Home » Posts tagged 'piaf'

Tag Archives: piaf

The Most Versatile VoIP Provider: FREE PORTING

Revolutionary VoIP: The Best (free) PBX Ever from 3CX

blank

There are evolutions, and then there are revolutions. Today is another revolutionary day for free VoIP. The new 3CX v15.5 Update 3 is revolutionary on so many levels: price, feature set, flexibility, stability, and security for openers. For Nerd Vittles readers that want a free PBX for your home or business, here’s the latest and greatest. You get the 3CX Standard License features listed here with up to 16 simultaneous calls for one year. That setup easily supports about 50 extensions. At the expiration of the year, you can purchase the standard annual license OR your free license will automatically convert to a 4-simultaneous-call perpetual license with unlimited trunks for the duration of the installation, including DNS, email, SSL certs, webmeeting, etc. Nothing else to buy ever!1 This perpetual license includes unlimited SIP trunks and gateways, 25-participant conferencing, G.722 and G.729 support with HD Voice, custom FQDNs, BLF support, Call Parking, Call Queueing, Call Pickup, Call Recordings and Management, Call Reporting, Intercom/Paging, Integrated Fax Server and Office 365 Address Book/Microsoft Outlook integration plus all of the 3CX client software. Better hurry. This offer won’t last forever! Here’s the signup link. 2

Unlimited Trunks, 50 Extensions, 16 Simultaneous Calls… Free!

The 3CX development team not only heard but also heeded our suggestion to expand the number of trunks in the free edition by removing the limitation entirely. With small businesses and home users, the number of times you ever will need to make more than 16 simultaneous calls is probably NEVER. Based upon industry standards, this 16-call, 50-extension PBX with unlimited trunks can easily support several dozen people so it’s perfect for home use and small to medium-sized businesses. And, when your business grows, upgrading to a larger PBX is inexpensive and a one-minute key swap.

Cost savings, of course, are only part of the VoIP story. There’s a reason 3CX’s business is growing geometrically while others struggle. 3CX provides an unmatched feature set that’s easy to use and deploy. Version 15.5 Update 3 brings the Linux platform to full parity with 3CX’s previous Windows editions plus all-new 3CX clients for every desktop and mobile device. There’s also an awesome new web client providing users easy access to all key 3CX features without installing any software. Desktop call control including Click2Call now is based on uaCSTA technology. Snom, Yealink, and Granstream phones as well as 3CX clients can be controlled from any desktop client even if your phone system is running in the cloud. And we’ve got a whopper deal for you there as well today.

With 3CX’s powerful client software, your office and your PBX can literally be anywhere. Your desktop is always as close as your smartphone or the nearest WiFi hotspot. That’s what unified communications is all about. And, should you ever need support, 3CX has offices in the U.S., U.K., Germany, Hong Kong, South Africa, Russia and Australia. Review the 3CX feature comparison chart and you can judge the feature set for yourself. Whether you’re a homebody or world traveler, we think you’ll agree that 3CX’s new free edition for Nerd Vittles readers offers everything that a home or SOHO user will ever need in a PBX.

blank

Getting Started with 3CX on Dedicated Hardware or a Virtual Machine. If your platform supports ISO installs, here are the simple steps to get 3CX up and running. Just follow this 3CX tutorial to download the ISO and begin your adventure. Boot your server from the ISO image and walk through the Debian 9 setup process. We recommend 2GB of RAM and a 20GB drive for 3CX. When the install is finished, make note of the IP address to access with a web browser to complete the setup. Enter your 3CX license key when prompted. Set up one or more SIP trunks with inbound and outbound call routes. Once you have the ISO and your license key in hand, the installation procedure takes less than 10 minutes.

Getting Started with 3CX in the Cloud. Begin by setting up a 64-bit Debian 9 platform. Obtain a free Nerd Vittles license key for 3CX. Once your Debian install is finished, log in as root using SSH or Putty and issue these commands. NOTE: What appears as the third line below needs to be added to line #2!

wget -O- http://downloads.3cx.com/downloads/3cxpbx/public.key | apt-key add -
echo "deb http://downloads.3cx.com/downloads/debian stretch main" | tee /etc/apt/sources.list.d/3cxpbx.list
apt-get update
apt-get install libcurl3=7.38.0-4+deb8u5
apt-get install net-tools
apt-get install 3cxpbx

When the initial setup finishes, choose the Web Interface Wizard and complete the install using your favorite web browser. Enter your 3CX license key when prompted. Set up one or more SIP trunks with inbound and outbound call routes. Done.

Beginning with this release, you have your choice of using a Google Cloud-hosted 3CX server at no cost for a year or many other cloud providers of your choice. The problem with the Google Cloud offering is what to do after the first year. Our personal preference is to set up your own cloud server where things stay the same as you move forward from year to year. At this time, 3CX does not support OpenVZ containers. However, Vultr offers a $2.50/month 512MB RAM plan that works just fine. 50 cents more buys you automatic backups that we highly recommend. And OVH offers quadruple the RAM for $4.49/month on a 12-month plan.

Configuring Gmail as SMTP RelayHost for 3CX. 3CX has a detailed tutorial explaining how to set up your Gmail account as the SMTP relay host for 3CX. Be advised that there is one additional step before Google will authorize access from an IP address it doesn’t already have for your GMail account. In addition to Enabling Less Secure Apps (as covered in the 3CX tutorial), you also will need to activate the Google Reset Procedure while logged into your Gmail account. Otherwise, Google will block access. Once you have configured Gmail as your relay host and performed the two enabling steps above, immediately test email delivery within the 3CX GUI while Google security is relaxed: Settings → Email → TEST.

blank

Free Calling in the U.S. and Canada with 3CX. We know our more frugal U.S. residents are wondering if there’s a way to make free calls even with 3CX. You didn’t really think there would be a release of PBX in a Flash without Google Voice support, did you? It’s easy using the Simonics SIP to Google Voice gateway service. Setup time is about a minute, and the one-time cost is $4.99 using this Nerd Vittles link. Setup instructions for the 3CX side are straight-forward as well, and we’ve documented the procedure on the PIAF Forum.

blank

Free Calling Worldwide with SIP URIs. There’s another free calling option as well. 3CX supports worldwide SIP URI calling at no cost. As part of the 3CX install procedure, 3CX registers an FQDN for you with one of the 3CX domains if you indicate that your server has a dynamic IP address. Unless you really know what you’re doing with DNS, it’s a good idea to tell 3CX you have a dynamic IP address whether you do or not. Here’s why. Once you have an assigned FQDN in the 3CX universe, one very slick feature is the ease with which you can publish a SIP URI address for any or all of your 3CX extensions thereby allowing 3CX users to receive calls from any SIP client worldwide at no cost. Setup takes less than a minute. It’s as easy as 1-2-3. Here’s how:

1. Login to the 3CX GUI and go to Settings → Network → FQDN. Tick "Allow calls from/to external SIP URIs" and make note of your FQDN, e.g. mypiaf5server.3cx.us. Click OK.

2. For an extension to enable (e.g. 001), go to Extensions → Edit 001 → Options → SIP ID and create any desired SIP URI alias for this extension, e.g. billybob. Click OK.

3. If your PBX is sitting behind a router/firewall, be sure the following UDP ports are forwarded to the local IP address of your PBX: 5001, 5060, 5090, and 9000-9255.

4. Anyone with a SIP client anywhere worldwide can now call extension 001 using SIP URI: billybob@mypiaf5server.3cx.us.

Originally published: Wednesday, June 7, 2017  Updated: Thursday, February 8, 2018


blank
Need help with 3CX or VoIP? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. This offering applies to 3CX V15.5 Update 3 released on February 8, 2018. []
  2. Don’t confuse 3CX’s free PBX with Sangoma’s FreePBX® GUI. The former is a truly free PBX provided by a well-respected developer of commercial PBXs and used by many of the world’s largest companies including Boeing, McDonalds, Hugo Boss, Ramada Plaza Antwerp, Harley Davidson, Wilson Sporting Goods, and Pepsi. The latter is a code generator for Asterisk® that commingles free components with commercial NagWare, each of which requires payment of separate licensing and maintenance fees before and during subsequent use. []

3CX in the Cloud: 8 Great Ways to Secure Your Server


blank

Now that many of you have taken advantage of the opportunity to deploy a free 3CX server, it seemed like an opportune time to share what we’ve learned while deploying 3CX on hosted platforms in the cloud. If you’ve followed our Nerd Vittles adventures over the years, you already know that our number one consideration with any PBX deployment is security. Without that, you’re just paying somebody else’s phone bill. While 3CX is extremely secure as delivered, once you choose a cloud-based platform, it’s a new ballgame. There is no 3CX firewall sitting between your PBX and the Internet.

