From VoIP.ms Wiki

[checked revision]

[quality revision]

Revision as of 15:42, 24 October 2014 (view source) 90210chris (Talk | contribs) (→Known Issues And Recommendations) ← Older edit		Latest revision as of 20:19, 5 June 2024 (view source) RP (Talk | contribs) (→FreePBX using a PJSIP Trunk)
(41 intermediate revisions not shown)
Line 1:		Line 1:
-	==FreePBX / PBX in a Flash (SIP)==	+	{{DISPLAYTITLE: FreePBX / PBX in a Flash}}
-	https://www.voip.ms/m/samples/images/freepbxsiptrunk.gif	+	[https://www.freepbx.org/ '''FreePBX'''] is a web-based open source GUI (graphical user interface) that controls and manages Asterisk (PBX), an open source communication server. FreePBX is licensed under the GNU General Public License (GPL), an open source license. FreePBX can be installed manually or as part of the pre-configured FreePBX Distro that includes the system OS, Asterisk, FreePBX GUI and assorted dependencies.
-	[[File:PbxSIPtrunk.png]]	+	==Important Security Information==
-	'''''Fill the blanks with your information, please note that the images above are just examples.'''''	+	A '''critical vulnerability''' has been discovered that can affect FreePBX versions between 13.0.12 and 13.0.26. An unauthenticated remote attacker can run shell commands as the Asterisk user of any FreePBX machine with ‘Recordings’ This has been fixed in Recordings 13.0.27.
		+
		+	You can read more about this vulnerability including how to fix this here: http://wiki.freepbx.org/display/FOP/2016-08-09+CVE+Remote+Command+Execution+with+Privileged+Escalation
		+
		+	------------
		+
		+	We are also aware of an '''important''' and '''critical exploit''' related to all FreePBX versions prior to 12. This Zero-Day Remote Code Execution and Privilege Escalation exploit allows users to bypass authentication and gain ‘Full Administrator’ access to the FreePBX server when the ‘FreePBX ARI Framework module/Asterisk Recording Interface (ARI)’ is present on the system. This vulnerability may offer to any non authorized user full remote code execution access as the user running the Apache process. This exploit can be present also for users who have updated to version 12 from a prior version and did not remove the legacy FreePBX ARI Framework module.
		+
		+	Here are some recommendations for their product from the freepbx.org website for protection against this issue: http://www.freepbx.org/critical-freepbx-rce-vulnerability-all-versions/
		+
		+	== Creating a Trunk ==
		+
		+	To connect your FPBX server with ours, you need to create a '''trunk'''. To achieve this, once you are into your FBPX's GUI, follow this path: Connectivity >> Trunks >> Add SIP (chan_sip) Trunk.
		+
		+	[[File:FPBX_00.png|550px|thumb|left|Creating a trunk- click to enlarge]]
		+	<br clear="all" />
		+
		+	Once you are there, you will see a list of options, create a '''SIP''' or '''IAX''' trunk (depending on your needs)
		+
		+	[[File:FPBX_01.png|550px|thumb|left|Creating a trunk- click to enlarge]]
		+	<br clear="all" />
		+
		+	=== SIP Trunk ===
		+
		+	From here, use the following example to configure your SIP trunk:
		+
		+	==== General Settings ====
		+
		+	* Trunk name: Set your trunk name, a recommended one could be '''voipms''', remember that you can manage more than 1 DID number with the same trunk (using your inbound routes).
		+
		+	* Outbound CallerID: The 10 digit valid caller ID number that you will pass with this trunk for Outbound calls. This can be override from your extension's settings.
		+
		+	==== Dialed number Manipulation Rules ====
		+
		+	You can set here your outbound rules. These rules can manipulate the dialed number before sending it out this trunk. If no rule applies, the number is not changed. (Optional)
		+
		+	==== Outgoing Settings ====
		+
		+	This section is very important, below you'll find a sample, please replace the dummy information with yours and delete the comments. '''The information after the semicolon (;) is considered a comment and must be deleted for the trunk to work properly on some PBX versions.'''
	canreinvite=nonat		canreinvite=nonat
	nat=yes		nat=yes
	context=from-trunk		context=from-trunk
-	host=atlanta.voip.ms (one of our multiple servers, you can choose the one closer to your location)	+	host=atlanta.voip.ms ; (one of our multiple [http://wiki.voip.ms/article/Choosing_Server servers], you can choose the one closer to your location)
-	secret=***** (password associated with the Main or Sub-account)	+	username=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
		+	fromuser=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
