Home » Posts tagged 'piaf' (Page 21)
Tag Archives: piaf
Asterisk on Steroids: Introducing the Orgasmatron Installer
If an Asterisk® distribution with every bell and whistle on the planet is at the top of your Wish List, then the new Orgasmatron Installer may just be your cup of tea. Let’s face it. The Asterisk learning curve is horrendous. As some of you know, we have built some custom PBX in a Flash systems for the Dell, Everex, and Atom platforms. These builds differ from the PBX in a Flash base install in that they were turnkey PBXs with dozens and dozens of custom applications, extensions, and trunks already preconfigured. While you still needed to change some passwords and plug in some phones, the Orgasmatron builds reduce the Asterisk learning curve to almost zero. Out of the box, email works. Faxing works. ENUM works. Interconnecting Asterisk servers for free calling works. And extensions for 15 phones already are in place. Plug in your Vitelity credentials, and you can place calls to any phone in the world using your new VoIP PBX in a couple of minutes. That’s the good news.
The problem with these builds lies in their basic architecture. To date, all of them were really Mondo backups. And once you strayed from the platform on which the original system was built, your odds of getting a successful restore went down the toilet quickly. Well, that was then. And this is now!
Today we introduce an installation script for PBX in a Flash that lets you build a PBX in a Flash base system, run the Orgasmatron Installer script, and boom! Within a few minutes, you’ve got an Asterisk-based Orgasmatron server on the computer platform of your choice regardless of processor, disk controller, disk drive, network card, and video adapter. And it works equally well in a virtual environment using an open source platform such as the fantastic and free Proxmox Virtual Environment.
Update: Be sure to check out the latest Orgasmatron V Installer at this link.
For those that are wondering what’s included in this new Orgasmatron build, here’s a feature list of the components you get in addition to the base PBX in a Flash build with Asterisk 1.4 or 1.6, FreePBX 2.5, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin:
- AsteriDex
- CallerID Superfecta (FreePBX Module)
- CallWho for Asterisk
- Cepstral TTS (installer script only)
- Email That Works with SendMail
- Extensions (15 preconfigured)
- Fax Module using nvFax
- FONmail
- FreePBX Backups
- Gizmo5 (FreePBX Module)
- Hamachi VPN (installer script only)
- Hotel-Style Wakeup Calls (FreePBX Module)
- MeetMe Conferences
- Mondo Full System Backups
- NewsClips from Yahoo
- ODBC Database Support
- Reminders by Phone and Web
- SIP URI support (fax, mothership, e164, nv-demo)
- TeleYapper
- Tide Reports with xTide
- Trunk Lister Script
- Trunks (Vitelity, Fonica, Gizmo, ENUM, Remote Peer)
- Weather by Airport Code
- Weather by ZIP Code
- Worldwide Weather
- Zaptel Updater (script only)
Getting Started. Even though the installation process is now a No-Brainer, you are well-advised to do some reading before you begin. VoIP PBX systems have become a favorite target of the hackers and crackers around the world and, unless you have an unlimited bank account, you need to take some precautions to protect your phone bill. Start by reading our Primer on Asterisk Security. Then read our PBX in a Flash and VPN in a Flash knols. If you’re still not asleep, there’s loads of additional documentation on the PBX in a Flash documentation web site.
Installation. Here’s a quick tutorial to get you started. First, install the 32-bit version of PBX in a Flash with Asterisk 1.4. Boot your system from the installation CD and type ksalt to begin. When your machine reboots, remove the CD and choose option A to load the most stable payload. When the install completes, reboot your system once again and login as root with the password you chose when you built your system. Now issue the following commands to bring your system current and protect your system passwords: update-scripts, update-fixes, passwd-master. You now have a PBX in a Flash base install. On a stand-alone machine, it takes about 30 minutes. On a virtual machine, it takes about half that time.
Now you’re ready to run the Orgasmatron Installer. While still logged into your new server as root, issue the following commands:
cd /root
wget http://pbxinaflash.net/orgasmatron/orgasmatron.x
chmod +x orgasmatron.x
./orgasmatron.x
reboot
Stick around while the install script is running. Parts of it are interactive. For now, choose the Flite option when you’re prompted for text-to-speech preferences. That way you’ll have a working system when you’re finished. Once the installer script is finished, type status and write down the IP address of your server. You’ll need it in the next step to log into FreePBX.
Using a web browser, open FreePBX on your new server with a command like this (substituting the IP address you wrote down above). When prompted for your account name, type maint and use the password you assigned when running passwd-master above:
http://192.168.0.123/admin/
You’re NOT done yet!
These next four steps are important. They get all of the FreePBX modules installed and then restore the FreePBX backup set that’s at the heart of the Orgasmatron build. Just follow along here, and don’t skip any steps. It’s easy.
1. Choose Module Admin, Check for Updates online, Upgrade All, Process, Confirm, Return, Apply Config Changes, Continue.
2. Choose Module Admin, Check for Updates online, Download All, Process, Confirm, Return, Apply Config Changes, Continue.
3. Repeat the above #2 commands a second time.
4. Click on the Tools tab and choose Backup & Restore, Restore, RightNow, and select the .tar.gz file that is displayed. Then choose Restore Entire Backup Set, OK, Apply Config Changes, and Continue.
Securing Your System. You’re almost done. We always like to reboot the server just to make sure nothing got lost in the shuffle. When the reboot is finished, log into FreePBX with a browser again. Before you do anything else, choose each of the 16 preconfigured extensions on your new server and change the extension AND voicemail passwords. Here’s the drill: Setup, Extensions, 501, Submit after changing secret and Voicemail Password. Repeat with the next extension number instead of 501. Then Apply Config Changes, Continue when you’ve finished with all of them.
Now let’s change the default DISA password: Setup, DISA, DISAmain, PIN, Submit Changes, Apply Config Changes, Continue. Whew! Your system now is relatively secure. Follow the steps in the tutorials we recommended, and you’re ready to experiment. Plug in a SIP phone or softphone and configure it using one of the available extensions together with the secret for that extension.
Finally, be sure to change the credentials on all of your trunks to match those assigned by your providers. And, in the case of the remote-peer trunk, change the secret and IP address to match the identity on your host Asterisk server. If you don’t have another Asterisk server, change the password anyway so no one can break into your system. Better yet, just delete the trunk unless you plan to use it down the road. We’ll have more to say about this next week. For now, just make up your own, secure password to protect this trunk from outside access by unwanted visitors.
Choosing a VoIP Provider. For this week, we’ll point you to some things to play with on your new server. Then next week, we’ll cover in detail how to customize every application that’s been loaded. For openers, we recommend you set up an account with Vitelity using our special link below. This gives your PBX a way to communicate with every telephone in the world, and it also gets you a real phone number for your new system… so that people can call you. Here’s how it works. You pay Vitelity a deposit for phone service. They then will bill you $3.99 a month for your new phone number. This $3.99 also covers the cost of unlimited inbound calls (two at a time) delivered to your PBX for the month. For outbound calls, you pay by the minute and the cost is determined by where you’re calling. If you’re in the U.S., outbound calls to anywhere in the U.S. are a little over a penny a minute. If you change your mind about Vitelity and want a refund of the balance in your account, all you have to do is ask.
The VoIP world is new territory for some of you. Unlike the Ma Bell days, there’s really no reason not to have multiple VoIP providers especially for outbound calls. Depending upon where you are calling, calls may be cheaper using different providers for calls to different locations. So we recommend having at least two providers. Visit the PBX in a Flash Forum to get some ideas on choosing alternative providers.
Kicking the Tires. OK. That’s enough tutorial for today. Let’s play. After you’ve connected a phone to your new system, begin your adventure by dialing these 10 numbers:
- D-E-M-O – Check out the Nerd Vittles Orgasmatron Demo
- Z-I-P – Enter a five digit zip code for any U.S. weather report
- 6-1-1 – Enter a 3-character airport code for any U.S. weather report
- 5-1-1 – Get the latest news and sports headlines from Yahoo News
- T-I-D-E – Get today’s tides and lunar schedule for any U.S. port
- F-A-X – Send a fax to an email address of your choice
- 4-1-2 – 3-character phonebook lookup/dialer with AsteriDex
- M-A-I-L – Record a message and deliver it to any email address
- C-O-N-F – Set up a MeetMe Conference on the fly
- 1-2-3 – Schedule a regular or recurring phone reminder
- Dial *68 – Schedule a hotel-style wakeup call on any extension
Homework. Your homework for this week is to do some exploring. FreePBX is a treasure trove of functionality, and the Orgasmatron build adds a bunch of additional options. See if you can find all of them. Then log into your server as root and look through the scripts added in the /root/nv folder. You’ll find all sorts of goodies to keep you busy. Enjoy!
Continue reading Part IV (Monday, May 25).
whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Introducing PBX in a Flash 1.4: The Lean, Mean Asterisk Machine
It's almost spring. So what better time to introduce version 1.4 of PBX in a Flash. It's chock full of new telephony goodies to whet your appetite for Internet Telephony. Tom King has worked his usual Magic™ to come up with a pair of new ISOs that are nothing short of spectacular. Not only is PBX in a Flash leaner and meaner, but it's now incredibly flexible and even easier to use.
You don't get the kitchen sink in PBX in a Flash ISOs. Instead you get a rock-solid CentOS 5.2 operating system with the latest CentOS kernel on which to build an Internet telephony server that meets your specific needs. Want a 64-bit operating system? We've got it. Prefer to stick with a 32-bit operating system? We've got you covered there, too. Want to experiment with Asterisk® 1.6 and DAHDI? We've got it. Prefer to stick with Asterisk 1.4 and Zaptel for a production environment? No problem. Do you prefer LVM, ext3, or SATA RAID for your disk drives? Well, take your pick. PBX in a Flash 1.4 now supports all of them. For those with a physical handicap, you now can install the complete system with no user intervention by typing ksauto at the first prompt. And, for PBX in a Flash development partners, we've got a 2-CD install set that makes generation of multiple systems with minimal Internet access a reality.
A Better Mousetrap. Asterisk-based LAMP aggregations thankfully are more plentiful today, but we think we have a better mousetrap. Here are a few reasons why? First, PBX in a Flash is the only distribution that is totally source-based with Asterisk compiled from source as part of the install. What that means is when you purchase add-on hardware and it has a problem for some reason, all of the tools are already in place for you to contact the manufacturer or reseller and have them reconfigure or recompile whatever is necessary on your system to get you back in business quickly. It also means that most of our applications are compiled from source on your specific hardware which assures a more reliable and stable software platform on which to build your telephony system.
Second, we don't release PBX in a Flash ISOs every other week. We don't have to. Every time a new security patch is released for Asterisk, the "other guys" have to create a new RPM or ISO to support it. That means your system is vulnerable for weeks or months while that process is underway. In some cases, it means installing a new ISO and starting over. I wish I had a nickel for every time I reinstalled and basically started over with Asterisk@Home or trixbox. With PBX in a Flash, you simply type update-source at the command prompt and your system is brought current without missing a beat. The total downtime for your system is typically under 15 minutes!
Third, PBX in a Flash uses a two-step install process that all but eliminates the ISO obsolescence issues that have plagued other distributions. The PBX in a Flash ISO is used to install either the 32-bit or the 64-bit CentOS 5.2 operating system and kernel. When that process completes, the installer then searches multiple sites on the Internet for our "payload file" which contains the latest, greatest version of Asterisk which is compiled on-the-fly. The payload script also installs FreePBX and many of the customized features that make PBX in a Flash unique. If you need additional functionality, we have an entire web site, pbxinaflash.org, dedicated to add-on scripts. Most of these add-on scripts install without user intervention in under a minute. So... install what you need and skip the BloatWare. Using this design, most bugs are eliminated as well without your having to do much of anything. Translation: More time to enjoy your production-quality VoIP PBX... and less all-nighters!
So today we're proud to introduce the 1.4 release of PBX in a Flash for Linux, Windows, and Macs. It's still the Lean, Mean Asterisk Machine designed to meet the needs of hobbyists as well as business users. Text-to-speech works, Bluetooth works, faxing works. FreePBX 2.5 is rock-solid and much more secure.
And, speaking of security, PBX in a Flash is the only distribution that brings you multiple layers of security out of the box. There's the preconfigured Linux IPtables firewall. And, in addition, there's the latest and greatest version of Fail2Ban which blocks malicious intruders attempting to guess your passwords and break into your system. We also recommend adding a hardware-based firewall/router to block HTTP access to your system unless you really know what you're doing. Does all of this matter? Well, it's your phone bill. Here's a link to our article about a company that recently received an unexpected $120,000 phone bill in the mail. So you decide. If you read nothing else before embarking on your VoIP adventure, read our Primer on Asterisk Security!
As some of our regular readers know, we have been very concerned with the Asterisk development strategy that continues the process of regularly deleting commands and syntaxes with each major version change. Many of us rely upon these commands in building dialplans and vertical market applications for Asterisk so it causes real problems. PBX systems break that used to work. When that happens almost annually, it's a bad thing. One way that we hope to improve the dialogue with the developers is to make it easy for more people to experiment with Asterisk 1.6. Whether you choose our 32-bit or 64-bit ISO, you also have the option to install the latest release of Asterisk 1.6 and get you involved in this process. Otherwise, we might as well look forward to annual train wrecks because of the Asterisk design strategy. You can read all about it here and here.
Getting Started with PBX in a Flash 1.4. Begin by downloading either the 32-bit or 64-bit ISO image for PBX in a Flash. Don't worry. If you try to run the 64-bit install on a system that doesn't support it, it'll just sit there so you've got nothing to lose by trying the Ferrari first. As new locations for ISO downloads come on line, we will add them to the download list. Once you've got the ISO image in hand, use your favorite tool to burn it to a bootable CD. This next step is the most important. Do some reading!! There also are loads of helpful tutorials that are free for the downloading from our support site.
What About Hardware? If you're new to all of this, let us recommend you try either one of Dell's entry-level T100 or T105 PowerEdge servers or one of the newer Intel Atom-based small-footprint PCs or netbooks such as the Acer Aspire One. On sale pricing is typically around $300. You can save an additional 2% plus $5 by using our coupon link in the right margin. These systems are just about perfect for a home or small business telephony server.
Basic Install. Once you have your new system, just insert the CD containing the pbxinaflash.iso and then reboot the machine you wish to dedicate to PBX in a Flash. After reading this tutorial and the initial prompts and warnings, choose an option and press the <Enter key> to begin the installation. If you want to first check the media for corruption, type linux mediacheck and then press the <Enter> key. When prompted, be sure to choose the option that erases all existing partitions and uses the default partition layout. Then choose your time zone and leave the UTC system clock option unchecked. Next choose a root password for your new system. Make it secure, and write it down (not on your shoe). We plan to use this password for virtually everything on your new system. The install process begins. This includes MySQL, Apache, PHP, CUPS, Samba, WebMin, Subversion, SendMail, Yum, Bluetooth support, SSL, Perl, Python, the kernel development package, and much more. In about 15 minutes depending upon the speed of your PC, the machine will reboot. Be sure to eject the CD at this point. You now must have an Internet connection to complete the install so be sure you've plugged in a 10/100 cable if you haven't done so already.