We hear some of you saying, "I love Asterisk. Why would I want to move to 3CX?" The short answer is don’t move, add a new 3CX server to supplement your existing Asterisk® infrastructure. Why? Because the 3CX Clients for Windows, Macs, iOS, and Android are incredibly compelling. You can make a connection from anywhere using WiFi or cellular infrastructure and make crystal clear calls with zero hassles. Better yet, folks can reach you on your mobile phone from anywhere in the world at zero cost by dialing your SIP URI using any SIP device including SIP softphones and other 3CX Clients. And the 3CX Client is literally plug-and-play. Send the welcome email for the extension you wish to activate on the 3CX Client, and in one-click your 3CX Client is automatically configured and on line. By interconnecting your 3CX server with your existing Asterisk infrastructure, you get the best of both worlds without the messy NAT and firewall problems that were daily fare using Asterisk alone. But we’re getting ahead of ourselves, let’s get your 3CX server in the Cloud properly secured before moving on to the fun stuff.

Five years ago, we first introduced our Failsafe PBX Security Tips to Sleep Like a Baby. That’s well worth a careful read before we begin. For today, we’ll be implementing most of the Travelin’ Man 3 Security Model with a few tweaks to take advantage of existing 3CX security features. We’ll walk you through (1) choosing a cloud platform, (2) deploying the IPtables Linux firewall, (3) implementing a WhiteList to hide your server from those that don’t need access, (4) installing PortKnocker to make it easy for end-users to give themselves access to your PBX, (5) configuring FQDNs and implementing dynamic DNS updates for remote users, (6) setting up a BlackList to complement 3CX’s existing Anti-Hacking mechanisms, (7) deploying IPset to facilitate blocking entire countries from accessing your server, and (8) protecting SSH by setting up Fail2Ban and changing ports.

Let’s spend a moment considering the best security methodology for your cloud-based server. The short answer is IT DEPENDS. If all of your users are situated in the same location and never travel and you don’t care to enable SIP URI calling from anywhere in the world to save on phone costs, then the solution is pretty easy. We can lock your server down to the public IP address of your private LAN, and nobody else will ever see your server. Once you add users outside your home office, things get more complicated. If they are all sitting behind local routers with public IP addresses that are static, things are still fairly straightforward. We can whitelist all of the static IP addresses, and again nobody else will see your 3CX server. If you have users that travel for a living or need 3CX Client connectivity from their smartphones or from PCs at various locations that only have dynamic IP addresses, then things get more complicated. You can take your chances and expose SIP communications ports while locking down other access, or you can lock down everything, assign FQDNs to each user, and use dynamic DNS clients running on Android or iOS devices or local PCs to regularly update IP addresses of users in the firewall whitelist.

Another option that we use when traveling is PortKnocker which will be installed as part of our Travelin’ Man 3 security suite. The way this works is you send a single packet to three different TCP ports on your server using a predefined sequence of 3 port numbers. When there is a match, the server will automatically whitelist your IP address. Then you can log into SSH or the Web portal or use a 3CX Client in the usual way. There are PortKnocker clients for smartphones (Android’s DroidKnocker and iOS PortKnock), or you can use the command line from a Linux server to immediately authorize remote access from any IP address. No firewall modification is required. By default, Travelin’ Man 3 temporarily authorizes IP address access until the next server reboot. But you can elect to permanently whitelist the IP addresses if desired. Again, all of this can be performed remotely by end-users without ever touching your server or calling upon assistance from an administrator.

Finally, we’ve provided utilities in /root to assist an administrator in whitelisting IP addresses (add-ip) or FQDNs (add-fqdn) as well as removing whitelisted entries (del-acct). In addition, if you prefer to leave your server exposed, we’ve included tools to blacklist IP addresses (add-blacklist), and our discussion below will provide some alternatives to secure SSH access. Whichever path you choose, just be aware that server security it totally your responsibility, not ours and not 3CX’s. We strongly recommend that you regularly monitor the Event Log in the 3CX Dashboard for security issues and attempted breaches. You then can make firewall adjustments to address the problems or to further lock down your server.

LEGAL DISCLAIMER: ALL OF THE SECURITY CODE WHICH FOLLOWS IS DISTRIBUTED AS IS AND PURSUANT TO THE GPL2 LICENSE. YOU AGREE TO ASSUME ALL RISKS BY USING THIS SOFTWARE. YOU ARE FREE TO MODIFY IT TO MEET YOUR REQUIREMENTS SO LONG AS YOU COMPLY WITH THE GPL LICENSE TERMS AVAILABLE HERE.

For today’s tutorial, we will cover both the WhiteList 3CX firewall methodology and the less secure BlackList alternative. We’ll walk you through exposing the necessary ports if you elect to use this relaxed security configuration for your server. Just be aware that it’s your phone bill at stake particularly if you have authorized calls to countries outside the location of your server as part of your 3CX setup.

1. Choosing a 3CX Cloud Platform

Here are a few things to consider when choosing a cloud platform for your 3CX server. Keep in mind that the cloud giants like Amazon charge for data bandwidth usage AND data storage AND processing cycles. Even though Amazon uses what are traditionally considered non-routable IP addresses internally, be advised that Amazon internally routes these private LAN addresses. What that means is that, if you have whitelisted private LAN addresses in the 172.16.0.0/12 range, you will expose your server to hacking attempts from anyone with an Amazon S3 account. For that reason coupled with the pricing structure, we recommend against using Amazon as your 3CX cloud platform.

We also recommend you stick with VPS hosting plans using the KVM architecture and avoid OpenVZ unless it’s hosted with Virtuozzo 7. The traditional shared kernel architecture of OpenVZ means you will forfeit the ability to use powerful tools such as IPset to blacklist country-wide IP addresses from countries such as China and Russia. Over 90% of the attacks we see on our web sites originate from IP addresses in just those two countries. Fortunately, the new Virtuozzo 7 implementations of OpenVZ support ipset. SSDnodes in Montreal is the provider we use.

The rest of the cloud platform equation comes down to balancing the feature set and performance against the cost. At the bottom of the barrel is CloudAtCost which offers lifetime cloud services for a one-time charge PLUS an annual maintenance charge. Performance and reliability range from awful to tolerable. As an experimental platform, it’s worth considering. For anything beyond that, don’t waste your time or money.

Our preferences in low-cost, moderate performance cloud platforms include OVH virtual private servers ($3.49/mo. for 2GB RAM, 10GB SSD, 100Mbps unlimited bandwidth, and DDoS protection), Vultr VPS ($5/mo. for 1GB RAM, 25GB SSD, 1TB bandwidth), and Digital Ocean ($5/mo. for 512MB RAM, 20GB SSD, 1TB bandwidth plus $10 usage credit). For high performance, long-term use, nobody beats our corporate sponsor, RentPBX.com, at $15/mo. with referral code: NOGOTCHAS.1

2. Deploying the IPtables Linux Firewall

We’ve taken the pain out of deploying IPtables as a 3CX firewall. Our Travelin’ Man 3 script for 3CX does the heavy lifting for you by installing and preconfiguring IPtables and a collection of other security components. There are two alternatives when running the installer. You can completely lock down your server and use a firewall whitelist to enable access from specified IP addresses or FQDNs. There are utilities to allow administrators and end-users to add their own addresses to the whitelist. The other option is to run 3CX without the whitelist functionality and employ blacklisting to reduce the exposure of your server. This obviously increases the security risks but reduces the administrative burden on administrators and end-users. And, as you probably know, 3CX includes some security mechanisms to block or reduce attacks on your server. A third option using 3CX Clients or SBCs in networks that prevent VoIP calls is to deploy 3CX’s VPN-like Tunnel. This is well documented in this server tutorial and this client tutorial. It’s worth a careful look if you’re in a country that blocks VoIP calls, and it works with either TM3 firewall configuration. A fourth option which we will save for another day is to employ virtual private networks such as OpenVPN and NeoRouter. With VPNs, there’s more work on the front end but less day-to-day administration once properly configured.

If you don’t have widely scattered users and traveling users that need to employ 3CX Clients, the WhiteList option is far preferable. It sets up a WhiteList of devices that are authorized to access your PBX. Nobody else can even see the server on the Internet. To get started, log into your server as root using SSH or Putty. Be sure to login from a computer that will be used to manage your server so that this computer’s IP address gets whitelisted. You don’t want to lock yourself out of your own server! Then issue the following commands at the Linux prompt to run the TM3 installer, accept the license agreement, and choose either the WhiteList or BlackList option when prompted:

cd /
wget http://incrediblepbx.com/tm3-3cx.tar.gz
tar zxvf tm3-3cx.tar.gz
rm -f tm3-3cx.tar.gz
cd /root
./tm3-3cx.sh

When the installer finishes, press ENTER. You now have a functioning 3CX firewall with IPtables and Fail2Ban functionality to protect SSH logins from hacking attempts, IPset to block server access from certain countries, PortKnocker to facilitate remote user access to servers employing a WhiteList, and a collection of utilities in /root to facilitate WhiteListing and BlackListing of IP addresses and FQDNs by administrators.

3. Implementing the 3CX Firewall WhiteList

For the more technical types, here’s an overview of how the IPtables firewall is configured and functions. Currently, only IPv4 is protected. The basic setup is handled in /etc/iptables/rules.v4 by making a copy of rules.v4.tm3 and whitelisting 3 IP addresses: your server, your user PC from which you logged into SSH, and your public IP address. Additional whitelist entries are added using add-ip or add-fqdn in /root. Or end users can whitelist themselves using the PortKnocker credentials stored in /root/knock.FAQ. IPtables ALWAYS must be restarted/reloaded using the command: iptables-restart. This assures that all necessary components are reloaded including the base rules.v4 IPtables config plus the custom config in /usr/local/sbin/iptables-custom plus Fail2Ban. An administrator can remove whitelisted entries using /root/del-acct using the *.iptables filename associated with the entry to be removed. PortKnocker whitelist entries are stored by creation date.

