Editing Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software (section)

= FreePBX and UniTel SIP Trunking Setup =

<span id="introduction"></span>
== Introduction ==

Just like with self managed mail; this will be high maintenance, low reward, and is a very bad idea - like anything worth doing. This guide provides detailed instructions on setting up a '''FreePBX''' system with '''UniTel SIP Trunking'''.

<span id="why-customize-your-phone-system"></span>
== Why Customize Your Phone System? ==

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_7fc7682.png
</gallery>

<span id="callerid-hacks-to-make-calls-go-faster"></span>
=== CallerID hacks to make calls go faster ===

One of the fun things you can do with this setup is integrate it with your customer relationship management software like I did with repairshopr. So, instead of the usual caller ID, you can have the status of a customer’s ticket show up. Back when I was the only one doing repairs at my store, this was a lifesaver. Most calls were simple status checks, and I could handle them while soldering, thanks to a Bluetooth headset.

* '''Caller ID Customization''': Instead of just a name, I saw ticket status in the caller ID too!
* '''Efficiency''': I could handle calls without stopping my work!
* '''Customer Satisfaction''': Instant info made customers feel like you know them better than they know themselves.

<span id="automatically-send-mean-customers-to-an-extension-where-allison-smith-tells-them-to-go-fuck-themselves-d"></span>
=== Automatically send mean customers to an extension where Allison Smith tells them to go fuck themselves :D ===

Rossmann Repair has never made use of this feature.

<span id="make-telemarketers-miserable-by-installing-a-program-that-messes-with-them-lenny"></span>
=== Make telemarketers miserable by installing a program that messes with them: Lenny ===

The customization possibilities are endless, and that’s what makes this so much fun. Now, let’s get into how to build your own system.

<span id="step-1-preparing-a-freepbx-installation"></span>
== Step 1: Preparing a FreePBX installation ==

<span id="step-1-set-up-a-freepbx-virtual-machine"></span>
=== Step 1: Set up a FreePBX virtual machine ===

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_bfad3d9b.png
</gallery>

<span id="download-debian-12-iso"></span>
==== 1.1 Download Debian 12 ISO ====

You used to download FreePBX as its own distro, which was based on CentOS. They switched to Debian after some recent CentOS/Red Hat controversy.

<ol style="list-style-type: decimal;">
<li><p>Open a terminal window or use a web browser within your '''happycloud''' server that is running '''Virtual Machine Manager''' to host all of your virtual machines. In our case, that’s '''192.168.5.2'''.</p></li>
<li><p>'''Download and install''' [https://www.debian.org/CD/ ''Debian 12''] on the machine designated for FreePBX.</p>
<pre>wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.0.0-amd64-netinst.iso -P ~/Downloads</pre></li>
<li><p>Make sure the download completes successfully.</p></li></ol>

<span id="move-the-debian-iso-to-the-correct-directory"></span>
==== 1.2 Move the Debian ISO to the Correct Directory ====

<ol style="list-style-type: decimal;">
<li><p>Move the downloaded ISO to <code>/var/lib/libvirt/images</code>:</p>
<pre>sudo mv ~/Downloads/debian-12.0.0-amd64-netinst.iso /var/lib/libvirt/images/</pre></li>
<li><p>Set the correct permissions and ownership for the ISO:</p>
<pre>sudo chmod 644 /var/lib/libvirt/images/debian-12.0.0-amd64-netinst.iso
sudo chown libvirt-qemu:kvm /var/lib/libvirt/images/debian-12.0.0-amd64-netinst.iso</pre>
<p><gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_b51c10bd.png
</gallery></p></li></ol>

<span id="launch-virtual-machine-manager"></span>
==== 1.3: Launch Virtual Machine Manager ====

Open Virtual Machine Manager from the Openbox menu by right-clicking the desktop, going to system, and then running virtual machine manager. Or run:

<pre>virt-manager</pre>
<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_151745e3.png
</gallery>

<span id="create-a-new-virtual-machine"></span>
==== 1.4 Create a New Virtual Machine ====

# Click '''Create a new virtual machine'''.
# Select '''Local install media (ISO image or CDROM)''' and click '''Forward'''.
# Click '''Browse…''' and navigate to <code>/var/lib/libvirt/images/</code> to select <code>debian-12.0.0-amd64-netinst.iso</code>.
# Choose '''Detect automatically''' for the OS type or manually set it as '''Debian 12'''.
# Click '''Forward'''.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_4bc43bb4.png
File:lu67917r1ezu_tmp_ba3e10c4.png
</gallery>

<span id="configure-vm-resources"></span>
==== 1.5: Configure VM Resources ====

# '''Memory &amp; CPU:'''
#* Assign '''4096 MB''' of RAM (or more, but the idea of giving more than 4 gigs to a phone system hurts me).
#* Assign '''2 CPUs''' (adjust based on available resources).
# '''Storage:'''
#* Select '''Create a disk image for the virtual machine'''.
# Allocate at least '''20 GB''' for storage. Choose more if you expect larger usage.
# Click '''Forward'''.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_47157042.png
</gallery>

<span id="set-up-networking"></span>
==== 1.6 Set Up Networking ====

* Make sure the network selection is set to '''Bridge''' and matches your LAN network (e.g., <code>br0</code>). This will allow your VM to get a static IP from your existing network. Under '''Network''' settings, make sure it’s set to '''Bridge mode''' for proper network integration.

<span id="set-up-freepbx-to-start-on-boot"></span>
==== 1.7 Set up FreePBX to start on boot ====

<pre>virsh autostart freepbx</pre>
* Check that this is set up properly by typing <code>virsh dominfo freepbx</code> and seeing if the autostart line is set to enable.
* If you don’t do this, you will realize once it is too late and you’ve left your house after you have rebooted your server (for whatever reason) that your phone system is dead. Don’t do that.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_e22151da.png
File:lu67917r1ezu_tmp_299cdef5.png
File:lu67917r1ezu_tmp_331573f2.png
File:lu67917r1ezu_tmp_c164c52b.png
File:lu67917r1ezu_tmp_474da8d6.png
File:lu67917r1ezu_tmp_b401b780.png
File:lu67917r1ezu_tmp_27a9fd11.png
File:lu67917r1ezu_tmp_f48a1f82.png
File:lu67917r1ezu_tmp_f01c615f.png
File:lu67917r1ezu_tmp_daa809f6.png
File:lu67917r1ezu_tmp_3938eead.png
File:lu67917r1ezu_tmp_863c1219.png
File:lu67917r1ezu_tmp_989c8592.png
File:lu67917r1ezu_tmp_e4c7555a.png
File:lu67917r1ezu_tmp_12e25dc6.png
File:lu67917r1ezu_tmp_362ff89f.png
File:lu67917r1ezu_tmp_82b7c46.png
File:lu67917r1ezu_tmp_fb20c8a5.png
File:lu67917r1ezu_tmp_c84cc7cd.png
File:lu67917r1ezu_tmp_e0ce50d3.png
File:lu67917r1ezu_tmp_40edf977.png
File:lu67917r1ezu_tmp_53383ce3.png
File:lu67917r1ezu_tmp_e0e659a5.png
File:lu67917r1ezu_tmp_d7ccc18d.png
File:lu67917r1ezu_tmp_d5c2b085.png
</gallery>

<span id="debian-12-installation-setup"></span>
==== 1.8 Debian 12 Installation Setup ====

# Follow the Debian installer prompts:
#* '''Language''': Choose your preferred language.
#* '''Location''': Set your country.
#* '''Keyboard''': Select your preferred layout.
#* '''Hostname''': Set the hostname as <code>freepbx</code>.
# '''Domain Name''':
#* You can leave this blank.
# '''Set the Root Password''':
#* Choose a secure password and confirm it.
# '''Create a New User''':
#* Add a user. I added a user named <code>louis</code> for myself.
# '''Partitioning''':
#* Choose '''“Guided - use entire disk and set up LVM”'''.
#* DO NOT USE ENCRYPTION - REMEMBER, THE HOST SYSTEM THIS IMAGE IS ON IS ALREADY AN ENCRYPTED DISK!!
#* Select the disk and proceed.
#* Confirm changes to write the partitions.
#* The disk device will most likely be something like <code>/dev/vda</code>.

<span id="post-installation-configuration-test"></span>
==== 1.9 Post-Installation Configuration Test ====

After rebooting, log in as root or your user.

Make sure network connectivity works:

<pre>ping 8.8.8.8
hostnamectl</pre>
<span id="step-2-preparing-debian-12-for-freepbx-installation"></span>
=== Step 2: Preparing Debian 12 for FreePBX Installation ===

This guide provides instructions on performing basic maintenance on a fresh Debian 12 installation and then downloading and running the FreePBX installation script. Follow the steps carefully to ensure a smooth setup.

