Configuring a new FreePBX install — extensions, SIP trunk, first call

Your LYLIX PBX VPS came up with FreePBX® already installed, configured, and reachable on its public IP. This article walks the first hour after that: signing into the admin GUI, creating your first extension, registering a softphone, adding a SIP trunk, and making your first call. Each carrier walkthrough (Telnyx, Flowroute, VoIP.ms) gets its own dedicated article — start with this one to get the foundations in place, then pick a carrier article for the trunking details.

1. Sign in to the FreePBX admin GUI

Open https://<your-VPS-IP>/admin in your browser. Click through the self-signed cert warning if you haven't installed a real cert yet (see Setting up Let's Encrypt for that).

The admin username is admin; the password is what was in your welcome email (the same password you use for the LYLIX customer portal, set at first boot). Once you're in, change it immediately under Admin → Administrators → admin (edit). Use a different password from the portal — they're not in any way kept in sync after first boot.

If the welcome-email password doesn't work, single-sign on may have run before your password was set — recover via SSH:

ssh root@<your-IP>
mysql asterisk -e "UPDATE ampusers SET password_sha1=SHA1('newpass') WHERE username='admin';"

2. Set the system timezone, then reload

FreePBX defaults to its install-time timezone; verify yours under Settings → Advanced Settings (use the search box, look for "Default System Time Zone"). Set it to your operating timezone — call logs, scheduled jobs, and voicemail timestamps all depend on this. Click Submit then the red Apply Config button at top right.

3. Create your first extension

An extension is FreePBX's term for a phone — physical desk phone, softphone, or app. Each extension has its own SIP credentials.

1. Applications → Extensions
2. Click Add Extension → Add New Chan_PJSIP Extension (PJSIP is the modern stack; use it unless you have a specific reason to use the older chan_sip).
3. Fill in:
   • User Extension: a number, e.g. 1001
   • Display Name: human label, e.g. "John Mobile"
   • Secret: leave the autogenerated value (16+ random chars; you'll copy this into the softphone)
4. Click Submit, then Apply Config.

Make a note of the extension number and the Secret — you need both to register a phone against it.

4. Register a softphone for testing

Linphone (Android/iOS/desktop) or Zoiper are the easy options for "is the extension working" testing without buying a hardware phone. In the softphone's account setup:

• Username: your extension number (1001)
• Password: the Secret from FreePBX
• Server / Domain / SIP Host: your VPS public IP (or hostname if you've set up DNS for it)
• Transport: UDP (port 5060) for first test; TLS once you have a cert

The softphone should show "registered" within a few seconds. Back in FreePBX, Reports → Asterisk Info → Peers should show your extension with status "Reachable" or "OK".

If registration fails, the most common causes:

• Firewall — port 5060/UDP and RTP range (10000-20000/UDP by default) need to be reachable. FreePBX's Sysadmin → Intrusion Detection (fail2ban) might also be blocking your home IP after retries — wait 30 min or whitelist your IP.
• NAT — if your softphone is behind a NAT router (most home networks), Asterisk needs to know about it. See SIP behind NAT (Tier 2 article).
• Wrong transport — if you set FreePBX to require TCP or TLS but the softphone is sending UDP, registration silently fails. Match transports.

5. Make an extension-to-extension test call

Create a second extension (1002) and register a second softphone against it (different device, or a second account on the same softphone). Call 1002 from 1001. The call should go through immediately — no carrier involved, just FreePBX routing internally.

If extensions can reach each other, FreePBX's core is working correctly. Carrier trunks are the next step.

6. Add a SIP trunk to a carrier

A trunk is FreePBX's term for the connection to an external carrier (the people who give you the phone numbers and deliver the actual phone-network calls). You'll need a carrier account first — pick one and follow its dedicated article:

• Connecting FreePBX to Telnyx
• Connecting FreePBX to Flowroute
• Connecting FreePBX to VoIP.ms

The general shape is the same with all three:

1. In the carrier portal: create a SIP trunk / connection, get credentials and an outbound host.
2. In FreePBX: Connectivity → Trunks → Add Trunk → Add SIP (chan_pjsip) Trunk, paste in the carrier details.
3. In FreePBX: Connectivity → Outbound Routes → Add Outbound Route, pick the trunk, set a dial pattern (e.g. NXXNXXXXXX for 10-digit US numbers).
4. In FreePBX: Connectivity → Inbound Routes → Add Inbound Route, point your DID at an extension or IVR.
5. Click Apply Config.

7. Test outbound then inbound

From your registered softphone, dial a real number (your mobile is the obvious test target). You should hear ringback and, when answered, two-way audio.

If outbound fails:

• Asterisk → Reports → Asterisk Logfiles shows the live trace. Look for the carrier's response code — 403 Forbidden usually means auth failure, 404 means the dial pattern didn't match, 503 means a carrier-side issue.
• Confirm your outbound route's dial pattern matches what you're actually dialing. NXXNXXXXXX matches any 10-digit number where the first digit and the fourth digit are 2-9. Prefix 1 means the dialer must include the leading 1.
• Confirm the trunk is "registered" or "reachable" — check Reports → Asterisk Info → PJSIP Endpoints.

For inbound, have someone call the DID you assigned. The call should hit the extension or IVR you routed it to. If it doesn't ring:

• Check the inbound route's DID Number matches what the carrier is actually sending. Some carriers send +15551234567 (E.164 with the plus); some send 5551234567; some send 15551234567. Match exactly.
• Check the carrier-side configuration is sending to your VPS's IP and port (5060/UDP unless you configured TLS).

8. Lock down the system before you forget

Before you put real numbers through this and start receiving calls 24/7, do the basics:

• Admin password changed (done in step 1).
• SSH key auth set up, PasswordAuthentication no if you can — see first hour with a LYLIX VPS.
• fail2ban / intrusion detection on (FreePBX ships with it; verify under Admin → Sysadmin → Intrusion Detection).
• Firewall — block all SIP/RTP from anywhere except your carrier(s) IPs and your own home/office IP. FreePBX has a built-in firewall module; use it.
• Snapshot the VPS once everything's working (see snapshots article). Now you have a known-good restore point.

What's next

• Carrier-specific trunk setup — pick from the links above
• SIP behind NAT (Tier 2)
• Provisioning hardware phones (Tier 2)
• Inbound/outbound route patterns (Tier 2)

FreePBX® and Asterisk® are registered trademarks of Sangoma Technologies Corporation; LYLIX hosts FreePBX and Asterisk but is not affiliated with Sangoma.