Basic Explanation

Installing The Asterisk PBX And The Asterisk Web-Based Provisioning GUI On Linux Step by step: configuring asterisk to enable call recording | FOSSLC PBX Call Recording - voip-info.org voip pbx saas - Google Search ShoreTel SIP Trunking Switchvox Cloud | Hosted PBX | Digium Asterisk auto Call recording - Stack Overflow Google

I personally like the PBX in a Flash distro for myself, but I never recommend it for a client. I recommend Elastix for people with little/no on site IT staff. Like Elastix, it uses FreePBX to manage the Asterisk part of the system.

  • AsteriskNow

Basic Explanation

Avoid receiving calls on 0800 numbers?

So, for receiving calls, we have a lot of SIP extensions in every city (sipcall.ch) that should route all calls to one number on SIP Trunk (Winet).

SIP Trunk is outgoing only as we don’t want to call from that phone, and I couldn’t find DID number for SIP Trunk.

What is SIP trunk?

A two-way connection to a SIP provider. All calls you send to provider go out on the PSTN and charges you for the calls you make. If you have have a DID (Direct Inward Dialing) number at the provider, calls made to you are forwarded to your Asterisk PBX, then you switch the calls as you see fit.

VoIP Guides

Base IP Address: 78.46.207.105 SSH port: 20022

Username: root
Password: 91KS5j9mwy

For security reasons, everything is closed and tunneled. To start tunneling, start

ssh -N -L 80:localhost:80  -L 443:localhost:443  -L 9001:localhost:9001 pbx.etaktiker.com

in command prompt. You will need root password.

Opening and closing an SSH tunnel in a shell script the smart way

The next step is in browser, to navigate to localhost.

Inside

Main FreePBX GUI login: upravitelj / qyzsFgAhtD8u

Change the following passwords immediatly:

Asterisk REST Interface (ARI) is disabled by default, so there is no need to change password immediately.

I can ignore: Asterisk Manager Password

Logfile: /var/log/asterisk/freepbx.log

SIP Trunks

How to configure SIP Trunks: part 1, part 2 and part 3

Settings for sipcall.ch

Only setup the Outgoing settings and Registration string, and leave Incoming Settings empty.

Valid and working configuration for Outgoing settings:

defaultuser=41XXXXXXXX8 ; converted from <username>
secret=<password>
host=business2.voipgateway.org
context=from-trunk
qualify=yes ; enable monitoring
type=friend ; use <peer> for outgoing only
insecure=port,invite ; converted from <very>

Register String:

41XXXXXXXX8:password@business2.voipgateway.org/in-1st

where in-1st is any DID that you set and that you will use in incoming rules to define how to route incoming calls.

Some settings mentioned over internet for sipcall.ch, that made no difference:

useragent=portasipfriendly ; sipcall.ch needs a useragent different from asterisk
fromuser=41XXXXXXXX8
nat=yes

It seems that this sipcall.ch article was right from the start, except for the useragent.

Parameter username is in later releases renamed to defaultuser which is a better name, since it is used in combination with the “defaultip” setting

type=friend means that you will both send calls to and receive calls from this server and that the peer details will be used both for incoming and outgoing calls on this trunk.

Call requests arriving at your Asterisk server will generally need to be validated with a user id and password. There are exceptions to this rule, most notably when the request comes from a pre-defined peer whose definition in .conf includes a setting such as insecure=invite.

insecure=very allows registered hosts to call without re-authenticating. Even if you set insecure=very, FreePBX will translate that to insecure=port,invite in configuration file /etc/asterisk/sip_additional.conf for later releases of Asterisk.

Good article

Best explanation of these options is here and here.


When a call comes into your system from the outside, it will usually arrive along with information about the telephone number that was dialed (also known as the “DID”) and the Caller ID (CID) of the person who called.

Inbound Routes module is used to tell your system what to do with calls that come into your system on any trunk that has the “context=from-trunk” parameter in the PEER details.

Outbound Routes module works together with the Trunks module.

Dialed number manipulation rules for Outbound Routes: add “X.” in the “match pattern” box (read more about Match Patterns)

Forward all incoming calls to an external destination

Use Misc Destinations which is a custom call target that can be used by other modules.

Here you enter our destination mobile phone.

to i created a “Misc Destination” on Freepbx with a target external number and than added an inbound route that will forward all incoming calls to that DID to the number defined in the “Misc Destination”

Is there a way to pass the inbound CID to the outbound call?

Do you have a outgoing caller ID setup in your Trunk configuration? Ok, I removed the outbound CID from the trunks and moved it to each internal extension’s outbound CID. Now the correct caller ID is passed to the external number when the IVR goes to the follow-on extension.

Softphone

Download CounterPath’s Free X-Lite Softphone from here.