<span id="configure-network-settings"></span>
==== 2.1 Configure Network Settings ====

# Log in with your username and password on the virt-manager screen on your host computer (the one hosting all the virtual machines).
# Type <code>ip addr show</code> and find which interface shows your IP address.
#* Remember its name for later.
#* It should be something like <code>enp1s0</code>.
# Become root:

<pre>su</pre>
<ol start="4" style="list-style-type: decimal;">
<li><p>Make a network configuration file like this:</p>
<blockquote><p>Use the name of your network interface in place of <code>enp1s0</code>.</p></blockquote></li></ol>

<pre>nano -w /etc/systemd/network/enp1s0.network</pre>
<pre>[Match]
Name=enp1s0 #put name of your network interface in place of enp1s0

[Network]
Address=192.168.5.6/24
Gateway=192.168.5.1
DNS=192.168.5.1</pre>
<ol start="5" style="list-style-type: decimal;">
<li>Hit <code>ctrl-x</code>, then <code>y</code> to save.</li></ol>

<pre>systemctl restart systemd-networkd</pre>
<ol start="6" style="list-style-type: decimal;">
<li><p>Make sure your IP address has changed to a static IP by typing <code>ip addr show</code> and checking.</p>
<ul>
<li><p>'''Static IP''': Set the IP address to 192.168.5.6.</p></li>
<li><p>'''Gateway''': Use 192.168.5.1.</p></li>
<li><p>'''DNS Server''': Set to 192.168.5.1.</p></li></ul>
</li></ol>

<span id="do-basic-maintenance-on-debian-12"></span>
==== 2.2 Do Basic Maintenance on Debian 12 ====

<ul>
<li><p>'''Update Package Lists'''</p>
<ul>
<li><p>Refresh the package lists to make sure you get the latest versions</p></li>
<li><p>Upgrade packages</p></li>
<li><p>Remove junk, all with the following line:</p></li></ul>

<pre>sudo apt update ; sudo apt upgrade -y ; sudo apt autoremove -y</pre></li></ul>

<span id="download-run-freepbx-install-script"></span>
==== 2.3 Download &amp; run ''[https://github.com/FreePBX/sng_freepbx_debian_install FreePBX install script]'' ====

<ol style="list-style-type: decimal;">
<li><p><code>ssh</code> to the Debian system as <code>louis</code></p></li>
<li><p>Check ''[https://github.com/FreePBX/sng_freepbx_debian_install FreePBX page]'' for the latest script since the URL will change over time.</p></li>
<li><p>Download the file using <code>wget</code>:</p>
<pre>su
wget https://github.com/FreePBX/sng_freepbx_debian_install/raw/master/sng_freepbx_debian_install.sh -O /tmp/sng_freepbx_debian_install.sh</pre></li>
<li><p>Make the script executable</p></li></ol>

<pre>   su # become root user
   chmod +x /tmp/sng_freepbx_debian_install.sh</pre>
<ol start="5" style="list-style-type: decimal;">
<li><p>Run the FreePBX Installation Script</p>
<pre>bash /tmp/sng_freepbx_debian_install.sh</pre>
<ul>
<li>The script will handle the setup of Asterisk, Apache, MySQL, Postfix, etc., all necessary FreePBX modules.</li></ul>
</li></ol>

<span id="step-3-visit-freepbx-web-interface"></span>
=== Step 3: Visit FreePBX Web Interface ===

# '''Open a Web Browser'''
#* Use a browser on a device connected to the same network, or a device that is connected via OpenVPN. Remember, none of this is open to the public!
# '''Navigate to the FreePBX IP'''
#* Access FreePBX by entering the following URL: ''http://192.168.5.6/admin''
#* If you used a different IP configuration than I did, enter that IP.
# '''Answer prompts for user/password'''
#* Follow the setup wizard to configure your admin user, language settings, &amp; other preferences. But don’t get started messing around with anything serious just yet.

<span id="step-3-configuring-unitel-as-phone-service-provider"></span>
== Step 3: Configuring UniTel as Phone Service Provider ==

Now that we have a working FreePBX installation, we’re ready to set things up with an SIP trunk provider, aka ''“the phone company”''. I use UniTel for this at the UniTel Customer Portal at ''unitelcustomer.com''.

<span id="setting-up-sip-trunking"></span>
=== Setting up SIP trunking ===

A SIP trunk account is like your phone’s connection to the outside world. Think of it as paying for internet but for your phone calls. Without it, your PBX system is just an intercom for internal calls. You need a SIP trunk to make and receive calls from the outside world.

<span id="choosing-an-sip-trunk-provider"></span>
=== Choosing an SIP Trunk Provider ===

I recommend '''Unitel''' for SIP trunking. They’re solid, reliable, and unlike some other providers, they don’t just resell AWS in the cheapest way possible. I used to use VoicePulse, but they were terrible and went out of business a few years ago. They had no redundancy, so if some single AWS instance went down, you were out of luck.

<span id="john-grossbard-studio-landlord-seinfeld-character"></span>
=== John Grossbard: Studio Landlord &amp; Seinfeld Character ===

There was an episode of Seinfeld where he said ''“I GOT GROSSBAR’D!”'' Supposedly this was a reference to a minor argument between him and Larry David.

John Grossbard was the owner of Planet to Planet Studios when I rented a space from him for my screen wholesaling company in the basement of 251 W. 30th St in NYC, back when this was called the “Music Building,” before it was remodeled to appeal to hipster-0%-interest-rate-funded-fad-yuppie-startups.

I was here because I had no credit and he didn’t ask for a security deposit. When a friend of mine brought up an issue of bedbugs, he looked at us and said ''“If I made this place any nicer, you couldn’t afford it.”''

He wasn’t wrong. This stuck with me my entire adult life.

Unitel has two websites. One is their main website, and one is a website that looks like some 1997 Slashdot site. The website with the 1997 Slashdot look is what we want. It’s not too nice – that means we can ''“afford”'' it.

<span id="the-benefits-of-your-own-pbx-revisited"></span>
=== The Benefits of Your Own PBX; Revisited ===

In all seriousness, one of the benefits of hosting our own PBX is that we '''DON’T''' pay by the user. We '''DON’T''' pay by the feature. All we pay for is SIP trunking—any features &amp; functionality are added by '''US''', to '''OUR''' PBX, that we control.

We don’t need them to make it any nicer. If they did, you couldn’t afford it.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_df8469aa.png
File:lu67917r1ezu_tmp_a1bc014.png
File:lu67917r1ezu_tmp_ea4afdcf.png
File:lu67917r1ezu_tmp_9c0b5e5b.png
</gallery>

<blockquote>'''HINT:''' Avoid the fancy, infinite-scrolly websites like UnitelPhone.com. Instead, go for the classic UnitelCustomer.com. If it looks like it’s from 1997, you’re in the right place! It’s straightforward and gets the job done.
</blockquote>
Having your own PBX means no more paying per user. You pay based on trunk usage, not the number of users. Some providers nickel and dime you on the number of extensions you have, visual voicemail, call recording, etc. With SIP trunking, they have no idea what is going on, so they can’t bill you by-the-extension or by-the-feature. It’s like a VPN for your calls—they don’t know how many extensions you have or if you’re recording calls. All they know is the call came in or went out. No extra charges for features like visual voicemail, lenny, call recording, or the voice of Allison Smith telling callers to go fuck themselves; which is the reason I set this up to begin with 14 years ago. :D

<span id="register-for-a-unitel-account"></span>
==== 3.1 Register for a Unitel Account ====

* Open a web browser and navigate to: [https://signup.unitelgroup.com/sip-trunking-plans https://signup.unitelgroup.com/sip-trunking-plans]
* Create an account with the nice SIP trunking people

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_be593c35.png
File:lu67917r1ezu_tmp_3fa0de28.png
File:lu67917r1ezu_tmp_6a3ae870.png
</gallery>

<span id="set-up-an-endpoint-this-is-where-inbound-calls-get-sent-to"></span>

==== 3.2 Set Up an Endpoint (This is Where Inbound Calls Get Sent To) ====

Endpoints are where your call is sent when a call comes in on a number you have in Unitel. When you create a phone number in Unitel, it will ask where you want to send calls that come into that number. We’re going to set up the endpoint first so when we create a number, we’ll already have an endpoint to send it to.

