pfSense 2.3 port settings for Asterisk FreePBX

pfSense 2.3 port settings for Asterisk FreePBX

Getting Asterisk VOIP systems set up and working behind a pfSense firewall has become routine as pfSense grows in popularity and as our clients switch from legacy phone systems to Voice over IP systems. The following setup instructions for opening firewall ports to allow SIP traffic through pfSense has been tested, and works, for Avaya, FreePBX and Asterisk VOIP systems. The process of opening the SIP and RTP ports is needed both to connect to the SIP trunk provider and to get audio working in both directions once connected. If you have audio only in one direction, take a look at the RTP port settings shown below. Option A: pfSense in an environment where you have multiple public IPs and with one IP assigned to your Asterisk / FreePBX or Avaya system. Option B: Port forwarding on pfSense for single IP system like you would have on a home Internet connection. Option A – using a dedicated static IP: Add Virtual IP Add 1:1 NAT for the Virtual IP Firewall rules to open SIP ports thru the pfSense Firewall rules to open RTP ports thru the pfSense 1. Add a Virtual IP Click on Firewall -> Virtual IPs Select IP Alias Add the extra static IP address assigned by your ISP Add a meaningful description 2. Add 1:1 NAT for the Asterisk Virtual IP Click on Firewall -> NAT -> 1:1 Add the VOIP server’s public IP under External subnet IP Internal IP is the Single Host with the private IP or your Asterisk or Avaya VOIP server Provide a good description and click Save 3. Firewall rules to open SIP ports through the pfSense Open SIP ports thru pfSense to the Asterisk server Click Firewall -> Rules...
Electron Microscope Setup!

Electron Microscope Setup!

After countless hours of reading manuals, schematics and myst documentation,  Mike Bales and the Santa Barbara Hackerspace crew were able to successfully assemble and power up the behemoth Scanning Electron Microscope (SEM) that was donated to the Space by Santa Barbara Infrared. This puts the SB Hackerspace into a small exclusive group of maker spaces which have electron microscopes for use by members and the public. The SEM has all the trappings of 1990’s complexity with multiple vacuum chambers, pumps, crystals, archaic x86 computers, CRTs and floppy drive image export.  It takes an impressive 3 hours for the SEM to fully boot up, reach high vacuum and be ready for use!  The SB Hackerspace has plans to convert the output to live HDMI feed for video and push-button image capture. This model, the Jeol JSM 6400 F Scanning Electron Microscope, also offers a nifty engraving feature.  Mike is offering to custom engrave your favorite poem onto the head of a tiny pentalobe TS1 screw in exchange for a donation to the SB Hackerspace.  You’ll need an Electron Microscope of your own to read the engraving 🙂 Because the SEM uses electromagnets and electrons rather than lenses and light, there is a much greater degree of magnification available. This electron microscope can produce very clear, sharp images all the way up to an astounding 300,000x magnification! Phoebe and I dropped by the Hackerspace to take the electron microscope for a...
letsencrypt.com changes the Internet forever!

letsencrypt.com changes the Internet forever!

Last week SpaceX changed space flight forever by launching, and then subsequently landing, a 15 story tall booster rocket on a moving platform in the ocean.  In a similar (but less dramatic) launch, letsencrypt.com has changed the Internet forever by offering free SSL certificates for everyone! SSL is the protocol that encrypts web traffic between your web browser and websites, making it a lot harder for the bad guys to listen in and steal your data. Let’s Encrypt is a non profit foundation funded by many of the biggest names in technology and their goal is to encrypt all web traffic.  To achieve this goal, Let’s Encrypt offers SSL certificates for free to anyone who asks. The process for getting the free certs is 100% automated with free tools available on Git Hub.  Back in the day, getting SSL certs was expensive and tedious so it is a welcomed pleasure to easily deploy certs for free to all our clients. Outside Open has committed to converting all the sites we manage to SSL by the end of Q2, 2016....
Apple will speed up your home or work network for $20

Apple will speed up your home or work network for $20

Even if your company (or home) doesn’t officially support Apple devices, it’s likely that there are dozens of BYOD Apple devices (BYOAD?) on the network.  When a new OS update or patch is released, all those devices clamor for bandwidth which can have a big impact on your Internet connection. Apple has released a fantastic tool that seamlessly supports all Apple devices on a network, even if they are totally unmanaged BYOD iPhones, MacBooks or iMacs:  Enter the OS X Server app available for $19.99 from the App Store! This is also a great tool in areas where bandwidth is metered or limited – updates or apps are downloaded and cached the first time they are requested and then all future devices that attempt to install that same update or app from the App Store will receive a copy from your local caching server. See the video below demonstrating the massive speed increase downloading a 6GB Mac OS X upgrade from a caching server in under 1 minute! How to set up caching in the OS X Server app Install the OS X Server app on a Mac that is likely to be powered on 24×7. Open the app and select local computer. Scroll down to the Services menu and click on enable Caching. Toggle the service to ON. Set Cache Size to a number that makes sense given available disk space.  80GB – 100GB is recommended. Permissions (this is really powerful) For most simple networks the default of “only local subnets” and “matching this server’s network” are perfect. If you use VLANs with a single outbound NAT IP, select “all networks” and “matching this server’s network”....
The importance of SSL and SEO

The importance of SSL and SEO

Google is constantly making improvements and tweaks to their ranking algorithm (which affects the order of search results) but occasionally, the changes are far more substantial than just a little tweak.  Read on as we focus on two of these major changes: #1 – Is access to your website encrypted with SSL? A substantial change to Google’s ranking algorithm is their focus on improving security across the web by rewarding SSL encrypted web sites with higher rankings. SSL is an inexpensive, painless feature to implement. With SSL in place, you will see a little green padlock icon next to the website address in your browser. For example, see the padlock when you browse to http://google.com. Some organizations take this one step further and opt for an Extended Validation SSL certification (EV Cert) which shows your company name and is often used by banks and other security minded organizations.  We have noticed that as more sites respond to Google’s changes, the lead time for an EV Cert is increasing – get started ASAP if you wish to implement and EV Cert. Studies have also show that having an EV Cert has been shown to increase conversions. All websites hosted and managed by Outside Open will be converted to SSL free of charge as part of your monthly hosting.  Contact us if your site hasn’t been upgraded yet and we’ll move you up the queue. Use this fantastic and free utility from Qualys SSL Labs to test your website’s SSL security status.     #2 – Is your site Mobile Friendly? In April 2015, Google announced that webpage search results would now be ranked based on mobile-friendliness. In other words, if your website is...