Asterisk
介绍
本文重点介绍 OpenWrt 上的 Asterisk 安装和基本 SIP 配置。
安装命令如下
选择一个 Asterisk 版本
Asterisk has standard and long term support (LTS) releases. Have a look at Asterisk versions on the Asterisk wiki for the current upstream support status. OpenWrt releases usually include the latest LTS release of Asterisk.
You can query the package table to get information about the Asterisk versions in OpenWrt, module names and their descriptions: Asterisk packages
SIP stack
当前,您可以在 Asterisk 中的两个 SIP 堆栈之间进行选择: chan_sip
and chan_pjsip
. chan_sip
不再维护,并随着Asterisk 17 的发布 被标记为 已弃用。
Since chan_sip
will be removed in Asterisk 21, it is recommended to use chan_pjsip
for new installations and to migrate existing ones.
You can find help on how to migrate your configuration here.
Opkg
opkg install asterisk asterisk-pjsip asterisk-bridge-simple asterisk-codec-alaw asterisk-codec-ulaw asterisk-res-rtp-asterisk
Asterisk 安装可能非常大。如果您计划使用多个模块,您可能很容易用完空间。在这种情况下,您可以尝试自己构建镜像。
- 安装前 检查空间能装得下么?是否有充足空余磁盘空间:
root@openwrt:/etc$ df Filesystem 1K-blocks Used Available 已用% Mounted on /dev/mtdblock3 5248 1344 3904 26% /overlay overlayfs:/overlay 5248 1344 3904 26% /
- 安装后 原来已用26%,现在已用61%,对比一下:
Filesystem 1K-blocks Used Available 已用% Mounted on /dev/mtdblock3 5248 3192 2056 61% /overlay overlayfs:/overlay 5248 3192 2056 61% /
Image builder
The image builder can be used to build Asterisk packages directly into the SquashFS partition. Optionally you can exclude packages you don't need to save space.
Example command for an o2 Box 6431:
make image PROFILE=arcadyan_vgv7510kw22-nor PACKAGES="kmod-ltq-tapi kmod-ltq-vmmc kmod-ltq-ifxos asterisk asterisk-pjsip asterisk-bridge-simple asterisk-codec-alaw asterisk-codec-ulaw asterisk-res-rtp-asterisk asterisk-chan-lantiq"
安全考虑
VoIP 服务是一个常见的攻击目标,在将 Asterisk 服务器上线之前至少实施一些基本的安全措施非常重要。
Asterisk 安全建议在此处公布: https://www.asterisk.org/downloads/security-advisories
模块
只安装你真正需要的模块。 For basic SIP operation it's enough to install a RTP stack (*-res-rtp-asterisk
), a channel bridging module (asterisk*-bridge-simple
) and needed audio codecs (normally *-codec-alaw
or *-codec-ulaw
) in addition to the SIP stack.
防火墙
不要在WAN接口上暴露 SIP 相关端口。对于呼入和呼出的呼叫,注册过程会注意建立与您的 SIP 提供商的连接并使其保持活动状态。
屏蔽不需要的号码
大多数 SIP 提供商提供阻止外国或特殊号码的服务。如果您不需要它们,强烈建议您使用它。这样一来,即使您的安装受到威胁,攻击者也无法拨打这些号码。
配置
Asterisk configurations can differ to a great extend depending on provider/hardware/country, so it's difficult to provide generic configurations.
On OpenWrt, Asterisk configuration files can be found under /etc/asterisk/
. The most important files are the dialplan (extensions.conf
) and the SIP channel configuration (pjsip.conf
or sip.conf
). Location specific tone indications are set in indications.conf
. Links to the corresponding Asterisk-wiki-pages with details on configuration options are given below, together with working examples, taken from this forum thread.
