## PBX in a Flash + Incredible PBX makes setting up FreePBX + Asterisk easy

Asterisk is a very powerful open source telephony platform. I’ve described how to install it and configure Google Voice with it in the past. Setup is quite complicated for a newbie to get started. I was never able to set it up to the point for me to connect to the Asterisk server using the SIP protocol to make calls. Luckily, there is FreePBX which makes configuring Asterisk a lot easier. Even better, there are PBX in a Flash (PIAF) and Incredible PBX (choose different PIAF versions) ISO’s that make creating a PBX sandbox server quite easily. With these tools, I will be able to have my own conference call number and fax number for personal use.

Although PIAF is based on CentOS, a Linux I had zero experience with, the installation process was a breeze. I will describe my adventures based on this guide. At the time of this writing, PBX in a Flash 2 with CentOS 6 was just released, but I will stick with the version based on CentOS 5.7 as CentOS 6 requires more system resources and I am using the platform on an old P4 computer with 1 gig of ram.

## Getting help

Before I outline any instructions, let note where you can get help. The best place to go is probably #freepbx on irc.freenode.com. It gets quiet sometimes, but just ask questions and be patient. Also, describe what you did to arrive at your current situation, and whatever advice they give you, just do it.

I also used the PIAF Help forum to get help, although I think more pro’s are over at #freepbx. However, new users cannot post immediately (will show as banned). I had to go through the hoops and contacted the forum owners through many channels to get myself the ability to post.

On the FreePBX admin page, mouse-over different categories on a page for a description of what the options are.

## Installation

First, download the 32-bit PIAF as described here. I created a bootable USB flash drive from the ISO file (pbxinaflash-FlashDrive-17571.iso) using unetbootin. After booting up the flash drive, I selected to install PIAF-purple (long term support version). CentOS will then be installed. After it reboots, scripts will automatically install Asterisk, FreePBX, additional modules, and all necessary dependencies. Note that internet access is required for the installation process as files are downloaded and installed on the fly. After PIAF is installed, log in as root and issue:

cd /root
wget http://incrediblepbx.com/incrediblepbx2.x
chmod +x incrediblepbx2.x
./incrediblepbx2.x
/root/incrediblefax.sh
shutdown -r now


All necessary modules are now installed.

## Security measures + remote sip connections

It is important to keep your system as secured as possible. Ideally, it should be sitting behind a firewall (hardware) with no ports exposed to the internet. That is, users connecting to the PBX server for phone service should be on the same local network as the server. If your server is exposed to the internet, at least take these precautions:

1. Don’t allow root login for ssh. Use a different user for ssh access.
2. Expose only the necessary ports. Don’t expose ports 80, 9080 (freepbx), and 9001 (webmin).
3. Strong passwords for everything: root (also used for webmin), user, maint (freepbx web interface), and even the asterisk extensions.

