Installing The Asterisk PBX And The Asterisk Web-Based Provisioning GUI On Linux Step by step: configuring asterisk to enable call recording | FOSSLC PBX Call Recording - voip-info.org voip pbx saas - Google Search ShoreTel SIP Trunking Switchvox Cloud | Hosted PBX | Digium Asterisk auto Call recording - Stack Overflow Google
I personally like the PBX in a Flash distro for myself, but I never recommend it for a client. I recommend Elastix for people with little/no on site IT staff. Like Elastix, it uses FreePBX to manage the Asterisk part of the system.
- AsteriskNow
Basic Explanation
Avoid receiving calls on 0800 numbers?
So, for receiving calls, we have a lot of SIP extensions in every city (sipcall.ch) that should route all calls to one number on SIP Trunk (Winet).
SIP Trunk is outgoing only as we don’t want to call from that phone, and I couldn’t find DID number for SIP Trunk.
What is SIP trunk?
A two-way connection to a SIP provider. All calls you send to provider go out on the PSTN and charges you for the calls you make. If you have have a DID (Direct Inward Dialing) number at the provider, calls made to you are forwarded to your Asterisk PBX, then you switch the calls as you see fit.
VoIP Guides
Base IP Address: 78.46.207.105 SSH port: 20022
Username: root
Password: 91KS5j9mwy
For security reasons, everything is closed and tunneled. To start tunneling, start
ssh -N -L 80:localhost:80 -L 443:localhost:443 -L 9001:localhost:9001 pbx.etaktiker.com
in command prompt. You will need root password.
Opening and closing an SSH tunnel in a shell script the smart way
The next step is in browser, to navigate to localhost.
Inside
Main FreePBX GUI login: upravitelj / qyzsFgAhtD8u
Change the following passwords immediatly:
Asterisk REST Interface (ARI) is disabled by default, so there is no need to change password immediately.
I can ignore: Asterisk Manager Password
Logfile: /var/log/asterisk/freepbx.log
SIP Trunks
How to configure SIP Trunks: part 1, part 2 and part 3
Settings for sipcall.ch
Only setup the Outgoing settings and Registration string, and leave Incoming Settings empty.
Valid and working configuration for Outgoing settings:
defaultuser=41XXXXXXXX8 ; converted from <username>
secret=<password>
host=business2.voipgateway.org
context=from-trunk
qualify=yes ; enable monitoring
type=friend ; use <peer> for outgoing only
insecure=port,invite ; converted from <very>
Register String:
41XXXXXXXX8:password@business2.voipgateway.org/in-1st
where in-1st is any DID that you set and that you will use in incoming
rules to define how to route incoming calls.
Some settings mentioned over internet for sipcall.ch, that made no difference:
useragent=portasipfriendly ; sipcall.ch needs a useragent different from asterisk
fromuser=41XXXXXXXX8
nat=yes
It seems that this sipcall.ch article
was right from the start, except for the useragent.
Parameter username is in later releases renamed to defaultuser which
is a better name, since it is used in combination with the “defaultip”
setting
type=friend means that you will both send calls to and receive calls
from this server and that the peer details will be used both for
incoming and outgoing calls on this trunk.
Call requests arriving at your Asterisk server will generally need to be
validated with a user id and password. There are exceptions to this
rule, most notably when the request comes from a pre-defined peer whose
definition in .conf includes a setting such as insecure=invite.
insecure=very allows registered hosts to call without
re-authenticating. Even if you set insecure=very, FreePBX will
translate that to insecure=port,invite in configuration file
/etc/asterisk/sip_additional.conf for later releases of Asterisk.
Good article
Best explanation of these options is here and here.
When a call comes into your system from the outside, it will usually arrive along with information about the telephone number that was dialed (also known as the “DID”) and the Caller ID (CID) of the person who called.
Inbound Routes module is used to tell your system what to do with calls that come into your system on any trunk that has the “context=from-trunk” parameter in the PEER details.
Outbound Routes module works together with the Trunks module.
Dialed number manipulation rules for Outbound Routes: add “X.” in the “match pattern” box (read more about Match Patterns)
Forward all incoming calls to an external destination
Use Misc Destinations which is a custom call target that can be used by other modules.
Here you enter our destination mobile phone.
to i created a “Misc Destination” on Freepbx with a target external number and than added an inbound route that will forward all incoming calls to that DID to the number defined in the “Misc Destination”
Is there a way to pass the inbound CID to the outbound call?
Do you have a outgoing caller ID setup in your Trunk configuration? Ok, I removed the outbound CID from the trunks and moved it to each internal extension’s outbound CID. Now the correct caller ID is passed to the external number when the IVR goes to the follow-on extension.
