I play and I think it is probably one of the greatest games created in recent history. Not because of the gameplay, but the enthusiasm and impact that it is making on the health of the players. Over the past few days I've seen a lot of people out and about walking through parks and the roads I regularly run, that very obviously don't live an active lifestyle. If the enthusiasm for the game sticks I think it has the potential to vastly improve the quality of life for a large portion of the population.

Also, it helped turn my normal 4 mile run into a more entertaining 7 miles. I'm all for breaking up the monotony of long runs.

@JaredBusch said in FreePBX External/Remote Extensions:

@RamblingBiped said in FreePBX External/Remote Extensions:

Option #1 up and running. Now to work on the OpenVPN part of the equation...

I have set this up but then ran into the problem of the OpenVPN port being blocked. Slightly hard to change once out in the wild.

That is a really good point. We've had some issues with OpenVPN failing/being blocked in Asia and had to resort to obfuscating the traffic via SSL encapsulation; which is unfortunately not an option with the Yealink phones. Chances are that wouldn't be a problem in UK, but I like the safe not sorry approach... And, Murphy's law usually rings true when you give it the opportunity...

Option #1 up and running. Now to work on the OpenVPN part of the equation...

Wow, this is kind of right along the lines of what I've been researching on remote extensions...

@scottalanmiller said in FreePBX External/Remote Extensions:

@aaronstuder said in FreePBX External/Remote Extensions:

I still like option 2 the best

Doesn't seem too bad to do.

HOW TO GET YEALINK PHONES CONNECTING OVER VPN
http://www.jsimmons.co.uk/2012/12/05/how-to-get-yealink-phones-connecting-over-vpn/

OpenVPN road warrior installer for Debian, Ubuntu and CentOS
https://github.com/Nyr/openvpn-install

If you don't want to use linux you can use windows (Hint: Use Linux )

Definitely option 2 is best AND is more flexible should moving around or whatever come up.

I think at this point I am going to get Option #1 up and running, and then work on implementing #2.

@aaronstuder said in FreePBX External/Remote Extensions:

@RamblingBiped said:

So for option #1 I'm looking at using a non-standard port number for SIP registration, credentials, and (eventually) limiting the registration to a single public IP address. With all of that in place, that should reasonably be secure correct?

Yes, but will you have a fixed IP?

Yes, the last time he did this trip that was the case.

@scottalanmiller said in FreePBX External/Remote Extensions:

@aaronstuder said in FreePBX External/Remote Extensions:

@scottalanmiller said in FreePBX External/Remote Extensions:

Option #1 will work and you can manage the security implications in a reasonable way.

How does NTG handle that?

Firewall limits on one side and extension capabilities on the other. If you limit the usefulness of hacking an extension you can, for some companies, bring the risk to effectively zero. Only works reliably if you can do the latter.

So for option #1 I'm looking at using a non-standard port number for SIP registration, credentials, and (eventually) limiting the registration to a single public IP address. With all of that in place, that should reasonably be secure correct?

@scottalanmiller said in FreePBX External/Remote Extensions:

Another style of option is ZeroTier on the PBX and then use a softphone to connect to it.

Unfortunately softphone is not an option, the employee is the CEO and he wants an actual phone on his desk.

@aaronstuder said in FreePBX External/Remote Extensions:

Will this be many users in different places, or many users in different places?

Single user in one place.

@aaronstuder said in FreePBX External/Remote Extensions:

You shouldn't need to be a OpenVPN expert. Maybe @JaredBusch can help.

From what little bit I've grasped from the Yealink documentation I've glanced at I think the constraints of the phone manufacturer are probably going to be the toughest part. There are some types of encryption that they don't support and possibly specific older versions of packages that are required to make it work...

Hopefully that's not the case and a current version of OpenVPN will get the job done without too much fuss.

I'm getting ready to setup my first remote extension for FreePBX and thought I'd tap the community for any recommendations/suggestions. I'm going to be using a Yealink T23G phone.

Right now I've got three options for configuring this.

1. External extension registered directly with FreePBX (using NAT).

2. External extension connected over OpenVPN and registered directly with FreePBX.

3. External extension connected directly to our SIP provider (VOIP.MS) via a sub-account.

Ideally, I would like to have option #2 setup. However, I'm not an OpenVPN expert and getting everything setup just right might take more time than I currently have. If any of you have done this I'd appreciate any pointers or extra resources you can provide.

With option #1 security is my primary concern. Have any of you worked with remote extensions in this way? If I am forced to go this route I eventually plan on restricting registration to the remote public IP address that the phone will be registering from, but I will not be able to do that until we know the public IP of the location that my employee will be working from.

Also, are there any gotchas involved with this type of registration happening from outside of North America? My employee is going to be spending several months in the UK.

I came across this jewel on reddit and thought I would share.

https://www.reddit.com/r/learnprogramming/comments/4rimxf/heres_a_list_of_234_free_online_programmingcs/

For anyone with the extra time and ambition there looks to be a little bit of everything in the mix.

@IRJ said in Constructive Criticism:

I read through your blog and it was easy to follow. I didn't watch the video, but I feel like I could follow the text well enough that I could go through the install.

Excellent, thanks!

I'm looking for some criticism on the format of the tutorial I just wrote on building a KVM Hypervisor. I've not been working much with my personal site recently, and as I've been playing catchup with documentation at work I figured it would be a great time to replicate my efforts into a generic tutorial and generate some new content.

I'm mostly concerned with the format and the ease of replicating the steps by those that are not as experienced working with Linux. Any feedback and recommendations appreciated.

Thanks!

https://www.ramblingbiped.com/build-a-kvm-qemu-hypervisor-on-ubuntu-16-04-server/

This is the command I usually use to clone one drive to another identical drive.

 dd if=/dev/sdX of=/dev/sdY bs=512 conv=noerror,sync

It uses the default block size to make a direct copy and keeps any errors from interrupting the process.

I've had problems come from changing to a larger blocksize before, so I usually just stick with the default of 512. If you are going to be moving between disks/partitions of different sizes you'll just need to start with a smaller image and make sure you resize your partitions and fix the filesystems after cloning. If you have a standard image you are working from you can test this out and find the largest block size that is stable and works for your specific task.

I wrote a small program in BASH that did a quick disk test/verification and automated the process of writing a standard image onto sd-cards of varying sizes (2GB up to 32GB) using dd and fdisk. It ended up replacing some old piece of software that ran on Windows and could not properly detect the newer larger capacity sd cards that our client wanted to start using.

@TAHIN So I should be able to get away with the same entry as what you have then? What does the addition of "a mx" add?

So if I do the soft fail then it will just notify receivers whether or not the message is legitimate, but if I do a hard fail it will block any messages that are not legitimate?

We use Google Apps for email and I'm looking to put some SPF records in place for our email service to ensure we are not blacklisted by spoofing of our mail domain. From what I've researched is it really as simple as entering the following text record in my DNS provider's record entries for our domain?

v=spf1 include:_spf.google.com ~all

https://support.google.com/a/answer/178723?hl=en

NFC readers with card access on all external public facing doors. Sensitive equipment and "off-limits" areas are behind traditional lock and key. We have door phones affixed to the main entrance and shipping area for visitor paging.

I use the Logitech K750 (solar powered) keyboard as my daily driver at the office. I like the light clacky chicklet style keys. It is surprisingly durable too, I've had it for almost 3 years now.