PIONEERS The New Kid: Introducing VitalPBX

nerdvittles

Moderator
Joined
May 9, 2017
Messages
115
Reaction score
16

If you liked Ombutel, you’re going to love VitalPBX. If you’ve never heard of Ombutel but you live and breathe Asterisk®, you’re still going to love VitalPBX. For everyone else, you’re going to love VitalPBX. In addition to an impressive collection of commercial modules, this month’s release of the VitalPBX 2.0 Unified Communications Platform provides the slickest user interface in the VoIP universe. It includes new support for PJsip, DPMA and Digium phones, XMPP chat, video conferencing, WebRTC, and our favorite, Custom Contexts. What began several years ago as a joint development project between Telesoft and Xorcom is now an independent venture of Telesoft. If you love Features, VitalPBX has no equal… Read More ›

Continue reading...
 
Last edited by a moderator:
  • Like
Reactions: markieb

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,134
Reaction score
2,628
Coming Attractions. We’ve set up a VitalPBX demo server with VMware ESXi running on our private LAN. Most of the Incredible PBX demo applications already are operational, and they all work without purchasing any add-ons from anybody including VitalPBX. You’re more than welcome to try them out by calling the IVR at 1-843-606-0555. Many of these apps make use of the IBM Cloud services for voice recognition and text-to-speech content rendering so you can preview what you’ll be getting in our next VitalPBX chapter.

  • 0. Chat with Operator — connects to extension 701
  • 1. AsteriDex Voice Dialer – say "Delta Airlines" or "American Airlines" to connect
  • 2. Conferencing – log in using 1234 as the conference PIN
  • 3. Wolfram Alpha Almanac – say "What planes are flying overhead"
  • 4. Lenny – The Telemarketer’s Worst Nightmare
  • 5. Today’s News Headlines — courtesy of Yahoo! News
  • 6. Weather by ZIP Code – enter any 5-digit ZIP code for today’s weather
  • 7. Today in History — courtesy of OnThisDay.com
  • 8. Chat with Nerd Uno — courtesy of SIP URI connection to 3CX iPhone Client
  • 9. US/CAN Voice Dialer — say any 10-digit number to be connected
  • *. Current Date and Time — courtesy of VitalPBX
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
633
Reaction score
71
Intriguing.....

Since it's Asterisk based it should place nice with 2 Interfaces. Might have to give this a shot!
 
  • Like
Reactions: wardmundy

ou812

Guru
Joined
Oct 18, 2007
Messages
462
Reaction score
70
I have 4 systems in production and they are Rock Solid, our office system is hosted at OVH and is also very stable and the builtin firewall does it's job well.

Gary
 
  • Like
Reactions: wardmundy

tbrummell

Guru
Joined
Jan 8, 2011
Messages
633
Reaction score
71
Attempted to deploy today on Vultr using the ISO, was never able to get the GUI, gave me an error and paying work beckoned so I had to get back to it. Destroyed the server and will attempt again another day.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,134
Reaction score
2,628
I had trouble on Vultr as well. Once I discovered you really needed a hardware-based firewall to secure the server, I moved it inside to VMware ESXi platform. Much safer actually.
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
633
Reaction score
71
Tried again this morning with a 1 Core, 1 Gig instance on Vultr. The GUI greets me with "Cannot Get /" via http or https. I guess a tut would be nice to see if I am missing a step along the way.
 

phonebuff

Guru
Joined
Feb 7, 2008
Messages
898
Reaction score
61
I had trouble on Vultr as well. Once I discovered you really needed a hardware-based firewall to secure the server, I moved it inside to VMware ESXi platform. Much safer actually.
Ward, So do the traveling man components not work here ? Was thinking I would try this on RentPBX but of course there is no separate firewall available so I use TM3 and only allow white listed connection.

TIA ..
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,134
Reaction score
2,628
Haven't gotten to the firewall issue. Still deciding whether to incorporate TM3 as is or rework it to work with firewalld.
 

ou812

Guru
Joined
Oct 18, 2007
Messages
462
Reaction score
70
I have had a Ombutel/Vitalpbx on OVH for about a year, I white listed my IPs and deleted appropriate rules in the built in firewall and have never had a problem, Ward could you say why this does not work.

Gary,
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
633
Reaction score
71
So I'm up and running on Vultr using their install script for VPS, with some modifications to remove the setenforce commands, it would bomb out at that part. So up and running now, with 1 phone. And yes, fail2Ban is very busy blocking bad guys. Would be nice to work in the IPTables options to drop scanners like we have in that other thread around here. Currently using the Asterisk Domain= directive to fail their attempts right away.
So far, I'm impressed, it's quite a polished product. Just need Ward's spin on it to lock it down better.

PS: Asterisk HTTP Dameon is open to the world, anyone know if this is required?

CORRECTION: Dameon is *not* added to the Rules list, it's just added as a Service. My bad.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,134
Reaction score
2,628
@tbrummell: Great news about Vultr. Spring break is just around the corner so it's probably going to be several weeks until we can tackle Travelin' Man 3 and firewalld for VitalPBX. I like your description of VitalPBX. Polished hits the nail on the head.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,134
Reaction score
2,628
Installing PortKnocker for VitalPBX

We will gradually be building the pieces to support a firewalld whitelist in lieu of wide open IPtables rules. We've decided to keep most of the VitalPBX firewalld setup because it is so slick.

As a first step, we have finished the PortKnocker build for firewalld which provides a backdoor for you to enable access from a remote IP address if you ever get locked out of your server. Test it to be sure it works before that fateful day.

At the moment, the WhiteList functionality is superfluous since the existing VitalPBX ruleset provides world access to SIP, PJSIP, IAX2, SSH, HTTP, and HTTPS. At the moment, the only thing standing between your phone bill and the Bad Guys is Fail2Ban unless you install VitalPBX behind a hardware-based firewall.

Step #2 is to get all of the TM3 whitelist scripts reworked to emulate add-ip, add-fqdn, and del-acct using firewalld.

Step #3 will be to remove those wide open firewall rules from Admin:Security:Firewall:RULES. But don't do it yet.

You still can install PortKnocker and experiment now. iptables -nL and /var/log/knockd.log both should show your whitelisted IP address from a successful PortKnock. Your PortKnocker credentials can be found in /root/knock.FAQ after the install finishes.

To install PortKnocker, issue the following commands after logging into your VitalPBX server as root:
Code:
cd /root
wget http://incrediblepbx.com/knock-vitalpbx.sh
chmod +x knock-vitalpbx.sh
./knock-vitalpbx.sh
As with other Incredible PBX TM3 implementations, IP addresses whitelisted using PortKnocker only last until the next reboot, or until you issue the command firewall-cmd --reload, or until you execute a firewall update from within the VitalPBX GUI.
 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,134
Reaction score
2,628
Installing VitalPBX Securely on Vultr and Digital Ocean (OpenVZ is NOT supported!!)

We have successfully tested the following installation procedure on both Vultr and Digital Ocean using $5/mo. VPS option:

1. Create at least a 1GB RAM VPS with 64-bit CentOS 7 OS
2. Change your root password: passwd
3. Issue the following commands while logged in as root:
Code:
cd /root
yum -y install wget nano tar
wget https://raw.githubusercontent.com/wardmundy/VPS/master/vps.sh
chmod +x vps.sh
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
./vps.sh
4. Reboot VPS when install completes.
5. Log into VitalPBX GUI with a browser and set your admin password for GUI access
6. WhiteList your client and server IP addresses as well as 127.0.0.1 in Admin:Security:Firewall:WhiteList
7. Enable Fail2Ban in Admin:Security:Intrusion Detection
8. WhiteList your client IP address(es) in Admin:Security:Intrusion Detection:Whitelist
9. Remove the following rules from Admin:Security:Firewall:Rules
Code:
SIP
HTTP
HTTPS
SSH
IAX2
PJSIP
10. Install PortKnocker from previous post.
11. WhiteList the IP addresses of any trunk providers to whom your server doesn't register. (see #6)
12. WhiteList the IP addresses of any remote extensions. (see #6)

Email Configuration. One of the other things you’ll want to get working is email delivery for Voicemails. The VitalPBX solution is the best in the business. It supports Gmail as a RelayHost out of the box. For residential users where your ISP blocks downstream SMTP mail servers, this is a godsend. Setup couldn’t be easier. Navigate to Admin:System Settings:Email Settings. For Server, click Use External Mail Server. For Provider, click Gmail and enter your full Gmail account name and password. Click Save and Reload your Dialplan. Then send yourself a test message by entering an email address and clicking the Envelope icon.
 
Last edited:
  • Like
Reactions: Jose Pinto

tbrummell

Guru
Joined
Jan 8, 2011
Messages
633
Reaction score
71
Found my first roadblock: Ring Groups doesn't allow for "Confirm Calls", actually, they have really dumbed down the Ring Groups from FreePBX. This is pretty much a deal breaker for me, we use the Ring Groups to external numbers extensively. And currently, I don't see a way to send the call to an external number in a ring group.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,134
Reaction score
2,628
Found my first roadblock: Ring Groups doesn't allow for "Confirm Calls", actually, they have really dumbed down the Ring Groups from FreePBX. This is pretty much a deal breaker for me, we use the Ring Groups to external numbers extensively. And currently, I don't see a way to send the call to an external number in a ring group.
I forwarded your comment up the chain. I'll let you know what I hear from them.

I did want to pass along a comment from several admins regarding Ring Groups. Unlike FreePBX and Issabel and Wazo, there doesn't seem to be any support for external numbers. I thought perhaps we could trick the system into doing it by adding a Call Forward Unconditional to an extension and then adding that extension to the Ring Group. However, that doesn't work as it should. The extension still rings when you dial the ring group number even though Call Forward Unconditional is activated. Can you think of a workaround that I've missed or could we add this to the Wish List for the next update?
 

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,364
Messages
137,343
Members
14,574
Latest member
ipv6freely