Category: FreePBX EN

FreePBX Adding a Cisco SPA525G2 phone

After the initial setup of our FreePBX Asterisk, it’s time to add VoIP phones to our PBX so we can finally start making calls. The first to go will be the very successful, inexpensive, and easy-to-configure Cisco SPA525G2 VoIP phone. It is an improved version of the SPA525G model, differing only in the addition of Bluetooth communication, which allows us to pair our VoIP phone with any smartphone and conveniently switch calls to the smartphone.

This model has five telephone lines, which means it allows up to five telephone calls to be made simultaneously. These calls can be conveniently switched between using the backlit buttons on the right side of the screen.

The phone can be connected with a 5V power supply, or directly from a PoE switch with a LAN cable. It has a colour display with a 3.2-inch diagonal and a resolution of 320×240 pixels. The phone can be easily managed via a web browser.

Cisco SPA525G2 setting a static IP address

After connecting the phone to our LAN, the first step should be to set a static IP address instead of the one assigned dynamically by the DHCP server. To do this, press the ‘Settings’ button on the phone, and then use the cursor to navigate to ‘Network Configuration-Connection Type’ and change the mode from ‘DHCP’ to ‘Static IP’.

Now we need to set the IP address, gateway and subnet mask. So we press ‘Settings’, ‘Network Configuration’ and go to the ‘Static IP Address Settings’ by entering the following in the given fields:

1. IP Address, remembering that both our phone, FreePBX and the router must be on the same subnet. In our case, the router has the address 192.168.0.1, and FreePBX has the address 192.168.0.178. If your subnet mask has the number 255.255.255.0, then the phone’s IP address must be 192.168.0.X, where X is a number from 0 to 255. Of course, the IP address on your network must be unique, so it cannot be number 1, 178, or any other number already in use on your network.
2. Subnet mask – If you do not have more than 256 network devices on your network, it is usually 255.255.255.0.
3. Gateway address – The IP address of your router
4. DNS 1 and DNS 2 – you can enter the IP address of any DNS server, for example 1.1.1.1, 8.8.8.8, or 8.8.4.4.

Finally, we save the settings by pressing the button under the ‘Set’ label.

Cisco SPA525G2 phone settings in the web browser

Once we have set a static IP address for our phone, we launch a web browser on the computer and enter the IP address of our phone. You will then see a window with information about our phone, but only in user mode, from which we will not be able to make the changes needed to connect it to our FreePBX. To do this, we must switch to administrator mode by clicking the ‘Admin login’ link in the top right corner and entering the password. If no one has changed the password, the default login is ‘admin’ and the password is ‘admin’.

After logging in to administrator mode, we go to the ‘Ext 1’ tab, where we will have to enter a few options to connect our phone to FreePBX:

1. Proxy – we enter the IP address of our FreePBX here.
2. Register – we set to ‘yes’.
3. Display Name – we enter any name here that will identify our phone.
4. User ID – here we must enter the number of our Extension from FreePBX, which we created in the previous article.
5. Password – We enter the password we created here, when creating the Extension in FreePBX in the ‘Secret’ field.

We save the changes with the ‘Submit All Changes’ button. The other fields are not relevant at the moment.

Note: Make sure you have entered the correct Extension number in the ‘User ID’ field and the ‘Secret’ password in the ‘Password’ field. Without this, the phone will not register correctly in FreePBX.

After a while the phone will restart and if you have entered all the data correctly, the phone should already be connected to FreePBX, and you should see phone icons on the display, just like in the picture below.

If the entered data is incorrect, or for other reasons the phone cannot register with FreePBX, then you will see raised handsets with exclamation marks on the display, and the phone line buttons will light up red, just like in the picture below.

Cisco SPA525G2 telephone line configuration

By default, the Cisco SPA525G2 phone has all 5 phone lines connected to one Extension in FreePBX. But there is nothing to stop our phone from having 5 different internal numbers assigned.

Note: Oh! There’s nothing to stop our phone from handling 5 different landline numbers if we have 5 FreePBX servers connected to 5 virtual landline numbers, but that’s a story for another article.

To set different internal numbers on one phone, for each of the 5 telephone lines, we must of course have 5 different Extensions in FreePBX. You can find out how to do this in our previous guide on Extensions.

If we have already created additional Extensions in FreePBX, we can go to the ‘Ext 2’ tab by typing the IP address of our phone in the browser (don’t forget to switch to Administrator mode) and in the ‘User ID’ and ‘Password’ window, we enter the number and ‘Secret’ of our second Extension, in the ‘Proxy’ field we re-enter the IP address of our FreePBX and confirm the changes with the ‘Submit All Changes’ button.

We perform similar actions for the remaining telephone lines in the ‘Ext 3’, ‘Ext 4’ and ‘Ext 5’ tabs.

Next, we go to the ‘Phone’ tab and change the numbers in the ‘Line Key’ field for each telephone line.

Cisco SPA525G2 Friendly names instead of Extension numbers

By default, the Cisco SPA525G2 phone displays Extension numbers (using the SUSER variable) on the display, instead of friendly names, for example, Reception, Technical Department, or Orders Department. Sometimes several employees use one phone and we can assign them separate internal numbers with their names. To change this, we must go back to the ‘Phone’ tab in the browser and change the ‘Short Name’ field assigned to each telephone line. After confirming the changes with the ‘Submit All Changes’ button, friendly names should appear on our display.

An additional advantage of this solution is that now when a given employee or department calls other internal numbers, the friendly name of the internal line will also appear on the call recipient’s end, in addition to the Extension number.

Summary

We have just registered our first VoIP phone in FreePBX. It is true that we still cannot make calls to landline or mobile numbers (we will deal with this in one of the next articles), but we can already make calls to internal company numbers if we have several VoIP phones.

The Cisco SPA525G2 phone is the highest model in the SPA5xx series, very pleasant to use and easy to configure. However, not every Cisco phone is like that. For example, the great VoIP model Cisco 9971 with a large touch screen and the ability to add a camera is much more difficult to configure, because we do not change its settings from the level of the web browser, but with each change of a parameter we must create a configuration file and send it to the phone via the built-in TFTP server. But that’s a story for a completely different article.

Therefore, if you do not have much experience in configuring VoIP phones and FreePBX, before buying, make sure that your new phone will be “FreePBX Friendly”.

Extensions are, among other things, all the telephones connected to our FreePBX Asterisk server.

Extension Driver Types

You should know that there are several types of Extension drivers:

• PJSIP – An updated version of the SIP driver. It works with most new VoIP telephones (e.g., Cisco SPA525G2).
• Chan_SIP – The SIP driver that works with most older VoIP telephone models (e.g., Cisco CP-9971).
• DAHDI – (Digium Asterisk Hardware Device Interface) Formerly known as Zaptel, this is the driver that supports telephones from Digium (the company is now called Sangoma) (e.g., the Digium D60 model).
• IAX2 – (Inter-Asterisk eXchange) is a protocol developed for connecting different Asterisk servers with each other.
• Virtual – Virtual extensions, for example, a voicemail box.

Applications – Extensions

To manage extensions, go to Applications > Extensions. To add a new Extension, click on Add Extension and select the driver or interface type from the list. We will now configure a new Extension using a Cisco SPA525G2 telephone as an example.

• We can click Add Extension and select New SIP [chan_pjsip] Extension.
• Alternatively, we can use the quick creation option by clicking Quick Create Extension.

To start, let’s try the second option: creating an Extension quickly.

Quick Create Extension – Step 1

• Type – Select SIP [chan_pjsip].
• Extension Number – Choose any three or four-digit number. This will be the internal number for our telephone.
• Display Name – Any name for our extension (e.g., Reception, Technical Department, John Smith, etc.). This name will appear on the displays of some telephones instead of the Extension number.
• Outbound Caller ID – We will discuss this later. Leave this field blank for now.
• Email Address – The email address assigned to this number.

Click Next to proceed to Step 2.

Quick Create Extension – Step 2

• Enable Find Me/Follow Me – We will cover the Follow Me function in a future article; for now, leave this option disabled.
• Parking Lot – This feature allows you to ‘park’ calls so they can be picked up from another telephone. In the free version, you only have one option.
• Create User Manager User – This option will create a new user for this Extension.
• User Manager Groups – Select a group for our user. By default, only one group, ‘All Users’, is created. If you have many employees with different permissions, you can create several groups in FreePBX and set different permissions for them, for example, which groups can listen to recordings, which groups can create new Extensions, etc.
• Enable Voicemail – Creates a voicemail box for this Extension.
• Voicemail PIN – The PIN required to listen to recorded voicemail messages.

Note: The default PIN is the same as the Extension number. This means that during the first call to the voicemail, the user will be able to configure it, for example, by recording their own greeting and changing the PIN. If you later reset the PIN to be the same as the Extension number, the voicemail box settings for this Extension will be deleted, and the user will be able to configure the mailbox from scratch.

To finish creating the new Extension, press Finish and be sure to press Apply Config in the top right-hand corner to save the new settings.

Editing Extensions

Once we have created Extensions for all the internal telephones in the company, let’s look at the available settings. Go to Applications > Extensions and press the Edit button next to the Extension you want to edit.

A window with a series of useful tabs will appear. Let’s now discuss the options we haven’t mentioned before.

General Tab

• Outbound CID – Our FreePBX is assigned a single external telephone number, let’s say a London area code, 020. Even though our employees are spread across the UK in Manchester, Bristol, and Glasgow, because they are connected to one FreePBX server, when they call clients, all clients will see the London telephone number assigned to our FreePBX. Statistics show that clients are much more likely to answer calls when someone is calling from a local area code. In the Outbound CID window, we can enter telephone numbers with our local city area codes.
• Emergency CID – This is similar to Outbound CID, but much more serious as it concerns calls to emergency numbers. Imagine our employee working in the Glasgow branch needs urgent medical help and has to call an emergency number from this Extension. They dial 999, but the emergency service sees a London number instead of a Glasgow one, and the ambulance goes to the company’s address in London instead of to the person needing help in Glasgow. This is what the Emergency CID option is for, to ensure that in an emergency, the emergency services can correctly locate the caller.
• Secret – This is the secret password that you will need to enter in the VoIP telephone’s settings so it can connect to our FreePBX Asterisk. We will discuss this option in more detail another time.
• Language Code – Here we select the language for our voice recordings used in FreePBX Asterisk. If you don’t see your desired language, you can install it by going to Admin > Sound Languages.

Note: You can record additional sound recordings yourself (e.g., “Please wait”, “All our consultants are busy”, etc.) and upload them to FreePBX, or you can purchase ready-made recordings. The language of the voice recordings can be set independently for each Extension. So, if we have people of different nationalities in the company, each of them can hear the announcements in their native language.

• Select User Directory – User directory settings. Leave the default setting, PBX Internal Directory. The second option, Property Management, is used in hotels where specialised functions like guest check-in and check-out, wake-up calls, reservations, mini-bar, etc., are required. We will not cover this topic in this article as it is too extensive.
• Link to a Default User – By default, the user is assigned to the given Extension. Select a user with the ‘Linked’ option.
• Username – The username will be assigned automatically, or you can create your own by clicking on Use Custom Username.
• Password For New User – The password assigned to the user.
• Groups – The groups to which the user belongs.

Voicemail Tab

Let’s now discuss the most important options in the ‘Voicemail’ tab, where we can manage the voicemail settings for this specific Extension.

