PIAF 2.0.6.X.X FAQ Everything you need to know
Β
The following information is valid if your chooseΒ PBX in a Flash 2.0.6.X.X (build your own variance) package during your order. Β Please do not follow this information if you orderΒ PBX in a Flash 2.0.6.X.X(Purple with FreePBX 2.9 orΒ Brown with FreePBX 2.10.
1. During initial login to your ssh console, please run piafdl for PBX in a Flash 2.0.6.2.3 or earlier.Β Please run usr/local/sbin/isomenu for PBX in a Flash 2.0.6.2.4 or later. PBX in a Flash 2.0.6.2.4 or later include a capability to build additonal features such as independent Neorouter.Β For more information about them,Β please consult http://pbxinaflash.com/community/index.php.Β Specifically http://pbxinaflash.com/community/index.php?threads/new-isos-released.13465/
Β
- During this process, Β you will choose your FreePBX version (2.8,2.9,2.10) and Β PIAF color (Purple, RED, BROWN (PIAF 2.0.6.2.4 or later) and GREENΒ (PIAF 2.0.6.3.1 or later)). Β You may also choose specific minor version of the Asterisk as explained inΒ http://pbxinaflash.com/community/index.php?threads/pbx-in-a-flash-2-0-6-x-versions.11848/
- If you plan to run incrediblepbx 3 script, Β you need to choose FreePBX 2.9 and Purple as color. Β At this moment, Β Incredible 3 script does not support other combination.
- Prepare to set your own password for web logins
- Set your timezone
- Please make sure you have 30 to 60 min to spare for the whole process to complete
- With this process, Β we do not provision your Password to your Web GUI. Β Please make sure you save your password securely. Β Again, Β we do not have this information in case you have forgetten about it.
- At the end of piafdl process, the server will reboot itself. Β You should be able to access your webgui with the http://yourassignedip
Β
2. Note on firewall.
Β
- You have full accesss to your firewall setting. Β There are many way to set your firewall setting. Β One of them is through editing /etc/sysconfig/iptables. Β Another option is done through Webmin GUI.
- We do not close or open any port at network layer. Β Please take this into account when troubleshooting your PBX.
- Please note that PIAF 2.0.6.2 will configure your ssh access with default port ssh port 22.
- The initial Firewall Rule after the running piafdl allow you to access your WEB GUI. Β For your initial configuration process, this is the most convinient process. Β If you just learing PIAF, you can keep the rule at this point.
- Our recommendation is to eventually close all ports except for SIP (udp 5060), IAX (udp 4569), RTP (udp range 10000 to 20000) and ssh port 22. Β You can access your Web GUI through "SSH Tunnel". Β You also have the option to setup VPN and use it as your access to the the web GUI.
- Please keep in mind that our service is unmanaged PBX. Β If you need any tutorial on SSH Tunnel or VPN, it is beyond the scope of what our unmanaged PBX service can cover. Β You may use google to find further information or PIAF Forum for help.
Β
3. PIAF Incredible 3.0 and 4.0 notes
Β
- You will most likely unable to connect your SIP, IAX phone/Trunk at this point. Β Lets save you some time trouble shooting. Β You shoudld check a couple things.
- You must add your ip to the whitelist rule in your iptables. You can do this by editing /etc/firewall.whitelist. Add all IPs that you will be connecting to in this file. Β run the following command in your ssh console "service fail2ban stop && /usr/src/incredpbx3/firewall/firewall-whitelist.sh && service fail2ban start"
- (OPTIONAL)If your ISP provide you with dynamic ip, Β you have the following options
- Add block of ips with 127.0.0.0/8 syntax. Β This mean allow all 127.XXX.XXX.XXX ip. Β Find what your ISP block ip and enter it in /etc/firewall.whitelist.Β You need to follow up with running the following command in your ssh console "service fail2ban stop && /usr/src/incredpbx3/firewall/firewall-whitelist.sh && service fail2ban start"
- Setup something like Travelin Man. See concept here http://nerdvittles.com/?p=689 and newer version the following thread http://pbxinaflash.com/forum/showthread.php?t=12179
- One nice trick with dynamic dns http://pbxinaflash.com/forum/showthread.php?t=12091
- Incredible PBX will set permit field on your extension. Β This IP will not likely be your IP. Β You should either empty the permit field or set it to a proper value (your ip or block of ip). Β It is just our optinion that this is a redundant security measure. Β The whitelist has already provide similiar or perhaps the same type of protection.
- If you experience " FATAL] Unable to connect to Asterisk Manager from /var/lib/asterisk/bin/retrieve_conf, aborting" after running incredible script, please check in /etc/hosts that you haveΒ a line that say "127.0.0.1 Β localhost localhost.localdomain"
- If you try to connect to one of PIAF Incredible preset extensions and getting blocked by fail2ban, disable all your sip device and wait 15 to 30 min. Β The PBX will unblock your ip. Β You may want to check your asterisk log at /var/log/asterisk/log. Β If you fine messages like "Device does not match ACL". Β play around with type filed on your Extension setting. Β You may start with setting the type to peer.
Β
Β
Β