FreePBX exploit (ticket 7123 – 6/2/14)

Earlier today Schmooze announced a critical exploit in FreePBX – http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice

SysAdminMan systems come deployed with Apache security in place to prevent direct access to the FreePBX web pages and are not directly affected by this. However, it is recommended that all customers update to a non vulnerable version of the FreePBX framework module.

If you have a FreePBX system that is generally accessible from the internet with no additional security (not recommended) you should check the details of the exploit and update now.

D-Link POE switch review – powering VOIP handsets

If you use more than a single VOIP phone then powering it using power over ethernet (POE) makes sense. Instead of plugging the phone into a regular power socket it can draw its power from the Ethernet cable. Much neater than having lots of power blocks.

To do this you need a special switch to provide the power. For the past year I’ve been using the D-Link DGS-1008P. This is an 8 port gigabit switch, with 4 of the ports able to provide power. The switch is relatively inexpensive for a POE switch and is unmanaged, so just plug in and play.

DGS-1008P

One thing to consider when using POE is the power requirement of the device being used. The DGS-1008P can provide up to 15.4 watts per port, with a total load of 52 watts across the 4 ports. This is unlikely to be an issue with a VOIP handset. My two day to day phones are the Yealink T22P and Aastra 53i, both of which draw up to around 2.5 watts.

So if you’re looking for a simple ‘desk’ switch to provide network/power to up to 4 handsets the DGS-1008P could be a good choice.

Using a GoIP for an A2Billing access number

This post follows on from the one on using the GoIP for outbound calls

You should check that post for some general advice. We are going to use the same software and devices for this guide. This guide was written using a clean SysAdminMan VPS – http://sysadminman.net/sysadminman-freepbx-a2billing-hosting.html

SET UP THE TRUNK IN ASTERISK

Setting up the trunk in Asterisk is the same as for outbound calls, apart from we are going to set a ‘context’ to pass the incoming call to A2Billing. These lines are added to /etc/asterisk/sip_custom.conf –

[goip]
type=peer
secret=ej44frhjdf23
username=goip
host=dynamic
canreinvite=no
qualify=yes
nat=force_rport,comedia
context=a2billing

Continue reading

Using a GoIP with A2Billing for outbound calls

This is a quick guide to using a GoIP GSM gateway with A2Billing as an outbound trunk. It doesn’t go through setting up rate cards and customers in A2Billing, guides for that are already available on this site.

First some general info and tips.

This guide was written using the following. The thing most likely to cause issues is a SIP ALG in your router. NAT issues are a pain to track down!

Continue reading

New GoIP (GSM to SIP gateway)

For quite a while now I’ve had lots of enquires from customers wanting to use a GoIP with A2Billing on their SysAdminMan VPS. So I thought I’d order a test one and write some documentation!

A GoIP is a small box that accepts a full size GSM SIM. It can then take Asterisk/SIP calls and send them via a mobile phone provider, or pass incoming mobile calls to Asterisk.

I ordered from this e-bay seller on 23/11/13 – http://www.ebay.co.uk/usr/sweetheartstore2009 and the GoIP was delivered today, 10 days later.

GoIP  GoIP

It was delivered with a 2 pin (rather than UK) plug which is no great surprise. So you’ll need a power adapter for it. Alternatively you could use a different power adapter, which is 12v 500mA output.

A couple of things to consider if you are thinking about trying a GSM/SIP gateway –

  • You are likely breaking your mobile operators terms of service. If you abuse it be prepared to be disconnected!
  • You will not be able to pass a caller ID to the GSM network. The person being called will see either the SIM card caller ID, or no caller ID

Backing up FreePBX

This post was written by a SysAdminMan customer. If you’ve got some FreePBX or A2Billing tips you would like to share please get in touch.

We are a small company and like everyone else busy.  So far we have not backed up our FreePBX settings, there always seems something more urgent to do.  However I am conscious that we backup every other piece of information we hold so we should backup our phone settings and voicemail. This is what we did:

1. Go to top left menu option “Admin”

2. Select “Backup & Restore”

backupmenu

Continue reading

Asterisk and A2Billing software update

The software versions on the SysAdminMan templates have been updated as follows …

SysAdminMan FreePBX

  • CentOS 5.10
  • Asterisk 11.6
  • FreePBX 2.11

SysAdminMan FreePBX & A2Billing

  • CentOS 5.10
  • Asterisk 11.6
  • FreePBX 2.11
  • A2Billing 2.0.7

SysAdminMan FreePBX & A2Billing & OpenVPN Server

  • CentOS 5.10
  • Asterisk 11.6
  • FreePBX 2.11
  • A2Billing 2.0.7
  • OpenVPN Server

All new servers will be deployed with the software versions above. See here to order – https://sysadminman.net/uk-voip-vps-order.php

Phone won’t register with Asterisk 11.5.x – NAT issue

I had a customer today that was struggling to get a phone to register on a server with Asterisk 11.5.1 installed, even though it would register OK on a server with Asterisk 11.3

The phone was behind a NAT firewall, with the Asterisk server on a public IP address.

Looking at the SIP packets they were coming from port 50758 –

--- SIP read from UDP:XX.XX.XX.XX:50758 ---

but when Asterisk replied it was sending the reply to port 5062 –

--- Transmitting (no NAT) to XX.XX.XX.XX:5062 ---

Now with either –

nat=yes

or –

nat=force_rport,comedia

on the extension Asterisk should have been replying to the port the traffic came from, but it wasn’t. Looks like this is caused by a currently unresolved bug in Asterisk – https://issues.asterisk.org/jira/browse/ASTERISK-22236

Something to check if you are having difficulty registering an extension. This will not affect all extensions as if a SIP ALG was changing to port in the SIP headers then Asterisk would be replying to the correct port.

Connecting Yealink T22P to Asterisk using OpenVPN

Recent firmware versions for the Yealink T22P include the ability to connect to an OpenVPN server. This encrypts the traffic between the phone and Asterisk server. It also removes any NAT/SIP issues.

This guide was written using a SysAdminMan VPNPBX VPS and a Yealink T22P with firmware 7.70.23.2.

Different Yealink models, or the T22P with different firmware may behave differently!

The SysAdminMan VPNPBX comes with a script for creating the certificates and config file required to connect a Yealink T22P to an OpenVPN server. To create a certificate log in as root and then run …

cd /usr/local/bin
./yealinkvpn.sh yealink1 [email protected]

Where yealink1 is the name of the phone you want create (you should create a new certificate for each phone) and [email protected] is your e-mail address. The config file, called openvpn.tar, will then be e-mailed to you.

Next we need to load this config file to the phone. I recommend performing a factory reset on the phone before doing this.

Log in to the GUI of the phone and select Network / Advanced –

yealink config
Continue reading

Getting started with OpenVPN and FreePBX/A2Billing

OpenVPN is a VPN system that works on many different clients. This guide will go through getting started with the Windows client, others will be very similar.

The first thing you need to do is install the Windows OpenVPN client. This can be downloaded at – http://openvpn.net/index.php/access-server/download-openvpn-as-sw/357.html

Once installed we need to get the certificates for our OpenVPN connection. By default 3 files are created. These are –

/etc/openvpn/keys/ca.crt
/etc/openvpn/keys/tplink.crt
/etc/openvpn/keys/tplink.key

Continue reading