Two templates for the TM3 custom configuration are stored in /usr/local/sbin. The WhiteList is iptables-custom.secure. The BlackList is iptables-custom.insecure. As part of the install, one or the other is copied into iptables-custom for use with your IPtables firewall. The code is well documented so that administrators can easily make modifications to support your own requirements. Simply rerun the tm3-3cx.sh installer once you have made changes, and your server will be reconfigured. Be advised that any previously added whitelist entries should be removed (/root/*.iptables) BEFORE rerunning the installer as these entries will not be replicated.

4. Using PortKnocker with the TM3 Firewall

There are two ways to use PortKnocker for end user management of the WhiteList. The default methodology is to temporarily WhiteList qualifying IP addresses whenever a successful port knock is performed from any remote site. This WhiteList addition to the firewall lasts only until the firewall is restarted with iptables-restart or the server is rebooted. For a mobile workforce, this is probably the preferable alternative with frequently updated remote IP addresses. The other alternative is to permanently add successful PortKnock IP addresses to the iptables-custom whitelist. The administrator can activate this by running the following command: iptables-knock activate. As with other WhiteList additions, these are stored in /root as *.iptables. To use PortKnocker, remote users will need the secret knock credentials stored in /root/knock.FAQ. Should you ever need to modify these codes when an employee is fired, simply edit /etc/knockd.conf and change the codes. Remember to revise /root/knock.FAQ with the new codes. Then restart PortKnocker: /root/knock-tester.sh.

5. Configuring Dynamic DNS for End Users

Here’s an easier way to set up remote users whose IP addresses regularly change either because of an ISP’s dynamic IP addressing scheme or because the user travels or frequently uses 3CX Clients from a smartphone. The trick here is to assign a fully-qualified domain name (FQDN) to each remote user’s device and then deploy a dynamic DNS update application on their device to keep the user’s current IP address in sync with their FQDN. As part of the TM3 implementation on 3CX, we included the /root/ipchecker script which checks for IP address changes every 10 minutes and updates the firewall whitelist accordingly. All that is required from the administrator is running /root/add-fqdn once for each remote user. Everything else is automatic on the 3CX server and the end user device.

There are a number of Dynamic DNS providers. Some are free and others have a modest annual fee. When it comes to DNS service, you get what you pay for. And our favorite remains dyndns.com. There are hundreds of domain names from which to choose, and there are update clients for most client platforms: Windows, Mac, Linux, iOS, and Android.

The setup procedure is straight-forward. (1) Choose a FQDN for each of your users on the dynamic DNS provider site. (2) Install and configure the DNS updater on each client device. (3) Run /root/add-fqdn on your 3CX server to add the FQDNs of each user to the TM3 WhiteList. (4) Restart IPtables: iptables-restart.

6. Implementing BlackLists with the TM3 Firewall

If an administrator elects NOT to deploy the 3CX firewall with a WhiteList and opts for the open 3CX firewall, then there are some additional steps to assure that your server remains secure. First, you’ll want to carefully monitor the 3CX Event Log in the 3CX web dashboard. When you spot hacking attempts that are being temporarily blocked by your 3CX server, immediately add them to your IPtables BlackList: /root/add-blacklist ipaddress. Thereafter, those users will no longer be able to access your server. After adding less than a handful of entries, our exposed server has not seen any further hacking attempts. YMMV!

7. Configuring Country Blocking with IPtables

The primary reason individual blacklist entries are unnecessary is because the TM3 installer automatically configures IPset to block access from a number of problematic countries. You can review these in /etc/block-china.sh and make modifications based upon your own requirements. Keep in mind that, if you add or remove countries from the script, you will need to add/remove the same entries in /usr/local/sbin/iptables-custom to assure that all of the countries you intend to block are assimilated into your firewall’s blacklist. Then reload the IPset tables and restart IPtables with this command: /etc/block-china.sh. To begin, you’ll need to decipher the country code for additional countries you wish to block. The country listing with codes is available here. The IPset country zones are available here.

The syntax for a new country addition in /etc/block-china.sh looks like this with the country name inserted in lines 1 & 4 and the country code inserted in lines 2 & 3:

/sbin/ipset -N china hash:net
rm cn.zone
/usr/bin/wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone
for i in ; do /sbin/ipset -A china ; done

The blacklist entries in /usr/local/sbin/iptables-custom look like this using the country name from above:

/sbin/iptables -A INPUT -p tcp -m set --match-set china src -j DROP
/sbin/iptables -A INPUT -p udp -m set --match-set china src -j DROP

None of the country modifications take effect until you reload the IPset tables and restart IPtables. Both are accomplished by running /etc/block-china.sh.

8. Hardening SSH with 3CX in the Cloud

If you chose to implement the TM3 WhiteList option, SSH on your 3CX server is insulated from SSH attacks because the bad guys can’t see or access port 22 on your server. However, if you’re using the non-WhiteList approach with IPtables, then some additional safeguards to secure SSH are appropriate. As part of the TM3 security suite, Fail2Ban was installed to block repeated attempts to login to SSH. While this offers some protection, be advised that Fail2Ban scans logs and, as such, requires a sufficient time slice of processing power to complete the task regularly. Some of the more vicious hacking attempts originate from extremely powerful server platforms that can monopolize processor resources thereby depriving Fail2Ban of the necessary horsepower to adequately protect your server from brute force SSH attacks. The most important thing you can do to protect SSH on your server is to regularly review /var/log/auth.log for hacking attempts and block those IP addresses using the add-blacklist script.

The most effective way to configure SSH access is to deploy key-based authentication using cryptographically secure keys. Once enabled and tested, be sure to remove the ability to login using your root password. But be aware that removing root password access will mean that you cannot login to your server from multiple devices without copying your private key to every device from which you wish to obtain access. An excellent tutorial that will walk you through the basic implementation procedure is available from Digital Ocean.

The other effective way to minimize SSH attacks is to change the default access port on your server from port 22 to some other TCP port above 1024. While there are arguments against this approach, if you have a dedicated IP address assigned to your server, the likelihood of a bad guy hijacking your IP address and setting up a script to fake SSH behavior and surreptitiously collect your passwords is extremely remote. Most of the bad guys use toolkits that target port 22 for brute force SSH attacks. By changing the port, you cut your vulnerability by about 99 per cent. Here’s how. First, edit /etc/ssh/sshd_config. Change the line near the top of the file from Port 22 to some port number above 1024. If the line is commented out with #, remove the #. Second, edit /etc/iptables/rules.v4. On or about line 27, change 22 to the port number you assigned in the first step. Third, edit /etc/fail2ban/jail.conf. Scroll down to the [ssh] section of the file and change the port entry to: port = ssh,1234 where 1234 is the port number you assigned in step one. Save the file. Fourth, restart SSH: /etc/init.d/ssh restart. Finally, restart IPtables: iptables-restart.

When using an SSH client to login to your server, the new syntax should look something like this: ssh -p 1234 root@ipaddress where 1234 is the port you assigned for SSH access to your server and ipaddress is the IP address or FQDN of your server. When using putty, be sure to change the port to match the SSH port you assigned for SSH access to your server.

Nerd Vittles Exclusive: Grab your new (free) 3CX perpetual license with unlimited SIP trunks, 10 extensions, 4 simultaneous calls, and 10-user conferencing here.

Originally published: Friday, June 23, 2017


blank
Need help with 3CX or VoIP? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. Some of our links refer users to providers that support Nerd Vittles through referral fees or advertising. These funds help cover the costs of our blog. We never recommend particular products solely to generate revenue. However, when pricing is comparable or particular features warrant our recommendation, we support these vendors and deeply appreciate their financial support of our software development efforts. []

The World Traveler and 3CX: A Match Made in Heaven

blank

Last week we introduced the new (free) version of PIAF5 powered by 3CX v15.5 supporting four simultaneous calls, unlimited trunks, 10 extensions, and 10-user conference calls. And today we’re torture-testing our new 3CX server in the Bahamas aboard one of Carnival’s 3,000-passenger floating cities. Somebody’s gotta do it, right? What makes this such a challenging test for any PBX are several things. First, we’re using a free Google Voice trunk on a free 3CX PBX that we configured in under 10 minutes at CloudAtCost for a one-time cloud server charge of $17.50. Second, we’re sharing a satellite Internet connection with 3,000 other people in the middle of the Caribbean. The weekly charge is about $100 so every Internet junkie subscribes. Third, we’re using a 3CX Client on an iPhone in Airplane Mode. And, finally, we’re sitting behind the most Draconian firewall you can imagine because Carnival assumes everyone is a bad guy trying to bring their Internet service to its knees.