After the reboot, the system will start up with CentOS 5.2, then download and install Asterisk and FreePBX, and search for the necessary installation script and payload file on pbxinaflash.net. If that site happens to be down, the script will go to pbxinaflash.com for the same payload file. Just to repeat, if you don't have Internet connectivity, then the installation cannot complete. When the installation finishes, reboot your system and log in as root. The IP address of your PBX in a Flash system will be displayed once you log in. If it's blank, type service network restart after assuring that you have Internet connectivity and access to a DHCP server that hands out IP addresses. Typing ifconfig should display your IP address on the eth0 port. Write it down. We'll need it in a minute.
Now that you've logged in as root, you should see the IP address displayed with the following command prompt: root@pbx:~/. If instead you see bash displayed as the command prompt and it's not green, then the installation has not completed successfully. This is probably due to network problems but also could be caused by the time being set incorrectly on your server. You can't compile Asterisk if the time on your computer is a date in the past! For this glitch you have to try again. If it's a network issue, fix it and then reboot and watch for the eth0 connection to complete. Assuming it doesn't fail the second time around, the installation will continue. Likewise, if you do not have DHCP on your network, the installation will fail because the PBX will not be given an IP address. Simply type netconfig, fill in the blanks and reboot.
Four Steps to Complete the Install. There are four important things to do to complete the installation. First, from the command prompt, run genzaptelconf. This sets up your ZAP hardware as well as a timing source for conferencing. If you're using additional hardware for your Asterisk system, we recommend removing the 56K modem when you install the cards. This will help avoid interrupt conflicts. Second, decide how to handle the IP address for your PBX in a Flash server. The default is DHCP, but you don't want the IP address of your PBX changing. Phones and phone calls need to know how to find your PBX, and if your internal IP address changes because of DHCP, that's a problem. You have two choices. Either set your router to always hand out the same DHCP address to your PBX in a Flash server by specifying its MAC address in the reserved IP address table of your router, or run netconfig at the command prompt and assign a permanent IP address to your server. Be aware that netconfig no longer is a part of CentOS 5.2. We added it back in as part of the install. If you update your CentOS configuration, you will need to reinstall it by running update-scripts, then update-fixes, and then install-netconfig. If you experience problems with the process, see this message thread on the forum. The third configuration requirement probably accounts for more beginner problems with Asterisk systems than everything else combined. Read the next section carefully and do it now!
Getting Rid of One-Way Audio. There are some settings you'll need to add to /etc/asterisk/sip_custom.conf if you want to have reliable, two-way communications with Asterisk: nano -w /etc/asterisk/sip_custom.conf. The entries depend upon whether your Internet connection has a fixed IP address or a DHCP address issued by your provider. In the latter case, you also need to configure your router to support Dynamic DNS (DDNS) using a service such as dyndns.org. If you have a fixed IP address, then enter settings like the following using your actual public IP address and your private IP subnet:
externip=180.12.12.12
localnet=192.168.1.0/255.255.255.0
If you have a public address that changes and you're using DDNS, then the settings would look something like the following:
externhost=myserver.dyndns.org
localnet=192.168.0.0/255.255.255.0
(NOTE: The first 3 octets in the above localnet entries need to match your private IP addresses!)
Once you've made your entries, save the file: Ctrl-X, Y, then Enter. Reload Asterisk: amportal restart. If you assigned a permanent IP address, reboot your server: shutdown -r now.
Be aware that some people experience problems with the externhost approach outlined above. If your provider only gives you a dynamic IP address, you still can use the externip approach above so long as you have a method to frequently verify your IP address. The approach we actually use on our home network is to run a little script every 5 minutes. If it finds that your outside IP address has changed, it will automatically update your sip_custom.conf file with the new address. To use our approach, create a file in /var/lib/asterisk/agi-bin names ip.sh. Here's the code:1
#!/bin/bash
# File to log the IP Address
IPFILE='/var/log/asterisk/externip'
# Your local lan ip block
localnet=192.168.1.0
# Nothing else needs to be changed.
if [ ! -f "$IPFILE" ]; then
echo "creating $IPFILE"
echo first_time_usage > $IPFILE
fi
lastip=`cat $IPFILE`
externip=$(curl -s -S --user-agent "PIAF 1.4"↩
http://myip.pbxinaflash.com | awk 'NR==2')
if [ $externip != $lastip ]; then
# Writes new IP address (if it has changed) to file.
echo "$externip" > $IPFILE
echo "externip=$externip" > /etc/asterisk/sip_custom.conf
echo "localnet=$localnet/255.255.255.0" >>↩
/etc/asterisk/sip_custom.conf
echo "srvlookup=yes" >> /etc/asterisk/sip_custom.conf
echo "nat=yes" >> /etc/asterisk/sip_custom.conf
asterisk -rx "dialplan reload" ;
else
exit 0;
fi
exit;
On line 5, enter the internal subnet for your server as the localnet entry. This is usually 192.168.0.0 or 192.168.1.0. YMMV!
Save the file and give it execute permissions: chmod +x /var/lib/asterisk/agi-bin/ip.sh. Then make asterisk the file owner: chown asterisk:asterisk /var/lib/asterisk/agi-bin/ip.sh.
Finally, add the following entry to the bottom of /etc/crontab:
*/5 * * * * asterisk /var/lib/asterisk/agi-bin/ip.sh > /dev/null
Getting Your Machine Up to Date. Tom King, one of our lead developers, has gone to great pains to make it easy for you to always have a current system. All you have to do is type a few commands, but you do have to type them. So do it now! After logging in as root, type update-scripts to get the latest PBX in a Flash scripts installed on your system. This doesn't run them, it merely makes them available for you to run them. Once you complete this step, you can always review the latest scripting options by typing help-pbx. Now run update-fixes to apply the latest patches to your PBX in a Flash system. When it completes, you're up to date. If you want the latest version of Asterisk, it's easy! Just run update-source. In the case of PBX in a Flash 1.4, you have the latest stable version of Asterisk 1.4 or 1.6... at least for today.
Activating Email Delivery of Voicemail Messages. We've previously shown how to configure systems to reliably deliver email messages whenever a voicemail arrives unless your ISP happens to block downstream SMTP mail servers. Here's the link in case you need it. As it happens, you really don't have to use a real fully-qualified domain name to get this working. So long as the entry (such as pbx.dyndns.org) is inserted in both the /etc/hosts file and /etc/asterisk/vm_general.inc with a matching servermail entry of vm@pbx.dyndns.org (as explained in the link above), your system will reliably send emails to you whenever you get a voicemail if you configure your extensions in FreePBX to support this capability. You can, of course, put in real host entries if you prefer. For 90% of the systems around the world, if you just want your server to reliably e-mail you your voicemail messages, make line 3 of /etc/hosts look like this with a tab after 127.0.0.1 and spaces between the domain names:
127.0.0.1 pbx.dyndns.org pbx.local pbx localhost.localdomain localhost
And then make line 6 of /etc/asterisk/vm_general.inc look like the following:
serveremail=voicemail@pbx.dyndns.org
Now issue the following two commands to make the changes take effect:
service network restart
amportal restart
The command "setup-mail" can be used from the Linux prompt to set the fully-qualified domain name (FQDN) of the mail that is sent out from your server. This may help mail to be delivered from the PBX. One of things mail servers do to reduce spam is to do a reverse lookup on where the mail has come from, checking that there is actually a mailserver at the other end. You can only do this if you have set up dynamic DNS or if you have pointed a hostname at your fixed IP address. Once you have done this, and assuming your ISP is cooperative, then you will receive your voicemails via email if you wish (this is set within FreePBX),and your PBX will email you when FreePBX needs an update. You set this feature in FreePBX General Settings.
If your hosting provider blocks downstream SMTP servers to reduce spam, here's a simple way to use your Gmail account (free!) as your SMTP Relay Host. Then you never have to worry about this again!
Setting Passwords and Other Stuff. Be aware that major security issues are reported from time to time with FreePBX. We strongly recommend that you not use FreePBX admin security alone to protect your system from a web attack. It may compromise root access to your entire server. For this reason, we recommend that you log in as root and immediately run passwd-master after completing the update-scripts and update-fixes scenario. This establishes Apache htaccess security on your FreePBX web interface. After running this conversion utility, you can only log into the FreePBX admin interface with the username maint (not admin) and the password which you establish when you run the utility.
Other passwords can be set in your system with these commands:
passwd... reset your root user password
passwd-maint... reset your FreePBX maint password
passwd-wwwadmin... for users needing FOP and MeetMe access
passwd-meetme... for users needing only MeetMe access
passwd-webmin... for users needing WebMin access to your server (very dangerous!)
There's also an Administration password that you can set in the KennonSoft UI that displays when you point your browser to the IP address of your server. Do NOT use the same password here that you use elsewhere as it is not overly secure.
Configuring WebMin. WebMin is the Swiss Army Knife of Linux. It provides TOTAL access to your system through a web interface. Search Nerd Vittles for webmin if you want more information. Be very careful if you decide to enable it on the public Internet. You do this by opening port 9001 on your router and pointing it to the private IP address of your PBX in a Flash server. Before using WebMin, you need to set up a username and password for access. From the Linux prompt while logged in as root, type the following command where admin is the username you wish to set up and foo is the password you've chosen for the admininstrator account. HINT: Don't use admin and foo as your username and password for WebMin unless you want your server trashed!
/usr/libexec/webmin/changepass.pl /etc/webmin root password
To access WebMin on your private network, go to http://192.168.0.123:9001 where 192.168.0.123 is the private IP address of your PBX in a Flash server. Then type the username and password you assigned above to gain entry. To stop WebMin: /etc/webmin/stop. To start WebMin: /etc/webmin/start. For complete documentation, go here.
Updating and Configuring FreePBX. FreePBX 2.5 is installed as part of the PBX in a Flash 1.4 implementation. This incredible, web-based tool provides a complete menu-driven user interface to Asterisk. The entire FreePBX project is a model of how open source development projects ought to work. And having Philippe Lindheimer's as the Captain of the Ship is just icing on the cake. All it takes to get started with FreePBX is a few minutes of configuration, and you'll have a functioning Asterisk PBX complete with voicemail, music on hold, call forwarding, and a powerful interactive voice response (IVR) system. There is excellent documentation for FreePBX which you should read at your earliest convenience. It will answer 99% of your questions about how to use and configure FreePBX. For the one percent that is not covered in the Guide, visit the FreePBX Forums which are frequented regularly by the FreePBX developers. Kindly post FreePBX questions on their forum rather than the PBX-in-a-Flash Forum. This helps everybody. Now let's get started.
NOTE: PBX in a Flash comes with the IPtables firewall enabled on your system. If this causes problems with access to the FreePBX repository (for loading the FreePBX updates below), you can easily (and temporarily) turn off the firewall. Type help-pbx for assistance. Don't forget to restart the firewall especially if your system has any Internet exposure!
Now move to a PC or Mac and, using your favorite web browser, go to the IP address you deciphered above for your new server. Be aware that FreePBX has a difficult time displaying properly with IE6 and IE7 and regularly blows up with older versions of Safari. Be safe. Use Firefox. From the PBX in a Flash Main Menu in your web browser, click on the Administration link and then click the FreePBX button. The username and password both default to admin. Click Apply Configuration Changes, Continue with Reload, and then Refresh your browser screen. Now click the Module Administration option in the left frame once FreePBX loads. Now click Check for Updates online in the upper right panel. Next, click Download All which will select every module for download and install. The important step here is to move down the list and Deselect Speed Dials and PHPAGI from the download and install options. Once these apps have been deselected, scroll to the bottom of the page and click Process, then Confirm, then Return once the apps are downloaded and installed, then Apply, then Continue with Reload. Now repeat the process once more and do not deselect the two applications, then Process, Confirm, Return, Apply Config Changes, and Continue with Reload. Finally, scroll down the Modules listing until you get to the Maintenance section. Click on each of the following and choose Install: ConfigEdit, Sys Info, and phpMyAdmin. Then click Process, then Confirm, then Return once the apps are downloaded and installed, then Apply, then Continue with Reload. All three of these tools now are installed in the Maintenance section of the Tools tab of FreePBX. One final step, and you're good to go. An update of FreePBX has been released. Click Check for Updates online. Then choose Download and Upgrade for the Core, FreePBX Framework, and System Dashboard modules. Then click Process, then Confirm, then Return once the apps are downloaded and installed, then Apply, then Continue with Reload. You now have an up-to-date version of FreePBX. You'll need to repeat the drill every few weeks as new updates are released. This will assure that you have all of the latest and greatest software. To change your Admin password, click on the Setup tab in the left frame, then click Administrators, then Admin in the far right column, enter a new password, and click Submit Changes, Apply Configuration Changes, and Continue with reload. We're going to be repeating this process a number of times in the next section so... when instructed to Save Your Changes, that means "click Submit Changes, Apply Configuration Changes, and Continue with reload."
Choosing Internet Telephony Hosting Providers for Your System. Before you can place calls to users outside your system or to receive incoming calls, you'll need at least one provider (each) for your incoming phone number (DID) and incoming calls as well as a provider for your outbound calls (terminations). We have a list of some of our favorites here, and there are many, many others. You basically have two choices with most providers. You can either pay as you go or sign up for an all-you-can-eat plan. Most of the latter plans also have caps on minutes so it's more akin to all-they-care-for-you-to-eat, and there are none of the latter plans for business service. In the U.S. market, the going rate for pay as you go service is about 1.5¢ per minute rounded to the tenth of a minute. The best deal on DIDs is from Vitelity. They charge $3.99 a month for a DID with unlimited, free incoming calls. There's a link to the Nerd Vittles discount on this service for PBX in a Flash users below.
Before you sign up for any all-you-can-eat plan, do some reading about the service providers. Some of them are real scam artists with backbilling and all sorts of unconscionable restrictions. You need to be careful. Our cardinal rule in the VoIP Wild West is never, ever entrust your entire PBX to a single hosting provider. As Forrest Gump would say, "Stuff happens!" And life's too short to have dead telephones, even if it's a rarity.
Setting Up FreePBX to Make Your First Call. There are four components in FreePBX that need to be configured before you can place a call or receive one from outside your PBX in a Flash system. So here's FreePBX for Dummies in less than 50 words. You need to configure Trunks, Extensions, Outbound Routes, and Inbound Routes. Trunks are hosting provider specifications that get calls delivered to and transported from your PBX to the rest of the world. Extensions are internal numbers on your PBX that connect your PBX to telephone hardware or softphones. Inbound Routes specify what should be done with calls coming in on a Trunk. Outbound Routes specify what should be done with calls going out to a Trunk. Everything else is bells and whistles.
