Replacing FreePBX with FusionPBX

bigbear

I am also going to hit up Ward Mundy as there was interest in the past around creating PiAF off of Fusion (Switch in a Flash or SiAF) but even he commented he couldn't get FusionPBX installed. Thats been about a year.

He may be more committed to Wazo now but its not production ready, not nearly in the way FusionPBX is at least.

markjcrane

My name in Mark J. Crane I'm the creator and lead developer of FusionPBX. Some of the code for FusionPBX was written before I found FreeSWITCH in early alpha before its 1.0 release. Which would make FusionPBX a little more than 10 years. I started the project on pfSense as the FreeSWITCH package and later moved it out to get a larger audience and a real database server.

FusionPBX install is now very easy on Debian 8 (preferred by FreeSWITCH developers). We also have a FreeBSD, CentOS, and Devuan install scripts. The install script ask no questions it just does the install and tells you a random password to login at the end. You can edit a resources/config.sh file that has all the defaults set in it if you want to preset usernames and passwords or change other defaults.

SLA - shared line appearance does work with FreeSWITCH and FusionPBX works great with Yealink and SPA phones.

In FusionPBX we also saw ghost calls which were fixed by changing the phones configuration to not accept un-authenticated calls.

The mention on security mod_xml_rpc is not even installed by default as we don't use it for anything. Also the install script adds a firewall but doesn't enable port 8787 this would be better to be accessed across a VPN for better security.

scottalanmiller

@markjcrane said in Replacing FreePBX with FusionPBX:

My name in Mark J. Crane I'm the creator and lead developer of FusionPBX. Some of the code for FusionPBX was written before I found FreeSWITCH in early alpha before its 1.0 release. Which would make FusionPBX a little more than 10 years. I started the project on pfSense as the FreeSWITCH package and later moved it out to get a larger audience and a real database server.

FusionPBX install is now very easy on Debian 8 (preferred by FreeSWITCH developers). We also have a FreeBSD, CentOS, and Devuan install scripts. The install script ask no questions it just does the install and tells you a random password to login at the end. You can edit a resources/config.sh file that has all the defaults set in it if you want to preset usernames and passwords or change other defaults.

SLA - shared line appearance does work with FreeSWITCH and FusionPBX works great with Yealink and SPA phones.

In FusionPBX we also saw ghost calls which were fixed by changing the phones configuration to not accept un-authenticated calls.

The mention on security mod_xml_rpc is not even installed by default as we don't use it for anything. Also the install script adds a firewall but doesn't enable port 8787 this would be better to be accessed across a VPN for better security.

Awesome. Thanks so much for popping in!!

markjcrane

Another thing you can do for increased security is use domain names and don't register phones to IP addresses as the authentication realm.

Reason for this is when anyone attempts to register to the IP address we know they are not a customer. We have a fail2ban rule that can be enabled

Edit file /etc/fail2ban/jail.conf find enabled = false and set it to true the two sections that should be enabled are:

[freeswitch-ip-tcp]
[freeswitch-ip-udp]

service fail2ban restart

It pains me a bit to have these disabled but currently they are disabled as we need to inform the user to use domain names instead of IP addresses if they want tighter security. When we can educate users enough we may default these to enabled.

markjcrane

@markjcrane With this fail2ban rule a bot or a hacker tries to brute force and register to the IP address of the server they are banned on the first attempt.

bigbear

@markjcrane said in Replacing FreePBX with FusionPBX:

Another thing you can do for increased security is use domain names and don't register phones to IP addresses as the authentication realm.

Reason for this is when anyone attempts to register to the IP address we know they are not a customer. We have a fail2ban rule that can be enabled

Edit file /etc/fail2ban/jail.conf find enabled = false and set it to true the two sections that should be enabled are:

[freeswitch-ip-tcp]
[freeswitch-ip-udp]

service fail2ban restart

It pains me a bit to have these disabled but currently they are disabled as we need to inform the user to use domain names instead of IP addresses if they want tighter security. When we can educate users enough we may default these to enabled.

@markjcrane I really appreciate you coming online and sharing that tip. One of the problems in FreePBX is IP addresses getting banned when and brief internet outage occurs on the client side. Its nearly impossible to roam with Bria on your smartphone for all the constant banning that occurs when you go from cellular to wifi, etc.

For anyone following along he is referring to the server address you use to connect from the endpoint. I create an A record in my DNS (for example *.sip.domain.com and then you can create subdomains on the fly for new tenants (customer1.sip.domain.com, customer2.sip.domain.com).

I am still trying to figure out the best order to create user/device/extensions. It seems like devices would be created automatically when they auto-provision, but I assume the username/extension should be created manually.

JaredBusch

I will certainly look into this, but It has to be stupid simple if it is going to be something I recommend.

It sounds great for you because you want to run something MT and have the skill to back it up.

That is not how the majority of people buy into phone systems though. Also, I have zero desire to be a phone provider.

I recommend, assist, and implement. I do not run it, there is no market there for new companies IMO.

I mean new "VoIP Providers" come out every day it seems like.

bigbear

@jaredbusch said in Replacing FreePBX with FusionPBX:

I will certainly look into this, but It has to be stupid simple if it is going to be something I recommend.

It sounds great for you because you want to run something MT and have the skill to back it up.

That is not how the majority of people buy into phone systems though. Also, I have zero desire to be a phone provider.

I recommend, assist, and implement. I do not run it, there is no market there for new companies IMO.

I mean new "VoIP Providers" come out every day it seems like.

I think you will be surprised, I have been so far. As a single-tenant solution its still faster than FreePBX, and I find the GUI faster as well.

I believe a lot of your MSP/Reseller types who have a dozen customers or so would see it as a no brainer over FreePBX because of the Domain/MT functionality and the ability to rebrand. Also there are no agressive ads pulling you in to competing services.

But all that aside, my primary goal is still to find and document a FOSS alternative to FreePBX the the average small business can spin up and use.

bigbear

@jaredbusch said in Replacing FreePBX with FusionPBX:

I will certainly look into this, but It has to be stupid simple if it is going to be something I recommend.

It sounds great for you because you want to run something MT and have the skill to back it up.

That is not how the majority of people buy into phone systems though. Also, I have zero desire to be a phone provider.

I recommend, assist, and implement. I do not run it, there is no market there for new companies IMO.

I mean new "VoIP Providers" come out every day it seems like.

Also I know you will figure out twice as much as me in half the time if you give FusionPBX a go @JaredBusch. lol

Alex Sage

@bigbear said in Replacing FreePBX with FusionPBX:

I am going with a $20 Vultr instance next as I plan to run 11 tenants and hundreds of phones off this install.

What happens when Vulrt goes down? Do you have 11 company's all calling you for support at the same time?

scottalanmiller

@aaronstuder said in Replacing FreePBX with FusionPBX:

@bigbear said in Replacing FreePBX with FusionPBX:

I am going with a $20 Vultr instance next as I plan to run 11 tenants and hundreds of phones off this install.

What happens when Vulrt goes down? Do you have 11 company's all calling you for support at the same time?

Do you mean if a Datacenter fails? Because that would affect FreePBX or FusionPBX the same.

scottalanmiller

The handy thing is that when the PBX goes down, the customers can't call you!

scottalanmiller

Datacenter failover is pretty simple with most PBX. We've done Canada to US failover before, no issues.

StuartJordan

Is there many people using Fusion PBX in production? is that much of a comparison compared to Freepbx? GUI looks slightly nicer than Freepbx.

bigbear

@aaronstuder said in Replacing FreePBX with FusionPBX:

@bigbear said in Replacing FreePBX with FusionPBX:

I am going with a $20 Vultr instance next as I plan to run 11 tenants and hundreds of phones off this install.

What happens when Vulrt goes down? Do you have 11 company's all calling you for support at the same time?

Same thing that happens now with my 11 FreePBX installs.

scottalanmiller

@bigbear said in Replacing FreePBX with FusionPBX:

@aaronstuder said in Replacing FreePBX with FusionPBX:

@bigbear said in Replacing FreePBX with FusionPBX:

I am going with a $20 Vultr instance next as I plan to run 11 tenants and hundreds of phones off this install.

What happens when Vulrt goes down? Do you have 11 company's all calling you for support at the same time?

Same thing that happens now with my 11 FreePBX installs.

But slightly (very slightly) easier to restore one system than eleven.

AdamF

If I were to guess, I would guess that @aaronstuder was talking about a single Vultr instance/fusionpbx instance going down, and thus taking out 11 clients.

bigbear

@stuartjordan said in Replacing FreePBX with FusionPBX:

Is there many people using Fusion PBX in production? is that much of a comparison compared to Freepbx? GUI looks slightly nicer than Freepbx.

There are a lot of people using it. In telecom people don't share and recommend much because everyone, even your small no-name itsp guy, all perceive themselves to be in competition.

And again, my focus is on getting more options for single tenant every day phone system installs.

scottalanmiller

@bigbear said in Replacing FreePBX with FusionPBX:

@stuartjordan said in Replacing FreePBX with FusionPBX:

Is there many people using Fusion PBX in production? is that much of a comparison compared to Freepbx? GUI looks slightly nicer than Freepbx.

There are a lot of people using it. In telecom people don't share and recommend much because everyone, even your small no-name itsp guy, all perceive themselves to be in competition.

And again, my focus is on getting more options for single tenant every day phone system installs.

It's true. It's rare for PBX / VoIP people to talk to each other. ML is rare in that we have several "competitors" talking openly with each other.

bigbear

@fuznutz04 said in Replacing FreePBX with FusionPBX:

If I were to guess, I would guess that @aaronstuder was talking about a single Vultr instance/fusionpbx instance going down, and thus taking out 11 clients.

I haven't had a single instance go down on Vultr since I started using it. Just some reboots during upgrades in NYC location.

With the way freeswitch and domains are setup, and with the single backup, it would still be easier to restore than FreePBX.

You could run 11 FusionPBX instances on $5 vultr machines. In fact Debian 8 would require less resources than the sangoma Linux distro