FreePBX is an Asterisk management system with a web interface.

See also Other FreePBX pages in this wiki

The FreePBX administration console:

http://ip.of.your.pbx

If this is the first visit to the FreePBX web admin page, click “Apply Configuration Changes” and reboot the new PBX again.

Save each change and click Apply Configuration after done making changes.

FreePBX → Admin → Administrators → admin →

• Password → newfreepbxadminpassword

FreePBX → Settings → Advanced Settings → Asterisk Manager →

• Asterisk Manager Password → your-asterisk-manager-password

FreePBX → Settings → Advanced Settings → System Setup →

• User Portal Admin Username → newariadminusername
• User Portal Admin Password → newariadminpassword

FreePBX → Admin → Module Admin → Check Online → Upgrade All → Process

The following ports may need to be opened:

Firewall options:

system-config-firewall-tui

Arno's Firewall

See Fail2Ban.

For a base CentOS 6.2 box, after installing Fail2Ban via the EPEL repo, you can just copy and paste the following in one go to get a basic Fail2Ban installation set up for your PBX:

cat << EOF >> /etc/fail2ban/fail2ban.local
# Fail2Ban local configuration file
#
# This file overrides the fail2ban.conf file

[Definition]
logtarget = /var/log/fail2ban.log

EOF

cat << EOF >> /etc/fail2ban/jail.local
# Fail2Ban local configuration file
#
# This file overrides the jail.conf file

[DEFAULT]
ignoreip = 127.0.0.1 209.193.64.0/24 70.176.57.141
bantime  = 600
findtime  = 600
maxretry = 3
backend = auto


[asterisk-iptables]
enabled  = true
filter   = asterisk
action   = iptables-allports[name=SIP, protocol=all]
#           sendmail-whois[name=SIP, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath  = /var/log/asterisk/fail2ban
maxretry = 5
bantime = 600

[ssh-iptables]
enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
#           sendmail-whois[name=SSH, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath  = /var/log/secure
maxretry = 3

[apache-tcpwrapper]
enabled  = true
filter   = apache-auth
action   = iptables-allports[name=PBX-GUI, port=http, protocol=tcp]
#           sendmail-whois[name=PBX-GUI, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath  = /var/log/httpd/error_log
maxretry = 3

[vsftpd-iptables]
enabled  = true
filter   = vsftpd
action   = iptables[name=FTP, port=ftp, protocol=tcp]
#           sendmail-whois[name=FTP, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath  = /var/log/vsftpd.log
maxretry = 3
bantime  = 600

[apache-badbots]
enabled  = true
filter   = apache-badbots
action   = iptables-multiport[name=BadBots, port="http,https"]
#           sendmail-whois[name=PBX GUI, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath  = /var/log/httpd/*access_log
bantime  = 600
maxretry = 1

EOF

cat << EOF >> /etc/fail2ban/filter.d/asterisk.conf
# Fail2Ban configuration file
#
# Asterisk Filter - /etc/fail2ban/filter.d/asterisk.conf

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf

[Definition]

#_daemon = asterisk

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#

failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found
	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL
	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch
	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register
	    NOTICE.* <HOST> failed to authenticate as '.*'$
	    NOTICE.* .*: No registration for peer '.*' (from <HOST>)
	    NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
	    VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

EOF

service fail2ban restart

Verify that the username and password in /etc/asterisk/manager.conf and /etc/amportal.conf match.

http://www.freepbx.org/support/documentation/faq/changing-the-asterisk-manager-password

If you see an error during FreePBX installation like:

Checking for PEAR DB..FAILED

try:

pear install DB

then re-run:

./install_amp

If you enable remote access to your PBX, secure it!

NAT is a real hurdle for SIP. The best way to deal with NAT issues is to not use NAT if at all possible. NAT on both ends may not be worth attempting if using SIP, it's just not a NAT-friendly protocol like IAX.

Using phones with IAX protocol support is a good alternative if the PBX is behind NAT.

IAX protocol is pretty much Asterisk-specific.

