Being woken up several times throughout the night from anonymous calls is not fun.  Here is a screencast (shot with my shiny new MacBook) that explains how to delimit these annoying calls while still being able to route incoming SIP calls from Gizmo and IPKall to their appropriate destinations.

Here is the code I used to allow IPKall incoming SIP connections :


[ipkall]
disallow=all
host=66.54.140.46
context=from-trunk
insecure=port,invite
qualify=yes
type=peer
dtmfmode=rfc2833
allow=ulaw
nat=no

[ipkall2]
disallow=all
host=66.54.140.47
context=from-trunk
insecure=port,invite
qualify=yes
type=peer
dtmfmode=rfc2833
allow=ulaw
nat=no


This weeks project has been a huge learning curve for both Asterisk and communicating with a remote web server. Here are the project goals :

1. End user (EU from now on) creates an account on web server.
2. EU Inputs their phone number.
3. EU immediately receives a call with a random 6 digit number (PIN).
4. EU inputs the PIN into the web interface and is now validated.
5. EU schedules when they want to be called.

When the user is called, they are sent to an IVR (interactive voice menu) – here is how that should work.

1. EU answers the call.
2. EU hears prompt to press 1, 2 or 3.
3. EU presses 1 and hears a prompt with instructions (it is a breathing exercise)
4. EU presses pound to initiate timer and pound once again to end their session.
5. EU hears prompt directing them to visit web panel to access results.

OK so you see how this is supposed to work – let me explain how I did it.

Step 1. Phone Number Validation

The user enters their phone number in three separate boxes which are heavily processed for error checking and validation.  The number is stored in the database and they are sent to the next page of the wizard.  This page displays a button to initiate the call with a text input box below for the phone pin.  A random 6 digit number is generated, inserted into the database and also passed to the AMI. An Originate action is called sending the EU to a passwd-verify-custom context in the dial plan.

The EU hears a prompt to wait for their verification number – the six digit number passed from the web server is then read to the EU using SayDigits(${UserPin}).  As soon as they enter the PIN in the text box, their phone number is validated and they can begin receiving scheduled calls.

Step 2. Scheduling Calls

The EU is presented with several drop downs : Day (Sunday to Saturday), Hour (01 – 12), Minute (01 – 59), Time (AM – PM).  Once the time is selected and the submit button is pressed, an asynchronous post is sent back to the web server for validation and insertion into the database.

It was super easy to run the schedule without having to SCP .call files or open more holes on the Asterisk system.  I simply run a cron job every minute that pings a listening PHP script on the web server.  PHP queries the database to see if anyone has a call scheduled and has validated their number, PHP will loop through the results creating a new AMI event passing the users unique ID as a dial plan variable.

Part 3. Collecting Key Press Event Data

The IVR is very straight forward.  It is used to determine the EPOCH second for the start and stop time for this breathing exercise.  On key press, Asterisk runs System(/usr/bin/curl -d “userid=${UserId}&action=start&time=${EPOCH}&key=someuniquehash” <http://tld/script.php>)

This sends back to the web server the following data :

User ID – the user ID sent to the AMI from the web server : Now we know who we called

Action – Start, Stop : Now we know whether to insert or update the record

Time – The Epoch time stamp : Now we know when the key was pressed.

Key – A long string of random characters : This way no one can inject false data from their browser.

Once the phone session is complete, the user can login to their panel and view in depth statistics and compare month and year breathing fluctuation times in an easy to read bar graph.

The key things I have learned during creation of this application will allow me to do anything in the field of Web + Phone integration.

Passing a variable to the dial plan from an AMI event is by far the most powerful:

Variable : <VariableName> = <VariableValue>

This can now be accessed in the dial plan using ${VariableName}

I am creating a video demonstrating how to use the application (for end users) – I will post it up here when it is done.  If you want to try it yourself check out Control Pause.

This is just a simple initial set up routine you should consider before launching any home / small business Trixbox IP PBX system.  There are obviously many additional steps not covered here that one should take for a mission critical implementation – in this case, we will keep it simple.

So you just installed a fresh TB system (possibly in a VM) and you are noticing some warning messages in the web panel.  Lets correct them now.

1. First open a shell and type passwd-maint - this script will set up a htpasswd file in your web directory, choose a very good password.

2. Next download a copy of PHPMyAdmin to /var/www/html/mysql.  Rename the config.sample.inc.php to config.inc.php and add a blowfish secret (can be anything).

3. Visit PHPMyAdmin at http://server-ip/mysql, login as root : passw0rd and change the passwords for root AND asteriskuser.

4. Back in the shell, su asterisk and nano /etc/amportal.conf.  Change the AMPDBPASS to the asteriskuser mysql password you just set in PHPMyAdmin.

5. nano /etc/asterisk/manager.conf and change the admin secret.

6. nano /etc/amportal.conf and change the AMPMGRPASS to match the admin secret you set above.

7. Be sure to change the FOPPASSWORD in /etc/amportal.conf – I had a production system compromised by neglecting to do this.

8. Create a password for the admin user in the “Administrators” page!

You should no longer have any errors in your web panel after running amportal restart as root.  If you still see a Memory Limit Changed – edit the line memory_limit = in /etc/php.ini as root, just change it to a reasonable value (mine is 128M).

If you are sick of seeing the Update Email message – just add your email address to the bottom of the general settings page where it says “Update Email”.

If you would like to learn more about securing Trixbox, I suggest installing Asterisk from scratch on a base CentOS installation.  FreePBX has some great instructions and a spectacular forum for those getting started.  I did it last year in a Virtual Machine and was able to get a great working system in less than 2 hours.

I was getting a bit annoyed configuring so many boxes and having to retype passwords a million times I decided to import my public RSA key and be done with it.
Here is a quick how to so you can do the same :

On the Client (the box you will be using to connect)

$ ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''

On the Server (copy ~/.ssh/id_dsa.pub to this machine)

$ cat id_dsa.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys

Back on the Client

$ ssh -i ~/.ssh/id_dsa root@<hostname>

Where hostname is the SSH server.
You may be asked to put in your password one last time, I do not believe I had to myself.
Now you can just ssh <username>@<hostname> and voila, you are in!

You can imagine how much time this saves me whilst administering ~ 10 boxes.