TIPS Viva WAZO: A New Beginning

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,152
Reaction score
2,632
The preconfigured stuff will definitely help, but the complaint is valid.

As an Asterisk/FreePBX virgin, after more than a decade away from phone systems, I had a working FreePBX distro system with voip.ms (make/receive calls, a few of extension, a rudimentary IVR, etc) within a couple hours from booting the ISO. There was minimal head scratching and only provider FAQ based help on setting up trunks. I can't say the same for XiVO, even with the IPBX tutorials it is still a more difficult product to get going.
Thanks. Your setup is exactly the design setup we're shooting for with the new image installs. If you can't get this up and running with extensions, IVR, and a trunk to make and receive calls in under an hour, please let us hear about it. We've now included trunk setups for ten major providers so that's as easy as plugging in credentials. It's just a matter of routing the trunks in and out of your PBX, and everything should "just work."
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,152
Reaction score
2,632
Incredible PBX for XiVO installer has been updated to provide image snapshot support. If you elect to install ALL of the Incredible PBX components, the image snapshot will be loaded. Otherwise, those that choose lesser install options can configure everything manually with no image snapshot. Tutorial will be available soon. WebRTC and simultaneous ring on your smartphone now are supported as well for extension 701.
 

Oliver Gaskell

New Member
Joined
Oct 27, 2013
Messages
22
Reaction score
0
Trying to set up incrediblepbx xivo - installed using vultr and the excellent nerd vittles tutorial - all seemingly ran fine and can ssh to console no problem but when trying to access web gui get a certficate not valid message and when overiding this get a 403 forbidden message from nginx - I have checked wards tutorials but cant see any missed steps - can anyone provide any answers/suggestions please.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,152
Reaction score
2,632
Trying to set up incrediblepbx xivo - installed using vultr and the excellent nerd vittles tutorial - all seemingly ran fine and can ssh to console no problem but when trying to access web gui get a certficate not valid message and when overiding this get a 403 forbidden message from nginx - I have checked wards tutorials but cant see any missed steps - can anyone provide any answers/suggestions please.
There was a change in the web server setup between XiVO 16.12 and 16.13. It sounds like you ended up with half of each version. The easiest thing to do is to delete your existing Vultr setup and start over with a new build and a fresh download of today's new release of the Incredible PBX installer. Sorry.
 

Oliver Gaskell

New Member
Joined
Oct 27, 2013
Messages
22
Reaction score
0
There was a change in the web server setup between XiVO 16.12 and 16.13. It sounds like you ended up with half of each version. The easiest thing to do is to delete your existing Vultr setup and start over with a new build and a fresh download of today's new release of the Incredible PBX installer. Sorry.
Thanks Ward, up and running now just trying to figure out android client, csipsimple works perfect on office WiFi but not on 3/4g or home WiFi.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,152
Reaction score
2,632
Incredible PBX for XiVO with Turnkey WebRTC



New Incredible PBX for XiVO release today supports WebRTC out of the box.

After installation completes, WebRTC is as easy as 1-2-3:

1. Obtain IP Address of Your Server: pbxstatus

2. Run /root/show-701-pw to decipher Password for User account 701

3. Open latest Firefox or Chrome browser on your desktop and...


Special thanks to @Sylvain Boily for another home run!!

Bug Fix: This release also addresses a bug that caused Google Voice calls to fail on the last few releases. If you experience the problem, here's the patch:

Code:
sed -i 's|noload => chan_motif.so|;noload => chan_motif.so|' /etc/asterisk/modules.conf
/etc/init.d/asterisk restart
 
Last edited:

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
Location
Blandon, PA
why do you need to login to https://phone.xivo.io/?
doesnt this run on the pbx itself or is there some backdoor thats unknown?
or is this a totally separte thing that hooks into the pbx and if so can we run that on our own box?

Thanks leon
 

Sylvain Boily

Active Member
Joined
Apr 30, 2016
Messages
258
Reaction score
143
Location
Quebec
@wa4zlw yes it has a backdoor ;-)
Only because it's a SaaS service and it permit to have a software up to date easily. It only use the xivo web service. To use it you need to have a xivo up to date.
 