		+	secret=***** ; (password associated with the Main or Sub-account. '''Please avoid using the '#' character in the password as it will cause authentication issues''')
	type=peer		type=peer
-	username=100000 (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
	disallow=all		disallow=all
	allow=ulaw		allow=ulaw
	; allow=g729 ; uncomment if you purchased g.729 from Digium		; allow=g729 ; uncomment if you purchased g.729 from Digium
-	fromuser=100000 (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
	trustrpid=yes		trustrpid=yes
	sendrpid=yes		sendrpid=yes
Line 23:		Line 61:
	qualify=yes		qualify=yes
-	Register String:	+	==== Incoming Settings ====
-	youraccountnumber:yourpassword@atlanta.voip.ms:5060	+
-	(i.e. 123456:mypass@atlanta.voip.ms:5060)	+	Please '''delete''' the default settings you'll find here, this section must be blank.
		+
		+
		+	'''IMPORTANT'''
		+
		+	On your VoIP.ms portal, you will need to head into Main Menu, Account Settings, Inbound Settings tab, make sure to select SIP (or IAX) and change '''Inbound Settings'' to IP PBX Server,m Asterisk or Softswitch
		+
		+
		+	[[Image:Inbound_Settings.png|600px|border]]
		+
		+	==== Registration ====
		+
		+	At this section you'll set your '''register string''', this is needed when you use "registration" as authentication method (If you use '''IP Authentication''' leave this in blank)
		+
		+	It is formed with your SIP username, password, server and registration port as below:
		+
		+	YourAccountNumber:[email protected]:5060, for example:
		+
		+	100000:YourPassword@atlanta.voip.ms:5060
		+
		+	Finally, click on '''Submit changes''', after that you'll see a Red button in the top "'''Apply config'''", do not forget to click it to apply the changes.
		+
		+	[[File:FPBX_SIP_01.png|1000px|thumb|left|SIP trunk configuration- click to enlarge]]
		+	<br clear="all" />
		+
		+	====TLS====
		+	In order to use TLS along with FreePBX please follow these steps:
		+
		+	1. Make sure your Main account or sub-account has "Encrypted SIP Traffic" enabled. Bear in mind, if this setting is enabled and you use UDP/TCP you will be rejected with error code 488. Enable this for the Main Account at '''Main Menu>> Account settings>> Advanced tab''' and for a sub-account at '''Sub accounts>> Manage sub-accounts''' and by clicking on the orange icon with a pen and click at "Advanced Options Click here to display"
		+
		+	[[File:Mainacc encryp.png|thumb|none|300px|Click to enlarge]]
		+
		+	[[File:Subacc encryp.png|thumb|none|300px|Click to enlarge]]
		+
		+	2. Now that your account/sub-account has this setting enabled, your device only needs to send TLS and SRTP.
		+
		+	In freepbx make sure your '''peer details''' are:
		+
		+	host=atlanta1.voip.ms
		+	username=your account/sub account
		+	fromuser=your account/sub account
		+	secret=your password
		+	transport=tls
		+	encryption=yes
		+	qualify=yes
		+	qualifyfreq=50
		+	nat=yes
		+	type=peer
		+	directmedia=no
		+	context=from-trunk
		+	insecure=invite
		+	sendrpid=yes
		+	trustrpid=yes
		+	disallow=all
		+	allow=g729&ulaw&gsm
		+
		+	'''Register String'''
		+	tls://Username:[email protected]:5061~300
		+
		+	'''Note:''' When using TLS is very important to specify the number of the server, in case the name you have chosen doesn't use the number 1 you need to add it, at least when using TLS
		+
		+	Finally, in your freepbx go to '''Settings>> Asterisk SIP settings>> Chan SIP settings''' and at "TLS/SSL/SRTP Settings"
		+
		+	'''*Enable TLS''': Yes
		+
		+	'''*Don't verify server''': Yes
		+
		+	[[File:TLS freepbx.png|thumb|none|300px|Click to enlarge]]
		+
		+	=== IAX2 Trunk ===
		+
		+	From here, use the following example to configure your IAX2 trunk:
		+
		+	==== General Settings ====
		+
		+	* Trunk name: Set your trunk name, this is different from SIP trunks and it '''must''' be '''voipms''', otherwise you could experience issues with your registration and calls.
		+
		+	[[File:IAX_TrunkName.png|500px|thumb|left|IAX2 trunk configuration- click to enlarge]]
		+	<br clear="all" />
		+
		+	* Outbound CallerID: The 10 digit valid caller ID number that you will pass with this trunk for Outbound calls. This can be override from your extension's settings.
		+
		+	==== Dialed number Manipulation Rules ====
		+
		+	You can set here your outbound rules. These rules can manipulate the dialed number before sending it out this trunk. If no rule applies, the number is not changed. (Optional)
		+
		+	==== Outgoing Settings ====
		+
		+	This section is very important, below you'll find a sample, please replace the dummy information with yours and delete the comments. '''The information after the semicolon (;) is considered a comment and must be deleted for the trunk to work properly on some PBX versions.'''
