Overview and Introduction
I’ve been dabbling with managing a VOIP server for the past year or so, using CentOS, Asterisk and FreePBX on a co-located server. Recently Dave and I needed to move to our own machine, and decided to use TEH CLOUD to reduce management and get a fresh start. There are hundreds of hosts out there offering virtual private servers (VPS’s). We’ve standardized on Linode for our small business for a few reasons. While I don’t want to sound like a complete advertisement, I’ve been incredibly impressed with them:
- Performance. The host systems at Linode run at least 4-way 2GHz Xeon dual-core CPUs (I’ve seen higher as well) and you’re guaranteed the RAM you pay for. Pricing is generally based on how much memory you need.
- Pricing. For a 512MB Linode, you pay $19.95 US per month. Slicehost (a part of Rackspace, and a Linode competitor) charges the same amount for a 256MB slice. Generally you want at least 512MB RAM for a Linux machine that’s not a test/development box.
- Features. If you have multiple VMs in the same datacenter, you can assign them private IPs and internal traffic doesn’t count toward your bandwidth allowance. Likewise, bandwidth is pooled among all your VMs; so buying two VMs with 200GB bandwidth each gives 400GB for all your systems.
With full root access and the Linux distribution of your choice, it’s very easy to set up and tear down VMs.
When people hear VOIP, they generally assume either a flaky enterprise system with echoing calls or something like Skype. Properly configured, a VOIP system offers a number of really interesting features:
- Low-cost long distance and international calling. The provider we use, voip.ms, offers outgoing calls for $0.0052 per minute to Canada and $0.0105/minute to the US on their value route.
- Cheap phone numbers – direct inward dialing – are available for $0.99 per month in your region. These phone numbers are virtual and can be configured to do nearly anything you want. Incoming calls are $0.01/minute, and calls between voip.ms numbers are free.
- Want to take advantage of cheap long distance from your cell phone? Set up a Direct Inward System Access path, which gives you a dial tone for making outgoing calls when you call a local number. Put your DID number on your My5 list, and you’re set to reduce bill overages.
- Voicemail becomes much more useful when the VOIP server sends you an email with a WAV attachment and caller ID information.
- Want to set up an interactive voice response menu, time conditions, blacklist telemarketers, manage group conferences or have witty hold music? All available with FreePBX and Asterisk.
Continue reading for server setup details and security best practices…
I opted to use Ubuntu 10.04 LTS on the server, since there are handy directions for configuring Asterisk and FreePBX. The guide is pretty handy, but some adjustments had to be made to the article for the latest versions of Ubuntu and Asterisk:
- When installing Asterisk, make sure to install the sox package for additional sound and recording support.
- Back up your /etc/asterisk/modules.conf file before installing FreePBX, and then restore it after the installation is complete. The FreePBX installation seems to clobber this file.
- Replace all instances of the asteriskcdr database with asteriskcdrdb for proper call reporting functionality. Likewise, you’ll have to recompile and install the asterisk-addons package as per Launchpad bug 560656:
cd /usr/src apt-get build-dep asterisk-mysql apt-get -b source asterisk-mysql dpkg -i asterisk-mysql*.deb
- Don’t use the amportal script for managing Asterisk/FreePBX; use
Let It Ring
There’s plenty of great FreePBX documentation available online – you shouldn’t have a problem getting up and running once the installation is finished. As always, you should follow best server security practices:
- Enforce username/password authentication with .htaccess and htpasswd and HTTPS for your management console, or only expose FreePBX administration over localhost/127.0.0.1 and tunnel in. There are plenty of articles on configuring OpenSSL and Apache2.
- Consider running SSH on an alternate port (not 22), and denying direct logins from the root user account. Enforce strong passwords and use tools such as fail2ban and DenyHosts to limit SSH attacks.
- Use a firewall. Ubuntu’s ufw is very simple to manage. For an Asterisk server, you’ll want to allow UDP ports 5060 and 10000-20000 (for voice traffic), or a range defined in
Feel free to post comments here on server setup or general VOIP questions, and I’ll do my best to help out!