Asterisk

Asterisk is an open-source software PBX whose functionality can be extended by various modules. OpenWrt provides packages for Asterisk and most of its official modules via the telephony feed. On routers with Lantiq SoCs it's possible to use built in analogue FXS ports with Asterisk, turning these devices into VoIP gateways (see chan-lantiq for Asterisk).

This article focuses on Asterisk installation and basic SIP configuration on OpenWrt.

Asterisk has standard and long term support (LTS) releases. Have a look at Asterisk versions on the Asterisk wiki for the current upstream support status. An OpenWrt release usually includes both the latest standart and LTS release of Asterisk. If you're unsure which version you should install, pick the latest LTS release.

You can query the package table to get information about the Asterisk versions in OpenWrt, module names and their descriptions: Packages for Asterisk 16

Currently you can choose between two SIP stacks in Asterisk: chan_sip and chan_pjsip. chan_sip is no longer maintained and was marked as deprecated with the release of Asterisk 17.

Since chan_sip will be removed in a future release, it is recommended to use chan_pjsip for new installations and to migrate existing ones.

You can find help on how to migrate your configuration here.

While it's perfectly possible to install Asterisk via opkg, keep in mind that space on the OverlayFS ist limited on most devices. An Asterisk installation can be quite big and if you plan to use several modules, you may easily run out of space. In this case, you can try to build a custom image using the image builder.

Example:

opkg install asterisk16 asterisk16-codec-alaw asterisk16-codec-ulaw asterisk16-pjsip

If you still depend on the deprecated chan_sip, replace the last entry above with asterisk16-chan-sip.

The image builder can be used to build Asterisk packages directly into the SquashFS partition. Optionally you can exclude packages you don't need to save space.

Example command for an o2 Box 6431:

make image PROFILE=arcadyan_vgv7510kw22-nor PACKAGES="kmod-ltq-tapi kmod-ltq-vmmc kmod-ltq-ifxos asterisk16 asterisk16-pjsip asterisk16-bridge-simple asterisk16-codec-alaw asterisk16-codec-ulaw asterisk16-res-rtp-asterisk asterisk16-chan-lantiq"

VoIP services are a common attack target, so it's important to implement at least some basic security measures before putting an Asterisk server online. Take a look at this short overview on VoIP threats.

Asterisk security advisories are announced here: https://www.asterisk.org/downloads/security-advisories

Only install modules you really need, don't start by installing all Asterisk modules OpenWrt can offer. This not only wastes space, but also enlarges the possible attack surface.

For basic SIP operation it's enough to install a RTP stack (*-res-rtp-asterisk), a channel bridging module (asterisk*-bridge-simple) and needed audio codecs (normally *-codec-alaw or *-codec-ulaw) in addition to the SIP stack.

Don't expose SIP related ports on your WAN Interface. It's not necessary in most cases, but greatly affects security in a negative way. A lot of people think they need to forward ports for incoming calls, but in fact this isn't necessary - the registration process takes care to establish a connection to your SIP provider and to keep it alive.

If you have problems receiving incoming calls, you can try to install kmod-nf-nathelper-extra, see here or here.

Most SIP providers offer to block foreign or special numbers. It's highly recommended to make use of that if you don't need them. That way an attacker can't make calls to these numbers, even if your Asterisk installation gets compromised.

Asterisk configurations can differ to a great extend depending on provider/hardware/country, so it's difficult to provide generic configurations. On OpenWrt, Asterisk configuration files can be found under /etc/asterisk/. The most important files are the dialplan (extensions.conf) and the SIP channel configuration (pjsip.conf or sip.conf). Location specific tone indications are set in indications.conf. Links to the corresponding Asterisk-wiki-pages with details on configuration options are given below, together with working examples, taken from this forum thread.