		+
		+	type=friend
		+	username=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
		+	secret=***** ; (password associated with the Main or Sub-account. '''Please avoid using the '#' character in the password as it will cause authentication issues''')
		+	context=from-trunk
		+	host=atlanta.voip.ms ; (one of our multiple [http://wiki.voip.ms/article/Choosing_Server servers], you can choose the one closer to your location)
		+	disallow=all
		+	allow=ulaw
		+	insecure=port,invite
		+	requirecalltoken=no
		+	qualify=yes
		+
		+	==== Incoming Settings ====
		+
		+	Please '''delete''' the default settings you'll find here, this section must be in blank.
		+
		+	==== Registration ====
		+
		+	At this section you'll set your '''register string''', this is needed when you use "registration" as authentication method (If you use '''IP Authentication''' leave this in blank)
		+
		+	It is formed with your SIP username, password, server and registration port as below:
		+
		+	YourAccountNumber:[email protected]:4569, for this example:
		+
		+	100000:YourPassword@atlanta.voip.ms:4569
		+
		+	Finally, click on '''Submit changes''', after that you'll see a Red button in the top "'''Apply config'''", do not forget to click it to apply the changes.
		+
		+	[[File:FPBX_IAX_01.png|1000px|thumb|left|IAX2 trunk configuration- click to enlarge]]
		+	<br clear="all" />
		+
		+	== Outbound routes ==
		+
		+	Once you have your trunk configured, you will need an outbound route to make calls.
		+
		+	To create an outbound route go to "Connectivity" menu and then select "Outbound routes".
		+
		+	=== Route Settings ===
		+
		+	* Route Name: Name of this route. Should be used to describe what type of calls this route matches (for example, 'local' or 'longdistance').
		+
		+	* Route CID: If set, this will override all CIDS specified except:
		+	**Extension/device EMERGENCY CIDs if this route is checked as an EMERGENCY Route
		+	**Trunk CID if trunk is set to force it's CID
		+	**Forwarded call CIDs (CF, Follow Me, Ring Groups, etc)
		+	**Extension/User CIDs if checked
		+
		+	=== Dial Patterns ===
		+
		+	A Dial Pattern is a unique set of digits that will select this route and send the call to the designated trunks. If a dialed pattern matches this route, no subsequent routes will be tried. If Time Groups are enabled, subsequent routes will be checked for matches outside of the designated time(s).
		+
		+	''' Rules: '''
		+	* X: matches any digit from 0-9
		+	* Z: matches any digit from 2-9
		+	* [1237-9]: matches any digit in the brackets (example: 1,2,3,7,8,9)
		+	* '''.''' : wildcard, matches one or more dialed digits
		+	* Prepend: Digits to prepend to a successful match. If the dialed number matches the patterns specified by the subsequent columns, then this will be prepended before sending to the trunks.
		+	* Prefix: Prefix to remove on a successful match. The dialed number is compared to this and the subsequent columns for a match. Upon a match, this prefix is removed from the dialed number before sending it to the trunks.
		+	* Match patterns: The dialed number will be compared against the  prefix + this match pattern. Upon a match, the match pattern portion of the dialed number will be sent to the trunks.
		+	* Caller ID: If CallerID is supplied, the dialed number will only match the prefix + match pattern if the CallerID being transmitted matches this. When extensions make outbound calls, the CallerID will be their extension number and NOT their Outbound CID. The above special matching sequences can be used for CallerID matching similar to other number matches.
		+
		+	Recommended Dial patterns are:
		+	* 1NXXNXXXXXX
		+	* NXXNXXXXXX
		+	* 4XXX (This one to be able to test our '''echo test''' and '''DTMF test''')
		+
		+	=== Trunk Sequence for Matched routes ===
		+
		+	The Trunk Sequence controls the order of trunks that will be used when the above Dial Patterns are matched.
		+
		+	Select there your voip.ms' trunk.
		+
		+	[[File:FPBX_Outbound.png|1000px|thumb|left|Outbound route configuration - click to enlarge]]
		+	<br clear="all" />
		+
		+	== Inbound routes ==
		+
		+	If you have DID numbers with us and route calls to your trunks, you need inbound routes to manage them. To create an inbound route, go to "Connectivity" menu, option "Inbound routes"
		+
		+	=== Add Incoming Route ===
		+
		+	*Description: Provide a meaningful description of what this incoming route is.
		+	*DID number: Define the expected DID Number if your trunk passes DID on incoming calls. Set your '''voip.ms DID number''' with only 10 digits (Without dots, commas, spaces or the 1 in front of the number).