'''Navigate to the “Endpoints” Section'''

# From the main dashboard, go to '''“Settings”'''.
# Click on '''“Endpoints”'''.
# '''Create a New Endpoint'''
# Click on '''“Add Endpoint”'''.
#* Fill in the following details:
#** '''Endpoint Description''': Enter a name that describes the endpoint (e.g., closet pbx).
#** '''Endpoint Destination''': Insert the dynamic DNS entry (e.g.<code>louishomeserver.chickenkiller.com</code>) that you set up back in the FreeDNS Dynamic DNS section of this guide. This should resolve to your PBX’s external IP address. When a call comes in on a specific number, it is going to send the call to your PBX at this IP.
# Click '''“Add Endpoint”''' to complete the setup.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_8b8d5b23.png
File:lu67917r1ezu_tmp_70f53605.png
File:lu67917r1ezu_tmp_70f56fbb.png
File:lu67917r1ezu_tmp_ae6d3290.png
File:lu67917r1ezu_tmp_16e56098.png
</gallery>

<span id="get-configure-phone-numbers"></span>
==== 3.3 Get &amp; Configure Phone Numbers ====

# '''Navigate to the “Numbers” Section'''
#* From the main dashboard, after clicking on '''“Numbers”''', click on '''“Add Number”'''.
#* Buy a number.
# '''Assign the Purchased Number to the Endpoint'''
#* After purchasing, go to '''“Manage Numbers”'''.
#* Find the purchased number and click the dropdown under '''“Actions”''' and click '''“Number Mode”'''.
#* Select '''“Forward to Endpoint”''': Select the endpoint you created earlier (e.g., closet pbx).
#* Click '''Update'''.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_351530c2.png
File:lu67917r1ezu_tmp_5d30f03a.png
File:lu67917r1ezu_tmp_5eb714e2.png
</gallery>

<span id="add-a-trunk-in-unitel"></span>
==== 3.4 Add a Trunk in Unitel ====

'''Purpose of an SIP trunk:'''

An SIP trunk is what attaches you to the world, similar to how your cable modem &amp; spectrum or verizon connects you to the rest of the internet. A '''trunk''' is a connection between your phone system (PBX) and the external phone network. It allows your system to make and receive calls to/from the outside world. Setting up a trunk in Unitel is necessary.

The purpose of the trunk is to provide a pathway for your PBX to route calls to and from the public telephone network. Without a properly configured trunk, your system won’t be able to communicate with external phone numbers. Which is what I have been doing for three weeks while writing this guide.

# '''Log in to the Unitel Admin Interface'''
#* Open your web browser and go to the Unitel admin interface.
#* Log in using your credentials.
# '''Step 2: Add a New Trunk'''
#* Navigate to Manage SIP Trunks.
#* Click on Add Trunk.
# '''Step 3: Configure Trunk Details'''
#* Trunk Description: Enter a descriptive name for your trunk (e.g., Main Trunk).
#* Trunk Type: Select '''General use/Conversational'''.
# Click Add Trunk to save the new trunk.
# Click Apply Config to activate the trunk.
# '''NOTE YOUR CREDENTIALS!'''
#* During the trunk setup, you will be provided with a username and password. Be sure to note your username &amp; password in a password manager of some sort as it will be needed later when configuring the trunk in your PBX system.

<span id="step-4-setting-up-freepbx-with-unitel-phone-service"></span>
== Step 4: Setting up FreePBX with Unitel phone service ==

Now that your phone service provider is set up, we can configure <code>freepbx</code> to connect to it &amp; receive &amp; send phone calls. We’ll be using UniTel credentials to sign into our trunk.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_2708b4e9.png
File:lu67917r1ezu_tmp_dcdd2d35.png
File:lu67917r1ezu_tmp_dcb5bd91.png
File:lu67917r1ezu_tmp_cfef6f4a.png
File:lu67917r1ezu_tmp_d36e7da6.png
File:lu67917r1ezu_tmp_2df4038d.png
File:lu67917r1ezu_tmp_88afd9c8.png
File:lu67917r1ezu_tmp_f1c06a36.png
File:lu67917r1ezu_tmp_7fdbd089.png
File:lu67917r1ezu_tmp_9a45904f.png
File:lu67917r1ezu_tmp_bfc2022b.png
</gallery> Get into FreePBX interface:

<ul>
<li><p>Open a web browser and navigate to:</p>
<p><code>http://freepbx.home.arpa/</code> or <code>http://192.168.5.5/</code></p></li>
<li><p>Log in</p></li></ul>

<span id="add-a-new-sip-trunk"></span>
==== 4.1 Add a New SIP Trunk ====

# '''Navigate to the Trunk Configuration'''
# Go to '''Connectivity''' &gt; '''Trunks'''.
# Click '''Add Trunk''' and choose '''Add SIP (chan_pjsip) Trunk'''.
# '''Configure the General Settings'''
#* '''Trunk Name''': Enter a happy name, like UniTel_SIP.
#* '''Hide CallerID''': Set to No.
#* '''Outbound CallerID''': Enter your UniTel DID (your phone number) in e.164 format (e.g., 13475522258 for rossmann repair group).
#* '''CID Options''': Choose Allow Any CID.
#* '''Dial Number Manipulation Rules'''
#* '''Outbound Dial Prefix''': Make sure all outgoing calls use the 11-digit e.164 format (e.g., 1NXXNXXXXXX).
#* Add a rule if needed to prepend 1 for local or long-distance numbers:
#** Match Pattern: NXXNXXXXXX
#** Prepend: 1

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_8b0dd42e.png
File:lu67917r1ezu_tmp_dcdd4148.png
File:lu67917r1ezu_tmp_f5e688e2.png
File:lu67917r1ezu_tmp_cb4b6061.png
File:lu67917r1ezu_tmp_46f1721e.png
File:lu67917r1ezu_tmp_c63f74a0.png
File:lu67917r1ezu_tmp_77abb232.png
</gallery>

<span id="pjsip-settings-configuration-in-trunk-configuration"></span>
==== 4.2 PJSIP Settings Configuration in trunk configuration ====

# '''Go to the “PJSIP Settings” Tab'''
#* '''Username''': Enter the SIP username provided by UniTel.
#* '''Secret''': Enter the SIP password from UniTel.
#* '''SIP Server (SIP Host)''': Set to <code>sip.unitelgroup.com</code>, '''this may change over time. Make sure you check Unitel’s instructions that they offer on unitelcustomer.com after you log in.''' They’re nice people &amp; provide all this for you in plain English.
#* '''Authentication''': Set to Outbound, should be checked by default.
#* '''Registration''': Choose Send, should be checked by default.
# '''Advanced Options'''
#* '''From Domain''': Enter <code>sip.unitelgroup.com</code>.
#* '''Context''': Use <code>from-pstn-toheader</code> (This allows FreePBX to correctly handle incoming SIP headers from UniTel). This should be set by default.
# Go to '''“Codecs” tab'''
#* Check the [https://www.unitelcustomer.com/sip-getting-started-guide codecs that Unitel allows]. <gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_e238d46d.png
</gallery>
#** G723
#** G729
#** G711
#*** G711 is actually '''ulaw''' and '''alaw''' in the list.
#* This may change over time, check [https://www.unitelcustomer.com/sip-getting-started-guide Unitel’s page] for details.
#* Unitel are nice people &amp; want you to be successful in setting up your PBX. They provide you with all of this information.
# '''Submit and Apply'''
#* Click '''Submit'''.
#* Click '''Apply Config''' on the top-right to save changes and reload the configuration.

<span id="step-5-internal-call-handling-and-call-routing-setup"></span>
== Step 5: Internal Call Handling and Call Routing Setup ==

Now we start the process of setting up internal call handling by creating extensions and ring groups, as well as defining call routing to manage inbound and outbound calls using the UniTel SIP trunk in FreePBX 17. Having a trunk is useless if we don’t have any phones set up.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_ce66bf80.png
File:lu67917r1ezu_tmp_9780cee6.png
File:lu67917r1ezu_tmp_de1c9c6c.png
File:lu67917r1ezu_tmp_cbd71b4b.png
File:lu67917r1ezu_tmp_ece5f184.png
File:lu67917r1ezu_tmp_ba101465.png
</gallery> <gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_20ad80b1.png
</gallery> 5.1 Create an Extension

Extensions are individual phones. Alice has an extension for a phone on her desk, Mark has an extension for a phone on his desk, and so on and so forth. Each extension has a number for internal calls. Your desk phone could be 101 - this means people inside FreePBX connected directly to your PBX can call 101. This needs to be done first.