For those coming from the Asterisk® world, I don’t have to remind you how challenging this NAT-based setup would be even assuming you had a flawless Internet connection. Believe me. We don’t. And the secret sauce that makes all of this seem like child’s play is the latest collection of 3CX Clients for PCs, Macs, Android devices, and iPhones/iPads. Simply download the client for your platform, log into your 3CX portal and send the welcome email from a configured extension to your phone, open the email on your phone and double-click on the attachment, and boom. Your 3CX Client is automatically configured in seconds and ready to make your first call. A monkey could do it. It’s that easy!

blank

So our torture-test for today looks more like a final exam in VoIP telephony. We’ll be using Carnival’s WiFi connection from our iPhone with its iOS 3CX Client. We’ll dial into the Incredible PBX™ at our office in Charleston. The office number is configured with a Stealth AutoAttendant which we’ll use to make an outbound call to our Demo IVR in Marbella, Spain using DISA and a FreeVoipDeal trunk. For the techies, it’s the NAT Trifecta with DTMF hurdles that are virtually impossible to traverse using Asterisk and any SIP client.

blank

Guess what? It not only works, but it sounds like you’re sitting in the adjoining office. No echo, no DTMF problems, no missing audio, and no detectable problems in voice quality with either the Charleston IVR or the Marbella IVR. If cost matters and traveling is a key component in your telephony requirements, you owe it to yourself to set up a free 3CX PBX and take it for a spin. Whether you use it to supplement an existing Asterisk setup or as a standalone PBX, we think you’ll be thrilled with the results.

Continue reading about the new, free PIAF5 server powered by 3CX v.15.5

Originally published: Monday, June 12, 2017


blank
Need help with 3CX or VoIP? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Best of Both Worlds: Marrying Asterisk to 3CX’s Free PBX with a $35 Raspberry Pi

blank

One of the real beauties of Asterisk® has always been its flexibility in talking to other PBXs, both commercial and open source. There are numerous reasons why you might want to try this. First, it makes it easy to migrate to a commercial platform where you can get support for mission critical telephony requirements. Second, you may want a hybrid setup where servers with on-site support personnel can run Asterisk while remote satellite offices can take advantage of a commercial PBX and the support options it offers. Third, you may want to take advantage of specific features that are only available by relying upon multiple PBX solutions. In the case of 3CX, their integrated softphone clients with one-click setup simplicity, conferencing and WebRTC apps, and Call Center offerings are the best in the business while providing unmatched VoIP security. Asterisk on the other hand is light-years ahead of almost everybody in the text-to-speech and voice recognition fields while offering the most powerful VoIP toolkit to build any custom VoIP application imaginable.

Today we thought it would be fun to walk you through the easy way to tie an Incredible PBX server with all its features to a powerful (free) 3CX platform with its virtually flawless softphone clients.1 When we’re finished, you’ll have a free 3CX server in the Cloud at a one-time total cost of $17.50. And you’ll be able to place and receive free U.S./Canada calls from any iPhone, Android phone, or PC using the 3CX client from anywhere in the world with nothing more than a WiFi connection. The Google Voice trunk supporting the calls will reside on Incredible PBX for the Raspberry Pi. When you’re sold on the power of the 3CX platform, you can upgrade to the 3CX 4-simultaneous call commercial offering with unlimited users and trunks at an annual cost of just $149. Maintenance and upgrades are included. Large organizations have relied upon back office servers for custom applications forever. And now you can take advantage of the same flexibility using a tiny $35 Raspberry Pi and our free (as in really free) Incredible PBX software. No Gotchas!

Initial Raspberry Pi Platform Setup

Before we can interconnect 3CX’s Free PBX with a Raspberry Pi, you obviously have to set up both PBX platforms. For the Raspberry Pi, our recent Nerd Vittles tutorial will walk you through the setup process. In lieu of a Raspberry Pi, you can use any legacy FreePBX®-based Asterisk platform including Incredible PBX 13, PIAF3, Elastix®, AsteriskNOW®, or FreePBX Distro®. The setup procedure is exactly the same.

Building a 3CX Server in the Cloud

Building a 3CX server in the Cloud is equally easy. Let’s go through the process once again. If you’re just experimenting, a lifetime Cloud-based server at CloudAtCost for a one-time charge of $17.50 cannot be beat. We would hasten to add that we don’t recommend this platform for production use, but it’s a terrific proof-of-concept option. When you’re actually ready to deploy 3CX for production use, the least costly Cloud solution is the $3.49 per month OVH RAID offering with 2GB of RAM and 10GB storage. The $5 per month offerings from Digital Ocean and Vultr are other alternatives worth a look. Both of these platforms come with free credits ($10 and $20, respectively) to let you try things out.

To get started, sign up for a $17.50 server at Cloud at Cost. They will send you credentials to log into the Cloud at Cost Management Portal. Change your password IMMEDIATELY after logging in. Just go to SETTINGS and follow your nose.

To build your free 3CX PBX, create a virtual machine by clicking on the CLOUDPRO button in the CloudAtCost control panel. Then click Add New Server. Choose 1 CPU, 512MB RAM, and 10GB storage for your server. Choose Debian 8 64bit as the OS Type and click Complete.

While CloudAtCost is building your server platform, obtain a free license key for 3CX.

blank

Once the Debian 8 server appears in your Control Panel, it will look something like what’s shown above, not CentOS obviously. The red arrow points to the i button you’ll need to click to decipher the password for your new virtual machine. You’ll need both the IP address and the password for your new virtual machine in order to log into the server which is now up and running with a barebones Debian 8 operating system. Note the yellow caution flag. That’s telling you that Cloud at Cost will automatically shut down your server in a week to save (them) computing resources. You can change the setting to keep your server running 24/7. Click Modify, Change Run Mode, and select Normal – Leave Powered On. Click Continue and OK to save your new settings.

blank

Finally, you’ll want to change the Host Name for your server to something more descriptive than c7…cloudpro.92… Click the Modify button again and click Rename Server to make the change. Your management portal then will show the new server name as shown above.

Next, log in to your new Debian server as root using SSH or Putty and issue the commands below. Step #1 is to change your root password. What appears as the fourth line below is actually part of the third line and needs to be run as a single command. The last line to install SendMail will actually be run after you elect to use the Web Interface Wizard to configure 3CX. Just run it from the SSH command line before you switch to a browser to complete the 3CX setup.

passwd
wget -O- http://downloads.3cx.com/downloads/3cxpbx/public.key | apt-key add -
echo "deb http://downloads.3cx.com/downloads/3cxpbx/ /" | tee /etc/apt/sources.list.d/3cxpbx.list
apt-get update
rm -f /zang-debian.sh
apt-get -y install 3cxpbx
apt-get -y install sendmail sendmail-bin

When the initial setup finishes, choose the Web Interface Wizard and complete the install using your favorite web browser. Enter your 3CX license key when prompted. Make up a very secure Username and Password to access your 3CX portal. Specify that your IP address is Dynamic when prompted (even though it isn’t). This tells 3CX to generate an FQDN for your server. Accept the default ports for HTTP (5000) and HTTPS (5001) access to your server. We recommend choosing 4-digit extensions numbers which will make it easy to distinguish 3CX extension numbers from 3-digit extension numbers of the RasPi platform. While logged into the 3CX management portal, adjust Settings → Email to Mail Server → 127.0.0.1 and Reply to → noreply@YourActual3CX-FQDN. Leave the other settings blank and click TEST then OK. Now download your favorite 3CX smartphone client, send yourself the Welcome Email for your default extension, and your 3CX initial setup is complete.

blank

Server Interconnection Overview

Now we’re ready to interconnect the two servers. What we’ll be doing is creating Trunks on both the Raspberry Pi and the 3CX server and tying them together. We’ll use this trunk to handle the call traffic between the two PBXs. Then we’ll add incoming and outgoing call routes on both servers to specify how the individual calls should be routed. Because the free version of 3CX limits the administrator to a single trunk, we’ll offload all of the provider trunks to the Raspberry Pi and reserve the one available 3CX trunk as the interconnect path to the Raspberry Pi. For today’s setup, we’ll use 3CX’s free softphone clients as the actual phone devices for end-users. Of course, you could also use your favorite SIP phones, and 3CX provides automatic configuration for dozens of devices. But we want to introduce the 3CX smartphone clients because they provide an incredibly easy way to get users connected without having to worry about punching holes in firewalls.

To place outbound calls on the 3CX side, 3CX provides enormous flexibility in call routing. Because we chose 4-digit local extensions when we set up the 3CX server, it will make it easy to route other calls through the outbound trunk to the Raspberry Pi using nothing more than the length of the dial string. For example, 3-digit calls line up perfectly with extension numbers on the Incredible PBX for RasPi platform. So 3CX users can easily reach extensions connected directly to the Raspberry Pi. And 10-digit 3CX calls will be forwarded to the Raspberry Pi as traditional outbound calls. They will be processed just as if you had dialed a 10-digit call from a Raspberry Pi extension. For example, if you have a registered Google Voice trunk to handle 10-digit calls on the Raspberry Pi, then the same call path would be used for calls originating from 3CX extensions. And, yes, calls to the U.S. and Canada would still be free and would display the CallerID associated with the Raspberry Pi’s Google Voice trunk. You could get more creative and add an additional dialing prefix on the 3CX side to route specific types of calls to a designated outbound trunk on the Raspberry Pi side based upon the dialing prefix, but we’ll leave that as a homework project for you.