Softphone
Download CounterPath’s Free X-Lite Softphone from here.
Extension 1000, pass: 02ba527e81b7ca0f41b389f8df9229e4 Extension 1001, pass: c12b6d818adbd49eeb9c150d2173a6d7
Asterisk CLI
Login with: asterisk -rvvv
Basic commands:
Show devices: sip show peers
Show calls: core show channels
Everything shown in command line is logged in /var/log/asterisk/full.
context=from-trunk
Transferring Caller ID from original
sendrpid=yes (Send Remote-Party-ID) defaults to no, but set if you
want to pass your own Caller ID number (in outbound trunk). Also add
trustrpid=yes for incoming Remote-Party-ID (in inbound trunk).
Security
By far the worst mistake that you could make when defining a static SIP
peer (SIP Trunk in FreePBX) would be to have both type=friend and
insecure=invite. In this situation, a hacker could initiate calls from
any remote IP address without needing to authenticate with a password.
They would only need to guess one piece of data – the user name.
Maybe set like this? Creating a trunk for inbound calls in FreePBX - Knowledgebase - MultiTEL and bad setting
SIPVicious is a set of tools that can be used to audit SIP based VoIP systems. github
SIP Attacks
SIP Attack: Friendly-Scanner | Kolmisoft Blog When friendly-scanner gets aggressive – The Smartvox Knowledgebase
Change default SIP port 5060
Interesting tools:
Asterisk Phone Agent - Business Communications Assistant
Outbound Caller ID: “SomeName” <41325123456>
Peer Details: username=NUMBER eg. 41325123456 type=peer secret=PASSWORD insecure=very host=sip.backbone.ch
As Registration String at the bottom you enter: NUMBER:PASSWORD@sip.backbone.ch/NUMBER eg. 41325123456:PASSWORD@sip.backbone.ch/41325123456
on the Inbound Routes you have to look for the DID 41325123456, it’s NOT 0041325123456
The rest is empty in my configuration. Should word just fine like this.
Cheers
Total Control in PHP
Asterisk RESTful Interface (ARI) is the latest, total control interface; older technologies are AGI and AMI
Libraries for ARI:
Asterisk Slack Notification
Synonyms: Call Notification Tools, Asterisk Call Notification
Simplest way is to use AGI (Asterisk Gateway Interface), something like CGI on web servers. AGI is synchronous - actions taken on a channel from an AGI block and do not return until the action is completed.
AGI examples:
Shell commands:
- Sending call notifications to HipChat
- Using email notifications for missed calls in Asterisk
- Using bash to notify Twitter
- Asterisk System() to execute a system command.
- harperreed/Asterisk-CallerID-Spoofing
Manual of Asterisk AGI PHP.
- Various types of notifications and only notifications of missed calls
Pytong examples:
AMI examples:
-
Project firehooper/asterisk-slack publishes Asterisk call information to Slack, using AMI, written in Python
Addendum:
- Simplest way to notify Slack: Post a message to a slack channel with PHP
FreePBX Activation
Portal Account:
email: v@etk.rs
password: AcReecer8Wrr
Deployment ID: 83877379
You can do the same with fwconsole command.
SPAM protection
Blacklisting numbers from database
Speech recognition as a SPAM protection
Official Speech Recognition API
This AGI script makes use of Google’s speech recognition engine.
SIP Provider Flowroute that Crosstalk Solutions is recommending.
Up until now, I have focused on Flowroute as a provider of enterprise SIP trunks, but its bigger market might be enabling other companies to become mini carriers. If you’ve been paying attention to this space, you will recognize the names OnSIP, Plivo, and VOIPo.
Tests:
- Da li se Caller ID prenosi kako treba?
- Šta se dešava kada je target telefon zauzet?
- Probaj Call Recording dal radi (na outbound route-u)
- Set outbound password route, pa onda probaj ovo što smo namestili (to mi je security dobar)
- Probati 3-way call (odnosno Conference u X-Lite). Kako radi to sa fiksnim?
CLI commands
FreePBX (CLI) Commands - PBX GUI - Documentation
Caller ID Spoofing
Spoof Call or Caller ID spoofing is NOT illegal. If no harm is intended or caused, spoofing is not illegal: FCC
Spoofing Caller ID on the fly from any phone for legal and legitimate purposes | VPetkov.net
SpoofCard Bluff My Call SpoofTel.com Caller ID Faker Spoof Callz
Interesting idea is mentioned here: How to Protect Yourself From Caller ID Spoofing
The call-back method allows for some security when you think caller ID spoofing is being used. You could put the caller on hold, and then call the displayed number. If the number is busy or you reached the company they said they are calling from then they are potentially telling the truth.