Extension 1000, pass: 02ba527e81b7ca0f41b389f8df9229e4 Extension 1001, pass: c12b6d818adbd49eeb9c150d2173a6d7

Asterisk CLI

Login with: asterisk -rvvv

Basic commands: Show devices: sip show peers Show calls: core show channels

Everything shown in command line is logged in /var/log/asterisk/full.

context=from-trunk

Transferring Caller ID from original

sendrpid=yes (Send Remote-Party-ID) defaults to no, but set if you want to pass your own Caller ID number (in outbound trunk). Also add trustrpid=yes for incoming Remote-Party-ID (in inbound trunk).

Security

Asterisk security

  • Security bible: Asterisk PBX security risks and how to avoid being hacked: part 1, part 2, part 3

By far the worst mistake that you could make when defining a static SIP peer (SIP Trunk in FreePBX) would be to have both type=friend and insecure=invite. In this situation, a hacker could initiate calls from any remote IP address without needing to authenticate with a password. They would only need to guess one piece of data – the user name.

Maybe set like this? Creating a trunk for inbound calls in FreePBX - Knowledgebase - MultiTEL and bad setting

Hacking Tools - voip-info.org

SIPVicious is a set of tools that can be used to audit SIP based VoIP systems. github

VoIPmonitor

SIP Attacks

SIP Attack: Friendly-Scanner | Kolmisoft Blog When friendly-scanner gets aggressive – The Smartvox Knowledgebase

Change default SIP port 5060

Manually


VoIP Bandwidth Calculator


Interesting tools:

Asterisk Phone Agent - Business Communications Assistant



Outbound Caller ID: “SomeName” <41325123456>

Peer Details: username=NUMBER eg. 41325123456 type=peer secret=PASSWORD insecure=very host=sip.backbone.ch

As Registration String at the bottom you enter: NUMBER:PASSWORD@sip.backbone.ch/NUMBER eg. 41325123456:PASSWORD@sip.backbone.ch/41325123456

on the Inbound Routes you have to look for the DID 41325123456, it’s NOT 0041325123456

The rest is empty in my configuration. Should word just fine like this.

Cheers

Total Control in PHP

Asterisk RESTful Interface (ARI) is the latest, total control interface; older technologies are AGI and AMI

Asterisk REST Interface (ARI)

Libraries for ARI:

Asterisk Slack Notification

Synonyms: Call Notification Tools, Asterisk Call Notification

Simplest way is to use AGI (Asterisk Gateway Interface), something like CGI on web servers. AGI is synchronous - actions taken on a channel from an AGI block and do not return until the action is completed.

AGI examples:

Shell commands:

Manual of Asterisk AGI PHP.

  • Various types of notifications and only notifications of missed calls

Pytong examples:

AMI examples:

Addendum:

FreePBX Activation

Portal Account:

email: v@etk.rs
password: AcReecer8Wrr
Deployment ID: 83877379

You can do the same with fwconsole command.

SPAM protection

PhoneSpamFilter.com

Blacklisting numbers from database

Speech recognition as a SPAM protection

Official Speech Recognition API

This AGI script makes use of Google’s speech recognition engine.

TrueCNAM


SIP Provider Flowroute that Crosstalk Solutions is recommending.

Up until now, I have focused on Flowroute as a provider of enterprise SIP trunks, but its bigger market might be enabling other companies to become mini carriers. If you’ve been paying attention to this space, you will recognize the names OnSIP, Plivo, and VOIPo.

Tests:

  • Da li se Caller ID prenosi kako treba?
  • Šta se dešava kada je target telefon zauzet?
  • Probaj Call Recording dal radi (na outbound route-u)
  • Set outbound password route, pa onda probaj ovo što smo namestili (to mi je security dobar)
  • Probati 3-way call (odnosno Conference u X-Lite). Kako radi to sa fiksnim?

CLI commands

FreePBX (CLI) Commands - PBX GUI - Documentation


Caller ID Spoofing

Spoof Call or Caller ID spoofing is NOT illegal. If no harm is intended or caused, spoofing is not illegal: FCC

Spoofing Caller ID on the fly from any phone for legal and legitimate purposes | VPetkov.net

SpoofCard Bluff My Call SpoofTel.com Caller ID Faker Spoof Callz

Interesting idea is mentioned here: How to Protect Yourself From Caller ID Spoofing

The call-back method allows for some security when you think caller ID spoofing is being used. You could put the caller on hold, and then call the displayed number. If the number is busy or you reached the company they said they are calling from then they are potentially telling the truth.

What is Caller ID Spoofing? Trust no one

Call back? Call-Back Software for the Call Center

If CID is blocked?