Trunks. When you sign up with most of the better ITHP's that support Asterisk, they will provide documentation on how to connect their service with your Asterisk system. If they have a trixbox tutorial, use that since it also uses FreePBX as the web front end to Asterisk. Here's an example from les.net. And here's the Vitelity support page although you will need to set up an account before you can access it. We also have covered the setups for a number of providers in previous articles. Just search the Nerd Vittles site for the name of the provider you wish to use. You'll also find many Trunk setups in the trixbox Trunk Forum. Once you find the setup for your provider, add it in FreePBX by going to Setup, Trunks, Add SIP Trunk. Our AxVoice setup (which is all entered in the Outgoing section with a label of axvoice) looks like this with a Registration String of yourusername:yourpassword@sip.axvoice.com:
allow=ulaw
authname=yourusername
canreinvite=no
context=all-incoming
defaultip=sip.axvoice.com
disallow=all
dtmfmode=inband
fromdomain=sip.axvoice.com
fromuser=yourusername
host=sip.axvoice.com
insecure=very
nat=yes
secret=yourpassword
type=friend
user=phone
username=yourusername
And our Vitelity Outbound Trunk looks like the following (labeled vitel-outbound) with no registration string:
allow=ulaw&gsm
canreinvite=no
context=from-pstn
disallow=all
fromuser=yourusername
host=outbound1.vitelity.net
secret=yourpassword
sendrpid=yes
trustrpid=yes
type=friend
username=yourusername
Extensions. Now let's set up a couple of Extensions to get you started. A good rule of thumb for systems with less than 50 extensions is to reserve the IP addresses from 192.x.x.201 to 192.x.x.250 for your phones. Then you can create extension numbers in FreePBX to match those IP addresses. This makes it easy to identify which phone on your system goes with which IP address and makes it easy for end-users to access the phone's GUI to add bells and whistles. To create extension 201 (don't start with 200), click Setup, Extensions, Generic SIP Device, Submit. Then fill in the following blanks USING VERY SECURE PASSWORDS and leaving the defaults in the other fields for the time being.
User Extension ... 201
Display Name ... Home
Outbound CID ... [your 10-digit phone number if you have one; otherwise, leave blank]
Emergency CID ... [your 10-digit phone number for 911 ID if you have one; otherwise, leave blank]
Device Options
secret ... 1299864 < -- make this unique AND secure! dtmfmode ... rfc2833 Voicemail & Directory ... Enabled voicemail password ... 1299864 <-- make this unique AND secure! email address ... yourname@yourdomain.com [if you want voicemail messages emailed to you] pager email address ... yourname@yourdomain.com [if you want to be paged when voicemail messages arrive] email attachment ... yes [if you want the voicemail message included in the email message] play CID ... yes [if you want the CallerID played when you retrieve a message] play envelope ... yes [if you want the date/time of the message played before the message is read to you] delete Vmail ... yes [if you want the voicemail message deleted after it's emailed to you] vm options ... callback=from-internal [to enable automatic callbacks by pressing 3,2 after playing a voicemail message] vm context ... default
Now create several more extensions using the template above: 202, 203, 204, and 205 would be a good start. Keep the passwords simple. You'll need them whenever you configure your phone instruments.
Extension Security. We cannot overstress the need to make your extension passwords secure. All the firewalls in the world won't protect you from malicious phone calls on your nickel if you use your extension number or something like 1234 for your extension password because the SIP and IAX ports typically are exposed to allow connections to your providers. In addition to making up secure passwords, the latest version of FreePBX also lets you define the IP address or subnet that can access each of your extensions. Use it!!! Once the extensions are created, edit each one and modify the permit field to specify the actual IP address or subnet of each phone on your system. A specific IP address entry should look like this: 192.168.1.142/255.255.255.255. If most of your phones are on a private LAN, you may prefer to use a subnet entry like this: 192.168.1.0/255.255.255.0 using your actual subnet, of course.
Outbound Routes. The idea behind multiple outbound routes is to save money. Some providers are cheaper to some places than others. We're going to skip that tutorial today. You can search the site for lots of information on choosing providers. Assuming you have only one or two for starters, let's just set up a default outbound route for all your calls. Using your web browser, access FreePBX on your server and click Setup, Outbound Routes. Enter a route name of Everything. Enter the dial patterns for your outbound calls. In the U.S., you'd enter something like the following:
1NXXNXXXXXX
NXXNXXXXXX
Click on the Trunk Sequence pull-down and choose your providers in the order you'd like them to be used for outbound calls.Click Submit Changes and then save your changes. Note that a second choice in trunk sequence only gets used if the calls fail to go through using your first choice. You'll notice there's already a 9_outside route which we don't need. Click on it and then choose Delete Route 9_outside. Save your changes.
Inbound Routes. We're also going to abbreviate the inbound routes tutorial just to get you going quickly today. The idea here is that you can have multiple DIDs (phone numbers) that get routed to different extensions or ring groups or departments. For today, we recommend you first build a Ring Group with all of the extension numbers you have created. Once you've done that, choose Inbound Routes, leave all of the settings at their default values and move to the Set Destination section and choose your Ring Group as the destination. Now click Submit and save your changes. That will set up a default incoming route for your calls. As you add bells and whistles to your system, you can move the Default Route down the list of priorities so that it only catches calls that aren't processed with other inbound routing rules.
General Settings. Last, but not least, we need to enter an email address for you so that you are notified when new FreePBX updates are released. Scroll to the bottom of the General Settings screen after selecting it from the left panel. Plug in your email address, click Submit, and save your changes. Done!
Adding Plain Old Phones. Before your new PBX will be of much use, you're going to need something to make and receive calls, i.e. a telephone. For today, you've got several choices: a POTS phone, a softphone, or a SIP phone. Option #1 and the best home solution is to use a Plain Old Telephone or your favorite cordless phone set (with 8-10 extensions) if you purchase a little device known as a Sipura SPA-3102. It's under $70. Be sure you specify that you want an unlocked device, meaning it doesn't force you to use a particular service provider. This device also supports connection of your PBX to a standard office or home phone line as well as a telephone.
Downloading a Free Softphone. Unless you already have an IP phone, the easiest way to get started and make sure everything is working is to install an IP softphone. You can download a softphone for Windows, Mac, or Linux from CounterPath. Or download the pulver.Communicator or the snom 360 Softphone which is a replica of perhaps the best IP phone on the planet. Here's another great SIP/IAX softphone for all platforms that's great, too, and it requires no installation: Zoiper 2.0 (formerly IDEfisk). All are free! Just install and then configure with the IP address of your PBX in a Flash server. For username and password, use one of the extension numbers and passwords which you set up with freePBX. Once you make a few test calls, don't waste any more time. Buy a decent SIP telephone. Visit the PBX in a Flash Forum for lots of suggestions on telephones. Our personal favorite and the phone that PBX in a Flash officially supports is the Aastra 57i or 57iCT which also includes cordless DECT phone. Do some reading before you buy.
A Word About Ports. For the techies out there that want "the rest of the story" to properly configure firewalls, here's a list of the ports available and used by PBX in a Flash:
TCP 80 - HTTP
TCP 9080 - Duplicate HTTP
TCP 22 - SSH
TCP 9022 - Duplicate SSH
TCP 9001 - WebMin
UDP 10000-20000 - RTP
UDP 5004-5082 - SIP
UDP 4569 - IAX2
UDP 2727 - Media Gateway
Where To Go From Here. The PBX in a Flash script repository at pbxinaflash.org also has gotten a facelift. That should be your next stop because it is the home of all the goodies that make PBX in a Flash shine. Tom King, the ultimate scripting guru, manages that site. So check it often. You'll also find all of our Nerd Vittles Goodies work with this new release. Most of our original collection work flawlessly with Asterisk 1.4 including AsteriDex, Yahoo News Headlines, Weather by Airport Code, Weather by Zip Code, Worldwide Weather Forecasts, Telephone Reminders, MailCall for Asterisk, and TeleYapper. We have not yet completed testing with Asterisk 1.6, but most should work. Complete documentation for each application also is provided at the link above. And, if you still have a DBT-120 Bluetooth adapter, you'll be happy to learn that it works out-of-the-box with PBX in a Flash on your new Everex Green PC. Dust off our recent article on Proximity Detection, and you should be in business in under 10 minutes. Enjoy!
Nerd Vittles Skype Gateway to Asterisk. If you haven't yet built your own Skype Gateway to Asterisk, you're missing a treat. To give you some idea of the flexibility of the gateway, pick up any Skype phone and call our Skype demo hotline: nerdvittles. It was a 5-minute project once the gateway was running.
Want a Bootable PBX in a Flash Drive? Our Atomic Flash bootable USB flash installer for PBX in a Flash has been quite the hit. Special thanks to all of our generous contributors! Atomic Flash provides all of the goodies in the VPN in a Flash system featured last month on Nerd Vittles. You can build a complete turnkey system using almost any current generation PC with a SATA drive and this USB flash installer in less than 15 minutes!
If you'd like to put your name in the hat for a chance to win a free one delivered to your door, just post a comment with your best PBX in a Flash story.2
Be sure to include your real email address which will not be posted. The winner will be chosen by drawing an email address out of a hat (the old fashioned way!) from all of the comments posted over the next several weeks.
And it still isn't too late to make a contribution of $50 or more to the PBX in a Flash project and get a free Atomic Flash installer delivered to your door as our special thank you gift. See this Nerd Vittles article for details.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest...
Avoiding the $100,000 Phone Bill: A Primer on Asterisk Security
Here's a headline to wake up any CEO: "Small business gets $120,000 phone bill after hackers attack VoIP phone." News.com.au actually ran this story on January 20. "Criminals hacked into an Internet phone system and used it to make 11,000 international calls in just 46 hours... 115,000 international mobile calls were made using the small business's VoIP system over a six month period."
News Flash: Be sure to read our latest article introducing Travelin' Man 3, a completely new security methodology based upon FQDN Whitelists and DDNS. In a nutshell, you get set-it-and-forget-it convenience and rock-solid VoIP security for your Cloud-based PBX or any PBX in a Flash server that's lacking a hardware-based firewall and you get both transparent connectivity and security for your mobile or remote workforce.
For the latest Security Tips: See our most recent article.
Sad to say that folks install VoIP phone systems to save money and then completely ignore tried-and-true network security principles: hardening your system, regularly watching your logs, and periodically changing your passwords. If PBX in a Flash were a commercial offering, we'd probably keep much of what follows to ourselves and start touting our PBX systems as the only Asterisk® offering with Secure-Wrap™. That's not our world, of course, nor is it what open source is all about... which turns out to be both a blessing and a curse. We openly and jointly figure out ways to secure our Asterisk systems as well as those of our competitors. Then the bad guys get to read all about it and come up with new, more creative "solutions." The silver lining is there are millions of insecure Asterisk systems so the creeps typically move on to easier targets.
Today we'll walk you through our Top Ten Security Tips and Tricks. All of these can be implemented easily to harden your Asterisk PBX and lessen the chances of the bad guys transforming your VoIP system into a free, international payphone: you pay, they phone. In the process, we'll identify some common security blunders that accompany new system installs in hopes that you won't make the same mistakes. So let's start with the basics. If you plug your Asterisk PBX directly into the public Internet without carefully securing it, your chances of being hacked within the hour are pretty good.
Rule #1: Protect Your PBX With IPtables. PBX in a Flash systems are delivered with the IPtables firewall enabled. Leave it that way! If your Asterisk implementation doesn't have IPtables support, demand that it be added immediately or ask for assistance in adding it yourself. There is no reason not to use a freely available, open source firewall, period! And there are many good tools including WebMin (also included in PBX in a Flash distributions) to get it configured properly. With PBX in a Flash, all of the grunt work has been done for you.
Firewalls, of course, are only as good as the set of rules defined to secure your system. So only activate ports that are absolutely essential to run your PBX. For an excellent review of the ports that are opened by default in PBX in a Flash systems, see Joe Roper's summary. Think of an activated port as a hole in the dike. The more holes you add, the less secure your PBX will be. We'll leave it to you to count the holes in the dike if you choose to run your PBX without IPtables enabled. Our rule of thumb for PBX security goes something like this. If you don't need web access to your PBX, don't open ports 80 and 9080. If you don't need SSH, FTP, FOP, or WebMin access to your PBX, don't enable those ports. Better yet, don't even turn those services on unless there is a pressing need.
All of the IPtables rules are stored in /etc/sysconfig/iptables. Don't edit this file unless you know what you're doing. If you need help with the rules, post a question on the PBX in a Flash Forum. Typical response time on posted questions is under an hour on our forum. And don't forget to restart IPtables if you make changes to any of the rules: service iptables restart.
Rule #2: Protect Your PBX With A Hardware-Based Firewall. If one firewall is good protection, two firewalls are even better. As much as NAT-based firewall/routers get a bad rap, the extra layer of protection that a $50 hardware-based firewall/router delivers cannot be overstressed. Think of the software-based firewall as the tool of choice to secure your PBX on your internal LAN while the hardware-based firewall secures your system on the public Internet. We recommend the dLink WBR-2310 for home and SOHO use. It provides a reliable NAT-based router, a firewall, and excellent WiFi capability for under $50. If you've got some spare change, step up to one of dLink's Gaming Routers which we happen to use. They provide all the tools you'll need to prioritize your VoIP traffic. As with Rule #1, only open and redirect ports that are absolutely essential to use your PBX.
Rule #3: Safeguard Against Random Password Hacks. There is no better tool to protect your PBX from random password attacks than Fail2Ban 0.8.3. Fail2ban scans log files and bans IP addresses that make repeated, unsuccessful password attempts. It updates IPtables rules to reject those IP addresses for a period of time that you can set in /etc/fail2ban/jail.conf. Originally PBX in a Flash systems were shipped with an earlier version of Fail2Ban that provided only minimal protection. If your system doesn't include the jail.conf file above, you still have the older version. Simply run our update script to get the current release:
cd /root
mkdir fail2ban
cd fail2ban
wget http://pbxinaflash.net/source/fail2ban/fail2ban-update
chmod +x fail2ban-update
./fail2ban-update
service fail2ban restart
As was true with IPtables, Fail2Ban is only as good as the rules which are defined to identify failed password attempts on your system. On PBX in a Flash systems, we now protect against web, FTP, SSH, SIP, and IAX password attempts.
If your particular Asterisk implementation lacks Fail2Ban support, you're missing a critically important (free) tool to safeguard your system from random password attacks against SSH and your protected web sites as well as your SIP and IAX extension passwords. For tips on installation, review our script that is available on this thread in the PBX in a Flash Forum.
Rule #4: Narrow Access With IP Address Restrictions. Security privileges in the U.S. government are based upon a "need to know." It's pretty simple. If you don't have a need to know the information to perform your duties, you don't get the privilege. You can use a similar technique to secure your PBX by implementing IP address restrictions. For example, if all of your extensions are housed on a private subnet of your internal LAN, then there is no reason to allow Internet access to those extensions. Similarly, for extensions outside your local network, you now can hardcode the IP address into the extension to restrict access. To implement this with Asterisk and FreePBX-based systems, you'll first need to upgrade FreePBX to at least version 2.5.1.1. Once you've upgraded, go into each extension and enter either an IP address or an IP subnet for that extension in the permit field. For an IP address, the syntax is 192.168.0.44/255.255.255.255. For an IP subnet, the syntax would look like this: 192.168.0.0/255.255.255.0. This one tip would have been worth $120,000 to the Australian company referenced above. Yes, consultants can be worth their weight in gold. 🙂
If you're as absent-minded as we are, you don't want to have to worry about remembering this each time you add a new extension to your system. So it's quite simple to change the default permit entry from 0.0.0.0/0.0.0.0 to the subnet mask of your LAN. Then you only have to adjust this entry whenever you add an extension which is not on your internal LAN. For example, if your LAN subnet is 192.168.0, then we want to replace the default entry with 192.168.0.0/255.255.255.0. The file to edit is /var/www/html/admin/modules/core/functions.inc.php. Just search for $tmparr['permit'] in BOTH the iax2 and sip sections of the file and make the value substitution preserving the single quotes on both sides of your new entries.
