FreePBX on a VPS in South Africa

Uncategorized , ,

I have been looking around for ages to host my FreePBX install on a local Virtual Private Server (VPS). The reason for this is that I have multiple branches that I want to connect to the FreePBX server. In addition, using a local cloud PBX, at the best price will cost me a minimum of R 1,000 a month with SwitchTel.co.za. If you’re not confident in setting up your own server, then this is a great option. If you like the Do-It-Yourself approach and saving every penny, then read on! (SwitchTel is based on Asterisk too and has a starting price of about R300 for 10 users and 1 SIP Trunk at the time of writing this).

The reason it needed to be in South Africa is due to latency. I tried out the 3CX free-tier with hosting for a year on Google Cloud or Amazon AWS. Both of these options are not locally hosted and therefore the latency is fairly high causing calls to drop and calls to be choppy. So it was not ideal.

I have looked around for ages for a suitable VPS host that is at a comparable price to those overseas like DigitalOcean and Vultr which I have been using for other projects.

Recently Domain.co.za launched new VPS options at very competitive prices. I signed up for the smallest package at R129 a month currently and this is sufficient for a FreePBX install running 25 extensions.

Domains.co.za Epyc VPS Packages.

STEPS TO INSTALLING FREEPBX ON DOMAINS.CO.ZA VPS

  • Currently Domains.co.za don’t let you install from your own ISO. So when signing up, select any distro you want. I chose CentOS 7. They’re adding ISO’s at the moment, so hopefully this will change soon.
  • Once you’ve setup your server, send through a ticket to the Support Team. Include a link to the ISO you want to install. LINK: https://downloads.freepbxdistro.org/ISO/SNG7-FPBX-64bit-1805-2.iso Justin assisted me and he was very quick and efficient.
  • Once the ISO is loaded you can use the VNC screen to continue with the install, there are not many options. Just choose the defaults.
  • Once installed, you’ll be able to find the GUI on the server’s IP address.

CONFIGURING FREEPBX SECURELY FOR THE CLOUD

  • When you login for the first time, it will ask you for a new password. Make sure this is very secure.
  • On install it will ask you to configure the responsive firewall. I would suggest you do this and select YES to all the options presented to you. Due to the install being a straight FreePBX install, there is no external Firewall to get in the way.
  • I like to always run all updates before configuring anything: ADMIN > UPDATES > SYSTEM UPDATES and MODULE UPDATES. Run them all until everything is up-to-date.
  • Once you’re done with that lets secure the FreePBX install more and get all the errors on the dashboard to go away. CONNECTIVITY > FIREWALL > NETWORKS – Add your current IP address and any others you know you want to have access. You can add DDNS host names here to give access to sites with Dynamic IP addresses. Mark them as TRUSTED, they should appear yellow in colour.
  • Then lock down the internet connection:
    CONNECTIVITY > FIREWALL > INTERFACES, Mark the eth0 interface as INTERNET, it will now appear in red. Submit and Apply.
  • When adding Trunks, be sure to add the IP of the SIP provider to the whitelist under intrusion detection. ADMIN > SYSTEM ADMIN > INTRUSION DETECTION > WHITELIST. This is required so that the IP does not get mistaken as an intrusion.
  • Lastly, disable NAT on SIP. You don’t need NAT as the server does not have a firewall in front of it. The firewall is built into FreePBX. SETTINGS > ASTERISK SIP SETTINGS > CHAN SIP SETTINGS. set NAT to no.

This setup should be secure, but keep in mind that nothing is perfect, so ensure that you have a reasonable spend limit with your SIP provider to protect yourself if someone does get into your system.

With the configuration above, you will only be able to access the GUI from the trusted IP’s and DDNS IP’s that you added earlier. When you initially setup the server, it will automatically add your current IP address.

Leave a comment below if you have any input on the above configuration. If you have configured everything correctly, you should see the System Overview with Green ticks against all the services.

There are plenty more settings to be setup, but these mainly relate to the way you want your phone system to work. Extensions, Ring Groups, Inbound and Outbound routes.

If you need more information on this, I can write a further article, but this should get you to a point where you can get it up and running.