How to reveal blocked caller ID info: a video guide to risky behavior

Unmask Blocked Caller ID. Someone made a business of it TrapCall

Security headers: P-Asserted-Identity

Who Was That Masked Man? Using P-Asserted-Identity

SIP Privacy Headers: P-Asserted-Identity, P-Preferred-Identity, Remote Party ID SIP Privacy Overview P-Asserted-Identity and Remote-Party-ID header - voip-info.org

Call tracing?

Disable caller ID?

Direct outward dialing (DOD)

  • Detection of caller ID spoofing is technically impossible.

  • How would you detect caller ID spoofing if the Telco company can’t event tell if your spoofing? If Telco companies could detect caller ID spoofing, this challenge wouldn’t be available.

Caller ID in SIP and Asterisk: Part 1, Part 2


Caller Anti Fraud?

TRUSTID | Automatic Caller Authentication Pindrop Explained: Pindrop Security - Post - No Jitter

Maybe even TeleSign


Securing Your Asterisk VoIP Server with IPTables IPTables GeoIP, Port Knocking and Port Scan Detection Asterisk - Page 1 - Lin’s Tech Blog


FreePBXHosting/freepbx-scripts: FreePBX Scripts


Tried with a user:

user: etaktiker pass: zerhtBXv!q9I


Firewall

Rob’s Twist on: Why You Need a Firewall, really? | FreePBX Firewall - PBX GUI - Documentation

Trusted shouldn’t be used for an INTERFACE, only a NETWORK (or Host). Otherwise, it kinda defeats the entire purpose of the firewall 8)

Is there a default zone set for eth0 on install?

Yep, it defaults to Trusted. This is so if your machine decides that it’s got a NEW network interface, you aren’t locked out. However, it yells about it, so you know to get in and fix it!


Call recordings

How to listen to call recordings:

ln -s /var/spool/asterisk/monitor/ /var/www/html/_call-recordings

Access all recordings here: https://pbx.etaktiker.com/_call-recordings/


Interesting configuration files in /etc/asterisk:

sip_additional.conf (the PEER Details from Outgoing SIP Settings in Trunk configuration)
sip_registrations.conf (Register String from Incoming SIP Settings)

Set Trunk


Good blogs:


Slack notification with call recording

  • Log on to FreePBX, then click on Settings > Advanced Settings
  • Turn on Display ReadOnly Settings and Override Readonly Settings
  • Click Submit
  • Refresh the page by hitting F5 or similar on your browser

Now, under Developer and Customization, locate Post Call Recording Script

[SOLVED] How To Email Call Recordings Post Call Recording Script - General Help - FreePBX Community Forums – Post call emailing of Call Recordings in Freepbx

We can also use simple file monitor:

http://community.freepbx.org/t/e-mail-call-monitor-recordings/22896
[splitbrain/Watcher: Watcher is a daemon that watches specified files/folders for changes and fires commands in response to those changes. It is similar to incron, however, configuration uses a simpler to read ini file instead of a plain text file. Unlike incron it can also recursively monitor directories. It's also written in Python, making it easier to hack.](https://github.com/splitbrain/Watcher)

Missed Call Notification Module? http://community.freepbx.org/t/missed-call-notification-module/24330/15

Custom dialplan?

Explore extensions_custom.conf and /etc/asterisk/extensions_custom.conf.sample ? voip - Running a Shell Script from Free PBX/Trixbox - Stack Overflow Miscellaneous/Custom application/extensions: How to extend FreePBX with custom dialplan (part 1 of 2) | FreePBX Miscellaneous/Custom application/extensions: How to extend FreePBX with custom dialplan (part 2 of 2) | FreePBX

How to make FreePBX include -custom contexts | VoIP @ Hackrr.com

Home · POSSA/freepbx-dialplan-injection Wiki How to start custom dial plan in Free PBX - YouTube

Post to a Slack channel:

curl -X POST --data-urlencode 'payload={"text": "Call from X recorded has been recorded: .", "channel": "#locksmith", "username": "pbx", "icon_emoji": "🎙️"}' https://hooks.slack.com/services/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

Incoming Webhooks | Slack So I don’t need really this: Post a message to a Slack channel


Update from command line

FreePBX CLI Commands

ma is shorthand of moduleadmin.

fwconsole ma upgradeall
# fwconsole chown
fwconsole reload
fwconsole restart

If you get messages about tampered files, use fwconsole ma refreshsignatures.

Please note that amportal command will be removed from FreePBX 14, and in our version 13 it is still there, but alias functionality over to fwconsole.

Show upgrades:

amportal a ma showupgrades

Perform upgrades:

amportal a ma upgradeall
amportal a ma reload
date 01. Jan 0001 | modified 29. Dec 2023
filename: Task - VoIP Asterisk PBX