VoIP Phones - Asterisk: Difference between revisions
(42 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
<indicator name="VoIPConfiguring">[[File:menu-voip.svg|link=:Category:VoIP Phones|30px|Back up to the VoIP Configuring page]]</indicator> |
|||
[[File:Asterisk_logo.png]] |
[[File:Asterisk_logo.png]] |
||
*[[IPv6]] Works! |
|||
Asterisk is extremely flexible and covering different uses for it is outside the scope of this example as the setup used here was very basic. |
|||
Asterisk is extremely flexible and covering different uses for it is outside the scope of this example as the setup used here was very basic. You should read through the included documentation, especially the security documentation, before configuring Asterisk for the first time. |
|||
==Registration== |
|||
We want to register, as that makes configuration simpler and avoids the "feature" where Asterisk replaces the caller ID of the person who called you with the username that was used to authenticate the call. |
|||
= Configuration = |
|||
Also, by registering we can help avoid the situation where calls are being sent to a server that is not responding as registration will eventually time out. |
|||
Asterisk has two methods to configure SIP connections. The legacy "sip.conf" (SIP) and the more modern "pjsip.conf" (PJSIP). |
|||
Newer installations of Asterisk should be configured to use PJSIP as it will be more supported as Asterisk development continues, '''however''' it's been reported that PJSIP doesn't support in-band DTMF detection properly. You may need to switch back to legacy sip.conf if this affects you. The official recommendation on the [https://trac.pjsip.org/repos/wiki/FAQ#dtmf PJSIP FAQ] seems to be to write your own plugin if you need it. In-band DTMF support seems like an important thing to have, so we suggest raising a bug to report a missing feature in PJSIP if this affects you! |
|||
In sip.conf register: |
|||
<syntaxhighlight> |
|||
It isn't a good idea to have an installation that mixes sip.conf with pjsip.conf. |
|||
register => +44123456789:password@voiceless.aa.net.uk |
|||
When reading the instructions below be aware which are for sip.conf and which are for pjsip.conf. |
|||
=pjsip.conf (PJSIP)= |
|||
==PJSIP: Trunk registration== |
|||
Here is an example of a working pjsip.conf setup where Asterisk will register with A&A to receive calls. |
|||
In pjsip.conf: |
|||
[reg_442082881111] |
|||
type = registration |
|||
retry_interval = 20 |
|||
fatal_retry_interval = 20 |
|||
forbidden_retry_interval = 20 |
|||
max_retries = 9999 |
|||
auth_rejection_permanent = no |
|||
contact_user = maininbound |
|||
expiration = 120 |
|||
outbound_auth = auth_reg_442082881111 |
|||
client_uri = sip:+442082881111@voiceless.aa.net.uk |
|||
server_uri = sip:voiceless.aa.net.uk |
|||
[auth_reg_442082881111] |
|||
type = auth |
|||
password = BusinessPaidGrewCome |
|||
username = +442082881111 |
|||
[aaisptrunk] |
|||
type = aor |
|||
contact = sip:+442082881111@voiceless.aa.net.uk |
|||
qualify_frequency=20 |
|||
[aaisptrunk] |
|||
type = identify |
|||
endpoint = aaisptrunk |
|||
match = voiceless.aa.net.uk |
|||
[aaisptrunk] |
|||
type = endpoint |
|||
context = maininbound |
|||
dtmf_mode = rfc4733 |
|||
disallow = all |
|||
allow = alaw |
|||
allow = ulaw |
|||
direct_media = no |
|||
rtp_symmetric = yes |
|||
aors = aaisptrunk |
|||
outbound_auth=auth_reg_442082881111 |
|||
Calls come into the context "maininbound" in extensions.conf - in this example calls get sent onto extension 222 and 205 for 20 seconds and then go to voicemail. |
|||
[maininbound] |
|||
exten = maininbound,1,Dial(PJSIP/222&PJSIP/205,20) |
|||
exten = maininbound,n,Voicemail(222@default,us) |
|||
In extensions.conf you can dial out via the trunk with: |
|||
exten => _X.,1,Dial(PJSIP/${EXTEN}@aaisptrunk,,) |
