VoIP Phones - Asterisk: Difference between revisions

From AAISP Support Site
No edit summary
No edit summary
Line 20: Line 20:
trustrpid=yes
trustrpid=yes
</syntaxhighlight>
</syntaxhighlight>
*We send Remote-Party-Id with the privacy and screen settings, setting trustrpid=yes in the incoming SIP config will allow asterisk to pass withheld/unknown on.
*We send Remote-Party-Id with the privacy and screen settings, setting trustrpid=yes in the incoming SIP config will allow Asterisk to pass withheld/unknown on.


=== Authentication ===
=== Authentication ===
*Voiceless must authenticated so that calls are recognised as the above peer section.
*Voiceless must authenticate so that calls are recognised as the above peer section.
*You need to use the '''match_auth_username=yes''' setting otherwise Asterisk will not recognise Voiceless' initial requests.
*You need to use the '''match_auth_username=yes''' setting otherwise Asterisk will not recognise Voiceless' initial requests.


Line 31: Line 31:
match_auth_username=yes
match_auth_username=yes
</syntaxhighlight>
</syntaxhighlight>
*We initially send an Authorization header with only a username, allowing Asterisk to identify Voiceless by username instead of by IP. By default Asterisk ignores the username when identifying peers.





Revision as of 14:26, 23 April 2016

Asterisk logo.png

Asterisk is extremely flexible and covering different uses for it is outside the scope of this example as the setup used here was very basic. You should read through the included documentation, especially the security documentation, before configuring Asterisk for the first time.

Configuration

Incoming Calls

Peer Section

  • Accept authenticated calls and route them to a context.

sip.conf:

[aaisp-incoming-username]
type=peer
context=aaisp-incoming-context
secret=aaisp-incoming-password
transport=udp
disallow=all
allow=alaw
trustrpid=yes
  • We send Remote-Party-Id with the privacy and screen settings, setting trustrpid=yes in the incoming SIP config will allow Asterisk to pass withheld/unknown on.

Authentication

  • Voiceless must authenticate so that calls are recognised as the above peer section.
  • You need to use the match_auth_username=yes setting otherwise Asterisk will not recognise Voiceless' initial requests.

sip.conf:

[general]
match_auth_username=yes
  • We initially send an Authorization header with only a username, allowing Asterisk to identify Voiceless by username instead of by IP. By default Asterisk ignores the username when identifying peers.


Outgoing Calls

  • Either use a separate type=user section or combine incoming and outgoing in one type=friend section

Separate Section

sip.conf:

[aaisp-outgoing-account]
type=user
host=voiceless.aa.net.uk
defaultip=81.187.30.111
username=aaisp-phone-number
remotesecret=aaisp-outgoing-password
transport=udp
disallow=all
allow=alaw

Combined Section

sip.conf:

[aaisp-incoming-username]
type=friend
transport=udp
disallow=all
allow=alaw
; incoming
context=aaisp-incoming-context
secret=aaisp-incoming-password
trustrpid=yes
; outgoing
host=voiceless.aa.net.uk
defaultip=81.187.30.111
username=aaisp-phone-number
remotesecret=aaisp-outgoing-password


Note: Order of sip.conf is important

In sip.conf, ensure that your incoming config is before the config for the outgoing.


Note: Asterisk and IPv6 SLAAC addresses

Asterisk will bind to all IPv6 addresses if it is set to use IPv6. This means that if you have a static IP and a SLAAC IP, Asterisk sometimes replies to invites sent to the static IP from the SLAAC IP instead which breaks things. We recommend using static IP addresses and disabling SLAAC (and privacy extensions) on the box running Asterisk until its IPv6 support is more mature.


Registration

If you're behind NAT it is helpful to make Asterisk register. It re-registers every 120 seconds by default anyway so should keep NAT sessions open. You can register (and tell Asterisk that it's behind NAT) with these settings under the [general] section:

localnet=10.0.0.0/8
register => +441234567980:outgoingpass@voiceless.aa.net.uk/extn

In this example, extn is the extension that Asterisk will pass the call to. Localnet should of course be set to whatever RFC1918 range you are using on your LAN.


Dialplan

To make this work in a real dialplan you will want something like the following examples in extensions.conf. See Asterisk's included example sip.conf for examples of how to send the call to different contexts etc. For outbound calls:

exten => _X.,1,Dial(SIP/voiceless-out/${EXTEN})

For inbound calls (assuming you're routing call to a registered Snom):

[voiceless-in]
exten => _X.,1,Dial(SIP/snom)


Further Help

Customers using Asterisk and AAISP have created a website and IRC channel especially for this!


Firewall & Security

  • You will also want to set up firewall rules, as per the VoIP Firewall page.
  • Also see the VoIP Security page for information about securing your VoIP service.