Get help with installing, upgrading and running a PBX such as Asterisk.
User avatar
By WelshPaul
#594
1.) Raspberry Pi 512 version, 8GB SD Card.
2.) UseWin32DiskImager to install the Raspbx image to an SD card.
3.) Username/Password for root login is root/raspberry (using Putty or WinScp etc)
4.) The Pi should receive an IP from your DHCP server.
5.) Using “raspi-config” from root, overclock the card to 1GHz, and extend rootfs partition.
6.) Set timezone, keyboard parameters etc.
7.) Set a Static IP for the Pi editing /etc/network/interfaces Change the line” iface et0 inet dhcp” to “iface et0 inet static” Set network address, netmask, gateway as required.
8.) /etc/resolv.conf contains DNS info 127.0.0.1 should be at the top the others are Google’s DNS.
9.) Shutdown the system “halt” and then start again.
10.) Update by entering “raspbx-update” from putty, type Y as required and have a cup of coffee.
11.) Log into freepbx GUI UN:PW – admin:admin
12.) Go to Settings, Asterisk SIP Settings
Set NAT to YES (if behind a home router with NAT)
Set IP Configuration to Public IP
13.) Set Up Email (pasted from raspbx site)

Email delivery from your RPi is needed if you plan to have voicemails sent to users by email. Email already works in the default configuration using Exim4 as MTA. By default, Exim is configured to directly send mails to the recipient MX hosts. This is however discouraged, as many email providers classify emails coming from dynamic IP addresses as spam. To avoid this, you need to set a smarthost. Unless you have an open SMTP server on your network that can be used as smarthost without authentication, you will need to specify SMTP authentication credentials as well. It is basically possible to use almost any publicly available freemailer as smarthost with the RPi. Have username and password as well as SMTP hostname (sometimes also referred to as outgoing mail server) of the email account you are going to use ready.

Run on the console:
dpkg-reconfigure exim4-config
On the first configuration page select “mail sent by smarthost; received via SMTP or fetchmail”. On the following pages just keep the default values by pressing enter, until you reach the page starting with “Please enter the IP address or the host name of a mail server…”. Here, enter the SMTP hostname of your email provider. Again, keep default values on the remaining pages.

Then, edit the file passwd.client by running:
nano /etc/exim4/passwd.client
Add your credentials at the bottom of this file in the following format:
SMTP_HOSTNAME:USERNAME:PASSWORD
In most cases, the SMTP hostname used in this file is identical to the hostname used as smarthost before. If email fails to work, specify the reverse lookup of your email provider’s SMTP host IP address here. For Google Mail, this is currently gmail-smtp-msa.l.google.com

Some email providers also require you to use sender addresses identical to one of the public email adresses of your account. In this case, edit:
nano /etc/email-addresses
On the bottom of this file add:
root: your_email@someisp.com
asterisk: your_email@someisp.com
This configures the sender address of all outgoing mail to your_email@someisp.com.

Finally, to activate your configuration run:
update-exim4.conf

You can test your email setup with this command:
send_test_email your_email@someisp.com
A test email should reach your inbox shortly.

14.) Security Stuff
Go to Settings, Asterisk SIP Settings again,
Set Allow SIP Guests to NO
Set Allow Anonymous Inbound SIP Calls to NO
Check /etc/asterisk/sip_general_additional.conf includes the line,
allwaysauthreject=yes

Change Passwords
Just use Alpha Numeric characters for passwords. Set strong passwords.
From putty type “passwd” and change default root password.
IN GUI go to Admin, Administrators and select the user and change password.
In Settings, Advanced Settings change Asterisk Manager Password
and on same page change User Portal Admin Password

Change SSH to a non-standard port
/etc/ssh/sshd.config
Find – Port 22 and change (e.g. 1234)
Add SSHPORT=1234 to /etc/amportal.conf
REBOOT

Make sure your firewall blocks all traffic to the IP of your Raspbx
Just set an outbound firewall rule for the Raspbx (assuming that the firewall will allow traffic IN from IPs that it has sent to)

Do Not Forward any ports to your PBX (let it hide behind NAT)

Using Putty, from Root, run “install-fail2ban”, enter your email when asked, and fail2ban will be all set up. (I think the default is 3 wrong attempts, blocks IP for half an hour – i think local IP is excluded, but wise to be careful)

To check fail2ban is running, you can enter “fail2ban-client status” in putty, and it will display the jails list – asterisk, and ssh.

15.) Go to Admin, Module Admin and update current modules.
Also while you’re there install the Time Conditions Module.

16.) Set up your Trunks etc. as required: NOTE – if you are having problems with no Audio on Calls, check your NAT Setting again (Settings, Asterisk SIP Settings), and change if required.

OK thanks, what VPN are you using ??

A good write up on SIP ALG: https://www.voicehost…

Thanks very much. Really appreciate it! :-D

Attached below is my latest OBIHAI UK configuratio…