|||
exten => s-BUSY,1,Playtones(busy) |
|||
exten => s-CONGESTION,1,Playtones(congestion) |
|||
exten => s-CHANUNAVAIL,1,Playtones(unobtainable) |
|||
exten => s-NOANSWER,1,Playtones(congestion) |
|||
==PJSIP: Trunk without registration== |
|||
Use the above example but do not include the top section for "[reg_442082881111]". |
|||
Then set the AAISP control panel to point to your server by hostname or IP address:<br /> |
|||
[[File:Asterisk pjsip noregistration.png|border]] |
|||
==PJSIP: Keep-Alive / Anti-Idle== |
|||
If you are using a firewall or NAT router with short timeouts on UDP sessions you can force packets to be sent over the connection to keep it alive. |
|||
Set qualify_frequency in the aor section; This triggers an OPTIONS message every X (as set) seconds. |
|||
An example of the aor section follows: |
|||
[aaisptrunk] |
|||
type = aor |
|||
contact = sip:+442082881111@voiceless.aa.net.uk |
|||
qualify_frequency=20 |
|||
==PJSIP: IPv6== |
|||
By default PJSIP does not listen on IPv6.<br /> |
|||
At the top of pjsip.conf you will need to add another transport to go along with your IPv4 transport (usually a section with bind set to 0.0.0.0 or your IP address): |
|||
[transport-udp6] |
|||
type=transport |
|||
protocol=udp |
|||
bind=[::] |
|||
You may need to force the endpoint to use this transport (a small section of the endpoint section above but with the "transport = " line inserted): |
|||
[aaisptrunk] |
|||
type = endpoint |
|||
transport = transport-udp6 |
|||
==Status and Commands== |
|||
A good command within the asterisk software is the show registration command: |
|||
asterisk*CLI> pjsip show registrations |
|||
<Registration/ServerURI..............................> <Auth..........> <Status.......> |
|||
========================================================================================== |
|||
reg_442082881111/sip:voiceless.aa.net.uk auth_reg_442082881111 Registered |
|||
Objects found: 1 |
|||
In this example it shows that the Asterisk server is successfully registered with the Andrews & Arnold SIP server. |
|||
=sip.conf (SIP)= |
|||
== Incoming Calls == |
|||
=== User Section === |
|||
*Accept authenticated calls and route them to a context. |
|||
sip.conf: |
|||
<syntaxhighlight lang="ini"> |
|||
[aaisp-incoming-username] |
|||
type=user |
|||
context=aaisp-incoming-context |
|||
secret=aaisp-incoming-password |
|||
transport=udp |
|||
disallow=all |
|||
allow=alaw |
|||
trustrpid=yes |
|||
directmedia=no |
|||
</syntaxhighlight> |
</syntaxhighlight> |
||
*We send Remote-Party-Id with the privacy and screen settings, setting '''trustrpid=yes''' in the incoming SIP config will allow Asterisk to pass withheld/unknown on. |
|||
=== Authentication === |
|||
This will allow incoming calls to hit the default context (see Asterisk's included example sip.conf for examples of how to send the call to different contexts etc.). |
|||
*Voiceless must authenticate so that calls are recognised as the above peer section. |
|||
*You need to use the '''match_auth_username=yes''' setting otherwise Asterisk will not recognise Voiceless' initial requests. |
|||
sip.conf: |
|||
==Define a proxy== |
|||
<syntaxhighlight lang="ini"> |
|||
Defining us as a SIP proxy for outbound calls: |
|||
[general] |
|||
<syntaxhighlight> |
|||
match_auth_username=yes |
|||
[voiceless] |
|||
</syntaxhighlight> |
|||
type=peer ; Only for outbound calls |
|||
*We initially send an Authorization header with only a username, allowing Asterisk to identify Voiceless by username instead of by IP. By default Asterisk ignores the username when identifying peers. |
|||
remotesecret=password ; password |
|||
defaultuser=+44123456789 ; Auth username |
|||
fromdomain=Asterisk ; Might be good to put your hostname here. |
|||
== Outgoing Calls == |
|||
