Friday, September 5, 2014

Asterisk Sip.conf

ASTERISK CONFIGURATION FILE

Asterisk config sip.conf

[tammari]
type=friend
callerid="Tuomas Tammisalo" <1000>
username=tammari
host=dynamic
secret=********
regcontext=tammari-internal
regexten=1005
dtmfmode=rfc2833
insecure=invite,port
canreinvite=yes
nat=yes
qualify=yes
context=merus-sipphone
pickupgroup=1
callgroup=1
mailbox=1000@default

Asterisk as a SIP client
Example:

; Register 2345@mysipprovider.com with authname 2345 at mysipprovider.com at sip provider as 1234 here:
register => 2345:password@mysipprovider.com/1234
; Register 1235@mysipprovider.com with authname 1235 and realm mysipprovider.com at proxyof.mysipprovider.com as s here.
; (as needed by budgetphone.nl):
register => 1235@mysipprovider.com:password:1235@proxyof.mysipprovider.com
  • user is the user id for this SIP server (ex 2345)
  • authuser is the optional authorization user for the SIP server
  • secret is the user's password
  • host is the domain or host name for the SIP server. This SIP server needs a definition in a section of its own in SIP.conf (mysipprovider.com).
  • port send the register request to this port at host. Defaults to 5060
  • /1234 is the Asterisk contact extension. 1234 is put into the contact header in the SIP Register message. The contact extension is used by remote SIP server when it needs to send a call to Asterisk. See the example below. The default context extension is "s".


Configuration file for Asterisk SIP channels, for both inbound and outbound calls.

Starting with Asterisk v1.2.0: The global option "port" in 1.0.X that is used to set which port to bind to has been changed to "bindport" to be more consistent with the other channel drivers and to avoid confusion with the "port" option for users/peers.

Starting with Asterisk v1.6.0: The previously deprecated options "insecure=very" and "insecure=yes" have now been removed. "insecure=invite,port" is the equivalent of "insecure=very"


In sip.conf under [general] add a register definition:

Format:

register => user[:secret[:authuser]]@host[:port][/extension]

or
register => fromuser@fromdomain:secret@host

or
register => fromuser@fromdomain:secret:authuser@host:port/extension


If you have problems with your network connection going up and down and you keep losing your sip registry, you may want to add  registerattempts and registertimeout settings to the general section above the register definitions. Setting registerattempts=0 will force Asterisk to attempt to reregister until it can (the default is 10 tries). registertimeout sets the length of time in seconds between registration attempts (the default is 20 seconds).

In case of DynDNS issues, for example with myasterisk.dyndns.org changing its IP, you might want to consider taking a look at ddclient to automate a "sip reload" in the CLI.

P.S. Note for sipgate.co.uk users: /extension must be your sipgate number (this is not true; I am using "99" --jrc) - define one to accept this in your extensions.conf. An alternate port does not seem to work with sipgate.co.uk unless it is defined as the bindport in sip.conf without the [:port] syntax.

Agreed, it's not very good to have a lot of cleartext passwords in this text file, but that's how it works now.
You only need to register if a) you want to be called, and b) you appear to the other side as having a dynamic IP address. Check the success of your own server's registrations at the CLI with "SIP SHOW REGISTRY", whereas you can obtain a list of clients that registered with your server with the help of "SIP SHOW PEERS". You may examine all details of a peer's registration with "SIP SHOW PEER <NAME>". Enter "HELP SIP" at the CLI for additional commands.

The server definition for outgoing calls looks like this:

[mysipprovider-out]
type=peer
secret=password
username=2345
host=sipserver.mysipprovider.com
fromuser=2345
fromdomain=fwd.pulver.com
canreinvite=no
insecure=invite,port
qualify=yes
nat=yes
context=from-mysipprovider ; this section will be defined in extensions.conf

In extensions.conf you'd then use a statement like this:

exten => _9.,1,Dial(SIP/${EXTEN:1}@mysipprovider-out,30,r)

Please note that the ${EXTEN:1} variable here extracts all but the first characters from the current extension (the current match), in this case: 9 + the following digits. Refer to the Asterisk variables Substrings section for more details

Here is the section(in extensions.conf) which routes calls from our sip provider to where we decide:

[from-mysipprovider]
exten => 1234,1,Answer ; 1234 is the contact extension, default contact extension is "s"
exten => 1234,2,Dial(SIP/111,25,Ttr) ; incoming calls are redirected to SIP telephone with number 111
exten => 1234,3,Hangup

Another example



[general]
context = (own_context in extensions.conf where recive the call )
realm = real.com
bindport=5060
srvlookup=yes
disallow=all
allow=ulaw
allow=gsm
language=en

trustrpid = yes 
sendrpid = yes  

register => fromuser@fromdomain:secret@host
register => XXXX@YYYY.com:AAAA@IP

[my_provider]
type=peer
fromuser=XXXX
fromdomain=YYYY.com
canreinvite=no
secret=AAAAA
insecure=invite,port
host= IP 
disallow=all
allow=gsm
allow=ulaw
allow=alaw
qualify=yes
nat=no

Outbound call in extensions.conf

exten => _X.,1,Dial(SIP/${EXTEN}@my_provider)