You also can implement both password and IP address restrictions to limit web access to your server. With Apache web servers, this is done through .htaccess files and directory restrictions in your Apache config files. On PBX in a Flash systems, htaccess password restrictions now are the default setup in all of our builds. Suffice it to say, if you can access the /admin directory on your web site from the Internet without being prompted for a password, your site probably has been compromised. Keep in mind that these passwords get cached so be sure you have cleaned out your browser cache before having a heart attack. Better yet, try this from a browser you don't ordinarily use (such as the one on your cellphone).
For additional security, you can further restrict access to your web directories by adding a list of authorized IP addresses to the .htaccess file in each subdirectory. Here's what an .htaccess file with IP address restrictions might look like. The first Allow entry is the private LAN subnet, the second is a remote site, and the third is the Hamachi VPN subnet mask:
Deny from All
Allow from 192.168.0
Allow from 68.218.222.70
Allow from 5.67
Rule #5: Don't Use 'Normal Ports' for Internet Access. Think of network and PBX security as a shell game. You want to do as many things differently as possible to make it as difficult as possible for the bad guys to figure out what you've done. Read that last sentence again. It's important! With a hardware-based firewall such as the WBR-2310, this is incredibly easy. dLink calls them Virtual Servers. Here is a typical entry:
HTTP 192.168.0.150 TCP 80/2319 Allow All Always
You can simply redirect common ports to different ports for Internet access. Don't do this for SIP and IAX ports, but it works great for HTTP, FTP, and SSH access. For example, port 80 typically is the default web server port on Asterisk aggregations, and this port normally can be used on your internal LAN assuming you know and trust your users. For external (aka Internet) web access, simply remap TCP port 80 to some obscure port and change it periodically. For example, you might redirect TCP port 80 to port 2319. Once the setting is saved, you access the web site with a browser entry like this: http://pbx.mydomain.com:2319/. Then (and just as important!) next month, change the port to 4382, then 6109, and so on. Don't use these numbers obviously! Make up your own. The key here is that 5 minutes work every month will keep web access to your PBX much more secure than letting every Tom, Dick, and Ivan hammer away at port 80 every night while you're sleeping. Incidentally, most of these routers also will let you block access to certain ports during certain hours of the day. If you're sleeping, there's really not much need to provide SSH and web access to your Asterisk server. At the risk of being labeled xenophobic, keep in mind that many of the world's best crackers reside in countries where daytime happens to be nighttime in the United States.
Rule #6: Really Secure Passwords Really Do Matter. While we have no hard evidence to back this up, our wild-assed guess (WAG) is that 90% of the security breaches in Asterisk systems have been the direct result of folks using passwords that matched the extension numbers on their phone systems. Since most Asterisk PBX systems are configured with extension numbers beginning in the 200, 700, or 800 range of numbers, it really wasn't Rocket Science to remotely log into these servers and make unlimited SIP telephone calls. The first five rules would have protected most Asterisk systems. But our WAG on the number of Asterisk PBX's that have implemented all five rules above would be less than one in a thousand. Part of that is because some of these tools weren't readily available until recently. But part of it is because most of us are just plain L-A-Z-Y.
Really secure passwords really do matter. And it's more than having a secure root password. All of your passwords need to be secure including those on your phone extensions and voicemail accounts unless you are absolutely certain that you have blocked all access to your system from everyone except trusted users. If you use DISA, make certain it has a really, really secure password. Part of having really secure passwords is regularly changing them. And our rule of thumb on Asterisk system passwords goes one step further. Never, ever use passwords on your PBX that you use for other important personal information (such as financial accounts). You've been warned. It's your phone bill and bank account!
<end of sermon>
Rule #7: Minimize Web Access To Your PBX. Most of the Asterisk aggregations utilize FreePBX as the graphical user interface to configure your Asterisk PBX. Because FreePBX is web-based, it is extremely dangerous to leave it exposed on the Internet. As much as we love FreePBX, keep in mind that it was written by dozens and dozens of contributors of various skill levels over a very long period of time. Spaghetti code doesn't begin to describe some of what lies under the FreePBX covers. Make absolutely certain that you have .htaccess password protection in place for all web directories in at least these directory trees: admin, maint, meetme, and panel.
Our rule of thumb on Internet web accessibility to an Asterisk PBX goes like this. Don't! But, if you must, build as many layers of protection as possible to assure that your system is not compromised. If the bad guys get into FreePBX, the security of your PBX has been compromised... permanently! This means you need to start over with all-new passwords by installing a fresh system. You simply cannot fix every possible hole that has been opened on a FreePBX-compromised system!
Rule #8: Implement VPNs for PBX Systems. PBX in a Flash has provided simple install scripts to deploy Hamachi VPNs on all of our current systems. Hopefully, the other aggregations will do likewise. In addition, we offer turnkey VPN in a Flash systems which provide this functionality out of the box. VPNs provide an incredibly simple way to interconnect PBX systems worldwide and assure secure communications between these interconnected systems. We now are exploring other VPN solutions which would facilitate the use of VPN-enabled telephones such as the new offerings from SNOM.
Rule #9: Check Your Logs Every Day. We're still dumbfounded by the following quote from the article above: "115,000 international mobile calls were made using the small business's VoIP system over a six month period." Six months and they never checked their call logs? Sounds like they earned this phone bill. FreePBX provides an incredibly simple way to review your call logs. Click the Reports tab at the top of the screen and look at the bar graph showing the number of calls each day and the combined length of those calls. Nothing could be easier. Do it every single day! It also should be noted that Ethan Schroeder has released a beta of some new monitoring software which will provide more granular monitoring of daily call volumes. For additional information or to participate in the beta, visit this link.
Rule #10: Do Some Reading... Regularly. No security implementation is complete without a little regular effort on your part: reading. If you're going to manage your own network or PBX, then you need to keep abreast of what's happening in the business. There are any number of ways to do this, none of which take much time. The simplest approach is just to scan the Open Discussion, Add-Ons, and Bug Reporting topics on the PBX in a Flash Forum, the trixbox Forum, and the FreePBX Forum. Aside from reviewing your call logs, it's the best 15 minutes you could spend to safeguard your system. We also have an RSS Feed which includes security alerts.
Update #1: Be sure to read this great new article. It has two fresh ideas for securing your system!
Update #2: Please also read this Nerd Vittles Alert about FreePBX backdoors and default passwords that was published on April 15, 2011.
Some Other Suggestions. A couple other suggestions come to mind that don't involve securing your PBX per se but nevertheless will lessen your exposure in the event of a security breach. First, if your usual calling patterns don't involve international calling or if they're limited to one or two countries, tighten up your outbound dialplan and restrict calling to countries that you actually need. It can always be changed when the need to call elsewhere arises. Second, if you use pay-as-you-go providers, never use credit card auto-replenishment. Instead, add funds periodically using the provider's web interface. The advantage of this is that, if someone does manage to break into your system, your loss will be limited to the current balance in your provider account. You'll not only save a lot of money, but you'll also get a notification that something has gone horribly wrong. Finally, a forum user mentioned one we had overlooked. If you have a mix of POTS and VoIP lines, don't put the POTS lines in the default outbound pool for toll calls. This could potentially save you lots of money.
Continue Reading Part II: The VoIP WhiteList for IPtables...
Got Some Other Ideas? 50,000 heads always are better than one when it comes to network security. If there are things we've missed, take a minute to post a comment. It'll help all of us keep our systems more secure. Good luck!
Digium® Weighs In. Since this article first appeared, Digium has released its own set of tips on SIP security. By all means, have a look!
Security Alert of the Week. A trixbox user yesterday reported that he had discovered a rootkit exploit on his server. You can could read all about it here. The 6:03 a.m. (California time) post mysteriously disappeared a few hours later... soon after the trixbox staff got to work. Another darn computer failure according to Fonality staff. 😕 We've attempted to recreate the information from Google snippets. And here's a simple test to see if you have a similar rootkit problem:
ls -all /sbin/init.zk
Want a Bootable PBX in a Flash Drive? Our bootable USB flash installer for PBX in a Flash will provide all of the goodies in the VPN in a Flash system featured last month on Nerd Vittles. You can build a complete turnkey system using almost any current generation PC with a SATA drive and our flash installer in less than 15 minutes!
If you'd like to put your name in the hat for a chance to win a free one delivered to your door, just post a comment with your best PBX in a Flash story.1
Be sure to include your real email address which will not be posted. The winner will be chosen by drawing an email address out of a hat (the old fashioned way!) from all of the comments posted over the next couple weeks. All of the individuals whose comments were used in today's story will automatically be included in the drawing as well. Good luck to everyone and Happy New Year!!
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest...
- This offer does not extend to those in jurisdictions in which our offer or your participation may be regulated or prohibited by statute or regulation. [↩]
Remotely Managing Your Asterisk Server with WebDAV
It's been quite a while since we last explored WebDAV, and that was in the context of turning a Mac into an ISP-in-a-Box in 2005. Today we want to do much the same thing with your PBX in a Flash server, and the drill is quite similar. Over the course of the last four years, the uses of WebDAV have grown geometrically.
Overview. As you probably know, WebDAV is an acronym for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to collaboratively edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac world, WebDAV provides a Disk Volume on your Desktop that “looks and feels” like any other networked hard disk. In the Windows world, WebDAV is called Web Folders. They can be used like any other mapped drive in Network Neighborhood. If you’re still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people with access rights don’t change the same file at the same time.
For openers, WebDAV provides a simple vehicle to manage your PBX in a Flash web site by letting you create a file-sharing link to your server which is read and write-accessible (with a password) from almost anywhere. It also could be used to upload and/or download sensitive corporate data, or it could serve as a backup repository for your portable or desktop PC. Think of it as a Poor Man's Cloud Computing alternative. Install a couple of terabyte drives on a Dell T100 or SC440, and you've got a secure environment for storing all of your data on a single server.
Initial Setup of WebDAV. For today, we're assuming you already have a functioning PBX in a Flash server. It includes most of the WebDAV components necessary to get WebDAV working. If you're using some other Asterisk® platform, then take a look at our previous articles for some hints on the basic setup keeping in mind that most Asterisk distributions use asterisk as the web user account rather than apache. To keep things simple, we're going to set up a separate dav directory within your existing PBX in a Flash web server to use for WebDAV access. This means files and folders managed with WebDAV will appear in /var/www/html/dav on your server.
To complete the WebDAV setup on PBX in a Flash systems, log into your server as root and issue the following commands:
mkdir /var/www/html/dav
chown asterisk:asterisk /var/www/html/dav
chown asterisk:asterisk /var/lib/dav
cd /etc/pbx/httpdconf
wget http://pbxinaflash.net/source/webdav/dav.conf
apachectl restart
Configuring WebDAV. As installed, you'll need your username (maint) and your password to access your WebDAV server from either a browser (for read access) or via network access (for read and write access). You have several choices in how to reconfigure this setup to meet your own requirements. If you want to upload and manage files in this directory with a password and then allow anyone to access the files with a web browser with no password, you can simply uncomment the two Limit lines in the Apache dav.conf file in /etc/pbx/httpdconf. Just remove the leading # characters from both the lines in the configuration file. If you want to restrict network and web access to WebDAV to certain IP addresses, you can remove the Allow from all line in dav.conf and add lines that look like the following:
Allow from 192.168.0
Allow from 68.218.222.170
Remember to give yourself access on the private LAN as well as the public side if you plan to use WebDAV from outside your firewall. Our strongest recommendation remains to not expose your server to public web access without restricting access with either passwords or IP restrictions in .htaccess files for each directory as shown above.
Accessing WebDAV. To access your WebDAV folder with a browser for read-only access, point your browser to the IP address of your server and then the /dav subdirectory. For example, on your private LAN, the link might look like this: http://192.168.0.123/dav. On the public Internet, the link might look like this: http://pbx.dyndns.org/dav.
On a Windows machine, you can create a Web Folder for access to your new WebDAV directory like this:
My Network Places
Add a network place
Choose network location
http://192.168.0.123/dav (with no trailing slash!)
username: maint password: yoursecretpassword
Name the link: PiaF WebDAV
Update: There is a glitch with Web Folder access with some Windows XP and Vista systems. Here's a link to the Microsoft Patch that addressed the problem.
On a Mac, click on your Desktop to open Finder and do the following:
Go
Connect to Server
http://192.168.0.123/dav (with no trailing slash!)
Connect
username: maint password: yoursecretpassword
OK
Using WebDAV for Total Web Site Management. There may be some who actually want to use WebDAV to manage your entire PBX in a Flash web site. This means all directories from /var/www/html down. This WebDAV management need not be exclusive. In other words, you still can retain the WebDAV setup for the dav directory outlined above. To add an additional WebDAV service for your entire web site, you will need to edit /etc/httpd/conf/httpd.conf. Then search for this text:
<Directory "/var/www/html">
Once you find that line of code, scroll down to just above the </Directory> entry and insert the following lines of code. Save your additions and then restart Apache: apachectl restart.
DAV on
<Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
AuthType Basic
AuthName "WebDAV Web Server Access"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
Order allow,deny
Allow from all
</Limit>
If you haven't also implemented the dav solution above, then make certain you issue the following command while logged into your server as root:
chown asterisk:asterisk /var/lib/dav
Now that you have your own WebDAV server, take a look at this terrific web site for some great ideas on what's possible in the open source and commercial world of WebDAV. Enjoy!
It's Time For That New Dell, Dude. If you've been holding off until Dell put the PowerEdge T100 on sale again, then today's your lucky day. With a dual Core Intel® Pentium®E2180, 2.0GHz processor with 1MB Cache, an 800MHz FSB, an 80GB 7.2K RPM Serial ATA 3Gbps 3.5-in Cabled Hard Drive connected to the onboard SATA controller, 512MB of 667MHz DDR2 RAM, a DVD-ROM Drive, and an On-Board Single Gigabit Network Adapter, the T100 is on sale for $329. It's not as great a deal as sometimes, but it's still a steal. Be sure to upgrade to 2GB of RAM for $19! Once you have your system, just load our Orgasmatron III build and you'll be off to the races in under 15 minutes!
If you want a cash rebate on your Dell purchase, use our eBates link to Dell or click on the coupon image in the right column of this article. It takes less than 30 seconds to sign up, and you get $5 (and so do we!) plus you receive 2% cash back on your Dell small business purchases which can be deposited directly into your PayPal account.
Want a Bootable PBX in a Flash Drive? In a few weeks to celebrate the beginning of Nerd Vittles' Fifth Year, we'll be introducing our bootable USB flash installer for PBX in a Flash with all of the goodies in the VPN in a Flash system featured a few weeks ago on Nerd Vittles. You can build a complete turnkey system using almost any current generation PC with a SATA drive and our flash installer in less than 15 minutes!
If you'd like to put your name in the hat for a chance to win a free one delivered to your door, just post a comment at this link with your best PBX in a Flash story.1
Be sure to include your real email address which will not be posted. The winner will be chosen by drawing an email address out of a hat (the old fashioned way!) from all of the comments posted over the next couple weeks. Good luck to everyone and Happy New Year!!
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest...
