Category Archives: FreePBX

Using FreePBX instead of the FritzBox as your phone server

Most private landline phone users in Luxembourg use a FritzBox to connect their phones (often DECT phones) to the national telephone network, supposed they still have a landline phone in their home. Although that the FritzBox really does an excellent job at this and is very easy to use, I always felt that I wanted to have more control over my VoIP server. The path to go was for me to move over to locally hosted FreePBX server.

So I started installing FreePBX (16) in a virtual machine on my ProxMox server, providing it with decent resources (64 GB Disk, 4 GB RAM, 2 cores) and put it into the isolated Phone VLAN in my network, together with my VoIP phones (and my FritzBox phone server).

In order to get started with a single phone, you need to:

Caution

I was experimenting with FreePBX using a second VoIP number and in the same time keeping my other number online through the Fritzbox. This allowed me to do outbound calls on the FreePBX attached phone using the second number, but I was unable to receive inbound calls on that line. When calling inbound from the cellphone, the line appeared ringing, but no phone (extension) received the call. No entries were found in the FreePBX log file neither. So I assume that running the Fritzbox and the FreePBX system in parallel in a home network seems to lead to routing issues. The Fritzbox seemed to be the master receiver, as the other VoIP number still worked fine. This is all hypothetical, but in my case, things didn’t work. Shutting down the Fritzbox, and waiting for a few minutes, allowed the FreePBX system to receive the incoming calls too.

Configuring the firewall for FreePBX

Internal firewall

Go to the Connectivity menu, submenu Firewall. I guess you should run the Wizard to accomplish a basic configuration. Anyway, Make sure that the FreePBX main interface (eth0) is defined as Local(Local trusted traffic) under the Interfaces tab.

The networks tab should include all the devices that should be able to contact the FreePBX server:

  • all your VoIP phones
  • potential software phones
  • your main computer (to manage the FreePBX system).
  • Don’t forget to allow your external SIP server (uplink) to contact your FreePBX!

Network firewall

I needed to define a Port Forwarding rule in my router’s (Unifi Dream Machine Pro) firewall to allow the external SIP server (my uplink) to contact my internal FreePBX server. I specifically allow the external server’s IP to access the IP of my FreePBX on port 5060 on both (UDP, TCP) protocols.

It is also recommended to disable the Conntrack Modules in the router that handle SIP traffic (H.323 and SIP), although it might help if you are in a double-NAT network.

Define an inbound route in FreePBX

Go to the Connectivity menu, submenu Inbound Routes. Click the button: Add Inbound Route.

Add a route Description, a DID Number (important if you use several incoming phone numbers) and define Set Destination to an Extension or to a Ring Group (if you have defined one).

Example of an inbound route

Connect a Yealink T46S phone to FreePBX

Create the account / line

Open your VoIP phone’s configuration interface. Go to the Accounts tab. Select the next free account and enter the following information:

Line active (enabled), the Label, the Display Name, the Register Name, the Username and Password of your extension, the Server Host (IP address of your FreePBX server), Port 5060 and hit confirm.

If everything went well, the Register Status should be switching from Registering to Registered.

Yealink T46S

Don’t forget to define a Line Key in the Dsskey tab to make the line visible and usable on your phone. As a Type, use Line, leave the Value on Default, define the Label to show your phone number or whatever you want to see on your phone, and as Line use the account number of the line you created above, in my case: Line 3.

Permit access to Voicemail

To add a voicemail button to your phone, in the Dsskey tab, define a Line Key that has as Type: BLF, as value *97, label it Voice Mail and select your Line as the Line (again for me: Line 3). After hitting the Confirm button, a line key button shows up with a green light (or red, if you already have a message). Of course, this only works if your voicemail is activated for this extension in the FreePBX.

You can also add a button for the general voicemail of your FreePBX system. This mailbox is normally defined ass extension 6000. In this case, the value for the line key has to be *986000. *98 allows to call a voice mailbox of another user. *97 goes to the mailbox of the extension you are using.

Configuration of a general and personal voicemail number

Problem solving

If the phone does not register, make sure the entered configuration data is correct and that the firewalls (FreePBX & your router’s firewall, in case you are on a different LAN or VLAN) allow for the connection to happen.

If you want to see the communication between your phone and your FreePBX server, connect with SSH to the FreePBX box and run the following command:

sngrep

Define a SIP trunk in FreePBX

Go to the Connectivity menu, Trunks submenu. Click Add trunk. Add a SIP (chan_pjsip) Trunk.

Define a Trunk Name and an Outbound CallerID.

Define the Dialed Number Manipulation Rules which defines what numbers can be called. Be careful which number structures you allow, as some numbers might become very expensive.

In the pjsip Settings under General, fill out the Username, the Auth username, the Secret and the SIP Server. These information should have been given to you by your VoIP provider. The SIP Server port is mostly 5060. Authentication should be set to Outbound. If your external SIP server has a fixed IP or hostname (and you are on a public dynamic IP), then Registration should be set to Send.

SIP Trunk configuration

I also filled out the advanced tab information for Contact User, From Domain and From User. Not sure if this is absolutely necessary, but as iI was experimenting a lot to get things going, it is filled out in my case.

When you are done, hit Submit and Apply config.

Configure the SIP settings

Go to the Settings menu, Asterisk SIP settings submenu. Go to the General SIP Settings tab.

For maximum security, disallow Anonymous Inbound SIP calls & SIP Guests.

In the NAT settings, enter your static WAN IP or your dynamic DNS name.

Optional: In the Audio codecs, move the ulaw codec to the top of the list.

Now go to the SIP Settings [chan_pjsip] tab.

udp – 0.0.0.0. – All should be enabled.

0.0.0.0 (udp) Port to Listen On: 5060.

Submit and apply these changes. Restart the Asterisk service using the following command in the Admin menu, Asterisk CLI submenu:

core restart now

Configure email service for FreePBX

We will configure FreePBX to send emails through a Gmail SMTP relay. FreePBX will use Postfix of the underlying Redhat Linux system to achieve this.

Create a Google app password

Login to your google account with the email address you want to use for sending the notifications from your FreePBX system. On the Google account management page, click on Security, then on 2-Step-Verification. At the end of that page, create an App Password for your FreePBX system.

Create a password file in CLI

Create or edit the sasl_passwd file:

sudo nano /etc/postfix/sasl_passwd 

Add the following line to it:

[smtp.gmail.com]:587 my_email_address@gmail.com:My Google App Password

You do not need to worry about the spaces in the app password. Then hash map the password file:

sudo postmap /etc/postfix/sysl_passwd

After this command ran, you will see a sasl_passwd.db file in /etc/postfix. Permission son this file should be root:root.

Configure Postfix to use the Gmail relay host

Add the following lines to the Postfix main.cf file:

sudo nano /etc/postfix/main.cf
myhostname = freepbx.my.domain
relayhost = [smtp.gmail.com]:587

#Enable SASL authentication
smtp_sasl_auth_enable = yes

#Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt

# Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

Now restart your postfix service:

nano systemctl restart postfix

Test your Postfix installation

echo "This is a test email" | mail -s "Test mail" destination@email.address

Optional: force Postfix to rewrite your address

Sometimes messages are rejected if the from user and the sending user don’t match up. If this happens, you have to add the following lines to the generic configuration file:

sudo nano /etc/postfix/generix
root my.sending@email.address 
root@localhost my.sending@email.address 
root@localhost.localdomain my.sending@email.address 
root@freepbx my.sending@email.address 
root@freepbx.localdomain my.sending@email.address 
asterisk my.sending@email.address 
asterisk@localhost my.sending@email.address 
asterisk@localhost.localdomain my.sending@email.address 
asterisk@freepbx my.sending@email.address 
asterisk@freepbx.localdomain my.sending@email.address
vm@asterisk my.sending@email.address

Hash map the generic file:

postmap /etc/postfix/generic

You have to add the following line to thew main.cf file:

smtp_generic_maps = hash:/etc/postfix/generic

Don’t forget to restart the Postfix service.

Test your email from FreePBX

Go to the Admin menu, User Manager submenu, select the user you want to send an email to and hit the Send Email button.

Admin / User Manager

Don’t forget to associate an email address to the user.