• Enabled – Enables or disables the voicemail box for this Extension.
• Voicemail Password – The password needed to listen to saved voicemail messages.
• Require From Same Extension – Disables the need to enter a password if you are checking voicemail for the Extension from which you are currently calling.
  • Explanation: From any telephone in our network, we can listen to voicemail messages not only for the number we are using but also for any other number, as long as we know the voicemail password.
    1. Dialling *97 lets you listen to saved messages for the telephone you are using. The ‘Require From Same Extension’ option can disable the need to enter a password.
    2. Dialling *98 followed by the Extension number lets you listen to messages from another Extension’s voicemail box, but you will always have to provide the password.
• Email Address – The email address to which notifications about new voicemail messages will be sent.
• Email Attachment – If you enable this option, the recorded voice message will be sent as an attachment with the email notification.
• Play CID – Information about the message sender will be included with the message.
• Play Envelope – Information about the time and date the message was left will be included with the message.
• Delete Voicemail – Enable this option if you want FreePBX to delete the voicemail message from your Extension after it has been emailed to you.

Note: Be aware that FreePBX does not check if the email with the message has reached you before deleting it from the voicemail box. If for some reason the email with the recorded message does not arrive, you will not be able to listen to the message, and you may not even know that a client recorded any message for you.

• VmX Locater – This is quite an interesting feature. We can record a personalised greeting for our voicemail, and the caller will be able to choose one of three options. For example, they could connect to the main telephone in the company (e.g., at reception), or they could forward the call to another Extension or to a mobile number. Correctly configuring this function is time-consuming and will not be covered in this article.

Find Me / Follow Me Tab

Imagine a situation where you are often away from your desk, in another part of the company, or out of the office. You can configure the Find Me/Follow Me function to sequentially ring a set of internal or mobile numbers to try and find you. You can configure this function according to dates and times using a Microsoft Outlook, CalDAV, or Apple iCal calendar. The configuration of this function is beyond the scope of this article, so I will try to write a separate article specifically for the Find Me/Follow Me feature.

Advanced Tab

The Advanced tab contains a variety of different functions. There are too many to discuss in one article, but there is one interesting option worth mentioning:

• Max Contacts – By default, you can only connect one telephone to a single Extension. With this option, you can set how many different devices can have the same internal number (Extension number). You can set any number of internal telephones (including SoftPhone applications installed on smartphones) with the same number, which will ring simultaneously. But there’s a catch: to configure several telephones with the same Extension number, you must configure them using the End Point Manager application. In the free version, you can only configure telephones from Sangoma (formerly Digium). A list of supported models can be found in the Other tab. The End Point Manager Pro version, which currently costs $199, allows you to configure multiple devices from other manufacturers with the same number.

Pin Sets Tab

In the FreePBX Asterisk settings, you can block certain calls with a PIN code, for example, calls abroad or to expensive premium-rate numbers. If we have set up such a PIN lock, by enabling the Pinless Dialing option for an Extension, calls from that number will not require a PIN to be entered. We will discuss this issue in more detail another time.

Bulk Editing Settings – Bulk Handler

Bulk Handler doesn’t strictly relate to Extensions, but it’s worth mentioning this feature because it makes life much easier. If you have a dozen, several dozen, several hundred, or more Extensions and you need to change one setting in each of them, changing it in each Extension separately can take a very long time. You can do it much faster using Bulk Handler. With this function, you can export all Extensions to a CSV file, which you can conveniently open and edit in an application like Microsoft Excel. Changing one function for all Extensions will take a few seconds instead of several hours. After editing the file, you can import it back into FreePBX with a single click and apply the changes. Isn’t that simpler?

Using Bulk Handler, you can edit not only Extensions but also many other options. To launch this application, click Admin > Bulk Handler.

Summary

In this article, you have learned how to create and edit Extensions, which is an essential step to later connect them with VoIP telephones. You also now know how voicemail boxes work.

The importance of a backup is only truly understood by those who have had to recover files from damaged data storage. Server administrators fall into two categories: those who perform backups, and those who will start performing backups. In this article, we will learn how to create backups locally, on an FTP server, on Dropbox and Amazon S3, and how to send them to an email address and via SSH.

Settings -> Filestore

First, let’s navigate to Settings -> Filestore. In this window, there are several tabs, depending on where we want to store our backup files.

Settings -> Filestore -> Local

We will start by creating a backup locally on the hard drive where your FreePBX system is installed. A local copy is useful when you want to test various FreePBX settings and are concerned that changing them might cause your telephone exchange to stop working correctly. However, remember that in addition to local copies, you should also create backups that are sent remotely to an FTP server, Dropbox, etc. A local backup will be useless if the hard drive on which FreePBX is installed fails.

Go to the Local tab and click the Add local path button. A new window will appear where you need to enter:

• Path name: A name for your Filestore settings. It can be anything, for example, Local Copy.
• Description: Any description, for example, Local copy on the hard drive.
• Path: The path on the hard drive where the backups will be stored. We can use variables suggested by FreePBX. For example, the variable __ASTSPOOLDIR__ (remember the double underscores before and after) represents the /var/spool/asterisk/ folder. We can add backup at the end, so we know the files in this folder are backups. Therefore, entering __ASTSPOOLDIR__/backup is exactly the same as /var/spool/asterisk/backup.

Finally, confirm the changes with the Submit button.

Settings -> Filestore -> FTP

If you have access to an FTP server, you should definitely use the option to send backups to it. This significantly increases the security of your FreePBX telephone exchange. If you only make local backups, in the event of a hard drive failure, all local backups will also be lost. If you don’t know how to set up an FTP server at home, you can purchase affordable server space in the cloud, for instance at Zetohosting, where you will also get FTP server access as part of the hosting package.

