User Tools
This is an old revision of the document!
Table of Contents
FreePBX Configuration
Incomplete
FreePBX is an Asterisk management system with a web interface.
See also Other FreePBX pages in this wiki
Using FreePBX
Before using FreePBX, you have to visit the configuration page at: http://IP.of.PBX
Click “Apply Configuration Changes”
Reboot again
Defailt Credentials
| Function | Username | Password | Comment |
|---|---|---|---|
| FreePBX | admin | admin | |
| Voicemail & Recordings (ARI) | <none> | <none> | Use the FreePBX admin console to enable |
Configuration
The FreePBX administration console: http://IP.of.PBX
Important Initial Settings
Save each change and click Apply Configuration after done making changes.
FreePBX → Admin → Administrators → admin →
- Password → your-freepbx-admin-password
FreePBX → Settings → Advanced Settings → Asterisk Manager →
- Asterisk Manager Password → your-asterisk-manager-password
FreePBX → Settings → Advanced Settings → System Setup →
- User Portal Admin Username → your-ari-admin-username
- User Portal Admin Password → your-ari-admin-password
FreePBX → Admin → Module Admin → Check Online → Upgrade All → Process
Now continue your configuration here:
Security
Firewall
The following ports may need to be opened:
| Protocol | Ports | Description |
|---|---|---|
| TCP | 80 | HTTP |
| TCP | 443 | HTTPS |
| TCP | 4445 | Flash Operator Panel |
| UDP | 5060-5061 | SIP |
| UDP | 10000-20000 | RTP |
| UDP | 4569 | IAX |
Firewall options:
iptables
system-config-firewall-tui
Arno's Firewall
Fail2Ban
See Fail2Ban.
For a base CentOS 6.2 box, after installing Fail2Ban via the EPEL repo, you can just copy and paste the following in one go to get a basic Fail2Ban installation set up for your PBX:
cat << EOF >> /etc/fail2ban/fail2ban.local
# Fail2Ban local configuration file
#
# This file overrides the fail2ban.conf file
[Definition]
logtarget = /var/log/fail2ban.log
EOF
cat << EOF >> /etc/fail2ban/jail.local
# Fail2Ban local configuration file
#
# This file overrides the jail.conf file
[DEFAULT]
ignoreip = 127.0.0.1 209.193.64.0/24 70.176.57.141
bantime = 600
findtime = 600
maxretry = 3
backend = auto
[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=SIP, protocol=all]
# sendmail-whois[name=SIP, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath = /var/log/asterisk/fail2ban
maxretry = 5
bantime = 600
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
# sendmail-whois[name=SSH, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath = /var/log/secure
maxretry = 3
[apache-tcpwrapper]
enabled = true
filter = apache-auth
action = iptables-allports[name=PBX-GUI, port=http, protocol=tcp]
# sendmail-whois[name=PBX-GUI, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath = /var/log/httpd/error_log
maxretry = 3
[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables[name=FTP, port=ftp, protocol=tcp]
# sendmail-whois[name=FTP, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath = /var/log/vsftpd.log
maxretry = 3
bantime = 600
[apache-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
# sendmail-whois[name=PBX GUI, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath = /var/log/httpd/*access_log
bantime = 600
maxretry = 1
EOF
cat << EOF >> /etc/fail2ban/filter.d/asterisk.conf
# Fail2Ban configuration file
#
# Asterisk Filter - /etc/fail2ban/filter.d/asterisk.conf
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf
[Definition]
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' (from <HOST>)
NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
EOF
service fail2ban restart
Troubleshooting
Asterisk Manager Interface
Verify that the username and password in /etc/asterisk/manager.conf and /etc/amportal.conf match.
http://www.freepbx.org/support/documentation/faq/changing-the-asterisk-manager-password
Pear DB
If you see an error during FreePBX installation like:
Checking for PEAR DB..FAILED
try:
pear install DB
then re-run:
./install_amp
Remote Extensions
If you enable remote access to your PBX, secure it!
NAT is a real hurdle for SIP. The best way to deal with NAT issues is to not use NAT if at all possible. NAT on both ends may not be worth attempting if using SIP, it's just not a NAT-friendly protocol like IAX.
IAX Protocol
Using phones with IAX protocol support is a good alternative if the PBX is behind NAT.
IAX protocol is pretty much Asterisk-specific.
If your PBX is behind NAT, forward the single UDP port 4569 from your NAT firewall in to the PBX.
SIP Protocol
http://www.freepbx.org/support/documentation/howtos/howto-setup-a-remote-sip-extension
If your PBX is behind NAT and you'd still like to try getting remote SIP extensions to work:
vim /etc/asterisk/sip_nat.conf localnet=192.168.1.0/255.255.255.0 #your local network externhost=your.fqdn.hostname #your resolvable host name fromdomain=your.fqdn.domain.name #your domain mane nat=yes qualify=yes externrefresh=10 canreinvite=no asterisk -rx reload #reload Asterisk configuration
PHP Memory Limit
This should be the default:
vim -c 457 /etc/php.ini
memory_limit = 128M
Re-Install Just FreePBX
amportal stop
rm -f /etc/asterisk/{sip_notify.conf,iax.conf,logger.conf,features.conf,sip.conf,extensions.conf,ccss.conf,chan_dahdi.conf}
/usr/sbin/safe_asterisk
cd /usr/src/freepbx-2.10.0
./install_amp
Visit the configuration page at: http://IP.of.PBX
Click “Apply Settings”
Reboot
First Steps
Add-On Modules
FreePBX offers numerous add-on modules.
- You probably don't want or need to install them all
- Simpler user interface
- Enhanced security
- If you are looking for a feature and don't find it
- FreePBX → Admin → Module Admin → Check Online
Commonly installed modules:
- Ring Groups
- IVR
- Backup and Restore
- Follow Me
- Asterisk Info
- Asterisk Logfiles
- Asterisk SIP Settings
- OSS Endpoint Manager
NAT
Install the Sip Settings FreePBX module, if it's not already installed, then:
Settings → Asterisk SIP Settings
Send E-Mail
If you have Postfix installed (default in CentOS 6), it's easy to use that:
See also Postfix Authenticated Smarthost
If you don't have an MTA installed, SSMTP is a simple alternative:
See also SSMTP
Phone Management
Install either the free OSS End Point Manager or the commercial (and more capable) End Point Manager FreePBX module.
Extensions
Add a regular SIP extension (phone):
Applications → Extensions → Add Extension → Generic SIP Device
Trunks
http://www.freepbx.org/support/documentation/howtos/howto-route-dial-patterns-and-trunk-dial-rules
http://www.inphonex.com/support/trixbox-configuration-v2.6.1.1.php
InPhonex
Trunk Description: InPhonex Outbound Caller ID: 5201231234
Dial Rules only modify dial strings. Use '+' to add or '|' to remove digits:
1520+NXXXXXX 1+NXXNXXXXXX
Trunk Name: inphonex-outbound Peer Details:
type=peer insecure=very host=sip.inphonex.com username=yourinphonexusername secret=yourinphonexpassword qualify=yes sendrpid=yes context=from-pstn fromuser=yourinphonexusername fromdomain=sip.inphonex.com canreinvite=no
User Context: inphonex-inbound
User Details:
type=friend context=from-pstn username=yourinphonexusername user=yourinphonexusername insecure=very host=sip.inphonex.com fromdomain=sip.inphonex.com
Registration String:
yourinphonexusername:yourinphonexpassword@sip.inphonex.com/yourinphonexusername
Vitelity
Trunk Description: Vitelity Outbound Caller ID: 5201231234
Dial Rules only modify dial strings. Use '+' to add or '|' to remove digits:
1520+NXXXXXX 1+NXXNXXXXXX
Trunk Name: vitelity-outbound Peer Details:
type=friend dtmfmode=auto host=outbound.vitelity.net username=yourvitelityusername fromuser=yourvitelityusername trustrpid=yes sendrpid=yes secret=yourvitelitypassword allow=all canreinvite=no
User Context: vitelity-inbound
User Details:
type=friend dtmfmode=auto host=inbound23.vitelity.net context=inbound username=yourvitelityusername secret=yourvitelitypassword allow=all insecure=very canreinvite=no
Registration String:
yourvitelityusername:yourvitelitypassword@inbound23.vitelity.net:5060
Outbound Routes
Route Name: Default Emergency: enabled Dial Patterns:
011. 1NXXNXXXXXX NXXNXXXXXX NXXXXXX
Pick a trunk or two.
Inbound Routes
Route Name: Default Set Destination:
