Protected: Configuring OpenVPN for Asterisk PBX and Snom Phones

This content is password protected. To view it please enter your password below:

Installation of FreePBX 2.10 on Debian Wheezy (Kernel 3.2)

During my search for a proper installation guide for the current version FreePBX (April 2012: v2.10) on a current Debian (April 2012: Wheezy), I started to grow the idea, that due to the lack of proper how-tos and documentations, i just have to go ahead and create my own, in good hope that others will benefit from it. FreePBX is available as source as well as a fully operational Installation on a CentOS 5 (distro version, installable via ISO file).

First of all, it is necessary to sum up the system and application requirements in order to operate FreePBX. FreePBX is a framework that runs on an Apache/ MySQL/ PHP stack. Therefore, it can be basically installed on any Linux machine. The configuration of Asterisk is maintained by FreePBX in a MySQL database. From the database, FreePBX creates the default dialplan files for Asterisk. FreePBX also configures Asterisk to write CDR data to the MySQL database. Currently, Asterisk developers and the community strongly recommend to use ODBC for the CDR module, yet, FreePBX uses the MySQL function in Asterisk. In order to use the conferencing module, DAHDI needs to be installed on the linux machine. There are basically two ways: install asterisk-dahdi via APT or simply install DAHDI before installing Asterisk from source. Installing Asterisk from source will deliver the most current version of Asterisk, APT repositories for Asterisk of Debian and Ubuntu are slightly behind in providing uptodate packages. Also, when installing from source, one can have “better” control over the features required or included (e.g. mp3 support for voice menus). For hardening the system, OpenSSL and OpenVPN can be used to secure HTTP and SIP/RTP traffic.

In the following, you can see a list of actions performed on a current Debian Wheezy 64bit for installing Asterisk and FreePBX

Update sources, include main, contrib and if desired non-free as well

vim /etc/apt/sources.list

And then.. update!

apt-get update

And upgrade

apt-get upgrade

Install OpenSSH Server for remote access during evalutaion and testing

apt-get install openssh-server

Install OpenVPN server, can be used later on for securing SIP/RTP

apt-get install openvpn

For more information on how to secure VoIP with OpenVPN on a SNOM phone:

Install MySQL Server. MySQL is used by FreePBX and Asterisk.

apt-get install mysql-server mysql-client

Note: now you have to set the root password for MySQL as well, take good note of that, you will need it later on…

IMPORTANT: FreePBX uses Asterisks MySQL DB function for CDR, so don’t install ODBC if not necessary!!!

Despite my warning, in case you want to install ODBC and the ODBC conncetor for MySQL in case you want to use the DB function in dialplans later on: here’s an example. It’s basically copied from this O’Reilly article:

apt-get install unixODBC unixODBC-dev
apt-get install libmyodbc

For being able to use ODBC, it is necessary to edit the file /etc/odbcinst.ini and set

Description = ODBC for MySQL
Driver = /usr/lib/x86_64-linux-gnu/odbc/
Setup = /usr/lib/x86_64-linux-gnu/odbc/
FileUsage = 1

Attention: check the path first before just copying with find -name from /usr or /
Check the ODBC configuration with:

odbcinst -q -d

Now, for Asterisk to be able to use ODBC later on, it is required to set the connectors in /etc/odbc.ini. In this example, i used the database names created later on for FreePBX and a MySQL user created specifically for FreePBX.

Description           = MySQL connection to 'asterisk' database
Driver                = MySQL
Database              = asterisk
Server                = localhost
UserName              = freepbx
Password              = thelamegermankeepsstuffsecret
Port                  = 3306
Socket                = /var/run/mysqld/mysqld.sock

Description           = MySQL connection to 'asteriskcdrdb' database
Driver                = MySQL
Database              = asteriskcdrdb
Server                = localhost
UserName              = freepbx
Password              = thelamegermankeepsstuffsecret
Port                  = 3306
Socket                = /var/run/mysqld/mysqld.sock

In case you’ve skipped ODBC, then continue from here

Now install Apache2 and PHP5. FreePBX requires php-cli to be installed, which is part of php-common library

apt-get install apache2
apt-get install php5 php5-mysql php5-mcrypt php5-common libapache2-mod-php5

Also, FeePBX requires the PEAR DB module to be installed, so install

apt-get install php-pear php-db

Some of you might think that php-db will offer pear DB, but actually you will need to run

pear install DB

This will install a “deprecated” version of pear DB, but FreePBX relies on that

Now if you like, you can also install perl, python, whatever else you might think could be useful for you. Please note, that your machine might also need some additional hardware drivers for T1/PRI/BRI interface or whatever hardware!!! In case you have enabled SELinux on your machine: FreePBX doesn’t play well with SELinux, so make sure it’s either disabled or just don’t install it.

