1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TIPS Viva WAZO: A New Beginning

Discussion in 'Developers' Corner' started by rjaiswal, Apr 23, 2016.

  1. wardmundy

    wardmundy
    Expand Collapse
    Nerd Uno

    Joined:
    Oct 12, 2007
    Messages:
    12,595
    Likes Received:
    1,870
    Thanks. Your setup is exactly the design setup we're shooting for with the new image installs. If you can't get this up and running with extensions, IVR, and a trunk to make and receive calls in under an hour, please let us hear about it. We've now included trunk setups for ten major providers so that's as easy as plugging in credentials. It's just a matter of routing the trunks in and out of your PBX, and everything should "just work."
     
    briankelly63 and MGD4me like this.
  2. wardmundy

    wardmundy
    Expand Collapse
    Nerd Uno

    Joined:
    Oct 12, 2007
    Messages:
    12,595
    Likes Received:
    1,870
    Incredible PBX for XiVO installer has been updated to provide image snapshot support. If you elect to install ALL of the Incredible PBX components, the image snapshot will be loaded. Otherwise, those that choose lesser install options can configure everything manually with no image snapshot. Tutorial will be available soon. WebRTC and simultaneous ring on your smartphone now are supported as well for extension 701.
     
  3. Oliver Gaskell

    Oliver Gaskell
    Expand Collapse
    New Member

    Joined:
    Oct 27, 2013
    Messages:
    17
    Likes Received:
    0
    Trying to set up incrediblepbx xivo - installed using vultr and the excellent nerd vittles tutorial - all seemingly ran fine and can ssh to console no problem but when trying to access web gui get a certficate not valid message and when overiding this get a 403 forbidden message from nginx - I have checked wards tutorials but cant see any missed steps - can anyone provide any answers/suggestions please.
     
  4. wardmundy

    wardmundy
    Expand Collapse
    Nerd Uno

    Joined:
    Oct 12, 2007
    Messages:
    12,595
    Likes Received:
    1,870
    There was a change in the web server setup between XiVO 16.12 and 16.13. It sounds like you ended up with half of each version. The easiest thing to do is to delete your existing Vultr setup and start over with a new build and a fresh download of today's new release of the Incredible PBX installer. Sorry.
     
  5. Oliver Gaskell

    Oliver Gaskell
    Expand Collapse
    New Member

    Joined:
    Oct 27, 2013
    Messages:
    17
    Likes Received:
    0
    Thanks Ward, up and running now just trying to figure out android client, csipsimple works perfect on office WiFi but not on 3/4g or home WiFi.
     
  6. wardmundy

    wardmundy
    Expand Collapse
    Nerd Uno

    Joined:
    Oct 12, 2007
    Messages:
    12,595
    Likes Received:
    1,870
    Incredible PBX for XiVO with Turnkey WebRTC

    [​IMG]

    New Incredible PBX for XiVO release today supports WebRTC out of the box.

    After installation completes, WebRTC is as easy as 1-2-3:

    1. Obtain IP Address of Your Server: pbxstatus

    2. Run /root/show-701-pw to decipher Password for User account 701

    3. Open latest Firefox or Chrome browser on your desktop and...
    [​IMG]

    Special thanks to @Sylvain Boily for another home run!!

    Bug Fix: This release also addresses a bug that caused Google Voice calls to fail on the last few releases. If you experience the problem, here's the patch:

    Code:
    sed -i 's|noload => chan_motif.so|;noload => chan_motif.so|' /etc/asterisk/modules.conf
    /etc/init.d/asterisk restart
     
    #346 wardmundy, Oct 25, 2016
    Last edited: Oct 25, 2016
  7. Sylvain Boily

    Sylvain Boily
    Expand Collapse
    Active Member

    Joined:
    Apr 30, 2016
    Messages:
    166
    Likes Received:
    87
  8. wardmundy

    wardmundy
    Expand Collapse
    Nerd Uno

    Joined:
    Oct 12, 2007
    Messages:
    12,595
    Likes Received:
    1,870
    I need a lesson. :idea:
     
  9. Sylvain Boily

    Sylvain Boily
    Expand Collapse
    Active Member

    Joined:
    Apr 30, 2016
    Messages:
    166
    Likes Received:
    87
    When you want :)
     
  10. wa4zlw

    wa4zlw
    Expand Collapse
    Member

    Joined:
    Feb 14, 2008
    Messages:
    789
    Likes Received:
    21
    why do you need to login to https://phone.xivo.io/?
    doesnt this run on the pbx itself or is there some backdoor thats unknown?
    or is this a totally separte thing that hooks into the pbx and if so can we run that on our own box?