*Either use a separate '''type=peer''' section or combine incoming and outgoing in one '''type=friend''' section |
|||
=== Separate Section === |
|||
sip.conf: |
|||
<syntaxhighlight lang="ini"> |
|||
[aaisp-outgoing-account] |
|||
type=peer |
|||
host=voiceless.aa.net.uk |
host=voiceless.aa.net.uk |
||
defaultip=81.187.30.111 |
|||
defaultuser=aaisp-phone-number |
|||
remotesecret=aaisp-outgoing-password |
|||
transport=udp |
transport=udp |
||
disallow=all |
disallow=all |
||
allow=alaw |
allow=alaw |
||
directmedia=no |
|||
</syntaxhighlight> |
</syntaxhighlight> |
||
=== Combined Section === |
|||
==Dialplan== |
|||
sip.conf: |
|||
In extensions.conf we can define the default context, assuming we have a Snom registered: |
|||
<syntaxhighlight> |
<syntaxhighlight lang="ini"> |
||
[aaisp-incoming-username] |
|||
[default] |
|||
type=friend |
|||
exten => s,1,Dial(SIP/snom) |
|||
transport=udp |
|||
disallow=all |
|||
allow=alaw |
|||
directmedia=no |
|||
; incoming |
|||
context=aaisp-incoming-context |
|||
secret=aaisp-incoming-password |
|||
trustrpid=yes |
|||
; outgoing |
|||
host=voiceless.aa.net.uk |
|||
defaultip=81.187.30.111 |
|||
defaultuser=aaisp-phone-number |
|||
remotesecret=aaisp-outgoing-password |
|||
</syntaxhighlight> |
</syntaxhighlight> |
||
Here's how we could connect outbound calls from the Snom that we have: |
|||
<syntaxhighlight> |
|||
[snom] |
|||
exten => _X.,1,Dial(SIP/voiceless/${EXTEN}) |
|||
==Note: Order of sip.conf is important== |
|||
In sip.conf, ensure that your incoming config is before the config for the outgoing. |
|||
==Note: Asterisk and IPv6 SLAAC addresses== |
|||
Asterisk will bind to all [[IPv6]] addresses if it is set to use [[IPv6]]. This means that if you have a static IP and a SLAAC IP, Asterisk sometimes replies to invites sent to the static IP from the SLAAC IP instead which breaks things. We recommend using static IP addresses and disabling SLAAC (and privacy extensions) on the box running Asterisk until its [[IPv6]] support is more mature. |
|||
==Registration== |
|||
If you're behind NAT it is helpful to make Asterisk register. It re-registers every 120 seconds by default anyway so should keep NAT sessions open. |
|||
You can register (and tell Asterisk that it's behind NAT) with these settings under the [general] section: |
|||
<syntaxhighlight lang="ini"> |
|||
localnet=10.0.0.0/8 |
|||
register => +441234567980:outgoingpass@voiceless.aa.net.uk/extn |
|||
</syntaxhighlight> |
|||
In this example, extn is the extension that Asterisk will pass the call to. |
|||
Localnet should of course be set to whatever RFC1918 range you are using on your LAN. |
|||
==Dialplan== |
|||
To make this work in a real dialplan you will want something like the following examples in extensions.conf. |
|||
See Asterisk's included example sip.conf for examples of how to send the call to different contexts etc. |
|||
For outbound calls: |
|||
<syntaxhighlight lang="ini"> |
|||
exten => _X.,1,Dial(SIP/voiceless-out/${EXTEN}) |
|||
</syntaxhighlight> |
|||
For inbound calls (assuming you're routing call to a registered Snom): |
|||
<syntaxhighlight lang="ini"> |
|||
[voiceless-in] |
|||
exten => _X.,1,Dial(SIP/snom) |
|||
</syntaxhighlight> |
</syntaxhighlight> |
||
=Firewall & Security= |
|||
*You will also want to set up firewall rules, as per the [[VoIP Firewall]] page. |
|||
*Also see the [[VoIP Security]] page for information about securing your VoIP service. |
|||
=Further Help= |
|||
Customers using Asterisk and AAISP have created a website and IRC channel especially for this! |
|||
*http://www.aa-asterisk.org.uk/ |
|||
*irc://z.je/a&a-asterisk |
|||
[[Category:VoIP]] |
[[Category:VoIP Phones|Asterisk]] |
||
[[Category:VoIP Phones]] |
|||
[[Category:VoIP IPv6]] |
Latest revision as of 16:02, 10 December 2023
- IPv6 Works!