What is Caller ID Spoofing? Trust no one
Call back? Call-Back Software for the Call Center
If CID is blocked?
How to reveal blocked caller ID info: a video guide to risky behavior
Unmask Blocked Caller ID. Someone made a business of it TrapCall
Security headers: P-Asserted-Identity
Who Was That Masked Man? Using P-Asserted-Identity
SIP Privacy Headers: P-Asserted-Identity, P-Preferred-Identity, Remote Party ID SIP Privacy Overview P-Asserted-Identity and Remote-Party-ID header - voip-info.org
Call tracing?
Disable caller ID?
Direct outward dialing (DOD)
-
Detection of caller ID spoofing is technically impossible.
-
How would you detect caller ID spoofing if the Telco company can’t event tell if your spoofing? If Telco companies could detect caller ID spoofing, this challenge wouldn’t be available.
Caller ID in SIP and Asterisk: Part 1, Part 2
Caller Anti Fraud?
TRUSTID | Automatic Caller Authentication Pindrop Explained: Pindrop Security - Post - No Jitter
Maybe even TeleSign
Securing Your Asterisk VoIP Server with IPTables IPTables GeoIP, Port Knocking and Port Scan Detection Asterisk - Page 1 - Lin’s Tech Blog
FreePBXHosting/freepbx-scripts: FreePBX Scripts
Tried with a user:
user: etaktiker pass: zerhtBXv!q9I
Firewall
Rob’s Twist on: Why You Need a Firewall, really? | FreePBX Firewall - PBX GUI - Documentation
Trusted shouldn’t be used for an INTERFACE, only a NETWORK (or Host). Otherwise, it kinda defeats the entire purpose of the firewall 8)
Is there a default zone set for eth0 on install?
Yep, it defaults to Trusted. This is so if your machine decides that it’s got a NEW network interface, you aren’t locked out. However, it yells about it, so you know to get in and fix it!
Call recordings
How to listen to call recordings:
ln -s /var/spool/asterisk/monitor/ /var/www/html/_call-recordings
Access all recordings here: https://pbx.etaktiker.com/_call-recordings/
Interesting configuration files in /etc/asterisk:
sip_additional.conf (the PEER Details from Outgoing SIP Settings in Trunk configuration)
sip_registrations.conf (Register String from Incoming SIP Settings)
Good blogs:
Slack notification with call recording
- Log on to FreePBX, then click on Settings > Advanced Settings
- Turn on Display ReadOnly Settings and Override Readonly Settings
- Click Submit
- Refresh the page by hitting F5 or similar on your browser
Now, under Developer and Customization, locate Post Call Recording Script
[SOLVED] How To Email Call Recordings Post Call Recording Script - General Help - FreePBX Community Forums – Post call emailing of Call Recordings in Freepbx
We can also use simple file monitor:
http://community.freepbx.org/t/e-mail-call-monitor-recordings/22896
[splitbrain/Watcher: Watcher is a daemon that watches specified files/folders for changes and fires commands in response to those changes. It is similar to incron, however, configuration uses a simpler to read ini file instead of a plain text file. Unlike incron it can also recursively monitor directories. It's also written in Python, making it easier to hack.](https://github.com/splitbrain/Watcher)
Missed Call Notification Module? http://community.freepbx.org/t/missed-call-notification-module/24330/15
Custom dialplan?
Explore extensions_custom.conf and /etc/asterisk/extensions_custom.conf.sample
? voip - Running a Shell Script from Free PBX/Trixbox - Stack Overflow
Miscellaneous/Custom application/extensions: How to extend FreePBX with custom dialplan (part 1 of 2) | FreePBX
Miscellaneous/Custom application/extensions: How to extend FreePBX with custom dialplan (part 2 of 2) | FreePBX
How to make FreePBX include -custom contexts | VoIP @ Hackrr.com
Home · POSSA/freepbx-dialplan-injection Wiki How to start custom dial plan in Free PBX - YouTube
Post to a Slack channel:
curl -X POST --data-urlencode 'payload={"text": "Call from X recorded has been recorded: .", "channel": "#locksmith", "username": "pbx", "icon_emoji": "🎙️"}' https://hooks.slack.com/services/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
Incoming Webhooks | Slack So I don’t need really this: Post a message to a Slack channel
Update from command line
FreePBX CLI Commands
ma is shorthand of moduleadmin.
fwconsole ma upgradeall
# fwconsole chown
fwconsole reload
fwconsole restart
If you get messages about tampered files, use fwconsole ma refreshsignatures.
Please note that amportal command will be removed from FreePBX 14, and in
our version 13 it is still there, but alias functionality over to fwconsole.
Show upgrades:
amportal a ma showupgrades
Perform upgrades:
amportal a ma upgradeall
amportal a ma reload