For incoming calls on the 3CX side, in addition to 4-digit local extension-to-extension calling, we can define the destination for incoming calls that originate from either a Raspberry Pi extension or from outside calls coming in from one of the Raspberry Pi’s provider trunks. These are managed by assigning one or more DIDs in the 3CX trunk configuration and then creating 3CX Inbound DID Rules that tell 3CX where to route calls to each defined DID. For 3CX softphone clients registered to extensions, it means your cellphone will ring whenever a call is routed to that particular extension. On the Raspberry Pi side, we create Incoming Call Routes for each DID to be routed to 3CX and specify our defined 3CX trunk as the destination for incoming calls from those DIDs. Not all DIDs on the Raspberry Pi have to be routed to the 3CX server obviously. That is merely one of many call destination options available to the administrator on the Raspberry Pi server.

blank

Here’s a typical call path for an outside call that is placed to a Google Voice number registered with your Raspberry Pi. The Asterisk server running on the Raspberry Pi would answer the call placed to the Google Voice Trunk. Asterisk then would check for an Incoming Route on the Raspberry Pi with a DID matching the number of your Google Voice trunk. Finding a match, Asterisk would check for the desired destination of the call and would note that it is listed as the registered 3CX trunk. Asterisk would pass the call through this trunk to the 3CX server including its associated DID and CallerID info. The 3CX server would answer the incoming call and would check for an Incoming Route matching the DID passed from Asterisk. Finding a match, it would pass the call to the Extension specified in the Incoming Route. When 3CX rings the extension, it would also detect that a softphone was registered to that extension and would also ring the 3CX client on the user’s smartphone. The user answers the call on the 3CX client of their smartphone and begins a conversation. The free version of the 3CX server supports 8 simultaneous calls so you are unlikely to ever run out of call paths for calls in the home and small office environment.

Firewall Setup for Server Interconnection

Because the 3CX server is sitting in the Cloud, its firewall is configured automatically as part of the setup process. If your Raspberry Pi is sitting behind a NAT-based firewall, then you would need to map port UDP 5060 from the router on your public IP address to the private IP address of your Raspberry Pi. In addition, login to your Raspberry Pi as root using SSH and run /root/add-ip to whitelist the public IP address of your 3CX server in the cloud. Otherwise, the 3CX server cannot establish a connection to your Raspberry Pi.

Raspberry Pi Trunk Configuration

Using a browser, login to the web interface for FreePBX on your Raspberry Pi and choose Connectivity → Trunks → Add SIP (chan_sip) Trunk. Name the trunk remote. In the Outgoing Settings, make the entries shown below naming the trunk remote and using a secure secret that will be used to interconnect the two servers. The Register String looks like the following: main:secret@3CX-IP-Address where main is the 3CX server trunk name, secret is your secure secret, and 3CX-IP-Address is the 3CX public IP address.

blank

3CX Trunk Configuration

Using a browser, login to your 3CX server: https://3CX-IP-Address:5001 or http://3CX-IP-Address:5000. From your Dashboard, choose SIP Trunks → Add SIP Trunk. Create a Generic SIP Trunk and then fill in the blanks as shown below. For Registrar/Server/Gateway Hostname or IP, use the public IP address or FQDN of your Raspberry Pi. For Type of Authentication choose Outbound. The authentication credentials should be remote and the secure secret you chose, and the Main Trunk No should match the DID of the Google Voice trunk you set up on your Raspberry Pi. Then pick a default Destination for incoming calls.

blank

3CX Outbound Rules Configuration

Next, we need to tell 3CX which outgoing calls to send out through the Raspberry Pi trunk we just set up. In our example today, we’re going to send all 10-digit calls and 3-digit calls. The 10-digit calls will be routed out the Google Voice trunk on the Raspberry Pi side. And the 3-digit calls will be sent directly to Raspberry Pi extensions. So we’ll need two Outbound Rules.

For the first rule, choose Outbound Rules → Add. For the Rule Name, specify StandardOut. Apply the rule to Calls to Numbers with a length: 10. For Route 1, choose Generic SIP Trunk as the Destination. Click OK to save the new rule.

For the second rule, choose Outbound Rules → Add. For Rule Name, specify StandardInt. Apply the rule to Calls to Numbers with a length: 3. For Route 1, choose Generic SIP Trunk as the Destination. Click OK to save the new rule.

If you already have configured a 3CX smartphone client for one of your 3CX extensions, you now should be able to dial any 3-digit or 10-digit number and have the call processed through your new 3CX→RasPi trunk without any further setup assuming you’ve created a Google Voice trunk on the Raspberry Pi side. That wasn’t too hard, was it?

Routing Incoming Google Voice Calls to 3CX

Depending upon your own requirements, you may want to route incoming Google Voice calls or other trunks directly to an extension and/or softphone on your 3CX server. You obviously could set up multiple trunks of any type on the Raspberry Pi side and have the calls to each trunk routed to a different extension or softphone on the 3CX side. To enable this on the 3CX side, edit your Generic SIP Trunk and click the DIDs tab. Then Add each of the 10-digit DIDs of the Raspberry Pi trunks you wish to redirect. Next, create an Inbound Rule for every DID and tell 3CX where to route the calls.

On the Raspberry Pi side, add each of your Google Voice Trunks. Then create an Inbound Route for each DID and specify the Destination as Trunks → Remote (sip). The 3CX server will take care of routing the various incoming calls to each of the Google Voice trunks to its predefined extension and/or softphone. Enjoy!

Originally published: Monday, March 6, 2017




blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. A simpler Bridge setup is available in the paid versions of 3CX. []

VoIPtopia 2017: Choosing the Best, Free VoIP Platform


blank

[iframe-popup id="6″]
Once a year we like to step back and survey the latest and greatest VoIP developments for the coming year. And 2016 was certainly filled with surprises including the release of free versions of 3CX sporting the PIAF5 and Elastix 5.0 monikers. That, in turn, produced a wave of FUD from our friends at Sangoma® urging users to return to their open source roots. But guess what? Sangoma was pitching their FreePBX Distro®, another closed source product just like 3CX. Sure, the Sangoma distro has open source components… just like 3CX and your car for that matter. But it’s disingenuous to diss other products because they’re closed source platforms when yours is too. So today we want to cut through the sales pitches and compare apples to apples while offering our Elastix friends this New Year’s Day Resolution:

Ignore the Hype! Look Before You Leap and Avoid Jumping from the Kettle into the Fire.


NEWS FLASH: For PIAF3 and Incredible PBX users who have registered on the PIAF Forum, you’ll be getting an invitation to upgrade to the 8-simultaneous-call 3CX commercial platform at no cost. In addition to unlimited extensions, this one-year license adds unlimited SIP trunks and gateways, 10-participant conferencing, G.729 support, custom FQDNs, BLF support, Call Parking, Call Queueing, Call Pickup, Call Recordings and Management, Call Reporting, Intercom/Paging, remote 3CX bridging support, as well as an integrated fax server and Office 365 and Microsoft Outlook integration. If you haven’t already joined the PIAF Forum, there’s still time. But you’d better hurry.

Choosing a VoIP platform is partially a subjective decision, but there also are some glaring red flags to consider. We suggest you begin by deciding whether your preferences include any must-have’s. Do your requirements mandate an open source solution? Do you need text-to-speech and voice recognition? Does the platform have to include Asterisk®, or are you open to alternatives? Does the operating system have to be Linux-based and, if so, must it be CentOS, Debian, or Ubuntu? If you’ll be using SIP phones, must the platform include phone provisioning software for your phones, or is the ability to purchase it as an add-on sufficient? Is paid support important in making your platform decision and how much are you prepared to pay? Are automatic or pain-free software updates critical in making your selection? Is migration from an existing platform a factor? Does a preconfigured, secure firewall matter, or are you prepared to do it yourself or take your chances? Before choosing to ignore security, read last month’s RIPS analysis of FreePBX®. Here’s a snippet from the article. Read it carefully. It’s your phone bill.

Since FreePBX is written completely in PHP, we decided to throw it into our code analysis tool RIPS. The results were more than surprising…

blank

The total amount of detected vulnerabilities is very high. Luckily, the majority of the detected vulnerabilities are inside the administration control panel, such that attackers either need to steal a valid account or they have to trick an administrator into visiting a malicious website that triggers one of the critical vulnerabilities. For example, a remote command execution vulnerability could be triggered by a less critical cross-site scripting vulnerability. By chaining both vulnerabilities, the severity is increased drastically and can lead to full server compromise.

In choosing which platforms to include today, we eliminated platforms which we considered too complicated for the average new user to configure. We also eliminated any platform that did not offer at least a free tier of service with a reasonably complete feature set as part of their offering. If we’ve inadvertently missed one of your favorites, please feel free to leave a comment, and we will consider including it as well. Happy Hunting!

