Installing FreePBX without IPv4 connectivity

My VPS provider of choice is [Hetzner Cloud](https://hetzner.cloud). I've been with them for about three years now. I run all of my self-hosted infrastructure there, including my PBXs, client PBXs, my gateway servers (a post for another time), and more.

Hetzner Cloud recently stopped including IPv4 addresses with all of their VPSs. This means that if I don't want to pay an extra €3.60/month per VPS, I've got no IPv4 connectivity.

I recently had a new client request a FreePBX instance. They have no IPv4 requirements, so I went ahead and attempted to set up on a new Hetzner Cloud VPS.

This turned out not to be as simple as I'd expected. As it turns out, asterisk.org, freepbx.org and diguim.com (yes, the Digium domain still hosts some required resources!) have no IPv6 connectivity, which turned out to be a bit of an issue, as the installation wants to download some resources itself. Besides for that, FreePBX has its own update procedure for modules and FreePBX itself.

Here's everything I ran into, and how I dealt with it.

**I am installing FreePBX [from source](https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9). This will likely still be helpful if you're using the [FreePBX Distro](https://wiki.freepbx.org/display/FOP/Installing+FreePBX+with+the+Official+Distro), but there will be very big differences.**

## Downloading Asterisk and FreePBX
This was the easiest part. I just downloaded the Asterisk and FreePBX tarballs locally, then `scp`ed them to the server.

This would be the same for `libpri` and `DAHDi`, but I'm installing this on a VPS, so I didn't bother with these.

## `get_mp3_source`
In the "Compile and install Asterisk" stage, after extracting the tarball, the installation guide has you run `contrib/scripts/get_mp3_source.sh`. This script does an `svn export` from the [asterisk.org Gerrit](https://gerrit.asterisk.org), which is IPv4 only.

(Side note - my understanding is that this can't be included in the tarball due to patent issues.)

Surprisingly, this repo is not mirrored to [Asterisk's Github](https://github.com/asterisk). You've got two options here:

* Download the repo ([https://gerrit.asterisk.org/admin/repos/mp3,general](https://gerrit.asterisk.org/admin/repos/mp3,general)) elsewhere and save it to `addons/mp3`, then run the script, or

* Mirror the repo to Github/any other Git remote (or even another SVN remote, if you really want!) with IPv6 support yourself, and replace the `svn export` line in the script with `git clone [YOUR_GIT_REMOTE]`. (This is what I did. Option one is probably quicker.)

## `make install`
The `make install` (depending on what's been selected at `menuselect`) will attempt to download from `downloads.digium.com` and `downloads.asterisk.org`. I dealt with this by setting up a proxy and replacing 

* "`downloads.digium.com`" on line 112 in `./build_tools/download_externals` and
* "`downloads.asterisk.org`" on line 25 in `./sounds/Makefile`

I did this with Traefik on one of my gateway servers:

    http:
      routers:
        digium-downloads:
          rule: "Host(`digium.[DOMAIN]`)"
          entryPoints:
            - "web"
          service: digium-downloads
    
        asterisk-downloads:
          rule: "Host(`asterisk.[DOMAIN]`)"
          entryPoints:
            - "web"
          service: asterisk-downloads
    
      services:
        digium-downloads:
          loadBalancer:
            passHostHeader: false
            servers:
              - url: "http://downloads.digium.com:80"
    
        asterisk-downloads:
          loadBalancer:
            passHostHeader: false
            servers:
              - url: "http://downloads.asterisk.org:80"


You could also set up a transparent proxy and redirect `downloads.digium.com` in `/etc/hosts`. Note that the `Makefile` does use HTTPS for `downloads.digium.com`, but the site will happily respond on HTTP.

## NPM
The installer uses NPM to install some components for the web interface. NPM (pre v17 - FreePBX uses v14, which is an LTS supported until April 2023) does support IPv6, but it always attempts to use a v4 address to talk to `registry.npmjs.org`.

You'll need to force NPM to use IPv6 by overriding DNS in `/etc/hosts`. Ping `registry.npmjs.org` from the server to get the best address (NPM is behind Cloudflare CDN), and add that to your `/etc/hosts`.

## Modules
FreePBX Modules are hosted at `mirror.freepbx.org`, which again, has no IPv6 connectivity.

You can change the remote FreePBX uses after installation, with `# fwconsole setting MODULE_REPO [REPO_HOST]`.
Again, I used my Traefik proxy server for this:

    http:
      routers:
        fpbx-modules:
          rule: "Host(`freepbx.[DOMAIN]`)"
          entryPoints:
            - "web"
          service: fpbx-modules
    
      services:
        fpbx-modules:
          loadBalancer:
            passHostHeader: false
            servers:
              - url: "http://mirror.freepbx.org:80"

## Dashboard not loading
At this point, when you attempt to load the FreePBX dashboard, it may sit at ~80% for about a minute before displaying.

You can solve this by adding the following line to `/etc/hosts`:
`::1 localhost.localdomain [YOUR_HOSTNAME]`.

This is because of `sendmail` (which runs on every pageload of the dashboard) complaining that your hostname is not an FQDN.

## IPv6 Transport
FreePBX does not currently support IPv6 transports, so you'll need to create them manually.

### `/etc/asterisk/pjsip.transports_custom.conf`
    [ipv6-udp]
    type=transport
    protocol=udp
    bind=[2a01:4f8:1c1b:1788::1]:5060
    verify_client=no
    verify_server=no
    allow_reload=yes
    tos=cs3
    cos=3

### `/etc/asterisk/pjsip.endpoint_custom_post.conf`
You'll need this for every endpoint on the system (trunk/extension):

    [ENDPOINT_NAME](+type=endpoint)
    transport=ipv6-udp

You can get a list of endpoints with `pjsip show endpoints` from the Asterisk CLI.

### `/etc/asterisk/pjsip.registration_custom_post.conf`
You'll need this for every registration on the system:

    [ENDPOINT_NAME](+type=registration)
    transport=ipv6-udp

You can get a list of endpoints with `pjsip show registrations` from the Asterisk CLI.

## Trunking
While not really to do with the installation, this _is_ something you'll need to think about.

Very few trunking providers seem to support IPv6 (shout-out to [SIPGate](sipgate.co.uk) - the only provider I was using who does). I've got the trunks coming in to my main PBX (dual-stack, IPv6 preferred), and out to this new one.

---
# And that should be it!

Everything seems to be running smoothly. IPv4 clients will not be able to connect, of course, but that's fine for this client.

Sangoma does know this is something people want:

* [https://community.freepbx.org/t/psa-ipv6-is-great-and-we-should-all-use-it/77288/2](https://community.freepbx.org/t/psa-ipv6-is-great-and-we-should-all-use-it/77288/2)

* [https://issues.freepbx.org/browse/FREEPBX-17711?focusedCommentId=131380&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-131380](https://issues.freepbx.org/browse/FREEPBX-17711?focusedCommentId=131380&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-131380) - According to this comment on the Issue Tracker (from 2018), IPv6 should be in by FreePBX 16! (Spoiler - it's not)

Please do let me know if this helped you, or if there’s anything I got wrong.

[Comment on Mastodon](https://tilde.zone/@ideclon/109661945808097322)

Mastodon: [@ideclon@tilde.zone](https://tilde.zone/@ideclon)

Matrix: [@me:ideclon.uk](https://matrix.to/#/@me:ideclon.uk)

tags: asterisk, freepbx, voip, ipv6only, ipv4-exhaustion