To disallow root login via for ssh and create a new user for regular access, do

vi /etc/ssh/sshd_config
## create non-root user to login to ssh.  As root, do
passwd newuser ## enter in password
## give newuser the power of sudo
vi /etc/sudoers
## log out and login as newuser
## add to ~/.bashrc of newuser
export PATH=$PATH:/usr/kerberos/sbin:/usr/kerberos/bin/:/usr/local/sbin:/usr/sbin/:/sbin/  If you are behind a NAT firewall (router), forward these ports if they are relevant (remote sip connection): SSH: 22 TDP/UDP IAX: 4569 UDP; to connect to server via IAX protocol remotely SIP: 5060 UDP; to connect to server via SIP protocol remotely RTP: 10000-20000 UDP (/etc/asterisk/rtp.conf); voice connections Don't open 80/9080 (freepbx administration) and 9001 (webmin)  For remote sip connection, I believe you also need to go to Tools (top of page) > Asterisk SIP Settings. Then modify the NAT settings: external IP and Local network (eg: 192.168.1.0/255.255.255.0). Click “Auto Configure” to automatically do this. I originally had my server exposed to the world thinking the server is quite secure. I still think it’s pretty secure as Fail2ban and iptables work quite well; see this experience with trying to connect to a SIP extension from outside (remote connection) where the extension was restricted to only internal IP addresses. Basically, if you fail to authenticate any service (ssh, http, sip, etc.) a few times, the server will no longer respond to you (all services) until the pbx server is restarted. My current setup: pbx behind a router with only the necessary ports opened as advised by all the experts. One issue I encountered was that I was able to register a sip connection on the local network but not remotely across the internet, even though all my ports were forwarded. Using the following method, I realize that my connection to port 5060 never made it to the server: asterisk -vvvvvr sip set debug on ## debug sip registrations. if you are trying to register a connection and you don't see any activity here, then your packets never made it to the server  Even if I removed the firewall (router) and exposed all ports to the internet (DMZ), I was not able register a remote sip connection. I later realize it was because of iptables (Linux firewall) on the pbx server. See this for more details. After executing the following command, iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT  I was able to register a remote sip connection. To make this permanent, I added the rule via Webmin (http://local.ip:9001/). Your pbx server needs to respond to inquiries from ports 5060, 4569, and 10000-20000 UDP; I think somehow 5060 was set as TCP instead of UDP during installation, so I had to fix it manually. Restart the server to have the new rule take effect. Thank you n3glv, navaismo, adam1, and [TK]D-Fender from #freepbx for your help. To guard against bots scanning for pbx servers, it might be wise to change the sip port for each extension from 5060 to something else. ## Google Voice Follow the instructions described here. Note: after submitting any changes, you need to click on the orange button on the top that says Apply Configuration Changes for it to take effect. Not doing this deferred my pbx installation by 2 months as I couldn’t get GV to work. I thought there was an issue with my setup even though I followed the guide step by step. It turned out to be this simple Apply Configuration Changes button at the top. I set up 3 GV accounts: 1 as a phone account, 1 as a fax account, and one as a conference call account. To help debug asterisk, as root, execute asterisk -vvvvvr to get into the command line interface. Some helpful commands: jabber show connections ## see if gtalk accounts are connected reload jabber  ## Set up extensions Go to the extensions page in the FreePBX admin page. Pick an extension (e.g., 701). Change secret to a more secured password. Modify the deny and permit fields to restrict the IP address of devices/softphones connecting to this extension. If connecting from outside the network, you can leave both fields blank or enter in the appropriate IP address. ## Assign a GV account (trunk) to be the default outbound route for an extension This is a little tricky. Go to the “Outbound Routes” page. For outbound routes that you want an extension to always use, drag them up the list to the right. In the “Dial Patterns that will use this Route” section, add in the CallerId option (extension number) for whatever pattern you want; this is crucial for wanting an extension to use a single trunk. For example, you can put NXXNXXXXXX for the matched pattern field and 701 for the CallerId field. Now, whenever a 10 digit phone number is entered for extension 701, it will use that specific outbound route. Additionally, you can put NXXXXXX for the matched pattern field, 701 for the CallerId field, and your three digit area code for prepend for 7 digit dialing. Remember, for this to work, no outbound route above the current outbound route (right of page) should have any unrestricted dial pattern that matches the ones defined for the current outbound route. ## Assign inbound calls of a DID to an extension On the “Inbound Routes” page, add an incoming route with DID Number to be the phone number you want assigned to fax (e.g., a google voice number). Under “Set Destination”, choose Extensions and choose 701 (or another extension) to it’s side. Make sure to Apply Configuration Changes after submitting. ## Fax On the “Inbound Routes” page, add an incoming route with DID Number to be the phone number you want assigned to fax (e.g., a google voice number). Under “Set Destination”, choose Custom Destinations and choose Fax (Hylafax) to it’s side. Make sure to Apply Configuration Changes after submitting. ## Conference Call On “Conferences” page, fill in the fields “Conference Number” (anything), “Conference Name” (anything), “User PIN” (pin for all users to enter conference), and “Admin PIN” (pin for owner). Then choose your Conference Options; I set it to wait for leader. On the “Inbound Routes” page, add an incoming route with DID Number to be the phone number you want assigned to fax (e.g., a google voice number). Under “Set Destination”, choose Conferences and choose the conference name you just set up previously. Make sure to Apply Configuration Changes after submitting. ## Restart You need to restart asterisk (sudo amportal restart) or restart the computer (sudo shutdown -r now) for a lot of these settings to take effect. ## Server not responding? When you fail to connect (wrong password) to certain services (web, ssh, sip) about 3 times, Fail2Ban will kick in and not respond to you anymore. You have to restart the server for it to respond to you again. ## Accessing FreePBX and