If your PBX is behind NAT, forward the single UDP port 4569 from your NAT firewall in to the PBX.

http://www.freepbx.org/support/documentation/howtos/howto-setup-a-remote-sip-extension

If your PBX is behind NAT and you'd still like to try getting remote SIP extensions to work:

vim /etc/asterisk/sip_nat.conf

localnet=192.168.1.0/255.255.255.0      #your local network
externhost=your.fqdn.hostname           #your resolvable host name
fromdomain=your.fqdn.domain.name        #your domain mane
nat=yes
qualify=yes
externrefresh=10
canreinvite=no

asterisk -rx reload                     #reload Asterisk configuration

This should be the default:

vim -c 457 /etc/php.ini

memory_limit = 128M

amportal stop

rm -f /etc/asterisk/{sip_notify.conf,iax.conf,logger.conf,features.conf,sip.conf,extensions.conf,ccss.conf,chan_dahdi.conf}

/usr/sbin/safe_asterisk

cd /usr/src/freepbx-2.10.0
./install_amp

Visit the configuration page at: http://IP.of.PBX

Click “Apply Settings”

Reboot

http://www.freepbx.org/support/documentation/installation/first-steps-after-installation

FreePBX offers numerous add-on modules.

• You probably don't want or need to install them all
  • Simpler user interface
  • Enhanced security
• If you are looking for a feature and don't find it
  • FreePBX → Admin → Module Admin → Check Online

Commonly installed modules:

• Ring Groups
• IVR
• Backup and Restore
• Follow Me
• Asterisk Info
• Asterisk Logfiles
• Asterisk SIP Settings
• OSS Endpoint Manager

Install the Sip Settings FreePBX module, if it's not already installed, then:

Settings → Asterisk SIP Settings

If you have Postfix installed (default in CentOS 6), it's easy to use that:

See also Postfix Authenticated Smarthost

If you don't have an MTA installed, SSMTP is a simple alternative:

See also SSMTP

Install either the free OSS End Point Manager or the commercial (and more capable) End Point Manager FreePBX module.

http://www.the159.com/endpointman/tut.html

Add a regular SIP extension (phone):

Applications → Extensions → Add Extension → Generic SIP Device

http://www.freepbx.org/support/documentation/howtos/howto-route-dial-patterns-and-trunk-dial-rules

http://www.inphonex.com/support/trixbox-configuration-v2.6.1.1.php

Trunk Description: InPhonex Outbound Caller ID: 5201231234

Dial Rules only modify dial strings. Use '+' to add or '|' to remove digits:

1520+NXXXXXX 1+NXXNXXXXXX

Trunk Name: inphonex-outbound Peer Details:

type=peer insecure=very host=sip.inphonex.com username=yourinphonexusername secret=yourinphonexpassword qualify=yes sendrpid=yes context=from-pstn fromuser=yourinphonexusername fromdomain=sip.inphonex.com canreinvite=no

User Context: inphonex-inbound

User Details:

type=friend context=from-pstn username=yourinphonexusername user=yourinphonexusername insecure=very host=sip.inphonex.com fromdomain=sip.inphonex.com

Registration String:

yourinphonexusername:yourinphonexpassword@sip.inphonex.com/yourinphonexusername

Trunk Description: Vitelity Outbound Caller ID: 5201231234

Dial Rules only modify dial strings. Use '+' to add or '|' to remove digits:

1520+NXXXXXX 1+NXXNXXXXXX

Trunk Name: vitelity-outbound Peer Details:

type=friend dtmfmode=auto host=outbound.vitelity.net username=yourvitelityusername fromuser=yourvitelityusername trustrpid=yes sendrpid=yes secret=yourvitelitypassword allow=all canreinvite=no

User Context: vitelity-inbound

User Details:

type=friend dtmfmode=auto host=inbound23.vitelity.net context=inbound username=yourvitelityusername secret=yourvitelitypassword allow=all insecure=very canreinvite=no

Registration String:

yourvitelityusername:yourvitelitypassword@inbound23.vitelity.net:5060

Route Name: Default Emergency: enabled Dial Patterns:

011. 1NXXNXXXXXX NXXNXXXXXX NXXXXXX

Pick a trunk or two.

Inbound Routes

Route Name: Default Set Destination: