Talk:VoIP Phones - Asterisk: Difference between revisions

From AAISP Support Site
No edit summary
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 7: Line 7:
context=aaisp-incoming-context
context=aaisp-incoming-context
secret=aaisp-incoming-password
secret=aaisp-incoming-password
transport=udp
disallow=all
allow=alaw
trustrpid=yes
trustrpid=yes
</pre>
</pre>
Line 12: Line 15:
== Authentication ==
== Authentication ==
*Voiceless must authenticated so that calls are recognised as the above peer section.
*Voiceless must authenticated so that calls are recognised as the above peer section.
*You need to use the '''match_auth_username=yes''' setting otherwise Asterisk will not recognise Voiceless' initial requests.
*There are two options: either detect Voiceless and ask it to authenticate, or request that every rejected INVITE from all sources authenticates.
*In both cases you need to use the '''match_auth_username=yes''' setting otherwise Asterisk will not recognise Voiceless' username.


=== Authenticate Everyone ===
*This is the more secure option as it stops your usernames from being enumerated by brute force.
*You can't allow a default guest context (unauthenticated calls) or calls from Voiceless will use it.
<pre>
<pre>
[general]
[general]
allowguest=no
alwaysauthreject=yes
match_auth_username=yes
match_auth_username=yes
</pre>
</pre>

=== Authenticate Voiceless ===
*This is the more complex option as you need to list every Voiceless name.
*It is the only option if you need to allow the default guest context (unauthenticated calls).
<pre>
[general]
; allowguest=yes
; alwaysauthreject=no
match_auth_username=yes

[aaisp-voiceless]
type=peer
md5secret=intentionally_invalid_md5_string

[aaisp-voiceless-a4](aaisp-voiceless)
host=a4.voiceless.aa.net.uk
defaultip=81.187.30.111

[aaisp-voiceless-b4](aaisp-voiceless)
host=b4.voiceless.aa.net.uk
defaultip=81.187.30.113

[aaisp-voiceless-c4](aaisp-voiceless)
host=c4.voiceless.aa.net.uk
defaultip=81.187.30.112

[aaisp-voiceless-d4](aaisp-voiceless)
host=d4.voiceless.aa.net.uk
defaultip=81.187.30.114
</pre>



= Outgoing Calls =
= Outgoing Calls =
Line 67: Line 33:
username=aaisp-phone-number
username=aaisp-phone-number
remotesecret=aaisp-outgoing-password
remotesecret=aaisp-outgoing-password
transport=udp
disallow=all
allow=alaw
</pre>
</pre>


Line 73: Line 42:
[aaisp-incoming-username]
[aaisp-incoming-username]
type=friend
type=friend
transport=udp
disallow=all
allow=alaw
; incoming
; incoming
context=aaisp-incoming-context
context=aaisp-incoming-context

Latest revision as of 20:04, 7 April 2015

Incoming Calls

Peer Section

  • Accept authenticated calls and route them to a context.
[aaisp-incoming-username]
type=peer
context=aaisp-incoming-context
secret=aaisp-incoming-password
transport=udp
disallow=all
allow=alaw
trustrpid=yes

Authentication

  • Voiceless must authenticated so that calls are recognised as the above peer section.
  • You need to use the match_auth_username=yes setting otherwise Asterisk will not recognise Voiceless' initial requests.
[general]
match_auth_username=yes

Outgoing Calls

  • Either use a separate type=user section or combine incoming and outgoing in one type=friend section

Separate Section

[aaisp-outgoing-account]
type=user
host=voiceless.aa.net.uk
defaultip=81.187.30.111
username=aaisp-phone-number
remotesecret=aaisp-outgoing-password
transport=udp
disallow=all
allow=alaw

Combined Section

[aaisp-incoming-username]
type=friend
transport=udp
disallow=all
allow=alaw
; incoming
context=aaisp-incoming-context
secret=aaisp-incoming-password
trustrpid=yes
; outgoing
host=voiceless.aa.net.uk
defaultip=81.187.30.111
username=aaisp-phone-number
remotesecret=aaisp-outgoing-password