- This offer does not extend to those in jurisdictions in which our offer or your participation may be regulated or prohibited by statute or regulation. [↩]
What PBX in a Flash Brings to the Asterisk Table
As 2008 comes to a close, PBX in a Flash celebrates its First Anniversary and continues to be the only Asterisk® distro that offers users a choice of Asterisk 1.4 or 1.6 in either 32-bit or 64-bit flavors. In addition, you can choose our Lean, Mean Asterisk Machine or a preconfigured turnkey implementation with every VoIP bell and whistle on the planet. It’s all about choice and flexibility, and we offer both. For a preview of coming attractions, see the end of this article or take a look at the screen capture below. But today we hand over the editorial reins to some of our PBX in a Flash users to express in their own words why they chose PBX in a Flash and what their return on investment has been. We think you’ll be surprised by some of the responses. We certainly were.
You Never Know How Things Will Work Out
During the time of PBXIAF 1.0, I had been working with Trixbox for about 6 months. By the time PBXIAF 1.1 came out, I had learned enough about the way Trixbox can’t be updated to develop a healthy appreciation for the PBXIAF “compile on site, update as prudent” approach.I happen to be a techno-nut -– but that notwithstanding, our small business was experiencing telephonic growing pains. After 7 years in business, an opportunity to expand our private label help desk product was easily ready to overrun the terrible copper lines we had for telephone service.
Since it was obvious VoIP was the only way to go – we began to explore what was out there. Vonage was riding high, Packet8 and many other competitors all got us around the limited copper into the office, each one we looked at had their own special quirks. All of them were using analog telephone adapters (ATAs) and either regular or slightly customized Analog phones.
We began a year of exploration that started with the BigGreenBox – hoping to learn enough about VoIP and this strange creature called FreePBX to be able to use it. But, with time marching on, Packet8’s Virtual Office product was selected, and put into use in a 10-phone system.
Although pretty much always under development, the web application that was provided was a little twisted, but worked once you got over its way of looking at call flow – rudimentary ring groups could be arranged in such a way as to simulate queues provided nor more than 8-10 callers were on hold. And so it went for a good year. We definitely used all our creativity to connect various IVR’s ($15/month each) to give the caller a good experience, but we were already clearly operating at the very limits of flexibility and capacity for the Packet8 system.
The average telephone bill during this period was approximately $380 per month (about 1/3 of what copper lines had cost) and almost nothing in hardware ($1,000 in proprietary telephones and ATAs).
Then the balance was broken when Packet8 rather arbitrarily stopped supporting a type of IVR transfer that was crucial to our work flow. At the same moment, the unthinkable happened. The help desk grew a little more. Less flexibility + even more demands for non-achievable call flow changes was the death knell for Packet8 at our office.
During this same time we had deployed several ISOs of the GreenBox in the lab and with field technicians….Several ISO’s! In a very short time. So many ISO’s, so fast – and a complete reinstall to go with each one. Yikes. It had become apparent to me that my career would suddenly change from network engineering to “PBX Upgrade and Reconfigure Monkey” if we deployed that distribution. Also – the forums were unproductive and negative much of the time. There are ways to disagree and still remain civil. Then, I rediscovered Nerd Vittles. This was about the time PBXIAF 1.1 was released.
The difference in the environment and team spirit – even when disagreements occurred – is very palatable. The community is full of people who are so wonderfully giving of their experience. The difference in the distributions – well- they can be summed up in about 6 words. Ward Mundy, Tom King, and Joe Roper.
This trio has brought together a remarkable set of skills and disciplines that produced a really, really good distribution, not solely RPM-based so knuckleheads like me can follow simpler instructions. [Asterisk code is] updated and compiled right on the box – and fully scripted. Security flaws get fixed in hours – sometimes minutes (when they find them – there’s been so FEW), not DAYS like the other guys. And all of it is based on FreePBX, arguably the most evolved UI for managing Asterisk.
Together – they got stability, reliability, and repeatability, and decorated it with enough solid features and functions to be a platform whose feature-function-benefit points are all top notch. Linux, Asterisk, Mysql, Apache, Text to Speech (2 different flavors), Voice Reminders, Wake Up Calls, Weather Reports, Tide Reports, Email by Phone, Headline News by Phone, and scripts that make it all go together just the way it needs to be: “stable and reliable”.
PBX In a Flash is a gift – an opportunity for our technical staff to learn a new area of our field, with the camaraderie of some genuine experts in the arena. We are 8 people, doing the work of 12 – just like a million small businesses. As an old network guy – learning a new skill has been tremendously exhilarating. And this technology is so flexible that I’m continually exhilarated learning new things… and for a long time to come! The professional growth has been great for all of us.
Now, the money. Way back up in the top of this [post], I told you the phone bill with Packet8 was on a good month $380 with barely the [functionality] needed to do our professional best.
Today, thanks to PBXIAF, we run 6 queues every day, with tremendous customer and client satisfaction. We use every part of the system to provide our customers with the best telephone interaction experience they could get anywhere. While handling about 10% more traffic, and with far superior call handling and work flow support, our average phone bill is $120 month.
Here’s the good part. With the $260 a month being saved, the company was able to afford to bring in group medical insurance for all our employees. How’s that for positively impacting 8 people every single day of their lives?
Ward, Tom, Joe – I could never have done it without you.
–tshif
And then there was this testimonial from a venue that all of us are thinking about these days:
Our small public middle school in Washington, DC has to make every penny count. I’m in charge of our technology and its meager budget. This past summer we moved to a new and bigger building and needed to migrate our phone system. We had an existing NEC Aspire system with 15 extensions that worked just fine – nothing fancy – and it hooked up to a single POTS line.
At the new building we needed to double the size to 30 extensions. As the Aspire system used VOIP, it should just be a matter of buying the handsets and a little labor to configure them. Right? [Wrong!] $17,000 is what they wanted to hook up the existing equipment that we moved over and add the 15 new extensions. My response: "Hell no!"
I’d wanted an excuse to setup an Asterisk server for a while, but I had heard how complicated it was. School was close to opening. I had a lot of other things to take care of. And I needed a solution that would most likely work the first time. I found PiaF then read up on the wiki and Nerd Vittles. I ordered a set of Aastra 57i’s and a used Dell PowerEdge 2650. We decided to go "pure VOIP" for flexibility and signed up with Vitelity.com.
I followed the great step-by-step directions for PiaF. I wanted to set mine up inside a Virtual Machine which added some complexity, but I found lots of helpful users in the forums that had documented their experiences before me.
Now we’re 5 months in. The system has more capabilities than our old NECs. The sound quality is better, and it’s easier to use. I had some problems with my server crashing, but I was able to rebuild it on different hardware and transfer our entire configuration in about an hour. Now everything is great. I love that we’re implementing more open source tools, open standards, and aren’t limited to vendor BS when we’re ready to expand. Other schools thought we were "crazy" to setup our own system. Now they want all the details to try and do it themselves.
The best part, of course, is that our whole setup was under $7K. That’s a $10,000 savings. To translate that with regards to the school, that savings allowed us to buy and set up four desktop machines in each of ten classrooms. Now THAT is making a difference.
Thanks to the PiaF team and community!
–jcasimir
And then there’s this one:
TODAY I TOOK CONTROL OF MY VOIP…..
I’ve been a happy VOIP user for 4 years running on Vonage. Even got my son hooked up on Vonage while he was in the Army stationed in Japan. But, when the lawsuits loomed over Vonage’s head, I started looking for something else, and I found Nerd Vittles. WOW! Being kind of a gadget junkie to start with and always looking for something interesting to do with my PCs, I started with Trixbox from Ward’s "build" and fumbled along. When PIAF came along I naturally followed.
I have two important successes that have made me love this VOIP/PIAF stuff.
1) When my grandson was diagnosed with a heart condition my daughter and her husband were stuck in hospital emergency rooms for hours at a time. Being about 500 miles from both our family and the other grandparents, they had a very difficult time getting news out to us since hospitals usually restrict the use of cell phones and don’t allow long distance calls from their phones. That only leaves (yuck!) pay phones. In just a few minutes time, I was able to buy a local DID to the hospital and connect it to my PIAF. I then set up an IVR that gave them access to a DISA. That way they could call us using a local number or call through the DISA to contact the other grandparents. Keeping everyone informed really eases your mind when the grandkids are ill!
2) When I got tired of my wife continuing to ask me for phone numbers when calling our family and friends, I finally decided to set up an IVR for her. So far, both of our kids’ home and cell numbers (as well as my cell number) have kept her happy. When she asks for more I’ll just add them. So far the "Wife Acceptance Factor" is high and I’m having great fun. Hanging up on recognized telemarketers is great, the Callerid Superfecta works great, and I like getting the Weather Forecast from Allison.
The port from Vonage was completed today. I’m using Future-Nine as my primary provider. So, like I said, today is the day I took control of my VOIP.
–jeffmac
And, speaking of role reversal…
PIAF to the Rescue!!
Here is a twist for you.
First, the problem:
My company has a ShoreTel system in place, 48 extensions. They have 2 PRI’s bonded together with dynamic channel allocation. Eight channels are dedicated to the phones, the rest to the Internet. When we have more calls than 8, the system robs channels from the Internet, up to 23 channels max, and returns them as the call volume drops. This all works well.
Monday, a pole a few blocks from our office had the transformer catch fire, and the provider’s equipment was affected. We lost both Internet and phones for several hours. Much of our business is time critical. With no incoming phone calls and no email, we almost lost out on a chance to bid on a VERY large deal. Fortunately, the customer knew the L.A. branch number and after being unable to get in touch with us, he called L.A.
Anyway, now it is critical to management that this NEVER happen again.
The Solution:
Tuesday: I studied the issue and wrote a proposal.
Wednesday: I fired up a PIAF box, established a 10 channel SIP trunk group to the ShoreTel system, and got everything setup for intersystem routing, etc.
Thursday: I am picking up a pay-as-you-go service with 10 channels from a VOIP provider with a single DID and setting our Telco service for failover/rollover to the VOIP DID. I am then ordering a second Internet circuit, 2meg x 2meg, to bring in the SIP trunks from the provider. As soon as that is done, I will dual-home the mail server so that we can get and send email via both Internet providers.
The End Result:
If the primary connection fails, phone service rolls over to the DID from the VOIP provider, rolls into PIAF, and cross trunks to the ShoreTel – AUTOMATICALLY!! Email switches to the secondary MX record and keeps right on rolling. One change in the firewall for the public NAT address and gateway and Internet [and phone service] is back up and running.
THANK YOU Ward, Tom, Joe and gang for making this possible.
–Greg Keys
And, last but not least…
You made my Grandma Cry!
My wife and I are currently living in Germany, and we’ve been using a Skype-In number so our friends and family can call us. For my wife it is important that the solution just works like a regular phone and so I had setup a Siemens M34 to interface with our DECT phone and it worked, mostly, for a few days until the entire system needed to be restarted. For most of our family, this solution works. But my grandmother is living in a different area code and can’t afford to call us as often as she would like.
I stumbled upon the PBX in a Flash project a few weeks ago and, after I found two old Grandstream GXP-2000 in the company junk closet (we are an Internet startup – someone is always buying new toys), I installed PiaF 1.2 using VMWare. I set up a Vitelity DID, the CallerID Superfecta, the Callerid Creep Detector, experimented with ring groups, routing, IVRs and was so impressed that I knew our Skype-solution days were numbered.
Last night, I took the plunge, reformatted the Skype system, and deployed PiaF 1.3. The install was so fast and painless. I copied the old configuration information into the new system. And, my new PBX was up and running in under and hour.
I had so much time left on my hands that I figured I might as well experiment. I followed another Nerd Vittles tutorial and created a few cell phone extensions for my family back in the states. I went to Vitelity and purchased another DID. I recorded a quick message, setup an IVR, and a new corresponding route. That’s when the fun started.
I called my grandmother and told her: "Grandma, we’ve got a new telephone number. Will you please call me right back at…". She was a little surprised when I told her that the number was now going to be a local call for her. The real surprise came when she called the number and heard, "Hi Grandma, welcome to your phone system. For Martin and Ashlee, please press 1, for Rachel please press 2,…". By the time she pressed 1 and Asterisk was ringing our home ring group, she was in tears.
We talked for quite a while about our lives, the Olympics, the hurricane, and everything else. This morning when I got up, I checked the call logs and saw that she had systematically called every single IVR point after we got off the phone.
I didn’t deploy PiaF as a mission-critical business application yesterday–though that day will come for me, but I did what the open-source Internet ideology is all about in my mind. I used the knowledge and experience others have gifted the community to create a solution that fit my situation.
Thanks Again, PiaF Team, from the bottom of my heart!
–Martin Modahl
For those of you that still need a New Year’s Resolution, we hope our fans have given you some ideas. And, when my wife again asks why I continue to work for 5¢ an hour, I’ve got something great for her to read.
Thanks, everybody. You’ve made it all worthwhile.
Want a Bootable PBX in a Flash Drive? Early in 2009 to celebrate the beginning of Nerd Vittles’ Fifth Year, we’ll be introducing our bootable USB flash installer for PBX in a Flash with all of the goodies in the VPN in a Flash system featured a few weeks ago on Nerd Vittles. You can build a complete turnkey system using almost any current generation PC with a SATA drive and our flash installer in less than 15 minutes!
If you’d like to put your name in the hat for a chance to win a free one delivered to your door, just post a comment below with your best PBX in a Flash story.1
Be sure to include your real email address which will not be posted. The winner will be chosen by drawing an email address out of a hat (the old fashioned way!) from all of the comments posted over the next couple weeks. All of the individuals whose comments were used in today’s story will automatically be included in the drawing as well. Good luck to everyone and Happy New Year!!
Nerd Vittles Fan Club Map. We hope you’ll take a second and add yourself to our Frappr World Map. In making your entry, you can choose an icon: guy, gal, nerd, or geek. For those that don’t know the difference in the last two, here’s the best definition we’ve found: "a nerd is very similar to a geek, but with more RAM and a faster modem." We’re always looking for the best BBQ joints on the planet. So, if you know of one, add it to the map while you’re visiting.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
- This offer does not extend to those in jurisdictions in which our offer or your participation may be regulated or prohibited by statute or regulation. [↩]
Another Dell with Asterisk, Dude: Introducing the Orgasmatron III for Dell’s New PowerEdge T100
Dell finally kissed its SC440 server goodbye last week so we've been scrambling for a replacement VoIP candidate for Asterisk® that has performance sufficient to serve as a 50 to 100-user small business PBX without breaking the bank. It turns out Dell's PowerEdge T100 introduced in September is strikingly similar to the SC440 both in performance, design, and even price, but it scales a bit better. If it walks like a duck, quacks like a duck, and is priced like chicken feed, that's good enough for us.
In early December, we got our first new T100: a Dual Core Intel® Pentium®E2180, 2.0GHz processor with 1MB Cache, an 800MHz FSB, two 80GB 7.2K RPM Serial ATA 3Gbps 3.5-in Cabled Hard Drives connected to the onboard SATA controller, 512MB of 667MHz DDR2 RAM, a DVD-ROM Drive, and an On-Board Single Gigabit Network Adapter for $299. Sound familiar? It should. The T100 special pricing was virtually identical to the $299 special on the SC440 except Dell now has thrown in a DVD-ROM drive in lieu of the SC440's CD-ROM drive. For $19 more, you can bring the system up to 2GB of RAM which is an excellent idea. If you missed out, don't fret. There will be another deal in a week or two. Even the regular pricing on this unit with a Celeron 1.8GHz processor, 2 gigs of RAM, and two 80GB drives is only $339. And international pricing is equally competitive. We haven't yet seen the $199 single-drive U.S. price that appeared regularly with the SC440, but it shouldn't be too long given the current economy.
