Differences

This shows you the differences between two versions of the page.

--- voice:pbx:freepbx_config [2013/09/25 16:58]
gcooper
+++ — (current)
@@ Line 1: / Line 1: @@
-====== FreePBX Configuration ======
-FreePBX is an Asterisk management system with a web interface.
-See also **[[https://www.sonoracomm.com/wiki/doku.php?do=search&id=freepbx|Other FreePBX pages in this wiki]]**
-===== Using FreePBX =====
-The FreePBX administration console: <file>http://ip.of.your.pbx</file>
-:!: If this is the first visit to the FreePBX web admin page, click "Apply Configuration Changes" and reboot the new PBX again.
-==== Default Credentials ====
-^Function                      ^Username     ^Password    ^Comment                                 ^
-|FreePBX                       |admin        |admin       |                                        |
-|Voicemail & Recordings (ARI)  |<none>       |<none>      |Use the FreePBX admin console to enable |
-===== Configuration =====
-==== Important Initial Settings ====
-:!: Save each change and click Apply Configuration after done making changes.
-**FreePBX -> Admin -> Administrators -> admin ->**
-  * **Password -> newfreepbxadminpassword**
-**FreePBX -> Settings -> Advanced Settings -> Asterisk Manager ->**
-  * **Asterisk Manager Password -> your-asterisk-manager-password**
-**FreePBX -> Settings -> Advanced Settings -> System Setup ->**
-  * **User Portal Admin Username -> newariadminusername**
-  * **User Portal Admin Password -> newariadminpassword**
-**FreePBX -> Admin -> Module Admin -> Check Online -> Upgrade All -> Process**
-===== Security =====
-==== Firewall ====
-The following ports may need to be opened:
-^Protocol^Ports^Description^
-|TCP|80|HTTP|
-|TCP|443|HTTPS|
-|TCP|4445|Flash Operator Panel|
-|UDP|5060-5061|SIP|
-|UDP|10000-20000|RTP|
-|UDP|4569|IAX|
-Firewall options:
-=== iptables ===
-<file>
-system-config-firewall-tui
-</file>
-=== Arno's Firewall ===
-**[[networking:firewall:arno_s_firewall|Arno's Firewall]]**
-==== Fail2Ban ====
-See **[[networking:linux:fail2ban|Fail2Ban]]**.
-For a base CentOS 6.2 box, after installing Fail2Ban via the EPEL repo, you can just copy and paste the following in one go to get a basic Fail2Ban installation set up for your PBX:
-<file>
-cat << EOF >> /etc/fail2ban/fail2ban.local
-# Fail2Ban local configuration file
-#
-# This file overrides the fail2ban.conf file
-[Definition]
-logtarget = /var/log/fail2ban.log
-EOF
-cat << EOF >> /etc/fail2ban/jail.local
-# Fail2Ban local configuration file
-#
-# This file overrides the jail.conf file
-[DEFAULT]
-ignoreip = 127.0.0.1 209.193.64.0/24 70.176.57.141
-bantime  = 600
-findtime  = 600
-maxretry = 3
-backend = auto
-[asterisk-iptables]
-enabled  = true
-filter   = asterisk
-action   = iptables-allports[name=SIP, protocol=all]
-#           sendmail-whois[name=SIP, dest=none@yourpbx.com, sender=none@yourpbx.com]
-logpath  = /var/log/asterisk/fail2ban
-maxretry = 5
-bantime = 600
-[ssh-iptables]
-enabled  = true
-filter   = sshd
-action   = iptables[name=SSH, port=ssh, protocol=tcp]
-#           sendmail-whois[name=SSH, dest=none@yourpbx.com, sender=none@yourpbx.com]
-logpath  = /var/log/secure
-maxretry = 3
-[apache-tcpwrapper]
-enabled  = true
-filter   = apache-auth
-action   = iptables-allports[name=PBX-GUI, port=http, protocol=tcp]
-#           sendmail-whois[name=PBX-GUI, dest=none@yourpbx.com, sender=none@yourpbx.com]
-logpath  = /var/log/httpd/error_log
-maxretry = 3
-[vsftpd-iptables]
-enabled  = true
-filter   = vsftpd
-action   = iptables[name=FTP, port=ftp, protocol=tcp]
-#           sendmail-whois[name=FTP, dest=none@yourpbx.com, sender=none@yourpbx.com]
-logpath  = /var/log/vsftpd.log
-maxretry = 3
-bantime  = 600
-[apache-badbots]
-enabled  = true
-filter   = apache-badbots
-action   = iptables-multiport[name=BadBots, port="http,https"]
-#           sendmail-whois[name=PBX GUI, dest=none@yourpbx.com, sender=none@yourpbx.com]
-logpath  = /var/log/httpd/*access_log
-bantime  = 600
-maxretry = 1
-EOF
-cat << EOF >> /etc/fail2ban/filter.d/asterisk.conf
-# Fail2Ban configuration file
-#
-# Asterisk Filter - /etc/fail2ban/filter.d/asterisk.conf
-[INCLUDES]
-# Read common prefixes. If any customizations available -- read them from
-# common.local
-#before = common.conf
-[Definition]
-#_daemon = asterisk
-# Option:  failregex
-# Notes.:  regex to match the password failures messages in the logfile. The
-#          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
-# Values:  TEXT
-#
-failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
-	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found
-	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL
-	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch
-	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register
-	    NOTICE.* <HOST> failed to authenticate as '.*'$
-	    NOTICE.* .*: No registration for peer '.*' (from <HOST>)
-	    NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
-	    VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')
-# Option:  ignoreregex
-# Notes.:  regex to ignore. If this regex matches, the line is ignored.
-# Values:  TEXT
-#
-ignoreregex =
-EOF
-service fail2ban restart
-</file>
-===== Troubleshooting =====
-==== Asterisk Manager Interface ====
-Verify that the username and password in /etc/asterisk/manager.conf and /etc/amportal.conf match.
-http://www.freepbx.org/support/documentation/faq/changing-the-asterisk-manager-password
-==== Pear DB ====
-If you see an error during FreePBX installation like:
-<file>
-Checking for PEAR DB..FAILED
-</file>
-try:
-<file>
-pear install DB
-</file>
-then re-run:
-<file>
-./install_amp
-</file>
-==== Remote Extensions ====
-:!: If you enable remote access to your PBX, **secure it!**
-:!: NAT is a real hurdle for SIP.  The best way to deal with NAT issues is to not use NAT if at all possible.  NAT on both ends may not be worth attempting if using SIP, it's just not a NAT-friendly protocol like IAX.
-=== IAX Protocol ===
-:!: Using phones with IAX protocol support is a good alternative if the PBX is behind NAT.
-:!: IAX protocol is pretty much Asterisk-specific.
-If your PBX is behind NAT, forward the single UDP port 4569 from your NAT firewall in to the PBX.
-=== SIP Protocol ===
-http://www.freepbx.org/support/documentation/howtos/howto-setup-a-remote-sip-extension
-If your PBX is behind NAT and you'd still like to try getting remote SIP extensions to work:
-<file>
-vim /etc/asterisk/sip_nat.conf
-localnet=192.168.1.0/255.255.255.0      #your local network
-externhost=your.fqdn.hostname           #your resolvable host name
-fromdomain=your.fqdn.domain.name        #your domain mane
-nat=yes
-qualify=yes
-externrefresh=10
-canreinvite=no
-asterisk -rx reload                     #reload Asterisk configuration
-</file>
-==== PHP Memory Limit ====
-This should be the default:
-<file>
-vim -c 457 /etc/php.ini
-</file>
-<file>
-memory_limit = 128M
-</file>
-==== Re-Install Just FreePBX ====
-<file>
-amportal stop
-rm -f /etc/asterisk/{sip_notify.conf,iax.conf,logger.conf,features.conf,sip.conf,extensions.conf,ccss.conf,chan_dahdi.conf}
-/usr/sbin/safe_asterisk
-cd /usr/src/freepbx-2.10.0
-./install_amp
-</file>
-Visit the configuration page at: http://IP.of.PBX
-Click “Apply Settings”
-Reboot
-===== First Steps =====
-http://www.freepbx.org/support/documentation/installation/first-steps-after-installation
-===== Add-On Modules =====
-FreePBX offers numerous add-on modules.
-  * You probably don't want or need to install them all
-    * Simpler user interface
-    * Enhanced security
-  * If you are looking for a feature and don't find it
-    * **FreePBX -> Admin -> Module Admin -> Check Online**
-Commonly installed modules:
-  * Ring Groups
-  * IVR
-  * Backup and Restore
-  * Follow Me
-  * Asterisk Info
-  * Asterisk Logfiles
-  * Asterisk SIP Settings
-  * OSS Endpoint Manager
-===== NAT =====
-Install the Sip Settings FreePBX module, if it's not already installed, then:
-**Settings -> Asterisk SIP Settings**
-===== Send E-Mail =====
-If you have **Postfix** installed (default in CentOS 6), it's easy to use that:
-See also **[[networking:linux:postfix_smarthost|Postfix Authenticated Smarthost]]**
-If you don't have an MTA installed, **SSMTP** is a simple alternative:
-See also **[[networking:linux:ssmtp|SSMTP]]**
-===== Phone Management =====
-Install either the free OSS End Point Manager or the commercial (and more capable) End Point Manager FreePBX module.
-http://www.the159.com/endpointman/tut.html
-===== Extensions =====
-Add a regular SIP extension (phone):
-**Applications -> Extensions -> Add Extension -> Generic SIP Device**
-===== Trunks =====
-http://www.freepbx.org/support/documentation/howtos/howto-route-dial-patterns-and-trunk-dial-rules
-http://www.inphonex.com/support/trixbox-configuration-v2.6.1.1.php
-==== InPhonex ====
-Trunk Description: InPhonex
-Outbound Caller ID: 5201231234
-Dial Rules only modify dial strings.  Use '+' to add or '|' to remove digits:
-+NXXXXXX
-+NXXNXXXXXX
-Trunk Name: inphonex-outbound
-Peer Details:
-type=peer
-insecure=very
-host=sip.inphonex.com
-username=yourinphonexusername
-secret=yourinphonexpassword
-qualify=yes
-sendrpid=yes
-context=from-pstn
-fromuser=yourinphonexusername
-fromdomain=sip.inphonex.com
-canreinvite=no
-User Context: inphonex-inbound
-User Details:
-type=friend
-context=from-pstn
-username=yourinphonexusername
-user=yourinphonexusername
-insecure=very
-host=sip.inphonex.com
-fromdomain=sip.inphonex.com
-Registration String:
-yourinphonexusername:yourinphonexpassword@sip.inphonex.com/yourinphonexusername
-==== Vitelity ====
-Trunk Description: Vitelity
-Outbound Caller ID: 5201231234
-Dial Rules only modify dial strings.  Use '+' to add or '|' to remove digits:
-+NXXXXXX
-+NXXNXXXXXX
-Trunk Name: vitelity-outbound
-Peer Details:
-type=friend
-dtmfmode=auto
-host=outbound.vitelity.net
-username=yourvitelityusername
-fromuser=yourvitelityusername
-trustrpid=yes
-sendrpid=yes
-secret=yourvitelitypassword
-allow=all
-canreinvite=no
-User Context: vitelity-inbound
-User Details:
-type=friend
-dtmfmode=auto
-host=inbound23.vitelity.net
-context=inbound
-username=yourvitelityusername
-secret=yourvitelitypassword
-allow=all
-insecure=very
-canreinvite=no
-Registration String:
-yourvitelityusername:yourvitelitypassword@inbound23.vitelity.net:5060
-===== Outbound Routes =====
-Route Name: Default
-Emergency: enabled
-Dial Patterns:
-.
-NXXNXXXXXX
-NXXNXXXXXX
-NXXXXXX
-Pick a trunk or two.
-**Inbound Routes**
-Route Name: Default
-Set Destination:

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools