Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Asterisk on VPS - smart idea?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Asterisk on VPS - smart idea?

iburgeriburger Member
edited March 2018 in Help

Hi fellas,

I just bought myself a VOIP phone. (Cisco SPA504G model) and I want to mess around with Asterisk or FreePBX.

Now this is my problem:

  1. I could buy a raspberry pi and install Asterisk on that.
  2. Or I could just run Asterisk on my VPS. Beef that up a bit (if needed).

And connect my Cisco SPA504G to the static address of the VPS.

Smart idea? Bad idea? I'm curious. I want to get my landline number from a Voip/SIP provider, so I don't need any support for legacy phone systems.

Cheers

Links:

https://betanews.com/2016/05/19/udoo-x86-10x-more-powerful-than-raspberry-pi-3/

«1

Comments

  • I am using freepbx on Vultr from last 2 years i guess , very heavy usage and it just work . even i have 160-170 ms latency to Eu locations but it works great . i have to setup proper firewall rules as freepbx comes with so many packages and there might be vulnerabilities in them .

  • Wow. And I expect very low usage. That's quite awesome. I'm glad I did not buy the raspberry pi yet.

    Would you mind sharing your cpu/ram specs @hammad?

  • It's doable as @hammad says make sure you take the firewall seriously! If you are using freepbx use the firewall and fail2ban and everything possible. We had one customer run up £80k worth of calls in a weekend because of a poorly secured internet facing (a lot of remote staff) fully patched freepbx box. I would recommend using a VPN to connect your phone to it

    Thanked by 1FHR
  • iburgeriburger Member
    edited March 2018

    And 2nd question: do you actually directly connect your Voip hardware to your VM (vulture) box? Does that work? or do you need to open up the ports in your firewall (of your home lan) for that to work?

    Much appreciated.

  • Depends entirely on how you set it up. You will need to open ports on your VPS for sure. Locally it depends on how you handle the RTP streams, etc

  • @michaels: thanks for the advice: running top notch security is definitely something to look after in these cases. Actually, that be a reason to run it locally behind the wifi router after all.

  • Currently running on 5$ Instance , previously also tried on 2.5$ instance and that work too but those instance only available to US regions so the all problem was latency.

    i am using it for a small organization . 6 Pap2t Devices 12 Extensions total. 2 trunks .

    I am using almost 20 Hours of total talk time per Day and it works fine. ( Most of internal but trunks regular use too)

    also i have only used it for Chan Sip so i don't know about video calling or anything else.

    and i dont have to foreword ports on Local routers and Freepbx / Asterisk have option for Nat , if you enable it on server side and in each extension settings , you dont need to foreword ports on you router .

    @iburger said:
    And 2nd question: do you actually directly connect your Voip hardware to your VM (vulture) box? Does that work? or do you need to open up the ports in your firewall (of your home lan) for that to work?

    Much appreciated.

  • freerangecloudfreerangecloud Member, Patron Provider

    I've run Astrisk on a VPS without issues. The key is to get something with reasonable latency, I've found at <40ms works fine.

  • erkinerkin Member

    You will get rid of legacy phone systems but you will need internet connection everywhere to make a simple voice call. Think it as putting all eggs to one basket. The thing you call as a legacy system can make valuable help as a backup line when you need it.

  • cubedatacubedata Member, Patron Provider
    edited March 2018

    @erkin said:
    You will get rid of legacy phone systems but you will need internet connection everywhere to make a simple voice call. Think it as putting all eggs to one basket. The thing you call as a legacy system can make valuable help as a backup line when you need it.

    makes sense, still have a pots(plain old telephone service) line still as a backup incase the power goes out.

    Thanked by 1erkin
  • iburgeriburger Member
    edited March 2018

    Thanks erkin for talking some sense. The time effort to set this all up is quite big.

    Thanked by 1erkin
  • OBHostOBHost Member, Host Rep

    It will be a smart idea, We are offering Hosted PD to our clients based on KVM VPS and its worked fine for them, They used our hosted PD for like 30-50 calls per seconds and work A+.

    Need any assistance regarding this, Feel free to contact!

  • Used Linux vps (openvz) 128MB RAM + 128MB SWAP.. worked well...
    authenticate with SIP user/pass (semi-complex password) and dynamic IP address..
    each outgoing trunk had low balance (<$20)...
    Running only sshd and asterisk (with disa, callback, G729, no codec transcoding)...

    Lot of attempts with different user/password to connect, did not have a single incident (did run for few years). Log file got quite big from fail attempts and had to manually delete them...

