-covered software in my proprietary system. Can I do this?

You cannot incorporate GPL-covered software in a proprietary system. The goal of the GPL is to grant everyone the freedom to copy, redistribute, understand, and modify a program. If you could incorporate GPL-covered software into a non-free system, it would have the effect of making the GPL-covered software non-free too.

A system incorporating a GPL-covered program is an extended version of that program. The GPL says that any extended version of the program must be released under the GPL if it is released at all. This is for two reasons: to make sure that users who get the software get the freedom they should have, and to encourage people to give back improvements that they make.

However, in many cases you can distribute the GPL-covered software alongside your proprietary system. To do this validly, you must make sure that the free and non-free programs communicate at arms length, that they are not combined in a way that would make them effectively a single program.

The difference between this and “incorporating” the GPL-covered software is partly a matter of substance and partly form. The substantive part is this: if the two programs are combined so that they become effectively two parts of one program, then you can’t treat them as two separate programs. So the GPL has to cover the whole thing.

If the two programs remain well separated, like the compiler and the kernel, or like an editor and a shell, then you can treat them as two separate programs—but you have to do it properly. The issue is simply one of form: how you describe what you are doing. Why do we care about this? Because we want to make sure the users clearly understand the free status of the GPL-covered software in the collection.

If people were to distribute GPL-covered software calling it “part of” a system that users know is partly proprietary, users might be uncertain of their rights regarding the GPL-covered software. But if they know that what they have received is a free program plus another program, side by side, their rights will be clear.

Of course, every new module release brings a new opportunity to change the file and directory structure hidden in the Cloud to once again disguise the secret components required for proper GUI operation. Trust us. They have. Why else would you change a file name from modules-12 to all-12 except to conceal its identity? It’s called security through obscurity. Try searching your server for all-12 and see what you find. This hidden file is what locks you into the Sangoma commercial ecosystem. They call it freedom. It’s really anything but that. A more descriptive label would be a hidden, proprietary GOTCHA. You get some of the source code to make FreePBX work properly, but…

Building an Independent GPL Cloud Repository for the Incredible PBX GUI

Today we’re going to fix this deficiency at least for those using the new Incredible PBX GUI by offering independently developed GPL code that provides the freedom to build your own Cloud-based ecosystem should you wish to do so. We would encourage Sangoma to do the right thing. Stop listening to the former owners of the FreePBX project and become a good GPL steward. It’s your project now. You’ve owned it for almost six months! You’re also a better company than the one you bought. So start acting like it. Bring the FreePBX Cloud-based components out into the open and provide the tools necessary to use them as your GPL product license requires.

What we are providing today are all the components necessary to build an independent GPL Cloud that is compatible with the Incredible PBX GUI. This includes a base install of existing GPL modules that are compatible with versions 2.11 and 12 of FreePBX plus the toolkit to maintain an independent GPL Cloud. To load future modules and updates into your repository, you’ll need a Linux LAMP server running the latest version of Apache and at least PHP 5.4. Neither Asterisk® nor FreePBX is required on the server platform. Be advised that CentOS 6.5 and 6.6 ship with PHP 5.3 so you’ll need to perform the following steps to bring your server up to the 5.4 or 5.5 version of PHP before proceeding. Be advised that your GPL Cloud will only work with GPL-licensed versions of Incredible PBX running the 2.11 or 12 release of Incredible PBX GUI. See last week’s tutorial to get started.

Before we begin, several cautionary notes are in order. First, we can’t control Sangoma’s behavior. Assuming they decide not to comply with the GPL by keeping their Cloud service proprietary, a simple tweak on their end could change the location of their Cloud’s secret sauce at any time. That could very well break the ability to download future GPL modules from their repositories using this toolkit. But don’t worry. If that happens, we’ll be the first to let you know. We figured it out once, and we can figure it out again. You can run, but you cannot hide! We’ll also show you an alternative method to load new modules into your own repository. Second, don’t even think about using your own repository while retaining the original FreePBX GUI instead of updating to the Incredible PBX GUI. A single module update on their end could do a couple of things. It could overwrite the location of the module repositories and restore theirs. Or it could completely disable your server after detecting that you had changed the internal workings of FreePBX. Remember when Apple did just that with jailbroken iPhones? We’re not suggesting Sangoma would actually pull such a stunt. In fact, we don’t think Sangoma would ever stand for that despite a few developers that might have a different view. But we’re warning that it’s simply not worth the risk.

Before you elect to go your own way with your own repository, be advised that importing new FreePBX-compatible GPL modules without first testing each of them with the Incredible PBX GUI is a very bad idea for the reasons already mentioned. We intend to do that with the new Incredible PBX repository, and we would encourage you to adopt the same approach.