SIP Configuration - general

The [general] section of sip.conf includes the following variables:

  • allowsubscribe = yes|no : Allow or Ignore Subscribe requests
  • allow = <codec> : Allow codecs in order of preference (Use DISALLOW=ALL first, before allowing other codecs)
  • disallow = all : Disallow all codecs (global configuration)
  • Asterisk sip allowexternaldomains = yes|no : Enable/Disable INVITE and REFER to non-local domains. Default yes. (New in v1.2.x).
  • allowguest = yes|no : Allow or reject guest calls. Default is yes. (this can also be set to 'osp' if asterisk was compiled with OSP support). (New in v1.2.x).
  • Asterisk sip allowoverlap = yes|no : Enable/disable overlap dialing support. Default yes (Overlap dial provides for a longer time-out period between digits, also called the inter-digit timer. With overlap dial set to off, the gateway expects to receive the digits one right after the other coming in to this line with very little delay between digits. With overlap dial set to on, then the device waits up to about 2 seconds between digits).
  • autocreatepeer = yes|no : If set, anyone will be able to log in as a peer (with no check of credentials; useful for operation with SER). Default no.
  • Asterisk sip autodomain = yes|no : Enable/disable Asterisk's ability to add local hostnames and local IP address to the domain list. externip or externhost are also taken into the domain list. Default no. (New in v1.2.x).
  • bindaddr = IP_Address : IP Address to bind to (listen on). Default 0.0.0.0 (all network interfaces).
  • bindport = Number : UDP Port to bind to (listen on). Used to be port in Asterisk v1.0.x. Default 5060.
  • callerid = <string> : Caller ID information used when nothing else is available. Defaults to asterisk. (The ability to override the default appears to available in Asterisk 1.0.9. Unsure about other versions.)
  • canreinvite = update|yes|no|nonat (global setting): For some reason this defaults to yes, so beware...
  • Asterisk sip checkmwi = Number : Global interval (in seconds) between mailbox checks. Default 10 seconds. (New in v1.2.x)
  • Asterisk sip compactheaders = yes|no : Indicates Asterisk should send compact (i.e. abbreviated) headers in the SIP messages. Default no. (New in v1.2.x)
  • context = <contextname> : This is the default context and is used when a endpoint has no context property. The context in section of an endpoint is used to route calls from that endpoint to the wanted destination. The context body is located in extensions.conf.
  • defaultexpiry= Number : Default duration (in seconds) of incoming/outgoing registration. Default 120 seconds.
  • domain = domains : Comma separated list of domains which Asterisk is responsible for. (New in Asterisk 1.2.x)
  • dtmfmode = inband|info|rfc2833 (global setting). Default rfc2833. Warning: inband very high CPU load.
  • dumphistory = yes|no : Enable support for dumping of SIP conversation's transaction history to LOG_DEBUG. Default no. (New in v1.2.x)
  • externip = IP_Address or a hostname : Address that we're going to put in SIP messages if we're behind a NAT. If a hostname is used as the value, then the IP address associated with the hostname is looked up only once during the reading of the sip.conf. If you want support for a hostname associated with a dynamic IP address, use Asterisk sip externhost.
  • externhost = hostname.tld : (New in Asterisk 1.2.x)
  • externrefresh = Number : Specify how often (in seconds) a hostname DNS lookup should be performed for the value entered in 'externhost'. Default 10 seconds. (New in Asterisk 1.2.x).
  • ignoreregexpire = yes|no : Indicates whether to use Contact information about a peer even if the information is stale because it has reached its expiration time. Default no. (New in v1.2.x)
  • jbenable = yes|no : Enables the use of a jitterbuffer on the receiving side of a SIP channel. (Added in Version 1.4)
  • jbforce = yes|no : Forces the use of a jitterbuffer on the receive side of a SIP channel. Defaults to "no". (Added in Version 1.4)
  • jbmaxsize = Number : Max length of the jitterbuffer in milliseconds. (Added in Version 1.4)
  • jbresyncthreshold = Number : Jump in the frame timestamps over which the jitterbuffer is resynchronized. Useful to improve the quality of the voice, with big jumps in/broken timestamps, usually sent from exotic devices and programs. Defaults to 1000. (Added in Version 1.4)
  • jbimpl = fixed|adaptive: Jitterbuffer implementation, used on the receiving side of a SIP channel. Two implementations are currently available - "fixed" (with size always equals to jbmaxsize) and "adaptive" (with variable size, actually the new jb of IAX2). Defaults to fixed. (Added in Version 1.4)
  • jblog = no|yes: Enables jitterbuffer frame logging. Defaults to "no". (Added in Version 1.4)
  • language = <string> : Default language used by any Playback()/Background().
  • limitonpeers = yes|no: If set to yes use only the peer call counter for both incoming and outgoing calls (ref. hints, subscriptions, BLF; added in 1.4)
  • localnet = NetAddress/Netmask : local network and mask.
  • fromdomain= <domain> : Sets default From: domain in SIP messages when acting as a SIP ua (client)
  • insecure = very|yes|no|invite|port : Specifies how to handle connections with peers. Default no (authenticate all connections). invite and portadded in v1.2.x, yes and very removed in v1.6.x, possible to use multiple options separated by commas from v1.4.x
  • maxexpiry = Number : Max duration (in seconds) of incoming registration we allow. Default 3600 seconds.
  • musicclass = one of the classes specified in musiconhold.conf
  • musdiconhold = same as musicclass
  • nat = yes|no : Please note that as of Asterisk 1.0.x nat can now have the values: yes|no|never|route. Default no which really means to use rfc3581 techniques.