  • filefile Member

    Many people do this. Just a few notes, though:

    1. Watch our announcements for security releases - if your system is publicly available then there can be security vulnerabilities that we resolve that can allow people to extract credentials or place calls.

    2. Use random or abnormal usernames, and use generated passwords. There are scanners out there that will attempt to scan the system from multiple sources to try to guess credentials and place calls.

    3. You can negate some of the above by using fail2ban for example to monitor logs and block attempts at the iptables level.

    4. Generally there is no configuration required on a NAT that a client is behind. Things mostly behave these days such that sending to the source IP address/port of traffic allows it to get back. It's only if Asterisk itself is behind NAT that you need to do anything involving the device doing NAT.

    5. Closer = better. Latency, jitter, and packet loss impact the VoIP experience. Endpoints have buffers and functionality built in to help tolerate this but it can only do so much and different endpoints can yield a different experience.

    Good luck and welcome to Asterisk!

    Thanked by 3mrTom MikePT kkrajk
  • MikePTMikePT Moderator, Patron Provider, Veteran

    @file are you really an Asterisk Dev? :O

    I might need your help for something very weird that has been happening with us.
    BTW, <3 Asterisk.

  • filefile Member

    I am. I've brought you such things as chan_pjsip, bridging, parts of the new ARI, video conferencing support, and countless other things I've forgotten about.

  • MikePTMikePT Moderator, Patron Provider, Veteran

    @file said:
    I am. I've brought you such things as chan_pjsip, bridging, parts of the new ARI, video conferencing support, and countless other things I've forgotten about.

    I think I've fallen in love with you.

    Do you mind if I PM you?
    There's a weird issue in Portuguese ISP's that you'd be interested in hearing about.
    Let's say we lose the connection to the trunk, and need to restart Asterisk.

  • MikePTMikePT Moderator, Patron Provider, Veteran

    Gentlemen, someone gives @file a custom title

    @AnthonySmith

  • filefile Member
    edited March 2018

    You can message me if you wish. If you're using chan_sip though there are cases where it goes into a state where it just won't re-register (if you are referring to an outbound registration). The chan_pjsip module has knobs to tweak that behavior. It also does DNS resolution at use time and load balances, unlike chan_sip.

    Thanked by 1MikePT
  • Throw $25 to voip.ms and call it a day. I mean there's some things you want control over like your email or networking. Handling VoIP is something I'd rather hand off to voip.ms for the $25 refill I throw on my account every 3-4 months.

  • MikePTMikePT Moderator, Patron Provider, Veteran

    @file said:
    You can message me if you wish. If you're using chan_sip though there are cases where it goes into a state where it just won't re-register (if you are referring to an outbound registration). The chan_pjsip module has knobs to tweak that behavior. It also does DNS resolution at use time and load balances, unlike chan_sip.

    Very interesting, thank you. I will definitely contact you tomorrow once I arrive to the office. Its a weird behaviour. I cant see anything in the logs that could explain it, granted I am no expert. I have been playing with the IVR system and such. This is a peculiar issue that we see happening sometimes, once per week or once per month. Issue is, this only happens with a Vodafone trunk. The secondary trunks work just fine. And its not isolated to us, it happens with other clients as well.

  • raindog308raindog308 Administrator, Veteran

    file said: Use random or abnormal usernames, and use generated passwords. There are scanners out there that will attempt to scan the system from multiple sources to try to guess credentials and place calls.

    You can negate some of the above by using fail2ban for example to monitor logs and block attempts at the iptables level.

    Or use a VPN...?

    doughmanes said: Throw $25 to voip.ms and call it a day.

    +1. I've used voip.ms and it worked like a charm. Of course, many variables, etc. but I agree that it's not a sexy or fun part of IT to self-manage and there are cheap providers who do a good job.

    Thanked by 1doughmanes
  • filefile Member

    A VPN is indeed also an option, but if you don't have a router that will do it then you're relying on support in the endpoint itself - which does exist but is not widespread. I was more approaching it from a maximum compatibility perspective.

  • agoldenbergagoldenberg Member, Host Rep

    Asterisk yes, freepbx I wouldn't unless you lock it down like fort Knox. Have seen far too many deployments hacked and racked up thousands of dollars in calls.

    Thanked by 1michaels
  • edited March 2018

    @erkin said:
    You will get rid of legacy phone systems but you will need internet connection everywhere to make a simple voice call. Think it as putting all eggs to one basket. The thing you call as a legacy system can make valuable help as a backup line when you need it.

    Everyone has cell phones and hardlines are often the same physical connection as the internet connection. So your argument doesn't really make sense.

  • raindog308 said: +1. I've used voip.ms and it worked like a charm.

    They're really receptive to feedback to add features. A few suggestions of mine have been rolled out over the past 2 years such as an extension being enabled for specific hours and it rings what you specify after hours.

  • Asterisk runs well on an OpenVZ, the base will run on a pretty low spec vps such as 128MB. Becareful of running GUIs as mine got hacked several time by someone from the Zionist entity and calls were placed to the Zionist entity costing me a few bob. This is the main issue with hosting asterisk on a VPS (mine gets targetted constantly) along with issues with ports. If you do go down the VPS route avoid Virmach, they kept suspending vps without notice claiming I was using it too much, I did max out the RAM (128MB) and disk (10GB - mostly log files from the hacking attacks), and sometimes I only found out 2-3 days later that they had done so. As it is critical, I am sure you'll avoid that, I have now been using DigitalOcean and have no issues like I was having with @Virmach.

    If you can get a second hand embedded device (like a 10Zig/Neoware), they can be used to have the asterisk at home which is less likely to be hacked and will probably work out cheaper in the long run than a vps. That's what I am setting up now as it only consumes 5W, has no moving parts/cooling etc rather than using a VPS. You can use astlinux on it which is updated regularly and well supported by a active user base.

  • job0121job0121 Member
    edited March 2018

    I also wonder what @virmach has to say... : -)

  • VirMachVirMach Member, Patron Provider

    asterisk14 said: If you do go down the VPS route avoid Virmach, they kept suspending vps without notice claiming I was using it too much, I did max out the RAM (128MB) and disk (10GB - mostly log files from the hacking attacks), and sometimes I only found out 2-3 days later that they had done so. As it is critical, I am sure you'll avoid that, I have now been using DigitalOcean and have no issues like I was having with @Virmach.

    If you were getting hacked/targeted and weren't maintaining your VPS properly and/or maxing out a shared CPU core or other resources to overload your VPS, then it would make sense that you would be suspended. I also highly recommend anyone avoiding us if they plan on breaking our AUP on a Micro+ package. I do apologize if you did not receive notices; in some emergency cases our anti-abuse system will disable your VPS until a reason is manually added by our staff, but automated systems allow us to waive suspension fees. In terms of maxing out RAM or disk, that's fine, those are 100% allocated to you by default and you may use all of it. My guess from what you said is that your load was high and/or you had malware on your VPS.

    If you believe our staff did not handle it properly, DM me and I can take a look.

    asterisk14 said: As it is critical, I am sure you'll avoid that, I have now been using DigitalOcean and have no issues like I was having with @Virmach.

    I don't think it's fair to compare a $7.50 per year limited support OpenVZ 128MB / 1GHz plan to a $5/mo 1GB higher clock KVM plan.

  • @VirMach said:

    asterisk14 said: If you do go down the VPS route avoid Virmach, they kept suspending vps without notice claiming I was using it too much, I did max out the RAM (128MB) and disk (10GB - mostly log files from the hacking attacks), and sometimes I only found out 2-3 days later that they had done so. As it is critical, I am sure you'll avoid that, I have now been using DigitalOcean and have no issues like I was having with @Virmach.

    If you were getting hacked/targeted and weren't maintaining your VPS properly and/or maxing out a shared CPU core or other resources to overload your VPS, then it would make sense that you would be suspended. I also highly recommend anyone avoiding us if they plan on breaking our AUP on a Micro+ package. I do apologize if you did not receive notices; in some emergency cases our anti-abuse system will disable your VPS until a reason is manually added by our staff, but automated systems allow us to waive suspension fees. In terms of maxing out RAM or disk, that's fine, those are 100% allocated to you by default and you may use all of it. My guess from what you said is that your load was high and/or you had malware on your VPS.

    I wasn't hacked, and my CPU load was minimal 0.01 most of the time.

    If you believe our staff did not handle it properly, DM me and I can take a look.

    Don't think I'll bother, you cancelled my vps after I complained it had been suspended.

    asterisk14 said: As it is critical, I am sure you'll avoid that, I have now been using DigitalOcean and have no issues like I was having with @Virmach.

    I don't think it's fair to compare a $7.50 per year limited support OpenVZ 128MB / 1GHz plan to a $5/mo 1GB higher clock KVM plan.

    I'm running it on a DigitalOcean now, but have run it on many providers, including LEB providers from here, and it was never suspended by any of them.

Sign In or Register to comment.