Home » Posts tagged 'piaf' (Page 20)
Tag Archives: piaf
VoIP Prioritizing The World’s Best Traveling Phone
We follow a lot of really smart geeks on Twitter. As you might imagine, there’s a good bit of chatter about the world’s best cellphones. About half are die-hard iPhone users, and the rest are all over the map. Our iPhone is now a glorified iPod and, when you finish reading today, you’ll understand why.
What always has set Macs apart from PCs in our humble opinion is flexibility. So why is it that Apple has gone out of its way to strip that feature from the iPhone? Well, we all know the answer. AT&T and the iTunes Store. Or in a word, money. So what’s missing? For openers, there’s no tethering, the ability to connect your PC to your cellphone when the power goes out so you can send an emergency message or check on your servers at work. And then there’s free calling: the ability to place free SIP calls or Google Voice calls using your cellphone from almost anywhere. And then there’s the money thing. If you’ve traveled to foreign countries with an AT&T-powered iPhone, we don’t have to finish this story. For everyone else, let’s just say the cost of using your iPhone in a foreign country or on a cruise ship is stratospheric.
We’ve watched our friends and colleagues purchase all sorts of add-on gizmos to make up for the shortcomings in the iPhone. These have included secondary cellphones and more recently the MiFi devices which let you pay one of the companies in the American cellphone oligopoly another $60++ per month to tether your notebook and netbook to the cellular data network. Let’s get this straight. We pay a cellphone provider for an unlimited data plan as part of our service, but to transmit data to or from our PC through the plan, add another $60 a month for another data plan with a bandwidth cap. Huh? This is for a service that most of us use intermittently and would prefer to never use because of the lousy performance. Here’s our #1 traveling rule. Never stay in a hotel that doesn’t have WiFi, period. Why would you? The one next door has it!
So let’s go about this by the book… with a requirements analysis first! We want a cellphone that makes cellular calls from most locations, and we want the ability to decide which cell provider we use depending upon where we are. We want the option to make phone calls through our own SIP provider, or Asterisk® server, or Google Voice whenever we feel like it with or without a Wi-Fi connection. And, of course, we want VoIP Prioritization. This means we want our cell phone to prioritize incoming and outgoing calls by attempting to use VoIP services first, cellphone carrier second. Good luck with that one! We also want to be able to check our email using POP3 or IMAP servers. And, when we need to send or receive something on our notebook computer and there’s no WiFi around, we want our cellphone to provide data connectivity. We’re not going to be downloading movies and 1,000-page books all day long. We just want to get an important file attachment from the office so we can read it on a normal screen. And, finally, we’d like a QWERTY keyboard for messaging, and we want to be able to change our own battery, add a memory chip, and swap out SIM cards whenever we’d like. And the music, camera, and GPS functionality would be nice-to-haves on a phone.
Is this so hard? Well, if you’re in the United States and you’re planning to purchase a phone through Sprint, T-Mobile, AT&T, or Verizon to get one of those sign-away-your-life phone discounts, the answer is IMPOSSIBLE! And, to those that are chomping at the bit to tell us how they’ve accomplished some of these miracles with their hacked iPhone, let me just remind you that Apple considers it a national security threat to hack your iPhone thus explaining why Apple also considers it honorable to brick your hacked iPhone at any time despite the fact that you paid for it. Ask yourself if you really want to invest your cellphone dollars with a company spewing forth this kind of bullshit stuff.
And the answer is…
The unlocked U.S. version of the Nokia E71 costs $289.99 at NewEgg, and it’s worth every penny. We’ve been using ours all day, every day for the better part of a year. We’re not going to do a full review of the phone when there’s already an excellent one out there. Start with the allaboutsymbian review and then pick up again here. What isn’t covered in that review is the critical component that we believe sets this phone apart from everything else out there: incredibly simple SIP connectivity and VoIP setup with an Asterisk server because of the native SIP stack and SIP client which is built into the E71’s firmware. And, as you will soon discover, this transforms the E71 into the perfect traveling companion because it makes the E71 just another telephone extension on your home office Asterisk PBX. If secure communications matters, there’s VPN support as well.
Implementing Incoming VoIP Prioritization. Here’s how we’ve set up connectivity to our E71. First, create an extension on your Asterisk server that will be dedicated to remote SIP access from your E71. Let’s use extension 371 in this example. Give it a very secure password because the IP address of your E71 will change as you move from place to place so we can’t really lock down the extension with anything other than a secure password, or you won’t be able to connect. Next, create another extension (372) and forward all incoming calls to that extension to the regular phone number of your E71, i.e. the one provided by your cellphone provider. Then create a Ring Group on your Asterisk server (373) and set up 371 as the only number in the ring group extension list. For the destination if no answer, choose extension 372. Finally, set up your Google Voice number with a destination extension that forwards calls to ring group 373. So the way this will work is that incoming calls to your Google Voice number will ring the SIP connection on your E71 (371) if your E71 is registered to your Asterisk server via SIP. And, when it’s not registered, the calls will be forwarded to the regular phone number of your E71 (372) without any delay since extension 371 isn’t registered with your server. If you get in the habit of searching for WiFi wherever you happen to light and connecting back to your Asterisk server, (as you’ll see, this is a one-click operation), then you’ll have dirt-cheap remote cellphone service on your E71 almost all of the time. And, if you travel to foreign countries, it means that any time your E71 is registered with a WiFi HotSpot, all incoming calls will be free instead of costing an arm-and-a-leg in per minute international roaming fees.
SIP Setup for Nokia E71. John Rogers over at geek.com has written an excellent piece with lots of pretty pictures to show you how to configure your E71 with Asterisk. Rather than reinvent the wheel, here’s the link. It only takes a couple of minutes. We do have a few tips to get you started on the right foot. Make certain that the IP address you enter for your Asterisk server is the public IP address or fully-qualified domain name for your server, not the private IP address inside your firewall. As you roam from one WiFi network to the next, the E71 will automatically configure the phone for the new networks as soon as you choose WLAN Scanning, select a WiFi network, and choose to Connect to your Asterisk server. This is performed from the default screen on your phone so there’s no wading through layer upon layer of menus. After linking and unlinking to different networks about a dozen times, we have found it’s a good idea to shut down the phone, remove the battery momentarily, and then restart the phone. It keeps awkward connect problems from ever occurring. To enable VoIP Prioritization for outbound calling, all you have to do is change one default setting on the Nokia E71: Menu, Tools, Settings, Phone, Call, Default Call Type: Internet Call.
Depending upon your choice of router, using the public IP address of your Asterisk server may cause connectivity issues when you attempt to make a connection through the same WiFi network on which your Asterisk server resides. You can solve this by investing in one of dLink’s Gaming Routers which also provide the necessary tools to prioritize VoIP traffic on your network. Second, make sure you load the latest Nokia firmware for the E71 before you begin configuring your phone. You can check which firmware is installed on your phone by pressing *#0000#. If it’s less than 200.21.118, you need to upgrade, and you’ll need a Windows machine to do it. Here’s the link to Nokia’s upgrade site.
Where To Go From Here. Once you have your E71 performing as a remote Asterisk extension, there are some other must-have’s for your phone. First, you’ll want to purchase JoikuSpot Premium for 15.00€ (about $20). It turns your phone into a WiFi HotSpot whenever you need tethering. Next you’ll want to load Nokia’s OVI store which includes a number of free downloads including Internet Radio, Fring, Nimbuzz, and Web Server. With the web server, you can actually create a blog and let visitors share photos and take pictures using your E71. Try ours to get a taste of what’s available. We think you’ll also find Google Latitude to be a fascinating addition. It lets you produce a free, GPS-enabled map with your current location just like Where In the World Is Nerd Uno. In fact, that map is produced from GPS data generated on our Nokia E71.
A Word of Caution. Finally, we’ll close on a cautionary note. Tempting as it may be to buy Nokia’s latest and greatest cellphone, DON’T! Nokia quietly has dropped the native SIP stack and SIP client on almost all of its newest cellphones presumably to win the love and affection of companies like AT&T. These are the same companies that continue to claim in FCC filings that they have nothing against VoIP on cellphones. The list of VoIP-impaired Nokia cellphones includes the N97 as well as the AT&T-branded E71x. Nokia also has been less than clear about the new N900. Historically, this has meant that SIP functionality has disappeared. So beware of shiny new things… that may not work worth a damn. It’s too bad. Nokia was one of our favorite companies, but it looks like they’re ceding the VoIP technology business to Google’s Android which happens to be next on the Nerd Vittles Radar. Here’s a complete list of Nokia’s SIP-compatible phones. Enjoy!
Enhanced Google Maps. In case you haven’t noticed, we’ve added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We’ll show you how to add something similar to any LAMP-based Linux system in coming weeks. It’s a powerful technology that has enormous potential. If you’re unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!
whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Welcome to IP Country: A New Layer of Asterisk Security
One of the problems with writing a blog like Nerd Vittles is it's more than double the work of your typical blog where a writer pontificates about something and then moves on. What makes Nerd Vittles a little different is that, with help from a number of very gifted developers, we actually create useful applications and then write about how to use them. So you get a bonus for the same low price: free! This obviously imposes some time constraints in order to get fresh material into your hot little hands every week.
This week we turn our attention to Asterisk® Security again and unfortunately the Whole Enchilada is not yet ready. So today you get Chapter I of this topic with a comment that we're still mulling over some enhancements. When those pieces are finished or at least properly evaluated, we'll produce a sequel. Software houses spend years developing applications. And sometimes it takes us more than a week. 🙂
Let's start with a few observations which should be quite obvious to those who have wrestled with VoIP or Asterisk for a while. Internet security is a bitch. And Asterisk security is much, much worse. When a few disgruntled people can bring Twitter to its knees because they're mad about some particular tweet or Twitter user, it tells you what we're all up against. Hate to say it but we can all thank Microsoft for years of security neglect that rendered the Windows operating system less than optimum in preventing the spread and deployment of BOTs. And the tools have gotten more dangerous as well. Strangers (our euphemism for these folks) write new software, too.
If you're using PBX in a Flash (and you really should be!), you know that we've devoted enormous resources to Asterisk security. Two years ago when PBX in a Flash was introduced, the majority of people using Asterisk still were using 1234 as the extension password on all or most of their extensions. A couple $100,000 phone bills and lots of public education, and that situation hopefully is behind us. Two years ago, no Asterisk aggregation included a firewall... except PBX in a Flash. Believe it or not, there were individuals running Asterisk servers on the public Internet with a default root password of password. That added more than a few more BOTs to the Internet kettle of fish. Then there were the brute force password hacks that hit Asterisk servers thousands of times per minute guessing passwords. Nothing stood in the way of these attacks until PBX in a Flash introduced Fail2Ban which automatically blacklisted IP addresses after a certain number of failed login attempts. We followed Fail2Ban with our Atomic Flash product which provided a turnkey Hamachi VPN implementation for rock-solid safe remote computing. And, of course, there was a one-minute Hamachi VPN install script for standard PBX in a Flash systems. No other aggregation has it to this day.
The purpose of the history lesson isn't to crow about PBX in a Flash although we're mighty proud of it. Rather we wanted to make you aware that precious little development effort is actually going into security while enormous resources are devoted to things such as Internet faxing, Skype, and Google Voice integration. We'll be the first to admit that we love the latest gee whiz gizmos as much as anybody. But come on. A handful of us who do this purely for fun somehow manage to turn out loads of security enhancements while huge, for-profit companies are devoting virtually zero resources to making Asterisk, SIP, and the VoIP community safer. SIP is about as secure as whispering at a movie theater. Google releases Google Voice with SIP access protected by a 4-digit password. 🙄 That approach to security needs to change, or we're all going to wake up sorry one day soon. If this is preaching to the choir, then feel free to pass this article on to one of your brethren who has not yet seen the light! Start by reading our Primer on Asterisk Security.
If you have extremely secure passwords on your Asterisk extensions and trunks, and you have deployed a properly configured firewall with Fail2Ban to protect against brute force attacks, then you're ahead of the curve insofar as Asterisk security is concerned. But what we think is still missing is access restrictions based upon what the military calls a "need to know." Simply stated, it means folks shouldn't get access of any kind to your Asterisk server unless they have a need to be there. And, if we find someone there that doesn't belong, they should be kicked off and banned from further access.