* '''Log in to the FreePBX Admin Interface'''
* '''Navigate to Extensions'''
** Go to '''Connectivity''' &gt; '''Extensions'''.
** Click '''Add Extension'''.
** Choose '''Add SIP (chan_pjsip) Extension'''.
* '''Configure the Extension'''
** '''User Extension''': Enter a unique extension number (e.g., 101).
** '''Display Name''': Enter the name for this extension (e.g., Office Phone).
** '''Secret''': Enter a strong password for the extension or let FreePBX generate one automatically. It’s a good idea to add this to your password manager like Bitwarden so you have it later. Don’t put this on a post-it note.
* '''Voicemail''': Enable if you want voicemail for this extension.
** Set email address to the email you want voicemail sent to.
** Set Voicemail password to the password you want to have to dial to access voicemail (we will never use this archaic method, we will get voicemails emailed to us).
* In '''Advanced''' you can set up call recording.
* '''Submit and Apply Changes'''

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_e706e9c9.png
File:lu67917r1ezu_tmp_82fe25e7.png
File:lu67917r1ezu_tmp_a8632a6a.png
</gallery> 5.2 Configure Ring Groups

When someone calls 3475522258 for my business, I don’t want one phone to ring. I want all of them to ring. This is what ring groups are for. We create one number that rings a bunch of different phones.

# Go to '''Applications''' &gt; '''Ring Groups'''.
# Click '''“Add Ring Group”'''.
#* '''Ring Group Number''': Enter a unique number for the ring group (e.g., 600).
#* '''Group Description''': Enter a name for this ring group (e.g., Office Ring Group).
#* '''Ring Strategy''': Choose how calls should be distributed (e.g., Ringall to ring all devices simultaneously). '''Ringall is what you want 99% of the time. Use ringall if you are confused.'''
#* '''Extension List''': Add the extensions you want to include in this ring group (e.g., 101). Everyone here will have their phone ring when this ring group is called. In an office with one phone number, you would want to put every extension here of the people you want to pick up the phone when a customer calls.
# Customize settings like '''Ring Time''', '''Destination if No Answer''', and '''Call Recording'''. I usually set this to the voicemail of a particular extension.
# Click '''“Submit”'''.
# Click '''“Apply Config”''' to activate the ring group.
# '''REMEMBER, YOU NEED TO SET A DESTINATION IF NO ANSWER SO THAT PEOPLE CAN LEAVE VOICEMAILS.'''
#* Mitt Romney famously said ''[https://www.youtube.com/watch?v=KlPQkd_AA6c&t=4s “ring groups are people, my friend.”]''
#* They are not! ''People have voicemails – ring groups do not.''

<span id="step-6-define-call-routing"></span>
== Step 6: Define Call Routing ==

Inbound routes define what we do when someone calls a particular phone number.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_c7b43510.png
File:lu67917r1ezu_tmp_97e7fd79.png
File:lu67917r1ezu_tmp_df1b9161.png
</gallery>

<span id="set-up-call-flow-control"></span>
==== 6.1 Set Up Call Flow Control ====

Call flow control allows you to change where calls go by dialing a number on your phone.

For instance, let’s say your business hours are 11 AM to 7 PM. You can set it up so that when you close, you dial <code>*2886</code> on your phone to send the calls directly to voicemail. Then, when you open the next day, you dial <code>*2886</code> again and your calls switch back to going to all of your business phones rather than go to voicemail.

I like this more than I like call scheduling because I set it manually. If I come to work early, I may want to answer the phone early. If I stay late, I may want to answer the phone late.

Rather than set up my phone number to go straight to my ring group, I set it up to go to call flow control. Then, I set up call flow control to go to my ring group, and my ring group to go to my extensions.

# '''Navigate to Inbound Routes'''
# Go to '''“Applications”''' &gt; '''“Call Flow Control”'''.
# Click '''“+ Add”'''.
# '''Configure the Call Flow Control'''
#* '''Call Flow Toggle Feature Code Index''': This just means what number you enter into your phone to change it. Whatever you add here will be ''in front'' of a 28. So, if you enter 86, that means dialing <code>*2886</code> on your phone will toggle where your calls go.
#** On older phones like the Cisco SPA525G, this doesn’t work since they seem to only support ''two digits'' in front of a <code>*</code> rather than four. :(
#* '''Description''': Describe what the point of this is so you know for later.
#* '''Current Mode''': This sets how calls are going when you initially finish setting this up.
#* '''Normal Flow''': This sets where calls go before you toggle call flow control. Put the default here. For me, that’s ringing all of my office phones at the '''Ring Group''' I set up earlier. Enter '''Ring Groups''' and then put the '''Ring Group''' you created here.
#* '''Override Flow''': This is where calls will go when you dial <code>*2886</code> and toggle this feature on. Set this to '''Voicemail''' and then the voicemail of the extension we created.
#* '''CallerID Number''': Same as the DID number.
#* '''Description''': Provide a description for this route (e.g., Rossmann repair business number).
#* '''Set Destination''': Choose '''“Ring Groups”''' and select the ring group number you created earlier (e.g., 600 - Office Ring Group).
# '''Submit and Apply Changes'''

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_2d63ee.png
File:lu67917r1ezu_tmp_2457af08.png
File:lu67917r1ezu_tmp_cd27e90.png
</gallery>

<span id="set-up-an-inbound-route"></span>
==== 6.2 Set Up an Inbound Route ====

# '''Navigate to Inbound Routes'''
# Go to '''“Connectivity”''' &gt; '''“Inbound Routes”'''.
# Click '''“+ Add Inbound Route”'''.
# '''Configure the Inbound Route'''
#* '''DID Number''': Enter your UniTel DID in e.164 format (e.g., 13475522258). ''Put a 1 in front of your number in the US!''
#* '''CallerID Number''': Same as the DID number.
#* '''Description''': Provide a description for this route (e.g., rossmann repair business number).
#* '''Set Destination''': Choose '''“Ring Groups”''' and select the ring group number you created earlier (e.g., 600 - Office Ring Group).
# '''Submit and Apply Changes'''

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_1602ae25.png
File:lu67917r1ezu_tmp_69cfd1f3.png
File:lu67917r1ezu_tmp_5fce659.png
</gallery>

<span id="set-up-callerid"></span>
==== 6.3 Set Up CallerID ====

# '''Navigate to CID Superfecta'''
#* Go to '''“Admin”''' &gt; '''“CID Superfecta”'''.
#* Click '''Yes''' on the callerID sources you think would be useful.
# '''Navigate to Inbound Routes'''
#* Go to '''Connectivity''' &gt; '''Inbound Routes'''.
#* Go to the '''Other''' tab.
#* Choose '''CID Lookup Source''' as '''CID Superfecta'''.
# '''Submit and Apply Changes'''

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_e50a92c9.png
File:lu67917r1ezu_tmp_94ce168a.png
File:lu67917r1ezu_tmp_3871242b.png
File:lu67917r1ezu_tmp_a057d15a.png
File:lu67917r1ezu_tmp_704ad695.png
File:lu67917r1ezu_tmp_65faf5c2.png
File:lu67917r1ezu_tmp_755f860.png
</gallery>

<span id="configure-outbound-route-for-making-calls"></span>
==== 6.4 Configure Outbound Route for Making Calls ====

# '''Navigate to Outbound Routes'''
#* Go to '''Connectivity''' &gt; '''Outbound Routes'''.
#* Click '''+ Add Outbound Route'''.
# '''Set Up the Outbound Route'''
#* '''Route Name''': Enter <code>UniTel_Outbound</code>.
#* '''Route CID''': Enter your UniTel DID (in e.164 format, e.g., 13475522258).
# '''Assign Trunk to Route'''
#* '''Trunk Sequence for Matched Routes''': Select <code>UniTel_SIP</code> (the trunk created earlier). We don’t have multiple trunks.
# '''Navigate to Dial Patterns'''
#* Click '''Dial patterns wizards'''.
#* Click the dial plans that make sense for your locale.
#* This is a conversation for you to have with your SIP trunking provider based on your region. Open a ticket with them and make sure you choose the right options here!
# '''Submit and Apply'''

* Click '''Submit'''.
* Click '''Apply Config''' to save and activate the outbound route.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_ef8d201c.png
File:lu67917r1ezu_tmp_58e2fa70.png
File:lu67917r1ezu_tmp_4bc11745.png
File:lu67917r1ezu_tmp_1252fdc2.png
File:lu67917r1ezu_tmp_2106a642.png
File:lu67917r1ezu_tmp_7330e060.png
</gallery>

<span id="step-7-configure-ip-subnets-in-freepbx"></span>
== Step 7: Configure IP subnets in FreePBX ==

FreePBX configures it to work automatically with the LAN subnet. For instance, if you chose <code>192.168.5.0/24</code> for your local network, it will configure FreePBX to work properly with your LAN subnet.