  • notifymimetype = mediatype/subtype : Allow overriding of mime type in MWI NOTIFY used in voicemail online messages. Default application/simple-message-summary. (New in v1.2.x).
  • notifyringing = yes|no : Notify subscription on RINGING state. Default yes. (New in v1.2.x).
  • outboundproxy = IP_address or DNS SRV name (excluding the _sip._udp prefix) : SRV name, hostname, or IP address of the outbound SIP Proxy. (New in v1.2.x).
  • outboundproxyport = Number : UDP port number for the Outbound SIP Proxy. (New in v1.2.x).
  • pedantic = yes|no : Enable slow, pedantic checking of Call-ID:s, multiline SIP headers and URI-encoded headers. Default no (in Asterisk 1.8 defaultyes).
  • port = <portno> : Default SIP port of peer. (this is not the port for Asterisk to listen. See bindport).
  • progressinband = never|no|yes : If we should generate in-band ringing always. Default never.
  • promiscredir= yes|no : Allows support for 302 Redirects; (Note: will redirect them all to the local extension returned in Contact rather than to that extension at the destination). Default no.
  • qualify = yes|no|milliseconds : Check if client is reachable. If yes, the checks occur every 60 seconds. Default no.
  • realm = my realm (Change authentication realm from asterisk (default) to your own. Requires Asterisk v1.x)
  • recordhistory = yes|no. Enable logging of SIP conversation's transaction history. Default no. (New in v1.2.x).
  • regcontext = context : Default context to use for SIP REGISTER replies from the SIP Registrar.
  • register => <username>:<password>:[authid]@<sip client/peer id in sip.conf>/<contact> :Register with a SIP provider
  • registerattempts = Number : Number of SIP REGISTER messages to send to a SIP Registrar before giving up. Default 0 (no limit). (New in v1.2.x).
  • registertimeout = Number : Number of seconds to wait for a response from a SIP Registrar before classifying the SIP REGISTER has timed out. Default 20 seconds. (New in v1.2.x).
  • relaxdtmf = yes|no: Default no.
  • rtautoclear = yes|no|number : Auto-Expire friends created on the fly. If yes the autoexpire will be in 120 seconds. Default yes. (New in v1.2.x). 
  • rtcachefriends = yes|no : Cache realtime friends by adding them to the internal list just like friends added from the config file. Default no. (New in v1.2.x).
  • rtsavesysname = yes|no : If set will write the value of asterisk.conf (options) systemname to the sip peer table in the field "regserver". Useful for multi-server systems. (New in v1.?)
  • rtpholdtimeout = Number : Max number of seconds of inactivity before terminating a call on hold. Default 0 (no limit). (New in v1.2.x).
  • rtpkeepalive = Number : Number of seconds, when a RTP Keepalive packet will be sent if no other RTP traffic on that connection. Default 0 (no RTP Keepalive). (New in v1.2.x).
  • rtptimeout = Number : Number of seconds, to wait for RTP traffic before classify the connection as discontinued. Default 0 (no RTP timeout). (New in v1.2.x).
  • rtupdate = yes|no : Send registry updates to the database when using Realtime support. Default yes. (New in v1.2.x).
  • sendrpid = yes|no : If a Remote-Party-ID SIP header should be sent. Default no.
  • sipdebug = yes|no. Default setting for whether SIP debug is enabled upon loading of the sip.conf. Default no. (New in v1.2.x).
  • srvlookup = yes|no : Enable DNS SRV lookups on calls. Default yes. (Default is no prior to v1.4.14)
  • tos = <value> : Set IP QoS parameters for outgoing media streams (numeric values are also accepted, like tos=184 )
  • trustrpid = yes|no : If Remote-Party-ID SIP header should be trusted. Default no.
  • useclientcode = yes|no : If yes, then the Call Originator as stated in the CDR will be changed to whatever is specified in a X-ClientCode SIP Header. Default no. (New in v1.2.x)
  • usereqphone = yes|no : Indicates whether to add a ";user=phone" to the URI. Default no. (New in v1.2.x)
  • useragent = <string> : Allow the SIP header "User-Agent" to be customized. Default asterisk.
  • videosupport = yes|no : Turn on support for SIP video  Default no.
  • vmexten = <string> : Dialplan extension to reach mailbox. Default asterisk. (New in v1.2.x)
  • callevents = yes|no: Set to yes to receive events on AMI when a call is put on/off hold.
  • disallowed_methods= (1.8.x) When a dialog is started with another SIP endpoint, the other endpoint should include an Allow header telling us what SIP methods the endpoint implements. However, some endpoints either do not include an Allow header or lie about what methods they implement. In the former case, Asterisk makes the assumption that the endpoint supports all known SIP methods. If you know that your SIP endpoint does not provide support for a specific method, then you may provide a comma-separated list of methods that your endpoint does not implement in the disallowed_methods option. Note that if your endpoint is truthful with its Allow header, then there is no need to set this option. This option may be set in the general section or may be set per endpoint. If this option is set both in the general section and in a peer section, then the peer setting completely overrides the general setting (i.e. the result is *not* the union of the two options). Note also that while Asterisk currently will parse an Allow header to learn what methods an endpoint supports, the only actual use for this currently is for determining if Asterisk may send connected line UPDATE requests. Its use may be expanded in the future.
  • preferred_codec_only= (1.8.x) Respond to a SIP invite with the single most preferred codec rather than advertising all joint codec capabilities. This limits the other side's codec choice to exactly what we prefer.
  • engine= (1.8.x) RTP engine to use when communicating with the device