So today we have a new security tool for your Asterisk toolbox: IP Country, country-based network filtering by IP address. In a nutshell, it means configuring your Asterisk server to dramatically reduce the number of IP addresses which can reach your server at all. If you receive anonymous SIP connections from all around the globe that you actually need or if you're attacked from a BOT running on grandma's Windows machine down the block, this may not work for you, but it's another tool in your quiver of arrows. For most servers, it has the potential to reduce the vulnerability from random outside threats substantially. It's taken a lot of research to come up with much of what follows, and we want to express our special thanks to Sandro Gauci and Joe Roper for their assistance. Some of this technology has been around for many years, but unfortunately it was expensive. So we also want to express our special appreciation to MaxMind for releasing their open source GeoLite Country database which is now free for downloading. That is the critical ingredient in much of what follows. So here's a word from our sponsor:
This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
Scope of Protection. An obvious question is just exactly what are we trying to protect. In our view, it's several things. First, we don't want strangers logging in to extensions on our server and making free calls around the globe using pilfered or hacked passwords. We also don't want strangers using our extensions to masquerade as us for any other purpose. Second, we don't want strangers randomly calling our server using SIP URI's that they've dreamed up. And third, we don't want strangers accessing any other applications on our server including SSH and FTP as well as web and email services.
IP Country Design. As with other security features in Asterisk, FreePBX, and IPtables, our implementation of IP Country uses permit and deny access tables that consist of authorized and unauthorized ranges of IP addresses. There's also a table with the latest GeoLite Country information which is used as the data source for your permit table. When a connection to the server is made, the IP address is checked against the permit table of authorized addresses. If there's no match, we'll consider the connection a stranger. If there is a match, then we'll check the deny table to make certain this particular IP address hasn't been banned. Unless you alter all of our scripts, your system must be using the default MySQL account name of root with a password of passw0rd. As configured in PBX in a Flash, this is NOT a security risk since MySQL access is limited to your server, and your server requires root credentials to log in.
Today's Objective. To get everyone started, we're going to tackle the first two objectives today. The solutions offered should work fine on any FreePBX-based Asterisk system... even those that hide the existence of FreePBX.
For outgoing calls, we'll introduce a new script which runs periodically to examine the IP addresses attached to every SIP and IAX extension and trunk on your Asterisk server. If a stranger's IP address is identified (as explained above), we'll add an IPtables firewall rule to permanently block access to your server from this IP address. These rules are stored in /etc/sysconfig/iptables should you ever need to remove an IP address that has been blocked. You can adjust the script execution frequency based upon the thickness of your wallet. After all, it's your phone bill. This functionality is mutually independent from the incoming call protection outlined below so you can use either or both of the functions to meet your own requirements. For systems that use enormous numbers of SIP URI's for communications around the globe, you might choose to implement just this piece for extension and trunk IP Country protection without altering your incoming dialplan at all. Keep in mind that FreePBX now supports permit and deny IP address filters on extensions, something you really should be using even if you decide against implementing the IP Country security protection layer.
For incoming calls, we're going to modify FreePBX's existing Blacklist functionality to also look up the calling IP address in our IP Country permit and deny tables. If the IP address is authorized, the call will go through. Otherwise, the call will be treated just as if the caller's number were blacklisted. Be aware that incoming calls to one of your commercial DIDs may reflect the IP address of your provider since the caller may be calling from a Plain Old Telephone rather than an IP address. The existing Blacklist functionality can be used to block these unwanted callers. If you live in the United States, you'll probably also want to call 888-382-1222 and place your DIDs in the Do Not Call database. Just call from a phone using the CallerID of the number you wish to block.
Installing GeoLite Country. To get started, log into your server as root and issue the following commands:
cd /
wget http://bestof.nerdvittles.com/applications/ipcountry/ipcountry.tgz
tar zxvf ipcountry.tgz
rm ipcountry.tgz
cd /root/ipcountry
./nv-ipcountry
Once the nv-ipcountry script begins to run, it will download and install the GeoLite Country database into MySQL. You then will be asked whether to add countries to your permit table. Since your permit table is empty at this point, the answer should be yes. You'll then get a list of country codes. Choose the two-character country code desired and type it in UPPERCASE, e.g. US. If you want to add one or more additional countries, just rerun ./nv-ipcountry and do NOT initialize the permit table (which erases all of its contents).
New GeoLite Country databases are released every month or two so get used to the procedure. You'll be using it periodically to keep your list of IP addresses current. We'll cover the update procedure after we get you up and running.
Remember: If no IP addresses for any country are added to the permit table, you will not be able to make calls or register trunks with your providers! The only default entries added to the permit table are the non-routable, private IP address ranges, e.g. 192.168.0, etc. The geolite table is merely a data repository of the latest GeoLite Country database and has no effect on the daily operation of your system! You use it only as a data source for populating your permit table.
Testing IP Country. Before we actually turn anything on, we need to be sure we're not going to blow your Asterisk system out of the water! In short, we want to make sure that every extension that's supposed to be able to make a connection to your PBX still can. And we need to make sure all of your trunk registrations still are working. While you're still in the /root/ipcountry directory, issue the following command: ./test.sh. This script will display all of your SIP and IAX connections and then will tell you whether each connection will pass muster with IP Country security in place. Each IP address should display ok. If any of them show ko, you have a problem. This means that you have an extension or trunk with an IP address that is not included in your permit table. You can scan through the show peers listings in the display to figure out which providers or extensions are associated with any problem IP addresses. Be sure it's not a bad guy first. Then you have a couple of options. You can either manually add the IP address to the permit table as outlined below. Or you can add additional countries which include the missing IP address(es). To decipher the country of any problem IP address, go to this link and plug in the IP address. Once you've made entries in your permit table to cover all of your needed IP addresses, run the test script again just to be sure everything shows ok. Do NOT proceed until you get all ok's, and don't write us if you do.
Manually Adding IP Addresses to IP Country. We've provided a command-line utility which makes it easy to add IP addresses and address ranges to either the permit or deny tables of IP Country. Be very careful using this tool! There's limited error-checking which means it's easy to create a mess. You'll find iputility.php in the /root/ipcountry folder. Since all IP addresses are stored as integers, you can use it to merely discover the integer value of an IP address, or you can actually insert IP addresses into either the permit or deny tables. Here are a few examples to show how the utility works:
./iputility.php 156.130.20.10
Returns the integer value for this IP address; no database update
./iputility.php 156.130.20.10 156.130.20.255
Returns integer values for this IP address range; no database update
./iputility.php 156.130.20.10 deny
Adds this IP address to IP Country deny table
./iputility.php 156.130.20.10 156.130.20.255 permit
Adds this address range to IP Country permit table)
A couple of points worth noting. First, all custom entries in your permit and deny tables using iputility will show a country code of AA. This makes them easy to find using phpMyAdmin if you make a mistake. Second, if you attempt to enter the same IP address range more than once, you'll get a database error since all entries in the tables must be unique. Third, remember that entries in the deny table take precedence over entries in the permit table. So, if the same IP address or address range is in both tables, access will be denied. The reason for this is to make it easy to exclude a few bad apples from a country that you might otherwise find unobjectionable. Finally, keep in mind that manual entries added to the permit table will have to be added again each time you initialize the table and insert new country IP codes after a GeoLite Country refresh. The deny table is unaffected by database refreshes. So make yourself a list of entries you manually insert into the permit table and keep it in a safe place for future reference.
Activating the IP Address Checker. In the /root/ipcountry directory, you'll find the script that we'll use to check your system periodically to be sure all of the extensions and trunks are registered at permitted IP addresses. To run the script manually, log into your server as root and type: /root/ipcountry/ip-checker.sh. When you run it, you shouldn't see any modifications to IPtables, just a string of ok's. So now we want to added the script as a cron job that will be run periodically to watch your system. Edit /etc/crontab and insert the following line at the bottom of the file:
*/1 means run the script once a minute, all day and night, every day. */5 means every 5 minutes. You make the call on how safe you'd like your system to be. If you'd like to receive an email or text message every time an IP address is blocked by ip-checker.sh, just edit the filecheck.php script, uncomment the two lines that begin with // and replace yourname@gmail.com with your email or text message address.
WARNING: For ip-checker.sh to work properly with IPtables, there are a couple of prerequisites. First, IPtables must be running on your system with the iptables file located in /etc/sysconfig. Second, your IPtables setup must include an SSH permit rule that looks like this:
-A INPUT -p tcp -m tcp --dport ssh -j ACCEPT We use this rule as a place finder to determine where to insert new rules to block stranger's IP addresses. If you don't have the above rule, filecheck.php (used by ip-checker.sh) won't be able to insert new rules. So you'll need to manually edit filecheck.php to provide a "hook" that can be used to insert rules into your iptables file. PBX in a Flash systems come preconfigured to support this. With other aggregations, YMMV!
Activating the Incoming Call Checker. To screen incoming calls using your IP Country permit and deny tables, the setup is straight-forward assuming you are running the latest version of FreePBX 2.5. We're going to adjust the Blacklist context to also perform IP address lookups from IP Country when new calls arrive on your PBX. Just log into your server as root and add the following lines to the bottom of the extensions_override_freepbx.conf file in /etc/asterisk:
[app-blacklist-check]
include => app-blacklist-check-custom
exten => s,1,LookupBlacklist()
exten => s,n,GotoIf($["${LOOKUPBLSTATUS}"="FOUND"]?blacklisted)
exten => s,n,Set(TESTAT=${CUT(SIP_HEADER(From),@,2)})
exten => s,n,GotoIf($["${TESTAT}" != ""]?hasat)
exten => s,n,Set(FROM_IP=${CUT(CUT(SIP_HEADER(From),>,1),:,2)})
exten => s,n,Goto(gotip)
exten => s,n(hasat),Set(FROM_IP=${CUT(CUT(CUT(SIP_HEADER(From),@,2),>,1),:,1)})
exten => s,n(gotip),NoOp(Gateway IP is ${FROM_IP})
exten => s,n,NoOp(IP Country Lookup in Progress...)
; put authorized special calls like sipgate's Google Voice ringbacks below
exten => s,n,GotoIf($["${FROM_IP}"="sipgate.com"]?keepon)
exten => s,n,AGI(nv-ipcountry.php|${FROM_IP})
exten => s,n,GotoIf($["${STRANGER}"="true"]?blacklisted)
exten => s,n(keepon),NoOp(** AUTHORIZED CALLER **)
exten => s,n,Return()
exten => s,n(blacklisted),Answer
exten => s,n,Wait(1)
exten => s,n,Zapateller()
exten => s,n,Playback(ss-noservice)
exten => s,n,Hangup
Make sure you remove the line-wrap in the s,n(hasat) line and any others that may have wrapped in the display above! Then save the file and reload your Asterisk dialplan: asterisk -rx "dialplan reload". You're all set! If you'd like email notices when a stranger calls and is blacklisted, edit nv-ipcountry.php in /var/lib/asterisk/agi-bin. Plug in your actual email address in the $email variable and set $emailalerts = 1.
Housekeeping 101. As we mentioned above, the pool and location of IP addresses continues to change so periodic updates are necessary, or you'll end up blocking calls that otherwise should be permitted. MaxMind updates GeoLite Country on the first day of every month so add it to your TO-DO list. We strongly recommend that you perform these steps through an SSH connection from a remote PC. Why? Because, if you forget step 1 while logged directly into your server, you could inadvertently lock yourself out of your own system if the ip-checker script happens to run while your permit table is empty. If you do it from a remote machine, you can simply move to another machine and follow these instructions properly. Otherwise, you've got a serious problem on your main server. If this server provides phones to your business, do the update when the server is idle. So here's the drill:
- Comment out the ip-checker.sh /etc/crontab entry
- Download new GeoLite Country database from MaxMind
- Initialize the ipcountry.permit table
- Add authorized countries back into ipcountry.permit table
- Add back any custom entries to permit table
- Test your IP Country system to make sure you get all ok's
- Reactivate ip-checker.sh in /etc/crontab
1. Log into your server as root. To comment out the ip-checker.sh line in /etc/crontab, just add # as the first character on the line and save the file.
2. Change to the /root/ipcountry directory and run ./nv-GeoIPrefresh.
3. While still in the /root/ipcountry directory, run ./nv-ipcountry and choose 1-Yes to initialize your ipcountry.permit table.
4. Continue running or rerun ./nv-ipcountry to add each desired country to your ipcountry.permit table.
5. Run ./iputility.php to add custom IP address entries to your ipcountry.permit table. You do NOT need to reenter addresses in the deny table. It is unaffected by this update procedure.
6. Test your system again to make sure all extensions and trunks get an ok by running ./test.sh.
7. Edit /etc/crontab and remove the # at the beginning of the ip-checker.sh line and save the file.
What's Next. We're still exploring another possibility with IP Country, and that is integrating GeoLite Country directly into IPtables. This would validate every packet coming into your firewall using IP Country-like rules in IPtables. If you want to look at how it could be done, see this excellent writeup. Well, not so fast. Unfortunately, it won't compile under CentOS 5.2. Here's a link to the problem code if there are any Linux gurus in the house. Our reluctance in doing this has to do with performance. Keep in mind that, without stateful packet inspection, every single packet coming into your server would presumably trigger a database lookup. On a busy telephony system generating hundreds of thousands of packets per second, it would take a beast of a server with sufficient memory to cache the entire IP Country database in order to handle the processing load. So now we've got to either learn about or find an expert on the IPtables State Machine. If anyone wants to experiment, please share your expertise with the rest of us. There's a Google Voice invite in it for you, too.
whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest...
Introducing the Orgasmatron V, Google Voice Edition
It's been an interesting couple of weeks watching many of our readers flock to Google Voice in order to make free calls in the U.S. and Canada. The only problem with our Google Voice solution was the skill set required to get everything humming along as it should. For those new to the Asterisk® world, it only made sense to create a special installer that would build an Instant PBX.
Check Out the Latest! The Incredible PBX
Coming January 19: Incredible PBX 11 & Incredible Fax for Asterisk 11 and FreePBX 2.11
In putting this together, we couldn't help noticing the dilemma posed on the new FreePBX web site: "Looking for Phone Service? We can't quite give you the phone service for the same price (free) as the PBX..." Well, maybe they can't, but we certainly can thanks to our friends at Google Voice. So today we're pleased to introduce the first Truly Free™ Asterisk PBX. If you've mastered slice-and-bake cookies, you'll have no trouble with today's recipe.
Welcome to the Orgasmatron V Installer, the wonderscript that lets you create a turnkey Asterisk system with free U.S. and Canada calling through Google Voice in less than 15 minutes! When you're finished you'll have a PBX in a Flash system with every bell and whistle on the planet. Not only is the PBX absolutely free but so are all of your outbound and incoming calls throughout the United States and Canada. All you'll need is an Internet connection and any garden variety PC that's less than 3 years old. Or you can splurge and buy yourself a new Atom-based PC or NetBook and have a state-of-the-art PBX that may last you close to a decade. While you'll still need to change a few passwords and plug in some phones, the Orgasmatron V build reduces the Asterisk learning curve to almost zero. Out of the box, email works. Faxing works. ENUM works. And free calling in the U.S. and Canada works. Just plug in your Google Voice credentials, and you can start placing calls to every phone in the U.S. and Canada for free in just a few minutes.
For those that are wondering what's included in the Orgasmatron V build, here's a feature list of the components you get in addition to the base PBX in a Flash build with Asterisk 1.4, FreePBX 2.5, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin:
- AsteriDex
- CallerID Superfecta (FreePBX Module)
- CallWho for Asterisk
- Cepstral TTS (installer script only)
- Email That Works with SendMail
- Extensions (15 preconfigured)
- Fax Module using nvFax
- FONmail
- FreePBX Backups
- Gizmo5 (FreePBX Module)
- Google Voice (preconfigured)
- Hamachi VPN (installer script only)
- Hotel-Style Wakeup Calls (FreePBX Module)
- ISN: Free SIP Calling from Any Phone
- MeetMe Conferences
- Mondo Full System Backups
- NewsClips from Yahoo
- ODBC Database Support
- Reminders by Phone and Web
- SIP URI support (fax, mothership, e164, nv-demo, gv-ringback)
- TeleYapper
- Tide Reports with xTide
- Trunk Lister Script
- Trunks (Vitelity, Fonica, Gizmo, ENUM, Remote Peer)
- Weather by Airport Code
- Weather by ZIP Code
- Worldwide Weather
- Zaptel Updater (script only)
Getting Started. Even though the installation process is now a No-Brainer, you are well-advised to do some reading before you begin. VoIP PBX systems have become a favorite target of the hackers and crackers around the world and, unless you have an unlimited bank account, you need to take some precautions to protect your phone bill. Start by reading our Primer on Asterisk Security. Then read our PBX in a Flash and VPN in a Flash knols. If you're still not asleep, there's loads of additional documentation on the PBX in a Flash documentation web site.
Prerequisites. You obviously still need a free Google Voice account. If you don't have one, you can request an invite here. At last report, it's only taking a few days from application to invite which is really great news. Don't use a space in your Google Voice password! Once you have a Google Voice account and phone number (Google has reserved several million of them so... not to worry!), then you'll need a DID that provides unlimited, free incoming calls. We'll use it as your Google Voice RingBack DID and will explain all of this after we get your PBX up and running. We'd recommend a free IPkall or SIPgate DID, but we'll get to that.
Installation. Here's a quick tutorial to get you going. First, install the 32-bit, Asterisk 1.4 version of PBX in a Flash. Boot your system from the installation CD and type ksalt to begin. As your machine reboots, remove the CD and choose option A to load the most stable payload. When the install completes, reboot your system once again and login as root with the password you chose when you built your system. Now issue the following commands to bring your system current and protect your system passwords: update-scripts, update-fixes, passwd-master. You now have a PBX in a Flash base install. On a stand-alone machine, it takes about 30 minutes. On a virtual machine, it takes about half that time.
Now you're ready to run the Orgasmatron V Installer. While still logged into your new server as root, issue the following commands:
cd /root
wget http://pbxinaflash.net/orgasmatron/orgasmatron-gv.x
chmod +x orgasmatron-gv.x
./orgasmatron-gv.x
reboot
Stick around while the install script is running. Parts of it are interactive. For now, choose the Flite option when you're prompted twice for your text-to-speech preferences. That way you'll have a working system when you're finished. Once the Orgasmatron V installer script is finished, type status and write down the IP address of your server. You'll need it in the next step to log into FreePBX.
If you'd prefer to pick and choose the apps to install, use this fully-interactive installer instead:
cd /root
wget http://pbxinaflash.net/orgasmatron/orgasmatron-interactive.x
chmod +x orgasmatron-interactive.x
./orgasmatron-interactive.x
reboot
Using a web browser, open FreePBX on your new server with a command like this (substituting the IP address you wrote down above). When prompted for your account name, type maint and use the password you assigned when running passwd-master above:
http://192.168.0.123/admin/
You're NOT done yet!
These next three steps are important. They get all of the FreePBX modules installed and then restore the FreePBX backup set that's at the heart of the Orgasmatron build. Just follow along here. If you're using the new OpenVZ template for PBX in a Flash, start at step 3 and then complete step 1 and 2. Otherwise...
1. Choose Module Admin, Check for Updates online, Upgrade All, Process, Confirm, Return, Apply Config Changes, Continue.
2. Choose Module Admin, Check for Updates online, Download All, Process, Confirm, Return, Apply Config Changes, Continue.
3. Click on the Tools tab and choose Backup & Restore, Restore, RightNow, and select the .tar.gz file that is displayed. Then choose Restore Entire Backup Set, OK, Apply Config Changes, and Continue.
Securing Your System. You're almost done. We always like to reboot the server just to make sure nothing got lost in the shuffle. When the reboot is finished, log into FreePBX with a browser again. Before you do anything else, choose each of the 16 preconfigured extensions on your new server and change the extension AND voicemail passwords. Here's the drill: Setup, Extensions, 501, Submit after changing secret and Voicemail Password. Repeat with the next extension number instead of 501. Then Apply Config Changes, Continue when you've finished with all of them.
Now let's change the default DISA password: Setup, DISA, DISAmain, PIN, Submit Changes, Apply Config Changes, Continue. Whew! Your system now is relatively secure. Follow the steps in the tutorials we recommended, and you're ready to experiment. Plug in a couple of SIP phones or softphones and configure them using the available extensions (701-715) together with the secrets for those extensions. Place a test call between the extensions to make sure you have a working PBX. Now we're ready to add the pieces so that people from outside your system can call you and so that you can call them as well.
Setting Up An IPkall RingBack DID. Step #1 is obtaining a free DID which will be used to handle RingBack calls from Google Voice. If you're new to Google Voice, here's a quick primer. Whenever you place an outbound call through Google Voice, GV actually places two calls. It returns your call to a number you designate as your RingBack number, and then GV places the call to the destination number you've chosen. We will transparently merge the two calls together behind the scenes so the caller will think it's a "normal" long distance call. But, before Google Voice calling will work with Asterisk, you'll need another DID (in addition to your new Google Voice number) to transparently handle these RingBack calls into Asterisk.
Shown above is the IPkall request form to sign up for a free DID. Make your form look like the one above but change 3 pieces of information: (1) the SIP Proxy which is the public IP address of your Asterisk server or its fully-qualified domain name, (2) a working Email Address which will be used to confirm your request for a free DID, and (3) a password to protect your DID at IPkall. Leave the other entries the way they're shown, especially the SIP Phone Number, gv-ringback, which is preconfigured to route incoming SIP calls on your new PBX to any phones connected to extensions 701-715. Once you have confirmed your request by email, you will be assigned a phone number. Assuming you've already connected a phone to your new PBX on one of the above extensions, it should ring when you call your new IPkall number. Don't proceed until you get this working because it must be functional before you can complete the set up of your Google Voice account.
Setting Up A SIPgate RingBack DID. If you elect to use a SIPgate DID, the process is a bit more complicated. Once you've registered for a free DID on their site, you'll get an email with your credentials. You then will need to create a new trunk using FreePBX with the following entries replacing SIP-ID and SIP-Password with your actual credentials. Use sipgate for the Trunk Name and fill in the following in the Outgoing Settings section of the form:
type=peer
username=SIP-ID
fromuser=SIP-ID
secret=SIP-Password
context=from-trunk
host=sipgate.com
fromdomain=sipgate.com
insecure=very
caninvite=no
canreinvite=no
nat=no
disallow=all
allow=ulaw&alaw
Leave the Incoming Settings blank, and enter the following Registration String using your actual credentials:
Save your entries and then create an Inbound Route called sipgate. Enter your 10-digit SIPgate number in the DID Number field and choose Ring Group: 700 as the Destination for the inbound calls to this number. Reload your Asterisk dialplan when prompted to do so. Connect a phone to an extension on your PBX and be sure the phone rings when you call your new SIPgate DID number before proceeding.
Google Voice Setup. Once you get your RingBack DID set up on your Asterisk system, we need to configure your new Google Voice account. Log into your GV account and click Settings, Phones, Add Another Phone. Add the area code and phone number of your RingBack DID. Be sure a phone is connected to one of the existing extensions (701-715) on your PBX since you have to go through Google's confirmation drill to successfully register the number with GV. After the DID is confirmed, be sure there's a check mark beside this Google Voice destination so that incoming calls to your GV number will be routed to your Asterisk server.
While you're still in the Google Voice Setup, click on the General tab. Uncheck Enable Call Screening. Turn Call Presentation Off. And set CallerID to Display Caller's Number. Remember NOT to include a space in your Google Voice password! Finally, uncheck Do Not Disturb. Now click the Save Changes button.
Adding Your GV Credentials to PBX in a Flash. Now we're ready to insert your Google Voice credentials into PBX in a Flash. You'll need four pieces of information: your 10-digit Google Voice phone number, your Google Voice account name (which is the email address you used to set up your GV account), your GV password (no spaces!), and your 11-digit RingBack DID (beginning with a 1) from either IPkall or SIPgate. Don't get the 10-digit GV number mixed up with the 11-digit RingBack DID, or nothing will work. 🙂 Now log back into your server as root and issue the following commands. Check your entries carefully. If you make a typo in entering any of your data, press Ctrl-C to cancel the script and then run it again!!
cd /root
wget http://pbxinaflash.net/orgasmatron/configure-gv
chmod +x configure-gv
./configure-gv
Updating pyGoogleVoice. Since this article was initially released, Google has made some changes in the way Google Voice processes incoming calls. To address this, you'll need to update the version of pyGoogleVoice installed with this build. While still logged into your server as root, issue the following commands:
cd /root
wget http://pygooglevoice.googlecode.com/files/pygooglevoice-0.5.tar.gz
tar zxvf pygooglevoice-0.5*
cd pygooglevoice-0.5
python setup.py install
Modifying Your RingBack Inbound Route. The last step in the setup process is to reroute your gv-ringback incoming route so that it points to a custom context to process your Google Voice ringback calls transparently. Log back into FreePBX with a web browser and choose Setup, Inbound Routes, gv-ringback. Change the Destination for these calls to Custom Destinations: Custom GV-Park. If you're using SIPgate instead of IPkall, be sure to change the other settings to look like this:
Description: gv-ringback
DIDNumber: *Your 10-digit-SIPgate-Number*
CallerId: *Your 10-digit-Google-Voice-Number*
Save your changes by clicking the Submit button and then reload your dialplan when prompted.
