Saturday, April 27, 2013

Modifying transfer contexts in FreePBX 2.10 higher or lower, and applying restrictions

(Image copyright PizzaHut Malaysia, QSR Brands)

Few days back, we dealt with a challenge to lock down phones in a callcenter of PizzaHut Malaysia. That was easy, we fired up a specialized context which I developed that uses Device User Mode based restriction. (If you wanna know more, about that, write me!). Now, we had a daunting task of getting the same kind of restrictions applied to user who perform transfers. By default, transfers are applied using the context “from-internal-xfer”. This is previously definable in FreePBX Advance settings, somehow it is now not available through the GUI. We had to make the same kind of restriction to those doing transfers too, so what we had to do, using Adminer (GUI database manager), look for a value in DB asterisk, table freepbx_settings called “from-internal-xfer”, for freepbx 2.10, look in asterisk DB, table, Globals, we changed that to “from-internal-xfer-phm”. Now, we forked the context out into our own little coding like here. Do note, after making changes in the DB, you need to make a change in the FreePBX gui, somewhere, and hit on the “Apply Config” button to materialize these changes.

To verify, run # asterisk –rx “dialplan show globals” and it should show you “TRANSFER_CONTEXT=from-internal-xfer-phm” or whatever you’ve called it.

Now that we are able to control transfers using our own context, we had to do it right and properly not to break other transfer functions with those whom are not bound by these restrictions.

In this example below, I have agents in Device Usermode, logged in as a 6XXX extension. What we are required to do is to not allow transfers using phone (button transfer) or even Asterisk code *2. Now, with the phone we had to modify the Asterisk SIP Setting and add a value like below, in the other SIP Setting;

allowtransfers=no

That fixed the phone transfers, no one can use transfers using SIP invites anymore directly. Cool.! Now, we force users to use *2 instead and when that code is pressed, the calls are being thrown to context [from-internal-xfer-phm]

In this context below, if any calls originating from 6XXX, retrieved from variable “PICKUPMARK” and is doing a transfer, looking at variable “TRANSFERNAME” which basically is populated when # transfers happen; we perform a soft hangup when those conditions are met, like below, otherwise, all others, we send back to the normal from-internal context, and basically allowing them to transfer it to wherever they like. , using this, you are free to write further more complex conditions as you please.

[from-internal-xfer-phm]
exten => _[4-6]XXX,1,ExecIf($["${PICKUPMARK:0:1}" = "6" & "${TRANSFERERNAME}" != "" ]?SoftHangup(Local/${EXTEN}))
exten => _X.,1,Goto(from-internal,${EXTEN},1)

 

Notes on the context above:

1) We catch calls in transfers made that start with digits 4 to 6, to digit “6” i.e. the call center agents. (We don’t want callcenter agents to call each other or in this case, transfer calls to each other)

2) It must be a transfer, i.e. must have the value TRANSFERNAME populated with something (With the two conditions above met, we do as below…, softhangup)

3) We softhangup the destination, i.e. EXTEN, causing the call to come back to the transferee

 

Have a good weekend folks!

Thursday, April 25, 2013

Asterisk –Debian based Asterisk 11, Freepbx 2.11 on VMware / Virtualbox (Asterisk VM/Asterisk Ready Virtual Machine)

Show some love,  do like our FB page www.fb.com/Astiostech |

[UPDATED: 03 FEB 2015]

Here’s a VMDK image to run a full featured Asterisk PaBX with FreePBX as the management UI using our default and secure install practices. No registrations, no username/password, no signing up for newsletter.

Get it from Sourceforge: https://sourceforge.net/projects/debianasterisk/[Select SWSterisk11 folder, then download the zip file therein]

 

After extracting, You either need VirtualBox or VMPlayer/VMWare or any Virtualization products that supports VMDK files or if you’re using Hypervisor, convert the image to VHD using MVMC from here.  This is to give you a feel of Asterisk with FreePBX without worrying about installation etc., its plug and play, literally. Just start up to your VirtualBox/VMplayer nd get it up and running in seconds. Go in to FreePBX and start creating extensions and enable other features. This image is free from any lockdowns or customizations that you cannot reverse or disable or enable as you wish. It is completely FREE from any personal restrictions. This image does not trace usage, or “dials home” or anything strange like that. Totally clean, totally lean and totally fast. It is functional and you can hook it up to a real production environment and you almost have a full fledge PBX, just add a Digium VoIP Gateway or another IP based PSTN.