-	==Known Issues And Recommendations==	+	=== Set Destination ===
-	'''Known Issues:'''	+	Set here the destination for your incoming calls received at the DID you configured as '''DID number''' (an extension, IVR, recording, voice mail, etc).
-	We are aware of an important and critical exploit related to all FreePBX versions prior to 12. This Zero-Day Remote Code Execution and Privilege Escalation exploit allows users to bypass authentication and gain ‘Full Administrator’ access to the FreePBX server when the ‘FreePBX ARI Framework module/Asterisk Recording Interface (ARI)’ is present on the system. This vulnerability may offer to any non authorized user full remote code execution access as the user running the Apache process. This exploit can be present also for users who have updated to version 12 from a prior version and did not remove the legacy FreePBX ARI Framework module.	+	[[File:FPBX_Inbound.png|1000px|thumb|left|Inbound route configuration - click to enlarge]]
		+	<br clear="all" />
		+	Once you have finished the basic configuration of your PBX server, do not forget to click on the red button "Apply Config"
		+
		+	[[File:After_Changes.png|550px|thumb|left|Apply Setting's button - click to enlarge]]
		+	<br clear="all" />
-	'''Recommendations:'''
-	We strongly recommend to update any 2.8 version or prior to 2.9 version or higher through the Module Admin, in order to remove the vulnerability. The most recommended is the latest version. Any customer that is currently using the 2.11 versions or prior must update the FreePBX ARI Framework to version 2.11.1.5 immediately!	+	= Configuration Using a PJSIP Trunk =
-	Users of FreePBX version 12 should disable and uninstall the FreePBX ARI Framework module and switch to the new Control Panel (don’t confuse with the ‘User Control Panel’ tab). This can be done via a System Shell and due to differences between machines it can be at:	+	Please see our wiki article for the configuration [[FreePBX (PJSIP)| here]].
-	/var/www/admin	+
-	or	+
-	/var/www/html/admin	+
-	If you are not sure about the location of your AMPWEBROOT, it is visible in the Advanced Settings page, as ‘FreePBX Web Root Dir’.	+
-	Once there, run this command:	+
-	rm -rf AMPWEBROOT/admin/modules/admindashboard	+
-	This will replace the ‘AMPWEBROOT’ with the system setting.	+
-	Next, run:	+
-	amportal a ma delete admindashboard	+
-	This will remove all traces of it, from the FreePBX. Once you have run it, you’ll see an error output saying:  Uninstallation scripts failed to run. Please notice this is expected. That means the module has been removed successfully.	+
-	You must remove any reference to these files: c2.pl and/or c.sh (System admin dashboard, also called ‘admindashboard’). Those references can be found by running:	+	= Whitelisting VoIP.ms IPs in FreePBX =
-	Updatedb	+
-	locate c2.pl	+
-	locate c.sh	+
-	Once you find them, remove all the references to any of those files.	+
-	Also, is very important you verify there are no additional unknown ‘Administrator’ users in the ‘Administrators’ page, since some unauthorized users may have created those unwanted ‘Administrator’ user as part of a scripted attack.	+	With FreePBX, it is quite easy. Simply proceed into FreePBX, head into System Admin, Intrusion protection and then Whitelist.
		+	From there, you can whitelist VoIP.ms points of presence IPs.
-	You can update your FreePBX Distro with the scripts: 5.211.65-19 and 6.12.65-18. You can also check their wiki page to know how to keep your FreePBX updated: http://wiki.freepbx.org/display/FD/Updating+FreePBX+Official+Distro	+	'''For more information on the IPs related to our servers, click [https://wiki.voip.ms/article/Servers here]''' <br>
		+	'''For more information on the FreePBX setting, click [https://www.freepbx.org/firewall-intrusion-detection-new-features/ here]
-	Don’t expose your system to the public internet (if possible) as a good practice.
-	Visit periodically the FreePBX page in order to be aware of any critical update to your system: http://www.freepbx.org/news
-	Additionally VoIP.ms always recommend securing your account using the restrictions we offer on the Customer Portal / Main Menu / Account Settings / Account Restrictions. There you’ll be able to restrict the allowed countries to be dialed out, the maximum duration of an international call, the maximum rate per minute, among other restrictions.	+	[[Image:FreePBX_Firewall.png|600px|border]]
-	If you feel your system has been compromised, feel free to change the password of the involved sub accounts and disable international destinations on sub accounts that won’t generate international traffic.	+