Choosing a VoIP Provider. For this week, we'll point you to some things to play with on your new server. Then, in the subsequent articles below, we'll cover in detail how to customize every application that's been loaded. Nothing beats free when it comes to long distance calls. But nothing lasts forever. So we'd recommend you set up another account with Vitelity using our special link below. This gives your PBX a secondary way to communicate with every telephone in the world, and it also gets you a second real phone number for your new system... so that people can call you. Here's how it works. You pay Vitelity a deposit for phone service. They then will bill you $3.99 a month for your new phone number. This $3.99 also covers the cost of unlimited inbound calls (two at a time) delivered to your PBX for the month. For outbound calls, you pay by the minute and the cost is determined by where you're calling. If you're in the U.S., outbound calls to anywhere in the U.S. are a little over a penny a minute. If you change your mind about Vitelity and want a refund of the balance in your account, all you have to do is ask.
The VoIP world is new territory for some of you. Unlike the Ma Bell days, there's really no reason not to have multiple VoIP providers especially for outbound calls. Depending upon where you are calling, calls may be cheaper using different providers for calls to different locations. So we recommend having at least two providers. Visit the PBX in a Flash Forum to get some ideas on choosing alternative providers.
Kicking the Tires. OK. That's enough tutorial for today. Let's play. After you've connected a phone to your new system, begin your adventure by dialing these 10 numbers:
- D-E-M-O - Check out the Nerd Vittles Orgasmatron Demo
- Z-I-P - Enter a five digit zip code for any U.S. weather report
- 6-1-1 - Enter a 3-character airport code for any U.S. weather report
- 5-1-1 - Get the latest news and sports headlines from Yahoo News
- T-I-D-E - Get today's tides and lunar schedule for any U.S. port
- F-A-X - Send a fax to an email address of your choice
- 4-1-2 - 3-character phonebook lookup/dialer with AsteriDex
- M-A-I-L - Record a message and deliver it to any email address
- C-O-N-F - Set up a MeetMe Conference on the fly
- 1-2-3 - Schedule a regular or recurring phone reminder
- Dial *68 - Schedule a hotel-style wakeup call on any extension
Google Voice Speed Dials. For frequently called numbers, you can add speed dials by inserting entries in the [from-internal-custom] context of extensions_custom.conf in the /etc/asterisk folder that look like the example below where 333 is the speed dial number and 6781234567 is the area code and number to call. Be sure to reload your Asterisk dialplan to activate them.
exten => 333,1,Dial(local/6781234567@custom-gv,300)
Congratulations! You now have what we hope will be flawless and free U.S. calling on your Asterisk system using Google Voice. No gimmicks, no strings, no cost. Enjoy!
Finally, one additional word of caution. Both Google Voice and this call design are set up for a single call at a time. There are no safeguards to prevent multiple calls, but that may violate the Google Voice terms of service.
Homework. Your homework for this week is to do some exploring. FreePBX is a treasure trove of functionality, and the Orgasmatron build adds a bunch of additional options. See if you can find all of them. Then log into your server as root and look through the scripts added in the /root/nv folder. You'll find all sorts of goodies to keep you busy. Enjoy!
whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest...
Tweaking Asterisk for Free Google Voice Calling
Now that the Asterisk® and Google Voice marriage is finally underway, we wanted to step back today and revise the original methodology a bit to take advantage of some of the terrific comments which were offered in response to our last article. First, the good news. U.S. calls through Google Voice using Asterisk work! They sound great, and they're free. The not so good news was that the MeetMe conferencing trick to join your outbound call with the Google Voice click-to-dial return call from your destination worked great so long as a real person answered the phone. But, if an answering machine picked up or no one answered the call at all, there were problems because these calls already had been transferred to the MeetMe conference and there was no simple way to disconnect them. And the need for two DIDs to support a single Google Voice interface just seemed a bit wasteful.
9/1/2010 Update: A good bit has changed with Google Voice since this article was first published. For the definitive guide and installation procedure, we highly recommend The Incredible PBX and accompanying article which can be found at this link. Google Voice (and much more) already is included in our new PBX which is literally Plug-and-Play. If you prefer to roll your own, be sure to also have a look at this excellent update on the Michigan Telephone Blog.
Today we want to try to eliminate these two quirks while stiill providing a seamless interface between Google Voice and Asterisk. We also appreciate that thousands of you already have implemented the previous approach. So we want your transition to the new way of doing things to be as painless as possible. On the other hand, for frequent readers, we hope you'll bear with us as we repeat some of what already has been covered in previous articles so new visitors don't have to jump around between articles to get the complete picture of what we're trying to accomplish.
The objective remains the same. We want a methodology that lets us make outbound calls from any Asterisk phone using the Google Voice service to take advantage of free calling in the United States and Canada. And we want calls to our Google Voice number delivered to our Asterisk system for transparent call processing. Yes, SIP is still on our wish list for both outbound and inbound calls with Google Voice, but we'll make do with PSTN calls particularly while Google is footing the bill for all of the calls.
Update: There's now a turnkey Asterisk solution that implements Google Voice calling without getting your hands dirty. Check out our new Orgasmatron V.
Tweaked Design. Here's the new design. You obviously still need a free Google Voice account. If you don't have one, you can request an invite here. At last report, it's only taking a few days from application to invite which is really great news. Don't use a space in your Google Voice password! Once you have a Google Voice account and phone number (Google has reserved a million of them so... not to worry!), then you'll need a DID that provides unlimited, free incoming calls. Once you get your DID set up on your Asterisk system, we'll set up a forwarding phone number for this DID in your Google Voice account so that Google Voice calls can be connected to your Asterisk server.
For outbound calls, we'll combine a little dialplan voodoo with pygooglevoice to instruct Asterisk to place a click-to-dial call using your Google Voice forwarding number. Then we'll stuff in the destination U.S. phone number. When you dial GV-678-1234567 from any of your Asterisk phones, Asterisk will park your initial call in a reserved parking lot slot and then join the called party to the originally parked call. The entire procedure is virtually transparent both to the caller and the callee. And, unlike the MeetMe conference, the parking lot fades out of the picture as soon as the call is connected. Thus, if either party hangs up, the active channel for the call is terminated on your Asterisk server.
For inbound calls from your Google Voice number, we'll tweak the dialplan so that it can distinguish between a RingBack call that Google Voice initiated and a true inbound call. We'll peel off the real inbound calls and route them to a separate Inbound Route in FreePBX for processing in any way you desire.
Finally, for those that implemented the methodology in our previous article, we'll walk you through the steps to revise your existing setup to take advantage of these new tweaks. You can skip over the initial installation process if you already have gone through the Google Voice setup from our earlier article. Just skip down to Tweaking Previous Setups.
Special Thanks. At the outset, we again want to express our sincere appreciation to Jacob Feisley and Paul Marks for their pioneering work on a Python interface to Google Voice. We also stumbled upon another Python development project, Google Voice for Python. While we originally had planned to rely upon Jacob and Paul's script, we ultimately decided to implement pygooglevoice because of the additional flexibility it provided for down the road. With pygooglevoice, you not only can make Google Voice calls, but you also can send SMS messages with no muss or fuss. Jacob Feisley has now joined that project as well. So, our special tip of the hat goes to the entire Google Voice for Python development team. It's a terrific product as you will see.
Prerequisites. Today's setup requires a CentOS-based Asterisk aggregation with a current version of FreePBX. Be aware that today's solution requires Python 2.4 or higher and reportedly will not work with Python 2.3 found in some Linux distributions. We've tested everything with PBX in a Flash and, on that platform, you're good to go. The install script should work equally well with the other CentOS-based Asterisk aggregations, but we haven't tested them. Be our guest, and let us know if you encounter any problems. Finally, a word of caution. We don't ordinarily distribute solutions using development tools we don't use. Our knowledge of Python wouldn't fill a thimble. We've made an exception today because of the extraordinary interest in Google Voice by the Asterisk community. But, if something comes unglued, we can't fix it. So have a backup plan in place just in case. 🙂
Today's Drill. To get everything working today, there are six steps: (1) obtaining and configuring a DID to manage calls between Google Voice and Asterisk, (2) configuring a Google Voice forwarding number for this DID to manage your outbound and inbound calls, (3) configuring FreePBX to route all outbound calls with a GV prefix to your special Google Voice dialplan context, (4) configuring an inbound route to manage incoming calls from your Google Voice number, (5) setting up a series of Parked Call extensions, one of which will be used to manage your outbound Google Voice calls, and (6) running our install script which adds the dialplan code for Google Voice calling with your credentials and puts the Python application into place on your server. It sounds more complicated than it is. So hang on to your hat. Here we go!
Dedicated DID. Before you can use Google Voice with Asterisk, you'll need a DID that can be dedicated to your Google Voice interface to Asterisk. We'd recommend a free IPkall or SIPgate DID. To get started, use one of the links above to obtain and configure the DID. Temporarily point the DID to an extension on your Asterisk system that can be used to verify your requests for the number. Since all of these calls are free, the area code of the DID really doesn't matter because you're never going to publish the fact that it exists.
The easiest method for setting up the DID is to first create a SIP URI for the DID on your Asterisk system. Next route the SIP URI to an Inbound Route in FreePBX where you can manage the destination for calls to that DID. Initially, you want the destination to be an extension on your Asterisk system that you can answer to verify both the DID setup and the GV setup below. Finally, point the DID you obtained to the SIP URI defined above.
HINT: The entry in extensions_override_freepbx.conf would look something like this for a SIP URI called ipkall-1:
exten => ipkall-1,1,Goto(from-trunk,${DID},1)
Then you would create an inbound route named ipkall-1 using FreePBX and designate some existing extension on your server as the destination for these inbound calls.
When you set up the SIP forwarding for the DID at ipkall.com, you'd specify the SIP URI as:
ipkall-1@ipaddress_of_your-Asterisk_server
We've previously covered in detail how to do this so read the article if you need a refresher course. To reiterate, the area code of this DID really doesn't matter because you're never going to give out the number. So use one of the free sources and save yourself some money. The real trick is you want to use a DID with unlimited, free inbound calls. Both IPkall and SIPgate provide that functionality at no cost.
Google Voice Setup. Log into your Google Voice account and click Settings, Phones, Add Another Phone. Add the area code and phone number of your DID. Be sure the DID is pointed to an extension on your PBX that you can answer since you have to go through Google's confirmation drill to successfully register the number. After the DID is confirmed, be sure there's a check mark beside this Google Voice destination so that incoming calls to your GV number will be routed to your Asterisk server.
While you're still in the Google Voice Setup, click on the General tab. Uncheck Enable Call Screening. Turn Call Presentation Off. And set CallerID to Display Caller's Number. Be aware that IPkall DIDs only forward your IPkall number as the CallerID number while SIPgate DIDs reportedly forward the actual number of the person calling you. If this matters to you, then you may prefer the SIPgate DID option. Finally, uncheck Do Not Disturb. Now click the Save Changes button.
Integrating Google Voice into Asterisk with FreePBX. Open FreePBX with a web browser and choose Setup, Trunks, Add Custom Trunk. Insert your GV number in the Outbound CallerID field and add the following Custom Dial String on the form and Submit Changes and reload the dialplan:
local/$OUTNUM$@custom-gv
Next, choose Setup, Outbound Routes, Add Route and fill in the following entries on the form:
Route Name: GoogleVoice
Dial Pattern: 48|NXXNXXXXXX
Trunk Seq: local/$OUTNUM$@custom-gv
Inbound Routes. Next, we need two Inbound Routes to get everything working. In setting up your DID with IPkall or SIPgate, you already should have created one inbound route for that provider. It already should be routing calls to an extension on your PBX. Now we need to create a Custom Destination for this inbound route and then reroute these calls there. In that way, your RingBack calls will be routed to some special dialplan code that drops these calls into a custom parking lot where the RingBack call is married up to the extension from which you placed the original call. Then we need to create another inbound route to manage normal incoming calls that are forwarded to your PBX whenever someone dials your Google Voice number.
