Home » Posts tagged 'VitalPBX' (Page 3)
Tag Archives: VitalPBX
One Minute Wonder: Introducing VitalPBX for VirtualBox
Last week we took VitalPBX to the Cloud with our rock-solid firewall. And this week we’ll show you how to get VitalPBX up and running on any desktop computer in less than a minute using VirtualBox®. If you’ve followed Nerd Vittles over the years, you already know that VirtualBox from Oracle® is one of our favorite platforms. Almost any desktop computer can serve as a VirtualBox hosting platform. And once VirtualBox is installed, adding VitalPBX is a snap. Download the VitalPBX image, initialize your MAC address, start up the VM, and boom. Instant PBX perfection! The really nice thing about our tutorials is it doesn’t cost you a dime to try things out for yourself. And the Incredible PBX® feature set is included as well. Just add your credentials and speech-to-text, voice recognition, and a Siri-like interface are as close as your nearest SIP phone. Splurge with a $4.99 one-time purchase to add Google Voice, and you’ve got unlimited free calling in the U.S. and Canada. So why wait? Let’s get started.
Installing Oracle VM VirtualBox
Oracle’s virtual machine platform inherited from Sun is amazing. It’s not only free, but it’s pure GPL2 code. VirtualBox gives you a virtual machine platform that runs on top of any desktop operating system. In terms of limitations, we haven’t found any. We even tested this on an Atom-based Windows 7 machine with 2GB of RAM, and it worked without a hiccup. So step #1 today is to download one or more of the VirtualBox installers from VirtualBox.org or Oracle.com. Our recommendation is to put all of the 100MB installers on a 4GB thumb drive.1 Then you’ll have everything in one place whenever and wherever you happen to need it. Once you’ve downloaded the software, simply install it onto your favorite desktop machine. Accept all of the default settings, and you’ll be good to go. For more details, here’s a link to the Oracle VM VirtualBox User Manual.
Installing Incredible PBX for VitalPBX VM
To begin, download the Incredible PBX for VitalPBX .ova image (1.0 GB) to the computer on which you installed VirtualBox.
Next, double-click on the VitalPBX .ova image on your desktop. Be sure to check the box to initialize the MAC address of the image and then click Import. Once the import is finished, you’ll see a new VitalPBX virtual machine in the VM List of the VirtualBox Manager Window. Let’s make a couple of one-time adjustments to the VitalPBX configuration to account for differences in sound and network cards on different host machines.
(1) Click once on the VitalPBX virtual machine in the VM List. Then (2) click the Settings button. In the Audio tab, check the Enable Audio option and choose your sound card. In the Network tab for Adapter 1, check the Enable Network Adapter option. From the Attached to pull-down menu, choose Bridged Adapter. Then select your network card from the Name list. Then click OK. That’s all the configuration that is necessary for VitalPBX.
Running VitalPBX in VirtualBox
Once you’ve imported and configured the VitalPBX Virtual Machine, you’re ready to go. Highlight the VitalPBX virtual machine in the VM List on the VirtualBox Manager Window and click the Start button. The standard CentOS boot procedure will begin and, within a few seconds, you’ll get the familiar Linux login prompt. During the bootstrap procedure, you’ll see a couple of dialogue boxes pop up that explain the keystrokes to move back and forth between your host operating system desktop and your virtual machine. Remember, you still have full access to your desktop computer. Incredible PBX for VitalPBX is merely running as a task in a VM window. Always gracefully halt VitalPBX just as you would on any computer.
Here’s what you need to know. To work in the VitalPBX virtual machine, just left-click your mouse while it is positioned inside the VM window. To return to your host operating system desktop, press the right Option key on Windows machines or the left Command key on any Mac. For other operating systems, read the dialogue boxes for instructions on moving around. To access the Linux CLI, login as root with the default password: password. Change your root password immediately by typing: passwd.
VitalPBX comes preconfigured so we need to login to the virtual machine for one primary reason, to obtain the IP address of VitalPBX. Once you’ve deciphered the IP address, point your favorite web browser at the IP address you wrote down. You’ll be prompted to create an admin password for your PBX and then you’ll be asked to register the PBX with Telesoft.
We’re assuming your VitalPBX VM is set up behind a hardware-based firewall. If not, you should immediately configure the firewall as documented in our VitalPBX in the Cloud article.
First, you’ll need to change the password for Extension 701: PBX:Extensions:Edit:701. The Edit option is the four-bar icon in the upper right corner of the VitalPBX dialog window. Click Save and Reload your Dialplan.
Next, you’ll need to register a Google Voice trunk with the Simonics SIP/GV Gateway for a one-time fee of $4.99. This gets you unlimited incoming and outgoing calls to the U.S. and Canada if you live in the U.S. Otherwise, set up a SIP trunk and enter your credentials in PBX:External:Trunks:SIP. If you’re using the Simonics gateway, the SIP trunk already has been set up. Just enter your credentials and change Disable Trunk to NO as shown below:
CAUTION: In choosing a DID for outbound calls with Incredible PBX, we strongly recommend that you use a Google Voice trunk. The reason is that, as long as your Google Voice account has no money allocated to it, Google will manage outbound calls to 10 and 11-digit phone numbers and block those that may incur enormous long distance charges from unscrupulous "merchants" in certain Caribbean countries. If you don’t heed our recommendation, we urge you NOT to link an Inbound Route to the Incredible PBX custom context. It’s your phone bill.