VoIP Platform Feature Summary

Aggregation: FreePBX Distro a.k.a. AsteriskNOW
License: Closed Source
VoIP Platform: Asterisk 13/14
GUI: FreePBX GPL and Commercial modules
O/S: CentOS-clone
Phone Provisioning: Open Source (minimal) or Commercial
Text-to-Speech/Voice Recognition: Optional/No
Software Updates: Manual
Migration Tools: Yes
Security: Fail2Ban + User-Configured Firewall
Security Rating (as delivered): see above
Comments: Extensive commercial NagWare preinstalled

Aggregation: Incredible PBX for Wazo
License: GPL3 Open Source
VoIP Platform: Asterisk 14 RealTime
GUI: Wazo GPL3 modules
O/S: Debian 8
Phone Provisioning: Extensive Open Source
Text-to-Speech/Voice Recognition: Yes/Yes
Software Updates: Automatic or 2-minute Manual
Migration Tools: No
Security: Fail2Ban + Preconfigured Firewall
Security Rating (as delivered): Secure WhiteList
Comments: High Availability & Call Center GPL3 Modules

Aggregation: Ombutel
License: Closed Source
VoIP Platform: Asterisk 13
GUI: Ombutel with external module support
O/S: Debian 8
Phone Provisioning: Closed Source
Text-to-Speech/Voice Recognition: No/No
Software Updates: Manual
Migration Tools: No
Security: FaiL2Ban + Do-It-Yourself Firewall
Security Rating (as delivered): Insecure

Aggregation: PIAF5 powered by 3CX
License: Closed Source
VoIP Platform: 3CX
GUI: 3CX
O/S: Debian 8
Phone Provisioning: Extensive Closed Source
Text-to-Speech/Voice Recognition: No/No
Software Updates: Semi-Automatic
Migration Tools: Yes
Security: Fail2Ban + Preconfigured Firewall
Security Rating (as delivered): Secure
Comments: Free upgrade provides unlimited SIP trunks with 8 simultaneous calls

Aggregation: Elastix 5.0 powered by 3CX
License: Closed Source
VoIP Platform: 3CX
GUI: 3CX
O/S: Debian 8
Phone Provisioning: Extensive Closed Source
Software Updates: Semi-Automatic
Migration Tools: Yes
Security: Fail2Ban + Preconfigured Firewall
Security Rating (as delivered): Secure
Comments: Free version limited to one SIP trunk & 8 simultaneous calls

Aggregation: Incredible PBX 3
License: GPL2 Open Source
VoIP Platform: Asterisk 13
GUI: FreePBX GPL modules only
O/S: CentOS 6/7, Ubuntu 14, or Raspbian 8
Phone Provisioning: Open Source (minimal)
Text-to-Speech/Voice Recognition: Yes/Yes
Software Updates: Automatic
Migration Tools: Yes
Security: Fail2Ban + Preconfigured Firewall
Security Rating (as delivered): Secure WhiteList
Comments: FreePBX GPL modules only; module signature verification disabled1

Aggregation: Elastix 4.0
License: Open Source GPL
Platform: Asterisk 13
O/S: CentOS 7
Phone Provisioning: Open Source
Text-to-Speech/Voice Recognition: No/No
Software Updates: Semi-Automatic
Migration Tools: No
Security: Fail2Ban + Unconfigured Firewall
Security Rating (as delivered): Insecure
Comments: Currently unavailable but fork announced

Aggregation: PIAF3
License: Open Source GPL with Closed Source Installer
Platform: Asterisk 11/13
O/S: CentOS 6
Phone Provisioning: Open Source (minimal)
Text-to-Speech/Voice Recognition: No/No
Software Updates: Manual
Migration Tools: No
Security: Fail2Ban + Unconfigured Firewall
Security Rating (as delivered): Insecure
Comments: No longer maintained

Published: Sunday, January 1, 2017


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. See RIPStech article explaining why FreePBX module signature verification is a very dangerous methodology. []

If It Walks Like a Duck and Quacks Like a Duck, Guess What?


blank

WOW! When we started our 2016, The Year of (real) VoIP Choice series, little did we know everything that was about to unfold. It’s been an interesting last few months in the VoIP community with the introduction of PIAF5 and Elastix 5.0 and Ombutel and ThirdLane and this week’s XiVO fork to Wazo. But, stay calm. There is a bright light at the end of this tunnel. You now have MORE FREE VoIP PBX CHOICES than ever before. And every one of them is a rock-solid performer. If the word "commercial" sends shivers through your spine, then Ombutel and this week’s new Incredible PBX for Wazo introduction will make this a very bright holiday season for you. If commercial backing with 24/7 support is your cup of tea, ThirdLane’s free offering includes 10 extensions with full product functionality while PIAF5’s free edition includes unlimited extensions with 8 simultaneous calls, a 5-user conferencing module, a SIP trunk of your choice… and No NagWare! 3CX1 also has made a generous offer for those of you that want to start your own business. You can sign up as a reseller, obtain a full NFR product license, and get free training! And, reportedly, a new Asterisk® VoIP Gateway to 3CX is in the works that will let you tie your existing Asterisk-based PBX directly to 3CX giving you the best of both worlds.2 What’s not to like?

We often wonder why more Fortune 500 companies haven’t adopted open source VoIP solutions when their organizations have computer rooms full of Linux servers. If this election season taught us anything, it’s this. You can learn an awful lot about people in just 140 characters. Here’s a snippet of our exchange last week with the Digium® Chief Technology Officer and Sangoma® Vice President which speaks volumes:

What’s really crazy is these same individuals have no qualms pitching THEIR proprietary software and THEIR proprietary phones while playing dumb. So how do you square the rhetoric with the fact that SwitchVox® AND AsteriskNOW® and the FreePBX Distro® are all closed source ISOs. One has to ask where was the moral outrage when the FreePBX® devs sold out to SchmoozeCom® and then to Sangoma® or when they turned the FreePBX ISO into a closed source product. That, of course, was different because it was money in their pockets, not to mention cushy new full-time jobs singing the praises of "open source." But nobody wants to talk about any of that. In the real estate business, these guys are called NIMBYs, an acronym for "Not In My Back Yard." They’re all for change as long as it doesn’t affect their own neighborhood and pocketbook. To translate it into VoIP-speak, these are the folks that would prefer you stick with THEIR code generator and buy boatloads of THEIR commercial, closed source modules and THEIR proprietary phones. To everyone else, keep off our playground! Make no mistake. It’s all about the money!

Not surprisingly, a virtually identical feature set is provided at no cost on the ThirdLane and 3CX platforms. So be sure to compare apples to apples and ignore the rants. After all, IT’S YOUR CHOICE. Kick the tires of all the products and choose the platform that best meets your needs and those of your organization. I’m reminded of an old legal adage: "When the facts are on your side, pound the facts. When the law is on your side, pound the law. And when neither is on your side, pound the table." Those that want to distract you from considering the merits of other products by launching attacks on their competitors are little more than table pounders. So consider the source especially when some of the loudest and most vocal members of the fan club are on the payroll hiding behind a cloak of anonymity. None are innocent bystanders. It’s all about the money!

So… are there any Asterisk®-based products that really are released under an open source license? Actually, there are several. The Incredible PBX platforms for CentOS, Ubuntu, and Raspbian as well as the Incredible PBX 13 ISO are all open source products that include the latest LTS version of Asterisk. And then there’s Incredible PBX for XiVO and (NOW!) Wazo, two virtually identical GPL3 platforms that feature an Asterisk real time environment with a more sophisticated GUI and full API support. We’ll have more to say about the latest Wazo release featuring Asterisk 14 later this week. Stay tuned!

Why Incredible PBX? Glad you asked. Here’s my short answer from the PIAF Forum:

The inspiration for Incredible PBX was to save people the unbelievably steep learning curve we endured when first starting to use Asterisk over a decade ago. And, frankly, the developers liked it that way because many of them made a living configuring Asterisk for people that didn’t know what they were doing.

What you get with Incredible PBX?

  1. You get a secure server out of the starting gate unlike any other distro.
  2. You get all the tools and samples to learn how to do anything with Asterisk.
  3. You get a working system out of the box that can make and receive FREE calls.
  4. You get a pure open source GPL platform with No Gotchas and No NagWare.

What you don’t get with Incredible PBX?

A college degree in telecommunications or network administration without actually doing the work. Yes, it’s hard. But, with Incredible PBX, it can also be fun AND safe.

Published: Monday, December 12, 2016


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


Coming Soon to Nerd Vittles: The Autonomous Car




 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

  1. 3CX and Vitelity are Platinum Sponsors of Nerd Vittles. Thank you! []
  2. Rumor has it another terrific 3CX offer is coming soon, but we won’t spoil the Christmas surprise. blank []

VoIPtopia: Google Services with Incredible PBX and PIAF5

Lips from Google It’s been a while since we provided a fresh look at Google Voice, Google SMS messaging, and Google’s Speech Recognition labyrinth which have been integral components of Incredible PBX for many years. For those living in the United States, here’s a soup-to-nuts tutorial to get all of the services deployed quickly on any Incredible PBX platform including XiVO and Elastix as well as on the new freeware releases of Ombutel and PBX in a Flash 5 powered by 3CX. On most of the platforms, you can deploy Google Voice services directly; however, with PIAF5, Elastix, and Ombutel you’ll need to set up a SIP trunk using the Simonics SIP to Google Voice gateway to take advantage of free calling in the U.S. and Canada with Google Voice.