To begin, choose Tools, Custom Destinations, Add Custom Destination and add an entry like this and then click the Submit Changes button:
Custom Destination: custom-park,s,1
Description: Custom GV-Park
Next choose Setup, Inbound Route and click on the inbound route you created previously for IPkall or SIPgate. Change the destination for these calls to Custom Destination: Custom GV-Park.
Now click on Add Incoming Route and create a new route for your incoming Google Voice calls. Give it any description you like but, for the DID number, it must be gv-incoming. You can leave most of the other defaults. Just be sure you set a destination for your incoming calls from Google Voice. It could be an extension, ring group, IVR, or whatever best meets your needs. The important entry here is gv-incoming for the DID number. Click the Submit button to save your entries. Ignore the warning that you've entered an oddball DID. We know what we're doing. 🙂
Setting Up the Parking Lot. While still in FreePBX, we need to create or adjust your existing settings in Setup, Parking Lot. The parking lot is used by FreePBX to simulate old key telephones where you could place a call on hold and then someone else in the office could pick up the call by clicking on the blinking key on their phone. The Asterisk equivalent is to press the flash hook and dial your Parking Lot Extension which then places the call in a Parking Lot space and tells you what the space number is. Someone else then can dial the number of that space to pick up the call. Our little trick today works like this. When you place an outbound call through Google Voice, your extension will be dumped into a reserved parking lot space. When Google Voice initiates the RingBack call before connecting the destination number you've dialed, that call will be sent to the same reserved parking lot space. The two calls then are joined, and you'll hear the parking lot number followed by ring tones as your call is connected by GV to its final destination. Our special thanks to Richard Bateman for his comment on the previous article and this terrific tip! He wins an Atomic Flash installer from Nerd Vittles. In addition, A. Godong wins an Atomic Flash installer for his tip on consolidating two DIDs into a single DID to manage both inbound and outbound GV calls. Just send us your addresses.
Now, where were we? Most FreePBX systems have a default setup for the Parking Lot. What we need to do is be sure you have reserved one more space in the parking lot than you actually need for day to day operation of your PBX. We'll use the last parking lot space number to manage outbound calling through Google Voice. Our entries look like the following:
Enable Parking Lot Feature: checked
Parking Lot Extension: 70
Number of Slots: 5
Parking Timeout: 30 seconds
Parking Lot Context: parkedcallsDestination for Orphaned Calls: Terminate Call: Hangup
If you use our setup above, the Magic Number is 75 which is the fifth slot in the Parking Lot. If you use a different Parking Lot extension or number of slots, here's how to calculate the Magic Number. Start counting the slots beginning with one more than the Parking Lot Extension. When you get to the last slot in the number of slots you've specified, that's your Parking Lot Magic Number. Write it down. You'll need it in a second when you run our GV installation script.
Save your entries and reload the Asterisk dialplan when prompted.
Integrating pygooglevoice. Now we're ready to complete the setup by running our revised script which loads pygooglevoice and sets up your dialplan in extensions_custom.conf. You'll need 5 pieces of information to run the script so write them down before you begin:
1. Your 10-digit Google Voice phone number
2. Your Google Voice email address
3. Your Google Voice password (no spaces!)
4. Your 11-digit RingBack DID (16781234567)
5. Your Parking Lot Magic Number
A word of caution: If you used a gMail address to set up your Google Voice account, it's possible to have different gMail and Google Voice passwords. For this to work, you'll need to enter your gMail password, not your Google Voice password (assuming they're different).
Now log into your Asterisk server as root and issue the following commands:
cd /root
wget http://bestof.nerdvittles.com/applications/gv/install-gv-new
chmod +x install-gv-new
./install-gv-new
Google Voice Speed Dials. For frequently called numbers, you can add speed dials by inserting entries in the [from-internal-custom] context of extensions_custom.conf that look like the example below where 333 is the speed dial number and 6781234567 is the area code and number to call. Be sure to reload your Asterisk dialplan to activate them.
exten => 333,1,Dial(local/6781234567@custom-gv,300)
Congratulations! You now have what we hope will be flawless and free U.S. calling on your Asterisk system using Google Voice. No gimmicks, no strings, no cost. Enjoy!
Finally, one additional word of caution. Both Google Voice and this call design are set up for a single call at a time. There are no safeguards to prevent multiple calls, but that may violate the Google Voice terms of service.
Asterisk 1.6 Solution. Several readers now have documented the procedure for implementing the Asterisk 1.6 bridge technology to make outbound Google Voice calls. You can read all about it here.
Tweaking Previous Setups. If you installed pygooglevoice using our previous tutorial, here's what you need to do. First, log into your Asterisk server as root and issue the following commands:
cd /etc/asterisk
nano -w extensions_custom.conf
Scroll to the bottom of the file by pressing Ctrl-W then Ctrl-V. Move up the file using up arrow until you reach [custom-gv]. Press Ctrl-K repeatedly to delete all of the lines in the [custom-gv] context. If you get to another line that starts with a label in brackets like [this], STOP deleting. Once you've deleted all of the lines in the [custom-gv] context, save the file: Ctrl-X, Y, and press Enter.
Now continue reading this article by jumping up to the Google Voice Setup topic. The Custom Trunk entry and the GoogleVoice outbound route will already be in your FreePBX system so there's no need to repeat those two steps. You will need to perform the remaining FreePBX steps beginning at the Inbound Routes topic and continuing on with Setting Up the Parking Lot. Finally, when you run the new installation script, it will detect that pygooglevoice is already on your system and will skip that step but will install the new custom contexts in extensions_custom.conf using your new settings. Enjoy!
Thought for the Day. Which is more arbitrary: (1) Apple snubs Google Voice or (2) Google Voice snubs SIP? Pays to look in the mirror occasionally.
Best Read of the Week. Memo to Steve Jobs and Apple: Stop Being A Jerk!
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.
whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest...
New, Free Hospitality Management System for Asterisk
In another terrific example of open source development at its finest, Claudio Pizzillo has released the beta of his Hospitality Management System for PBX in a Flash systems. Features of the Asterisk® hotel management system include:
- Rooms inventory management with bulk FreePBX extension import
- Call management by prefix with per minute and fixed rates
- Check-In and Check-Out with associated actions
- Billing with search by dates and/or by rooms with call detail
- Integrated with Hotel wake-up module with web interface
- Removal of voicemails and wake-ups on room check-out
Prerequisites. If you're using a PBX in a Flash system, you have all the pieces you'll need to get the Hospitality Management System working. If not, you'll need a LAMP-based Asterisk system with Apache, FreePBX, MySQL, and PHP that's configured to match PBX in a Flash aggregation.
Installation. To install the beta, log into your server as root and issue the following commands:
cd /var/www/html
wget http://www.kefa.it/hotel.tar.gz
tar zxvf hotel.tar.gz
rm hotel.tar.gz
cd hotel
chmod 775 loadmysql.sh
./loadmysql.sh
Next, edit /etc/asterisk/extensions_custom.conf and add the following code at the top of the [from-internal-custom] context. NOTE: This code forces all outbound calls to be routed to the receptionist extension unless the room/extension number is occupied. Make two substitutions below. For MYPBX, replace it with the IP address of your Asterisk server. For RECEPTION, replace it with the extension number for your receptionist's phone.
exten => _X.,1,Set(result=${CURL(http://MYPBX/hotel/checkuser.php?Ext=${CALLERID(num)})})
exten => _X.,2,NoOp(Results: ${result})
exten => _X.,3,GotoIf($["${result}" = "OK"]?OK)
exten => _X.,4,GotoIf($["${result}" = "KO"]?KO)
exten => _X.,5(OK),Goto(outbound-allroutes,${DIAL},1)
exten => _X.,6,Hangup()
exten => _X.,7(KO),DIAL(SIP/RECEPTION)
exten => _X.,8,Hangup()
Remove the line-wrap between the first and second lines. Then save your changes to the file and reload your dialplan: asterisk -rx "dialplan reload"
Using the Hotel Management System. To use the application, use a web browser pointed to the actual IP address of your server: http://serverIP/hotel/. The web interface is self-explanatory. If you need additional assistance, post your questions and suggestions on the PBX in a Flash Forum. Enjoy!
Twitter Deals of the Week. The nation's premier provider of free directory assistance service, 1-800-FREE-411, now is offering free 5-minute phone calls to most destinations around the world. Just listen to two quick commercials and enjoy your free call. Thanks, @MichiganTelephone. And now you can send free SMS messages worldwide from your iPhone. Thanks, @TruVoIP.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.
whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest...
VoIP Over VPN: Securely Interconnecting Asterisk Servers
We’ve just returned from a week in the Pacific Northwest teaching an Asterisk® course for an organization that wants to interconnect satellite offices using Asterisk servers. This coincided with a support request from one of America’s premier airlines which wants to do much the same thing for all of its reservation counters in airports situated in feeder cities around the country. Suffice it to say, PBX in a Flash in conjunction with Asterisk and Hamachi VPNs is perfectly suited to let anyone build these interconnected systems in minutes rather than months. In fact, with less than a day’s worth of introduction to Asterisk and PBX in a Flash, a group of 16 network administrators with no previous Asterisk experience did just that in a one-hour lab session during our training seminar last week. At the risk of (further) destroying our ability to earn a living, here’s how we did it.
Proxmox as a Training Tool. Before we get into the nitty gritty of actually interconnecting Asterisk servers with Hamachi VPNs, let us provide the free tip of the week for those of you that want to experiment with interconnecting Asterisk servers or for those that like to test various Asterisk scenarios without rebuilding servers all day long. There is no finer tool for this than the Proxmox Virtual Environment, a free and easy to use Open Source virtualization platform for running Virtual Appliances and Virtual Machines. With a sale-priced Dell T105 with a Quad Core AMD Opteron processor and 8 gigs of RAM, you’ll have a perfect platform to run about 16 simultaneous PBX in a Flash servers. The trick is finding the machines on sale for half price which is about every other week. Our lab system which matches this configuration was less than $600 with RAM purchased from a third party. You can save most of the shipping cost by using our coupon link in the right column to shop at Dell’s small business site.
Proxmox lets you build virtual machines in two ways: OpenVZ templates or Qemu/KVM Templates and ISO images. While we intend to offer an OpenVZ template for PBX in a Flash soon, currently it’s easy to create your own ISO template using the standard PBX in a Flash ISO image. Once you’ve uploaded your ISO image into Proxmox, simply create a new virtual machine by giving it a name, specifying 512MB of RAM and a 30GB partition. In 10 seconds or less, your new VM will be ready to boot. Start your VM and then open the VNC console window within the Proxmox web interface and install PBX in a Flash just as if you were building a stand-alone machine. When the 15-minute install completes, run through the Orgasmatron Installer setup, and you’ll have your turnkey PBX in a Flash system ready for production in less than 30 minutes.
You don’t have to repeat this drill for every virtual machine. Instead, use the built-in Proxmox backup utility to make a backup image of what you built. Shut down the VM, create a /backup directory, and then schedule the compressed backup in the web browser. When the backup completes, you’ll have a backup image in /backup with a file name like this: vzdump-101.tgz.
To create a new virtual machine, you issue the following command while positioned in the /backup directory specifying the number for the new virtual machine:
vzdump --restore vzdump-101.tgz 102
In about 3 minutes, you’ll have a second virtual machine that’s a clone of the first one. Because it’s a true clone, it would obviously have the same MAC address for the virtual NIC. You don’t want that or all of your VMs would boot up using the same IP address. Using the Proxmox web interface, just edit the new VM 102 by switching from the Status tab to the Hardware tab, delete the existing Ethernet device, and then create a new Ethernet device under the hardware address list pulldown. This will create a new virtual NIC with a new MAC address. So, when you boot VM 102, it will be assigned a new IP address by your DHCP server. You can decipher the new IP address by opening the VNC console window for VM 102 after you boot it up. Now you’re an expert. You can create the additional Baker’s Dozen turnkey PBX in a Flash servers in about an hour. Start all of them up, and you’ve got an instant training facility and PBX in a Flash playground.
April, 2012 Update. See our new article for a current state-of-the-art VoIP VPN.