As for scaling, if you're interested in a growth path, you'll love the T100 compared to the SC440. It supports numerous processors up to the Quad Core Xeon 2.83GHz with 2x6M Cache and 1333MHz FSB as well as two one-terabyte SATA drives (just don't buy them from Dell 😯 ). And, unlike the SC440, the T100 accepts up to 8GB of RAM. So the remaining question: "Will the SC440 Orgasmatron II build work with the T100?" And the answer is "sort of." But have no fear, we've put Humpty back together again and have added even more bells and whistles to the new Orgasmatron III custom-designed for the T100 today. It now includes your own, free and private Hamachi VPN cloud for up to 16 computers.
To get email alerts when the T100 again goes on sale, go to techbargains.com. Then click on Send Email Deal Alert and fill out the form entering T100 as your search term. Be sure to confirm the alert by replying to the email.
If you want a cash rebate on your Dell purchase, use our eBates link to Dell or click on the coupon image in the right column of this article. It takes less than 30 seconds to sign up, and you get $5 (and so do we!) plus you receive 2% cash back on your Dell small business purchases which can be deposited directly into your PayPal account.
We expect these units will follow in the footsteps of their SC440 cousin and go on sale roughly every two weeks... so be ready! The T100 also is good news for our international friends because Dell now markets this machine virtually everywhere in the world at very competitive prices. It's selling for 40% off in the U.K. and 299€ in many European countries as we speak.
For long-time readers, you already know that we've identified what we believe to be the perfect Asterisk SIP phone, the Aastra 57i. But both of our previously anointed small business/home servers on which to run a production Asterisk system for 50-100 employees, the Everex gPC2 (aka "The WalMart Special") and the Dell SC440, are no more. So this build brings us current with Dell's very latest offering in the low-cost, high-performance server category and builds on the SC440 tradition of providing a quantum leap in performance and reliability compared with traditional home PCs. The ISO images you'll be downloading were captured as a backup on the flash drive of our new T100 lab machine. You can expect at least twice the performance on the PowerEdge T100 compared to the WalMart Special. Today's Orgasmatron III Build provides a preconfigured T100 installation on a 2-disk ISO image backup of the whole system using Mondo. And, NO, it won't work with any other hardware! Once you download the ISO images and burn your CDs, it's a 15-minute No-Brainer to install the entire image onto your own T100. Wait to install any add-on cards until after you complete the Orgasmatron install. You must have a T100 configured as above, or this Mondo restore may not work. So accept no substitutes, or you may end up with an Electronic Brick instead of an Orgasmatron.
We've preconfigured some extensions on your new system as well as outbound and incoming trunks from some terrific providers including our second homegrown entry for VoIP terminations. Joe Roper and his business partner in Spain now offer a terrific IAX VoIP termination service. You can choose penny a minute service in the U.S. and most of Canada, or you can opt for premium VoIP service at about 2¢ a minute in the U.S. International rates also are VERY reasonable! You literally can sign up for service, plug in your phones, and have a system in full operation in under an hour.
If you've missed our previous Orgasmatron articles, suffice it to say this is the Ultimate Kitchen Sink for Asterisk. From the time you insert the CD 'til you have a functioning Asterisk PBX with all the bells and whistles imaginable... just 15 minutes! In fact, it will take less time to create your new system than it will take you to finish reading this article. Please do BOTH! The Orgasmatron III includes PBX in a Flash 1.3 in all its glory including Asterisk 1.4.21.2 running under CentOS 5.2 with a version of Zaptel that actually works with legacy cards, plus the newly released FreePBX 2.5, a full-function fax server, a full-disk backup and restore solution (that actually works!), the latest Hamachi VPN software, every imaginable Nerd Vittles text-to-speech application for Asterisk, and so much more. Complete documentation for the TTS apps is available here.
- Inbound and Outbound VoIP Faxing Using nvFax... finally!
- FONmail for Asterisk to send voice messages to any email address on the planet
- AsteriDex RoboDialer and Telephone Directory
- Telephone Reminders with Support for Recurring Reminders and Web-based TTS Reminder Messages
- NewsClips for Asterisk featuring Dozens of Yahoo News Feeds (TTS)
- Weather Reports by Airport Code (TTS)
- Weather Reports by ZIP Code (TTS)
- Worldwide Weather Forecasts (TTS)
- xTide for Asterisk (TTS)
- MailCall for Asterisk: Get Your Email By Telephone (TTS)
- TeleYapper 4.0 Message Broadcasting System
- CallWho for Phone Lookup and Dialing of Entries in the AsteriDex Database (TTS)
- TFTP Server with preconfigured setups for 10 Aastra 57i SIP telephones
In addition, you get dozens of preconfigured telephony applications and functions that would take even an expert the better part of a year or two to build independently. And, unlike all of the other distributions, we build Asterisk from source so it's simple to modify and upgrade whenever you feel the need. Here's a short list of what you have to look forward to:
- Stealth AutoAttendant with Welcome and Application IVRs
- Key Telephone Support Using Park and Parking Lot
- Intercom/Paging Support
- Bluetooth Proximity Detection with Automatic Call Forwarding to Cell Phone
- DISA
- Blacklisting with Web and Telephony Interfaces
- CallerID Name Lookups from Numerous Providers
- Weekly Automated System Backups to a Flash Drive
- One Touch Day/Night Service
- Music on Hold
- Voicemail with Email Delivery of Messages and Pager Notification
- Voicemail Blasting
- Cell Phone Direct Dial
- Call Forward: All, Busy, No Answer
- Call Waiting
- Call Pickup
- Zap Barge
- Call Transfer: Attended and Blind
- Dictation Service with Email Delivery
- Do Not Disturb
- Gabcast
- Phonebook Dial by Name
- Speed Dial
- Flite Text to Speech (TTS)
- Windows Networking with SAMBA
- Linux Firewall and Fail2Ban with SSH, HTTP, and SIP/IAX login protection
- PBX in a Flash Software Update Service To Keep Your System Current
- One-Click Cepstral TTS Install with Allison... Just Type install-cepstral
Prerequisites. As mentioned, you'll need a T100 configured with the specs outlined above including the 2GB RAM upgrade. We also recommend an 8GB USB flash drive on which to store automatic weekly backups of your new system. Just plug it into your new machine, and follow the simple steps below to activate Mondo. Every Sunday night, you'll get a new backup in ISO format on your flash drive. If something goes wrong on your system, copy the ISOs to CDs and reboot with Disk 1. It doesn't get any easier than that. And you can always check on the latest backup by issuing the command: usbcheck
Pay to Play. Greed has finally set in at Nerd Vittles. After all, Christmas is just around the corner! The download of this two-disk ISO image will set you back a whopping $10. In addition to covering the bandwidth and storage costs for the builds themselves, it also seems only fair that those using the builds help cover the hardware costs associated with these technology refreshes. When you compare our pricing to the Lime Green PBX offering from Dell... well, you don't really wanna know! There's one other little difference. Once you download our image from DreamHost, you are more than welcome to pass it along to as many of your friends and business acquaintances as you like. You can even do it electronically through the DreamHost Files Forever program. And, if you're inclined to host this image for your fellow man at no cost, be our guest... and thank you!
Bottom line: With a little patience waiting on Dell's next special, for about $300 and some lunch money, you'll have the slickest, newest, fastest, most reliable PBX and fax machine on the planet with rock-solid weekly backups and, of course, the availability of our one-of-a-kind PBX in a Flash Software Update Service! In fact, this may very well be The PerfectPBX™ even if we do say so.
Getting Started. Once you have your T100 in hand, take it out of the box, plug it into your LAN with DHCP and DNS support and Internet connectivity. You'll need a USB keyboard for typing temporarily. We also strongly recommend that you always keep your system running behind a NAT-based firewall/router. We strongly recommend the dirt-cheap dLink WBR-2310 WiFi router which handles NAT issues with VoIP masterfully. Don't redirect any ports to the machine and don't turn the PC on just yet.
Download the two ISO images for the T100 from here. Unzip the file and create two CDs from the ISO images. If you don't know how to create a CD from an ISO image, read that section from our previous article. In fact, read the whole article. It'll help you immensely down the road.
Once you've created your two CDs, turn on the T100 and quickly insert Disk 1 into the DVD drive and close the drive. When prompted, press F11 to choose the boot device and select the DVD-ROM drive. You'll note that the default T100 setup now apparently looks for a network boot device so you'll need to do a little BIOS reconfiguring, but you can do that at your convenience. F2 gets you into the T100 BIOS setup. Then choose Integrated Devices and, using the space bar, change Embedded Gb NIC from Enabled with PXE to simply Enabled. Press the escape key twice and then choose Save and Exit.
For now, choose the DVD-ROM drive as the boot device and proceed with the Mondo restore. If you don't see a Mondo Rescue screen within a minute or less, turn the machine off and then back on again. At the Mondo Rescue main screen, type nuke and press the Enter key. This will erase, repartition, and reformat your hard disk in case you didn't know. This is normal. If you get any kind of errors about incorrect drive or partition names and you really do have a T100, ignore them. Otherwise, halt the install by pressing CTL-ALT-DEL and remove the CD. You'll need to install PBX in a Flash using our standard ISO which is available here. Otherwise, go have a cup of coffee and come back in about 10 minutes. You'll be prompted to insert Disk 2 and press Enter to finish the install. When the second CD finishes, eject it and wait for the prompt. Then type "exit" and press Enter. Your T100 will reboot, and you're ready to go.
After the reboot finishes, type root at the login prompt for your username and password for your password. The IP address assigned by your DHCP server should appear on the status screen. Write it down. If there is no IP address, your machine does not have network connectivity or access to a DHCP server with an available IP address. Correct the problem and reboot.
Securing Passwords. We're going to change five passwords now. For the time being (until you've done some reading), think up one really difficult password (that you won't forget) and use it for all five passwords. At the root@pbx:~ $ command prompt, type the following commands and type in your new password when prompted. Don't forget your password or you'll get to put in your two CDs and start over.
passwd
passwd-maint
passwd-wwwadmin
passwd-meetme
/usr/libexec/webmin/changepass.pl /etc/webmin root yournewpasswordhere
Now, using a web browser, go to the IP address of your new PBX in a Flash server. Click the Admin tab, the password is password. Then choose the FreePBX Administration button. Log in as maint with your new maint password. Before you do anything else, change ALL of the 10 extension passwords to something very secure... as if your phone bill depended upon it! Click Setup, Extensions and then choose each extension, modify BOTH the device secret and Voicemail Password, and click Submit. When you finish all the extensions, then reload the dialplan to save your changes. Finally, change your DISA password to something very, very secure: Setup, DISA, DISAmain, PIN. Reload your dialplan once again to save your changes.
Regardless of what you may read elsewhere, the Orgasmatron III has all the very latest security patches as of today. If you want more security, take our advice and add a hardware-based firewall/router between your Internet connection and your new Orgasmatron III and don't expose port 80 (the web interface) to the Internet!
Permanently Setting the IP Address. There are different schools of thought on whether to use a fixed or dynamic IP address. Most hardware-based routers support DHCP IP address reservations. The simplest way to permanently secure the existing IP address for your server is to reserve it on your router. If you'd prefer to assign your own IP address, we have included the deprecated netconfig utility which can be run after logging into your server as root. Sometimes you will need to run it once, enter your settings, reboot, and then repeat the drill. Then you should be all set. Either way, you need a permanent IP address for your machine when all is said and done. Once you have a permanent IP address, hop on over to dyndns.org and sign up for your own fully-qualified domain name (FQDN), e.g. mypbx.dyndns.org. You're going to need it for a whole host of things with your new PBX, and dyndns.org is about the easiest way to do it. Once you have your FQDN and DynDNS username and password, log in as root and edit: /etc/ddclient/ddclient.conf. Search (Ctl-W) for ***. Fill in your username and password and uncomment those two lines. Then search for *** again, uncomment the next three lines and fill in your fully-qualified domain name. Save the file and service ddclient restart. To make sure everything worked, issue the following command: ddclient -force. Assuming there are no errors, issue the following command to start ddclient each time your server reboots: /sbin/chkconfig --add ddclient. Now the IP address of your Asterisk server will always resolve to your FQDN from DynDNS. And anyone can call you via SIP for free using the following SIP URI: mothership@yourFQDN.dyndns.org. You can take this a step further and sign up for a free incoming phone number at ipkall.com. For your account type, choose SIP. For your SIP phone number, enter: mothership. For your SIP proxy, enter the fully-qualified domain name (FQDN) for your server, e.g. mypbx.dyndns.org. Choose a password and enter your real email address, and they will beam you a Washington state phone number within a day or so. You can't beat the price!
Getting Phones to Work Reliably. If you or the the person at the other end of your calls only hears half the conversation or if your calls get abruptly disconnected after a few minutes, it's probably because you forgot to add IP addresses to tell SIP how to communicate with your Asterisk server sitting behind a firewall. Edit /etc/asterisk/sip_custom.conf and add an entry for your external IP address and also for your local (internal) subnet where Asterisk resides. Then restart Asterisk: amportal restart.
externip=68.28.142.83
localnet=192.168.0.0/255.255.255.0
If you have a dynamic IP address and you set up ddclient above with your fully-qualified domain name, we've created a little script to keep these entries up to date automatically. Just edit the following file:
/var/lib/asterisk/agi-bin/ip.sh
Fill in the correct entries for your fqdn and localnet. Then uncomment the last line in /etc/crontab which runs ip.sh once every 5 minutes.
Adding Plain Old Phones. Before your new PBX will be of much use, you're going to need something to make and receive calls, i.e. a telephone. For today, you've got several choices: a POTS phone, a softphone, or a SIP phone (highly recommended). Option #1 and the best home solution is to use a Plain Old Telephone or your favorite cordless phone set (with 8-10 extensions) if you purchase a little device (the size of a pack of cigs) known as an SPA-2102. It's under $70. Be sure you specify that you want an unlocked device, meaning it doesn't force you to use a particular service provider. Once you get it, plug the device into your LAN, and then plug your phone instrument into the SPA-2102. Note that this adapter supports two-line cordless phones! Your router will hand out a private IP address for the SPA-2102 to talk on your network. You'll need the IP address of the SPA-2102 in order to configure it to work with Asterisk. After you connect the device to your network and a phone to the device, pick up the phone and dial ****. At the voice prompt, dial 110#. The device will tell you its DHCP-assigned IP address. Write it down and then access the configuration utility by pointing your web browser to that IP address.
Once the configuration utility displays in your web browser, click Admin Login and then Advanced in the upper right corner of the web page. When the page reloads, click the Line1 tab and then repeat this drill for the Line2 tab if you want to connect the device to two extensions on your Asterisk system. Scroll down the screen to the Proxy field in the Proxy and Registration section of the form. Type in the private IP address of your Asterisk system which you wrote down previously. Be sure the Register field is set to Yes and then move to the Subscriber Information section of the form. Assuming you're using the preconfigured extensions starting with 701, do the following. Enter House Phone as the Display Name. Enter 701 as the User ID. Enter your actual password for this extension in the Password field, and set Use Auth ID to No. Click the Submit All Changes button and wait for your Sipura to reset. In the Line 1 Status section of the Info tab, your device should show that it's Registered. You're done. Now repeat the drill for Line2 using extension 702. Pick up a phone and dial 1234# to test out BOTH extensions.