    Thanks leon
     
  11. Sylvain Boily

    Sylvain Boily
    Expand Collapse
    Active Member

    Joined:
    Apr 30, 2016
    Messages:
    166
    Likes Received:
    87
    @wa4zlw yes it has a backdoor ;-)
    Only because it's a SaaS service and it permit to have a software up to date easily. It only use the xivo web service. To use it you need to have a xivo up to date.
     
    wardmundy likes this.
  12. wa4zlw

    wa4zlw
    Expand Collapse
    Member

    Joined:
    Feb 14, 2008
    Messages:
    789
    Likes Received:
    21
    ok but can we run the SaaS on our own box instead of on your box?

    THanks leon
     
  13. Sylvain Boily

    Sylvain Boily
    Expand Collapse
    Active Member

    Joined:
    Apr 30, 2016
    Messages:
    166
    Likes Received:
    87
    It's only html/js connected to xivo via rest api/websocket and asterisk webrtc. So you can run it where you want. Copy the code source and serve it by http server.
     
  14. wa4zlw

    wa4zlw
    Expand Collapse
    Member

    Joined:
    Feb 14, 2008
    Messages:
    789
    Likes Received:
    21
    thanks do you plan to package an installer for it? ALso what ports does it use so we can lock down the firewalls?

    THanks again leon
     
  15. wardmundy

    wardmundy
    Expand Collapse
    Nerd Uno

    Joined:
    Oct 12, 2007
    Messages:
    12,595
    Likes Received:
    1,870
    Once you open http/https access to your PBX, ALL BETS ARE OFF! That would be a security nightmare.
     
  16. Sylvain Boily

    Sylvain Boily
    Expand Collapse
    Active Member

    Joined:
    Apr 30, 2016
    Messages:
    166
    Likes Received:
    87
    @wa4zlw nope my priority is to offer an unique solution. No update for end user. You could use the wizard to know the port you need to open and check if it open. But, on xivo 16.13, we introduce an nginx configuration to use every API on xivo with only https, include webrtc. I haven't finished to use it for the moment. But in few weeks, only https is needed to work.
     
  17. wardmundy

    wardmundy
    Expand Collapse
    Nerd Uno

    Joined:
    Oct 12, 2007
    Messages:
    12,595
    Likes Received:
    1,870
    Implementing DISA with Incredible PBX for XiVO

    We finally have discovered some undocumented hidden nuggets in XiVO, the first of which is DISA support.

    In addition to the 2-step authentication DISA script included with Incredible PBX for XiVO, there are two native ways to implement DISA with XiVO using one-step PIN authentication: (1) set up a DID specifically for DISA or (2) add a DISA option in an IVR script. Here's how...

    (1) Setting Up a DID for DISA. Add an Incoming Call DID and make it look like the following using your own DID and PIN:

    [​IMG]

    (2) Adding a DISA option to the Demo IVR: /etc/asterisk/extensions_extra.d/ivr-1.conf*

    a. Replace the exten => 0,1(ivrsel-0) line with the following 3 lines specifying your desired DISA PIN in the first line:
    Code:
    exten => 0,1(ivrsel-0),Set(XIVO_FWD_ACTIONARG1=12345678)
    exten => 0,2,Set(XIVO_FWD_ACTIONARG2=custom-callboth)
    exten => 0,3,Goto(forward,application:disa,1)
    
    b. Reload the Asterisk dialplan: /etc/init.d/asterisk reload

    * NOTE: You must have AsteriDex installed as part of Incredible PBX for XiVO with the [custom-callboth] context included in asteridex.conf
     
    #357 wardmundy, Nov 1, 2016
    Last edited: Nov 1, 2016
    briankelly63 likes this.
  18. wardmundy

    wardmundy
    Expand Collapse
    Nerd Uno

    Joined:
    Oct 12, 2007
    Messages:
    12,595
    Likes Received:
    1,870
    Integrating Anveo Direct DIDs into Existing XiVO PBXs

    This week's Nerd Vittles article documents the ease with which you can add Anveo Direct DIDs to Nov. 9, 2016 or later installs of Incredible PBX for XiVO assuming you've activated all features to take advantage of the Incredible PBX XiVO Snapshot.

    If you have a XiVO PBX that was installed before November 9, 2016, there's a little more work to do to get the platform squared away to support Anveo Direct DIDs.

    From the Linux CLI using SSH/Putty, login as root and...

    1. Create a new Anveo context to process incoming calls:
    Code:
    echo ';# // BEGIN anveo-incall
    [anveo-incall]
    exten = _.,1,Ringing
    exten = _.,n,Goto(from-extern,${SIP_HEADER(X-anveo-e164)},1)
    ;# // END anveo-incall
    ' > /etc/asterisk/extensions_extra.d/anveo.conf
    chown asterisk:www-data /etc/asterisk/extensions_extra.d/anveo.conf
    chmod 660 /etc/asterisk/extensions_extra.d/anveo.conf
    
    2. Edit /etc/asterisk/extensions_extra.d/cid-superfecta.conf and replace the first two lines of [xivo-subrgbl-did] with:
    Code:
    exten = s,1,NoOp(### DID Incoming Call Subroutine ###)
    same = n,GotoIf($["${XIVO_SRCNUM:0:3}" != "001"]?leaveitalone)
    same = n,Set(XIVO_SRCNUM=${XIVO_SRCNUM:-10})
    same = n,Set(CALLERID(num)=${XIVO_SRCNUM})
    same = n(leaveitalone),NoOp(Calling FROM: ${XIVO_SRCNUM})
    
    3. Reload your Asterisk dialplan: asterisk -rx "dialplan reload"

    From the XiVO Web GUI, login with a browser with your root credentials and...

    1. In IPBX Configuration → Contexts, Add a new context anveo-incall.

    In the General tab, make it look like this:

    [​IMG]

    In the Incoming Calls tab, make it look like this and then click Save button.

    [​IMG]

    2. In Call Management → Incoming Calls, you now can add your 11-digit DIDs following the steps in the Nerd Vittles tutorial.

    Make adjustments above as necessary to support international calling.
     
    #358 wardmundy, Nov 10, 2016
    Last edited: Nov 10, 2016
  19. wardmundy

    wardmundy
    Expand Collapse
    Nerd Uno

    Joined:
    Oct 12, 2007
    Messages:
    12,595
    Likes Received:
    1,870
    Enabling Anonymous SIP Access and SIP URI Calling into Your XiVO PBX

    [​IMG]

    Photo credit: FingerMedium/GettyImages


    WARNING: This is very dangerous! Only implement this if there is no other way for folks to reach you by phone. Anonymous SIP URI access to your server means anyone with an Internet connection worldwide can not only call your server, but they also can attempt to register a SIP account to any SIP extension on your PBX and they also can attempt to place outbound calls through your PBX. The only thing standing in their way are your SIP account passwords! What follows is an approach to SIP URI access that minimizes (BUT DOES NOT ELIMINATE) the risk. The safest and recommended way to implement SIP URI access to your PBX does not expose your server to anonymous SIP access. It is documented in this Nerd Vittles tutorial. You've been warned!

    A word about the methodology that follows. To minimize the risk of compromising your server, use incredibly secure passwords for all of your user, line, and trunk accounts. Do this before proceeding. Also make certain that your server has a difficult-to-guess fully-qualified domain name (FQDN) as this will provide some security through obscurity. We will block outgoing SIP calls that attempt to use the actual IP address of your server, and we will block incoming SIP URI calls made to the IP address of your server. Use trunk providers on this PBX that have a very low account balance with NO recurring credit card refresh. Google Voice accounts with a zero balance are perfect. If someone does manage to make calls, it will not hurt your wallet. Do NOT use IAX trunks. This hasn't been tested or secured at all for use with IAX trunks. Add passwords to all Asterisk applications that matter, e.g. blacklisting callers, accessing AsteriDex to place calls, conference apps, IVRs, etc.

    What does SIP URI access provide to the caller? It means the caller that knows your FQDN can place calls to every extension on your PBX, to every incoming DID defined on your PBX, and to almost every Asterisk feature code enabled on your PBX. It also means any anonymous user with either your FQDN or IP address can attempt to register to any SIP account on your PBX. All they'll need is the account name and password. If a user successfully registers to your PBX using the IP address of your server (as opposed to your FQDN), we will block them from making outbound SIP calls. If any of this frightens you, turn back now!!

    1. Activate Accept Unauthenticated Calls (General tab) and set Context to In-Calls (Default tab) in IPX -> General Settings -> SIP Protocol.

    2. Add IP address protection and modify failure routine in xivo-subrgbl-did and xivo-subrgbl-outcall contexts:

    2.a. Edit /etc/asterisk/extensions_extra.d/cid-superfecta.conf and replace [xivo-subrgbl-did] context with the following:
    Code:
    [xivo-subrgbl-did]
    exten = s,1,NoOp(### DID Incoming Call Subroutine ###)
    same = n,GotoIf($["${XIVO_SRCNUM:0:3}" != "001"]?leaveitalone)
    same = n,Set(XIVO_SRCNUM=${XIVO_SRCNUM:-10})
    same = n,Set(CALLERID(num)=${XIVO_SRCNUM})
    same = n(leaveitalone),NoOp(Calling FROM: ${XIVO_SRCNUM})
    same = n,Noop(SIP TO: ${SIP_HEADER(TO)})
    same = n,Noop(SIP FROM: ${CUT(SIP_HEADER(FROM),>,1)}>)
    same = n,Set(NUMTEST=${SIP_HEADER(TO):-2:1})
    same = n,GotoIf(gv$["${NUMTEST}" = "gv"]?gv)
    same = n,GotoIf($["${NUMTEST}" < "A"]?byebye)
    same = n(gv),NoOp(Blacklist: ${DB(blacklist/${XIVO_SRCNUM})})
    same = n,NoOp(Whitelist: ${DB(whitelist/${XIVO_SRCNUM})})
    same = n,GotoIf($[${LEN(${DB(whitelist/${XIVO_SRCNUM})}))} > 1]?keepon)
    same = n,GotoIf($[${LEN(${DB(blacklist/${XIVO_SRCNUM})}))} > 1]?byebye)
    same = n(keepon),GoSub(cid-superfecta,s,1)
    same = n(return),Return()
    same = n(byebye),Answer
    ;same = n,Congestion
    same = n,Zapateller
    same = n,Zapateller
    same = n,Hangup
    same = n,Return()
    
    2.b. Edit /etc/asterisk/extensions_extra.d/out-calls.conf and replace [xivo-subrgbl-outcall] context with the following:
    Code:
    [xivo-subrgbl-outcall]
    exten = s,1,NoOp(### DID Outgoing Call Subroutine ###)
    same = n,NoOp(Calling FROM: ${XIVO_SRCNUM})
    same = n,NoOp(Calling TO: ${EXTEN})
    same = n,Noop(XIVO SRC NUMBER=${XIVO_SRCNUM})
    same = n,Noop(XIVO DST NUMBER=${XIVO_DSTNUM})
    same = n,Noop(XIVO DST ID=${XIVO_DSTID})
    same = n,Noop(XIVO USR ID=${XIVO_USRID})
    same = n,Noop(SIP TO: ${SIP_HEADER(TO)})
    same = n,Noop(SIP FROM: ${SIP_HEADER(FROM)})
    same = n,Set(NUMTEST=${SIP_HEADER(TO):-2:1})
    same = n,GotoIf(gv$["${NUMTEST}" = "gv"]?return)
    same = n,GotoIf($["${NUMTEST}" < "A"]?byebye)
    same = n(return),Return()
    same = n(byebye),Hangup
    same = n,Return()
    
    3. Secure Asterisk apps using Asterisk's Authenticate function. Insert the line below just after the Answer and Wait() lines in /etc/asterisk/extensions_extra.d/app-blacklist.conf contexts: [app-blacklist-add], [app-blacklist-remove], and [app-blacklist-last] using a very secure PIN to replace 90210:
    Code:
    exten => s,n,Authenticate(90210)
    4. Do the same for any contexts you wish to protect in /etc/asterisk/extensions_extra.d/xivo-extrafeatures.conf.

    5. Reload Asterisk dialplan: asterisk -rx "dialplan reload"

    6. By default, the SIP port (UDP 5060) is only accessible from whitelisted IP addresses. We're now going to open the IPtables floodgate for UDP 5060 so that anonymous SIP calls can reach your PBX. Edit /etc/iptables/rules.v4. Just above the COMMIT line at the end of the file, insert the following entry:
    Code:
    -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
    Save the file and then restart IPtables: iptables-restart

    7. Test, test, test. From an IP address not otherwise whitelisted on your PBX, place anonymous SIP calls to every extension on your PBX and to every DID listed in your Incoming Calls list. Use both the IP address of your PBX and also the FQDN associated with your PBX. Also place calls to all of the Nerd Vittles and XiVO apps that could do you harm, i.e. voice dialing, speed dialing, blacklist callers, etc. Complete list of potentially hazardous dial codes is at the end of this Nerd Vittles article.

    For the Geeks and Nerds: The methodology to weed out SIP URI calls made to an IP Address instead of an FQDN takes advantage of a careful parsing of the TO SIP Header. You will note that the next-to-the-last character in this SIP header will always be a letter for an FQDN and will always be a number for an IP address. Thus, we can test where the alphanumeric character fits in the ASCII sort order to determine whether the incoming call is being routed to an IP address or an FQDN. And, by the way, for incoming Google Voice calls, this result will always be NULL. :smartass:
     
    #359 wardmundy, Nov 11, 2016
    Last edited: Nov 12, 2016
    sirdotcom likes this.
  20. sirdotcom

    sirdotcom
    Expand Collapse
    Member

    Joined:
    Mar 20, 2010
    Messages:
    86
    Likes Received:
    8
    Hi,
    I've just set up an Anveo DID, although I used the script from yesterday so I didn't have to follow the above steps as it was automagically done already :)
    After adding my DID to the Incoming Calls area, when I call the number I get a context error in the CLI:
    Code:
     NOTICE[1442][C-00000006]: chan_sip.c:26279 handle_request_invite: Call from 'AnveoDirect' (50.22.101.14:5060) to extension '1702xxxxxxx' rejected because extension not found in context 'from-extern'.
    What am I missing here?
    Thanks,
    Steve
     

Share This Page