Creating Hamachi VPN. You obviously don’t need a virtual private network in order to interconnect Asterisk servers. But, as easy as the Hamachi VPN is to set up, especially with PBX in a Flash servers, why wouldn’t you want all of your inter-Asterisk communications secured and encrypted? In addition to the capacity limitation of the Proxmox server, there’s another reason we chose to build 16 PBX in a Flash VMs. That happens to be the number of servers you can interconnect with the Hamachi Virtual Private Network without incurring a charge.1 Why use the Hamachi VPN when OpenVPN is free with unlimited network connections and no strings? The short answer is it’s incredibly simple to set up without public and private key hassles, and it supports dynamic IP server addressing with zero configuration. We plan to cover OpenVPN in a subsequent article but, for many implementations, Hamachi VPNs offer a robust, flexible alternative that can be deployed in minutes.
If you’re not using PBX in a Flash, there are a million good Hamachi VPN tutorials available through a quick Google search. If you are using PBX in a Flash, we’ve done the work for you. With the Orgasmatron Installer build, you’ll find the Hamachi VPN installation script in /root/nv. For other PBX in a Flash systems, just download the install-hamachi.x script from here or, after logging into your server as root, issue the following commands:
wget http://pbxinaflash.net/source/hamachi/install-hamachi.x
chmod +x install-hamachi.x
./install-hamachi.x
Before beginning the Hamachi VPN install, it’s a good idea to make yourself a cheat sheet for the servers you plan to interconnect. We’re going to interconnect 3 servers today, but doing 16 is just more of the same. You’ll need a unique name for your virtual private network. Pick a name that distinguishes this VPN from others you may build down the road. For our example, we’re going to use piaf-vpn. Next, you need a very secure password for your VPN. We’re going to use password for demonstration purposes only. Finally, you need a unique nickname for each of your servers, e.g. piaf-server1, piaf-server2, and piaf-server3 for our example setup today.
For the first Hamachi install, we’ll need to create the new network. For the remaining installs, we’ll simply join the existing network. Keep in mind that you can only remove machines from the network using the same server that was used to create the other VPN accounts initially so build out your virtual private network by starting with your main server, piaf-server1 in our example.
To begin the Hamachi VPN install, run the script using the commands shown above. Type Y to agree to the installer license and then press the Enter key to kick off the install. For the piaf-server1 install, type N to create a new Hamachi network. For the remaining installs, you’d type J to join an existing Hamachi network. Enter the network name you chose above. For our sample, we used piaf-vpn. Type it twice when prompted. Now type your network password and then your nickname for this server when prompted to do so. Then standby while the Hamachi software is installed. It takes a few minutes depending upon the speed of your network connection. And remember, do NOT use our sample network name. Make up your own and don’t forget it. When the install completes, you can review the log if you’d like. Unless something has come unglued, Hamachi should now be running on your first server. Repeat the drill on your other servers.
The next step is to grab some of our scripts to make it easier to manage Hamachi on your servers.
cd /usr/local/bin
wget http://pbxinaflash.net/source/hamachi/hampiaf
wget http://pbxinaflash.net/source/hamachi/hamachi-servers
chmod +x ham*
cd /root
wget http://pbxinaflash.net/source/hamachi/hamachi.faq
The hamachi.faq document provides all of the commands you’ll need to manage Hamachi including the steps to start over with a totally new virtual private network. For now, let’s be sure your network is running. Type: hamachi-servers piaf-vpn using the network name you assigned to your own VPN. Then type it again, and it should display all of the servers on your VPN with their private VPN IP addresses:
root@pbx:~ $ hamachi-servers piaf-vpn
This server:
Identity 5.151.123.1
Nickname piaf-server1
AutoLogin yes
OnlineNet piaf-vpnGoing online in piaf-vpn .. failed, already online
Retrieving peers’ nicknames ..
* [piaf-vpn]
5.151.123.2 piaf-server2
5.151.123.3 piaf-server3
Finally, a word of caution about security. One of the drawbacks of the ease with which you can create Hamachi VPNs is the ease with which you can create Hamachi VPNs. Anyone that knows your network name and password can join your network with one simple command. You can kick them off from the main server where the VPN was created (hampiaf evict piaf-vpn 5.249.146.66), but you can’t keep them from joining. So, protect your network by making the password extremely secure. There currently is no way to change your network password. All you can do is create a new network with a new network name and a more secure password.
Interconnecting Asterisk Servers. Once your VPN is established and all of your servers are on line, then we’re ready to interconnect them with Asterisk and FreePBX. There are a number of ways to do this. For smaller networks, we’re going to show you the easy and secure way using IAX and the VPN you just created. As with the VPN setup, a cheat sheet comes in handy to avoid erroneous entries that would cause your calls between servers to fail. What we recommend is assigning and creating a block of extensions on each of your servers with different ranges of numbers. For example, we’re going to use four-digit extensions in the 1xxx range for piaf-server1, 2xxx for piaf-server2, and 3xxx for piaf-server3. The idea here is that the extensions are unique between your servers. This makes it easy to dial between offices without having to resort to dialing prefixes. So the first step in interconnecting your servers is to build the necessary extensions on each of your servers.
Now for the cheat sheet. Using the hamachi-servers tool above, decipher the VPN IP address of each of your servers and make a chart with the server names, the range of extension numbers, and the VPN IP address of each server. You’ll also need to think up a very secure password. We’re going to use the same one for all of the servers although you certainly don’t need to. So long as the password you choose is secure, there’s really no reason not to use the same one.
piaf-server1 1xxx 5.151.123.1 password
piaf-server2 2xxx 5.151.123.2 password
piaf-server3 3xxx 5.151.123.3 password
Creating Trunks. The next step is to create an IAX trunk on each server for each remaining server in your network. In our example, on piaf-server1, we’d want to create trunks for piaf-server2 and piaf-server3. On piaf-server2, we’d want to create trunks for piaf-server1 and piaf-server3. And so on.
NOTE: Because of a change in IAX design to fix a security issue that arose after this article was originally published, be sure to add the following line in the User Details of each trunk below:
requirecalltoken=no
On your first server (piaf-server1 in our example), using a web browser, open FreePBX and choose Admin, Setup, Trunks and then click Add IAX2 Trunk. Create the trunk to piaf-server2 with the following entries. Leave everything blank except the entries shown below:
While still on piaf-server1, repeat the process to create a trunk for piaf-server3:
On your second server (piaf-server2 in our example), using a web browser, open FreePBX and choose Admin, Setup, Trunks and then click Add IAX2 Trunk. Create the trunk to piaf-server1 with the following entries. Leave everything blank except the entries shown below:
While still on piaf-server2, repeat the process to create a trunk for piaf-server3:
On your third server (piaf-server3 in our example), using a web browser, open FreePBX and choose Admin, Setup, Trunks and then click Add IAX2 Trunk. Create the trunk to piaf-server1 with the following entries. Leave everything blank except the entries shown below:
While still on piaf-server3, repeat the process to create a trunk for piaf-server2:
Creating Outbound Routes. Now we need to tell Asterisk how to route the calls between the servers. In a nutshell, we want calls to extensions in the 1xxx range routed to extensions on piaf-server1, calls to 2xxx extensions routed to piaf-server2, and calls to 3xxx extensions routed to piaf-server3. On each server, create an outbound route for each of the remaining servers. Name the routes server1, server2, and server3 as appropriate. The critical pieces of information in each outbound route are the dial string (which should match the extensions on the server we’re connecting to) and the Trunk Sequence (which should be the appropriate IAX trunk for the server we’re connecting to).
On piaf-server1, we’d have a server2 outbound route with a Dial String of 2xxx and a Trunk Sequence of IAX2/piaf-server2. Then we’d have another server3 route with a Dial String of 3xxx and a Trunk Sequence of IAX2/piaf-server3. If you have a catch-all outbound route, be sure to move these routes above the catch-all in the right column. Then reload your dialplan.
On piaf-server2, we’d have a server1 outbound route with a Dial String of 1xxx and a Trunk Sequence of IAX2/piaf-server1. Then we’d have another server3 route with a Dial String of 3xxx and a Trunk Sequence of IAX2/piaf-server3. If you have a catch-all outbound route, be sure to move these routes above the catch-all in the right column. Then reload your dialplan.
On piaf-server3, we’d have a server1 outbound route with a Dial String of 1xxx and a Trunk Sequence of IAX2/piaf-server1. Then we’d have another server2 route with a Dial String of 2xxx and a Trunk Sequence of IAX2/piaf-server2. If you have a catch-all outbound route, be sure to move these routes above the catch-all in the right column. Then reload your dialplan.
If you’re setting this up with PRI or T1 connections between your servers, you might also want to specify at least secondary trunk sequences for each of the outbound routes to provide some redundancy. For example, on piaf-server1, you might want a secondary Trunk Sequence for server2 that specified IAX2/piaf-server3. Then, if the primary connection between server1 and server2 was down, Asterisk would attempt to complete calls to 2xxx extensions by routing them to server3 and then on to server2 from there. To the caller and call recipient, they’d never know that the direct link between server1 and server2 had failed.
Alternate routing might also be appropriate where you have more capacity between certain servers. For example, if you had a single T1 line between server1 and server3 but you had PRI connections between server1 and server2 and between server2 and server3, then it might make more sense to indirectly route 3xxx calls from server1 through server2 and then on to server3 rather than the direct route from server1 to server3. Enjoy!
Free DIDs While They Last. Sipgate is giving away a free U.S. DID with free incoming calls plus 200 free minutes for outbound calls. Better hurry. Here’s the trunk setup for FreePBX-based systems:
Trunk name: sipgate
type=peer
username=ACCTNO
fromuser=ACCTNO
secret=ACCTPW
context=from-trunk
host=sipgate.com
fromdomain=sipgate.com
insecure=very
caninvite=no
canreinvite=no
nat=no
disallow=all
allow=ulaw&alawRegistration Strong: ACCTNO:ACCTPW@sipgate.com/YOUR-DID-NUMBER
ACCTNO is the account number assigned to your sipgate account. ACCTPW is the password for your account. YOUR-DID-NUMBER is your 10-digit DID.
Finally create an inbound route using your actual 10-digit DID and assign a destination for the inbound calls.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.
Twitter Magic. If you haven’t noticed the right margin of Nerd Vittles lately, we’ve added a new link to our Twitter feed. If you explore a little, you’ll discover that the user interface now brings you instant access to every Twitter feed from the convenience of the Nerd Vittles desktop. Enjoy!
whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
- See comment #1 below. [↩]
Asterisk on Steroids: The Orgasmatron Installer, Part III
Happy Cinco de Mayo! And you can celebrate the event by installing two dozen turnkey Asterisk® applications in under 5 minutes! We recently introduced our new Orgasmatron Installer for PBX in a Flash. And today the saga continues with Part III in our series. Faxing and email work out of the box. More than a dozen extensions and a number of hosting provider trunks are preconfigured. Delivery of CallerID names with numbers is available from a half dozen providers of your choice. ODBC database connectivity is now painless. And the Flite text-to-speech engine is preconfigured with Cepstral TTS only a few keystrokes away. Also included are FreePBX 2.5, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Here's the complete list of what 5 minutes of your time brings to your Asterisk server platform:
- AsteriDex
- CallerID Superfecta (FreePBX Module)
- CallWho for Asterisk
- Cepstral TTS (installer script only)
- Email That Works with SendMail
- Extensions (15 preconfigured)
- Fax Module using nvFax
- FONmail
- FreePBX Backups
- Gizmo5 (FreePBX Module)
- Hamachi VPN (installer script only)
- Hotel-Style Wakeup Calls (FreePBX Module)
- Interconnecting Asterisk Servers with IAX
- MeetMe Conferences on the Fly
- Mondo Full System Backups
- NewsClips from Yahoo
- ODBC Database Support
- Reminders by Phone and Web
- SIP URI support (fax, mothership, e164, nv-demo)
- TeleYapper
- Tide Reports with xTide
- Trunk Lister Script
- Trunks (Vitelity, Fonica, Gizmo, ENUM, Remote Peer)
- Weather by Airport Code
- Weather by ZIP Code
- Worldwide Weather
- Zaptel Updater (script only)
In Part II of this series, we walked you through securing your system and configuring a few of the major applications: AsteriDex, CallerID Superfecta, CallWho, Cepstral, and Emailing with SendMail. Today, we'll tackle nine more applications in the list.