After changing your Asterisk configuration, restart the server: /etc/init.d/asterisk restart
pjsip.conf
https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip
Example for Vodafone Germany:
- pjsip.conf
[global] type = global endpoint_identifier_order = ip,username [acl] type = acl deny = 0.0.0.0/0.0.0.0 permit = 127.0.0.1 ;permit = 192.168.1.0/24 ;uncomment if you want to connect clients from LAN permit = 88.79.152.xxx ;nslookup <area_code>.sip.arcor.de [transport-udp] type = transport protocol = udp bind = 0.0.0.0:5060 local_net = 127.0.0.1 local_net = 192.168.1.0/24 [reg_arcor] type = registration transport = transport-udp contact_user = <area_code><your_number> client_uri = sip:<area_code><your_number>@<area_code>.sip.arcor.de server_uri = sip:<area_code>.sip.arcor.de outbound_auth = auth_arcor retry_interval = 30 forbidden_retry_interval = 300 max_retries = 10 auth_rejection_permanent = false [auth_arcor] type = auth auth_type = userpass realm = arcor.de username = <area_code><your_number> password = <password> [aor_arcor] type = aor contact = sip:<area_code>.sip.arcor.de [id_arcor] type = identify match = <area_code>.sip.arcor.de endpoint = in_arcor [in_arcor] type = endpoint transport = transport-udp context = lantiq1_inbound disallow = all allow = alaw,g722,ulaw disable_direct_media_on_nat = yes rewrite_contact = yes [out_arcor] type = endpoint transport = transport-udp disallow = all allow = alaw,g722,ulaw disable_direct_media_on_nat = yes callerid = <area_code><your_number> from_user = <area_code><your_number> from_domain = <area_code>.sip.arcor.de outbound_auth = auth_arcor aors = aor_arcor
Vodafone also supports the line option, which can simplify the configuration by omitting the [id_arcor]
section. The above configuration is shown to present a more generic example.
extensions.conf
https://wiki.asterisk.org/wiki/display/AST/Dialplan
Example for Vodafone Germany:
- extensions.conf
[general] static=yes writeprotect=yes autofallthrough=yes [default] exten => _X.,1,Answer() same => n,Verbose(1,${CALLERID(num)} reached context DEFAULT by calling ${EXTEN}) same => n,Hangup() [out_arcor] ; national numbers with country code exten => _+49ZXX!.,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg) same => n,Hangup() ; national numbers called with leading 0 exten => _0Z.,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg) same => n,Hangup() ; local area numbers exten => _Z.,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg) same => n,Hangup() ; emergency calls exten => 110,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg) exten => 110,n,Hangup() exten => 112,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg) exten => 112,n,Hangup() ; add rules for expensive special numbers. Get German examples from: ; https://www.linuxmaker.com//asterisk-pbx/dialplan-extensionsconf.html exten => _0137Z.,1,Verbose(1,Blocked: ${EXTEN}) ;same => n,Playback(forbidden) same => n,Hangup() [lantiq1_inbound] exten => <area_code><your_number>,1,Dial(TAPI/1,60,t) same => n,Hangup() [lantiq1] include => out_arcor ;[lantiq2] ;include => ltq2_out
indications.conf
https://wiki.asterisk.org/wiki/display/AST/Configuring+Localized+Tone+Indications
Example for Vodafone Germany:
- indications.conf
[general] country=de
lantiq.conf
If you plan to use Asterisk on a Lantiq device, see chan-lantiq for detailed configuration examples.
- lantiq.conf
[interfaces] channels = 2 per_channel_context = on
per_channel_context = on
is important, as it will place calls from the Lantiq FXS ports in contexts lantiq1
and lantiq2
instead of default
, which should be avoided.
SQM/QoS
For VoIP you will need some form of traffic shaping to reduce latency. On OpenWrt the best choice is using SQM with cake. To prioritize VoIP traffic choose layer_cake.qos
as the queue setup script. For more details read this forum thread.
More information on TOS/CoS values can be found in the IP QoS article on the Asterisk Wiki.
Asterisk CLI
Asterisk provides its own CLI, which is especially useful for debugging. Execute asterisk -r
, to connect to a already running Asterisk server.
Commands follow a general syntax of <module name> <action type> <parameters>
. The CLI supports command-line completion using the <Tab>
key.
Increasing the log level
To see what's going on during a call run the following command inside the Asterisk CLI:
core set verbose 3
After that run module reload logger
and make a call.
To get even more verbose information, you can execute the following commands ( enabling all of them will produce a lot of output!):
core set verbose 5 core set debug 5 pjsip set logger on rtp set debug on
其他有用的命令
dialplan show <context> pjsip show endpoints pjsip show endpoint <endpoint> pjsip show registration <registration>
During a call:
core show channels core show channel <channel>
Executing commands from outside the CLI
You can execute Asterisk commands from outside the CLI, for example to control the Asterisk server via a shell script:
asterisk -rx "pjsip show endpoints"
发现更多 Asterisk 的信息
- The first place to look for information is the Asterisk wiki
- Another great resource is The Asterisk Book. It's about an older Asterisk version, but explains the core principles in a very profound way: English version, German version