SIP configurations - peers and clients

These variables can be configured for each SIP peer definition:

(If not specified, the configuration variable can be used for both type=peer and type=user.)
  • accountcode = <string> : Users may be associated with an accountcode. 
  • allow = <codec> : Allow codecs in order of preference (Use DISALLOW=ALL first, before allowing other codecs)
  • disallow = all : Disallow all codecs for this peer or user definition.
  • allowguest = yes|no : Allow or reject guest calls (default is yes, this can also be set to 'osp' if asterisk was compiled with OSP support). (New in v1.2.x).
  • amaflags : Categorization for CDR records. Choices are default, omit, billing, documentation. 
  • astdb : Appears to insert a value in the Asterisk database. See example below.
  • auth = <authname> : Value assigned to the Digest username= SIP header.
  • callerid = <string> : Caller ID information used when nothing else is available. Defaults to asterisk.
  • busylevel = number : Number of simultaneous calls until user/peer is busy
  • call-limit = number : Number of simultaneous calls through this user/peer.
  • callgroup = num1,num2-num3 : Defines call groups for calls to this device.
  • callingpres = number|descriptive_text : Set Caller-ID presentation on a call. Valid descriptive values are: allowed_not_screened, allowed_passed_screen, allowed_failed_screen, allowed, prohib_not_screened, prohib_passed_screen, prohib_failed_screen, prohib, and unavailable.  Default allowed_not_screened.
  • canreinvite = update|yes|no|nonat : If the client is able to support SIP re-invites. Default yes.
  • cid_number = <string> : On incoming (through this peer) calls sets the outbound $CALLERID(num) to <string>. (New in v.1.4.x)
  • context = <context_name> : If type=user, the Context for the inbound call from this SIP user definition. If type=peer, the Context in the dialplan for outbound calls from this SIP peer definition. If type=friend the context used for both inbound and outbound calls through the SIP entities definition. If no type=user entry matches an inbound call, then a type=peer or type=friend will match if the hostname or IP address defined inhost= matches.
  • defaultip = Dotted.Quad.IP.Addr : Default IP address of client if host=dynamic is specified. Used if client has not registered at any other IP address. Valid only for type=peer.
  • defaultuser = The new name for the 'username' variable.
  • directrtpsetup = yes|no: Similar to canreinvite, but right away passes media to the other party like a SIP proxy
  • dtmfmode = inband|info|rfc2833 : How the client handles DTMF signalling. Default rfc2833. Warning: inband very high CPU load.
  • fromuser = <from_ID> : Specify user to put in "from" instead of $CALLERID(number) (overrides the callerid) when placing calls _to_ peer (another SIP proxy). Valid only for type=peer.
  • fromdomain = <domain> : Sets default From: domain in SIP messages when placing calls _to_ peer. Valid only when in [general] section ortype=peer.
  • fullcontact = <sip:uri_contact> : SIP URI contact for realtime peer. Valid only for realtime peers.
  • fullname = "Full Name" : Sets outbound $CALLERID(name). (New in v1.4.x)
  • host = dynamic|hostname|IPAddr : How to find the client - IP # or host name. If you want the phone to register itself, use the keyword dynamicinstead of Host IP.
  • incominglimit and outgoinglimit = Number : Limits for number of simultaneous active calls for a SIP client. Valid only for type=peer.
  • insecure : very|yes|no|invite|port : Specifies how to handle connections with peers. Default no (authenticate all connections). invite and portadded in v1.2.x, yes and very removed in v1.6.x, possible to use multiple options separated by commas from v1.4.x
  • ipaddr : Dotted Quad IP address of the peer. Valid only for realtime peers.
  • language : A language code defined in indications.conf - defines language for prompts
  • mailbox = mailbox : Voicemail extension (for message waiting indications). Valid only for type=peer. Edit: also valid for type=friend (verified with 1.4.22.1).
  • md5secret : MD5-Hash of "<user>:==SIP_realm==:<secret>" (can be used instead of secret). Default for authenticating to an Asterisk server when SIP realm is not explicitly declared is "<user>:asterisk:<secret>".
  • musicclass = one of the classes specified in musiconhold.conf
  • musiconhold = Set class of musiconhold on calls from SIP phone. Calls to the phone require SetMusicOnHold cmd of higher priority (lower numerical value of priority) than Dial cmd in dialplan in order to set this class for the call. Calls have the MusicOnHold class set on a per call basis, not on a per phone basis, and making a call through any extension specifying SetMusicOnHold will override this value for the call.
  • subscribemwi: Instructs Asterisk to not send NOTIFY messages for message waiting indication (added in v1.4)
  • name = <name> : Name of the realtime peer. If the peer is an actual phone then this will generally be the extension number of that phone. On some softphones this field corresponds to the "username" field/option in the softphone's settings. Valid only for realtime peers.
  • nat = yes|no : This variable changes the behaviour of Asterisk for clients behind a firewall. This does not solve the problem if Asterisk is behind the firewall and the client on the outside. Please note that Asterisk 1.0.x nat can now have the values: yes|no|never|route; Asterisk 1.8 can have the values: yes|no|force_rport|comedia. Default no which really means to use rfc3581 techniques.
  • outboundproxy = IP_address or DNS SRV name (excluding the _sip._udp prefix) : SRV name, hostname, or IP address of the outbound SIP Proxy. Valid only in [general] section and type=peer. (New in v1.2.x).
  • permit, deny,mask : IP address and network restriction
  • pickupgroup : Group that can pickup fellow workers' calls using *8 and the Pickup() application on the *8 extension
  • port : SIP port of the client
  • progressinband = never|no|yes : If we should generate in-band ringing always. Default never.
  • promiscredir = yes|no : Allows support for 302 Redirects; (Note: will redirect them all to the local extension returned in Contact rather than to that extension at the destination). Default no.
  • qualify = yes|no|milliseconds : Check if client is reachable. If yes, the checks occur every 60 seconds. Valid only in [general] section andtype=peer.
  • regexten =
  • regseconds = seconds : Number of seconds between SIP REGISTER. Valid only for realtime peer entries.
  • restrictcid : (yes/no) To have the callerid restricted -> sent as ANI; use this to hide the caller ID. This does not seem to work. This variable has been deprecated as of v1.2.x.
  • rtpkeepalive = seconds : Number of seconds, when a RTP Keepalive packet will be sent if no other RTP traffic on that connection. Default 0 (no RTP Keepalive). Valid only in [general] section and type=peer.
  • rtptimeout = seconds : Terminate call if x seconds of no RTP activity when we're not on hold. Valid only in [general] section and type=peer.
  • rtpholdtimeout = seconds : Terminate call if x seconds of no RTP activity when we're on hold (must be larger than rtptimeout). Valid only in [general] section and type=peer.
  • secret : If Asterisk is acting as a SIP Server, then this SIP client must login with this Password (A shared secret). If Asterisk is acting as a SIP client to a remote SIP server that requires SIP INVITE authentication, then this field is used to authenticate SIP INVITEs that Asterisk sends to the remote SIP server. Asterisk 1.6.2.x: Changed the secret parameter to remotesecret.
  • sendrpid = yes|no : If a Remote-Party-ID SIP header should be sent. Default no.
  • setvar = variable=value : Channel variable to be set for all calls from this peer/user.
  • subscribecontext = <context_name> : Set a specific context for SIP SUBSCRIBE requests
  • trunkname: Indicates this peer definition is for a SIP trunk. As a result, the $CALLERID(name) will start off blank and requires the dialplan to set the $CALLERID(name). (New in v1.6.x)
  • trustrpid = yes|no : If Remote-Party-ID SIP header should be trusted. Default no.
  • type = user|peer|friend : Relationship to client - outbound provider or full client?
  • useclientcode = yes|no : If yes, then the Call Originator as stated in the CDR will be changed to whatever is specified in a X-ClientCode SIP Header. Default no. (New in v1.2.x)
  • usereqphone = yes|no : Indicates whether to add a ";user=phone" to the URI. Default no. Valid only in [general] and type=peer.
  • username = <username[@realm]> : If Asterisk is accepting SIP INVITE requests from a remote SIP client, this field specifies the user name for authentication. (Contrast with fromuser.) Also, for peers that register with Asterisk, this username is used in INVITEs until we have a registration.
  • vmexten = <string> : Dialplan extension to reach mailbox. Default asterisk. Valid only in [general] or type=peer.