Fax Module with nvFax. The NVfax module provides basic incoming and outgoing fax functionality for your PBX in a Flash system. It's not perfect because faxing with VoIP providers is hit and miss at best! As installed, inbound faxing works after a simple configuration. Here are the three steps:
#1. Log into your server as root and edit fax-process.pl in the /var/lib/asterisk/bin folder. Change the following default parameter to make it your default MAILTO email address:
my $to = "JoeSchmoe\@gmail.com";
NOTE: Always edit system files like this: nano -w filename
#2. Using a web browser, log into FreePBX and choose Admin, Setup, General Settings. In the Fax Machine section of the form, choose system as the extension for receiving faxes, enter the destination email address for incoming faxes, and enter an email from address for outbound faxes.
#3. While still in FreePBX, you need to define how you want faxes processed when they are received from outside your PBX. Choose Admin, Setup, Inbound Routes. For each incoming route on your PBX where you want to enable receipt of faxes, click on that incoming route definition. In the Fax Handling section of the form, choose system as the fax extension, enter the fax email destination address, choose nvfax as the fax detection type, and use 5 as the fax detection delay setting. Save your settings for each inbound destination and then reload your dialplan.
You can test it by plugging a real fax machine into a VoIP phone adapter such as the Linksys SPA-2102 and assigning the ATA an extension number on your PBX. Using the fax machine, simply send a fax to extension 329 (F-A-X). It should arrive as a PDF in your email inbox within a couple minutes.
Once you get fax delivery of faxes from inside your PBX working reliably, then you're ready to graduate to the Big League and get faxing from outside your PBX working. This is 99% dependent upon the quality of inbound calls from your DID provider. If your DID provider doesn't support ULAW, give up or switch providers. We have successfully tested inbound faxing with TelaSIP, Teliax, voip.ms, and Future-Nine. With Teliax and Future-Nine, you will need to add the following settings to your Incoming Trunk Configuration in FreePBX:
t38pt_rtp=no
t38pt_tcp=no
t38pt_udptl=no
For additional tips and tricks, read our Best of Nerd Vittles article on faxing.
FONmail for Asterisk. FONmail is one of several applications that works in conjunction with AsteriDex. It lets you pick up a telephone connected to your Asterisk system, dial 6245 (M-A-I-L), and dictate a message for email delivery to someone in your AsteriDex database. You'll be prompted for the phone number of your recipient, or you can look up a person using the first three letters of their name in the AsteriDex database. Once you record your message and choose the recipient, the dictated message is emailed to the recipient using the email address you've entered for that person in AsteriDex.
For FONmail to work, you obviously have to add entries into AsteriDex (with email addresses) for the recipients you intend to select, and you need to populate the new dialcodes for AsteriDex by following the instructions in Part II of this tutorial. The final piece is specifying your return email address for the outbound emails. Set your return email address by editing the $email entry at the top of nv-mailit.php. The file is stored in /var/lib/asterisk/agi-bin.
FreePBX Backups. A disaster recovery plan is a critical component with any computer system, and PBX in a Flash is no different. You need to have a plan for recovering from a disaster whether that disaster is an Act of God, or man-made, or the result of a hardware failure. Our recommended strategy goes like this. Make weekly full disk backups with Mondo to at least a pair of USB flash drives. Replace the drive each week and take the other drive off site. In addition, make daily or weekly FreePBX backups and copy them to a safe place. Amazon S3 offers a convenient, inexpensive off-site storage facility for FreePBX backups. FreePBX backups let you restore FreePBX components to a machine state at the time the backup was made. Here's how to set up FreePBX automatic backups. Be sure you clean out old backups from time to time as they take up disk space. The backups are stored in folders under /var/lib/asterisk/backups based upon the name you assign to your backup schedule.
Here's how to set one up to make a backup on demand:
1. Open FreePBX with your web browser.
2. Choose Admin, Tools, Backup and Restore, Add Backup.
3. Give the backup schedule a name, e.g. RightNow.
4. Change all Radio buttons to Yes to backup everything.
5. Backup schedule: Run Backup Now.
6. Click Submit Changes button to kick off the backup.
Here's how to set one up to make a weekly backup every Sunday night:
1. Open FreePBX with your web browser.
2. Choose Admin, Tools, Backup and Restore, Add Backup.
3. Give the backup schedule a name, e.g. Daily.
4. Change all Radio buttons to Yes to backup everything.
5. Backup schedule: Run Backup Weekly (on Sunday).
6. Click Submit Changes to save new backup schedule.
Gizmo5 FreePBX Module. One of the VoIP providers that provides enormous flexibility in getting the most out of your new system is Gizmo5. For very little money and virtually no configuration hassles, Gizmo5 can't be beat. One of the slick functions that Gizmo5 provides is the ability to make 5-minute phone calls to any Skype user at no cost. For $20 a year, you can make as many 2-hour Skype calls as you like to your ten best friends. For more details, see our article. The Orgasmatron installer puts everything in place for you to set up a Gizmo account quickly from within the FreePBX interface. Just choose Admin, Setup, Gizmo5 Integration. Just follow the prompts to create your new account and make an initial deposit.
Installing the Hamachi VPN. Once you've run the Orgasmatron Installer, you have the option of installing the Hamachi virtual private network (VPN) which supports the interconnection of 16 computers at no cost. Simply run the install-hamachi.x script which you'll find in your /root/nv folder. For complete configuration instructions, read the install-hamachi.pdf file and hamachi.faq, both of which are also in the same directory.
Interconnecting Asterisk Servers with IAX. If you don't plan to interconnect your Asterisk server with one or more other Asterisk servers, then delete the Remote-Host outbound route in FreePBX and then delete the remote-peer trunk. If you plan to use the ODBC demo examples on extensions 222 and 223, you at least will need to change the Dial Pattern for the Remote-Host outbound route by deleting the 2XX entry as explained elsewhere in this article. What this provided was a simple way to interconnect extensions in the 200-299 range of numbers on a remote PBX.
If you do plan to interconnect Asterisk servers, then change this 2XX Dial Pattern to match the extension numbers on your remote PBX. For example, if the remote Asterisk server uses extensions in the 7000-7999 range of numbers, you'd want to include a 7XXX entry in your Remote-Host Dial Pattern.
To enable, interconnection of your new server to another Asterisk server, edit the remote-peer trunk and insert the actual IP address of your remote host. Also change the secret in the Peer and User sections to a very secure entry and use the same secret entry in your remote host trunk setup.
On the remote server, create a new IAX trunk with settings like the following using your correct secret and the IP address of your new server that was built with the Orgasmatron Installer:
MeetMe Conferences On the Fly. If you're accustomed to spending hundreds of dollars to schedule and run phone conferences with dozens of people, those days are officially over with PBX in a Flash. You now can purchase a phone number in 2600+ rate centers in the United States with support for 20 simultaneous calls for under $9 a month. Once you have purchased your DIDforSale DID and configured the new trunk on your server, simply point the inbound route for that trunk to Misc Destination: MeetMe CONF.
To set up a conference at any time, pick up any phone on your PBX and dial 2663 (C-O-N-F). When prompted for the conference number, make one up, e.g. 30303. When prompted for a conference PIN, make one up, e.g. 1234. Now notify all conference participants to dial the Conference DID (or 2663 for internal users) and to use 30303# for the conference number and 1234# for the PIN. When everyone hangs up, the conference ends. Simple as that!
ODBC Database Connectivity. All of the necessary components to support ODBC database integration with Asterisk have been installed for versions of the Orgasmatron Installer after May 1. Also included are two sample dialplan components that demonstrate how to build ODBC applications. These two samples are explained in the Nerd Vittles ODBC article. The extensions used by these two samples are 222 and 223. If you used an older version of the Orgasmatron Installer, you'll have to manually add ODBC support and the sample extensions conflict with the default routing rules for interconnecting your server to another Asterisk server. So you have two options. Either change the Dial Pattern for interconnecting to the remote server by deleting the 2XX entry or modify the extension numbers for the ODBC demos in /etc/asterisk/odbc.conf. Once you have addressed this inconsistency, you can activate the ODBC demo applications by inserting the following line in the [from-internal-custom] context of extensions_custom.conf in /etc/asterisk: #include odbc.conf
Then reload your Asterisk dialplan: asterisk -rx "dialplan reload"
Reminders by Phone and by Web. The latest version of the Best of Nerd Vittles Telephone Reminders 4.0 application is included in the Orgasmatron Installer. You can schedule reminders by telephone by dialing 1-2-3 from a phone connected to your Asterisk PBX. The default password is 12345678. To keep strangers from using your reminder system, you need to change this password. Edit extensions_custom.conf in /etc/asterisk and search for the 123 extension. Change the password entry in the Authenticate entry and reload your dialplan as shown above.
You also can schedule reminders using a web browser. There's an option in FreePBX: Admin, Tools, Reminders. You also can access the reminders application separate and apart from FreePBX using the IP address of your Asterisk server: http://ipaddress/reminders.
The CallerID number for the application, the TTS engine, and your email address all can be adjusted to meet your needs. See the Best of Nerd Vittles article for details on making these changes.
Continue reading Part IV (Monday, May 25).
Twitter Magic. If you haven't noticed the right margin of Nerd Vittles lately, we've added a new link to our Twitter feed. If you explore a little, you'll discover that the user interface now brings you instant access to every Twitter feed from the convenience of the Nerd Vittles desktop. Enjoy!
whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest...
Asterisk on Steroids: The Orgasmatron Installer, Part II
In our last column, we introduced you to the new Orgasmatron Installer for PBX in a Flash. After a one-week break to prepare for our visit to the Atlanta Asterisk® Users Group 3d Annual InstallFest, we're back in the saddle today to flesh out the new baby.
For those that are new to all of this, let's briefly review what the Orgasmatron Installer has added to your Lean, Mean Asterisk Machine. Faxing and email now work out of the box. More than a dozen extensions and a number of hosting provider trunks are preconfigured as well. Delivery of CallerID names with numbers is now available from a half dozen providers of your choice. And, of course, the Flite text-to-speech engine is preconfigured with Cepstral TTS only a few keystrokes away. Also included are FreePBX 2.5, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. And here's the complete list with all of your new Nerd Vittles applications:
- AsteriDex
- CallerID Superfecta (FreePBX Module)
- CallWho for Asterisk
- Cepstral TTS (installer script only)
- Email That Works with SendMail
- Extensions (15 preconfigured)
- Fax Module using nvFax
- FONmail
- FreePBX Backups
- Gizmo5 (FreePBX Module)
- Hamachi VPN (installer script only)
- Hotel-Style Wakeup Calls (FreePBX Module)
- MeetMe Conferences on the Fly
- Mondo Full System Backups
- NewsClips from Yahoo
- ODBC Database Support
- Reminders by Phone and Web
- SIP URI support (fax, mothership, e164, nv-demo)
- TeleYapper
- Tide Reports with xTide
- Trunk Lister Script
- Trunks (Vitelity, Fonica, Gizmo, ENUM, Remote Peer)
- Weather by Airport Code
- Weather by ZIP Code
- Worldwide Weather
- Zaptel Updater (script only)
Security First! Because your phone bill matters, today we begin with security. The design of virtually all of the open source Asterisk PBX aggregations is to leave SIP and IAX ports on your new server exposed to the Internet. This is done to facilitate communications with your hosting providers as well as telephone extensions which may be connected to your server from the other side of the globe. The wrinkle with this design is that, if a bad guy can guess an extension number on your system and its password, they get a free ticket to do whatever could be done from that extension on your PBX. In the case of one unlucky company, this resulted in a phone bill of over $100,000. For details, read our Primer on Asterisk Security. So... Security Matters!
Anyone obviously can download PBX in a Flash and the Orgasmatron Installer. Thus, you need to assume that everyone on the planet knows your default passwords. We walked you through changing some of the important ones with the passwd-master script last week. Use it regularly. Now let's turn our attention to your extensions and trunk passwords.
Extension Security. There now are a couple of ways to secure your extensions from the bad guys. First, you need to establish very secure passwords for your extensions and voicemail boxes. Second, you need to specify the IP addresses that are authorized to access every extension on your PBX. And third, remember do repeat this drill every time you add a new extension to your system.
To change an extension password, open FreePBX using a web browser pointed to the IP address of your server: http://ipaddress/admin/. On PBX in a Flash systems, you'll be prompted for a username (maint) and whatever password you set when you ran passwd-master. Now click the Setup tab and then the Extensions option. You'll see the list of configured extensions on your PBX in the right column. Click on each of those extensions, and you'll see a form like this:
The password for this extension is stored in a field called secret. Make up a very secure password for every extension on your PBX. You will embed this password in the telephone connected to this extension. There's no other place you'll need it so a long and complex numeric password is essential.