In the later, in order to install FreePBX you will run a PHP script and in this script the exec() function will be used. Now, in my case, this required SUDO to be installed, which one might think is always installed with a virgin Debian, but actually it’s not. I ran the script as root, yet SUDO was required!

apt-get install sudo

Installing asterisk from source offers the latest release, yet it requires to manually install quite a few additional packages before you can get started. For Debian Wheezy, Asterisk 1.8 can be installed from Aptitude repositories. Aptitude will install Asterisk as complete as possible, yet there’s a bit more one can install from the repositiories, like mp3 support, dahdi for conferences etc.
A very comprehensive installation that is useful for FreePBX can be achieved by getting following packages.

First, install DAHDI hardware drivers, which are needed by app_meetme (conferencing). Then continue with installing Asterisk. DAHDI must be installed from SOURCE from the Website. DAHDI must be installed as Kernel module, and this is currently (May 2012) not the case when installing DAHDI from APT repositories. DAHDI provides a timing device for synchronizing the voice/sound streams in conferences, music on hold etc.

apt-get install libxml2-dev libncurses5-dev subversion g++ make linux-headers-$(uname -r)
cd /usr/src/
tar xfvz dahdi-linux-complete-2.6.0+2.6.0.tar.gz
cd dahdi-linux-complete-2.6.0+2.6.0
make all
make install
make config
/etc/init.d/dahdi start
Then continue to install Asterisk from APT. You will need to install asterisk-dahdi in order to have access to app_meetme for conferencing. This will make use of the installed DAHDI hardware drivers installed previously.
apt-get install asterisk \
asterisk-dahdi \
asterisk-sounds-main \
asterisk-core-sounds-en-gsm \
asterisk-core-sounds-en-wav \
asterisk-moh-opsound-gsm \
asterisk-moh-opsound-wav \
asterisk-sounds-extra \
asterisk-mp3 \
asterisk-mysql \
asterisk-ooh323 \
asterisk-prompt-de \
asterisk-voicemail \
asterisk-doc \
asterisk-dev \
libasound2-plugins \
jackd2 \
lm-sensors \
snmp-mibs-downloader \
libsox-fmt-all \
speex \
srtp-utils \

This will take some time…

Once asterisk is installed, you can check if it’s running properly by entering the CLI mode of Asterisk

asterisk \-rvvvvv

You should then see somthing like this:

Asterisk, Copyright (C) 1999 - 2012 Digium, Inc. and others.
Created by Mark Spencer <> Asterisk comes with ABSOLUTELY NO WARRANTY;
type 'core show warranty' for details. This is free software, with components licensed under the GNU General Public License version 2 and other licenses;
you are welcome to redistribute it under certain conditions. Type 'core show license' for details.
== Parsing '/etc/asterisk/asterisk.conf': == Found
== Parsing '/etc/asterisk/extconfig.conf': == Found
Connected to Asterisk currently running on horse-with-no-name (pid = 8005)
Verbosity is at least 5

To leave the CLI, simple type exit and then hit return.

SOUND PROBLEMS: Unfortunately, some sound-packages didn’t install their sound file to /var/lib/asterisk/sounds but to /usr/share/asterisk/sounds and sometimes, Asterisk wouldn’t open sounds in /var/lib/asterisk/sounds but instead in /usr/share/asterisk/sounds. But: /usr/share/asterisk/sounds is a depricated location for soundfiles since Asterisk 1.6. Therefore, if you experience any problems with sound files not playing (look at CLI for hints on this), then you can consider to SOFTLINK the locations from /var/lib/asterisk/sounds to /usr/share/asterisk/sounds:

cd /usr/share/asterisk/sounds
ln -s /var/lib/asterisk/sounds/en/ en

Now that Asterisk is installed, it is a good idea to change the user running the apache2 daemon, because FreePBX requires that Apache is run with the same user that runs Asterisk. Just edit the file /etc/apache2/envvars and replace the user www-data with asterisk.

export APACHE_RUN_USER=asterisk
export APACHE_RUN_GROUP=asterisk

Next up, it is time to install FreePBX. The source of FreePBX can be obtained from, the current version of FreePBX at the time writing this is 2.10 and can be obtained by

cd /usr/src
wget []
tar -xvf freepbx-2.10.0.tar.gz

So far so good, you’ve downloaded FreePBX and un-TAR-ed it and all’s well and you only need to run the install script… OH NO!!!
It’s not that simple, i’ve tried that a few time but i never got a nice and smooth running FreePBX, so what should be done now?