If you plan to use VitalPBX for "real work," then you’ll also want to change the Conference credentials for 2663 (C-O-N-F): PBX:Applications:Conference.
The VitalPBX virtual machine comes preconfigured to direct all incoming calls to Allison’s Demo IVR for Incredible PBX. If you’d prefer some other setup, change the Destination of the Default Inbound Route: PBX:External:Inbound Route:Default.
Configuring Incredible PBX for VitalPBX
In order to take advantage of all the Incredible PBX applications, you’ll need to obtain IBM text-to-speech (TTS) and speech-to-text (STT) credentials as well as a (free) Application ID for Wolfram Alpha.
NOV. 1 UPDATE: IBM has moved the goal posts effective December 1, 2018:
This Nerd Vittles tutorial will walk you through getting your IBM account set up and obtaining both your TTS and STT credentials. Be sure to write down BOTH sets of credentials which you’ll need in a minute. For home and SOHO use, IBM access and services are FREE even though you must provide a credit card when signing up. The IBM signup process explains their pricing plans.
To use Wolfram Alpha, sign up for a free Wolfram Alpha API account. Just provide your email address and set up a password. It takes less than a minute. Log into your account and click on Get An App ID. Make up a name for your application and write down (and keep secret) your APP-ID code. That’s all there is to getting set up with Wolfram Alpha. If you want to explore costs for commercial use, there are links to let you get more information.
In addition to your Wolfram Alpha APPID, there are two sets of IBM credentials to plug into the Asterisk AGI scripts. Keep in mind that there are different usernames and passwords for the IBM Watson TTS and STT services. The TTS credentials will look like the following: $IBM_username and $IBM_password. The STT credentials look like this: $API_USERNAME and $API_PASSWORD. Don’t mix them up. 🙂
All of the scripts requiring credentials are located in /var/lib/asterisk/agi-bin so switch to that directory after logging into your server as root. Edit each of the following files and insert your TTS credentials in the variables already provided: nv-today2.php, ibmtts.php, and ibmtts2.php. Edit each of the following files and insert your STT credentials in the variables already provided: getquery.sh, getnumber.sh, and getnumber2.sh. Finally, edit 4747 and insert your Wolfram Alpha APPID.
Using Asteridex with VitalPBX
AsteriDex is a web-based dialer and address book application for Asterisk and VitalPBX. It lets you store and manage phone numbers of all your friends and business associates in an easy-to-use SQLite3 database. You simply call up the application with your favorite web browser: http://vitalpbx-ip-address/asteridex4/. When you click on a contact that you wish to call, AsteriDex first calls you at extension 701, and then AsteriDex connects you to your contact through another outbound call made using your default outbound trunk that supports numbers in the 1NXXNXXXXXX format.
Before AsteriDex Click-to-Call will work, you must authorize AsteriDex to access Asterisk from your browser. After logging into your server as root, edit the following file in /etc/asterisk/ombutel: manager__50-ombutel-user.conf. For each public IP address you wish to authorize, add an entry like the following immediately below the existing permit entry in the file. The non-routable IP address subnets already have been configured so, if you’re using a browser behind the same firewall as VitalPBX, you can skip this step. Otherwise reload the dialplan after adding public IP addresses: asterisk -rx "dialplan reload"
permit=12.34.56.78
Taking Incredible PBX for a Test Drive
You can take Incredible PBX for VitalPBX on a test drive in two ways. You can call our server, and then you can try things out on your own server and compare the results. Call our IVR by dialing 1-843-606-0555. For our international friends, you can use the following SIP URI for a free call: 10159591015959@atlanta.voip.ms. For tips on setting up your own secure, hybrid SIP URI with VitalPBX, see our original tutorial. The FreePBX® setup is virtually identical except for the location of the custom SIP setting for match_auth_username=yes. On a VitalPBX server, you will enter it here: Settings:Technology Settings:SIP Settings:CUSTOM.
With Allison’s Demo IVR, you can choose from the following options:
- 0. Chat with Operator — connects to extension 701
- 1. AsteriDex Voice Dialer – say "Delta Airlines" or "American Airlines" to connect
- 2. Conferencing – log in using 1234 as the conference PIN
- 3. Wolfram Alpha Almanac – say "What planes are flying overhead"
- 4. Lenny – The Telemarketer’s Worst Nightmare
- 5. Today’s News Headlines — courtesy of Yahoo! News
- 6. Weather by ZIP Code – enter any 5-digit ZIP code for today’s weather
- 7. Today in History — courtesy of OnThisDay.com
- 8. Chat with Nerd Uno — courtesy of SIP URI connection to 3CX iPhone Client
- 9. DISA Voice Dialer — say any 10-digit number to be connected
- *. Current Date and Time — courtesy of VitalPBX
You can call your own IVR in two ways. From an internal VitalPBX phone, dial D-E-M-O (2663) to be connected. Or simply dial the number of the DID you routed to the Incredible PBX Custom Context. Either way, you should be connected to the Incredible PBX IVR running on your VitalPBX server. Be sure that you heed AND test the CAUTION documented above. Enjoy!
