FreePBX / PBX in a Flash - VoIP.ms Wiki

FreePBX / PBX in a Flash

From VoIP.ms Wiki

Jump to: navigation, search


FreePBX is a web-based open source GUI (graphical user interface) that controls and manages Asterisk (PBX), an open source communication server. FreePBX is licensed under the GNU General Public License (GPL), an open source license. FreePBX can be installed manually or as part of the pre-configured FreePBX Distro that includes the system OS, Asterisk, FreePBX GUI and assorted dependencies.

Contents

Important Security Information

A critical vulnerability has been discovered that can affect FreePBX versions between 13.0.12 and 13.0.26. An unauthenticated remote attacker can run shell commands as the Asterisk user of any FreePBX machine with ‘Recordings’ This has been fixed in Recordings 13.0.27.

You can read more about this vulnerability including how to fix this here: http://wiki.freepbx.org/display/FOP/2016-08-09+CVE+Remote+Command+Execution+with+Privileged+Escalation


We are also aware of an important and critical exploit related to all FreePBX versions prior to 12. This Zero-Day Remote Code Execution and Privilege Escalation exploit allows users to bypass authentication and gain ‘Full Administrator’ access to the FreePBX server when the ‘FreePBX ARI Framework module/Asterisk Recording Interface (ARI)’ is present on the system. This vulnerability may offer to any non authorized user full remote code execution access as the user running the Apache process. This exploit can be present also for users who have updated to version 12 from a prior version and did not remove the legacy FreePBX ARI Framework module.

Here are some recommendations for their product from the freepbx.org website for protection against this issue: http://www.freepbx.org/critical-freepbx-rce-vulnerability-all-versions/

Creating a Trunk

To connect your FPBX server with ours, you need to create a trunk. To achieve this, once you are into your FBPX's GUI, follow this path: Connectivity >> Trunks >> Add SIP (chan_sip) Trunk.

Creating a trunk- click to enlarge


Once you are there, you will see a list of options, create a SIP or IAX trunk (depending on your needs)

Creating a trunk- click to enlarge


SIP Trunk

From here, use the following example to configure your SIP trunk:

General Settings

Dialed number Manipulation Rules

You can set here your outbound rules. These rules can manipulate the dialed number before sending it out this trunk. If no rule applies, the number is not changed. (Optional)

Outgoing Settings

This section is very important, below you'll find a sample, please replace the dummy information with yours and delete the comments. The information after the semicolon (;) is considered a comment and must be deleted for the trunk to work properly on some PBX versions.

canreinvite=nonat
nat=yes
context=from-trunk
host=atlanta.voip.ms ; (one of our multiple servers, you can choose the one closer to your location)
username=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
fromuser=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
secret=***** ; (password associated with the Main or Sub-account. Please avoid using the '#' character in the password as it will cause authentication issues)
type=peer
disallow=all
allow=ulaw
; allow=g729 ; uncomment if you purchased g.729 from Digium
trustrpid=yes
sendrpid=yes
insecure=invite
qualify=yes

Incoming Settings

Please delete the default settings you'll find here, this section must be blank.

Registration

At this section you'll set your register string, this is needed when you use "registration" as authentication method (If you use IP Authentication leave this in blank)

It is formed with your SIP username, password, server and registration port as below:

YourAccountNumber:Password@server.voip.ms:5060, for example:

100000:YourPassword@atlanta.voip.ms:5060

Finally, click on Submit changes, after that you'll see a Red button in the top "Apply config", do not forget to click it to apply the changes.

SIP trunk configuration- click to enlarge



IAX2 Trunk

From here, use the following example to configure your IAX2 trunk:

General Settings

Dialed number Manipulation Rules

You can set here your outbound rules. These rules can manipulate the dialed number before sending it out this trunk. If no rule applies, the number is not changed. (Optional)

Outgoing Settings

This section is very important, below you'll find a sample, please replace the dummy information with yours and delete the comments. The information after the semicolon (;) is considered a comment and must be deleted for the trunk to work properly on some PBX versions.

type=friend
username=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
secret=***** ; (password associated with the Main or Sub-account. Please avoid using the '#' character in the password as it will cause authentication issues)
context=from-trunk
host=atlanta.voip.ms ; (one of our multiple servers, you can choose the one closer to your location)
disallow=all
allow=ulaw
insecure=port,invite
requirecalltoken=no
qualify=yes

Incoming Settings

Please delete the default settings you'll find here, this section must be in blank.

Registration

At this section you'll set your register string, this is needed when you use "registration" as authentication method (If you use IP Authentication leave this in blank)

It is formed with your SIP username, password, server and registration port as below:

YourAccountNumber:Password@server.voip.ms:4569, for this example:

100000:YourPassword@atlanta.voip.ms:4569

Finally, click on Submit changes, after that you'll see a Red button in the top "Apply config", do not forget to click it to apply the changes.

IAX2 trunk configuration- click to enlarge


Outbound routes

Once you have your trunk configured, you will need an outbound route to make calls.

To create an outbound route go to "Connectivity" menu and then select "Outbound routes".

Route Settings

Dial Patterns

A Dial Pattern is a unique set of digits that will select this route and send the call to the designated trunks. If a dialed pattern matches this route, no subsequent routes will be tried. If Time Groups are enabled, subsequent routes will be checked for matches outside of the designated time(s).

Rules:

Recommended Dial patterns are: 
* 1NXXNXXXXXX
* NXXNXXXXXX
* 4XXX (This one to be able to test our echo test and DTMF test)

Trunk Sequence for Matched routes

The Trunk Sequence controls the order of trunks that will be used when the above Dial Patterns are matched.

Select there your voip.ms' trunk.

Outbound route configuration - click to enlarge


Inbound routes

If you have DID numbers with us and route calls to your trunks, you need inbound routes to manage them. To create an inbound route, go to "Connectivity" menu, option "Inbound routes"

Add Incoming Route

Set Destination

Set here the destination for your incoming calls received at the DID you configured as DID number (an extension, IVR, recording, voice mail, etc).

Inbound route configuration - click to enlarge


Once you have finished the basic configuration of your PBX server, do not forget to click on the red button "Apply Config"

Apply Setting's button - click to enlarge


Personal tools
Namespaces
Variants
Actions
VoIP.ms Wiki
Configuration
Guides (English)
Guides (Français)
Guías (Español)
Toolbox