Downloading a Free Softphone. Unless you already have an IP phone, the easiest way to get started and make sure everything is working is to install an IP softphone. You can download a softphone for Windows, Mac, or Linux from CounterPath. Or download the pulver.Communicator. Here's another great SIP/IAX softphone for all platforms that's great, too, and it requires no installation: Zoiper 2.0 (formerly IDEfisk). All are free! Just install and then configure with the IP address of your PBX in a Flash server. For username and password, use one of the extension numbers and passwords which you set up with FreePBX. Once you make a few test calls, don't waste any more time. Buy a decent SIP telephone. We think the best phone out there is the Aastra 57i for under $200. Another $100 buys you the Aastra 57i CT with a cordless DECT phone.
Configuring Aastra 57i SIP Phones. Your new system comes preconfigured to automatically configure up to 15 Aastra 57i phones. Plug each phone into your network and wait for it to boot. Once it boots, press the Option button, then Phone Status (3), then IP & MAC Address (1). Write down each phone's IP address and MAC address. Then press Done to exit from the menus.
Next, we need to tell your phone to use your new Asterisk server as the TFTP server to obtain its setup. Press the Option button again, then Admin Menu (5). Type 22222 for the admin password and press Enter. Then choose Config Server (1), then TFTP Settings (2), then Primary TFTP (1), enter the IP address of your new server, and press Done a half dozen times.
Log back into your server as root. Switch to the TFTP directory: cd /tftpboot. You'll notice that there are config files for up to 15 phones. Simply choose the extension number you wish to use for each phone AND rename each file (filenames are 701.cfg to 715.cfg) to the MAC address of each phone.cfg. Do NOT use hyphens or colons in the MAC address. Edit each of the .cfg files and replace the SIP line1 password with the new password you created for the extension using FreePBX. One final step and you'll be ready to load up your phones. We need to set the correct IP address to tell each phone where your server is located. So... issue the following command using the IP address of your new server instead of 192.168.0.123. Leave the rest of the command as it is!
sed -i 's|192.168.0.0|192.168.0.123|g' /tftpboot/aastra.cfg
Now restart each phone by pressing the Option button and then Restart Phone (6) and then the Restart button. Once the phone reboots, you can make a test call by dialing 1-2-3-4. You can get the latest news by dialing 5-1-1. Or get a weather forecast by airport code (6-1-1) or zip code (Z-I-P).
A Word About Ports. For the techies out there that want to configure remote telephones or link to a server in another town, you'll need to know the ports to remap to your new server from your firewall. Here's a list of the ports available and used by PBX in a Flash. We don't recommend exposing UDP 5038 which is used to communicate with Asterisk via the Asterisk Manager.
TCP 80 - HTTP (needed to access the web sites on your server from the Net)
TCP 22 - SSH (needed if you want remote SSH access)
TCP 9001 - WebMin (needed if you want remote WebMin access... not recommended!!!)
UDP 10000-62000 - RTP (needed for SIP communications)
UDP 5004-5037 - SIP (ditto)
UDP 5039-5082 - SIP (ditto)
UDP 4569 - IAX2 (needed for IAX connection between Asterisk servers)
Setting Up Trunks for Outgoing and Incoming Calls. If you want to communicate with the rest of the telephones in the world, then you'll need a way to route outbound calls (terminations) to their destination. And you'll need a phone number (DIDs) so that folks can call you. Unlike the Ma Bell world, you need not rely upon the same provider for both. And nothing prevents you from having multiple outbound and incoming trunks to your new PBX. At a minimum, however, you do need one outbound trunk and one inbound phone number unless you're merely planning to talk to other extensions set up on your system. We've actually put all the hooks in place to make it easy for you to interconnect to other Asterisk servers, but we'll save that for another day. For today, we want to get you a functioning system so that you can place outbound calls to anywhere in the world and can receive incoming calls from anywhere in the world.
For outbound calling, we recommend you establish accounts with several providers. We've included the necessary setups for Joe Roper's new service for PBX in a Flash as well as Vitelity and AOL. To register for the service, just visit the web site and register. To sign up to the service in the USA and be charged in US Dollars, please sign up here. To sign up for the European Service and be charged in Euros, sign up here.
In addition to being one of the least expensive providers, there's also the premium service option. You can prefix any number with 000 to try it out. Give it a try. We think you'll be pleased with the service AND the pricing. DIDs for inbound service are not yet available, but Vitelity has lots of them, and there's a link below to get you started.
Vitelity: One of the Best Providers on the Planet. If you're seeking the best flexibility in choosing an area code and phone number plus reasonable entry level pricing plus high quality calls, then Vitelity is a winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. For PBX in a Flash users, sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. You can't beat the price (except with us) and the call quality is excellent as well. We've tried just about everybody.
To sweeten the pot a bit more, we've preconfigured both inbound and outbound Vitelity trunks for you. For the vitel-inbound trunk, all you'll need to do is plug in your username, password, and host assigned by Vitelity and adjust the registration string to match your assigned username and password. In FreePBX, click Setup, Trunks, SIP/vitel-inbound and make the changes. Then adjust the vitel-outbound trunk to reflect your actual username in the fromuser and username entries, your real password in the secret entry, and the correct host provided by Vitelity for your outbound calls, and you're all set. In FreePBX, click Setup, Trunks, SIP/vitel-outbound and make the changes. The same setup drill will get you going the the PIAF VoIP service as well.
To test things out, pick up a phone configured on your system and dial an area code and number of someone in the United States or Canada. Now get someone to call you using your new number. Presto! You have inbound and outbound phone service. And, if you'd like to see just how good SIP service can be, pick up a phone on your system and dial D-E-M-O. This will connect you to the PBX in a Flash hosted demo applications server at Aretta Communications.
An Alternate Outbound Calling Solution. As we said, it costs you almost nothing to add an alternate outbound calling solution to your new system. As luck would have it, adding a third outbound calling provider is now a breeze because AOL just entered the SIP terminations market with a product called AIM Call Out. We wrote about it recently, and you can read the article here. All you need is an AOL or AIM account name and $5 to get you started. The system you've just installed is preconfigured to use AIM Call Out. All you have to do is plug in your username and password, and you can immediately make calls to anywhere in the United States for under 2¢ per minute. Adding international calling is as easy as inserting the correct dial string. If you never use it, it doesn't cost you a dime. So $5 is mighty cheap insurance in our book.
First things first. Sign up for the service at this link. Your username will look something like this: johndoe@aim.com. You also will be assigned a password. Using your web browser, open FreePBX by pointing to the IP address of your new server and choosing Administration, then FreePBX. Type in admin as your username and the password you assigned to your system. From the main FreePBX menu, choose Setup, Trunks, and click on SIP/AIM in the far right column. Scroll down to the Peer Details section of the form and replace yourAIMpassword with your new password. Then replace yourAIMaccountname with your actual AIM account name. Now click the Submit Changes button and then Apply Configuration Changes and Continue with Reload.
Setting Up an Alternate DID for Incoming Calls. You also may want to consider a second phone number where people can call you. For example, if Grandma and Grandpa happen to be in another state and still have an old fashioned telephone, you might consider adding an additional DID to your system in their area code. They then can make a local call to reach you by dialing the local DID. On the les.net pay-as-you-go plan, it costs less than a dollar a month plus a penny a minute for the calls. Money well spent if we do say so... and you'll sleep better.
If this setup looks a bit complicated, don't be intimidated. Remember, we're connecting your PBX to the rest of the world so people can call you! With les.net, you have a choice of rate plans for most DIDs. You either can pay $3.99 a month for unlimited inbound calls with two concurrent channels or 99¢ per month and 1.1¢ per minute with four concurrent channels. Just visit their site and click Signup to register. Once you are registered, click Login and then Order DIDs. Pick a phone number. Then click Peers/Trunks and Create New Peer. Write down the Peer Name as you will need it in a minute to set up your connection. Choose SIP for Peer Technology, RFC2833 for DTMF Mode, G.711 for Codecs, Registration for Peer Type, enter the public IP address of your server for Peer Address, make up a secure password and write it down also, specify an Outbound CallerID for your calls, and check the 10-digit dialing box. Leave voicemail unchecked since you'll handle this on your end. Save your changes.
Now choose Your DIDs and click on the one you just ordered. We now need to tie the phone number to the Peer setup you just created above. Click on the DID and select the Route to Peer which you just created. Check the Send DID Prefix box and leave everything else blank. Click Save Changes and you're finished at the les.net end. Now let's set up your inbound DID trunk in Asterisk using FreePBX.
Log into FreePBX using a web browser. Click Setup, Trunks and then Add SIP Trunk. Fill in the CallerID and then drop down to the Outgoing Settings section of the form. For Trunk Name, use the Peer Name that you created above and wrote down. It ought to look something like this: 1092832198. For Peer Details, enter the following using the Peer Name and Password you assigned at les.net:
canreinvite=no
context=from-trunk
fromuser=1092832198
host=did.voip.les.net
insecure=port,invite
nat=yes
secret=yourpassword
type=peer
username=1092832198
For Incoming Settings, use from-pstn for the User Context and enter the following User Details:
canreinvite=no
context=from-pstn
dtmfmode=rfc2833
insecure=port,invite
nat=yes
type=user
For the registration string, enter a string like the following using your Peer Name and Password:
1092832198:yourpassword@did.voip.les.net/1092832198
Now click the Submit Changes button and then Apply Configuration Changes and Continue with Reload.
Choosing a VoIP Provider That Supports Faxing. We've included a reliable fax solution in this build. You can review the details in this Nerd Vittles article. To test your machine, you can connect a real fax machine to one of the extensions using an SPA-2102. Then send a fax to extension 329 (F-A-X). But first you must configure your email address in two places using FreePBX: Setup, General Settings, Email address to have faxes emailed to AND Setup, Inbound Routes, any DID / any CID, fax Email. Once you've saved your settings, send the fax and see if it's delivered to your email address. If it works reliably, then the fax and email applications on your machine are configured correctly. Unfortunately, that's only half the battle. To receive faxes from outside your system, you'll also need a DID from a provider that supports faxing. And then it's still only about a 90% proposition... on a good day. We've tested this with many, many VoIP providers. Some work. Many don't. Some, such as Vitelity, offer a faxing service for a fee. Guess what? Their regular VoIP setup doesn't support faxing. Our old friends at Telasip.com still support faxing. We've also had good luck with Future-Nine and Teliax. You can read our fax dissertation here for more details. With the exception of the trunk setup covered in the article, all of the remaining setup steps already have been completed on your new server!
Interconnecting Two Asterisk Servers. We've preconfigured this build to support an IAX interconnect to a second PBX in a Flash system. The trunk setup for the second machine to match the setup on this build can be printed out. The filename is /root/MainPeerTrunkSetup.gif.
Choosing a Preferred Provider. Finally, you'll need to decide whether to use PIAF-USA or AOL or Vitelity as your primary terminations provider. HINT: Joe's new service is the cheapest! So we've set things up this way. This is handled in FreePBX in the Outbound Routes tab under the Default entry. You can adjust easily these in any way you like by adding trunks or moving entries up and down the list to change their priority. Just be sure to leave ENUM at the top of the list since ENUM calls are always free. If a free call isn't possible, your server will automatically drop down to the next trunk in the priority list. Don't add Vitelity to the list unless you have actually created a Vitelity account since they handle unsuccessful connections in a non-standard way which will cause FreePBX not to drop down to the next trunk to attempt a connection.
Activating the Stealth AutoAttendant for Inbound Calls. By default, all incoming calls are routed to the Day/Night Code 1 context which allows you to toggle calls between a Day setting and a Night setting by pressing *281. The Day setting for Code 1 is set to our Stealth Autoattendant which plays a brief greeting during which you can choose other options or direct dial extensions on your system before the call is passed to Ring Group 700. To change the options, edit MainIVR.
Activating Mondo Backups. We would be remiss if we didn't mention what a fantastic open source product Mondo Rescue is. It's the sole reason that today's build was possible. Our special thanks go to the development team: Bruno Cornec, Andree Leidenfrost, and Hugo Rabson. It is the first (and only) backup software for Linux builds that actually works reliably. The best way to prove that for yourself is to download the Orgasmatron III and try it for yourself. It has much more flexibility than what you will experience, but that would take another dozen pages to explain. We'll save that for another day. In the meantime, if you'd like more information, visit the Mondo Rescue web site.
WARNINGS: If you update the version of Mondo shipped with this distribution to the current version using either yum or a standalone RPM, you will break your backup system. The advantage of the newer version is that it can create bootable flash drives with your backup image. The disadvantage is that the restore process croaks and locks up your machine. So don't update for the time being. We'll let you know when it's safe to upgrade.
Particularly if you have more than one drive in your system, be aware that the device name for your USB flash drive may differ from the setting of /dev/sdb1 that is preconfigured in this backup. This depends upon the number of internal hard disks and the Dude that built your Dell.
To safely activate backups on a stock T100 configured as we've outlined above, here are the mandatory steps:
1. Format every USB stick you plan to use for backups. Insert the USB flash drive into the right USB slot on the front of your Dell T100. Log into your server as root and type: /root/usbformat.sh. Your USB flash drive is now formatted. Repeat the process for any additional USB flash drives. WARNING: Do not use this script if you have added additional drives on your system as it may inadvertently reformat the wrong drive! The script assumes you have one or two internal SATA drives and one USB stick inserted in the right USB slot on the front of your Dell T100.
2. Assign the proper device name to Mondo and activate it: With a formatted USB flash drive in place, log into your server as root and type: /root/usbdevice.sh. You're all set. A backup will be made each Sunday night. If no flash drive is present, the backup will be saved in /etc/usbmondo.
3. Run a test backup: With a USB flash drive in place, log in as root, and type: /etc/cron.weekly/disk-backup.cron. To be sure it worked, see #4.
4. Check the contents of your USB stick regularly! Plug it into the front right USB port, log in as root, and type usbcheck. It's a good practice to check this on Mondays to be sure you got a fresh backup on Sunday night!!
Other Backup Options. Of course, there are some other backup options. FreePBX is preconfigured to make an automatic backup of your FreePBX data once a week. This is controlled by the settings in Tools, Backup and Restore, WeeklyBackup. It currently is set to make a backup every Wednesday morning. You also may want to consider off-site backups. Amazon's S3 service is preconfigured including all necessary software and scripts. All you need is an account and password. For detailed instructions, see this Nerd Vittles' article.
Installing Cepstral on Your New Server. If you want real text-to-speech with Allison's familiar voice, then you'll need to buy Cepstral. It's dirt cheap for single, non-commercial use. To install it, run install-cepstral from the command prompt while logged in as root. At one point you'll be asked whether to create a missing directory for the Cepstral installation. Be sure to type y at the prompt rather than just pressing the Enter key. Instructions for registering your copy of Cepstral are displayed when the install completes. For complete documentation, read our previous tutorial.
Creating Your Own Hamachi VPN Network. We've saved the best for last today. This latest Orgasmatron III build includes the Hamachi VPN network software. All you have to do is initialize it. Once configured, you can add as many as 16 computers (including Windows, Mac, and Linux machines) to your own private virtual private network. Communications between all of your systems then will be encrypted by simply connecting to the other systems using their VPN network addresses (5.x.x.x). For complete setup instructions, take a look at our VPN in a Flash knol on Google. The entire setup takes less than 5 minutes.