However, it doesn’t know you have a VPN. Remember that I suggest you not open ports. If you want this to work on your Android phone or iPhone when you connect to your home network, you have to add your VPN subnet manually. To do so, follow these instructions:

<span id="add-vpn-subnet-to-local-networks-in-freepbx"></span>
==== Add VPN subnet to local networks in FreePBX ====

# '''Navigate to SIP Settings'''
# Go to '''“Settings”''' &gt; '''“Advanced SIP Settings”'''.
# Make sure you are on the '''“General”''' tab.
# Find the '''Local Networks''' section.
# Log into the '''pfSense''' firewall in a new browser tab.
# Go to '''“VPN” —&gt; “OpenVPN”''' at the top menu.
# Find the '''Tunnel Network''' for your VPN, which will be in the list of '''OpenVPN servers'''.
# Return to the FreePBX browser tab and click '''Add Local Network Field'''.
# Add the '''Tunnel Network''' of your VPN.
# '''Submit and Apply Changes'''
#* Click '''“Submit”'''.
#* Click '''“Apply Config”''' to activate the outbound route.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_ce66bf80.png
File:lu67917r1ezu_tmp_2e61fc14.png
File:lu67917r1ezu_tmp_b500d2da.png
</gallery>

<span id="step-8-setting-up-a-softphone"></span>
== Step 8: Setting up a softphone ==

A softphone is a software phone. I’ll show you how to use this; the instructions are about the same as configuring a hardware phone. It also allows me to create instructions that allow anyone watching this to confirm their system works without having to provide generalized instructions that aren’t precise to every single smartphone.

<span id="download-zoiper"></span>
==== 8.1 Download Zoiper ====

# Go to Zoiper.
# Download Zoiper [https://www.zoiper.com/ here.]
# Install Zoiper.
# Run Zoiper.

<span id="get-credentials-for-your-extension."></span>
==== 8.2 Get credentials for your extension. ====

* '''Log in to the FreePBX Admin Interface'''
* '''Navigate to Extensions'''
** Go to '''Connectivity &gt; Extensions'''.
** Click your extension.
* Get your '''extension number''', which is your '''username''', and your '''secret''', which is your '''password'''.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_5a55c888.png
File:lu67917r1ezu_tmp_4285096.png
File:lu67917r1ezu_tmp_3955f9e6.png
File:lu67917r1ezu_tmp_c8bb85.png
File:lu67917r1ezu_tmp_f287090.png
</gallery> 8.3 Configure Zoiper

# Open Zoiper and select '''Create New Account'''.
# Enter the following details:
#* '''Username''': Your extension number (e.g., 401).
#* '''Password''': Your secret (password).
#* '''Domain''': Your server’s IP address or hostname (for us, <code>192.168.5.6:5060</code>).
#** The format will be <code>username@ip:port</code> with the '''password''' in its own field.
#** In my setup with my example, it would be [http://401@192.168.5.6 '''401@192.168.5.6''']:5060 or [http://401@freepbx.home.arpa '''401@freepbx.home.arpa''']:5060.
#* Skip Outbound Proxy.
#* Select Transport Protocol '''SIP UDP'''.
#* Choose SIP UDP as most setups use UDP by default.
# Test Configuration:
#* If you see a green checkmark, you did good.

<span id="test-audio-settings"></span>
==== 8.4 Test Audio Settings ====

# Go to options.
# Select Input and Output Devices.
# '''Set Input Device''' to your microphone.
# '''Set Output Device''' to your speakers or headphones.
# '''Test Audio''': Speak into the microphone to check input levels. For output, press play to confirm audio works.

<span id="step-9-configuring-voicemail-and-email-notifications-in-freepbx-17"></span>
== Step 9: Configuring Voicemail and Email Notifications in FreePBX 17 ==

This guide provides step-by-step instructions to configure voicemail for an extension and ring group in FreePBX 17, making sure that voicemail messages are sent via email with audio file attachments. We will also set up your custom mail server for sending these email notification; we’re not calling into a voicemail system in 2024.

<span id="enable-voicemail-for-the-extension"></span>
==== 9.1 Enable Voicemail for the Extension ====

# '''Log in to the FreePBX Admin Interface'''
#* <code>http://192.168.5.5/admin</code>
#* Log in with your admin credentials.
# '''Navigate to Extensions'''
#* Go to '''“Applications”''' &gt; '''“Extensions”'''.
#* Find and select the extension (e.g., <code>401</code>) that you want to set up.
# '''Enable Voicemail for the Extension'''
#* Scroll down to the '''Voicemail''' section.
#* '''Enable Voicemail''': Set to <code>Yes</code>.
#* '''Voicemail Password''': Enter a numerical for accessing voicemail which we will never use.
#* '''Email Address''': Enter the email address where voicemail notifications should be sent (e.g., <code>user@example.com</code>).
#* '''Attach Voicemail''': Set to <code>Yes</code> (this will attach the audio file of the voicemail to the email notification).
#* '''Delete Voicemail''': Set to <code>No</code> (keeps a copy of the voicemail on the system even after sending the email). Until we know if our system works, keep this to no. Once it is emailing us our voicemails as a wav file, then we can change this to yes.
# '''Submit and Apply Changes'''
#* Click '''“Submit”'''.
#* Click '''“Apply Config”''' to save the voicemail settings for the extension.

<span id="configure-voicemail-for-the-ring-group"></span>
==== 9.2 Configure Voicemail for the Ring Group ====

# '''Navigate to Ring Groups'''
#* Go to '''“Applications”''' &gt; '''“Ring Groups”'''.
#* Select the ring group you configured earlier (e.g., <code>600 - Office Ring Group</code>).
# '''Set Ring Group to Go to Voicemail'''
#* '''Destination if No Answer''': Choose '''“Voicemail”''', and select the extension’s voicemail (e.g., <code>101</code>).
# '''Submit and Apply Changes'''
#* Click '''“Submit”'''.

<span id="step-9.3-configure-freepbx-to-send-email-notifications-via-custom-mail-server"></span>
==== Step 9.3: Configure FreePBX to Send Email Notifications via Custom Mail Server ====

# '''Navigate to System Admin Module'''
#* Go to '''“Admin”''' &gt; '''“System Admin”'''.
#* Click on '''“Email Setup”'''…. '''''GOTCHA!!''''' This is GNU/Linux, nothing is easy. I had you for a moment there, didn’t I? :D
# This is actually going to be a fun journey of configuring postfix manually. That is a long way away, at the end.

<span id="step-10-setting-up-pfsense-firewall-rules-for-freepbx-with-unitel-sip-services"></span>
== Step 10: Setting Up pfSense Firewall Rules for FreePBX with UniTel SIP Services ==

To make sure your FreePBX system (located at <code>192.168.5.6</code>) is able to connect to UniTel’s SIP service and receive calls with two-way audio that actually work, we need to create NAT rules &amp; corresponding firewall rules that only allow traffic from UniTel’s approved IPs. Next we’ll walk you through setting up aliases for UniTel’s IPs, creating NAT rules, &amp; making sure SIP and RTP traffic flows correctly.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_694465ad.png
File:lu67917r1ezu_tmp_f3d60c6e.png
</gallery> Create aliases for UniTel’s IPs

<span id="step-10.1-log-in-to-your-pfsense-web-interface"></span>
==== Step 10.1: Log in to Your pfSense Web Interface ====

# Open a web browser and navigate to: <code>https://pfsense.home.arpa</code> or [https://192.168.5.1/ https://192.168.5.1]
# Enter your pfSense admin credentials.

<span id="step-10.2-add-an-alias-for-unitels-sip-signaling-ips"></span>
==== Step 10.2: Add an Alias for UniTel’s SIP Signaling IPs ====

# Go to '''Firewall''' &gt; '''Aliases'''.
# Click '''Add''' (+) to create a new alias.
# Configure the alias as follows:
#* '''Name''': <code>Unitel_SIP_IPs</code>
#* '''Description''': <code>SIP Signaling IPs from UniTel</code>
#* '''Type''': <code>Host(s)</code>
#* '''IP Addresses''':
Add each of the following SIP IP addresses: '''''THIS MAY CHANGE, CHECK UNITEL GETTING STARTED PAGE TO MAKE SURE THESE ARE THE RIGHT ONES!'''''
#** <code>199.180.220.89</code>
#** <code>199.180.220.91</code>
#** <code>208.89.104.3</code>
# Click '''Save''', then '''Apply Changes'''.