First, in the Filestore window under the FTP tab, we will enter the settings that will allow us to log in to the server. Click the Add FTP Instance button and fill in the required fields in the new window:

• Enabled: This button enables or disables the data store.
• Server Name: Any name for your data store.
• Description: Any description.
• Hostname: The IP address of your FTP server, or the domain name.
• Port: The port on which your FTP server operates.
• Use TLS: If your FTP server requires SSL/TLS encryption, enable this option.
• Username: The username for the FTP server.
• Password: The password.
• Filesystem type: If you know the operating system of your FTP server, select the appropriate option. If you are unsure, select Auto.
• Path: The access path where backups will be saved. Note: provide the full path (starting with /), otherwise your Filestore will not work.
• Transfer Mode: Choose Active or Passive mode for your FTP server.
• Timeout: The inactivity time in seconds after which the connection to the FTP server will be terminated.

You should receive all the necessary data to configure the FTP connection from your FTP server provider.

Admin -> Backup & Restore

Once we have created a location to save the files, we can go to the Admin -> Backup & Restore window. In the Backup tab, click Add Backup to configure a new backup. For my needs with FreePBX, I usually set up monthly and weekly backups, keeping the last three weekly copies and one from each of the last three months. Of course, there is nothing stopping you from creating daily or quarterly backups. It all depends on how much hard drive space you can allocate for backups. Let’s start by setting up monthly backups.

Basic Information

• Backup name: Any name, for example, Monthly Copies. (It’s worth avoiding special characters in the name. I’ll explain why shortly.)
• Backup Description: Any description, for example, Keep copies from the last 3 months.
• Backup Items: Here you choose which FreePBX modules should be included in the backup. A good starting point is to back up all modules, so don’t change anything here.
• Custom Files: If you have manually copied any files to your FreePBX (for example, via FTP) and they are stored outside the FreePBX/Asterisk folders, and you want them to be included in the backup, you must tell FreePBX where they are located. If you haven’t copied any additional files, you don’t need to worry about this.

Notifications

• Notification Email: Your email address to which notifications about completed backups or errors during backup creation will be sent.
• Inline Logs: Includes logs from the backup process in the email message.
• Email Type: Sends an email notification only if the backup was successful (Success), ended in an error (Failure), or in both cases (Both).

Storage

• Storage location: Here we select the location—which we created earlier in the Filestore window—where our backups will be stored. In our case, it will be Local Copy.
• Append Backup Name as a directory to the Storage path: If you enable this option, an additional directory with the name of our backup will be created in the directory where our backups are saved (in our case /var/spool/asterisk/backup/). In this instance, it would be Monthly Copies. This helps to keep the backups organised and makes it easier to find the one you need in case of a failure. This is why I mentioned earlier to avoid diacritical characters in the name, to prevent character encoding issues.

Schedule and Maintenance

Here we set whether we want backups to be performed automatically at scheduled intervals.

• Enabled: Enables the backup schedule.
• Scheduling: Sets the frequency of the backups. We can set it to run hourly, daily, weekly, monthly, or yearly.

Maintenance

In this section, we set how many copies we want to keep on the disk and when unnecessary copies should be deleted.

• Delete After Runs: Here we set the number of recent copies we want to keep. In our case, we want to keep the last 3 copies. All copies over three will be deleted. If we set it to 0, copies will not be deleted at all.
• Delete After Days: We can also set a time after which copies will be deleted, regardless of how many copies we have. I suggest setting this to Unlimited.

Note: If we set the first option to 0 and the second to Unlimited, the copies will never be deleted. As backups can be large, you might find that you quickly fill up your disk space.

Hooks

Here you can set what the computer should do before or after performing or restoring a backup. For example, after a backup, you can compress the files or transfer them to a remote server. You can also copy the backups to a connected USB stick—for this, you can mount it in this window before the backup is made. If you haven’t written scripts in Linux before, you don’t need to worry about this.

Warm Spare

If our FreePBX telephone exchange serves a large company and you cannot afford any downtime, you can install a second FreePBX server that will be synchronised with the main exchange. In the event of a failure, you can quickly switch your telephony to the backup FreePBX server. If you do not have two FreePBX servers, you can skip these options.

Save

Finally, we save our settings with the Save button.

Manual Backup Execution

After saving the settings, you can check if the backup is performed correctly by running it manually. To do this, press the arrow button as shown in the image below.

If all settings are correct, you should see the message “Finished created backup file” in the program logs.

To be extra sure that the backup was created, you can log in to the FreePBX console via SSH and check the backup save path, which in our case will be /var/spool/asterisk/backup/.

Navigate to the backup directory with the command cd /var/spool/asterisk/backup/ and list the contents of the directory with ls. As you can see in the attached illustration, an additional subfolder Monthly-Copies has been created. Open this folder with the command cd Monthly-Copies and list its contents with ls. As you can see, the backup file has been created correctly inside this directory.

[root@creativeart ~]# cd /var/spool/asterisk/backup/
[root@creativeart backup]# ls
Monthly-Copies
[root@creativeart backup]# cd Monthly-Copies/
[root@creativeart Monthly-Copies]# ls
20230218-085312-1676710392-16.0.33-1234817093.tar.gz
[root@creativeart Monthly-Copies]#

Admin -> Backup & Restore -> Restore

After creating our first backup, we should be able to see it in the Restore tab. Next to each backup, there is an Actions window where we can restore the backup, download it to our computer’s hard drive, or delete it. After downloading the copy to your computer, you can re-upload it to the server in the Upload your restore files window by clicking the Click to upload a backup file button.

To use the Restore from the cloud option, we must first configure Filestore to have access to cloud file storage services.

