Over the holidays, I took the plunge and updated my home phone system to version 3 of the 3CX software PBX. There are various improvements in version 9, including automatic blacklisting of IP addresses to help ward off VoIP hackers, and some options such as ringing your mobile at the same time as your extension.
The former will be quite useful – I’ve disabled direct SIP calls through my firewall at the moment, because once you turn them on, script kiddies will attack your PBX – though since my phone can connect to 3CX via mobile data, that’s cheaper than having the system call it the old fashioned way.
Installing the update
In theory, upgrading from 3CX 8 to 3CX 9 is straightforward. You use the backup tool to save your configuration (which can include all your voicemail files), uninstall version 8, then install version 9 and, during the initial setup wizard, you point it at the backup file, rather than walking through the installer and picking things like the number of digits for extensions, who’s the operator, and so on.
That’s the theory. In practice, it didn’t work. Installation went without a hitch, but then when the config wizard started, it told me there was a problem starting the ‘secondary database service’ and wasn’t able to go any further. The same happened when I tried to create a new PBX from scratch, thinking that perhaps I could then restore all my old settings.
In the end, the solution was pretty simple. After trying uninstalling and reinstalling a couple of times, I simply quit the config wizard when it started, and followed the instructions at the bottom of this article to perform a restore of the database from the command prompt.
That worked a treat, and got 3CX up and running again with all my old settings restored – aside from a couple of tweaks that were needed.
Time-based call forwarding
Some of the call forwarding rules that I set up using 3CX 8 weren’t imported to 3CX 9, because things are done slightly differently. For my business line, I use the Office Hours functionality of 3CX, ensuring that if anyone calls me outside 10am-6pm Monday to Friday, their call goes to voicemail.
I have a private number for family that always rings, and another number that I give to more casual acquaintances, like people I’ve chatted up. I obviously don’t want to be woken up in the middle of the night by a weirdo from the pub, so that number needs a different set of rules. Essentially, I only want calls to this number to ring between about 9am and 10pm.
In 3CX 8, that could be done by setting up advanced forwarding rules, which allowed you to specify certain hours in a rule, and direct calls accordingly, so to the voice menu during the daytime (which warns cold callers they may as well go away right now), and to voicemail the rest of the time. Incoming calls to the ‘public’ number were directed to a spare extension, which then used the rules to forward the call, and the voice menu would connect lucky winners to the phones in a particular ring group.
That’s not available in version 9, but there is a way to do it, once you get your head round how things work.
Forwarding rules in 3CX 9
Forwarding in version 9 is done by the phone status, eg Away, Busy and so on. But there are also two Custom status as well, and these are key to controlling calls by time of day the way I wanted them to be.
First, on the Office Hours tab for an extension, you can now choose global or specific office hours, so my spare or virtual extension can have its own office hours set.
Below that, you can tick ‘Automatically switch Office Hours Profiles.’
Move to the Other tab, and set the status of the extension to Custom #1 if it’s in office hours, or Custom #2 if it’s not. Now, the system will automatically switch between these two settings, based on the time of day.
On the Forwarding tab, there are sub-tabs for the different statuses, so on Custom #1 I have calls set to forward to the voice menu for call screening, and on Custom #2 they’re all forwarded to voicemail.
Once you’ve made the changes on all the tabs, just click Apply at the bottom right, and you’re done.
Interesting. I’ve been using an old version of Trixbox which I’ve hesitated to upgrade as it works and does everything I need to do. However, I do have some remote SIP extensions with friends and family and I’ve been frequently hit by script kiddies recently. I had to install fail2ban to identify and block rogue IP addresses.
Perhaps it’s time to try 3cx.
I’ve not yet played with the ban options, but they seem pretty comprehensive – you can set the number of failed authentication attempts before an IP address is blacklisted, and for how long, as well as a limit on the number of packets per second before first a five second barr and then a blacklist is imposed.
There’s also an option that flags weak passwords, too.