  • Like
Reactions: wardmundy

Sylvain Boily

Active Member
Joined
Apr 30, 2016
Messages
258
Reaction score
143
Location
Quebec
It's only html/js connected to xivo via rest api/websocket and asterisk webrtc. So you can run it where you want. Copy the code source and serve it by http server.
 

wa4zlw

Member
Joined
Feb 14, 2008
Messages
845
Reaction score
22
Location
Blandon, PA
thanks do you plan to package an installer for it? ALso what ports does it use so we can lock down the firewalls?

THanks again leon
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,152
Reaction score
2,632
Once you open http/https access to your PBX, ALL BETS ARE OFF! That would be a security nightmare.
 

Sylvain Boily

Active Member
Joined
Apr 30, 2016
Messages
258
Reaction score
143
Location
Quebec
@wa4zlw nope my priority is to offer an unique solution. No update for end user. You could use the wizard to know the port you need to open and check if it open. But, on xivo 16.13, we introduce an nginx configuration to use every API on xivo with only https, include webrtc. I haven't finished to use it for the moment. But in few weeks, only https is needed to work.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,152
Reaction score
2,632
Implementing DISA with Incredible PBX for XiVO

We finally have discovered some undocumented hidden nuggets in XiVO, the first of which is DISA support.

In addition to the 2-step authentication DISA script included with Incredible PBX for XiVO, there are two native ways to implement DISA with XiVO using one-step PIN authentication: (1) set up a DID specifically for DISA or (2) add a DISA option in an IVR script. Here's how...

(1) Setting Up a DID for DISA. Add an Incoming Call DID and make it look like the following using your own DID and PIN:



(2) Adding a DISA option to the Demo IVR: /etc/asterisk/extensions_extra.d/ivr-1.conf*

a. Replace the exten => 0,1(ivrsel-0) line with the following 3 lines specifying your desired DISA PIN in the first line:
Code:
exten => 0,1(ivrsel-0),Set(XIVO_FWD_ACTIONARG1=12345678)
exten => 0,2,Set(XIVO_FWD_ACTIONARG2=custom-callboth)
exten => 0,3,Goto(forward,application:disa,1)
b. Reload the Asterisk dialplan: /etc/init.d/asterisk reload

* NOTE: You must have AsteriDex installed as part of Incredible PBX for XiVO with the [custom-callboth] context included in asteridex.conf
 
Last edited:
  • Like
Reactions: briankelly63

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,152
Reaction score
2,632
Integrating Anveo Direct DIDs into Existing XiVO PBXs

This week's Nerd Vittles article documents the ease with which you can add Anveo Direct DIDs to Nov. 9, 2016 or later installs of Incredible PBX for XiVO assuming you've activated all features to take advantage of the Incredible PBX XiVO Snapshot.

If you have a XiVO PBX that was installed before November 9, 2016, there's a little more work to do to get the platform squared away to support Anveo Direct DIDs.

From the Linux CLI using SSH/Putty, login as root and...

1. Create a new Anveo context to process incoming calls:
Code:
echo ';# // BEGIN anveo-incall
[anveo-incall]
exten = _.,1,Ringing
exten = _.,n,Goto(from-extern,${SIP_HEADER(X-anveo-e164)},1)
;# // END anveo-incall
' > /etc/asterisk/extensions_extra.d/anveo.conf
chown asterisk:www-data /etc/asterisk/extensions_extra.d/anveo.conf
chmod 660 /etc/asterisk/extensions_extra.d/anveo.conf
2. Edit /etc/asterisk/extensions_extra.d/cid-superfecta.conf and replace the first two lines of [xivo-subrgbl-did] with:
Code:
exten = s,1,NoOp(### DID Incoming Call Subroutine ###)
same = n,GotoIf($["${XIVO_SRCNUM:0:3}" != "001"]?leaveitalone)
same = n,Set(XIVO_SRCNUM=${XIVO_SRCNUM:-10})
same = n,Set(CALLERID(num)=${XIVO_SRCNUM})
same = n(leaveitalone),NoOp(Calling FROM: ${XIVO_SRCNUM})
3. Reload your Asterisk dialplan: asterisk -rx "dialplan reload"

From the XiVO Web GUI, login with a browser with your root credentials and...