Notes

  • Asterisk 1.6 and later support SIP over TCP. Before that it only supports SIP over UDP. Asterisk 1.8 comes with IPv6 support.For Grandstream phones: set dtmfmode=info

  • Asterisk uses the incoming RTP Stream as a timing source for sending its outgoing Stream. If the incoming stream is interrupted due to silence suppression then musiconhold will be choppy. So in conclusion, you cannot use silence suppression. Make sure ALL SIP phones have disabled silence suppression. 

Examples

Peer/User Sections

Each SIP client that connects to Asterisk needs a definition in SIP.CONF. Here is a few samples:

[grandstream1]

type=friend ; either "friend" (peer+user), "peer" or "user"
context=from-sip
username=grandstream1 ; usually matches the [section] title
fromuser=grandstream1 ; overrides the callerid, e.g. required by FWD
callerid=John Doe <1234>
host=192.168.0.23 ; we have a static but private IP address
nat=no ; there is not NAT between phone and Asterisk
canreinvite=yes ; allow RTP voice traffic to bypass Asterisk
dtmfmode=info ; either RFC2833 or INFO for the BudgeTone
mailbox=1234@default ; mailbox 1234 in voicemail context "default"
disallow=all ; need to disallow=all before we can use allow=
allow=ulaw ; Note: In user sections the order of codecs
; listed with allow= does NOT matter!
;allow=alaw
;allow=g723.1 ; Asterisk only supports g723.1 pass-thru!
;allow=g729 ; Pass-thru only unless g729 license obtained
astdb=chan2ext/SIP/grandstream1=1234 ; ensures an astDB entry exists