---

Latest revision as of 20:19, 5 June 2024

FreePBX is a web-based open source GUI (graphical user interface) that controls and manages Asterisk (PBX), an open source communication server. FreePBX is licensed under the GNU General Public License (GPL), an open source license. FreePBX can be installed manually or as part of the pre-configured FreePBX Distro that includes the system OS, Asterisk, FreePBX GUI and assorted dependencies.

Contents 1 Important Security Information 2 Creating a Trunk 2.1 SIP Trunk 2.1.1 General Settings 2.1.2 Dialed number Manipulation Rules 2.1.3 Outgoing Settings 2.1.4 Incoming Settings 2.1.5 Registration 2.1.6 TLS 2.2 IAX2 Trunk 2.2.1 General Settings 2.2.2 Dialed number Manipulation Rules 2.2.3 Outgoing Settings 2.2.4 Incoming Settings 2.2.5 Registration 3 Outbound routes 3.1 Route Settings 3.2 Dial Patterns 3.3 Trunk Sequence for Matched routes 4 Inbound routes 4.1 Add Incoming Route 4.2 Set Destination 5 Configuration Using a PJSIP Trunk 6 Whitelisting VoIP.ms IPs in FreePBX

Important Security Information

A critical vulnerability has been discovered that can affect FreePBX versions between 13.0.12 and 13.0.26. An unauthenticated remote attacker can run shell commands as the Asterisk user of any FreePBX machine with ‘Recordings’ This has been fixed in Recordings 13.0.27.

You can read more about this vulnerability including how to fix this here: http://wiki.freepbx.org/display/FOP/2016-08-09+CVE+Remote+Command+Execution+with+Privileged+Escalation

---

We are also aware of an important and critical exploit related to all FreePBX versions prior to 12. This Zero-Day Remote Code Execution and Privilege Escalation exploit allows users to bypass authentication and gain ‘Full Administrator’ access to the FreePBX server when the ‘FreePBX ARI Framework module/Asterisk Recording Interface (ARI)’ is present on the system. This vulnerability may offer to any non authorized user full remote code execution access as the user running the Apache process. This exploit can be present also for users who have updated to version 12 from a prior version and did not remove the legacy FreePBX ARI Framework module.

Here are some recommendations for their product from the freepbx.org website for protection against this issue: http://www.freepbx.org/critical-freepbx-rce-vulnerability-all-versions/

Creating a Trunk

To connect your FPBX server with ours, you need to create a trunk. To achieve this, once you are into your FBPX's GUI, follow this path: Connectivity >> Trunks >> Add SIP (chan_sip) Trunk.

Once you are there, you will see a list of options, create a SIP or IAX trunk (depending on your needs)

SIP Trunk

From here, use the following example to configure your SIP trunk:

General Settings

• Trunk name: Set your trunk name, a recommended one could be voipms, remember that you can manage more than 1 DID number with the same trunk (using your inbound routes).

• Outbound CallerID: The 10 digit valid caller ID number that you will pass with this trunk for Outbound calls. This can be override from your extension's settings.

Dialed number Manipulation Rules

You can set here your outbound rules. These rules can manipulate the dialed number before sending it out this trunk. If no rule applies, the number is not changed. (Optional)

Outgoing Settings

This section is very important, below you'll find a sample, please replace the dummy information with yours and delete the comments. The information after the semicolon (;) is considered a comment and must be deleted for the trunk to work properly on some PBX versions.

canreinvite=nonat
nat=yes
context=from-trunk
host=atlanta.voip.ms ; (one of our multiple servers, you can choose the one closer to your location)
username=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
fromuser=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
secret=***** ; (password associated with the Main or Sub-account. Please avoid using the '#' character in the password as it will cause authentication issues)
type=peer
disallow=all
allow=ulaw
; allow=g729 ; uncomment if you purchased g.729 from Digium
trustrpid=yes
sendrpid=yes
insecure=invite
qualify=yes

Incoming Settings

Please delete the default settings you'll find here, this section must be blank.

IMPORTANT

On your VoIP.ms portal, you will need to head into Main Menu, Account Settings, Inbound Settings tab, make sure to select SIP (or IAX) and change 'Inbound Settings to IP PBX Server,m Asterisk or Softswitch

Registration

At this section you'll set your register string, this is needed when you use "registration" as authentication method (If you use IP Authentication leave this in blank)

It is formed with your SIP username, password, server and registration port as below:

YourAccountNumber:[email protected]:5060, for example:

100000:[email protected]:5060

Finally, click on Submit changes, after that you'll see a Red button in the top "Apply config", do not forget to click it to apply the changes.

TLS

In order to use TLS along with FreePBX please follow these steps:

1. Make sure your Main account or sub-account has "Encrypted SIP Traffic" enabled. Bear in mind, if this setting is enabled and you use UDP/TCP you will be rejected with error code 488. Enable this for the Main Account at Main Menu>> Account settings>> Advanced tab and for a sub-account at Sub accounts>> Manage sub-accounts and by clicking on the orange icon with a pen and click at "Advanced Options Click here to display"

2. Now that your account/sub-account has this setting enabled, your device only needs to send TLS and SRTP.

In freepbx make sure your peer details are:

host=atlanta1.voip.ms
username=your account/sub account
fromuser=your account/sub account
secret=your password
transport=tls
encryption=yes
qualify=yes
qualifyfreq=50
nat=yes
type=peer
directmedia=no
context=from-trunk
insecure=invite
sendrpid=yes
trustrpid=yes
disallow=all
allow=g729&ulaw&gsm

Register String

tls://Username:[email protected]:5061~300

Note: When using TLS is very important to specify the number of the server, in case the name you have chosen doesn't use the number 1 you need to add it, at least when using TLS

Finally, in your freepbx go to Settings>> Asterisk SIP settings>> Chan SIP settings and at "TLS/SSL/SRTP Settings"

*Enable TLS: Yes

*Don't verify server: Yes

IAX2 Trunk

From here, use the following example to configure your IAX2 trunk:

General Settings

• Trunk name: Set your trunk name, this is different from SIP trunks and it must be voipms, otherwise you could experience issues with your registration and calls.

• Outbound CallerID: The 10 digit valid caller ID number that you will pass with this trunk for Outbound calls. This can be override from your extension's settings.