Summary

You now know how to automatically create and restore backups both on a local disk and on a remote FTP server. Now, in the event of any failure, you can easily restore your FreePBX telephone exchange to working order.

By default, the FreePBX administration page operates on the unencrypted port 80 (HTTP). This means that all data, including usernames and passwords, is transmitted in plain text, making it easy to intercept, even by amateur hackers. While this may not be a significant issue if you only intend to manage your telephone exchange within a local LAN (provided no unauthorised individuals have access to your network), it is essential to encrypt the transmitted data if you plan to access the FreePBX dashboard from the internet. This can be achieved using a free Let’s Encrypt SSL certificate and the encrypted HTTPS protocol.

Furthermore, certain services will not function without a valid SSL certificate installed, such as WebRTC, Sangoma Zulu, Sangoma Connect, or Clearly Anywhere.

Initial Configuration

To begin, navigate to Admin -> System Admin, and then select Port Management from the right-hand menu.

As you can see in the illustration below, the Let’s Encrypt option is disabled. If you attempt to enable it by switching communication to port 80, you will encounter an error because port 80 is already in use by the Admin service. To resolve this, change the Admin service port to a different one, for example, 8080, and then try enabling Let’s Encrypt again. Click Update Now to apply the changes.

Connectivity -> Firewall -> Services

Go to Connectivity -> Firewall, and from the right-hand dropdown menu, select Services. In this window, you will notice that the Let’s Encrypt service is managed by “Responsive LetsEncrypt Rules”. While you could theoretically disable this and manage the service manually, the recommended approach is to allow “Responsive LetsEncrypt Rules” to continue managing it.

Admin -> Certificate Management

Navigate to Admin -> Certificate Management to manage your certificates. The illustration shows that a self-signed certificate is currently installed. To install a new Let’s Encrypt certificate, click New Certificate, and then select Generate Let’s Encrypt Certificate.

In the new window that opens, fill in the following fields:

• Certificate Host Name: If you have purchased your own domain, enter it here.
• Owner’s Email: Enter your email address.
• Country: Your country.
• State/Province/Region: Your county or region.
• Alternative Names: Alternative Fully Qualified Domain Names (FQDNs) that must be correctly configured on your DNS servers. If you are unsure what to enter here, leave this field blank.
• Challenge Over: The port on which Let’s Encrypt will automatically renew the certificate.
• Remove DST Root CA X3: This removes the X3 certificate from the chain, which can cause issues on older browsers.

Finally, click Generate Certificate to create the certificate.

Once you receive confirmation that the certificate has been created, you must set it as the default for your exchange. To do this, click the green tick in the Default column.

To complete the installation, go to Admin -> System Admin, select HTTPS Setup from the right-hand menu, and go to the Settings tab. In the Certificate Settings window, select your newly created certificate and click Install. After installing the SSL certificate, you must restart the Apache server by clicking Save and Restart Apache.

After refreshing the page, you should see a notification in the address bar indicating that your certificate is valid and the connection to your site is encrypted.

Summary

Prioritising the security of your servers is paramount. With Let’s Encrypt, you can secure your FreePBX Asterisk telephone exchange with a secure SSL/TLS protocol, free of charge.

Now that FreePBX Asterisk is installed, it’s time to take a few more steps. I will show you how to update the system and modules from the browser’s GUI, as well as using SSH. We will also check the network and SIP settings. Let’s get started.

Applying the Configuration

Important: After changing many FreePBX parameters, you will need to apply the configuration. Without this, the changes will not be saved. When a parameter change requires saving these settings, a red “Apply Config” button will appear in the top right corner. Only after clicking it will the changes take effect. However, remember that if you need to make many changes at once, you do not have to click this button after every function change. Only after making all the setting changes can you press this button to apply all changes at once.

Updates

For our telephone exchange to work efficiently and be secure, we must not forget about system and module updates. We can perform updates from a web browser, the terminal, or SSH. FreePBX updates can be divided into two types:

• Updating the Linux system on which FreePBX is installed. If you installed FreePBX from the ISO image from their official website, your exchange is based on the Sangoma Linux (SNG) operating system, which is based on CentOS and RedHat.
• Updating the FreePBX application and modules.

Updating from the Browser GUI

Before we start using our telephone exchange, it’s worth checking if the system and all our exchange’s modules are up to date. To update the modules, log in to your FreePBX in your browser, then click the “Admin” button at the top of the page, followed by “Updates” and “Module Updates”.

To start the update process, click “Upgrade all,” and then “Process.” A new window will appear with a list of modules requiring an update. To confirm, scroll down and click “Confirm.”

A pop-up window will appear with the progress status. It is important to wait patiently for the update to finish and not to refresh the window.

Note: The problem with updates via the browser GUI is that if dependencies between modules and applications are not met, some modules may not update on the first attempt. Therefore, repeat these steps until all modules and applications are updated.

Updating System Files

Updating system files is done similarly to updating modules, but system file updates require activation. If you haven’t done it yet, go to the “Admin” tab, “System Admin,” then click “Activate” and fill out the activation form. Activation is completely free.

After activation, go to the “System Updates” tab and click “Check online” and “Update system.”

Updating Modules and System from SSH

In my opinion, updating FreePBX from SSH is faster and more convenient, especially since after installing FreePBX Asterisk, SSH is already installed by default. If you are using macOS or Linux, simply launch the terminal and type:

ssh root@your_freepbx_ip_address

So, in my case:

ssh root@192.168.1.178

If you are logging in via SSH for the first time, you will be asked to approve the SSH key – just type “yes.”

If you are using Microsoft Windows to log in via SSH, you will need to download additional software, for example, PuTTY, SolarPutty, Xshell, or many others.

Updating the Linux System

After logging into FreePBX via SSH, just type the command yum upgrade and after refreshing the packages, confirm with the ‘y’ key.