Asterisk is extremely flexible and covering different uses for it is outside the scope of this example as the setup used here was very basic. You should read through the included documentation, especially the security documentation, before configuring Asterisk for the first time.
Configuration
Asterisk has two methods to configure SIP connections. The legacy "sip.conf" (SIP) and the more modern "pjsip.conf" (PJSIP).
Newer installations of Asterisk should be configured to use PJSIP as it will be more supported as Asterisk development continues, however it's been reported that PJSIP doesn't support in-band DTMF detection properly. You may need to switch back to legacy sip.conf if this affects you. The official recommendation on the PJSIP FAQ seems to be to write your own plugin if you need it. In-band DTMF support seems like an important thing to have, so we suggest raising a bug to report a missing feature in PJSIP if this affects you!
It isn't a good idea to have an installation that mixes sip.conf with pjsip.conf.
When reading the instructions below be aware which are for sip.conf and which are for pjsip.conf.
pjsip.conf (PJSIP)
PJSIP: Trunk registration
Here is an example of a working pjsip.conf setup where Asterisk will register with A&A to receive calls.
In pjsip.conf:
[reg_442082881111] type = registration retry_interval = 20 fatal_retry_interval = 20 forbidden_retry_interval = 20 max_retries = 9999 auth_rejection_permanent = no contact_user = maininbound expiration = 120 outbound_auth = auth_reg_442082881111 client_uri = sip:+442082881111@voiceless.aa.net.uk server_uri = sip:voiceless.aa.net.uk [auth_reg_442082881111] type = auth password = BusinessPaidGrewCome username = +442082881111 [aaisptrunk] type = aor contact = sip:+442082881111@voiceless.aa.net.uk qualify_frequency=20 [aaisptrunk] type = identify endpoint = aaisptrunk match = voiceless.aa.net.uk [aaisptrunk] type = endpoint context = maininbound dtmf_mode = rfc4733 disallow = all allow = alaw allow = ulaw direct_media = no rtp_symmetric = yes aors = aaisptrunk outbound_auth=auth_reg_442082881111
Calls come into the context "maininbound" in extensions.conf - in this example calls get sent onto extension 222 and 205 for 20 seconds and then go to voicemail.
[maininbound] exten = maininbound,1,Dial(PJSIP/222&PJSIP/205,20) exten = maininbound,n,Voicemail(222@default,us)
In extensions.conf you can dial out via the trunk with:
exten => _X.,1,Dial(PJSIP/${EXTEN}@aaisptrunk,,) exten => s-BUSY,1,Playtones(busy) exten => s-CONGESTION,1,Playtones(congestion) exten => s-CHANUNAVAIL,1,Playtones(unobtainable) exten => s-NOANSWER,1,Playtones(congestion)
PJSIP: Trunk without registration
Use the above example but do not include the top section for "[reg_442082881111]".
Then set the AAISP control panel to point to your server by hostname or IP address:
PJSIP: Keep-Alive / Anti-Idle
If you are using a firewall or NAT router with short timeouts on UDP sessions you can force packets to be sent over the connection to keep it alive.
Set qualify_frequency in the aor section; This triggers an OPTIONS message every X (as set) seconds. An example of the aor section follows:
[aaisptrunk] type = aor contact = sip:+442082881111@voiceless.aa.net.uk qualify_frequency=20
PJSIP: IPv6
By default PJSIP does not listen on IPv6.
At the top of pjsip.conf you will need to add another transport to go along with your IPv4 transport (usually a section with bind set to 0.0.0.0 or your IP address):
[transport-udp6] type=transport protocol=udp bind=[::]
You may need to force the endpoint to use this transport (a small section of the endpoint section above but with the "transport = " line inserted):
[aaisptrunk] type = endpoint transport = transport-udp6
Status and Commands
A good command within the asterisk software is the show registration command:
asterisk*CLI> pjsip show registrations <Registration/ServerURI..............................> <Auth..........> <Status.......> ========================================================================================== reg_442082881111/sip:voiceless.aa.net.uk auth_reg_442082881111 Registered Objects found: 1
In this example it shows that the Asterisk server is successfully registered with the Andrews & Arnold SIP server.
sip.conf (SIP)
Incoming Calls
User Section
- Accept authenticated calls and route them to a context.
sip.conf:
[aaisp-incoming-username]
type=user
context=aaisp-incoming-context
secret=aaisp-incoming-password
transport=udp
disallow=all
allow=alaw
trustrpid=yes
directmedia=no
- We send Remote-Party-Id with the privacy and screen settings, setting trustrpid=yes in the incoming SIP config will allow Asterisk to pass withheld/unknown on.
Authentication
- Voiceless must authenticate so that calls are recognised as the above peer section.
- You need to use the match_auth_username=yes setting otherwise Asterisk will not recognise Voiceless' initial requests.
sip.conf:
[general]
match_auth_username=yes
- We initially send an Authorization header with only a username, allowing Asterisk to identify Voiceless by username instead of by IP. By default Asterisk ignores the username when identifying peers.
Outgoing Calls
- Either use a separate type=peer section or combine incoming and outgoing in one type=friend section
Separate Section
sip.conf:
[aaisp-outgoing-account]
type=peer
host=voiceless.aa.net.uk
defaultip=81.187.30.111
defaultuser=aaisp-phone-number
remotesecret=aaisp-outgoing-password
transport=udp
disallow=all
allow=alaw
directmedia=no
Combined Section
sip.conf:
[aaisp-incoming-username]
type=friend
transport=udp
disallow=all
allow=alaw
directmedia=no
; incoming
context=aaisp-incoming-context
secret=aaisp-incoming-password
trustrpid=yes
; outgoing
host=voiceless.aa.net.uk
defaultip=81.187.30.111
defaultuser=aaisp-phone-number
remotesecret=aaisp-outgoing-password
Note: Order of sip.conf is important
In sip.conf, ensure that your incoming config is before the config for the outgoing.
Note: Asterisk and IPv6 SLAAC addresses
Asterisk will bind to all IPv6 addresses if it is set to use IPv6. This means that if you have a static IP and a SLAAC IP, Asterisk sometimes replies to invites sent to the static IP from the SLAAC IP instead which breaks things. We recommend using static IP addresses and disabling SLAAC (and privacy extensions) on the box running Asterisk until its IPv6 support is more mature.
Registration
If you're behind NAT it is helpful to make Asterisk register. It re-registers every 120 seconds by default anyway so should keep NAT sessions open. You can register (and tell Asterisk that it's behind NAT) with these settings under the [general] section:
localnet=10.0.0.0/8
register => +441234567980:outgoingpass@voiceless.aa.net.uk/extn
In this example, extn is the extension that Asterisk will pass the call to. Localnet should of course be set to whatever RFC1918 range you are using on your LAN.
Dialplan
To make this work in a real dialplan you will want something like the following examples in extensions.conf. See Asterisk's included example sip.conf for examples of how to send the call to different contexts etc. For outbound calls:
exten => _X.,1,Dial(SIP/voiceless-out/${EXTEN})
For inbound calls (assuming you're routing call to a registered Snom):
[voiceless-in]
exten => _X.,1,Dial(SIP/snom)
Firewall & Security
- You will also want to set up firewall rules, as per the VoIP Firewall page.
- Also see the VoIP Security page for information about securing your VoIP service.