Asterisk

Asterisk (PBX)

本文重点介绍 OpenWrt 上的 Asterisk 安装和基本 SIP 配置。

Asterisk has standard and long term support (LTS) releases. Have a look at Asterisk versions on the Asterisk wiki for the current upstream support status. OpenWrt releases usually include the latest LTS release of Asterisk.

You can query the package table to get information about the Asterisk versions in OpenWrt, module names and their descriptions: Asterisk packages

当前,您可以在 Asterisk 中的两个 SIP 堆栈之间进行选择: chan_sip and chan_pjsip. chan_sip 不再维护,并随着Asterisk 17 的发布 被标记为 已弃用

Since chan_sip will be removed in Asterisk 21, it is recommended to use chan_pjsip for new installations and to migrate existing ones.

You can find help on how to migrate your configuration here.

opkg install asterisk asterisk-pjsip asterisk-bridge-simple asterisk-codec-alaw asterisk-codec-ulaw asterisk-res-rtp-asterisk

Asterisk 安装可能非常大。如果您计划使用多个模块,您可能很容易用完空间。在这种情况下,您可以尝试自己构建镜像。

  • 安装前 检查空间能装得下么?是否有充足空余磁盘空间:
    root@openwrt:/etc$ df
    Filesystem           1K-blocks      Used Available 已用% Mounted on
    /dev/mtdblock3            5248      1344      3904  26% /overlay
    overlayfs:/overlay        5248      1344      3904  26% /
  • 安装后 原来已用26%,现在已用61%,对比一下:
    Filesystem           1K-blocks      Used Available 已用% Mounted on
    /dev/mtdblock3            5248      3192      2056  61% /overlay
    overlayfs:/overlay        5248      3192      2056  61% /

The image builder can be used to build Asterisk packages directly into the SquashFS partition. Optionally you can exclude packages you don't need to save space.

Example command for an o2 Box 6431:

make image PROFILE=arcadyan_vgv7510kw22-nor PACKAGES="kmod-ltq-tapi kmod-ltq-vmmc kmod-ltq-ifxos asterisk asterisk-pjsip asterisk-bridge-simple asterisk-codec-alaw asterisk-codec-ulaw asterisk-res-rtp-asterisk asterisk-chan-lantiq"

VoIP 服务是一个常见的攻击目标,在将 Asterisk 服务器上线之前至少实施一些基本的安全措施非常重要。

Asterisk 安全建议在此处公布: https://www.asterisk.org/downloads/security-advisories

只安装你真正需要的模块。 For basic SIP operation it's enough to install a RTP stack (*-res-rtp-asterisk), a channel bridging module (asterisk*-bridge-simple) and needed audio codecs (normally *-codec-alaw or *-codec-ulaw) in addition to the SIP stack.

不要在WAN接口上暴露 SIP 相关端口。对于呼入和呼出的呼叫,注册过程会注意建立与您的 SIP 提供商的连接并使其保持活动状态。

如果您在接听来电时遇到问题,可以尝试安装 kmod-nf-nathelper-extra,参阅 此处此处.

大多数 SIP 提供商提供阻止外国或特殊号码的服务。如果您不需要它们,强烈建议您使用它。这样一来,即使您的安装受到威胁,攻击者也无法拨打这些号码。

Asterisk configurations can differ to a great extend depending on provider/hardware/country, so it's difficult to provide generic configurations. On OpenWrt, Asterisk configuration files can be found under /etc/asterisk/. The most important files are the dialplan (extensions.conf) and the SIP channel configuration (pjsip.conf or sip.conf). Location specific tone indications are set in indications.conf. Links to the corresponding Asterisk-wiki-pages with details on configuration options are given below, together with working examples, taken from this forum thread.