Finally, to protect the security and integrity of your GPL Cloud resources, do not include repo.php and the contents of its accompanying src directory in your public repository. Otherwise, anyone with public access to your server would be able to change the contents of your repository. The proper methodology would be to build and maintain your repository off line and then copy the files to a public web server without the tools used to actually create and update the GPL modules and accompanying XML files. The tools themselves are GPL code, and you are more than welcome to redistribute them pursuant to the GPL license. Just don’t post them in decompressed format in your repo thereby making them functional for anonymous attacks against your repository.

To begin, download GPL-repo.tar.gz from SourceForge and decompress the tarball into a folder on your private server:

mkdir repo
cd repo
touch index.html
wget -O GPL-repo.tar.gz http://sourceforge.net/projects/pbxinaflash/files/IncrediblePBX11.11%2B11.12%20with%20Incredible%20GUI/GPL-repo.tar.gz/download
tar zxvf GPL-repo.tar.gz
yum -y install php-simplexml

The file structure will look like this where modules and src are subdirectories:

Within the modules subdirectory will be a packages subdirectory that includes folders for each of the GPL modules. There’s also a licenses folder with all of the applicable GPL licenses.

Within each of the package directories, you will find one or two modules for the two currently supported GPL versions. For example, here are the entries for the framework module:

The lists of the available modules for each supported GPL version are contained in the .xml files in the top level directory: modules-2.11.xml and all-12.0.xml. modules-12.0.xml is a symlink to a previous nomenclature for version 12. These XML files are what Module Admin uses to check for updates available for existing modules on your PBX.

To add or update individual modules in your repository, issue one or both of the following commands using the actual name of the module you wish to add or update. You can decipher the actual names for the modules by checking the FreePBX source listings on GitHub. As we cautioned previously, don’t ever add or update modules without first testing the new module on an Incredible PBX server running the Incredible GUI. If an updated module blows things up, please let us know!

./repo.php 2.11 modulename
./repo.php 12.0 modulename

And here’s how to add any compatible module from any FreePBX 2.11 or 12 server or from GitHub to your repo. On the FreePBX platform, switch to the directory holding the modules: cd /var/www/html/admin/modules. By way of example, let’s assume there’s a javassh module directory.

1. Decipher the current version of the module: grep version javassh/module.xml
2. Create a gzipped tarball of that module including the version: tar -cvzf javassh-VERSION.tgz javassh/
3. Move javassh-VERSION.tgz to your /repo folder: mv javassh-VERSION.tgz /var/www/html/repo

Alternatively, you can use the included git-grab12 script to download the latest version 12 modules in tarball format directly from the FreePBX repository on GitHub:

From your /repo folder: ./git-grab12 modulename (there is no javassh version 12 module)

4. Assimilate the javassh module into your repo as either a 2.11 or 12.0 module or both:

cd /var/www/html/repo
./repo.php 2.11 javassh-VERSION.tgz
./repo.php 12.0 javassh-VERSION.tgz
rm -f javassh-VERSION.tgz

When you’re ready to go public, move the /repo folder and its subdirectories from your private server to a public web server, issue the following commands within the main destination directory on the public server to remove the GPL repo toolkit:

rm -f git-grab12
rm -f repo.php
rm -rf src

The final step is to tell the Incredible PBX GUI the new location of your module repository. For this, you will need a fully-qualified domain name (FQDN) that points to the top-level directory of the repository stored on your public web server, e.g. http://myrepo.me.com. Once you have set up a DNS entry for this address and tested it to be sure it works, all you have to do is configure the GUI to find it. Issue the following command from the Linux CLI after logging into your server as root. Be sure to substitute your actual FQDN and your actual root password for MySQL if you have changed it from passw0rd. If you’re building a number of new servers, you could simply add this line to the end of the Incredible PBX install script. Be sure to copy the entire line below. It should end with double quotes.

mysql -u root -ppassw0rd asterisk -e "update freepbx_settings set value='http://myrepo.me.com' where keyword='MODULE_REPO' and description='repo server' limit 1"

Isn’t it amazing what you can do with some GPL code and a little documentation on how to use it? Freedom At Last!

Originally published: Tuesday, May 26, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. According to a recent tweet from one of the developers, these warnings now can be disabled. That change was more than a year in coming. []
  2. The latest versions of the GPL modules are available in FreePBX’s GIT repo. UPDATE: Although tarballs are available for individual modules, even that format on GitHub would require painstaking, individual imports within the FreePBX GUI and totally defeats the design and purpose of the Module Admin component of FreePBX. []