[xlite1]
;Turn off silence suppression in X-Lite ("Transmit Silence"=YES)!
;Note that Xlite sends NAT keep-alive packets, so qualify=yes is not needed
type=friend
username=xlite1
callerid="Jane Smith" <5678>
host=dynamic
nat=yes ; X-Lite is behind a NAT router
canreinvite=no ; Typically set to NO if behind NAT
disallow=all
allow=gsm ; GSM consumes far less bandwidth than G711-u (ulaw)
allow=ulaw
allow=alaw

[user1_snomsip] 
type=friend
secret=blah
host=dynamic
dtmfmode=inband ; Choices are inband, rfc2833, or info
defaultip=192.168.0.59
mailbox=1234,2345 ; Mailbox for message waiting indicator
disallow=all
allow=ulaw ; since we chose 'inband' for dtmf we must use g.711

allow=alaw

[user2_pingtel]
type=friend
username=user2_pingtel
secret=blah
host=dynamic
qualify=1000 ; Consider it down if it's 1 second to reply
callgroup=1,3-4 ; we are member of the call groups 1, 3 and 4
pickupgroup=1,3-4 ; we can do call pick-up with *8 for the callgroups 1, 3 and 4
defaultip=192.168.0.60
disallow=all
allow=ulaw
allow=alaw
allow=g729

[user3_cisco]

type=friend
username=user3_cisco
secret=blah
nat=yes ; This phone may be natted
host=dynamic
canreinvite=no ; Cisco poops on reinvite sometimes
qualify=200 ; Qualify peer is no more than 200ms away
defaultip=192.168.0.4
disallow=all
allow=ulaw
allow=alaw
allow=g729

[user4_cisco1]
type=friend

username=user4_cisco
fromuser=markster ; Specify user to put in "from" instead of callerid
secret=blah
defaultip=192.168.0.4 ; use either host=dynamic or defaultip=...
amaflags=default ; Choices are default, omit, billing, documentation
accountcode=markster ; Users may be associated with an accountcode to ease billing
disallow=all
allow=ulaw
allow=alaw
allow=g729
allow=g723.1

After you defined these SIP client accounts in SIP.conf you are able to login to the asterisk server from clients and place calls. To receive calls, you need to configure extensions in extensions.conf.

 Example:

exten => 1010,1, Dial(SIP/user3_cisco,10,t)

If someone calls extension 1010, the sip client logged in as user3_cisco is dialled in order to receive the call.

Notes

                 The variable ${VXML_URL} can be used to add additional items to the To: header. The value is appended, after a semicolon, to the SIP To: header. Note that previous documentation on this site was incorrect; this variable has nothing to do with pushing pages to a Cisco 7960 phone (something that is currently impossible in the Cisco SIP firmware).

                 The variable ${ALERT_INFO} can be used to create a new header called Alert-Info: which can be used to create distinctive ringing on the Cisco SIP-enabled phone devices with firmware version 6.0 onward. For Cisco 7940/60, ALERT_INFO can have the value of any of the following built-in ringtones:

- Bellcore-BusyVerify
- Bellcore-Stutter
- Bellcore-MsgWaiting
- Bellcore-dr1
- Bellcore-dr2
- Bellcore-dr3
- Bellcore-dr4
- Bellcore-dr5

                   It is not currently possible to specify a custom ring tone, only a cadence on the default ringtone. You will have to listen quite carefully to tell that the ringing is different. 

Using Asterisk together with SER

[general]
context=OUTGOING
autocreatepeer=yes

[Provider]
type=friend
username=XXXXX
secret=XXXXX
host=xxxxx.FakeProvider.com


So when Asterisk receives a call from SER it will "autocreatepeer" and give access to the OUTGOING context.

Using Asterisk together with OpenSER

[general]
context=OUTGOING
autocreatepeer=yes

[Provider]
type=friend
username=__what_so_ever__
secret=__what_so_ever__
host=xyz.FakeProvider.com


Asterisk will create peer when receives a call from OpenSER and gives access to the OUTGOING context.
To use Asterisk and OpenSER together in realtime.

Controlling sip.conf from outside

  • Asterisk sip conf from mysql: As with all .conf files the #include statement can be applied to insert another file into sip.conf

Asterisk config iax.conf


In iax.conf you configure the Inter-asterisk ( IAX ) connections.The configuration of iax.conf 

Configuring IAX clients

From the sample IAX.CONF in the distribution:

Further user sections may be added, specifying a context and a secret used for connections with that given authentication name. Limited IP based access control is allowed by use of "permit" and "deny" keywords. Multiple rules are permitted. Multiple permitted contexts may be specified, in which case the first will be the default.

You can also override caller*ID so that when you receive a call you set the Caller*ID to be what you want instead of trusting what the remote user provides.

There are three authentication methods that are supported: md5, plaintext and rsa. The least secure is "plaintext", which sends passwords cleartext across the net. "md5" uses a challenge/response md5 sum arrangement, but still requires both ends have plain text access to the secret. "rsa" allows unidirectional secret knowledge through public/private keys. If "rsa" authentication is used, "inkeys" is a list of acceptable public keys on the local system that can be used to authenticate the remote peer, separated by the ":" character. "outkey" is a single, private key to use to authenticate to the other side.


Public keys are named /var/lib/asterisk/keys/<name>.pub while private keys are named /var/lib/asterisk/keys/<name>.key. Private keys should always be 3DES encrypted.

Codecs

The follow codecs are valid for the allow/disallow parameter:
  • g723.1
  • gsm
  • ulaw
  • alaw
  • g726
  • slinear
  • lpc10
  • adpcm
  • g729
  • speex
  • ilbc
  • h261
  • h263
  • all

Controlling the media path

With notransfer=yes you can prohibit Asterisk from stepping out of the media path and connecting the two endpoints directly to each other. This, of course, effects your call detail records (CDR) and billing information.
Note: This is quite similar to the sip.conf setting canreinvite=no

This has been changed in 1.4 to transfer=yes, options are yes no and mediaonly

TOS


Alternatively you can directly set the bit vlues:

tos=0x18 ; where the tos bits are set individually and in combination

For example

tos=0x10 = low delay
tos=0x08 = high throughput
tos=0x04 = high reliability
tos=0x02 = ECT bit set
tos=0x01 = CE bit set

or set multiple bits, such as

tos=0x18

to set both low delay and high throughput.

Simplifying dial strings in extensions.conf


Although IAX channel details (username, secret, etc.) can be written explicitly into each dial string in extensions.conf, dial strings can be simplified/clarified by storing all of this information in the iax.conf file and then simply referencing by the channel name:

Dial(IAX2/<peer name>/<exten>)

For example, to call IAXtel you can create an entry in iax.conf like this:

[iaxtel-outbound]
type=peer
username=<username>
secret=<secret>
peercontext=iaxtel
host=iaxtel.com

Then use a Dial command of:

exten => _1700XXXXXX,1,Dial(IAX2/iaxtel-outbound/${EXTEN})

Note: The "peercontext" setting is only available in Asterisk CVS as of 2004-06-26.

Table of command or directives you can use and where.

Needs updating: added to wiki Oct14, 2004
DirectiveValueGeneralPeerUser
allow<codec>YYY
disallow<codec>YYY
amaflags
Y

auth



autocreatepeer



bandwidth
YYY
bindaddr
Y

bindport
Y

callerid



callgroup



context

YY
defaultexpirey



defaultip



externip

SIP only - NSIP only - N
fromdomain



fromuser



host



port



incominglimit



jitterbuffer
Y

maxjitterbuffer
Y

maxexcessbuffer
Y

outgoinglimit



inkeys

YY
outkey

YY
insecure



language



localnet



mailbox



maxexpirey



md5secret

YY
notransfer

YY
peercontext



pedantic



permit

YY
deny

YY
pickupgroup



qualify

YY
register
Y

restrictcid



secret

YY
srvlookup



sourceaddress

Y
tos

YY
trunkfreq
Y

trunk

YY
trustrpid



type

Y
useragent



username



videosupport





For the most up to date list of directives supported by your version of Asterisk, check the source code for your version. In the file channels/chan_iax2.c, look for the functions named build_user, build_peer, and set_config. They contain directive names supported in the type=user, type=peer, and[general] sections of iax.conf, respectively. You don't have to be able to understand C to find the directive names, either; they're quite obvious. The information you find in the source will be more accurate than any list you're likely to find on a wiki page.

More Example IAX Provider


register => my_user:secret@host


[my_iaxprovider]
type=peer
auth=md5
notransfer=yes
host=IP
disallow=all
allow=gsm
allow=ulaw
allow=alaw
qualify=yes
trunk=yes

[my_user]
type=user
auth=md5
notransfer=yes
disallow=all
allow=gsm
allow=ulaw
trunk=yes
secret=XXXX
context= (context in extensions.conf where i want recive the incoming call)

N.B. Outbound calling in extensions.conf

exten =>_X.,1,Dial(IAX2/my_user:secret@my_iaxprovider/${EXTEN})


Tips

Register commands to connect to another IAX server has to be in the [general] section of iax.conf.

To set up IAX in trunk mode, add "trunk=yes" to your definition in iax.conf. IAX Trunking needs support of a hardware timer.

Do not use both "host=dynamic" and "defaultip=111.222.333.444".

If you do not use IP-based access control for all of your type=user entries, and you expect your Asterisk installation to be reasonably secure, your iax.conf file must contain a "guest" entry with no secret specified. When a remote system connects to yours, it can connect without specifying a username (that is, connect anonymously). If you have a type=user section which does not specify a secret, Asterisk will allow them to connect with any secret specified in the file. This means that if you have a large number of type=user entries but no guest entry in iax.conf, someone only has to guess any one of your secrets to connect to your server as that user. In other words, they do not need to know both the username and the secret; the secret alone is enough! Asterisk gives preference to a secretless user for anonymous incoming connections, though, so the inclusion of such a section will solve this problem. For more information on IAX authentication within Asterisk.

