PBX Settings – VitalPBX Wiki https://wiki.vitalpbx.org Learn how our latest VitalPBX version will enhance your business communication Sat, 16 Dec 2023 16:43:58 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.2 https://wiki.vitalpbx.org/wp-content/uploads/2023/11/cropped-vitalbpxwikiicon-8-32x32.png PBX Settings – VitalPBX Wiki https://wiki.vitalpbx.org 32 32 System General https://wiki.vitalpbx.org/wiki/pbx-settings/system-general/ https://wiki.vitalpbx.org/wiki/pbx-settings/system-general/#respond Thu, 09 Nov 2023 22:44:37 +0000 https://wiki.vitalpbx.org/?post_type=docs&p=540 There are various default configurations you can set for your VitalPBX. These are general system configurations. To set these you must go to Settings > PBX Settings > System General.

First, we have the General tab. Here we find the default Extension, Dial Plan, GUI, and Queues Callback Settings.
For Extensions, we can set the following default settings.

  • Default Language – This is the voice prompt language used for new extensions.
  • Devices Prefix – This is a prefix automatically added to device users.
  • Public Domain – This is the FQDN (Fully Qualified Domain Name) used for various
    URL settings. This will overwrite the hostname set for this installation.
  • Auto-Generated Passwords Length – This is the default length for auto-generated
    passwords.
  • Enable Voicemail – This is whether or not voicemail is enabled by default for
    extensions.
  • Enable Portal – This is whether or not the User Portal is enabled by default.
  • Create Hints – This is whether or not Hints are generated for new extensions. Keep in
    mind that enabling hints for all extensions can take a toll on system performance.
  • Email Credentials – If enabled, this will send the extension welcome email to new
    extensions.
  • Send Diversion Headers – If enabled, additional call diversion headers will be sent
    such as the different Call Forwards. Some SBCs might complain if these are enabled.

For the Dial Plan Settings, we can establish the following default settings.

  • Default Ring Time – This is the default time in seconds an extension will ring before
    going to voicemail or hangup.
  • Attended Transfer Timeout – This is the default time in seconds where a call is
    placed after the last digit is dialed for an attended transfer.
  • Transfer Digit Timeout – This is the default time in seconds between digits pressed
    during a call transfer.
  • Features Digit Timeout – This is the default time in milliseconds between digits for a
    feature during a call.
  • Recording Script – This is a custom script that can be run after a call is recorded.
  • Drop Attended Transfer Callbacks – When set to No, Asterisk will call the transfer
    initiator back after an early hangup if the transferred party does not answer the
    attended transfer.
  • Play Call Waiting Tone – When set to Yes a tone will play when an extension receives
    a new call while on an existing call.

Finally, we have the Show Add-Ons Menu for the GUI Settings, which will hide direct access to the Sonata Suite and VitXi from the login screen if it is set to No. And if you have the Queues Callback module installed, you are able to set the Search Frequency which is how often the Queues Callback will search for queued calls for a callback.

If you make any changes in this module, you can then Save and Apply Changes.

Next, we have the System Prompts tab. Here, you can change the voice prompts used when you have Do Not Disturb turned on, and the prompt that plays back when a blacklisted number calls your VitalPBX and you didn’t set a destination for blacklisted calls.

Once you select the sound recordings for these voice prompts, you can Save and Apply Changes.
Lastly, we have the System Directories tab, which will show you the directories for popular Asterisk locations.

  • Asterisk AGI Directory – /var/lib/asterisk/agi-bin
  • Asterisk Directory – /etc/asterisk
  • Asterisk Log Directory – /var/log/asterisk
  • Asterisk Modules Directory – /usr/lib/asterisk/modules
  • Asterisk Sound Directory – /var/lib/asterisk/sounds
  • Asterisk Spool Directory – /var/spool/asterisk
  • Asterisk Libraries Directory – /var/lib/asterisk

]]>
https://wiki.vitalpbx.org/wiki/pbx-settings/system-general/feed/ 0
RTP Settings https://wiki.vitalpbx.org/wiki/pbx-settings/rtp-settings/ https://wiki.vitalpbx.org/wiki/pbx-settings/rtp-settings/#respond Fri, 10 Nov 2023 15:29:18 +0000 https://wiki.vitalpbx.org/?post_type=docs&p=563 Next, we will take a look at the RTP Settings. These are found under Settings > PBX Settings RTP Settings.

If you require to change the RTP port range, these can be modified with the RTP Start and End fields. By default, these go from port 10,000 to 20,000. If you change these ports, make sure you also make the changes in the Firewall Services under Admin > Firewall > Firewall Services.

These fields can be left with their default values. You can enable or disable Strict RTP, and
RTP Checksums. We recommend you leave Strict RTP on for security purposes. If it is disabled, VitalPBX will not drop packets that come from any source that is not the source for the RTP stream. If you are using a STUN or TURN server you can enter the necessary information here.

Additionally, you can enable ICE Support in this module. If you are using an ICE server, you can enter your settings under the ICE Host Settings. Where the Local Address is a LAN IP Address, and the Advertised Address is a Public IP Address.

If you made any changes here, Save and Apply Changes.

]]>
https://wiki.vitalpbx.org/wiki/pbx-settings/rtp-settings/feed/ 0
CEL Settings https://wiki.vitalpbx.org/wiki/pbx-settings/cel-settings/ https://wiki.vitalpbx.org/wiki/pbx-settings/cel-settings/#respond Fri, 10 Nov 2023 15:48:19 +0000 https://wiki.vitalpbx.org/?post_type=docs&p=565 If you have a Starter License or any of our Licensing Plans, you automatically obtain extended features for your VitalPBX installation. One of these is the CEL events that you can see from the CDR module. These events can be modified in the CEL Settings module. To get there, we must go to Settings > PBX Settings > CEL Settings.

The first thing you will notice is that CEL will be disabled by default. This is why you might not see CEL events in the CDR. You can enable them so you can start logging the events. We have it disabled by default, since logging too many CEL events can fill your storage quickly if it is too small.

Here you can select the APPs and Events you wish to log for the CEL events. You can also change the Date Format using the strftime format.

You can then Save and Apply Changes.

With the CEL Events enabled, if you place a new call and check the CEL Events field in the CDR reports, you will now see information being logged.

]]>
https://wiki.vitalpbx.org/wiki/pbx-settings/cel-settings/feed/ 0
CDR Settings https://wiki.vitalpbx.org/wiki/pbx-settings/cdr-settings/ https://wiki.vitalpbx.org/wiki/pbx-settings/cdr-settings/#respond Fri, 10 Nov 2023 15:56:08 +0000 https://wiki.vitalpbx.org/?post_type=docs&p=567 If you are using a small server with a large number of calls per minute, alleviating the server usage is key. So, various optimizations can be made so your server is not fully loaded in peak time. One of these optimizations can be done with how the CDR operates with the CDR Settings.

In this module, you can enable Batch Mode for the CDR. With batch mode, instead of logging every call in the CDR as each call ends, the data will be stored in a buffer. The Max Batch Size is how many calls are stored in the buffer, and the Max Batch Time is how often in seconds the calls are transferred from the buffer to the CDR logs and Database.

Note: When Batch Mode is enabled, there is a risk of data loss after unsafe
Asterisk termination. For example, Power Loss, Software Crash, Kill -9, etc. So
keep this in mind when using this feature.

If you made any changes, you can Save and Apply Changes.

]]>
https://wiki.vitalpbx.org/wiki/pbx-settings/cdr-settings/feed/ 0
Mini HTTP Server https://wiki.vitalpbx.org/wiki/pbx-settings/mini-http-server/ https://wiki.vitalpbx.org/wiki/pbx-settings/mini-http-server/#respond Fri, 10 Nov 2023 15:59:14 +0000 https://wiki.vitalpbx.org/?post_type=docs&p=569 With VitalPBX, you can host an additional web application using the Mini HTTP Server.

This module is typically used with WebRTC applications such as VitXi, so you can refer to the VitXi manual for more information on its use with that add-on application..

By default, we use ports 8088 and 8089 for the HTTP and TLS Bind addresses. If you change these, make sure you also change it in the Firewall Services under Admin > Firewall > Firewall Services.