Implementing Google Voice with Incredible PBX

Before you can obtain Google Voice service to make free calls in the U.S. and Canada, you’ll need several things: (1) a Google account, (2) access to a computer with an IP address in the United States, and (3) a U.S. phone number to verify your residence for Google Voice.

To get started, sign up for a Gmail account here:

blank

Once your Gmail account is created, click Allow and then Allow and Remember when prompted whether to Allow Gmail to run "Google Talk."

In a separate tab of the same browser, go to Google Voice to sign up for an account. Begin by choosing whether to obtain a new phone number for Google Voice or whether you wish to use an existing mobile phone number that you already own. Next, choose a forwarding phone number which will ring when your Google Voice number is called. NOTE: You do not need to keep this activated on your account once it is completely set up. Be advised that Google also plays games with certain phone numbers such as pretending to ring them when, in fact, they haven’t placed a verification call at all. This usually is because of prior abuse of the number with the Google Voice service or because you’ve gotten greedy and signed up for too many free numbers. If a number doesn’t work for verification, you’ll need to choose another number. And it’s usually a good idea to create additional Google Voice accounts from different IP addresses. Once you complete the verification step, you can choose a phone number in an area code of your choice. Same thing holds for picking phone numbers. If you get error messages saying to "try later," what Google is really telling you is you’re a greedy bastard. Set up additional Google Voice numbers from a different computer using a different IP address and chances are the problem will go away. It did for us. 😉

Once you have your new Google Voice number, Google will drop you into the Voice Inbox. Ignore offers to activate, enable, or do anything else with Hangouts. Otherwise, you may kill the ability to use your new Google Voice number with Asterisk®.

blank

Click on the Settings Gear icon in the upper-right corner of the window. In the Phones tab, make certain that (1) Google Chat is enabled and (2) your forwarding phone number is disabled:

blank

In the Calls tab, make it look like this for proper Google Voice operation with Asterisk:

blank

You now have a basic Google Voice setup on the Google side to support Asterisk calling. But the default setup uses plain-text passwords for your Google Voice account, and this is not only a security issue, but it also will cause problems if you move your Google Voice account to a different computer. For that reason, we strongly recommend setting up OAuth 2 authentication for your Google Voice account.

Obtaining an OAuth 2 Token for Google Voice

To deploy Google Voice with OAuth 2 authentication on the Incredible PBX platforms that support direct connections to Google Voice (Incredible PBX 13 and Incredible PBX for XiVO), you will first need to obtain an OAuth 2 Refresh Token from Google. On the remaining platforms that require a SIP account using the Simonics SIP to Google Voice gateway (PIAF5 powered by 3CX, Ombutel, and Elastix), you can skip this section since the Simonics site will obtain the refresh token for you as part of the signup process.

While you’re still logged into your Google Voice account, you need to obtain a refresh_token which is what you’ll use instead of a password when setting up your Google Voice accounts with Incredible PBX 13 and Incredible PBX for XiVO. Here’s how.

1. Be sure you are still logged into your Google Voice account. If not, log back in at https://www.google.com/voice.

2. Go to the Google OAUTH Playground using your browser while still logged into your Google Voice account.

3. Once logged in to Google OAUTH Playground, click on the Gear icon in upper right corner (as shown below).

blank

  3a. Check the box: Use your own OAuth credentials
  3b. Enter Incredible PBX OAuth Client ID:

466295438629-prpknsovs0b8gjfcrs0sn04s9hgn8j3d.apps.googleusercontent.com

  3c. Enter Incredible PBX OAuth Client secret: 4ewzJaCx275clcT4i4Hfxqo2
  3d. Click Close

4. Click Step 1: Select and Authorize APIs (as shown below)

blank

  4a. In OAUTH Scope field, enter: https://www.googleapis.com/auth/googletalk
  4b. Click Authorize APIs (blue) button.

5. Click Step 2: Exchange authorization code for tokens

  5a. Click Exchange authorization code for tokens (blue) button

  5b. When the tokens have been generated, Step 2 will close.

6. Reopen Step 2 and copy your Refresh_Token. This is the "password" you will need to enter (together with your Gmail account name and 10-digit GV phone number) when you add your GV trunk in Incredible PBX 13 GUI. On the XiVO platform, log into your server as root and run: /root/add-gvtrunk. Store this refresh_token in a safe place. Google doesn’t permanently store it!

7. Authorization tokens NEVER expire! If you ever need to remove your authorization tokens, go here and delete Incredible PBX Google Voice OAUTH entry by clicking on it and choosing DELETE option.

Switch back to your Gmail account and click on the Phone icon at the bottom of the window to place one test call. Once you successfully place a call, you can log out of Google Voice and Gmail.

Yes, this is a convoluted process. Setting up a secure computing environment often is. Just follow the steps and don’t skip any. It’s easy once you get the hang of it. Sleep well.

Configuring Google Voice Trunks with Incredible PBX

The setup procedure differs a bit with Incredible PBX for XiVO and Incredible PBX 13.

With Incredible PBX for XiVO, log into the Linux CLI with your root credentials and run: /root/add-gvtrunk. Enter your Google email address, refresh token, and 10-digit Google Voice number when prompted. Follow the instructions which appear when the script finishes, and you’ll have a functioning Google Voice trunk in less than a minute.

With Incredible PBX 13, log into the Incredible GUI as admin using a web browser. Choose Connectivity -> Google Voice -> Add Account and fill in your Google Username, Refresh Token, and 10-digit Phone Number. Check the Add Trunk and Add Outbound Route check boxes. Then click Submit. Create an Inbound Route to tell Asterisk how to route incoming calls to your 10-digit DID. Finally, log into the Linux CLI as root and restart Asterisk: amportal restart.

Simonics SIP to Google Voice Gateway Setup

There’s a one-time fee of $4.99 to use the Simonics gateway if you take advantage of the Nerd Vittles signup link. All remaining Google services are free. You obviously can use the Simonics gateway with almost any PBX that supports SIP trunks, but it’s particularly well-suited for PBXs that don’t natively support Google Voice with OAuth 2 authentication such as PIAF5, Ombutel, and Elastix. To get started, you’ll need to set up an account at Simonics using your existing Google Voice credentials.

1. Using your favorite browser, log in to the Google Voice account you wish to associate with the Simonics SIP gateway. Be sure that you’ve enabled Google Chat in your Google Voice setup.

2. Using a separate tab of your browser, connect to the Simonics Google Voice Gateway site.

3. Go through the steps to register your Google Voice account with the Simonics Google Voice gateway and obtain your credentials.

blank

4. For those using PIAF5, Ombutel, or Elastix, use another tab of your browser to open the GUI interface and create a new SIP trunk using your new Simonics SIP login credentials. With Incredible PBX 13, here’s the drill. Replace 8005551212 with your actual Google Voice number and YOUR-SIP-PW with your actual Simonics SIP password in BOTH the PEER Details and Registration String. Add your Google Voice number to the end of the Registration String like this: GV18005551212:YOUR-SIP-PW@gvgw.simonics.com/8005551212

blank

5. Regardless of PBX platform, the next step is to create an Inbound Route for your incoming calls using either your Simonics username or the 10-digit number you entered at the end of the Registration String in step #4a. This obviously depends upon your PBX platform.

6. Create an Outbound Route for outgoing calls that should be handled by your Google Voice trunk. The CallerID number will be your Google Voice number. You cannot change it.

7. If you’d prefer to send incoming calls from the Simonics gateway to a designated SIP URI instead of the server that registered with the Simonics gateway, enter the address in the format: pbx@myserver.xyz. For additional details, read our previous article on SIP URIs.

SMS Messaging with Google Voice

On the Incredible PBX 13 and Incredible PBX for XiVO platforms, the python setup to support SMS messaging through Google Voice is already installed. On the PIAF5, Ombutel, and Elastix platforms, you’ll first need to install it. Here’s how.

Log into your server as root using SSH or Putty and issue the following commands to install the Google Voice CLI tools:

cd /root
apt-get -y install python-setuptools
wget http://incrediblepbx.com/install-gv-cli
chmod +x install-gv-cli
./install-gv-cli

Before the SMS messaging tools will work, there are two preliminary steps that you must complete on every platform. This is because SMS messaging with python uses plain-text passwords for Google Voice, and Google imposes new hoops that you must jump through in order to continue to use such passwords. While logged into your Google Voice account with a browser, click on this link to Enable Less Secure Apps. Next, click on this link to Activate the Google Reset Procedure. You now have a couple of minutes to actually connect to your Google Voice account from your new server using plain text passwords. This will WhiteList the IP address of your server. So let’s send an SMS message quickly so that everything gets squared away.

To Send an SMS Message Blast to one or more destinations, (1) create a message in /root/smsmsg.txt, (2) specify the SMS numbers in /root/smslist.txt, (3) insert your Google credentials (using your plaintext Google Voice password) in /root/smsblast, and (4) run /root/smsblast to send the message.