Add a last entry in iax.conf with no password to force anonymous calls into a specific context.If you use realtime, don't have any user without a password and without permit/deny.Use the general option mailboxdetail=yes for details and the number of waiting voicemails. Works with most IAX phones like the AT-320 or softphones.If you have "update_registry: Restricting registration for peer 'xxxxxx' to 60 seconds (requested 1200)", you can add maxregexpire=1300 to the [general] section.

Troubleshouting

Incoming IAX calls

For troubleshooting IAX calls, turning on IAX debugging output can be very useful. In Asterisk 1.4 or later, the CLI command 'iax2 set debug on' turns on debugging output. In Asterisk 1.2, use 'iax2 debug' to enable IAX debugging output, and 'iax2 no debug' to turn it back off again.

Rejected connect attempt from 213.1.2.3, who was trying to reach '987654321@'

  • Turn on iax debugging and see as which user the incoming call is trying to connect.
  • You will probably need to have a type=user section which does not specify a secret= line.
  • Check your context= lines. The first context= line listed in that section will be used if the call doesn't request a specific context.

CAUSE 50: No Authority Found

  • Turn on iax debugging.
  • Check if the username of the incoming call exists as section name (the text in square brackets) in iax.conf. Note: it is not sufficient to have this specified only in a username= line; username= is used for outbound (i.e., type=peer) connections only. Note that this section will typically have type=user, though type=friend will also work.

CallToken Support required

if you get
Nov 2 15:58:47 ERROR[823]: chan_iax2.c:4040 handle_call_token: Call rejected, CallToken Support required. If unexpected, resolve by placing address 192.168.1.1 in the calltokenignore list or setting user iaxhorst requirecalltoken=no 
Since AST-2009-006 there is a check for a call token performed. Older clients (e.g. Asterisk 1.2 before 1.2.35) don't support call tokens, so there is a parameter

requirecalltoken=no

per peer or

calltokenoptional = 192.168.1.0/255.255.255.0

per subnet.

Asterisk config mgcp.conf

Example


;
; MGCP Configuration for Asterisk
;
[general]
port = 2427
bindaddr = 0.0.0.0

[dlinkgw] ; on my setup I put the mac address here which is set as the word with which to authenticate
host = 192.168.0.64
callgroup=1
context = default
callerid="David" <ext3> ; This will apply to all lines "line" after until callerid is defined again
line => aaln/1
callgroup=2
context = internal_callers
callerid="John" <ext3>
line => aaln/2
line => * ; for some reason on my dlink it doesn't work unless I have this line.

[192.168.0.123]
context=from-mgcp
host=192.168.0.123
threewaycalling=yes
;transfer=yes allows FLASH transfers and requires threewaycalling
callwaiting=yes
;is there a way to operate MGCP devices behind NAT?
nat=no
canreinvite=yes
callgroup=0,2-5
pickupgroup=0,1
cancallforward=yes
callerid="Sven Svoboda" <1234>
accountcode=BillingSvoboda
mailbox=5444@from-mgcp
line => aaln/1


Please note

  • When typing "reload" on the console, the asterisk doesnt reread the mgcp.conf. You have to restart Asterisk. After v0.7.2 a patch was introduced that supposedly fixes this behaviour and allows the use of "reload". 
  • Use the "mailbox=1234@context" notation if your mailbox is not located in the default context! With the advent of Voicemail2 (and the removal of voicemail version 1 in the end of 2003 from the Asterisk code) voicemail has become context sensitive.

Cisco 7960 MGCP sample config


I have noticed that sometimes 7960 will hang or reboot but chan_mgcp is rock solid.

;
; MGCP Configuration for Asterisk
;
[general]
port = 2727
bindaddr = 192.168.1.1
disallow = all
allow = ulaw
allow = alaw

[0009e8812533] ; mac address of cisco phone
context=local
host=192.168.1.20
callerid = "Amer" <3456>
threewaycalling=yes
transfer=yes ; transfer requires threewaycalling=yes. Use FLASH to transfer
callwaiting=yes ; this might be a cause of trouble for ip10s
cancallforward=yes
line => d001

[003094c44326]
context=local
host=192.168.1.122
callerid = "Amer" <3457>
threewaycalling=yes
transfer=yes ; transfer requires threewaycalling=yes. Use FLASH to transfer
callwaiting=yes ; this might be a cause of trouble for ip10s
cancallforward=yes
line => d001

ShoreTel 210 Sample Config


[general]
port = 2727
bindaddr = 0.0.0.0

[192.168.1.137]
accountcode = 1000 ; record this in cdr as account identification for billing
amaflags = billing ; record this in cdr as flagged for 'billing', 'documentation', or 'omit'
context = home
host = 192.168.1.137
wcardep = * ; enables wildcard endpoint and sets it to '*' another common format is 'aaln/*'
callerid = "ShoreTel" <123>
callwaiting = no
callreturn = no
cancallforward = no
canreinvite = no
transfer = yes
dtmfmode = inband
line => SHOR_001049007E83 ;you can see this value in the error messages you get at the * console if this is wrong

No comments:

Easy Way to Handle Android Notifications

Android Notifications Android Toast class provides a handy way to show users alerts but problem is that these alerts are not persist...