1. In IPBX Configuration → Contexts, Add a new context anveo-incall.

In the General tab, make it look like this:



In the Incoming Calls tab, make it look like this and then click Save button.



2. In Call Management → Incoming Calls, you now can add your 11-digit DIDs following the steps in the Nerd Vittles tutorial.

Make adjustments above as necessary to support international calling.
 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,152
Reaction score
2,632
Enabling Anonymous SIP Access and SIP URI Calling into Your XiVO PBX


Photo credit: FingerMedium/GettyImages


WARNING: This is very dangerous! Only implement this if there is no other way for folks to reach you by phone. Anonymous SIP URI access to your server means anyone with an Internet connection worldwide can not only call your server, but they also can attempt to register a SIP account to any SIP extension on your PBX and they also can attempt to place outbound calls through your PBX. The only thing standing in their way are your SIP account passwords! What follows is an approach to SIP URI access that minimizes (BUT DOES NOT ELIMINATE) the risk. The safest and recommended way to implement SIP URI access to your PBX does not expose your server to anonymous SIP access. It is documented in this Nerd Vittles tutorial. You've been warned!

A word about the methodology that follows. To minimize the risk of compromising your server, use incredibly secure passwords for all of your user, line, and trunk accounts. Do this before proceeding. Also make certain that your server has a difficult-to-guess fully-qualified domain name (FQDN) as this will provide some security through obscurity. We will block outgoing SIP calls that attempt to use the actual IP address of your server, and we will block incoming SIP URI calls made to the IP address of your server. Use trunk providers on this PBX that have a very low account balance with NO recurring credit card refresh. Google Voice accounts with a zero balance are perfect. If someone does manage to make calls, it will not hurt your wallet. Do NOT use IAX trunks. This hasn't been tested or secured at all for use with IAX trunks. Add passwords to all Asterisk applications that matter, e.g. blacklisting callers, accessing AsteriDex to place calls, conference apps, IVRs, etc.

What does SIP URI access provide to the caller? It means the caller that knows your FQDN can place calls to every extension on your PBX, to every incoming DID defined on your PBX, and to almost every Asterisk feature code enabled on your PBX. It also means any anonymous user with either your FQDN or IP address can attempt to register to any SIP account on your PBX. All they'll need is the account name and password. If a user successfully registers to your PBX using the IP address of your server (as opposed to your FQDN), we will block them from making outbound SIP calls. If any of this frightens you, turn back now!!

1. Activate Accept Unauthenticated Calls (General tab) and set Context to In-Calls (Default tab) in IPX -> General Settings -> SIP Protocol.