<span id="step-10.3-add-an-alias-for-unitels-media-ips"></span>
==== Step 10.3: Add an Alias for UniTel’s Media IPs ====

# In the '''Aliases''' section, click '''Add''' again to create another alias.
# Configure the alias as follows:
# '''Name''': Unitel_Media_IPs
# '''Description''': Media IPs for UniTel SIP Services
# '''Type''': Host(s)
# '''IP Addresses''': Add each of the following media IP addresses: '''''THIS MAY CHANGE, CHECK UNITEL GETTING STARTED PAGE TO MAKE SURE THESE ARE THE RIGHT ONES!'''''
#* 199.180.223.109
#* 45.55.33.77
#* 157.230.238.197
#* 45.33.70.196
#* 45.33.71.83
#* 159.65.107.252
#* 45.33.14.21
#* 159.89.122.218
#* 167.71.237.189
#* 172.104.226.108
#* 139.162.250.71
# Click '''Save''', then '''Apply Changes'''.

<span id="setting-up-nat-port-forward-firewall-rules"></span>
=== Setting up NAT port forward &amp; firewall rules ===

<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_3c485302.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241107012035037.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241107012048982.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241107012056979.png
</gallery>

</div>
<span id="configure-nat-port-forwards-for-freepbx-signalling"></span>
==== 10.4 Configure NAT port forwards for FreePBX signalling ====

# Navigate to '''Firewall''' &gt; '''NAT'''.
# Under the '''Port Forward''' tab, click '''Add''' to create a new NAT rule.
# Configure the rule as follows:
#* '''Interface''': WAN
#* '''Protocol''': UDP
#* '''Destination''': WAN address
#* '''Destination Port Range''':
#** From: 5060
#** To: 5065 (for SIP signaling)
#* '''Redirect Target IP''': Enter your PBX IP: 192.168.5.6
#* '''Redirect Target Port''':
#** From: 5060
#** To: 5065
#* '''Source''': Select Single host or alias and choose Unitel_SIP_IPs.
#* '''Description''': Forward SIP Traffic from UniTel to FreePBX
# Click '''Save''', then '''Apply Changes'''.

<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241107012336127.png
</gallery>

</div>
<span id="set-up-nat-port-forwards-for-rtp-media-traffic"></span>
==== 10.5 Set Up NAT port forwards for RTP (Media) Traffic ====

# In the '''Port Forward''' tab, click '''Add''' to create another NAT rule.
# Configure the rule as follows:
#* '''Interface''': WAN
#* '''Protocol''': UDP
#* '''Destination''': WAN address
#* '''Destination Port Range''':
#** From: 10000
#** To: 20000 (for RTP media traffic)
# '''Redirect Target IP''': Enter your PBX IP: 192.168.5.6
# '''Redirect Target Port''':
#* From: 10000
#* To: 20000
# '''Source''': Select Single host or alias and choose <code>Unitel_Media_IPs</code>.
# '''Description''': Forward RTP Traffic from UniTel to FreePBX
#* Click '''Save''', then '''Apply Changes'''.

<span id="verify-automatic-firewall-rules"></span>
==== 10.6 Verify Automatic Firewall Rules ====

# After creating the NAT rules, go to '''Firewall''' &gt; '''Rules'''.
# In the '''WAN''' tab, confirm that the firewall rules were automatically created for:
## '''SIP Traffic''' (ports 5060-5065) pointing to 192.168.5.6 and restricted to <code>Unitel_SIP_IPs</code>.
## '''RTP Traffic''' (ports 10000-20000) pointing to 192.168.5.6 and restricted to <code>Unitel_Media_IPs</code>.

<span id="test-the-configuration"></span>
==== 10.7 Test the Configuration ====

# Make sure that your FreePBX system can register with UniTel’s SIP servers.
# Make a test call to make sure both SIP signaling and media (audio) traffic are functioning correctly.
# Make sure that when you end a phone call, both the caller &amp; recipient notice that it has ended immediately.
# Make sure you have two-way audio.
# Leave a call on for fifteen minutes and make sure it doesn’t hang up by itself.

<span id="step-11-troubleshooting-when-it-doesnt-work.-its-open-source-so."></span>
== Step 11: Troubleshooting when it doesn’t work. It’s open source, so…. ==

<span id="introduction-to-network-rules"></span>
=== Introduction to Network Rules ===

We set up two sets of rules:

# '''SIP Trunk rules''' (Ports 5060-5065)
#* Allows Unitel to talk to our PBX
#* Deals with signaling &amp; connection management
# '''Media Proxy Rules''' (Ports 10000-20000)
#* Manages the actual audio transmission
#* Handles voice data going back and forth

<span id="what-are-nat-port-forwards-vs-firewall-rules"></span>
==== What are NAT port forwards vs Firewall Rules? ====

<span id="network-address-translation-nat-port-forwards"></span>
===== Network Address Translation (NAT) Port Forwards =====

NAT is like the restaurant host who brings guests to specific tables. It allows specific machines behind your network to get traffic depending on the port that the traffic was trying to access when the traffic got to your cable modem &amp; firewall.

<span id="firewall-rules-1"></span>
===== Firewall Rules =====

The firewall acts as a bouncer. Even when NAT directs traffic to the right computer, the firewall can still block problematic connections.

<span id="order"></span>
===== Order: =====

<code>pfSense</code> will add a firewall rule AUTOMATICALLY each time you create a NAT port forward, as long as you do not change that option at the end of the NAT port forward rule creation page. I circled this to make sure you would get it right.

# Set up NAT rules first
# Configure firewall rules second

<span id="our-setup"></span>
===== Our Setup =====

FreePBX box IP address: 192.168.5.6

Internet Traffic → NAT (Traffic Direction) → Firewall (Security Check) → FreePBX virtual machine

<span id="when-things-dont-work-common-scenario"></span>
=== When Things Don’t Work (Common Scenario) ===

This is an open source firewall combined with self-managed SIP trunking. If something works on the first go, you should be very concerned – this likely means you are in a coma &amp; dreaming. Try to wake up. If you can’t, something is wrong.

<blockquote>'''IMPORTANT:''' Follow along in the video as this is best explained there as I go. This is one of the few sections where I believe the video is a must-have to understand how troubleshooting an issue here would work in real time.
</blockquote>
When initial setup doesn’t work, follow this troubleshooting sequence:

# '''Clear ARP Tables'''
#* Navigate to '''Diagnostics → ARP Table → Clear'''
# '''Reset States'''
#* Navigate to '''Diagnostics → States → Reset States'''
#* States are current connections
#* Must be reset on both routers
#* Wait 90 seconds after reset (best practice)
# '''Reload Filter Rules'''
#* Navigate to '''Status → Filter →''' then click ** Reload**

<span id="using-packet-capture-for-diagnostics"></span>
==== Using Packet Capture for Diagnostics ====

# Go to: '''Diagnostics → Packet Capture'''
# Configure capture:
#* Interface: WAN or LAN depending on test
#* Port: 5060, 5061, 5062, 5063, 5064, 5065 for SIP traffic

<span id="reading-packet-capture-results"></span>
==== Reading Packet Capture Results ====

* Example of captured traffic: 199.18.220.89 (Unitel’s IP in my case)
* You’re looking to see if the port 5060 traffic is actually being directed to your PBX. You’re also looking to see if it is even coming in at all.

<span id="stuff-we-use-to-troubleshoot"></span>
=== Stuff we use to troubleshoot: ===

When dealing with miserable issues:

<ol style="list-style-type: decimal;">
<li><p>'''Check Logs'''</p>
<p>'''Status → System Logs → Firewall → Normal View'''</p>
<ul>
<li>Sort by newest first
</li>
<li>Enable logging for allowed and blocked traffic</li></ul>
</li>
<li><p>'''Use diagnosing tools'''</p>
<ul>
<li><p>Packet capture shows where things are going</p></li>
<li><p>Firewall logs show what’s being blocked/allowed</p></li>
<li><p>Side-by-side comparison of rules vs. actual traffic</p></li></ul>
</li>
<li><p>'''Reset Everything'''</p>
<ul>
<li><p>Clear ARP tables</p></li>
<li><p>Reset state tables</p></li>
<li><p>Reload filter rules</p></li>
<li><p>None of this will work because it’s open source, SO:</p></li>
<li><p>Reboot the router</p></li>
<li><p>Look for hints &amp; clues.</p></li></ul>
</li></ol>

<span id="important-takeaway-from-this"></span>
=== Important takeaway from this ===

* In the video, I did all of the above. The router magically started passing traffic after a reboot.
* Even when everything is configured correctly, it may not work correctly – it’s open source.
* Consumer routers vs Enterprise/Open Source firewalls:
** $20 consumer router: “It just works”
** Enterprise-grade open source firewall: Requires patience and systematic troubleshooting
* It’s still better to use this than a traditional router so you don’t get hacked &amp; owned via lack of updates.

