Talk:VoIP Phones - Asterisk: Difference between revisions

From AAISP Support Site
No edit summary
No edit summary
Line 9: Line 9:
trustrpid=yes
trustrpid=yes
</pre>
</pre>

== Authentication ==
== Authentication ==
*Voiceless must authenticated so that calls are recognised as the above peer section.
*There are two options: either detect Voiceless and ask it to authenticate, or request that every rejected attempt authenticates.
*There are two options: either detect Voiceless and ask it to authenticate, or request that every rejected INVITE from all sources authenticates.
*In both cases you need to use the '''match_auth_username=yes''' setting otherwise Asterisk will not recognise Voiceless' username.
*In both cases you need to use the '''match_auth_username=yes''' setting otherwise Asterisk will not recognise Voiceless' username.


Line 52: Line 54:
= Outgoing Calls =
= Outgoing Calls =
*Either use a separate '''type=user''' section or combine incoming and outgoing in one '''type=friend''' section
*Either use a separate '''type=user''' section or combine incoming and outgoing in one '''type=friend''' section

== Separate Section ==
<pre>
[aaisp-outgoing-account]
type=user
host=voiceless.aa.net.uk
defaultip=81.187.30.111
username=aaisp-phone-number
remotesecret=aaisp-outgoing-password
</pre>

== Combined Section ==
<pre>
[aaisp-incoming-username]
type=friend
; incoming
context=aaisp-incoming-context
secret=aaisp-incoming-password
trustrpid=yes
; outgoing
host=voiceless.aa.net.uk
defaultip=81.187.30.111
username=aaisp-phone-number
remotesecret=aaisp-outgoing-password
</pre>

Revision as of 19:31, 11 February 2015

Incoming Calls

Peer Section

  • Accept authenticated calls and route them to a context.
[aaisp-incoming-username]
type=peer
context=aaisp-incoming-context
secret=aaisp-incoming-password
trustrpid=yes

Authentication

  • Voiceless must authenticated so that calls are recognised as the above peer section.
  • There are two options: either detect Voiceless and ask it to authenticate, or request that every rejected INVITE from all sources authenticates.
  • In both cases you need to use the match_auth_username=yes setting otherwise Asterisk will not recognise Voiceless' username.

Authenticate Everyone

  • This is the more secure option as it stops your usernames from being enumerated by brute force.
[general]
alwaysauthreject=yes
match_auth_username=yes

Authenticate Voiceless

  • This is the more complex option as you need to list every Voiceless name.
[general]
alwaysauthreject=no
match_auth_username=yes

[aaisp-voiceless]
type=peer
md5secret=intentionally_invalid_md5_string

[aaisp-voiceless-a4](aaisp-voiceless)
host=a4.voiceless.aa.net.uk
defaultip=81.187.30.111

[aaisp-voiceless-b4](aaisp-voiceless)
host=b4.voiceless.aa.net.uk
defaultip=81.187.30.113

[aaisp-voiceless-c4](aaisp-voiceless)
host=c4.voiceless.aa.net.uk
defaultip=81.187.30.112

[aaisp-voiceless-d4](aaisp-voiceless)
host=d4.voiceless.aa.net.uk
defaultip=81.187.30.114


Outgoing Calls

  • Either use a separate type=user section or combine incoming and outgoing in one type=friend section

Separate Section

[aaisp-outgoing-account]
type=user
host=voiceless.aa.net.uk
defaultip=81.187.30.111
username=aaisp-phone-number
remotesecret=aaisp-outgoing-password

Combined Section

[aaisp-incoming-username]
type=friend
; incoming
context=aaisp-incoming-context
secret=aaisp-incoming-password
trustrpid=yes
; outgoing
host=voiceless.aa.net.uk
defaultip=81.187.30.111
username=aaisp-phone-number
remotesecret=aaisp-outgoing-password