See also: Other FreePBX pages in this wiki

These other pages were used in the preparation of the Virtual Architects vPBX template:

See also FreePBX Configuration

See also PBX Security

See also Asterisk Timing Issues

See also FreePBX Phone Provisioning

See also iSymphony Operator Panel

http://www.roelbroersma.nl/index.php/2013/04/14/asterisknow-vm-for-xenserver

• CentOS 6.4 x64
• Asterisk 11.5
• FreePBX 2.11

https://wiki.asterisk.org/wiki/display/AST/Asterisk+11+Documentation

https://wiki.asterisk.org/wiki/display/AST/Asterisk+Packages

CAUTION! This document assumes your PBX is behind a firewall and not exposed directly to the Internet.

Be VERY careful exposing your PBX to the outside world. Otherwise, YOU WILL BE HACKED and it can be VERY expensive! Evildoers are constantly looking for loose security settings on PBXs (and anything else).

NEVER use trivial passwords for anything! Even internally. Otherwise, YOU WILL BE HACKED and it can be VERY expensive!

Since we wisely use RPM packages and YUM throughout:

yum update

Create a new paravirtualized VM using the Centos 6 (x64) template.

Estimate 100KBps of network (Internet) bandwidth required per simultaneous conversation is also required.

Voice services are a separate expense.

The following are estimates only. Sizing is easy to adjust later on virtualization platforms.

Install the XenServer Tools after the OS is installed if using XenServer:

1. In XenCenter, choose VM → Install XenServer Tools
2. In the VM:
   1. mount /dev/xvdd /mnt
   2. /mnt/Linux/install.sh

Do a Minimal Install of Centos 6 x64.

I generally disable IPv6 since I've never used it on a PBX.

After the initial reboot:

yum update -y

then reboot again.

You may need to do this before updating.

Configure a Static IP Address (CentOS).

Disable selinux:

setenforce 0
sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/sysconfig/selinux

See also PBX Security

Only open the firewall or forward the ports that are absolutely necessary.

If you don't have any remote extensions, don't open the SIP ports (UDP) 5060-5061.

If you are using SIP trunks, and you sometimes get one-way audio, you may have to open or forward RTP ports (UDP) 10000-20000.

If using IAX for trunks or extensions, you may have to open or forward (UDP) port 4569.

Assuming your PBX is behind a NAT firewall of some sort, forward some ports in to the PBX (Mikrotik example shown):

/ip firewall nat add action=dst-nat chain=dstnat comment="Forward UDP ports to PBX" \
dst-port=5060-5061,10000-20000,4569 in-interface=ether1 protocol=udp to-addresses=<PBX_IP>

This is not intended to show the perfect firewall. Adjust to your needs.

vi /etc/sysconfig/iptables

Make it look something like this:

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 50000 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 50003 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 10000:20000 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 4569 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Here we add the RepoForge Repository (x64) needed to install mpg123:

wget wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
rm -f rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

Now we disable the repository so it isn't used without being called:

vi /etc/yum.repos.d/rpmforge.repo

enabled=0

Digium provides separate repositories for different Asterisk versions.

Once you install an Asterisk version, its repository will be enabled permanently.

Check for updates and additional CentOS (64-bit) packages here and Asterisk 11 packages here.

yum install --enablerepo=rpmforge dnsmasq mpg123

rpm -Uvh http://packages.asterisk.org/centos/6/current/i386/RPMS/asterisknow-version-3.0.0-1_centos6.noarch.rpm

yum install --enablerepo=asterisk-11 asterisk asterisk-configs asterisk-addons \
asterisk-sounds-core-en-ulaw asterisk-sounds-extra-en-gsm asterisk-sounds-extra-en-ulaw \
dahdi-tools dahdi-tools-doc freepbx nmap libsrtp mod_ssl sox nano

Once installed, you can search for additional asterisk-related packages using a web browser to the repo URLs or at the command line with YUM:

yum search asterisk

Now we stop Asterisk and delete a few files so FreePBX can recreate them properly (as links, on the first 'Apply Config'):

amportal stop

rm -f /etc/asterisk/features.conf
rm -f /etc/asterisk/iax.conf
rm -f /etc/asterisk/sip_notify.conf
rm -f /etc/asterisk/logger.conf
rm -f /etc/asterisk/cel_odbc.conf
rm -f /etc/asterisk/cel.conf
rm -f /etc/asterisk/res_odbc.conf
rm -f /etc/asterisk/logger.conf

Comment out the various unneeded DAHDI modules (all of them):

vi /etc/dahdi/modules

Verify a few permissions settings:

amportal chown

chown -R asterisk.asterisk /var/lib/asterisk/agi-bin/
chown -R asterisk.asterisk /etc/asterisk

And tweak the startup:

sed -i 's/AsteriskNOW with FreePBX/your Virtual Architects vPBX/g' 
sed -i 's/AsteriskNOW system/Virtual Architects vPBX/g' /usr/bin/update-etcissue.sh
echo -e "\nVirtual Architects vPBX v1.0\n" > /etc/asterisknow-version

Now we reboot and start configuring with FreePBX:

reboot

http://wiki.freepbx.org/display/HTGS/How+to+Get+Started+Home

http://wiki.freepbx.org/display/HTGS/2.+First+Steps+After+Installation

Replace xxx.xxx.xxx.xxx with the IP of your PBX.

http://xxx.xxx.xxx.xxx

The default username and password are admin / admin.