Talk:VoIP Phones - Asterisk: Difference between revisions
SimonArlott (talk | contribs) No edit summary |
SimonArlott (talk | contribs) No edit summary |
||
Line 17: | Line 17: | ||
=== Authenticate Everyone === |
=== Authenticate Everyone === |
||
*This is the more secure option as it stops your usernames from being enumerated by brute force. |
*This is the more secure option as it stops your usernames from being enumerated by brute force. |
||
*You can't allow a default guest context (unauthenticated calls) or calls from Voiceless will use it. |
|||
<pre> |
<pre> |
||
[general] |
[general] |
||
allowguest=no |
|||
alwaysauthreject=yes |
alwaysauthreject=yes |
||
match_auth_username=yes |
match_auth_username=yes |
||
Line 25: | Line 27: | ||
=== Authenticate Voiceless === |
=== Authenticate Voiceless === |
||
*This is the more complex option as you need to list every Voiceless name. |
*This is the more complex option as you need to list every Voiceless name. |
||
*It is the only option if you need to allow the default guest context (unauthenticated calls). |
|||
<pre> |
<pre> |
||
[general] |
[general] |
||
; allowguest=yes |
|||
alwaysauthreject=no |
; alwaysauthreject=no |
||
match_auth_username=yes |
match_auth_username=yes |
||
Revision as of 19:35, 11 February 2015
Incoming Calls
Peer Section
- Accept authenticated calls and route them to a context.
[aaisp-incoming-username] type=peer context=aaisp-incoming-context secret=aaisp-incoming-password trustrpid=yes
Authentication
- Voiceless must authenticated so that calls are recognised as the above peer section.
- There are two options: either detect Voiceless and ask it to authenticate, or request that every rejected INVITE from all sources authenticates.
- In both cases you need to use the match_auth_username=yes setting otherwise Asterisk will not recognise Voiceless' username.
Authenticate Everyone
- This is the more secure option as it stops your usernames from being enumerated by brute force.
- You can't allow a default guest context (unauthenticated calls) or calls from Voiceless will use it.
[general] allowguest=no alwaysauthreject=yes match_auth_username=yes
Authenticate Voiceless
- This is the more complex option as you need to list every Voiceless name.
- It is the only option if you need to allow the default guest context (unauthenticated calls).
[general] ; allowguest=yes ; alwaysauthreject=no match_auth_username=yes [aaisp-voiceless] type=peer md5secret=intentionally_invalid_md5_string [aaisp-voiceless-a4](aaisp-voiceless) host=a4.voiceless.aa.net.uk defaultip=81.187.30.111 [aaisp-voiceless-b4](aaisp-voiceless) host=b4.voiceless.aa.net.uk defaultip=81.187.30.113 [aaisp-voiceless-c4](aaisp-voiceless) host=c4.voiceless.aa.net.uk defaultip=81.187.30.112 [aaisp-voiceless-d4](aaisp-voiceless) host=d4.voiceless.aa.net.uk defaultip=81.187.30.114
Outgoing Calls
- Either use a separate type=user section or combine incoming and outgoing in one type=friend section
Separate Section
[aaisp-outgoing-account] type=user host=voiceless.aa.net.uk defaultip=81.187.30.111 username=aaisp-phone-number remotesecret=aaisp-outgoing-password
Combined Section
[aaisp-incoming-username] type=friend ; incoming context=aaisp-incoming-context secret=aaisp-incoming-password trustrpid=yes ; outgoing host=voiceless.aa.net.uk defaultip=81.187.30.111 username=aaisp-phone-number remotesecret=aaisp-outgoing-password