VoIP Phones - Asterisk

Back up to the VoIP Configuring page
From AAISP Support Site

Asterisk logo.png

Asterisk is extremely flexible and covering different uses for it is outside the scope of this example as the setup used here was very basic. You should read through the included documentation, especially the security documentation, before configuring Asterisk for the first time.

Configuration

Incoming Calls

User Section

  • Accept authenticated calls and route them to a context.

sip.conf:

[aaisp-incoming-username]
type=user
context=aaisp-incoming-context
secret=aaisp-incoming-password
transport=udp
disallow=all
allow=alaw
trustrpid=yes
directmedia=no
  • We send Remote-Party-Id with the privacy and screen settings, setting trustrpid=yes in the incoming SIP config will allow Asterisk to pass withheld/unknown on.

Authentication

  • Voiceless must authenticate so that calls are recognised as the above peer section.
  • You need to use the match_auth_username=yes setting otherwise Asterisk will not recognise Voiceless' initial requests.

sip.conf:

[general]
match_auth_username=yes
  • We initially send an Authorization header with only a username, allowing Asterisk to identify Voiceless by username instead of by IP. By default Asterisk ignores the username when identifying peers.


Outgoing Calls

  • Either use a separate type=peer section or combine incoming and outgoing in one type=friend section

Separate Section

sip.conf:

[aaisp-outgoing-account]
type=peer
host=voiceless.aa.net.uk
defaultip=81.187.30.111
defaultuser=aaisp-phone-number
remotesecret=aaisp-outgoing-password
transport=udp
disallow=all
allow=alaw
directmedia=no

Combined Section

sip.conf:

[aaisp-incoming-username]
type=friend
transport=udp
disallow=all
allow=alaw
directmedia=no
; incoming
context=aaisp-incoming-context
secret=aaisp-incoming-password
trustrpid=yes
; outgoing
host=voiceless.aa.net.uk
defaultip=81.187.30.111
defaultuser=aaisp-phone-number
remotesecret=aaisp-outgoing-password


Note: Order of sip.conf is important

In sip.conf, ensure that your incoming config is before the config for the outgoing.


Calls stop after 5 minutes? qualify_frequency

asterisk with pjsip - you may have a router that closes teh UDP session after a few minutes. If you have problems where calls can only flow in for around 5 minutes after registration / re-registration then you need to tell Asterisk / pjsip to send keep alives.

To do this, set qualify_frequency in the aor section, which seems to send an OPTIONS message every X (as set) seconds.

Note: Asterisk and IPv6 SLAAC addresses

Asterisk will bind to all IPv6 addresses if it is set to use IPv6. This means that if you have a static IP and a SLAAC IP, Asterisk sometimes replies to invites sent to the static IP from the SLAAC IP instead which breaks things. We recommend using static IP addresses and disabling SLAAC (and privacy extensions) on the box running Asterisk until its IPv6 support is more mature.


Registration

If you're behind NAT it is helpful to make Asterisk register. It re-registers every 120 seconds by default anyway so should keep NAT sessions open. You can register (and tell Asterisk that it's behind NAT) with these settings under the [general] section:

localnet=10.0.0.0/8
register => +441234567980:outgoingpass@voiceless.aa.net.uk/extn

In this example, extn is the extension that Asterisk will pass the call to. Localnet should of course be set to whatever RFC1918 range you are using on your LAN.


Dialplan

To make this work in a real dialplan you will want something like the following examples in extensions.conf. See Asterisk's included example sip.conf for examples of how to send the call to different contexts etc. For outbound calls:

exten => _X.,1,Dial(SIP/voiceless-out/${EXTEN})

For inbound calls (assuming you're routing call to a registered Snom):

[voiceless-in]
exten => _X.,1,Dial(SIP/snom)


Further Help

Customers using Asterisk and AAISP have created a website and IRC channel especially for this!


Firewall & Security

  • You will also want to set up firewall rules, as per the VoIP Firewall page.
  • Also see the VoIP Security page for information about securing your VoIP service.