Implementing Google’s Speech Recognition API

Speech Recognition currently works with Incredible PBX 13 and Incredible PBX for XiVO only. But we’ll be collaborating with the 3CX folks to bring it to their platform soon. All of the necessary components to use speech recognition for voice dialing from the AsteriDex phonebook (411) and to take advantage of the Siri-like Wolfram Alpha service (4747) already are in place with Incredible PBX 13. While voice dialing works great with XiVO, Wolfram Alpha is just around the corner on the XiVO platform. Before you can actually use voice recognition, you’ll need a Google API key since Google handles the speech-to-text translation on the Asterisk platform thanks to Lefteris Zafiris’ terrific speech-recog AGI script. Here’s a revised step-by-step tutorial to get your API key from Google and activate it on your PBX.

Place a test call by dialing 4-1-1 and saying "Delta Airlines" when prompted. You should be connected to Delta’s reservation system. Enjoy!

Published: Monday, November 14, 2016


blank
Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 



Some Recent Nerd Vittles Articles of Interest…

Free At Last: Introducing PBX in a Flash 5

blank

Today is a big day. We are thrilled to introduce PBX in a Flash 5 powered by 3CX®. As many of you know, 3CX has been a platinum sponsor of Nerd Vittles for quite some time so this may not be a complete surprise. The good news is a new Debian-based PIAF5 ISO is now available to ease the installation process for those getting their feet wet with Linux for the first time. Debian 8 is a terrific Linux distribution used in the very best server products.

The most important change is the transition from Asterisk®/FreePBX® to 3CX. Say what, 3CX? Isn’t that a commercial product? Yes, but PIAF5 remains free for up to 8 simultaneous calls with a SIP trunk as well as 5-user web conferencing. That’s sufficient to support about 25 employees and represents a very large segment of the existing PIAF installed base. While the code is not open source, it is standards-based. Keep in mind that neither Sangoma’s FreePBX Distro® nor Digium’s AsteriskNOW® product is open source software either. When Digium decided to adopt the Sangoma business model, we decided to take a fresh look at the Unified Communications landscape. Navigating Sangoma’s licensing labyrinth coupled with the commingling of GPL modules and nagware for dozens of commercial VoIP components plus a closed source ISO was no longer an acceptable business model for us.

Some of our users prefer open source code, and we will continue to enhance Incredible PBX for XiVO in the grandest GPL tradition. But others wanted a product that offered 24×7 commercial support, and we’ve heard you loud and clear. After carefully reviewing available UC offerings, 3CX was the hands down winner in the commercial sector. Frankly, our only reservation was its Windows platform requirement. PIAF5’s new Debian ISO solves that.

blank

In reality, what matters to users are reliability, support, upgradeability, and ease of use. 3CX has all of them in spades not to mention a feature set that is second to none. And now it’s available on the Debian platform with PIAF5.

We know some are wondering how 3CX became the new PIAF5 platform. So let’s start there.

First, the 3CX installed base includes almost 100,000 companies. That’s not downloads. And it’s not hobbyists. It’s entire companies that are actively using and relying upon 3CX for their day-to-day operations. Simply stated, 3CX is a proven, stable, and dependable product that you’d be willing to stake your business on. Many have including some of the world’s finest corporations. Stay tuned for a special PIAF5 hosting offer from our friends at Vitelity!

blank

Second, 3CX is incredibly flexible, easy to configure, and simple to manage. Whether you’re new to PBXs or a diehard telecom guy, you’re in for a pleasant surprise when you see how intuitive 3CX is to set up and manage. Nothing comes close in the open source world.

Third, the 3CX feature set is impressive. You won’t be nickel and dimed for every component you wish to add. While there are standard and enterprise editions of 3CX as well, we think you’ll find the free version has the vast majority of components you would expect to find in any PBX, particularly for use in a home or small business. But don’t take our word for it. Review the 3CX feature comparison chart, and you can judge for yourself.

Last but not least, support is dirt cheap for end-users and free for resellers. We hope many of our long-time gurus will consider signing up as 3CX resellers and make yourself some money after all of these years wrestling with FreePBX. You won’t be disappointed!

PIAF5 deploys on premise with Linux-compatible, local hardware, or you can set it up as a virtual machine, or you can install it in the Cloud using most Linux VPS providers including Google, OVH, Digital Ocean, and Vultr. Use our referral links and take PIAF5 for a free or almost free spin for a few months while supporting Nerd Vittles. You have nothing to lose!

So there you have it. We think it was worth the wait. We encourage everyone to try out PIAF5 for yourself. And, just to repeat, Incredible PBX for XiVO isn’t going anywhere. It will remain our featured open source, GPL alternative as we move forward. And now you have a Real Choice in free alternatives with the best of both worlds, commercial and open source.

blank

Getting Started with PIAF5 on Dedicated Hardware or a Virtual Machine. If your platform supports ISO installs, here are the simple steps to get PIAF5 up and running. First, download the PIAF5 ISO and burn it to a CD or thumb drive. Second, obtain a free license key for 3CX. Next, boot your server from the ISO image and walk through the Debian setup process. We recommend 2GB of RAM and a 20GB drive for PIAF5, but it will run on even a minimal CloudAtCost server. When the install is finished, make note of the IP address to access with a web browser to complete the setup. Enter your 3CX license key when prompted. Set up a SIP trunk with inbound and outbound call routes. Once you have the ISO and your license key in hand, the installation procedure takes less than 10 minutes.

Getting Started with PIAF5 in the Cloud. Begin by setting up a 64-bit Debian 8 platform. Obtain a free license key for 3CX. Once your Debian install is finished, log in as root using SSH or Putty and issue these commands. NOTE: What appears as the third line below needs to be added to line #2!

wget -O- http://downloads.3cx.com/downloads/3cxpbx/public.key | apt-key add -
echo "deb http://downloads.3cx.com/downloads/3cxpbx/ /" | tee /etc/apt/sources.list.d/3cxpbx.list
apt-get update
apt-get install 3cxpbx

When the initial setup finishes, choose the Web Interface Wizard and complete the install using your favorite web browser. Enter your 3CX license key when prompted. Set up a SIP trunk with inbound and outbound call routes. Done.

Configuring Gmail as SMTP RelayHost for 3CX. 3CX has a detailed tutorial explaining how to set up your Gmail account as the SMTP relay host for 3CX. Be advised that there is one additional step before Google will authorize access from an IP address it doesn’t already have for your GMail account. In addition to Enabling Less Secure Apps (as covered in the 3CX tutorial), you also will need to activate the Google Reset Procedure while logged into your Gmail account. Otherwise, Google will block access. Once you have configured Gmail as your relay host and performed the two enabling steps above, immediately test email delivery within the 3CX GUI while Google security is relaxed: Settings → Email → TEST.

blank

Free Calling in the U.S. and Canada with PIAF5. We know our more frugal U.S. residents are wondering if there’s a way to make free calls even with 3CX. You didn’t really think there would be a release of PBX in a Flash without Google Voice support, did you? It’s easy using the Simonics SIP to Google Voice gateway service. Setup time is about a minute, and the one-time cost is $4.99 using this Nerd Vittles link. Setup instructions for the 3CX side are straight-forward as well, and we’ve documented the procedure on the PIAF Forum.

blank

Free Calling Worldwide with SIP URIs. There’s another free calling option as well. PIAF5 and 3CX support worldwide SIP URI calling at no cost. As part of the PIAF5 install procedure, 3CX registers an FQDN for you with one of the 3CX domains if you indicate that your server has a dynamic IP address. Unless you really know what you’re doing with DNS, it’s a good idea to tell 3CX you have a dynamic IP address whether you do or not. Here’s why. Once you have an assigned FQDN in the 3CX universe, one very slick feature is the ease with which you can publish a SIP URI address for any or all of your 3CX extensions thereby allowing PIAF5 users to receive calls from any SIP client worldwide at no cost. Setup takes less than a minute. It’s as easy as 1-2-3. Here’s how:

1. Login to the 3CX GUI and go to Settings → Network → FQDN. Tick "Allow calls from/to external SIP URIs" and make note of your FQDN, e.g. mypiaf5server.3cx.us. Click OK.

2. For an extension to enable (e.g. 001), go to Extensions → Edit 001 → Options → SIP ID and create any desired SIP URI alias for this extension, e.g. billybob. Click OK.

3. Anyone with a SIP client anywhere worldwide can now call extension 001 using SIP URI: billybob@mypiaf5server.3cx.us.

SMS Messaging with PIAF5 and Google Voice. Just to demonstrate why you’re going to love the new PIAF5 platform, here’s a sneak peek at one of many applications which are on the way with Incredible PBX for PIAF5. Meet SMS Messaging. First, complete the two Google enabling steps documented in the Gmail SMTP RelayHost section above: Enable Less Secure Apps and Activate Google Reset Procedure. Then install the Google Voice CLI tools as root:

cd /root
apt-get -y install python-setuptools
wget http://incrediblepbx.com/install-gv-cli
chmod +x install-gv-cli
./install-gv-cli

To Send an SMS Message Blast to one or more destinations, (1) create a message in /root/smsmsg.txt, (2) specify the SMS numbers in /root/smslist.txt, (3) insert your Google credentials into /root/smsblast, and (4) run /root/smsblast to send the message. Enjoy!

Published: Wednesday, October 19, 2016




 

Special Thanks to Our Generous Sponsors


FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.

blankBOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.

blankThe lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.

blankVitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
 

blankSpecial Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
 


Some Recent Nerd Vittles Articles of Interest…