Webmin web interfaces remotely Since the web ports of the pbx server are not exposed to the internet, you can’t remotely access the web configuration pages. You also need to use the web interface to send faxes. To do so, you could either ssh into the server and use firefox (yum install firefox). Another possibility is to forward the necessary ports: ssh -f -N -L 9080:localhost:9080 username@pbx.server ssh -f -N -L 9001:localhost:9001 username@pbx.server  Now, on your local computer, you can type http://localhost:9080 to get to the FreePBX web interface. ## Google Voice on Asterisk with an Auto-attendant and free calls I’ve heard about Asterisk for some time now since using VoIP services such as Google Voice, Gizmo5, Sipgate and Skype. Most of these services allow you to receive unlimited phone calls for free; you just need to register the service using a sip client, such as Ekiga on Linux, telephone on Mac OS X, sipdroid on an Android phone with unlimited data. The only “fancy” thing I did with these services was receive Google Voice calls on Gizmo5 and using the voicemail feature for parents in my local youth group to leave messages (so I don’t have to release my personal phone number or talk to them…I am a busy person). Before I continue, I just want to say that I really like Google Voice as a service. You get a free phone number that you can forward to different phones, including the VoIP provider Gizmo5. The voicemail transcription is just awesome; I even set my personal cell phone to use GV as it’s default voicemail application over the network provider’s. If you use an Android phone, you get the GV app that let’s you read voicemails and text messages, send text messages and call using the GV phone number. Most recently, you can even receive and call any US number for free! I recently wanted to set up an auto-attendant with GV so my youth group’s main phone number could be routed to the specified person when parents need to speak with us; I really don’t like to give out our personal phone numbers, not because we don’t want to talk to parents, but because they still call you (thinking you’re in charge) when other volunteers have taken over your position at the group. Searching for “free auto-attendant” or the likes yielded a few services. I checked out Phonebooth but it didn’t really do what I wanted to or is very limited; either that or I didn’t know how to set it up. I remembered Asterisk and finally looked more into it. According to Wikipedia), Asterisk is an open source PBX (Private Branch Exchange). It’s called Asterisk (*) because once the original author wrote a program to connect a computer to the telephone system, he realized anything could be done with the program. Hence asterisk meaning anything. I will now outline how to set up Google Voice to receive and forward calls with Asterisk, along with playing messages for the caller to hear. This is what I want to have for my youth group. Note figuring out this entire process was hard because I am not familiar with phone systems and networking. The folks from #asterisk on freenode was very helpful. Before I start, let me mention that the free book on asterisk is the definitive guide on learning this stuff. Reading the Dialplan section is a must for learning how to handle calls (play message, forward, etc). Debugging is a must when seeking help in the irc channel, forum, or mailing list. ### Install Asterisk on a Linux system I will provide instructions for how to install the plain Asterisk version, not AsteriskNow or the many derived products. You can install it using apt-get on Debian/Ubuntu, but we’ll need version 1.8 to get Google Voice working with Asterisk without going through another VoIP provider. I’ll install it from the 1.8 branch of the svn version: sudo apt-get install libiksemel-dev libssl-dev libncurses5 g++ libxml2-dev svn co http://svn.digium.com/svn/asterisk/branches/1.8 cd 1.8 ./configure make sudo make install sudo make samples  This will install asterisk. Be default, Asterisk needs to be run under the root user. sudo asterisk would start it. sudo asterisk -r will connect to a CLI on the current machine with asterisk running. sudo asterisk -c will start Asterisk and go directly into the CLI. ### Google Voice setup Edit the following files in /etc/asterisk/. jabber.conf and replace gmail.address with yours, and tnttspJabber with what you want to call this connection: [general] debug=yes autoprune=no autoregister=yes [tnttspJabber] type=client serverhost=talk.google.com username=gmail.address/gmail ;; either will work ;;username=gmail.address/Talk secret=password port=5222 usetls=yes usesasl=yes statusmessage="I am an asterisk server." ;required timeout=100  gtalk.conf: [general] ;;context=default ;; you can specify here too allowguest=yes bindaddr=0.0.0.0 [guest] context=tnttsp ;; context in extensions.conf disallow=all allow=ulaw connection=tnttspJabber ;; refer to the connection name in [ ] in jabber.conf  This will make asterisk connect to GV via the jabber protocol. It is as if you are logged into gtalk in gmail, where you can send and receive phone calls. The dialplan, the configuration in extensions.conf, is what we tell asterisk to do when a call is received from a channel or what to do when digits are pressed in a call. Please read it in the book. A basic hello world example and the ability to dial out in extensions.conf: [general] [globals] [tnttsp] exten => s,1,Answer() ;;exten => s,n,Wait(10) exten => s,n,Wait(1) exten => s,n,SendDTMF(1) ;;needed for google voice; otherwise, only call to computer in gmail will work and not calls made to google voice exten => s,n,Playback(hello-world) ;; call exten => _1NXXNXXXXXX,1,Dial(Gtalk/tnttspJabber/+${EXTEN}@voice.google.com)


Some references for this setup are here, here (look in comments), here, and here (look in comments).

Note that to dial out, you need to use something like an AMI script or be in Asterisk. I have not yet figured out how to connect a sip client to asterisk to be able to dial out because I am not that savvy with networking. Sip client and asterisk needs to be directly connected to each other, and having the host and/or client behind firewalls make things complicated.

For wav files to be played using Playback() or Background(), make sure

1. File paths do not include the extensions, such as .wav. For example, /home/username/sound/mysound not /home/username/sound/mysound.wav.
2. Wav files need to be mono and 8000 Hz. Use the following script to convert them:
#! /bin/bash

## http://wiki.kolmisoft.com/index.php/Convert_WAV_file_to_Asterisk_playable_format
## http://www.voip-info.org/index.php?content_id=3339
for file in "$@" do mv$file ORG$file sox ORG$file -r 8000 -c1 -s \$file rate -ql
done


I have not tested mp3 files.