IMPORTANT

  • While it is enterprise ready, it should rather be used for “playing” or “testing”….
  • DISCLAIMER: By using this VIRTUAL MACHINE IMAGE, i disclaim any sorts of liability whatsoever. What you do with this image is purely your choice/actions.
  • This is not "another disto", nothing proprietary, i don't claim any copyrights, just make it look and feel like its mine for fun, but of course any of those customizations can be reversed. All other trademarks are properties of their respective owners. All rights reserved.
Here’s some information about the VM image you just downloaded
  • It’s in ZIP compression, just get WinRAR or 7-ZIP to extract. After extracting, there should be one vmdk just mount the vmdk into VMWare/VMPlayer or Virtualbox and start the image
  • Username/password
  • OS
    - Username: root (the other non root user is swsterisk with same password as below)
    - Password: asteriskrocks (change this!)
  • FreePBX(admin), MySQL(root), AMI(admin): usernames and passwords;
    username: admin
    password: @steriskRocks1 (change this, here’s a good guide to start you off with http://www.freepbx.org/support/documentation/installation/first-steps-after-installation)
  • REMEMBER REMEMBER REMEMBER: CHANGE PASSWORDS!
  • The network adapter is set to auto on eth0.
  • Image needs at least 384M memory (or more if you have more)
  • All source files except kernel-headers are removed to save disk space for downloading, you need to download them manually
  • Be sure your image can access internet when starting otherwise NTP and EXIM will start slow, don’t blame me!

OS features/settings

  • Debian 6.0.7 64bit (Source AMD64 netinstall) – UPDATED, Bash Vulnerability Fixed with latest patch no33, SSLV3 disabled and Ghost Vulnerability fixed. All binaries are retrieved from Debian’s 6 LTS repos. So they are up to date.
  • The interface, extX, is set to use DHCP, so be sure to hook up DHCP or manually. In case you can’t bring the interface up, run #ifconfig –a . Then edit the file in /etc/network/interfaces and set all values to correspond to the interface shown when you run ifconfig –a (not loopback of course)
  • IPV6 disabled
  • MySQL backend (performance tuned)
  • Webmin installed but not started (# /etc/init.d/webmin start , then access using https://<ipaddress>:10000)  - UPDATED!
  • Apache as webserver with enforced HTTPS
  • MySQL administration with Adminer in https://<ipaddress>/dbmanager  - UPDATED!
  • DHCP and TFTP server downloaded, not installed
  • Firewalled with IPTables (be sure to see /bin/wallfire.sh) – UPDATED and fixed wallfire.sh script …can be stopped and started #wallfire stop #wallfire start
  • Time i.e NTP autosyncs with ntp.org daily, when starting and when stopping
  • Exim4 (mailserver) configured to relay, configure your email appropriately #dpkg-reconfigure exim4-config
  • fail2ban for Asterisk and SSH with enhancement to the log checking facility which includes asterisk security channel inside messages log (modify notification email here /etc/fail2ban/jail.conf) – UPDATED to 0.9.1!
  • Munin for monitoring in https://<ipaddress>/munin
  • Phpsysinfo for server information in https://<ipaddress>/phpsysinfo
  • Many CLI tools for troubleshooting like tcpdump, ntop, htop…
  • Astribank support [if ever u need it]
  • Removed VirtualBox OSE support to make it more cross platform compatible.
Asterisk features
FreePBX features
  • https://<ipaddress> to access FreePBX
  • FreePBX 2.11.0.38 (with only basic modules pre-installed) - UPDATED
  • Enhanced FreePBX security built in
  • SIP defaults to NAT yes (avoid all one way audio issue)
  • Security basic hardening in extensions
  • CEL support in FreePBX CDR
  • Enabled g729, speex and silk (enabled for IAX and SIP)
  • Most services are started with /etc/init.d/btelsvc

Additional reading

 

As usual do give me your feedback. ==> sanjay(the at symbol)astiostech.com

Thanks!
Sanjay Willie