BlueBox

OVERVIEW
BlueBox is a web based php configuration and management GUI for FreeSWITCH and Asterisk switching libraries. It supports multi-tenancy, skinning, and is completely open-source. It can be used with database and file replication to scale up to thousands of registered devices and simultaneous phone calls. It can operate in the cloud or on the premise. It originally developed from FreePBXv3.

PREREQUISITES
I installed the following prerequisites:
 * net-misc/freeswitch-9999
 * www-servers/apache-2.2.22-r1
 * dev-lang/php-5.3.13
 * dev-db/mysql-5.1.62-r1

FreeSWITCH
Please first install FreeSWITCH (FS) following the Gentoo Wiki

There are many USE options for FS. Not all of them compile for me.

[TODO] -- Add list here of which work and which don't compile.

After installing FS, there is a post-installation message from portage that a backup of the default configuration files has been saved to: FreeSWITCH default configuration but a "diff -r /etc/freeswitch /usr/share/doc/freeswitch-9999/conf" shows differences

so I made my own copy:

Make copy of freeswitch configuration

Also, portage seems to install the freeswitch configuration directory twice: * once into /etc/freeswitch * and a second time into /etc/freeswitch/freeswitch A "diff" for each file/folder in /etc/freeswitch/* and /etc/freeswitch/freeswitch/*

shows no differences. Is this a mistake?

Then install:

WEB SERVER
INSTALL a web server such as www-servers/apache (see the Gentoo Wiki)

PHP
INSTALL dev-lang/php (see the Gentoo Wiki)

DATABASE
INSTALL a database backend such as:
 * dev-db/mysql (see the Gentoo Wiki)
 * dev-db/postgresql-server (see the Gentoo Wiki)
 * dev-db/sqlite (see the Gentoo Wiki)

DATABASE SETUP
MySQL setup database

If you make a mistake and need to start over:

MySQL start over

INSTALLING BLUEBOX (BB)
Adapted from http://www.powerpbx.org/content/centos-freeswitch-bluebox-v1

Install bluebox git source into top level root of web server:

Install BlueBox into webserver

NOTE: When the install asks you for the web user name change default (apache) to "freeswitch" (without quotes). Everything else can remain at default (Just repeatedly press ENTER when it asks)

Increase the memory_limit for php

sed -i 's/memory_limit = 32M/memory_limit = 128M/g' /etc/php/apache2-php5.3/php.ini

Restart apache

/etc/init.d/apache2 restart

/opt/freeswitch/conf/ is a symlink to /etc/freeswitch

You will need to change the ownership on the configuration files to allow apache to make changes before you run the bluebox configuration GUI: Change FS permissions

Browse to "http://your.web.server/bluebox/"

and run the installer. I went with the defaults but changed the password and email address for the administrator. I also unchecked the option for installing sample data.

I got a WARNING about conflicting files:

Conflicts I just continued.

After configuring bluebox, my default configuration was

cat /var/www/localhost/htdocs/bluebox/config/database.php

'type'    => 'mysql',

'user'    => 'bluebox',

'pass'    => 'bluebox',

'host'    => '127.0.0.1',

'port'    => '3306',

'socket'  => FALSE,

'database' => 'bluebox'

You probably will want to change the password for user bluebox.

Next edit /var/www/localhost/htdocs/bluebox/bluebox/config/config.php

and disable the installer:

config['installer_enabled'] = FALSE;

CONFIGURING FS WITH BLUEBOX
START freeswitch:

/etc/init.d/freeswitch start crashed for me, but running it manually worked

/opt/freeswitch/bin/freeswitch [options such as hp,lp.rp ncwait]

or /opt/freeswitch/bin/freeswitch -nc

/opt/freeswitch/bin/fs_cli

NOW BROWSE to "http://your.web.server/bluebox/"

INSTALL additional modules:

System->Package Manager

A few modules have prerequisite modules so if you get an error, install the prerequisite.

A few pairs of modules conflict, e.g.: I chose "Freeswitch", "Endpoint Manager" and "Media File"
 * "Freeswitch" and "Asterisk"
 * "Endpoint Manager" and "Provisioner"
 * "Media File" and "Media Manager"

and installed every remaining module except those for a call center.