The authorized IP addresses for this extension are stored in a field called permit. The way this works is that you first specify which IP addresses should be denied access (the deny field), and then you poke a little hole in the dike, if you're smart, to permit only one or a few IP addresses to connect to the extension. Leave the deny entry as it is. The default permit entry 0.0.0.0/0.0.0.0 opens the floodgates. It means any IP address can log into this extension. To restrict extension access to IP addresses on a private LAN of 192.168.1, the entry would look like this: 192.168.1.0/255.255.255.0. To further restrict extension access to a specific IP address (recommended!), the entry would look like this: 192.168.1.44/255.255.255.255. Use a permit entry that makes you sleep well at night. After all, it's your phone bill.
The third entry you'll want to change is further down the same data entry form, and that's the Voicemail Password field. This entry determines who can actually retrieve voicemails left for this extension. Set it accordingly.
Once you've made the three changes above, save your entries by clicking the Submit button at the bottom of the form. Repeat the drill for every extension, and then click the orange Apply Configuration Changes tab at the top of the screen and then Continue with Reload to reload your Asterisk dialplan.
Trunk Security. Securing the trunks on your PBX is equally important to securing extensions. Keep in mind that, with your trunk credentials, anyone can set up your trunk on their PBX to make calls on your nickel! Unlike the extensions, there are no working usernames and passwords in the default trunks with one exception. If you plan to use the providers we've preconfigured, simply insert your own username, fromuser, and secret settings in the fields provided, and you'll be making calls in a matter of seconds. The process is similar to the one we used for extensions. Choose Setup, Trunks and then click on each trunk and make your entries. Submit your entries and then reload the dialplan when you're finished.
In the case of the remote-peer trunk, this trunk is designed to make it extremely easy to interconnect Asterisk servers for interoffice communications. But it also means that a bad guy can easily interconnect with your server and start dialing. If you don't plan to connect to another Asterisk server, delete this trunk! If you do plan to connect to another Asterisk server, change the trunk secret and IP address of the host to which you are connecting. Do NOT leave the default secret in either the outgoing or incoming settings! Also change the password for the outbound route: Remote-Host. You may want to ultimately remove this password if you actually start interconnecting servers. Otherwise, users will have to enter this password whenever they may a call to an extension on the interconnected Asterisk server.
To interconnect your server to another server, you would simply add a new trunk called main-peer on the other server that looks like this (using your new password and correct IP address):
Configuring AsteriDex. AsteriDex is plug-and-play for most users. However, as configured, your AsteriDex web site is reachable from the Internet if you have mapped port 80 on your hardware-based firewall to your PBX in a Flash server or if you don't have a hardware-based firewall and your server is directly exposed to the Internet. If you don't mind people seeing your contact list or making prank calls that ring your extensions, this may be okay. If it's of concern to you, the easiest security precaution is to rename the asteridex4 directory to an obscure name that only you know, e.g. bahbah143. Here are the commands to issue after logging into your server as root. By using all of these commands, AsteriDex still will be accessible through FreePBX and the PBX in a Flash GUI:
cd /var/www/html
mv asteridex4 bahbah143
sed -i 's|asteridex4|bahbah143|' admin/modules/asteridex/page.asteridex.php
sed -i 's|asteridex4|bahbah143|' welcome/.htindex.cfg
The other adjustment you may need to make to AsteriDex is to configure who can access the Admin tab to add, modify, and delete entries in your database. As configured, the Admin tab is available to any computer with an IP address that begins with 192.168. This may not match your private subnet, and not all 192.168 IP address are non-routable. So you may wish to tighten this restriction to match your internal subnet. In the /var/www/html/asteridex4 folder (or whatever name you've chosen above), you'll find a configuration file: config.inc.php. Simply edit this file and change the $local_net entry. You also can set the long distance prefix ($LDprefix), your CallerID number ($CallerID), and the default extension to ring for click-to-dial from the web interface ($INtrunk and $defaultExt). The extension to dial can now be set from the web interface as well. Unless you really know what you're doing, leave everything else the way it is.
CallerID Superfecta. Most hosting providers deliver CallerID numbers as part of your payment for using their DIDs. Almost none deliver CallerID names without an additional charge. CallerID Superfecta is designed to fill that gap... for free. A number of us have worked on this project for years. And it now has been integrated directly into FreePBX. There are two steps to getting everything working properly on your new PBX. First, you need to identify which CallerID lookup sources you wish to use on your system. Then, you need to specify CallerID Superfecta as the lookup source on each Inbound Route where you want CallerID names looked up for incoming calls.
Open FreePBX with your web browser and navigate to Setup, CID Superfecta. You'll get a form that looks like this:
With the exception of AsteriDex and SugarCRM lookups which are almost instantaneous, keep in mind that each lookup takes a little time and slows down receipt of your inbound call. So long as you have a good Internet connection, you shouldn't have a problem using all of the sources. The way the CallerID Superfecta works is that, once it gets a name match in any of the sources beginning with AsteriDex and SugarCRM, it ends the lookups and provides the CallerID name it found to Asterisk for display on the extensions which are ringing in the designated inbound route. Filling out the form is self-explanatory for the most part. Tick off the lookup sources you wish to use. If you plan to use whocalled.us, you'll need to sign up for an account and provide your credentials before the lookup will work. With SugarCRM, fill in the blanks to match your implementation of SugarCRM. Click the SAVE button when you have CallerID Superfecta configured to meet your needs.
The final step in implementing CallerID Superfecta is to designate it as the CallerID Lookup Source for your Inbound Routes. Click on Setup, Inbound Routes and a list of your existing routes will be displayed in the right column. As installed, there will only be one: Any DID / Any CID. Click on this entry to display the form. Scroll down to the CallerID Lookup Source dropdown box and choose CallerID Superfecta. You'd do the same with any other inbound route you create down the road. Click the Submit button and reload your dialplan to enable CallerID Superfecta. Now sit back and wait on your first call.
CallWho for Asterisk. CallWho for Asterisk is a little script we put together to make it easy to look up and dial the numbers of people in your AsteriDex database. When you dial 4-1-2, you'll be prompted to enter the first three letters of the name of the person you wish to call. Once you key in the three letters, CallWho for Asterisk will look up every matching entry in your AsteriDex database and read you the list of matches. For example, if you had Joe Schmo and Joe The Plumber in your database, CallWho would say something like this:
Press 1 for Joe Schmo.
Press 2 for Joe The Plumber.
When you press 2, CallWho will place a call to Joe The Plumber. Not sure why you'd ever want to do that, but now you understand the way it works.
Before CallWho for Asterisk will work at all, you need to run the script which associates three letter codes with every entry in your AsteriDex database. And, whenever you add new entries to your database, you need to run it again. Using a web browser, here's the program to run. Be sure to use the correct IP address for your Asterisk server and your newly designated AsteriDex location instead of asteridex4:
http://192.168.0.44/asteridex4/dialcode.php
Cepstral TTS for Asterisk. PBX in a Flash is delivered with the Flite text-to-speech engine already enabled. But, unless you like the voices of Lurch and Fred Munster, you may wish to cough up a little cash and install Cepstral on your server. Cepstral now has a synthesized voice of Allison which exactly matches all of the other voice prompts in Asterisk. I'm embarrassed to report that we can't seem to get the correct installation script deposited in our Orgasmatron builds... ever! So, if you want to use Cepstral, here are the steps to download the real, working installation script and to install Cepstral:
cd /root/nv
rm install-cepstral
wget http://pbxinaflash.net/source/cepstral/install-cepstral
chmod +x install-cepstral
./install-cepstral
Once the 65MB download completes, you'll be prompted to agree to the license. You do this by pressing the Enter key to scroll down the license agreement. When you reach 100%, type yes to continue with the install. Press Enter to accept /opt/swift as the install directory. Very important: Type y to create the directory. The default is No which will mess up the installation. Now type yes to complete the install. Once the install completes, you can purchase a license for the Allison voice at this link. Under Voices, choose Language: US English, Voice: Allison-8kHz, and Platform: Linux. For non-commercial use, the $30 voice registration is all you need. For commercial use, you also need to acquire Concurrency Licenses which authorize a certain number of simultaneous voice ports on your system for Cepstral voices. These run $50 per port in 2-port multiples and are in addition to the $30 Allison voice license. For Nerd Vittles readers, you can save 15% on your purchase by sending an email to sales at cepstral.com explaining how you plan to use Cepstral and requesting the discount code.
We'll have an in-depth article on Cepstral in coming weeks. For those that want a head start, each of the Nerd Vittles text-to-speech applications typically includes dialplan code and one or more PHP/AGI scripts. The dialplan code can be found in /etc/asterisk/extensions_custom.conf. When you scroll through the dialplan code you will see entries like the following for each of the TTS applications:
exten => 611,5,Flite("Enter a 3 character airport code.")
;exten => 611,5,Swift("Enter a 3 character airport code.")
exten => 611,6,Read(APCODE,beep,3)
exten => 611,7,Flite("Please hold a moment.")
;exten => 611,7,Swift("Please hold a moment.")
The semicolon at the beginning of a line tells Asterisk this is a comment and to ignore it. To change the voice from the Munsters to Allison, just comment out the Flite lines and uncomment the Swift lines by deleting the leading semicolons. When you're finished making the changes, save the file and then reload your dialplan: asterisk -rx "dialplan reload". So, in the example above, the code would now look like this:
;exten => 611,5,Flite("Enter a 3 character airport code.")
exten => 611,5,Swift("Enter a 3 character airport code.")
exten => 611,6,Read(APCODE,beep,3)
;exten => 611,7,Flite("Please hold a moment.")
exten => 611,7,Swift("Please hold a moment.")
You also need to modify the PHP/AGI scripts that go with each application. All of these files are stored in /var/lib/asterisk/agi-bin. Typically the filenames begin with nv- and end in .php:
-rwxrwxr-x 1 asterisk asterisk 6835 Sep 16 2008 nv-callwho.php
-rwxrwxr-x 1 asterisk asterisk 201 Jul 12 2006 nv-config-555.php
-rwxrwxr-x 1 asterisk asterisk 201 Apr 2 13:08 nv-config.php
-rwxrwxr-x 1 asterisk asterisk 14329 Feb 10 2008 nv-mailcall.php
-rwxrwxr-x 1 asterisk asterisk 6072 Sep 24 2008 nv-mailit.php
-rwxrwxr-x 1 asterisk asterisk 10490 Apr 20 10:34 nv-news.php
-rwxrwxr-x 1 asterisk asterisk 6545 Apr 12 15:10 nv-today.php
-rwxrwxr-x 1 asterisk asterisk 21537 Apr 2 13:07 nv-weather.php
-rwxrwxr-x 1 asterisk asterisk 12043 Apr 2 13:07 nv-weather-world.php
-rwxrwxr-x 1 asterisk asterisk 22243 Apr 2 13:07 nv-weather-zip.php
In each of these scripts, you'll find a variable near the top that controls the TTS engine: $ttspick = 0 ;
To use Cepstral as the TTS engine instead of Flite, just change the $ttspick value from 0 to 1 and save the file.
Email That Works With SendMail. It's always been a knuckle drill to get your new server to reliably send outbound emails. Assuming your Internet service provider doesn't block downstream mail servers, the Orgasmatron Installer will get this working reliably. You can test it out by logging into your server as root and issuing the following command using your real email address. If you get the email, you can move on.
echo "test" | mail -s testmessage yourname@gmail.com
If you didn't get the email, you probably have a provider such as Comcast that blocks port 25 in many areas of the country. The easiest way to solve this is to set up a free Gmail account and use Gmail to deliver outbound messages from your server. This message thread on the PBX in a Flash Forum will walk you through the setup process. There's also a Comcast solution if you'd prefer not to use Gmail.
Stay Tuned. Your eyes are probably glazing over about now. I know mine are. So we'll quit here for today. In our next episode, we'll tackle the rest of the goodies that make up the Orgasmatron Installer. Enjoy!
Continue reading Part IV (Monday, May 25).
Tip of the Week. Ever wanted a 20-seat conference bridge for under $9 a month with a local phone number in any of 2600+ rate centers all over United States? You can add load balancing and automatic failover for an extra $1 per month. After you use the Orgasmatron Installer, just set up a conference extension in FreePBX and then head over to the PBX in a Flash Forum to read all about the latest rage in DID providers.
whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest...