FreePBX / PBX in a Flash - VoIP.ms Wiki

Check out our YouTube channel to watch our simple tutorials that will help you set up most of our features.

FreePBX / PBX in a Flash

From VoIP.ms Wiki

Revision as of 21:41, 25 January 2017 by Rod (Talk | contribs)
Jump to: navigation, search


FreePBX is a web-based open source GUI (graphical user interface) that controls and manages Asterisk (PBX), an open source communication server. FreePBX is licensed under the GNU General Public License (GPL), an open source license. FreePBX can be installed manually or as part of the pre-configured FreePBX Distro that includes the system OS, Asterisk, FreePBX GUI and assorted dependencies.

Contents

Important Security Information

A critical vulnerability has been discovered that can affect FreePBX versions between 13.0.12 and 13.0.26. An unauthenticated remote attacker can run shell commands as the Asterisk user of any FreePBX machine with ‘Recordings’ This has been fixed in Recordings 13.0.27.

You can read more about this vulnerability including how to fix this here: http://wiki.freepbx.org/display/FOP/2016-08-09+CVE+Remote+Command+Execution+with+Privileged+Escalation


We are also aware of an important and critical exploit related to all FreePBX versions prior to 12. This Zero-Day Remote Code Execution and Privilege Escalation exploit allows users to bypass authentication and gain ‘Full Administrator’ access to the FreePBX server when the ‘FreePBX ARI Framework module/Asterisk Recording Interface (ARI)’ is present on the system. This vulnerability may offer to any non authorized user full remote code execution access as the user running the Apache process. This exploit can be present also for users who have updated to version 12 from a prior version and did not remove the legacy FreePBX ARI Framework module.

Here are some recommendations for their product from the freepbx.org website for protection against this issue: http://www.freepbx.org/critical-freepbx-rce-vulnerability-all-versions/

Creating a Trunk

To connect your FPBX server with ours, you need to create a trunk. To achieve this, once you are into your FBPX's GUI, follow this path: Connectivity >> Trunks >> Add SIP (chan_sip) Trunk.

Creating a trunk- click to enlarge


Once you are there, you will see a list of options, create a SIP or IAX trunk (depending on your needs)

Creating a trunk- click to enlarge


SIP Trunk

From here, use the following example to configure your SIP trunk:

General Settings

  • Trunk name: Set your trunk name, a recommended one could be voipms, remember that you can manage more than 1 DID number with the same trunk (using your inbound routes).
  • Outbound CallerID: The 10 digit valid caller ID number that you will pass with this trunk for Outbound calls. This can be override from your extension's settings.

Dialed number Manipulation Rules

You can set here your outbound rules. These rules can manipulate the dialed number before sending it out this trunk. If no rule applies, the number is not changed. (Optional)

Outgoing Settings

This section is very important, below you'll find a sample, please replace the dummy information with yours and delete the comments. The information after the semicolon (;) is considered a comment and must be deleted for the trunk to work properly on some PBX versions.

canreinvite=nonat
nat=yes
context=from-trunk
host=atlanta.voip.ms ; (one of our multiple servers, you can choose the one closer to your location)
username=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
fromuser=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
secret=***** ; (password associated with the Main or Sub-account. Please avoid using the '#' character in the password as it will cause authentication issues)
type=peer
disallow=all
allow=ulaw
; allow=g729 ; uncomment if you purchased g.729 from Digium
trustrpid=yes
sendrpid=yes
insecure=invite
qualify=yes

Incoming Settings

Please delete the default settings you'll find here, this section must me in blank.

Registration

At this section you'll set your register string, this is needed when you use "registration" as authentication method (If you use IP Authentication leave this in blank)

It is formed with your SIP username, password, server and registration port as below:

YourAccountNumber:[email protected]:5060, for example:

100000:[email protected]:5060

Finally, click on Submit changes, after that you'll see a Red button in the top "Apply config", do not forget to click it to apply the changes.

SIP trunk configuration- click to enlarge



IAX2 Trunk

From here, use the following example to configure your IAX2 trunk:

General Settings

  • Trunk name: Set your trunk name, this is different from SIP trunks and it must be voipms, otherwise you could experience issues with your registration and calls.
  • Outbound CallerID: The 10 digit valid caller ID number that you will pass with this trunk for Outbound calls. This can be override from your extension's settings.

Dialed number Manipulation Rules

You can set here your outbound rules. These rules can manipulate the dialed number before sending it out this trunk. If no rule applies, the number is not changed. (Optional)

Outgoing Settings

This section is very important, below you'll find a sample, please replace the dummy information with yours and delete the comments. The information after the semicolon (;) is considered a comment and must be deleted for the trunk to work properly on some PBX versions.

type=friend
username=100000 ; (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub)
secret=***** ; (password associated with the Main or Sub-account)
context=from-trunk
host=atlanta.voip.ms ; (one of our multiple servers, you can choose the one closer to your location)
disallow=all
allow=ulaw
insecure=port,invite
requirecalltoken=no
qualify=yes

Incoming Settings

Please delete the default settings you'll find here, this section must me in blank.

Registration

At this section you'll set your register string, this is needed when you use "registration" as authentication method (If you use IP Authentication leave this in blank)

It is formed with your SIP username, password, server and registration port as below:

YourAccountNumber:[email protected]:4569, for this example:

100000:[email protected]:4569

Finally, click on Submit changes, after that you'll see a Red button in the top "Apply config", do not forget to click it to apply the changes.

IAX2 trunk configuration- click to enlarge


Outbound routes

Once you have your trunk configured, you will need an outbound route to make calls.

To create an outbound route go to "Connectivity" menu and then select "Outbound routes".

Route Settings

  • Route Name: Name of this route. Should be used to describe what type of calls this route matches (for example, 'local' or 'longdistance').
  • Route CID: If set, this will override all CIDS specified except:
    • Extension/device EMERGENCY CIDs if this route is checked as an EMERGENCY Route
    • Trunk CID if trunk is set to force it's CID
    • Forwarded call CIDs (CF, Follow Me, Ring Groups, etc)
    • Extension/User CIDs if checked

Dial Patterns

A Dial Pattern is a unique set of digits that will select this route and send the call to the designated trunks. If a dialed pattern matches this route, no subsequent routes will be tried. If Time Groups are enabled, subsequent routes will be checked for matches outside of the designated time(s).

Rules:

  • X: matches any digit from 0-9
  • Z: matches any digit from 2-9
  • [1237-9]: matches any digit in the brackets (example: 1,2,3,7,8,9)
  • . : wildcard, matches one or more dialed digits
  • Prepend: Digits to prepend to a successful match. If the dialed number matches the patterns specified by the subsequent columns, then this will be prepended before sending to the trunks.
  • Prefix: Prefix to remove on a successful match. The dialed number is compared to this and the subsequent columns for a match. Upon a match, this prefix is removed from the dialed number before sending it to the trunks.
  • Match patterns: The dialed number will be compared against the prefix + this match pattern. Upon a match, the match pattern portion of the dialed number will be sent to the trunks.
  • Caller ID: If CallerID is supplied, the dialed number will only match the prefix + match pattern if the CallerID being transmitted matches this. When extensions make outbound calls, the CallerID will be their extension number and NOT their Outbound CID. The above special matching sequences can be used for CallerID matching similar to other number matches.
Recommended Dial patterns are: 
* 1NXXNXXXXXX
* NXXNXXXXXX
* 4XXX (This one to be able to test our echo test and DTMF test)

Trunk Sequence for Matched routes

The Trunk Sequence controls the order of trunks that will be used when the above Dial Patterns are matched.

Select there your voip.ms' trunk.

Outbound route configuration - click to enlarge


Inbound routes

If you have DID numbers with us and route calls to your trunks, you need inbound routes to manage them. To create an inbound route, go to "Connectivity" menu, option "Inbound routes"

Add Incoming Route

  • Description: Provide a meaningful description of what this incoming route is.
  • DID number: Define the expected DID Number if your trunk passes DID on incoming calls. Set your voip.ms DID number with only 10 digits (Without dots, commas, spaces or the 1 in front of the number).

Set Destination

Set here the destination for your incoming calls received at the DID you configured as DID number (an extension, IVR, recording, voice mail, etc).

Inbound route configuration - click to enlarge


Once you have finished the basic configuration of your PBX server, do not forget to click on the red button "Apply Config"

Apply Setting's button - click to enlarge


Personal tools
Namespaces
Variants
Actions
VoIP.ms Blog
Guides (Français)
Guías (Español)