Replacing FreePBX with FusionPBX

bigbear

I haven't trying deploying the FusionPBX on Docker yet, but my install on Jessie (Debian has gone great so far.

I am going with a $20 Vultr instance next as I plan to run 11 tenants and hundreds of phones off this install. You could probably run it on a smaller install but I don't want to have to worry about resizing discs later, etc. I will be replacing 11 of my $5 vultr instances so overall it drops my host cost from $55 to $20 per month.

http://docs.fusionpbx.com/en/latest/getting_started/quick_install.html# has a great walkthrough of an installation. Use Debian 8 iso for install ($5 Vultr instance for single tenant install should be fine). Judging by github activity this is the most stable setup.

Also, there is a youtube channel https://www.youtube.com/channel/UCN5j2ITmjua1MfjGR8jX9TA that appears to be all Mark, the main developer.

One of the guys active on Github may be coming to give some advice on additional securiting the instal on Vultr (or any cloud instance).

On the security tab it talks about not exposing Mod_xml_rpc to the public. By the default instructions it appears it is exposed, so looking for @DigiDaz to join us on MangoLassi as he has offered to answer questions.

I should mention that the primary developer, Mark Crane, only appears to be monetizing FusionPBX by offering training classes. He is very active on the IRC channel but often redirects advanced questions to his training course. Maybe for those like @scottalanmiller and @JaredBusch who run hosting services that kind of service or support could be useful. I hope we can get enough support going here that a typical FreePBX user could convert to FusionPBX with publicly available info.

Dashrender

why the conversion? because multi-tenant?

bigbear

@dashrender This is my immediate thesis, I will be sure to share any pros/cons that come from real world use.

1.) Freeswitch is faster and IMHO better than Asterisk. Just park a call and pick it back up for a real world example.

2.) FusionPBX is multi-tenant, rebrandable, true open source. Can run a simple single server install and be expanded to multiple servers. No licenses or add on modules. True FOSS.

3.) I get mod_sofia instead of pjsip, and I ditch all my yealink ghost transfer and ghost call issues.

4.) Better provisioning and its also free. Using Yealink RPS and FusionPBX provisioning you can drop ship a phone to your customer and it will automatically configure itself out of the box.

You can also have a Yealink customer default their existing phone and Yealink RPS will send it new provisioning info when it reboots. So even a customer switching to you with existing phones could default their phones and be up on their new system with you instantly.

Also FusionPBX has templates for all major brands and models for easy provisioning.

4.) No banner ads for SIP Station, Proprietary phone hardware or links that would otherwise send your customers around you to Sangoma.

bigbear

I am also going to hit up Ward Mundy as there was interest in the past around creating PiAF off of Fusion (Switch in a Flash or SiAF) but even he commented he couldn't get FusionPBX installed. Thats been about a year.

He may be more committed to Wazo now but its not production ready, not nearly in the way FusionPBX is at least.

markjcrane

My name in Mark J. Crane I'm the creator and lead developer of FusionPBX. Some of the code for FusionPBX was written before I found FreeSWITCH in early alpha before its 1.0 release. Which would make FusionPBX a little more than 10 years. I started the project on pfSense as the FreeSWITCH package and later moved it out to get a larger audience and a real database server.

FusionPBX install is now very easy on Debian 8 (preferred by FreeSWITCH developers). We also have a FreeBSD, CentOS, and Devuan install scripts. The install script ask no questions it just does the install and tells you a random password to login at the end. You can edit a resources/config.sh file that has all the defaults set in it if you want to preset usernames and passwords or change other defaults.

SLA - shared line appearance does work with FreeSWITCH and FusionPBX works great with Yealink and SPA phones.

In FusionPBX we also saw ghost calls which were fixed by changing the phones configuration to not accept un-authenticated calls.

The mention on security mod_xml_rpc is not even installed by default as we don't use it for anything. Also the install script adds a firewall but doesn't enable port 8787 this would be better to be accessed across a VPN for better security.

scottalanmiller

@markjcrane said in Replacing FreePBX with FusionPBX:

My name in Mark J. Crane I'm the creator and lead developer of FusionPBX. Some of the code for FusionPBX was written before I found FreeSWITCH in early alpha before its 1.0 release. Which would make FusionPBX a little more than 10 years. I started the project on pfSense as the FreeSWITCH package and later moved it out to get a larger audience and a real database server.

FusionPBX install is now very easy on Debian 8 (preferred by FreeSWITCH developers). We also have a FreeBSD, CentOS, and Devuan install scripts. The install script ask no questions it just does the install and tells you a random password to login at the end. You can edit a resources/config.sh file that has all the defaults set in it if you want to preset usernames and passwords or change other defaults.

SLA - shared line appearance does work with FreeSWITCH and FusionPBX works great with Yealink and SPA phones.

In FusionPBX we also saw ghost calls which were fixed by changing the phones configuration to not accept un-authenticated calls.

The mention on security mod_xml_rpc is not even installed by default as we don't use it for anything. Also the install script adds a firewall but doesn't enable port 8787 this would be better to be accessed across a VPN for better security.

Awesome. Thanks so much for popping in!!

markjcrane

Another thing you can do for increased security is use domain names and don't register phones to IP addresses as the authentication realm.