2. Add IP address protection and modify failure routine in xivo-subrgbl-did and xivo-subrgbl-outcall contexts:

2.a. Edit /etc/asterisk/extensions_extra.d/cid-superfecta.conf and replace [xivo-subrgbl-did] context with the following:
Code:
[xivo-subrgbl-did]
exten = s,1,NoOp(### DID Incoming Call Subroutine ###)
same = n,GotoIf($["${XIVO_SRCNUM:0:3}" != "001"]?leaveitalone)
same = n,Set(XIVO_SRCNUM=${XIVO_SRCNUM:-10})
same = n,Set(CALLERID(num)=${XIVO_SRCNUM})
same = n(leaveitalone),NoOp(Calling FROM: ${XIVO_SRCNUM})
same = n,Noop(SIP TO: ${SIP_HEADER(TO)})
same = n,Noop(SIP FROM: ${CUT(SIP_HEADER(FROM),>,1)}>)
same = n,Set(NUMTEST=${SIP_HEADER(TO):-2:1})
same = n,GotoIf(gv$["${NUMTEST}" = "gv"]?gv)
same = n,GotoIf($["${NUMTEST}" < "A"]?byebye)
same = n(gv),NoOp(Blacklist: ${DB(blacklist/${XIVO_SRCNUM})})
same = n,NoOp(Whitelist: ${DB(whitelist/${XIVO_SRCNUM})})
same = n,GotoIf($[${LEN(${DB(whitelist/${XIVO_SRCNUM})}))} > 1]?keepon)
same = n,GotoIf($[${LEN(${DB(blacklist/${XIVO_SRCNUM})}))} > 1]?byebye)
same = n(keepon),GoSub(cid-superfecta,s,1)
same = n(return),Return()
same = n(byebye),Answer
;same = n,Congestion
same = n,Zapateller
same = n,Zapateller
same = n,Hangup
same = n,Return()
2.b. Edit /etc/asterisk/extensions_extra.d/out-calls.conf and replace [xivo-subrgbl-outcall] context with the following:
Code:
[xivo-subrgbl-outcall]
exten = s,1,NoOp(### DID Outgoing Call Subroutine ###)
same = n,NoOp(Calling FROM: ${XIVO_SRCNUM})
same = n,NoOp(Calling TO: ${EXTEN})
same = n,Noop(XIVO SRC NUMBER=${XIVO_SRCNUM})
same = n,Noop(XIVO DST NUMBER=${XIVO_DSTNUM})
same = n,Noop(XIVO DST ID=${XIVO_DSTID})
same = n,Noop(XIVO USR ID=${XIVO_USRID})
same = n,Noop(SIP TO: ${SIP_HEADER(TO)})
same = n,Noop(SIP FROM: ${SIP_HEADER(FROM)})
same = n,Set(NUMTEST=${SIP_HEADER(TO):-2:1})
same = n,GotoIf(gv$["${NUMTEST}" = "gv"]?return)
same = n,GotoIf($["${NUMTEST}" < "A"]?byebye)
same = n(return),Return()
same = n(byebye),Hangup
same = n,Return()
3. Secure Asterisk apps using Asterisk's Authenticate function. Insert the line below just after the Answer and Wait() lines in /etc/asterisk/extensions_extra.d/app-blacklist.conf contexts: [app-blacklist-add], [app-blacklist-remove], and [app-blacklist-last] using a very secure PIN to replace 90210:
Code:
exten => s,n,Authenticate(90210)
4. Do the same for any contexts you wish to protect in /etc/asterisk/extensions_extra.d/xivo-extrafeatures.conf.

5. Reload Asterisk dialplan: asterisk -rx "dialplan reload"

6. By default, the SIP port (UDP 5060) is only accessible from whitelisted IP addresses. We're now going to open the IPtables floodgate for UDP 5060 so that anonymous SIP calls can reach your PBX. Edit /etc/iptables/rules.v4. Just above the COMMIT line at the end of the file, insert the following entry:
Code:
-A INPUT -p udp -m udp --dport 5060 -j ACCEPT
Save the file and then restart IPtables: iptables-restart

7. Test, test, test. From an IP address not otherwise whitelisted on your PBX, place anonymous SIP calls to every extension on your PBX and to every DID listed in your Incoming Calls list. Use both the IP address of your PBX and also the FQDN associated with your PBX. Also place calls to all of the Nerd Vittles and XiVO apps that could do you harm, i.e. voice dialing, speed dialing, blacklist callers, etc. Complete list of potentially hazardous dial codes is at the end of this Nerd Vittles article.

For the Geeks and Nerds: The methodology to weed out SIP URI calls made to an IP Address instead of an FQDN takes advantage of a careful parsing of the TO SIP Header. You will note that the next-to-the-last character in this SIP header will always be a letter for an FQDN and will always be a number for an IP address. Thus, we can test where the alphanumeric character fits in the ASCII sort order to determine whether the incoming call is being routed to an IP address or an FQDN. And, by the way, for incoming Google Voice calls, this result will always be NULL. :smartass:
 
Last edited:
  • Like
Reactions: sirdotcom

sirdotcom

Member
Joined
Mar 20, 2010
Messages
114
Reaction score
14
Location
Atlanta, GA
Hi,
I've just set up an Anveo DID, although I used the script from yesterday so I didn't have to follow the above steps as it was automagically done already :)
After adding my DID to the Incoming Calls area, when I call the number I get a context error in the CLI:
Code:
 NOTICE[1442][C-00000006]: chan_sip.c:26279 handle_request_invite: Call from 'AnveoDirect' (50.22.101.14:5060) to extension '1702xxxxxxx' rejected because extension not found in context 'from-extern'.
What am I missing here?
Thanks,
Steve
 

Members online

No members online now.

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,371
Messages
137,417
Members
14,576
Latest member
emmonks