<span id="step-12-install-lenny-on-freepbx-17"></span>
== Step 12: Install Lenny on FreePBX 17 ==

<span id="prepare-to-access-your-freepbx-system"></span>
==== 12.1 Prepare to Access Your FreePBX System ====

You need to SSH into the FreePBX VM to install Lenny. Open a terminal on your local machine and connect via SSH:

<pre>ssh louis@192.168.5.6
su</pre>
<span id="add-lennys-custom-context-in-asterisk"></span>
==== 12.2 Add Lenny’s Custom Context in Asterisk ====

<ol style="list-style-type: decimal;">
<li><p>Open the <code>extensions_custom.conf</code> file for editing:</p>
<pre>nano /etc/asterisk/extensions_custom.conf</pre></li>
<li><p>Add the following lines to define the Lenny context:</p></li></ol>

<pre>[Lenny]
exten =&gt; talk,1,Set(i=${IF($[&quot;0${i}&quot;=&quot;016&quot;]?7:$[0${i}+1])})
same =&gt; n,ExecIf($[${i}=1]?MixMonitor(${UNIQUEID}.wav))
same =&gt; n,Playback(Lenny/Lenny${i})
same =&gt; n,BackgroundDetect(Lenny/backgroundnoise,1500)</pre>
<ol start="3" style="list-style-type: decimal;">
<li>Save and exit the editor by pressing <code>Ctrl + X</code>, then <code>Y</code>, and <code>Enter</code>.</li></ol>

<span id="download-lennys-sound-files"></span>
==== 12.3 Download Lenny’s Sound Files ====

Continue with the necessary steps to download and configure Lenny’s sound files as required.

Lenny works by playing recorded audio. You’ll need to download these audio files to the correct directory on your FreePBX system.

Download Lenny’s sound files [https://www.crosstalksolutions.com/pub/Lenny.zip from this link]. Crosstalk solutions is a hero for continuing to host this. Tell him thank you.

<pre>cd /var/lib/asterisk/sounds/
wget https://www.crosstalksolutions.com/pub/Lenny.zip
unzip Lenny.zip
chown asterisk:asterisk /var/lib/asterisk/sounds/Lenny/* -R
chmod -R 755 /var/lib/asterisk/sounds/Lenny/* -R</pre>
<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_89b069de.png
File:lu67917r1ezu_tmp_6b11bfcb.png
File:lu67917r1ezu_tmp_410d95bf.png
File:lu67917r1ezu_tmp_cdc425ee.png
</gallery>

<span id="create-a-custom-destination-in-freepbx"></span>
==== 12.4 Create a Custom Destination in FreePBX ====

# Log in to the FreePBX web interface.
# Navigate to '''Admin &gt; Custom Destinations'''.
# Add a new custom destination with the following details:
#* '''Custom Destination:''' <code>Lenny,talk,1</code>
# This may be called TARGET instead of CUSTOM DESTINATION IN NEW VERSIONS
#* '''Description:''' Lenny
# Click '''Submit''' and then '''Apply Config''' to save the changes.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_5e139a78.png
File:lu67917r1ezu_tmp_35e121d2.png
File:lu67917r1ezu_tmp_91b7118c.png
File:lu67917r1ezu_tmp_77d50bb9.png
File:lu67917r1ezu_tmp_c6db1985.png
</gallery>

<span id="set-lenny-as-a-destination"></span>
==== 12.5 Set Lenny as a Destination ====

You now have multiple options for how to use Lenny.

* '''Manual Transfers to Lenny:'''
** Navigate to '''Connectivity —&gt; Extensions'''
** Create a new '''Virtual Extension'''
** Set the extension to whatever you want it to be; this is the number you dial to get Lenny &amp; the number you transfer people to for Lenny
** Click on the Advanced tab
** Scroll to the bottom for destinations when nobody answers.
** Set each of the three to '''Custom Destinations —&gt; Lenny'''
** Enjoy transferring telemarketers to Lenny at his extension. :)

<span id="reload-things-in-the-terminal."></span>
==== 12.6 Reload things in the terminal. ====

In your SSH terminal, type the following:

<pre>fwconsole reload</pre>
<blockquote>'''IMPORTANT:''' Hitting the red '''“Apply Config”''' button in the upper right corner of the FreePBX webpage is not enough here. For this to work, you must run <code>fwconsole reload</code> in the terminal.
</blockquote>
<span id="sending-blocked-numbers-to-lenny"></span>
==== 12.7 Sending blocked numbers to Lenny ====

# After hanging up on someone you hate, hit <code>*32</code> quickly which will block their number.
# Navigate to '''Admin —&gt; Blacklist'''.
# Click onto '''Settings'''.
# Set the '''Destination for BlackListed Calls''' to '''Custom Destination —&gt; Lenny'''.

Now every time you get a call from someone you hate, you can dial <code>*32</code> &amp; they will be routed to Lenny as soon as they call back. But remember, in the words of one of my first recording studio job bosses in 2007 - ''“Louis, you hate nothing; you intensely dislike it!”''

<span id="step-12-hiring-a-virtual-receptionist-who-tells-annoying-people-to-get-the-fuck-outta-here"></span>
== Step 12: Hiring a virtual receptionist who tells annoying people to ''“get the fuck outta here!”'' ==

This is the primary reason to have a self managed PBX.

<span id="download-the-sound-files"></span>
==== 12.1 Download the Sound Files ====

First, SSH into your FreePBX machine:

<pre>ssh louis@freepbx.home.arpa</pre>
Download the sound files from the given URL using <code>wget</code>:

<pre>wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-extra-sounds-en-g722-current.tar.gz</pre>
<span id="place-the-files-in-the-proper-directory"></span>
==== 12.2 Place the Files in the Proper Directory ====

After downloading the archive, extract it and move the files to the appropriate directory in FreePBX. Asterisk sound files typically reside in <code>/var/lib/asterisk/sounds</code>.

Extract the tarball:

<pre>tar -xvzf asterisk-extra-sounds-en-g722-current.tar.gz</pre>
Move the extracted files into the custom sound directory for FreePBX:

<pre>mv asterisk-extra-sounds-en-g722 /var/lib/asterisk/sounds/custom</pre>
If the <code>custom</code> directory doesn’t exist, you can create it:

<pre>mkdir /var/lib/asterisk/sounds/custom</pre>
<span id="set-correct-permissions"></span>
==== 12.3 Set Correct Permissions ====

Make sure that FreePBX and Asterisk can access the sound files by setting the correct ownership and permissions. FreePBX generally runs under the <code>asterisk</code> user:

<pre>chown -R asterisk:asterisk /var/lib/asterisk/sounds/custom/* -R
chmod -R 755 /var/lib/asterisk/sounds/custom/* -R</pre>
<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_3725236e.png
File:lu67917r1ezu_tmp_8a2cf792.png
File:lu67917r1ezu_tmp_2abf75f3.png
</gallery> 12.4 Find the Sound Files in the FreePBX GUI

# Log in to the '''FreePBX Admin Interface'''.
# Navigate to '''Admin &gt; System Recordings'''.
# Under '''Add Recording''', you should now be able to see &amp; use the uploaded sound files from the <code>/var/lib/asterisk/sounds/custom</code> directory.

<span id="combine-sound-prompts-into-a-sequence"></span>
==== 12.5 Combine Sound Prompts into a Sequence ====

To combine multiple sound files into a single prompt sequence, use the '''System Recordings''' feature in FreePBX:

# Go to '''Admin &gt; System Recordings''' and create a new recording.
#* Select the option to '''Add Sound Recording''' by combining the existing files.
#* Add the sound files in the order you want them to play.
# Choose the following codecs:
#* alaw
#* g722
#* gsm
#* ulaw
#* wav
# EXCLUDE the following codecs:
#* g729
#* sln
#* sln16
#* sln48
# Save the combined sound as a new recording.

<span id="create-an-extension-that-plays-the-sound-prompts"></span>
==== 12.6 Create an Extension That Plays the Sound Prompts ====

To forward someone to an extension that plays back the sound prompts:

# Log in to the '''FreePBX Admin Interface'''.
# Navigate to '''Applications &gt; Extensions'''.
# Click '''Add Extension''' and select '''Custom Extension'''.
# Set destination of unanswered to play your recording.
# '''Save, Submit''' and '''Apply Config'''.