Reason for this is when anyone attempts to register to the IP address we know they are not a customer. We have a fail2ban rule that can be enabled

Edit file /etc/fail2ban/jail.conf find enabled = false and set it to true the two sections that should be enabled are:

[freeswitch-ip-tcp]
[freeswitch-ip-udp]

service fail2ban restart

It pains me a bit to have these disabled but currently they are disabled as we need to inform the user to use domain names instead of IP addresses if they want tighter security. When we can educate users enough we may default these to enabled.

markjcrane

@markjcrane With this fail2ban rule a bot or a hacker tries to brute force and register to the IP address of the server they are banned on the first attempt.

bigbear

@markjcrane said in Replacing FreePBX with FusionPBX:

Another thing you can do for increased security is use domain names and don't register phones to IP addresses as the authentication realm.

Reason for this is when anyone attempts to register to the IP address we know they are not a customer. We have a fail2ban rule that can be enabled

Edit file /etc/fail2ban/jail.conf find enabled = false and set it to true the two sections that should be enabled are:

[freeswitch-ip-tcp]
[freeswitch-ip-udp]

service fail2ban restart

It pains me a bit to have these disabled but currently they are disabled as we need to inform the user to use domain names instead of IP addresses if they want tighter security. When we can educate users enough we may default these to enabled.

@markjcrane I really appreciate you coming online and sharing that tip. One of the problems in FreePBX is IP addresses getting banned when and brief internet outage occurs on the client side. Its nearly impossible to roam with Bria on your smartphone for all the constant banning that occurs when you go from cellular to wifi, etc.

For anyone following along he is referring to the server address you use to connect from the endpoint. I create an A record in my DNS (for example *.sip.domain.com and then you can create subdomains on the fly for new tenants (customer1.sip.domain.com, customer2.sip.domain.com).

I am still trying to figure out the best order to create user/device/extensions. It seems like devices would be created automatically when they auto-provision, but I assume the username/extension should be created manually.

JaredBusch

I will certainly look into this, but It has to be stupid simple if it is going to be something I recommend.

It sounds great for you because you want to run something MT and have the skill to back it up.

That is not how the majority of people buy into phone systems though. Also, I have zero desire to be a phone provider.

I recommend, assist, and implement. I do not run it, there is no market there for new companies IMO.

I mean new "VoIP Providers" come out every day it seems like.

bigbear

@jaredbusch said in Replacing FreePBX with FusionPBX:

I will certainly look into this, but It has to be stupid simple if it is going to be something I recommend.

It sounds great for you because you want to run something MT and have the skill to back it up.

That is not how the majority of people buy into phone systems though. Also, I have zero desire to be a phone provider.

I recommend, assist, and implement. I do not run it, there is no market there for new companies IMO.

I mean new "VoIP Providers" come out every day it seems like.

I think you will be surprised, I have been so far. As a single-tenant solution its still faster than FreePBX, and I find the GUI faster as well.

I believe a lot of your MSP/Reseller types who have a dozen customers or so would see it as a no brainer over FreePBX because of the Domain/MT functionality and the ability to rebrand. Also there are no agressive ads pulling you in to competing services.

But all that aside, my primary goal is still to find and document a FOSS alternative to FreePBX the the average small business can spin up and use.

bigbear

@jaredbusch said in Replacing FreePBX with FusionPBX:

I will certainly look into this, but It has to be stupid simple if it is going to be something I recommend.

It sounds great for you because you want to run something MT and have the skill to back it up.

That is not how the majority of people buy into phone systems though. Also, I have zero desire to be a phone provider.

I recommend, assist, and implement. I do not run it, there is no market there for new companies IMO.

I mean new "VoIP Providers" come out every day it seems like.

Also I know you will figure out twice as much as me in half the time if you give FusionPBX a go @JaredBusch. lol

Alex Sage

@bigbear said in Replacing FreePBX with FusionPBX:

I am going with a $20 Vultr instance next as I plan to run 11 tenants and hundreds of phones off this install.

What happens when Vulrt goes down? Do you have 11 company's all calling you for support at the same time?

scottalanmiller

@aaronstuder said in Replacing FreePBX with FusionPBX:

@bigbear said in Replacing FreePBX with FusionPBX:

I am going with a $20 Vultr instance next as I plan to run 11 tenants and hundreds of phones off this install.

What happens when Vulrt goes down? Do you have 11 company's all calling you for support at the same time?

Do you mean if a Datacenter fails? Because that would affect FreePBX or FusionPBX the same.

scottalanmiller

The handy thing is that when the PBX goes down, the customers can't call you!

scottalanmiller

Datacenter failover is pretty simple with most PBX. We've done Canada to US failover before, no issues.

StuartJordan

Is there many people using Fusion PBX in production? is that much of a comparison compared to Freepbx? GUI looks slightly nicer than Freepbx.

bigbear

@aaronstuder said in Replacing FreePBX with FusionPBX:

@bigbear said in Replacing FreePBX with FusionPBX:

I am going with a $20 Vultr instance next as I plan to run 11 tenants and hundreds of phones off this install.

What happens when Vulrt goes down? Do you have 11 company's all calling you for support at the same time?

Same thing that happens now with my 11 FreePBX installs.

scottalanmiller

@bigbear said in Replacing FreePBX with FusionPBX:

@aaronstuder said in Replacing FreePBX with FusionPBX:

@bigbear said in Replacing FreePBX with FusionPBX:

I am going with a $20 Vultr instance next as I plan to run 11 tenants and hundreds of phones off this install.

What happens when Vulrt goes down? Do you have 11 company's all calling you for support at the same time?

Same thing that happens now with my 11 FreePBX installs.

But slightly (very slightly) easier to restore one system than eleven.

AdamF

If I were to guess, I would guess that @aaronstuder was talking about a single Vultr instance/fusionpbx instance going down, and thus taking out 11 clients.