Talk:VoIP Phones - Asterisk: Difference between revisions

From AAISP Support Site
No edit summary
No edit summary
Line 17: Line 17:
=== Authenticate Everyone ===
=== Authenticate Everyone ===
*This is the more secure option as it stops your usernames from being enumerated by brute force.
*This is the more secure option as it stops your usernames from being enumerated by brute force.
*You can't allow a default guest context (unauthenticated calls) or calls from Voiceless will use it.
<pre>
<pre>
[general]
[general]
allowguest=no
alwaysauthreject=yes
alwaysauthreject=yes
match_auth_username=yes
match_auth_username=yes
Line 25: Line 27:
=== Authenticate Voiceless ===
=== Authenticate Voiceless ===
*This is the more complex option as you need to list every Voiceless name.
*This is the more complex option as you need to list every Voiceless name.
*It is the only option if you need to allow the default guest context (unauthenticated calls).
<pre>
<pre>
[general]
[general]
; allowguest=yes
alwaysauthreject=no
; alwaysauthreject=no
match_auth_username=yes
match_auth_username=yes



Revision as of 19:35, 11 February 2015

Incoming Calls

Peer Section

  • Accept authenticated calls and route them to a context.
[aaisp-incoming-username]
type=peer
context=aaisp-incoming-context
secret=aaisp-incoming-password
trustrpid=yes

Authentication

  • Voiceless must authenticated so that calls are recognised as the above peer section.
  • There are two options: either detect Voiceless and ask it to authenticate, or request that every rejected INVITE from all sources authenticates.
  • In both cases you need to use the match_auth_username=yes setting otherwise Asterisk will not recognise Voiceless' username.

Authenticate Everyone

  • This is the more secure option as it stops your usernames from being enumerated by brute force.
  • You can't allow a default guest context (unauthenticated calls) or calls from Voiceless will use it.
[general]
allowguest=no
alwaysauthreject=yes
match_auth_username=yes

Authenticate Voiceless

  • This is the more complex option as you need to list every Voiceless name.
  • It is the only option if you need to allow the default guest context (unauthenticated calls).
[general]
; allowguest=yes
; alwaysauthreject=no
match_auth_username=yes

[aaisp-voiceless]
type=peer
md5secret=intentionally_invalid_md5_string

[aaisp-voiceless-a4](aaisp-voiceless)
host=a4.voiceless.aa.net.uk
defaultip=81.187.30.111

[aaisp-voiceless-b4](aaisp-voiceless)
host=b4.voiceless.aa.net.uk
defaultip=81.187.30.113

[aaisp-voiceless-c4](aaisp-voiceless)
host=c4.voiceless.aa.net.uk
defaultip=81.187.30.112

[aaisp-voiceless-d4](aaisp-voiceless)
host=d4.voiceless.aa.net.uk
defaultip=81.187.30.114


Outgoing Calls

  • Either use a separate type=user section or combine incoming and outgoing in one type=friend section

Separate Section

[aaisp-outgoing-account]
type=user
host=voiceless.aa.net.uk
defaultip=81.187.30.111
username=aaisp-phone-number
remotesecret=aaisp-outgoing-password

Combined Section

[aaisp-incoming-username]
type=friend
; incoming
context=aaisp-incoming-context
secret=aaisp-incoming-password
trustrpid=yes
; outgoing
host=voiceless.aa.net.uk
defaultip=81.187.30.111
username=aaisp-phone-number
remotesecret=aaisp-outgoing-password