Now, you can transfer calls to this extension, and the selected sound prompts will be played back. Allison Smith will tell.

<span id="step-13-get-emails-with-voicemails-using-postfix-with-postmark-smtp-relay"></span>
== Step 13: Get emails with voicemails using Postfix with Postmark SMTP Relay ==

We are not doing the 1990s calling into voicemail system nonsense. That is miserable.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_aaeb276e.png
File:lu67917r1ezu_tmp_8c59ac9.png
File:lu67917r1ezu_tmp_8cb7f78.png
</gallery>

<span id="configure-the-from-address-in-freepbx"></span>
==== 13.1 Configure the FROM Address in FreePBX ====

# Log into your FreePBX web interface.
# Navigate to '''Settings → Voicemail Admin'''.
# Click the '''Settings''' tab.
# Click on the '''Email Config''' tab.
# Set the '''Server Email''' to an email address of your choice.
#* I suggest this address be within the domain of the email you set up in mailcow.
#* For instance, if you set up an email for yourself called [http://steve@stevesavers.com '''steve@stevesavers.com'''] in mailcow, make this '''voicemails@stevesavers.com'''.
# Click '''Submit''', then '''Apply Config''' (red button in the upper right corner).

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_7c7fe30c.png
File:lu67917r1ezu_tmp_926f2cd4.png
File:lu67917r1ezu_tmp_82ab253e.png
File:lu67917r1ezu_tmp_302269b1.png
File:lu67917r1ezu_tmp_5b69f714.png
File:lu67917r1ezu_tmp_4ea2455d.png
</gallery>

<span id="configure-user-access-to-voicemail"></span>
==== 13.2 Configure user access to voicemail ====

# Navigate to '''Admin —&gt; User Management'''.
# Click '''Edit''' next to the user.
#* Click the '''User Details''' tab at the top.
#** Check that the email address is correct.
#* Click the '''UCP''' tab at the top.
#** Click the '''Call History''' sub-tab.
#*** In '''CDR Access''', add the extensions for which you want to allow this user to listen to call recordings. So if your extension is '''401''', then '''401''' should be in this list.
#*** Set '''Allow CDR''' to '''Yes'''.
#*** Set '''Allow CDR Downloads''' to '''Yes'''.
#*** Set '''Allow CDR Playback''' to '''Yes'''.
#** Click the '''Voicemail''' sub-tab.
#*** Make sure every option here is set to '''Yes'''.
#*** In '''Allowed Voicemail''', make sure that your extension is in the list. So if your extension is '''401''', then '''401''' should be in this list.
#* Click '''Submit''', then '''Apply Config''' (red button in the upper right corner).

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_dd6f816d.png
File:lu67917r1ezu_tmp_653952c.png
File:lu67917r1ezu_tmp_d77e3b32.png
File:lu67917r1ezu_tmp_56847681.png
File:lu67917r1ezu_tmp_aa85fde6.png
File:lu67917r1ezu_tmp_6bcaece6.png
File:lu67917r1ezu_tmp_abb6e1ff.png
File:lu67917r1ezu_tmp_df1ec9c8.png
</gallery>

<span id="configure-extension-for-voicemail"></span>
==== 13.3 Configure extension for voicemail ====

# Navigate to '''Connectivity —&gt; Extensions'''
#* Choose your extension
# Go to '''Voicemail'''
#* Set your '''Voicemail password'''
#* Set the '''Email Address''' to the email address you want it to email.
#* Click '''Submit''', then '''Apply Config''' red button in the upper right corner
# Click '''UCP''' on the top menu to enter the User Control Panel
#* Click the plus sign in the upper left to add a panel.
#* Choose '''Voicemail.'''
#* Choose your extension, in this case, '''401'''
#* Go to the little gear on the upper right corner of the panel you just added to open the '''settings''' menu
#* Make sure '''Email Attachment''' is '''On'''
#* '''Email Address''' should be the address that you want voicemails to go to.

<span id="get-postmark-credentials-for-smtp-relay"></span>
==== 13.4 Get Postmark Credentials for SMTP relay ====

We are using Postmark for SMTP relay so our emails are not immediately rejected by most providers.

# Go to postmarkapp.com
# Log in and click Servers
# Click onto the server you made earlier.
# Click '''Default Transactional Stream'''
# Navigate to the '''Setup Instructions page''' after clicking onto your message stream.
#* Under '''“Pick the library or integration”''' – pick “SMTP”.
#* '''This is the same thing we did when we set up mailcow with Postmark for SMTP relay in the mailcow section!'''
#* Take note of these, as we will be using them with FreePBX

<span id="modify-postfix-configuration"></span>
==== 13.5 Modify Postfix Configuration ====

<ol style="list-style-type: decimal;">
<li><p>Edit the main configuration file:</p>
<pre>sudo nano /etc/postfix/main.cf</pre></li>
<li><p>Find and modify/add these lines. Keep everything elsein the <code>main.cf</code> file unchanged. Adjust the <code>sender_canonical_maps = static:voicemailalert@stevesavers.com</code> to the email address you wish to use.</p></li></ol>

<pre>relayhost = [smtp.postmarkapp.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_mechanism_filter = plain
sender_canonical_maps = static:voicemailalert@stevesavers.com</pre>
<span id="set-up-authentication"></span>
==== 13.6 Set Up Authentication ====

<ol style="list-style-type: decimal;">
<li><p>Ssh into the FreePBX virtual machine:</p>
<pre>ssh louis@192.168.5.6</pre></li>
<li><p>Create/edit the SASL password file:</p>
<pre>sudo nano /etc/postfix/sasl_passwd</pre></li>
<li><p>Add this line (replace <code>USERNAME:PASSWORD</code> with your Postmark credentials):</p>
<pre>[smtp.postmarkapp.com]:587 USERNAME:PASSWORD</pre></li>
<li><p>Create the hash database and set permissions:</p>
<pre>sudo postmap /etc/postfix/sasl_passwd
sudo chmod 600 /etc/postfix/sasl_passwd*</pre></li></ol>

<span id="restart-postfix"></span>
==== 13.7 Restart Postfix ====

<pre>sudo systemctl restart postfix</pre>
<span id="test-configuration"></span>
==== 13.8 Test Configuration ====

Send a test email:

<pre>cat &lt;&lt; EOF | sendmail l.a.rossmann@gmail.com
From: voicemailalert@stevesavers.com
To: l.a.rossmann@gmail.com
Subject: Test Email
Content-Type: text/plain
X-PM-Message-Stream: outbound

This is a test email body.
EOF</pre>
Check mail logs for errors:

<pre>sudo tail -f /var/log/mail.log</pre>
<span id="troubleshooting"></span>
==== Troubleshooting ====

If emails aren’t sending:

# Check <code>/var/log/mail.log</code> for errors
# Check that Postmark credentials are correct (if you typed <code>postmark.com</code> instead of <code>postmarkapp.com</code> for server, etc)
# Verify sender domain (<code>stevesavers.com</code>) is properly configured in Postmark
# Check the activity tab on the transactional stream in Postmark
# Mail log will tell you what you fkd up 99% of time.

<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_923a1598.png
</gallery>

</div>
!(Postmark Activity monitor](old/images/lu67917r1ezu_tmp_f60bd933.png)

!(Postmark Activity monitor](old/images/lu67917r1ezu_tmp_c39a116d.png)

<span id="postmark-activity-monitor"></span>
===== Postmark Activity Monitor: =====

If you want more troubleshooting information, check Postmark.

# Log into Postmark.
# Click '''Servers'''
# Click onto the server you made.
# Click onto your '''Default Transactional Stream'''
# Click '''Activity'''
# Poke around.

<span id="default-etcpostfixmain.cf-config-file"></span>
==== Default /etc/postfix/main.cf config file ====

Just in case you mess something up, here’s the default one, because the ones in /usr/share/postfix require configuration from scratch. What they mean when they say ''“more complete”'' version is ''“we don’t offer a copy anywhere of the just working version”'', because it’s… GNU/Linux.

<pre># See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate &quot;delayed mail&quot; warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6



# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = debian.home.arpa
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, debian, localhost.localdomain, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
# WARNING: Changing the inet_interfaces to an IP other than 127.0.0.1 may expose Postfix to external network connections.
# Only modify this setting if you understand the implications and have specific network requirements.
inet_interfaces = 127.0.0.1
inet_protocols = all
message_size_limit = 102400000</pre>
<span id="self-hosted-bitwarden-password-manager"></span>