Originally published: Monday, April 9, 2018
Got Friends? 7 Countries Have Never Visited Nerd Vittles. 2018 Is Calling! https://t.co/wMfmlhAr16 #asterisk #freepbx #wazo #issabel #IncrediblePBX #3CX pic.twitter.com/kAmAEnwVIw
— Ward Mundy (@NerdUno) January 9, 2018
Need help with VitalPBX? Visit the VitalPBX Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
- Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. [↩]
VitalPBX in the Cloud: Providers, Backups, & Airtight Security
Last month we introduced VitalPBX, a terrific new (free) VoIP platform that’s about as intuitive as software can get. We followed up with a dozen Incredible PBX applications that really showed off the flexibility of this new Asterisk® platform. And today we’re pleased to introduce two new cloud solutions that offer our whitelist firewall design for security plus automatic backups. Both Digital Ocean and Vultr offer terrific performance coupled with a $5/month price point that is easy on your wallet. Our tip of the hat goes to Digital Ocean this month because they are again offering a $10 credit on new accounts while also generously supporting Nerd Vittles. That translates into two free months of VitalPBX in the Cloud service for you to kick the tires. If you like what you see, you can spring for the extra $1 a month and add automatic backups to your $5/mo. bill going forward. With a $10 credit, what’s to lose?
To get started, set up an account with one of these cloud providers and create a $5 a month server with 64-bit CentOS 7 in your choice of cities. Once you have your root password, log into your new server as root using SSH or Putty. On Digital Ocean, you will be prompted to change your password the first time you login. On Vultr, you have to manually do it by issuing the command: passwd. Then you’re ready to begin the VitalPBX install. Just issue the following commands and then grab a cup of coffee.
cd /root yum -y install wget nano tar wget https://raw.githubusercontent.com/wardmundy/VPS/master/vps.sh chmod +x vps.sh ./vps.sh
The base install takes less than 15 minutes to complete. When it’s finished, use a web browser from your desktop PC and log into the IP address of your new VitalPBX server. You’ll be prompted to set up an admin password for GUI access and then you register your server with Telesoft. Should you ever forget your admin password, here’s how to force a reset on your next login from a browser:
mysql ombutel -e 'update ombu_settings set value = "yes" where name = "reset_pwd"'
After logging in, you’ll be presented with the VitalPBX Dashboard:
From here, the drill is pretty much the same as what was outlined in our original VitalPBX tutorial. So jump over there to complete your set up and configure extensions, trunks, routes, and a few other settings for your new PBX. Then pick back up here to secure your server!
Security Methodology. What is different on the cloud platform is you don’t have a hardware-based firewall to protect your server. So we’ll need to configure VitalPBX using its built-in firewalld and Fail2Ban applications. Our preference is to use a whitelist of IP addresses to access your server and its resources. In that way, the Bad Guys never even see your server on the Internet. Our security philosophy is simple. If you can’t see it, you can’t hack it.
In addition to a WhiteList of public IP addresses, we also will enable a secure NeoRouter VPN front door to your server as well as a PortKnocker backdoor thereby providing three separate and secure ways to gain server access without publicly exposing VitalPBX to the Internet. If you have a better way, by all means go for it. After all, it’s your phone bill.
Firewall and Fail2Ban Setup. To begin, login to the VitalPBX GUI with a browser using your admin credentials. Then do the following:
(1.) Add NeoRouter VPN Protocol TCP Port 32976 in Admin:Security:Firewall:Services.
(2.) Add NeoRouter VPN Action ACCEPT rule in Admin:Security:Firewall:Rules.
(3.a.) WhiteList your client and server IP addresses in Admin:Security:Firewall:WhiteList.
(3.b.) WhiteList 127.0.0.1 (for localhost) and 10.0.0.0/24 (for NeoRouter VPN).
(3.c.) WhiteList the IP addresses of any potential unregistered trunk providers.
(3.d.) WhiteList the public IP addresses of any extensions you plan to install.
(4.) Enable Fail2Ban in Admin:Security:Intrusion Detection.
(5.a.) WhiteList your client IP address(es) in Admin:Security:Intrusion Detection:Whitelist.
(5.b.) WhiteList the NeoRouter VPN subnet, 10.0.0.0/24, as well.
(6.) Remove the following rules from Admin:Security:Firewall:Rules
SIP HTTP HTTPS SSH IAX2 PJSIP
(7.) Reload the VitalPBX dialplan by clicking the Red indicator (upper right of the GUI).