First: makesure the /etc/asterisk directory is empty, FreePBX will need to place new files in there.

In preparation for setting up the database, it’s not a bad idea to create a MySQL user for FreePBX instead of providing root access, you might even want to use a different database host during installation, but that’s something different… Let’s concentrate on getting things done: create the databases used by FreePBX

mysql -u root -p
enter password: ***
mysql> create database asterisk;
Query OK, 1 row affected (0.00 sec)
mysql> create database asteriskcdrdb;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on asterisk.* to "humpty" identified by "dumpty";
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on asteriskcdrdb.* to "humpty" identified by "dumpty";
Query OK, 1 row affected (0.00 sec)
mysql> exit;

Now run the SQL scripts provided in the source files in the folder SQL in order to setup the databases:

mysql -u root -p asterisk < SQL/newinstall.sql
mysql -u root -p asteriskcdrdb < SQL/cdr_mysql_table.sql

FreePBX is not yet ready for installation in case you are using PHP 5.4!!!
Why? Because a PHP function in the recording module of FreePBX is using the $_REQUEST global variable as argument, and this is invalid in PHP 5.4 and causes the install to throw a bunch of errors. Simply edit the file amp_conf/htdocs/admin/modules/recordings/ in your FreePBX source directory and change each occurance of $_REQUEST to $REQUEST in the function recordings_update aroun line 260. For more information, read:

Also, in PHP 5.4 the default timezone for date() isn’t set, which needs to be set in following files
Search for the date section and set

date.timezone = "Europe/Berlin"

The install script includes several files, which will check on the filesize of the FreePBX installer logfile. In case this file does not exist, the PHP filesize() function will throw an E_WARNING type of error. This is harmless, yet you can work your way around this error by replacing

$size = sprintf("%u", filesize($amp_conf['FPBXDBUGFILE'])) + strlen($txt);


$size = file_exists($amp_conf['FPBXDBUGFILE']) ? sprintf("%u", filesize($amp_conf['FPBXDBUGFILE'])) + strlen($txt) : 0;

on lines 75 and 641 in file amp_conf/htdocs/admin/libraries/utility.functions.php

Now, preparation is almost done. When evaluating and trying to install FreePBX, i’ve had some problems each time i ran the install script because i entered Apache Webroot as /var/www, which is valid on my Debian. Yet, FreePBX tried to move several files to /var/www/html, which is the Apache Webroot on the FreePBX distro. If you’re like me, lazy and pragmatic, then you would also do

mkdir /var/www/html
chown asterisk:asterisk /var/www/html

And set the default webroot of Apache to this directory in /etc/apache2/sites-enabled/000-default

<VirtualHost \*:80>
ServerAdmin webmaster@localhost

DocumentRoot /var/www/html
<Directory ></Directory>
Options FollowSymLinks
AllowOverride None
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options \+ExecCGI \-MultiViews \+SymLinksIfOwnerMatch
Order allow,deny
Allow from all

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

IMPORTANT: Before you actually start the ./install_amp script, you may need to fix some more errors in the install script. I don’t want to go into detail, because it’s been documented already in the FreePBX bugtracker. A description of the errors and the fixes can be found here:

In particular, see fixes at

The check for SELinux in the install script throws an error, so just adapt/edit the code near line 968 in file install_amp:

$tmpout = exec("getenforce 2>/dev/null", $tmpoutput, $sereturn);
if (isset($tmpoutput[0]) && trtolower($tmpoutput[0]) === "enabled") {
        // this method seems better because disabled and permissive are the same
        // if a user installs and realizes selinux is running the other method
        // requires a reboot to get selinuxenabled to work after editing the  selinux config
        // this will allow you to use setenforce 0 which turns selinux into permissive mode which
        // doesnt enforce, it just warns.
        fatal("selinux is ENABLED. This is not supported. Please disable selinux before using FreePBX");

Make sure to apply all fixes on FreePBX 2.10 install_amp script!!

Now preparation is done and the installation can be kicked off by running the install_amp script in the un-tared FreePBX source directory


The script will now ask for several values, e.g. your Apache Webroot, MySQL database location and credentials and a whole lot of other stuff which will be written to /etc/amportal.conf. Also, this script will move the files for the GUI to webroot and set file-ownership etc. If you have any problems and need to undo and fix the PHP scripts or some settings, then you can always undo the script actions by removing all files created by the install_amp script

rm /etc/amportal.conf
rm /etc/asterisk/*
rm /var/www/html/*
rm /var/lib/asterisk/bin

Once installation is done and hasn’t thrown any errors, then you should be able to login to FreePBX via http://<yourmachine>/admin => username: admin – password: admin

Go to menu Reports -> FreePBX System Status to see if FreePBX has detected errors

I’ve had problems with not symlinked files in the /etc/asterisk directory, in particluar the logger.conf file so just feel free to manually resolve this issue by

rm /etc/asterisk/logger.conf
ln -s /var/www/html/admin/modules/core/etc/logger.conf /etc/asterisk/logger.conf

Methods for making cheap calls through an Asterix PBX

The methods described in this post relate mostly to using FreePBX and some additonal add-ons developped by the VoIP community (e.g. Nerdvittles/PBX in a Flash). This means, that next to installing Asterisk 1.8, it is also required to install a LAMP stack and that Asterisk and the Apache/PHP scripts are all executed by the same user (e.g. user & group asterisk).

Method 1: Using DISA (Direct Inbound System Access)

DISA is an application, which can be used as destination for an inbound route. When dialed and connected, the DISA will sound a dial-tone and accept DTMF tones entered by the calling party, thus setting up a telephone connection according to whatever was dialed.


  • In FreePBX, the DISA function is already implemented and can be used out of the box from the GUI
  • No additional dialplan manipulation in extensions_custom.conf necessary
  • Call automation from mobile phones by setting up the DID number of the DISA as dial prefix with additional wait time, can easily be implemented in already existing calling apps for iOS and Android


  • Whitelisting inbound CallerIDs must be entered manually as custom dialplan in extensions_custom.conf
  • Users must consider, that dialing a number must happen just as if they were calling from their desk phone, e.g. prefixing a 0 for dialing to the outside world
  • Altering CallerIDs (convergence!!!) must also be maintained manually in extension_custom.conf

Method 2: Using Callback

Tha Callback function is also implemented in FreePBX and is using the Asterisk Manager Interface (AMI). A Callback application can be used as destination of an inbound route and the Callback app itself also has a destination. When a call is made to the inbound route to a Callback app, then the app registers the number of the caller, hangs up and calls the caller back on the provided number. Once the callback is executed, the originator then is forwarded to a custom destination of the callback app, e.g. a DISA application, an IVR menu or even a fixed number/ring group. This method is especially handy when wanting to make cheap calls from a roaming network (e.g. when abroad).


  • Runs out of the box in FreePBX
  • No additional dialplan manipulation needed


  • iOS and Android don’t allow 3rd party apps to submit DTMF tones on incoming calls, only when dialing out. This means, that making calls via a Callback extension can’t be easily automated like when calling a DISA directly.
  • Whitelisting and editing CallerIDs must be maintained manually in a custom dialplan in extensions_custom.conf
  • It’s slow, depending on the subscriber’s network and the landline provider, dialing in-out-in-out will take some time and the hangup signal from the Callback app isn’t always sent to the caller within an acceptably short time frame (less than 10 seconds), thus the Callback needs to be configured to allow for a FIXED time gap between original call and return call.

Method 3: Using Click-To-Call

Click-To-Call is an application used by many callcenters, Google Voice etc. It basically is a script at an arbitrary URL which can take both parties of a call and then make a call to each one and connect the calls on one channel. It also uses the the AMI for making the calls. One popular implementaion is Asteridex from Nerdvittles.


  • The script at the URL can practically do anything you want it to do, alter phone numbers and CallerIDs from a database (convergence!!!), whitelisting for originators etc. You name it, it can do it.
  • It’s free
  • It’s faster than DISA and Callback


  • When using this method from a mobile phone, then the dataplan must cover the traffic generated from this app. This is especially important when using this method in a roaming network/abroad.

Get every new post delivered to your Inbox.