Dialed number Manipulation Rules

You can set here your outbound rules. These rules can manipulate the dialed number before sending it out this trunk. If no rule applies, the number is not changed. (Optional)

Outgoing Settings

This section is very important, below you'll find a sample, please replace the dummy information with yours and delete the comments. The information after the semicolon (;) is considered a comment and must be deleted for the trunk to work properly on some PBX versions.

type=friend
username=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
secret=***** ; (password associated with the Main or Sub-account. Please avoid using the '#' character in the password as it will cause authentication issues)
context=from-trunk
host=atlanta.voip.ms ; (one of our multiple servers, you can choose the one closer to your location)
disallow=all
allow=ulaw
insecure=port,invite
requirecalltoken=no
qualify=yes

Incoming Settings

Please delete the default settings you'll find here, this section must be in blank.

Registration

At this section you'll set your register string, this is needed when you use "registration" as authentication method (If you use IP Authentication leave this in blank)

It is formed with your SIP username, password, server and registration port as below:

YourAccountNumber:[email protected]:4569, for this example:

100000:[email protected]:4569

Finally, click on Submit changes, after that you'll see a Red button in the top "Apply config", do not forget to click it to apply the changes.

Outbound routes

Once you have your trunk configured, you will need an outbound route to make calls.

To create an outbound route go to "Connectivity" menu and then select "Outbound routes".

Route Settings

• Route Name: Name of this route. Should be used to describe what type of calls this route matches (for example, 'local' or 'longdistance').

• Route CID: If set, this will override all CIDS specified except:
  • Extension/device EMERGENCY CIDs if this route is checked as an EMERGENCY Route
  • Trunk CID if trunk is set to force it's CID
  • Forwarded call CIDs (CF, Follow Me, Ring Groups, etc)
  • Extension/User CIDs if checked

Dial Patterns

A Dial Pattern is a unique set of digits that will select this route and send the call to the designated trunks. If a dialed pattern matches this route, no subsequent routes will be tried. If Time Groups are enabled, subsequent routes will be checked for matches outside of the designated time(s).

Rules:

• X: matches any digit from 0-9
• Z: matches any digit from 2-9
• [1237-9]: matches any digit in the brackets (example: 1,2,3,7,8,9)
• . : wildcard, matches one or more dialed digits
• Prepend: Digits to prepend to a successful match. If the dialed number matches the patterns specified by the subsequent columns, then this will be prepended before sending to the trunks.
• Prefix: Prefix to remove on a successful match. The dialed number is compared to this and the subsequent columns for a match. Upon a match, this prefix is removed from the dialed number before sending it to the trunks.
• Match patterns: The dialed number will be compared against the prefix + this match pattern. Upon a match, the match pattern portion of the dialed number will be sent to the trunks.
• Caller ID: If CallerID is supplied, the dialed number will only match the prefix + match pattern if the CallerID being transmitted matches this. When extensions make outbound calls, the CallerID will be their extension number and NOT their Outbound CID. The above special matching sequences can be used for CallerID matching similar to other number matches.

Recommended Dial patterns are: 
* 1NXXNXXXXXX
* NXXNXXXXXX
* 4XXX (This one to be able to test our echo test and DTMF test)

Trunk Sequence for Matched routes

The Trunk Sequence controls the order of trunks that will be used when the above Dial Patterns are matched.

Select there your voip.ms' trunk.

Inbound routes

If you have DID numbers with us and route calls to your trunks, you need inbound routes to manage them. To create an inbound route, go to "Connectivity" menu, option "Inbound routes"

Add Incoming Route

• Description: Provide a meaningful description of what this incoming route is.

• DID number: Define the expected DID Number if your trunk passes DID on incoming calls. Set your voip.ms DID number with only 10 digits (Without dots, commas, spaces or the 1 in front of the number).

Set Destination

Set here the destination for your incoming calls received at the DID you configured as DID number (an extension, IVR, recording, voice mail, etc).

Once you have finished the basic configuration of your PBX server, do not forget to click on the red button "Apply Config"

Configuration Using a PJSIP Trunk

Please see our wiki article for the configuration here.

Whitelisting VoIP.ms IPs in FreePBX

With FreePBX, it is quite easy. Simply proceed into FreePBX, head into System Admin, Intrusion protection and then Whitelist. From there, you can whitelist VoIP.ms points of presence IPs.

For more information on the IPs related to our servers, click here
For more information on the FreePBX setting, click here