Archive for the ‘VOIP’ Category.
This is part 1 of a series of posts on setting up an Elastix extension with A2Billing. See here for details of the other parts – Using A2Billing to account for extension calls in Elastix
Log in to Elastix -
Continue reading ‘Part 1 – Create a test extension in Elastix’ »
Skype have recently updated their iPhone application to work over 3G. When combined with Skype For Asterisk from Digium it is now possible to call in to your Asterisk server for free over 3G. Unfortunately though this will only last for a short time as Skype are planning on charging for Skype to Skype calls over 3G (I’m not sure how the mobile operators feel about this as they will be the ones losing out on the call revenue!)
Skype on the iPhone is not really useful for receiving calls as, unless the Skype application is running, it is not logged it. Roll on iPhone 4 and multi-tasking!
Once the Skype for Asterisk software is installed and configured it is possible to create Inbound Routes in FreePBX as normal to route the incoming Skype calls to their destination -
Continue reading ‘Using iPhone Skype over 3G with Asterisk and FreePBX’ »
One of the most useful features of Asterisk is the ability to have multiple geographic or non-geographic telephone numbers route to your Asterisk server. These numbers can be regular telephone numbers, based anywhere in the world.
Another feature that many people use are conference rooms. Combining these 2 features it’s possible to host conference calls accessibly by both internal extensions and callers dialling regular telephone numbers.
To demonstrate this I have set up a conference room that is accessible by dialling one of 3 regular phone numbers.
Try for yourself by calling -
Calling any of these numbers will put you through to the same conference room. Usually there would be a user and admin pin number for the conference room but there is none for this demonstration.
The conference call is hosted on a Sysadminman VPS.
For more information on setting up a conference call in FreePBX see here.
The sysadminman demo system is now running FreePBX 2.7 and A2Billing 1.6.
Please see here for access details – http://sysadminman.net/blog/2009/live-demo-freepbx-2-5-and-a2billing-1-4-vps-909
WARNING: be very careful when editing IPTables firewall rules. It is relatively easy to completely disable access to your machine.
All Sysadminman VPSs come with IPTables enabled. However to allow for VOIP traffic both SIP and IAX ports are opened.
If you know that your VOIP providers and all extensions are on fixed IP addresses then it is possible to limit connections to just those addresses.
Continue reading ‘Limiting SIP/IAX connections to Asterisk with IPTables’ »
A sysadminman template VPS comes already setup to use SSL (https) for web connections to a2billing and FreePBX. However, this is using a locally signed ssl certificate so you will receive a certificate warning when accessing your VPS. This is no less secure but can create a poor impression depending who will be accessing the site.
It’s relatively straight forward and inexpensive to get yourself a valid, externally signed, certificate.
The sysadminman template uses lighttpd as the web server so you need to follow these instructions -
Log in to your VPS as root:
Continue reading ‘Namecheap SSL certificate for Sysadminman VPS’ »
There is an interesting discussion on the PBX-in-a-Flash forums here regarding an Asterisk security announcement.
If you write custom Asterisk contexts outside of FreePBX then you should read through how to do this securely. You should not be using wildcard pattern matching as this could be used to create channels in a manner not intended.
Also raised is the potential of a Asterisk/FreePBX system being compromised via the Asterisk Recording Interface (ARI). This is the web interface that allows you to view and manage voicemails. If you do not use this feature of FreePBX it is strongly recommended that you remove access to it. This can be done simply by running the following command as root on systems with standard configuration -
This will prevent the ARI being accessible via a browser.
If you would like more information regarding Asterisk diaplan security please see the following resources -
http://www.asterisk.org/node/49906
http://downloads.asterisk.org/pub/security/AST-2010-002.html
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
http://www.freepbx.org/forum/freepbx/users/dial-plan-injection-vulnerability
Also, always use complex and difficult-to-guess passwords in all areas when setting up Asterisk/FreePBX
If you have a sysadminman VPS and would like the ARI interface disabling please raise a ticket via the helpdesk.
As always thanks to Ward Mundy and Joe Roper who make a great contribution to the Asterisk community.
A few times recently I’ve wanted to be able to turn an e-mail into a voice call. This would be especially handy for emergency server monitoring and notification.
Here is my first attempt. It’s also my first attempt at writing something in Python so you definitely use at your own risk!
There is room for improvement as there is no validation on any of the fields extracted from the e-mail.
It also assumes that these components are already in place -
Continue reading ‘E-mail to voice call – with Asterisk, Postfix and Cepstral’ »
On 15/1/2010 a security advisory was released for FreePBX version 2.5.1 (and potentially earlier versions) concerning a SQL injection vulnerability. If you are running this version then I would suggest upgrading to version 2.5.2. You can find more details of the vulnerability here.
You can upgrade through the FreePBX GUI by using the module admin menu. Here are the steps -
* While FreePBX 2.6 is available please make sure you’re aware of any implications before updating to this version.
1 – Select the ‘Module Admin’ menu
2 – Click ‘Upgrade All’
3 – Click ‘Process’
4 – Click ‘Confirm’
5 – Click ‘Return’
6 -Click ‘Apply Changes’
Elastix includes an Instant Messenger server called OpenFire. While not enabled by default it is very easy to enable.
What’s not so obvious is how to disable OpenFire if you decide, once you’ve had a look at it, you don’t want/need to run it. You might want to do this as OpenFire runs on Java which can be quite memory hungry, also it opens another point of attack to your server.
The easiest way to disable it is via the command prompt by running -
This will also stop it starting automatically when the server is rebooted.