This method of updating via SSH is much faster than updating through the browser GUI, as all modules and applications are updated simultaneously.

Updating FreePBX Application and Modules – fwconsole

fwconsole is an extremely useful application available from the FreePBX console or via SSH. It allows you to perform and restore backups, update modules, manage certificates, calendars, contacts, and much more. The available options for this application are numerous, but the most useful is moduleadmin, invoked by the command fwconsole ma, which has many available sub-options. For example, the command fwconsole ma upgradeall allows for a quick update of all modules. It is worth getting acquainted with the complete documentation of the fwconsole application on the manufacturer’s website.

Admin – Updates – Scheduler and Alerts

In the “Scheduler and Alerts” tab, you will find several useful settings. In the “Email Address” field, you can enter your email address to receive notifications about available updates. The other options are:

• Automatic System Updates
• Automatic Module Updates
• Automatic Module Security Updates
• Send Security Emails For Unsigned Modules
• Check for Updates every – When to check for updates.

I suggest setting automatic updates only for critical security patches, and for other updates, set it to only send email notifications, as in the example below. Every update is an intervention in the Linux operating system and, like any software intervention, carries the risk of damaging the system or causing unforeseen application behaviour. Therefore, I allow automatic updates for critical security patches, but I prefer to install other updates manually after making a backup.

Admin – Updates – System Updates

In the “System Updates” tab, you can update your Linux operating system on which FreePBX is based. First, you should click “Check Online” so that FreePBX can refresh the information about available system updates.

Firewall

Securing your FreePBX system is extremely important. There are many people in the world who use scripts to scan unsecured SIP ports to gain access to telephony used in companies. The Firewall installed in FreePBX is a really effective tool for securing our system against unauthorised access, but it requires proper configuration.

Network Settings – Firewall

To begin, we will set up secure networks and IP addresses from which we will connect to our FreePBX. Go to “Connectivity,” then “Firewall” -> “Networks.” In this window, you can set the IP address of the computer, phones, and devices from which you will be connecting, or you can add your entire local network to the firewall exceptions at once.

Note: In the network settings, you have several options to choose from, including “Local” and “Trusted.” How do they differ?

• Local: In this zone, only ports used by FreePBX are open. You can add your IP phones to this zone.
• Trusted: Devices added to the “Trusted” zone completely bypass the firewall on any port. Only add truly trusted devices as “Trusted.” For example, your private computer from which you connect to FreePBX via SSH must be added to “Trusted” because the SSH port is not open in the “Local” zone.

Note: You must enter IP addresses in CIDR format. If you are not sure how to do this, familiarise yourself with the article on this topic on Wikipedia. In short, if you want to add a single IP address of a device to the zone (e.g., 192.168.1.21), add a slash and the number 32 at the end of the address. It will then be 192.168.1.21/32. If you want to add all 256 IP addresses of your local network, then after the IP address (ending with the number 0), add the number 24. For example, you add all IP addresses from the range 192.168.1.0 to 255 by entering: 192.168.1.0/24.

Network Settings and Dynamic IP Address – Firewall

If we manage and log in to our FreePBX exchange exclusively on the LAN, we can easily set up static IP addresses. But what if we log in to FreePBX over the Internet, and our provider assigns us dynamic (variable) IP addresses? Then we can use something called DynamicDNS (DDNS). Dynamic DNS changes our variable IP address to a constant hostname. There are many free DDNS providers, for example, Dynu. After registering, we will get a constant hostname for our computer, which we enter in the “Networks” tab instead of the IP address.

Dynamic IP Address – Responsive Firewall

If we have dynamic IP addresses, instead of DynamicDNS, we can use the Responsive Firewall. How does it work?

The Responsive Firewall allows devices from any IP address to send a small data packet to authorise the device – for example, sending a login and password, or a key. If authorisation fails within this short time because, for example, a person trying to break into our server does not enter the correct login and password, then that IP address is temporarily added to the blocked list. After some time, this IP address will be unblocked. If the attacker tries to break into our FreePBX exchange again, then this IP address will be blocked for a little longer, and if the attacks continue, even longer, and so on.

If you have dynamic IP addresses, enabling the Responsive Firewall is a very good idea because it handles Brute Force attacks really well. However, if you have static IP addresses, disabling the Responsive Firewall is even safer, as all untrusted IP addresses will be automatically blocked.

Interface Settings – Firewall

For all the settings in the “Networks” tab to make any sense, make sure that the interface (it will most likely be the eth0 interface for you, unless you are using a WiFi card) in the “Interfaces” tab is correctly set to the “Internet” zone. If you set your interface to the “Trusted” zone, for example, then all the rules saved in the “Networks” tab will be ignored because the “Interfaces” tab has priority over the “Networks” tab.

If you do not have a hardware firewall that would manage the opening and closing of your FreePBX ports, leave the interface in the “Internet” zone.

I’ve blocked my ports and can’t get into FreePBX!

Sometimes, through carelessness, you can block the IP of your own computer from which you connect to FreePBX. Then you will not be able to log into the administrative cockpit of your telephone exchange. The FreePBX developers foresaw such a scenario and there is an easy way to fix it. All you have to do is restart your computer with the FreePBX system twice within five minutes, and the Firewall will be disabled for 5 minutes so you can unblock the IP addresses you need.

Firewall – Context Menu

While on the Firewall page, on the right side of the screen, we have access to a context menu. We will find a lot of useful information and settings there. For example:

• Status – here we will see statistics of addresses blocked by the Responsive Firewall.
• Services – here we can manage SSH, HTTP, HTTPS, Samba, FTP services and many others.
• Advanced – here you will find information about the ports used by FreePBX, and an explanation of how the individual firewall zones work.