(8.) Verify IPtables WhiteList: iptables -nL | grep ACCEPT
(9.) Verify Fail2Ban WhiteList: grep -r ignoreip /etc/fail2ban/jail.d/*
Travelin’ Man 3 Addition. One of the major shortcomings in the firewalld implementation of IPtables is the lack of any support for fully-qualified domain names in their WhiteList. For those that want to use dynamic DNS updating services with custom FQDNs to manage remote user access to your server, this is a serious limitation even though PortKnocker alleviates some of the misery. So here’s our solution. We have reworked the Travelin’ Man 3 toolkit for VitalPBX so that you can use command line scripts to add (add-ip and add-fqdn), remove (del-acct), and manage (ipchecker) your WhiteList using either IP addresses (add-ip) or FQDNs (add-fqdn). The automatic update utility (ipchecker) will keep your FQDNs synchronized with your dynamic IP address service by updating the WhiteList every 10 minutes between 5 a.m. and 10 p.m. daily. Keep in mind that this is a supplement to the existing VitalPBX firewall setup documented above. And we only recommend that you add it if you plan to implement automatic management of dynamic IP addresses with FQDNs for your extensions and remote users.
If you plan to use the TM3 addition, you are strongly urged to not make further firewall changes using the VitalPBX GUI unless (1) you can also remember to keep your desktop PC’s IP address whitelisted in VitalPBX and (2) you remember to restart IPtables (iptables-restart) in the CLI after having made firewall changes in the VitalPBX GUI. Otherwise, you will lose your Travelin’ Man 3 WhiteList entries which means folks will get locked out of your server until the TM3 WhiteList is updated by running iptables-restart. All TM3 WhiteListed entries are stored and managed in individual text files in /root with a file extension of .iptables. Do not manually delete them!
To install the TM3 addition, issue the following commands:
cd / wget http://incrediblepbx.com/tm3-vitalpbx.tar.gz tar zxvf tm3-vitalpbx.tar.gz rm -f tm3-vitalpbx.tar.gz echo "/usr/local/sbin/iptables-boot" >> /etc/rc.d/rc.local chmod +x /etc/rc.d/rc.local systemctl enable rc-local echo "*/10 5-22 * * * root /usr/local/sbin/ipchecker > /dev/null 2>&1" >> /etc/crontab
Using DynDNS to Manage FQDNs. The key ingredient with Travelin’ Man 3 is automatic management of dynamic IP addresses. When a user or even the administrator moves to a different location or IP address, we don’t want to have to manually adjust anything. So what you’ll first need is a DynDNS account. Other free providers are available but are less flexible. For $40 a year, DynDNS lets you set up 30 FQDNs and keep the IP addresses for those hostnames current. That’s more than ample for almost any small business but, if you need more horsepower, DynDNS.com can handle it. What we recommend is setting up a separate FQDN for each phone on your system that uses a dynamic IP address. This can include the administrator account if desired because it works in exactly the same way. When the administrator extension drops off the radar, a refresh of IPtables will bring all FQDNs back to life including the administrator’s account. Sounds simple? It is.
Getting Started with Travelin’ Man 3. Here are the 5 tools that are included in the TM3 suite for VitalPBX:
- add-ip some-label ip-address – Allows you to add an IP address to the WhiteList
- add-fqdn some-label FQDN – Allows you to add an FQDN to the WhiteList
- del-acct some-label.iptables – Deletes an IP address or FQDN from WhiteList
- ipchecker – Runs every 10 minutes to synchronize FQDNs; do NOT run manually
- iptables-restart – Restarts IPtables and adds TM3 WhiteListed IPs and FQDNs
- iptables-boot – Loads TM3 WhiteListed IPs and FQDNs on boot only
- show-whitelist – Displays contents of both VitalPBX and TM3 WhiteLists
Using Email to Manage Your WhiteList. We have one new addition to Travelin’ Man 3 for the VitalPBX platform. Now your authorized users can send an email to the VitalPBX server to whitelist an IP address and gain access. Two different passwords are supported and can be handed out to different classes of PBX users, e.g. administrators and ordinary users. Using the "permanent" password lets someone add an IP address to the VitalPBX whitelist permanently. Using the "temporary" password lets a user add an IP address to the whitelist until the next reboot or firewall restart. In both cases, the administrator gets an immediate email showing the whitelisted IP address, who requested it, and the type of whitelist entry that was requested. The syntax for the email request is straight-forward. Just send an email to the special email account set up to handle these requests and include a Subject for the message that looks exactly like this where 8.8.8.8 is the IP address to be whitelisted and some-password is one of the two passwords: WhiteList 8.8.8.8 PW some-password
As most of you know, we’re sticklers for security, and there’s plenty of it here. First, we recommend you use an obscure FQDN for your server so that it is not easily guessed by someone wanting to do harm. Second, we assume your IP address also won’t be published. Third, the email account name also should be obscure. Think of it as another password. For example, martin432 would be a good choice while whitelist would be pretty lousy. Keep in mind that the only people sending mail to this account will be folks that need immediate access to your PBX. Finally, BOTH of the passwords to use the email feature need to be long and difficult to decipher. A mix of alphanumeric characters and upper and lowercase letters is strongly recommended because it makes successful penetration nearly impossible.
To begin, we need to reconfigure your VitalPBX Firewall to accept incoming email on TCP port 25. In Admin:Security:Firewall:Services, Add a new service that looks like the following: Name: SMTP Protocol: TCP Port: 25. Then SAVE your entry.
Next, we need to add a VitalPBX Firewall Rule that allows incoming SMTP traffic. In Admin:Security:Firewall:Rules, Add a new rule: Service: SMTP Action: Accept. Then SAVE.
Next, we need to log into the Linux CLI as root to do a couple of things. First, we need to reconfigure Postfix to accept emails from outside our server. Replace 8.8.8.8 with the actual IP address of your server. Replace smtp.myserver.com with the actual FQDN of your server. If you don’t have one, simply remove the FQDN from the command.
yum -y install mailx postconf -e "mynetworks = 127.0.0.0/8, 8.8.8.8" postconf -e "mydestination = smtp.myserver.com, localhost.localdomain, localhost" postconf -e "inet_interfaces = all" postconf -e "recipient_delimiter = +" service postfix restart
Second, we need to add an email account to process the incoming emails. Replace someuser on each line with that obscure account name you plan to use for incoming emails. Then send yourself a test email and be sure it arrives. The last command cleans out the mail account.
adduser someuser --shell=/bin/false --no-create-home --system -U echo "test" | mail -s "Hello World" someuser mail -u someuser > /var/mail/someuser
Finally, we need to set up your passwords and admin email address in /root/mailcheck. To begin, insert your actual mail account name in the following command by replacing realuser and then execute the command:
sed -i 's|someuser|realuser|' /root/mailcheck
Now edit /root/mailcheck with nano or your favorite editor and change the TempPW, PermPW, and MyEMail entries. Then save the file and add the following entry to /etc/crontab:
*/3 5-22 * * * root /root/mailcheck > /dev/null 2>&1
CAUTION: Because of the bifurcated nature of the integration of TM3’s WhiteList into the VitalPBX firewall setup, be advised that you never want to make a change in the VitalPBX GUI’s firewall configuration without assuring that the desktop machine from which you are making that change is already included in the VitalPBX Whitelist (see #3.a., above). The same applies to issuing an iptables-restart from the Linux CLI. The reason is there are two separate whitelists and either of these actions would temporarily disable the TM3 WhiteList until the iptables-restart procedure was executed AND completed. In both situations, you most probably would be locked out of web and SSH access to your own server. A VitalPBX firewall reload only restarts firewalld with the VitalPBX WhiteList, and an iptables-restart from the CLI first restarts firewalld without the TM3 WhiteList rules and then adds the TM3 WhiteList rules after the firewalld reload is completed. We have added safeguards to some of the TM3 utilities to keep you from shooting yourself in the foot by requiring the VitalPBX WhiteList addition before you can use the TM3 iptables-restart and del-acct utilities; however, this is not the case with ipchecker which typically runs as a cron job from localhost. Because there is no safeguard mechanism, do NOT run it manually unless you’re sure you first have whitelisted your desktop PC’s IP address in the VitalPBX GUI (see #3.a., above). Without getting down in the weeds, we also have no ability to control the internal workings of the VitalPBX firewall. Should you get locked out of your server, there are three remedies. The first is the email solution documented above. The second is to use PortKnocker to regain access. The third is to use the localhost console in the Digital Ocean or Vultr control panel to issue the iptables-restart command. You might want to print this out for a rainy day. 🙂
PortKnocker Installation. You may not know the remote IP addresses of everyone using your PBX, and some of your users may travel to different sites and need a temporary IP address whitelisted while using a WiFi hotspot. And, not that it would happen to you, but once in a while an administrator locks himself out of his own server by changing IP addresses without first whitelisting the new address. The solution to all of these problems is easy with PortKnocker. The user simply sends three sequential pings to ports known only by you and your users using the machine or smartphone that needs access. You can read our original tutorial for more detail. For today, let’s get PortKnocker installed and configured with your three random ports. You can review the assignment at any time by displaying /root/knock.FAQ which also explains how to send the knocks using a desktop machine or a smartphone.
cd /root wget http://incrediblepbx.com/knock-vitalpbx.sh chmod +x knock-vitalpbx.sh ./knock-vitalpbx.sh
As with other Incredible PBX Travelin’ Man 3 implementations, IP addresses whitelisted using PortKnocker only last until the next reboot, or until you issue the following command firewall-cmd --reload
(does not reload TM3 WhiteList), or until you execute a firewall update from within the VitalPBX GUI (does not reload TM3 WhiteList), or until you issue the command iptables-restart
which restarts the firewall AND loads the TM3 WhiteList entries. To permanently WhiteList IP addresses, follow the procedure in Step #3 above or add the entries using the TM3 utilities documented in the previous section.
NeoRouter Installation. A virtual private network (VPN) is perhaps the safest way to access any server including VitalPBX. All of your communications is securely encrypted and you connect to the server through a network tunnel using a non-routable, private IP address. There are many VPNs from which to choose. Our personal favorite is NeoRouter because up to 256 devices can be interconnected at zero cost, and you can set the whole thing up in minutes with virtually no networking expertise. If you want all of the background on NeoRouter, see our latest tutorial.
NeoRouter uses a star topology which means you must run the NeoRouter Server application on a computer platform that is accessible over the Internet all the time. Then each of the remote devices or servers runs the NeoRouter Client application, connects to the server to obtain a private IP address, and then can communicate with all of the other devices connected to the VPN. If you already have a NeoRouter Server in place, then you can skip the server installation step and skip down to installing the NeoRouter Client on your VitalPBX server.