Bluebox came pre-installed with 3 sip interfaces

"Connectivity" -> "SIP Interface"

Authenticated SIP	 Auto Detect	5060	Required   Edit|Delete

Authenticated SIP - NAT Auto Detect	5070	Required   Edit|Delete

Unauthenticated SIP	 Auto Detect	5080	None	   Edit|Delete

Use the freeswitch cli to see your interfaces:

freeswitch@myhost> sofia status

Name         Type                                       Data      State

=================================================================================================

sipinterface_2      profile            sip:mod_sofia@192.168.1.40:5070      RUNNING (0)

voicemail_1        alias                             sipinterface_2      ALIASED

sipinterface_1      profile            sip:mod_sofia@192.168.1.40:5060      RUNNING (0)

sipinterface_3      profile            sip:mod_sofia@192.168.1.40:5080      RUNNING (0)

192.168.1.40        alias                             sipinterface_1      ALIASED

=================================================================================================

3 profiles 2 aliases

Now configure users, devices, voicemail boxes, endpoints and assign numbers.

It facilitates configuring your sip device if you first configure and then
 * the Users ("Organization" -> "User Manager")
 * their Voicemail Boxes ("Applications" -> "Voicemail Boxes")
 * the Endpoints ("Applications" -> "Endpoints")
 * the sip phones ("Applications" -> "Devices")

The passwords for the users must be alphanumeric but the passwords for the sip devices and voicemail boxes need not be so. To keep things simple I used the same identifying string for device names, sip accounts, extensions.

For example, Device Name "101" associated with user "John Doe" used sip account "101" and was assigned extension "101" and unanswered calls were transferred to the voicemail box for 101 (extension 201) All used the same password except for the the required alphanumeric password for the User Account for John Doe.

If you decide to have a default Multitenant system, then your sip registrations will use "user@domain" instead of just "user" for the User Account

Make sure that your user:password (or user@domain:password) for each Device in bluebox matches what you have configured for each sip phone.

First try to get sip registration working before attempting secure sip (sips) registration or encrypted media (srtp). FreeSWITCH also has support for end-to-end encryption using zrtp (see the FreeSWITCH Wiki) but you must use a sip phone which supports zrtp such as such as the softphone Zfone Unfortunately, my Snom phones don't support zrtp and Snom has no plans to do so.

Note that bluebox adds your sip devices to /etc/freeswitch/directory/default.xml

So check and verify that your users have been added there.

Verify that your sip phones have registered with FreeSWITCH:

sofia status profile sipinterface_1

=================================================================================================

Name                   sipinterface_1

Domain Name            N/A

Auto-NAT               false

DBName

Pres Hosts

Dialplan               XML

Context                multitenant_routing_context

Challenge Realm        auto_to

RTP-IP                 192.168.1.40

SIP-IP                 192.168.1.40

URL                    sip:mod_sofia@192.168.1.40:5060

BIND-URL               sip:mod_sofia@192.168.1.40:5060

HOLD-MUSIC             N/A

OUTBOUND-PROXY         N/A

CODECS IN              G7221@32000h,G7221@16000h,G722,PCMU,PCMA,GSM

CODECS OUT             G7221@32000h,G7221@16000h,G722,PCMU,PCMA,GSM

TEL-EVENT              101

DTMF-MODE              rfc2833

CNG                    13

SESSION-TO             0

MAX-DIALOG             0

NOMEDIA                false

LATE-NEG               false

PROXY-MEDIA            false

AGGRESSIVENAT          false

STUN-ENABLED           true

STUN-AUTO-DISABLE      false

CALLS-IN               2

FAILED-CALLS-IN        1

CALLS-OUT              1

FAILED-CALLS-OUT       1

REGISTRATIONS          4

Show registrations for sipinterface:

sofia status profile sipinterface_1 reg

<... excerpt ..>

Call-ID:       3c26701f3482-2ou8k0j6yqug

User:          101@192.168.1.40

Contact:       "John Doe" 

Agent:         snom360/8.4.32

Status:        Registered(UDP)(unknown) EXP(2012-05-18 20:26:09) EXPSECS(2869)

Host:          pbx

IP:            192.168.1.101

Port:          2048

Auth-User:     101

Auth-Realm:    pbx.mydomain.com

MWI-Account:   101@voicemail_1

Now that our phones have registered with FreeSWITCH, check that you have a dial tone and can dial an internal extension

IPKALL
If you want to test SIP from outside your network,

apply for a free DID from IPKall (Washington State)

Just select an area code and choose a "SIP phone number"

which can be any alphanumeric string, eg. "IPKall"

Enter the "SIP Proxy" for your FreeSWITH server, eg. "pbx.mydomain.com:5080"

Make sure you specify a sip port of 5080 instead of the default 5060.

Bluebox uses different sip ports to listen on for each different sip interface, e.g.:

Authenticated SIP	  Auto Detect	5060

Authenticated SIP - NAT  Auto Detect	5070

Unauthenticated SIP	  Auto Detect	5080

Then go to "Routing -> Number Manager" and add your new number:
 * Manage -> Number: "IPKall"
 * Manage -> Type: Internal
 * Device (Pick a destination such as Device "101"
 * Contexts -> Inbound Routes
 * Number Pools -> Device

Now add a trunk for IPKall "Connectivity -> Trunk Manager":
 * Trunk Name: "IPKall"
 * Trunk Type: "SIP Interface"
 * Server: "voiper.ipkall.com"
 * Bind To Interface: "Unauthenticated SIP"
 * Made from these Contexts: "Inbound Routes"
 * Caller ID Name: "ipkall"
 * Caller ID Number: 

Now try phoning the IPKall DID phone number emailed to you.

I got a busy signal, so I had to edit "Connectivity -> SIP Interfaces -> Unauthenticated SIP"

and change "Inbound Calls -> Default Incoming Context" from "AUTO(Multitenant)" to "Inbound Routes" since I opted not to have a multitenant system.

Next caveat is that I use NAT and need to forward the following udp ports from my router to my FS server:

as well as the port range for rtp (10000 to 20000)
 * 5060 (standard SIP)
 * 5070
 * 5080

In addition I use shorewall for the firewall on my FS server, so I need the following in my /etc/shorewall/rules:

ACCEPT         loc             $FW     tcp     5038 # AMP -- Asterisk Manager Protocol ACCEPT         all             $FW     udp     5036 # iax ACCEPT         all             $FW     udp     4569 # iax2 ACCEPT         all             $FW     udp     5060 # sip ACCEPT         all             $FW     tcp     5060 # sip Some SIP servers need tcp as well ACCEPT         all             $FW     udp     5061 # sips ACCEPT         all             $FW     tcp     5061 # sips ACCEPT         all             $FW     udp     5070 # FreeSWITCH sip udp ACCEPT         all             $FW     tcp     5070 # FreeSWITCH sip tcp ACCEPT         all             $FW     udp     5080 # FreeSWITCH sip udp ACCEPT         all             $FW     tcp     5080 # FreeSWITCH sip tcp ACCEPT         all             $FW     udp     10000:20000     # rtp
 * 1) ASTERISK and FreeSWITCH
 * 1) SIP
 * 1) ACCEPT        all             $FW     udp     2727 # MGCP media gateway control protocol
 * 2) H323 tcp 522, 1503, 1720, 1731 and 8080

I also disabled connection tracking for sip in /etc/shorewall/start modprobe -r nf_nat_sip       &> /dev/null

modprobe -r nf_conntrack_sip &> /dev/null

#

modprobe -r nf_nat_h323      &> /dev/null

modprobe -r nf_conntrack_h323 &> /dev/null

And I also added the above ports to /etc/shorewall/notrack: NOTRACK         loc             192.168.1.0/24     udp     5060 # sip

NOTRACK         loc             192.168.1.0/24     tcp     5060 # sip

NOTRACK         $FW             192.168.1.0/24     udp     5060 # sip

NOTRACK         $FW             192.168.1.0/24     tcp     5060 # sip

and so on for ports 5061, 5070, 5080, 10000:2000

But (not unexpectedly) after calling the DID and picking up my extension, there was no audio on either my cell phone or sip phone. So next I edited the "Unauthenticated SIP" interface and changed the "Default Interface" to "Authenticated SIP -- NAT" and checked the following: Now I had audio on my cell phone but still no audio on my sip phone.
 * Server is behind NAT?: ON
 * NAT detection mechanism: "Detect IP via uPnP"
 * SIP Ping Registered Devices: ON
 * Aggressive NAT Detection: ON
 * Use Network IP & Port for RTP: OFF

[TODO] FIX NAT traversal for SIP on my FS server.

CONFIGURING A DIALPLAN [TODO]
Now we need to configure:
 * AutoAttendant
 * Time Based Routes
 * Ring Groups
 * Conferences
 * Feature Codes such as CheckingVoicemail, etc.
 * Trunks: DAHDI (PSTN), SIP, IAX