System Admin

By clicking on “Admin” and then “System Admin,” we will be taken to a window where we can manage the most important FreePBX settings. On the right side of the screen, a frame with individual system settings will appear. You can also purchase the System Admin Pro version, where you will have a few additional functions:

• DDNS – built-in Dynamic DNS server.
• Email setup – convenient management of the mail server from the browser.
• Provisioning protocols – management of the FTP and TFTP server.
• DHCP server – management of the DHCP server that assigns IP addresses on our network.
• UPS server – you can enter the parameters of your UPS, if you have one, so that FreePBX can shut down correctly in the event of a power failure.
• Support VPN – useful if you need IT support and want to provide them with a secure tunnel to your FreePBX so they can fix any faults.
• VPN server – built-in Virtual Private Network server.

Activation – System Admin

If you have not yet activated your FreePBX, it is worth doing so. You can find more on this topic in the previous part of our guide: FreePBX installation of your own telephone exchange part 1.

DNS – System Admin

The DNS system allows you to convert human-friendly website addresses (for example, https://phonesrescue.co.uk) into computer-understandable IP addresses: for example, the IP address of CloudFlare servers: 172.67.160.126.

There are many different DNS servers, for example:

• 1.1.1.1 – CloudFlare
• 1.1.1.2 – CloudFlare
• 1.0.0.2 – CloudFlare with malware protection
• 8.8.8.8 – Google
• 8.8.4.4 – Google
• 208.67.222.222 – OpenDNS
• 9.9.9.9 – Quad9

Remember to add at least two different DNS servers. In the event of a failure of one of them, the other will take over the duties of converting www addresses to IP addresses. It is worth remembering that the choice of an inappropriate DNS can affect the speed and performance of our FreePBX. If we choose some exotic DNS server at the end of the world, it may slow down our exchange. If you are not very familiar with DNS servers and do not have any of your own trusted servers, choosing one of the DNS servers listed above is a good solution.

Intrusion Detection – System Admin

You also have access to Intrusion Detection from the Firewall level, as it works on a similar principle. It detects login attempts, for example, via SSH. But how does it work exactly? Look at the picture below. If you enter the wrong password 8 times (Max Retry) within 600 seconds (Find Time), you will be blocked for 1800 seconds (Ban Time). You can freely modify the individual parameters as needed. If you enter your address in the e-mail field, you will receive a notification after an IP address is blocked. In the Whitelist field, you can enter the IP addresses of your trusted private computers, then they will not be blocked regardless of how many times you enter the wrong password.

Network Settings – System Admin

In this window, you can set a static IP address for your FreePBX on the local network. Be sure to do this so that after a power failure at home or in the office, your FreePBX telephone exchange will still have the same IP address. However, when entering a static IP address, pay attention that it is outside the pool of addresses assigned by your router’s DHCP server. Otherwise, after a power failure, you may have IP address conflicts on your network. If you have changed the IP address and confirmed the changes by clicking “Save interface,” remember to enter the new IP address in the browser window.

Hostname – System Admin

The hostname is the name of your FreePBX server visible on the local network. The default name is freepbx.sangoma.local, but there is nothing to prevent you from changing it to your own name. Just remember not to have spaces in the name; it will be safest to use dots, for example, CreativeArt.FreePBX. After clicking “Update Hostname,” from now on, instead of the IP address on the local network, you can type CreativeArt.FreePBX.

PNP configuration – System Admin

PNP configuration is only useful if you use IP phones from Sangoma. This allows for the detection of these phones and their automatic configuration. If you do not have any Sangoma phones, you can safely disable this unnecessary option.

Time Zone – System Admin

Be sure to set the correct time zone. Imagine a situation where your company is open from 8:00 to 17:00 and during these hours FreePBX normally connects calls, and outside of working hours it informs callers that you are already closed and records calls on voicemail. What will happen if your company is in Poland, and in FreePBX you have the time zone set to Australia? Then FreePBX will redirect all incoming calls to voicemail during business hours, and at night the phones will ring. You probably wouldn’t want that, would you? That is why it is so important to set the correct time zone. Our company is located in Great Britain. If your company is located in Poland, set: Europe – Warsaw.

Note: If you have changed the time zone, simply confirming the changes with the “Submit” button is not enough; you must restart the FreePBX system for the changes to take effect. You can do this via “System Admin” – “Power Options” – “Reboot.”

Summary

In this part, we discussed the most important functions of FreePBX, activated the system, updated the system and modules, and also initially secured our system with a firewall. We will discuss the remaining functions in the next instalments.

FreePBX Installation

Do you own a business and dream of recording all your calls, greeting customers when they ring your company, transferring them to other internal numbers, having a voicemail service for when the business is closed, and forwarding calls to a mobile, all for practically nothing? It couldn’t be simpler! The free telephone exchange, FreePBX, allows you to do just that, and you can install it on a standard computer in your office.

FreePBX is a professional telephone exchange that automatically records incoming and outgoing calls to the computer’s hard drive. This is an incredibly useful feature for any business.

All you need is a VoIP desk phone, a landline number, and after a brief configuration, your telephone exchange will be ready to go. We invite you to follow our series of articles on the installation and configuration of FreePBX, which is based on the Asterisk software telephone exchange. Let’s begin!

FreePBX Asterisk can be installed on virtually any computer or laptop, as well as on a hosting service. Here, we will focus on installing it on a computer within your company. Remember, for such an exchange to be effective, the computer must be permanently switched on and connected to the network, ideally with a static IP address.

To install FreePBX, a computer with the following specifications is sufficient:

• Single-core processor
• 2GB RAM
• 20GB disk space

However, if your company intends to handle several internal phones simultaneously and record calls over a longer period, it is worth investing in an Intel i5 processor, 4GB of RAM, and a 120GB hard drive. In our company (Phones Rescue Ltd), FreePBX Asterisk runs as a virtual machine on a server, but a mini PC would also work perfectly well. They are quiet and energy-efficient, which is significant for a machine that needs to run 24 hours a day.

Downloading the FreePBX Asterisk ISO Image

Let’s start by downloading the FreePBX Asterisk ISO image from the manufacturer’s website. Go to the FreePBX website and click on ‘Download’ at the top of the page. Select the latest available stable version and click ‘FULL ISO’.

Preparing the USB Drive

You need to install the downloaded ISO image onto a USB drive and make it bootable. You can do this using an application like Rufus (for Windows) or Balena Etcher (for Windows, macOS, Linux). Both applications are free. An 8GB USB drive is sufficient for FreePBX. I work on macOS, so I will use Etcher to create a bootable USB drive, but using Rufus is also incredibly simple and you should have no trouble with it. Launch Balena Etcher, click ‘Flash from file’, then select the USB drive where you want to place the FreePBX Asterisk installation by clicking ‘Select target’, and finally, click ‘Flash!’

Warning! The entire contents of the selected USB drive will be deleted. When clicking ‘Select target’, make sure you have chosen the correct USB drive for the FreePBX Asterisk installation. If you accidentally select another drive or a USB stick containing important data, you will lose it permanently!

Installing FreePBX Asterisk on the Hard Drive

Once you have the USB drive with the FreePBX Asterisk installation ready, it’s time to install it on your computer’s hard drive. Insert the prepared USB drive into a free USB slot and start the computer. If the FreePBX Asterisk installation does not begin automatically, you will need to enter your computer’s BIOS and change the boot order of the drives. We cannot help you with this step, as these options depend on the specific model and brand of your computer. If you are unsure how to do this, check the user manual for your computer or laptop.

Choose the Asterisk Version

Select one of the available Asterisk versions. If you have no experience with FreePBX, we suggest choosing the version recommended by FreePBX.

Choose the Graphical Mode

If you are installing FreePBX on a local computer, select ‘Graphical installation – Output to VGA’.

Choose the FreePBX Version

In the next window, you cannot select any option other than ‘Standard’, so simply press Enter.

Create the Root User Password

You will not be able to continue the installation without creating a password for the ‘root’ user. Click ‘ROOT PASSWORD’.

Create a Strong Password

It is essential to create a password that is difficult to break. Otherwise, your telephone exchange could be hacked, and believe me, you do not want that. Someone with root privileges could, for example, redirect all your company’s phone calls to their own number, listen to all recorded conversations, change any settings, or even completely delete your telephone exchange along with all the recordings. So, I will repeat: CREATE A STRONG PASSWORD FOR THE ROOT USER. Finish creating the password by clicking the ‘Done’ button in the top left corner.

Wait for the Installation to Finish

After creating the root password, you can wait for the installation to complete. This will take several, or even several dozen, minutes depending on the processing power of your computer, the transfer speed of your USB drive, and the speed of the USB port. If your USB drive is version 3.0 and your computer has USB 3.0 ports, be sure to use one, as this will significantly speed up the installation. You can monitor the installation progress on the bar at the bottom of the screen.

System Restart

After the installation is complete, you will see a ‘Reboot’ button. Before you click it, remove the USB drive from the USB port.

First Login

After the restart, log in to the system by entering ‘root’ as the username and providing the password you created during the installation. After logging in, you will see the IP address of your FreePBX telephone exchange. For now, this is an IP address obtained automatically from a DHCP server, which we will later change to a static IP address. Enter the provided IP address into your web browser’s address bar. In my case, it is 192.168.1.178.

Initial Setup

To begin, we need to create a user with administrative rights for FreePBX settings. Provide an email address to which system notifications will be sent, for example, if someone leaves a message on the voicemail – ‘Notifications Email address’. In the ‘System Identifier’ field, enter a friendly name for our telephone exchange. The ‘Automatic Module Updates’ option allows you to enable automatic system updates. To finish, click ‘Setup System’.

Free Activation

To take full advantage of the FreePBX telephone exchange, we suggest activating the system. Activation is free and only takes a moment. Click the ‘Activate’ button to begin the activation process.

Language Selection

In the next window, you will be able to select the system language.

Firewall Settings

In the next window, you will proceed to the firewall settings. Do not skip this step, as hackers are very keen on breaking into unsecured telephone exchanges. The firewall will allow you to effectively secure your telephone exchange against most attacks completely automatically.

Firewall – Trusted Computer

If the computer you are currently using is trustworthy and inaccessible to unauthorised individuals, you can add it to the trusted list.

Firewall – Trusted Network

If all computers on your local network are trustworthy and inaccessible to unauthorised individuals, you can add the entire local network to the trusted list.

Responsive Firewall

The Responsive Firewall is an extremely useful option, and we suggest you enable it. How does it work? Well, if an unknown client (VoIP phone, computer, exchange) tries to log in to our telephone exchange (which is sometimes necessary, for example, when we have added a new, unknown phone to our network), it is initially allowed. Only after sending initial packets is the machine asked to log in. If the login attempt fails, the computer is then temporarily blocked for a short period. With each subsequent failed login attempt, the block time increases, until the 50th attempt, at which point the client’s IP address is permanently blocked.

Firewall – Telephone Exchange Behind NAT

If the FreePBX telephone exchange has been installed on a computer within a local network, you must enable this option. Furthermore, if your external IP address is dynamic (ask your internet provider about this), you will need to configure a DDNS service.

Summary

Your FreePBX telephone exchange has now been installed, initially configured, and secured with the firewall. In the following guides, you will learn, among other things, how to configure your first VoIP phone, how to set your company’s opening hours, and how to configure a welcome greeting for your calling customers.