NeoRouter Server Setup. If you’re just getting started with NeoRouter, the first step is setting up the NeoRouter Server on a platform of your choice. If you’re using the Automatic Backup feature of Digital Ocean or Vultr, then your VitalPBX server is probably as good a site as any. NeoRouter Server uses minimal resources, and outages shouldn’t be a problem except for hurricanes, tornados, and bombs. But, just so you know, if the NeoRouter Server is down, none of the NeoRouter Clients can access the VPN or any other clients so you’d have to resort to public IP addresses for network access.
To install NeoRouter Server on your VitalPBX platform, log into your server as root and issue the following commands:
cd /root wget http://download.neorouter.com/Downloads/NRFree/Update_2.3.1.4360/Linux/CentOS/nrserver-2.3.1.4360-free-centos-x86_64.rpm rpm -Uvh nrserver-2.3.1.4360-free-centos-x86_64.rpm
Next, create at least one account with administrator privileges and one account with user privileges to your NeoRouter VPN:
nrserver -adduser admin-name admin-password admin nrserver -adduser user-name user-password user
The commands to manage NeoRouter Server are a little different on the CentOS 7 platform. Here’s what you’ll need:
Start on boot: systemctl enable nrserver.service
Check status: systemctl status nrserver.service
Restart server: systemctl restart nrserver.service
Change settings: nrserver -help
NeoRouter Client Setup. Whether you’re running NeoRouter Server on your VitalPBX platform or not, you’ll still need to install and configure the NeoRouter Client software in order to access the server through the VPN using a remote computer, smartphone, or tablet. NeoRouter Clients for Linux, Windows, Macs, FreeBSD, Mobile, OpenWRT, Tomato, and HTML5 are available here. Be sure to choose the NRFree V2 platform tab before downloading a client, or you’ll get the wrong client software and nothing will work! Ask us how we know.
To install NeoRouter Client on your VitalPBX platform, log into your server as root and issue the following commands:
cd /root wget http://download.neorouter.com/Downloads/NRFree/Update_2.3.1.4360/Linux/CentOS/nrclient-2.3.1.4360-free-centos-x86_64.rpm rpm -Uvh nrclient-2.3.1.4360-free-centos-x86_64.rpm
As with NeoRouter Server, the commands to manage NeoRouter Client are a little different on the CentOS 7 platform. Here’s what you’ll need:
Start on boot: systemctl enable nrservice.service
Check status: systemctl status nrservice.service
Restart client: systemctl restart nrservice.service
Login to VPN: nrclientcmd
The main requirement after installing the software is to login to your VPN: nrclientcmd
. You’ll be prompted for the FQDN or IP address of your NeoRouter Server and then the admin or user credentials. If successful, you’ll get a display of all the machines logged into the VPN, including the VitalPBX server.
NeoRouter Network Explorer – somebody@vultr.guest
> My Computers
10.0.0.2 vultr.guest
Available Commands: changeview, wakeonlan, setproxy, changepassword, quit
Enter command:
The next step is to download and install NeoRouter Client software on your desktop computer and smartphone. Then you can remotely connect to your VitalPBX server from those platforms. In our example above, you could login to 10.0.0.2 with either SSH or your web browser and never have to worry about whitelisting your remote machines with VitalPBX.
Checking VitalPBX Status. As with other Incredible PBX platforms, we have reworked the pbxstatus utility to support VitalPBX. Running it from the command prompt will display the status of all of the key services on your PBX. Note the addition of the VPN’s IP address which tells you that NeoRouter Client is alive and well:
Configuring Automatic Backups. When you’re ready to enable backups for a Digital Ocean droplet, navigate to the list of droplets for your account. Click the Droplet name for which you’d like to enable backups, and then click the Backups menu item. This will display the cost of backups for the given droplet. Click the Enable Backups button to enable backups.
The Vultr setup is similar. Automatic backup settings are managed through the Vultr control panel. Once you log into your account, visit the server’s management area, click on your server in the dialog, and then click on the "Backups" tab for your VPS. Click Enable Backups. On either platform, the backup option adds a $1 a month to the cost of the $5 server. That’s pretty cheap insurance.
Originally published: Monday, April 2, 2018
Got Friends? 7 Countries Have Never Visited Nerd Vittles. 2018 Is Calling! https://t.co/wMfmlhAr16 #asterisk #freepbx #wazo #issabel #IncrediblePBX #3CX pic.twitter.com/kAmAEnwVIw
— Ward Mundy (@NerdUno) January 9, 2018
Need help with VitalPBX? Visit the VitalPBX Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Meet the New Kid on the Block: Introducing (free) VitalPBX
If you liked Ombutel, you’re going to love VitalPBX. If you’ve never heard of Ombutel but you live and breathe Asterisk®, you’re still going to love VitalPBX. For everyone else, you’re going to love VitalPBX. In addition to an impressive collection of commercial modules, this month’s release of the VitalPBX 2.0 Unified Communications Platform provides the slickest user interface in the VoIP universe. It includes new support for PJsip, DPMA and Digium phones, XMPP chat, video conferencing, WebRTC, and our favorite, Custom Contexts. What began several years ago as a joint development project between Telesoft and Xorcom is now an independent venture of Telesoft. If you love Features, VitalPBX has no equal:
VitalPBX has many open source and GPL components including Asterisk 13.19.0, however, VitalPBX is a freeware product much like FreePBX® which blends commercial modules and proprietary components into its distribution. It’s not our favorite business model, but we certainly understand the rationale given the disappointing GPL history in the VoIP space. For our testing purposes, Telesoft has generously provided free licenses to commercial modules. We would hasten to add that no features requiring payment were used in this article or in the demo applications accompanying it. We will cover the commercial applications requiring payment at a later date.