To use this mini HTTP server, you need to Enable HTTP, and if you are using a Certificate, you need to Enable TLS. You can also change the Sessions Limit of how many WebSocket/HTTP sessions can be connected at the same time, by default this is 1000 sessions.

If you made any changes here, Save and Apply Changes.

]]>
https://wiki.vitalpbx.org/wiki/pbx-settings/mini-http-server/feed/ 0
Best Security Practices https://wiki.vitalpbx.org/wiki/pbx-settings/best-security-practices/ https://wiki.vitalpbx.org/wiki/pbx-settings/best-security-practices/#respond Fri, 24 Nov 2023 15:14:17 +0000 https://wiki.vitalpbx.org/?post_type=docs&p=1376 First, let’s look at various recommendations we present to make your VitalPBX installation more secure.

This section can work as a checklist of various configurations you can follow when setting up your VitalPBX installation.

  1. Never use the same username and password on your extensions.
  • It is quite common to see instances where the username and password for extensions are the same as the extension number. This might make remembering the usernames and passwords easier when setting up your devices, but it is the easiest way to get bad actors registering on your PBX
    system. The bad actors can then start placing a massive number of phone calls.
  • What we recommend, and taking advantage of VitalPBX’s separation of the extension number and devices, is to use unique usernames and strong passwords for your extensions. You can make the device’s user anything you like, instead of the extension number. VitalPBX also generates a random strong password automatically, so we recommend using this instead of a repeating
    password for all your devices.

  1. Use the “Permit” and “Deny” options for your devices.

If possible, you should limit the networks that can reach the registration for your devices. In the case you know that a device will only register from a specific network address, you can use the Permit and Deny options when configuring your devices. Permit will only allow devices from the defined network address or segment to register. Deny will disallow devices from the defined segment to register.

  1. Limit extension registration using a Bind Address.

The Bind Address option will also limit who can register to your extensions. With this option, you can limit the network addresses or segments that can register to your extension devices.

  1. Change the default ports for the services you are using.

Default ports are one of the most common ways to have your system attacked by online scanners. By changing these ports to another value, bot scanners will have a harder time detecting open spots in your VitalPBX Server. You can change these ports on the VitalPBX firewall. Remember that you also need to change the ports on the Technology Settings module for PJSIP and IAX2. The most common ports to change are PJSIP, IAX2, and SSH.

  1. Disable the ports you are not using.

Speaking of ports, if you are not using a service, disabling the port is a better option than changing it to something else. For example, if you are not using IAX2, disable the port on the VitalPBX firewall. This is one less way to detect an open spot by bot scanners.

  1. Don’t route inbound calls to very permissive contexts.

When routing incoming calls make sure that you are limiting the incoming calls to only the intended destinations. Using the right Class of Service can help you limit the destination options that someone can reach in a context. For example, don’t have an IVR with a permissive Class of Service. Create one that limits the options to the destinations you intend. If you are using a Custom Context, only allow dialing to a specific destination.

  1. Always have the Firewall active and try to place your PBX behind a Firewall
    and/or SBC.

The firewall included in VitalPBX is set to block unwanted access to your PBX. Having it enabled at all times will deter attempts to breach the server. Having an external firewall is another good way to manage the network routes and permissions at a network level to limit access to the VitalPBX server. Finally, an SBC or Session Border Controller is a good way to externally filter registration and other type of events from reaching your VitalPBX server.

  1. Use Fail2Ban to automatically detect malicious attempts to enter your PBX.

Using the Fail2Ban application allows you to easily jail malicious attempts towards your VitalPBX server. Fail2Ban will block the connection from an IP Address after multiple failed attempts to access the server. This can be through SSH, PJSIP/IAX2 Registration, or web login. You can set the number of failed attempts and for how long the IP address will be blocked.

Following these suggestions will allow you to have a more secure server and keep your data and work safely. These are ways that you can secure your server out of the box. In the following lessons, we will look into more ways to make your server even safer.

]]>
https://wiki.vitalpbx.org/wiki/pbx-settings/best-security-practices/feed/ 0