News Flash: As we put this article to bed last night, we tried one final experiment. We took the bootable USB flash drive from our VPN in a Flash build for the Aspire One NetBook that was featured last week and plugged it into the Dell T100. Guess what, Dude? Twelve minutes later we had a perfect clone of the Aspire One build on our new Dell T100. So, if you're looking for a state-of-the-art operating system with a fantastic GUI interface to pair up with Asterisk and PBX in a Flash, we may have another surprise for you to ring in the new year with your new T100. And it should work splendidly on the older SC440 as well as other machines with any industry-standard SATA drive. For 2009, PBX in a Flash perhaps should be renamed PBX on a Flash. Imagine carrying a full-featured, preconfigured PBX around on your keychain. Now that should impress even your nerdiest friends. There still are a few kinks with the latest version of Mondo which have forced us to build our own custom patches to get a successful restore, but we're oh so close... Stay tuned!
Special Thanks. As another year comes to a close, we want to take a moment to thank all of you for reading Nerd Vittles. About 50,000 folks from 137 countries around the globe read Nerd Vittles every week. The Nerd Vittles Official Flag above shows all of your home towns. Incidentally, the countries are ordered by the number of actual visitors from each country.
Where To Go From Here. We've covered a good bit of territory today. When you're ready, move on to the second part of this article at the link below. In the meantime, you have a new phone system that works. And there are a number of PDF documents in the /root folder on your new system which are worth a read. Better yet, you can browse through all of the documentation which is available for PBX in a Flash by going here. You also can dial D-E-M-O on your new system and see just how powerful direct SIP connections can be to other Asterisk hosts (in this case, ours!)... at no cost. Finally, you can log into your server and type help-pbx for access to a treasure trove of additional features. Enjoy and have a Merry Christmas!
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest...
Introducing VPN in a Flash: The $499 Mobile Telephony Appliance with Asterisk
We’ve spent a lot of time designing turnkey Asterisk®-based systems from the early Asterisk at Home days until the latest Orgasmatron Builds1 for PBX in a Flash. So, trust us! Nothing comes close to the new VPN in a Flash Mobile Telephony Appliance. Having endured more than a decade of preparations for national emergencies, we are well aware of the need for well-designed telephony systems which can be deployed on a moment’s notice anywhere. We also appreciate the need for a versatile, portable communications appliance which can be toted from hotel room to hotel room providing secure VoIP communications back to the mothership. And we fully grasp the need of thousands of businesses to transparently deploy remote communications devices at far away places but in a way that they still can be supported from home base. With all that in mind, Tom King and I have spent the last several months designing this VoIP telephony appliance. Now let us introduce you to the new world2 of VPN in a Flash.
Until six months ago, the hardware simply wasn’t available to provide the GUI performance necessary to create such a portable appliance. But the Intel Atom® processor changed all of that. And now Acer has stepped up with an almost perfect mobile implementation of the Atom motherboard in the Aspire One® Netbook. Weighing in at just over two pounds, it’s totally portable but also a powerhouse. And it’s quiet.
On the software side, the stars all lined up when Fedora® introduced Fedora 10 last week, an almost perfect rendition of the Linux® operating system with every imaginable bell and whistle including a low-overhead KDE® GUI that rivals the very best of Windows® and Mac OS X®. Our challenge was to put all the pieces together and add the very best of the Asterisk® telephony world to the mix. And, of course, we wanted to accomplish all of this while staying true to our open source roots. We think this Fedora Remix3 meets that goal in spades! You certainly could build your own system from the ground up, and we would encourage you to download Fedora 10 and do that when you have a few months of free time on your hands. The new Fedora 10 build is a perfect platform for Asterisk and the latest state-of-the-art hardware. In the meantime, our rendition which configures everything to better support Asterisk in a mobile telephony environment should save you about 500 man-hours. Try it. You’ll see. 😉
We also wanted the new system design to include every imaginable communications bell and whistle on the planet including a flexible, turnkey virtual private network implementation, transparent support for wired and wireless networks, a built-in preconfigured softphone which is ready for business, and all of the Nerd Vittles utilities and FreePBX® functionality that has made PBX in a Flash such a hit.
Finally, a new Mondo backup script has been included that lets you clone your entire system to a $20 bootable USB flash drive for incredibly easy system recovery in the event of a hardware catastrophe. And the 2008 introductory price for these built-to-order systems: just $499 plus shipping to US-48 destinations. And there’s loads of documentation, too. With a little luck, a self-installing, bootable flash drive appliance for our friends outside of the United States should be available by early next year.
About the Face Lift. Well, it’s been a painful few days at Nerd Vittles Headquarters. Our former hosting provider, BlueHost, apparently hired a new recruit that deemed our CPU utilization unworthy… in the middle of the night last Thursday. He promptly shut down our site. For any of you considering shared hosting, this is one of the dirty little secrets of the industry. They may promise you unlimited disk storage and unlimited bandwidth, but they don’t really mean it. I’m reminded of Mark Twain’s old adage about bankers: "Bankers are the folks that hand you an umbrella when the sun is shining and want it back the minute it starts to rain." Internet hosting providers have some of the same gene pool unfortunately.
The sad part of the story is that BlueHost is one of the better providers in the United States, and we, in fact, have recommended them. Hundreds of our readers took us up on our BlueHost recommendation. It gets even worse. We provided free Asterisk support to the BlueHost folks about a year ago when they were attempting to reconfigure their queues. We even brought in a local consultant in their area to assist. Do you think we even got a return call from our fair-weather friends when we were trying to figure out why our site suddenly became a problem? Our site utilization has been fairly steady for more than two years! Suffice it to say, the phone never rang. But that’s all history now. Nerd Vittles has moved to our new high-performance server at WestNIC that also hosts the PBX in a Flash Forum, and we’re happy to be there.
Nothing’s ever simple, of course. WestNIC employs PHP5 while BlueHost still was using PHP4. Even though cPanel made the server transition easy, our particular version of the WordPress blogging software was more than a little long in the tooth. Everything at first appeared to work fine. But it turned out that you could no longer read individual posts. Call us picky but that was a deal breaker. What to do? Suffice it to say that 17 version upgrades later, we’re now current. The only fatality was a few recent comments which got deleted by operator error… mine. 🙄
All good blogs deserve a facelift at least once every five years, don’t you think? Well, we’re about a month shy of our Fifth Anniversary, but it was worth the effort. And the performance boost is nothing short of amazing. We hope you agree. Enjoy!
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
- If you don’t know what an Orgasmatron Build is, use the search function at the top of this page. [↩]
- And speaking of new worlds, lawyers love footnotes so you’d better get used to these little numbers. 🙂 We’ll break you in easy today. There are just a few of them. [↩]
- Fedora and the Infinity design logo are trademarks of Red Hat, Inc. Asterisk is a registered trademark of Digium, Inc. All other trademarks and registered trademarks are property of their respective owners. This software aggregation is neither provided nor supported by the Fedora Project and contains non-Fedora and modified Fedora content. Official Fedora software is available through the Fedora Project website. [↩]
The Lean, Mean Asterisk Machine: And Now It’s a Fax Machine
Hard to believe it’s been a year since PBX in a Flash hit the street, but today’s the Big Day! So Happy Birthday to us. With an estimated 100,000 downloads worldwide and over a million RSS feeds to our Kennonsoft User Interface each month, you might be wondering what keeps us going with all the reported venture capital behind Big Orange and Lime Green. Well, we’re glad you asked. Truth be told, it’s the cushy offices (in our kitchens) and the endless flow of generous contributions from grateful users. Heh, heh! Seriously, there are some real reasons that account for the popularity of PBX in a Flash. Bottom Line: It Just Works! And here’s a representative sample of other feedback from our fans:
- Currency – The PBX in a Flash distribution is always up to date. Our separate payload file makes it easy. No one else has anything close. So their builds are almost always long in the tooth.
- Upgradability – Unlike the competition, you don’t have to start all over each time a new version of Asterisk® or Linux hits the street. We’ll have more to say about our new SUSHI (Software Update Service – Hyperlinked, Interactive) in coming weeks.
- Flexibility – PBX in a Flash remains the only distribution that builds Asterisk from source. Even Digium®’s own distribution now uses RPMs. When you add new hardware or upgrade the Linux kernel to plug a security vulnerability, you’ll understand why this is critically important.
- Support – PBX in a Flash has the best support group in the business. It’s called the PBX in a Flash Forum, and it’s free. Unlike the competition, you don’t have to pay to get help on basic technical issues with our product. And you don’t normally wait more than an hour or two for a response. That’s what Open Source is all about!
- Security – We take security seriously. It’s our number one priority. When there’s a known problem, we don’t hide it or ignore it. We fix it right now. And the RSS Feed that’s part of our KennonSoft User Interface lets you know about it immediately. You can make your own comparisons and draw your own conclusions with regard to the other distributions.
- No Slimeware – We’re up front about the way we operate and why. We don’t create backdoors or Trojan Horses in our distribution that phone home for any reason. We notify users of issues through an RSS Feed. We believe it’s up to you, not Big Brother, to decide whether to protect your own system. As permitted by the GPL, we do encrypt some of our freeware installation scripts because of the conduct of some in this business that pass off the work product of others as their own.
- No Bugs – People chuckled when we began a year ago with this mantra because of the experience we all had in days of old. We still believe it and do our best to keep the PBX in a Flash distribution bug free. If you don’t believe it, visit our forums and then visit the others. Some bugs obviously are beyond our control, but we do endeavor to steer users toward stable versions of open source products that can be used reliably in almost any business environment.
So there’s a quick update on how we’re doing and why we do things the way we do. Unlike a year ago, there are lots of choices now in the marketplace. If you’re still on the fence, the nice part of the open source movement is that it doesn’t cost you anything to try several flavors and make your own decision. Ultimately, we think you’ll choose PBX in a Flash for all of the reasons we’ve mentioned.
2011 Update: This article has been updated to support Asterisk 1.8 using HylaFax, AvantFax, and IAXmodem. Click here for the latest article.
Welcome Back Faxing. That brings us to today’s topic: adding a fax machine to your PBX in a Flash system. With all the distributions, there have been numerous fax options. And the one word that describes most of them is P-A-I-N-F-U-L. We’ve been searching for a way to return to the good ol’ Asterisk@Home days with NVfax. It just worked. Well, today it works again with PBX in a Flash and Asterisk 1.4. And, yes, it should work on the other distributions as well. I’ve had mixed emotions about whether to protect the install script, but I’ve chosen to release it in unencrypted format because I think we all can benefit from the contributions of others while still giving credit to those that contribute. And, yes, I know there’s a difference of opinion about this… for some very good reasons. But the Nerd Vittles contribution to VoIP technology has always been distribution agnostic, and we’ve decided to keep it that way. We’re equally delighted that Philippe Lindheimer has left the hooks in FreePBX to support NVfax so, once you complete this install, you can manage incoming fax calls from the comfort of the FreePBX user interface… even in distributions which no longer call it FreePBX. Ever wonder why these folks didn’t also rename Asterisk while they were in the lobotomy business?
How It Works. There are two pieces to the new faxing mechanism. For inbound faxing, you simply set FreePBX to use NVfax to listen for a fax tone on inbound trunks. We’ve found that 5 is the magic number for detecting a fax tone on most inbound calls. YMMV! You also can dial local extension 329 (F-A-X) and the extension will listen for an incoming fax. In either instance, if a fax tone is detected, the call is routed to a fax context that converts the incoming fax to a PDF document which is then sent to your email address specified in your Fax Handling setup for each Inbound Route on your system. The correct answers for Fax Handling are Fax Extension: System, Fax Email: any email address that works, Fax Detection Type: NVFax, and Pause After Answer: 5. Don’t forget to also enter the Fax Machine Settings under the Setup->General Settings tab in FreePBX. For outbound faxing, we can’t recall this ever working with NVfax, but it does now. Here’s how to set things up. Create a PDF document of anything you wish to send by fax. Name the document so that it corresponds with the phone number of the fax destination, e.g. 6789991234.pdf would mean you plan to send the PDF document to a fax device at the following phone number: 678-999-1234. Now place the document in the /tmp directory on your server. Next, pick up a phone on your system and dial 32948 (F-A-X-I-T). When prompted for the destination fax phone number, key in 6789991234. Once you receive an acknowledgment that your fax has been sent, hang up. It doesn’t get much easier than that.
Prerequisites. Well, there are lots of them. But a stock installation of Asterisk with CentOS works great so long as you also have outbound emailing working and you’ve installed a text-to-speech engine. Either Flite or Cepstral works just fine. All of the bundled distributions should suffice. We actually only use TTS to generate the voice prompts for the outbound faxing so, if you don’t need that functionality, no TTS engine is required. If you need help with outbound emailing, see our PBX in a Flash knol. There also are setup instructions for Gmail and Comcast in the PBX in a Flash forum.
Installing the Fax Software. We’ve written a script which handles all of the heavy lifting for you. Just log into your server as root and issue the following commands:
cd /root
wget http://pbxinaflash.net/source/fax/fax.pbx
chmod +x fax.pbx
./fax.pbx
In less than a minute, you should be all set.
Configuring the Fax Software. First, edit the [faxit] context in /etc/asterisk/extensions_custom.conf to plug in your actual fax number to be displayed on outbound faxes. It should be the 17th line up from the bottom of the file. Save your changes and reload Asterisk: amportal restart. Now load FreePBX using your favorite browser and make the Fax Machine entries in Setup->General Settings. Remember that your return email address must match your server domain name that you set up in /etc/hosts to get outbound email flowing, e.g. pbx.dyndns.org. Next, for each of your Inbound Routes in which you wish to enable fax detection, edit the entry and fill in the Fax Handling options we previously mentioned. To repeat, the correct answers are Fax Extension: System, Fax Email: any email address that works, Fax Detection Type: NVFax, and Pause After Answer: 5. Finally, add Misc Destinations for Fax (329) and FaxIt (32948). Reload your dialplan, and you should be ready to go.
Testing Things Out. The easiest way to assure that your system is properly configured is to attach a real fax machine to an FXS device on your system. Then send a fax to extension 329 (F-A-X). You should receive the fax via email shortly thereafter. That’s only half the battle unfortunately. If you want to receive faxes from outside your PBX, you also need to find a VoIP provider that properly supports faxing. Suffice it to say, all VoIP providers are not created equal when it comes to fax support. Our Best of Nerd Vittles article on faxing will provide some suggestions as well as a few tips and tricks. If you have a standard POTS line connected to an FXO device on your Asterisk server, that’s an even better option. Just make certain that fax detection is enabled on the inbound route for that line.
Don’t be misled by the brevity of this article. It in no way is a measure of the effort that it’s taken to make NVfax work again. One way that you can show your appreciation for the good deeds of others is through the Donate link at the top of our page. There’s no obligation, of course, but it does keep the Little Mrs. from regularly asking, "Tell me again why you do this?" Enjoy and thanks in advance.
Getting Started with PBX in a Flash. There’s a great deal of literature on PBX in a Flash that is yours for the taking. But we wanted to mention a terrific new series of articles in Mark Berry’s blog that are especially well suited for those just learning about VoIP. Have a look. We think you’ll agree.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…