Incidentally, when you get around to exploring the commercial offerings, keep in mind that all of them come with a free tier to let you try things out:
- Custom Contexts – 1 free context
- IVR Stats – 1 free IVR
- Sonata Switchboard – 1 free layout for 15 extensions
- Sonata Billing – free for 8 extensions
- Sonata Recordings – free for 8 extensions
- Domotic – completely free
- Phone Books – completely free
- Bulk Extensions – completely free
Today we want to walk you through getting a VitalPBX server set up so that you can kick the tires for yourself. Down the road, we’ll demonstrate the ease with which you can add your own components including Incredible PBX® to the mix. If you are accustomed to setting up FreePBX-based Asterisk servers, then installation and configuration of VitalPBX will be a walk in the park. Currently, you install VitalPBX from an ISO so you have a choice of platforms: dedicated hardware, VMware ESXi, VirtualBox, or a limited number of cloud platforms such as Vultr that support custom ISO installs. Be sure to read our security warnings below before choosing a cloud-based platform without a hardware-based firewall.
A Word About Security. VitalPBX includes both an IPtables firewall configurator for firewalld and a Fail2Ban intrusion detection setup that is impressive. Having said that, the IPtables firewall is activated but allows unrestricted SIP and web access with no rules to thwart SipVicious-style attacks. Unless you’re an expert in firewall design, we strongly recommend deployment of VitalPBX on a private LAN behind a hardware-based firewall or home router with no port forwarding. That will block intrusion attempts without encountering NAT problems which VitalPBX and Asterisk 13 now handle with ease.
Getting Started. Begin by downloading the VitalPBX 2.0 ISO to your desktop. The ISO installation process is a traditional CentOS® 7 procedure so you can follow one of our existing VoIP tutorials to get things set up on the platform of your choice. Once the install finishes, use a web browser to access the IP address of your VitalPBX server. You’ll be prompted to set up an admin password for GUI access and then you register your server with Telesoft. Should you ever forget your admin password, here’s how to force a reset on your next login from a browser:
mysql ombutel -e 'update ombu_settings set value = "yes" where name = "reset_pwd"'
After logging in, you’ll be presented with the VitalPBX Dashboard:
Navigation Tips. The GUI is incredibly intuitive, but there’s always a learning curve with something new. We’ll save you a little stumbling around looking for things or wondering why your settings in the UI didn’t take. Here’s a quick cheat sheet. All of the UI features are housed under menus in the left column. When you choose an option, it opens a submenu. And, when you click + beside an item on the submenu, it exposes additional choices. For example, to work on Outbound Routes, you’d choose PBX, External +, Outbound Routes:
Two other important icons are housed in the upper right corner of the GUI. Whenever you add or make changes to settings in the GUI, you need to reload the Asterisk dialplan by clicking on (1) the flashing icon. Otherwise, your settings will not be available. Ask us how we know. 🙂
After you add a new extension, trunk, or route, you’ll see (2) the four-bar icon which you click to access existing settings which you’ve already entered. Otherwise, you’ll be staring at a blank screen without your new entries. There’s nothing more disconcerting than adding a few extensions only to have them disappear the next time you navigate to PBX:Extensions. 🙂
Finally, at the top of the center panel of the GUI, VitalPBX (literally) keeps tabs on items you’ve recently worked on. It makes it extremely convenient to return to the item without having to once again drill down through the menus:
Initial Setup. As with most PBXs, the initial setup involves creating some Extensions, connecting some Trunks, and setting up Outbound and Inbound Routes to process calls to and from your PBX. The other hundreds of features are pure gravy which you can explore at your leisure. If we covered them all, you’d be reading a book instead of an article.
Extension Setup looks like this using VitalPBX to generate the extension password:
Trunk Setup. You can use Google Voice with the Simonics GV/SIP Gateway for free calling in the U.S. and Canada. There is a one-time setup charge of $4.99 if you follow this Nerd Vittles link. We recommend using Google Voice for outbound calls where possible. Then, for inbound calls and redundancy, add a separate trunk with a customized DID from a provider such as our platinum sponsor, Vitelity. See the end of this article for a deal you can’t refuse. The VitalPBX Trunk setup in PBX:External:Trunks:SIP would look like the following for the Simonics GV/SIP gateway:
Outbound Route Setup is virtually identical to the FreePBX format. Here’s a typical Google Voice route to let users dial 10-digit numbers while letting Google discard expensive NANPA calls to problematic area codes in the Caribbean and elsewhere. We actually recommend adding a second Dial Pattern for 1NXXNXXXXXX so that calls dialed with both 10 and 11-digits are supported. This will also facilitate implementation of some of the Incredible PBX add-ons down the road.