After changing your Asterisk configuration, restart the server: /etc/init.d/asterisk restart

https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip

Example for Vodafone Germany:

pjsip.conf
[global]
type = global
endpoint_identifier_order = ip,username
 
[acl]
type = acl
deny = 0.0.0.0/0.0.0.0
permit = 127.0.0.1
;permit = 192.168.1.0/24 ;uncomment if you want to connect clients from LAN
permit = 88.79.152.xxx ;nslookup <area_code>.sip.arcor.de
 
[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0:5060
local_net = 127.0.0.1
local_net = 192.168.1.0/24
 
[reg_arcor]
type = registration
transport = transport-udp
contact_user = <area_code><your_number>
client_uri = sip:<area_code><your_number>@<area_code>.sip.arcor.de
server_uri = sip:<area_code>.sip.arcor.de
outbound_auth = auth_arcor
retry_interval = 30
forbidden_retry_interval = 300
max_retries = 10
auth_rejection_permanent = false
 
[auth_arcor]
type = auth
auth_type = userpass
realm = arcor.de
username = <area_code><your_number>
password = <password>
 
[aor_arcor]
type = aor
contact = sip:<area_code>.sip.arcor.de
 
[id_arcor]
type = identify
match = <area_code>.sip.arcor.de
endpoint = in_arcor
 
[in_arcor]
type = endpoint
transport = transport-udp
context = lantiq1_inbound
disallow = all
allow = alaw,g722,ulaw
disable_direct_media_on_nat = yes
rewrite_contact = yes
 
[out_arcor]
type = endpoint
transport = transport-udp
disallow = all
allow = alaw,g722,ulaw
disable_direct_media_on_nat = yes
callerid = <area_code><your_number>
from_user = <area_code><your_number>
from_domain = <area_code>.sip.arcor.de
outbound_auth = auth_arcor
aors = aor_arcor

Vodafone also supports the line option, which can simplify the configuration by omitting the [id_arcor] section. The above configuration is shown to present a more generic example.

https://wiki.asterisk.org/wiki/display/AST/Dialplan

Example for Vodafone Germany:

extensions.conf
[general]
static=yes
writeprotect=yes
autofallthrough=yes
 
[default]
exten => _X.,1,Answer()
same => n,Verbose(1,${CALLERID(num)} reached context DEFAULT by calling ${EXTEN})
same => n,Hangup()
 
[out_arcor]
; national numbers with country code
exten => _+49ZXX!.,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg)
same => n,Hangup()

; national numbers called with leading 0
exten => _0Z.,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg)
same => n,Hangup()

; local area numbers
exten => _Z.,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg)
same => n,Hangup()

; emergency calls
exten => 110,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg)
exten => 110,n,Hangup()
exten => 112,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg)
exten => 112,n,Hangup()

; add rules for expensive special numbers. Get German examples from:
; https://www.linuxmaker.com//asterisk-pbx/dialplan-extensionsconf.html
exten => _0137Z.,1,Verbose(1,Blocked: ${EXTEN})
;same => n,Playback(forbidden)
same => n,Hangup()
 
[lantiq1_inbound]
exten => <area_code><your_number>,1,Dial(TAPI/1,60,t)
same => n,Hangup()
 
[lantiq1]
include => out_arcor

;[lantiq2]
;include => ltq2_out

If you plan to use Asterisk on a Lantiq device, see chan-lantiq for detailed configuration examples.

lantiq.conf
[interfaces]
channels = 2
per_channel_context = on

per_channel_context = on is important, as it will place calls from the Lantiq FXS ports in contexts lantiq1 and lantiq2 instead of default, which should be avoided.

For VoIP you will need some form of traffic shaping to reduce latency. On OpenWrt the best choice is using SQM with cake. To prioritize VoIP traffic choose layer_cake.qos as the queue setup script. For more details read this forum thread.

More information on TOS/CoS values can be found in the IP QoS article on the Asterisk Wiki.

Asterisk provides its own CLI, which can be used to debug problems. Execute asterisk -r, to connect to a already running Asterisk server.

Commands follow a general syntax of <module name> <action type> <parameters>. The CLI supports command-line completion using the <Tab> key.

To see what's going on during a call run the following command inside the Asterisk CLI:

core set verbose 3

After that run module reload logger and make a call. To get even more verbose information, you can execute the following commands (:!: enabling all of them will produce a lot of output!):

core set verbose 5
core set debug 5
pjsip set logger on
rtp set debug on
dialplan show <context>

pjsip show endpoints
pjsip show endpoint <endpoint>
pjsip show registration <registration>

During a call:

core show channels
core show channel <channel>

You can execute Asterisk commands from outside the CLI, for example to control the Asterisk server via a shell script:

asterisk -rx "pjsip show endpoints"
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2021/04/15 11:23
  • by sebastian