Inbound Route Setup also is similar to FreePBX. A default route can be configured by simply defining the Route Description as Default and specifying a Destination for all incoming calls that don’t otherwise have a matching inbound route.
Email Configuration. One of the other things you’ll want to get working is email delivery for Voicemails. The VitalPBX solution is the best in the business. It supports Gmail as a RelayHost out of the box. For residential users where your ISP blocks downstream SMTP mail servers, this is a godsend. Setup couldn’t be easier. Navigate to Admin:System Settings:Email Settings. For Server, click Use External Mail Server. For Provider, click Gmail and enter your full Gmail account name and password. Click Save and Reload your Dialplan. Then send yourself a test message by entering an email address and clicking the Envelope icon.
Updating Time Zone. If the date command incorrectly displays the time on your server, you can change it with the following commands using your correct zone in the second command:
timedatectl list-timezones timedatectl set-timezone America/New_York
What’s Next? You now have a perfectly functioning PBX. Connect one or more softphones or SIP phones, and you’re ready to go. As we mentioned at the outset, the next step is to explore all of the menu options and review the VitalPBX Reference Guide. It really is a book!
The Fun Stuff. The icing on the VitalPBX cake is the add-on applications. Some are free, some are limited in some way, and some are commercial. You can review what’s available here. Then load the currently available listing into the GUI by choosing Admin:Add-ons:Add-ons:Check Online. To get started, install Bulk Extensions (free), Custom Contexts (one free context or $50 for unlimited), and Phone Books (free). Once you’ve installed all three, refresh your browser and go to PBX:Applications:Custom Contexts.
Step #1. Set up a Custom Context like this. Then click Save/Update and Reload Dialplan.
Step #2. Adjust Destination of Inbound Route to point to Incredible PBX Custom Context.
Step #3. From the Linux CLI while logged in as root, use nano to create the following file: /etc/asterisk/ombutel/extensions__80-1-incrediblepbx.conf:
[incrediblepbx] exten => s,1,Answer exten => s,n,NoOp(My custom context) exten => s,n,Dial(SIP/701,30) exten => s,n,return()
Step #4. Reload your Asterisk dialplan: asterisk -rx "dialplan reload"
Step #5. Place a call to an incoming trunk on your PBX while watching the Asterisk CLI. The tail of the incoming call should look something like the following which shows the incoming call directed to the Custom Context and from there to extension 701.
Now that you understand the VitalPBX theory behind Custom Contexts, you’ll be ready to dive into Incredible PBX applications which will be coming soon to a VitalPBX platform near you.
NOV. 1 UPDATE: IBM has moved the goal posts effective December 1, 2018:
Homework. Yes. Everyone needs a little homework once in a while. Before our next chapter in the VitalPBX saga, you’re going to need an IBM Cloud account with access to Watson TTS and Watson STT. It’s free. These services will be used for the Incredible PBX TTS and Voice Recognition apps for Asterisk including News and Weather reports as well as Voice Dialing with AsteriDex. This Nerd Vittles tutorial will walk you through getting your IBM account set up. Don’t install any of the scripts in that tutorial. We’ll have fresh ones in coming weeks customized for VitalPBX. For home and SOHO use, both IBM access and our scripts are FREE.
Coming Attractions. We’ve set up a VitalPBX demo server with VMware ESXi running on our private LAN. Most of the Incredible PBX demo applications already are operational, and you’re more than welcome to try them out by calling the IVR at 1-843-606-0555. Many of these apps make use of the IBM Cloud services for voice recognition and text-to-speech content rendering so you can preview what you’ll be getting in our next VitalPBX chapter.
- 0. Chat with Operator — connects to extension 701
- 1. AsteriDex Voice Dialer – say "Delta Airlines" or "American Airlines" to connect
- 2. Conferencing – log in using 1234 as the conference PIN
- 3. Wolfram Alpha Almanac – say "What planes are flying overhead"
- 4. Lenny – The Telemarketer’s Worst Nightmare
- 5. Today’s News Headlines — courtesy of Yahoo! News
- 6. Weather by ZIP Code – enter any 5-digit ZIP code for today’s weather
- 7. Today in History — courtesy of OnThisDay.com
- 8. Chat with Nerd Uno — courtesy of SIP URI connection to 3CX iPhone Client
- 9. DISA Voice Dialer — say any 10-digit number to be connected
- *. Current Date and Time — courtesy of VitalPBX
Continue Reading:
Introducing the Incredible PBX Custom Context for VitalPBX
VitalPBX in the Cloud: Two $6/month Providers with Backups
VitalPBX Security: Firewall, PortKnocker, & NeoRouter VPN
VitalPBX on the Desktop: Introducing VitalPBX for VirtualBox
Originally published: Monday, March 19, 2018
Got Friends? 7 Countries Have Never Visited Nerd Vittles. 2018 Is Calling! https://t.co/wMfmlhAr16 #asterisk #freepbx #wazo #issabel #IncrediblePBX #3CX pic.twitter.com/kAmAEnwVIw
— Ward Mundy (@NerdUno) January 9, 2018
Need help with VitalPBX? Visit the VitalPBX Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.