After changing your Asterisk configuration, restart the server: /etc/init.d/asterisk restart

https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip

Example for Vodafone Germany:

pjsip.conf
[global]
type = global
endpoint_identifier_order = ip,username
 
[acl]
type = acl
deny = 0.0.0.0/0.0.0.0
permit = 127.0.0.1
;permit = 192.168.1.0/24 ;uncomment if you want to connect clients from LAN
permit = 88.79.152.xxx ;nslookup <area_code>.sip.arcor.de
 
[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0:5060
local_net = 127.0.0.1
local_net = 192.168.1.0/24
 
[reg_arcor]
type = registration
transport = transport-udp
contact_user = <area_code><your_number>
client_uri = sip:<area_code><your_number>@<area_code>.sip.arcor.de
server_uri = sip:<area_code>.sip.arcor.de
outbound_auth = auth_arcor
retry_interval = 30
forbidden_retry_interval = 300
max_retries = 10
auth_rejection_permanent = false
 
[auth_arcor]
type = auth
auth_type = userpass
realm = arcor.de
username = <area_code><your_number>
password = <password>
 
[aor_arcor]
type = aor
contact = sip:<area_code>.sip.arcor.de
 
[id_arcor]
type = identify
match = <area_code>.sip.arcor.de
endpoint = in_arcor
 
[in_arcor]
type = endpoint
transport = transport-udp
context = lantiq1_inbound
disallow = all
allow = alaw,g722,ulaw
disable_direct_media_on_nat = yes
rewrite_contact = yes
 
[out_arcor]
type = endpoint
transport = transport-udp
disallow = all
allow = alaw,g722,ulaw
disable_direct_media_on_nat = yes
callerid = <area_code><your_number>
from_user = <area_code><your_number>
from_domain = <area_code>.sip.arcor.de
outbound_auth = auth_arcor
aors = aor_arcor

Vodafone also supports the line option, which can simplify the configuration by omitting the [id_arcor] section. The above configuration is shown to present a more generic example.

https://wiki.asterisk.org/wiki/display/AST/Dialplan

Example for Vodafone Germany:

extensions.conf
[general]
static=yes
writeprotect=yes
autofallthrough=yes
 
[default]
exten => _X.,1,Answer()
same => n,Verbose(1,${CALLERID(num)} reached context DEFAULT by calling ${EXTEN})
same => n,Hangup()
 
[out_arcor]
; national numbers with country code
exten => _+49ZXX!.,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg)
same => n,Hangup()

; national numbers called with leading 0
exten => _0Z.,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg)
same => n,Hangup()

; local area numbers
exten => _Z.,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg)
same => n,Hangup()

; emergency calls
exten => 110,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg)
exten => 110,n,Hangup()
exten => 112,1,Dial(PJSIP/${EXTEN}@out_arcor,60,Trg)
exten => 112,n,Hangup()

; add rules for expensive special numbers. Get German examples from:
; https://www.linuxmaker.com//asterisk-pbx/dialplan-extensionsconf.html
exten => _0137Z.,1,Verbose(1,Blocked: ${EXTEN})
;same => n,Playback(forbidden)
same => n,Hangup()
 
[lantiq1_inbound]
exten => <area_code><your_number>,1,Dial(TAPI/1,60,t)
same => n,Hangup()
 
[lantiq1]
include => out_arcor

;[lantiq2]
;include => ltq2_out

If you plan to use Asterisk on a Lantiq device, see chan-lantiq for detailed configuration examples.

lantiq.conf
[interfaces]
channels = 2
per_channel_context = on

per_channel_context = on is important, as it will place calls from the Lantiq FXS ports in contexts lantiq1 and lantiq2 instead of default, which should be avoided.

For VoIP you will need some form of traffic shaping to reduce latency. On OpenWrt the best choice is using SQM with cake. To prioritize VoIP traffic choose layer_cake.qos as the queue setup script. For more details read this forum thread.

More information on TOS/CoS values can be found in the IP QoS article on the Asterisk Wiki.

Asterisk provides its own CLI, which is especially useful for debugging. Execute asterisk -r, to connect to a already running Asterisk server.

Commands follow a general syntax of <module name> <action type> <parameters>. The CLI supports command-line completion using the <Tab> key.

To see what's going on during a call run the following command inside the Asterisk CLI:

core set verbose 3

After that run module reload logger and make a call. To get even more verbose information, you can execute the following commands (:!: enabling all of them will produce a lot of output!):

core set verbose 5
core set debug 5
pjsip set logger on
rtp set debug on
dialplan show <context>

pjsip show endpoints
pjsip show endpoint <endpoint>
pjsip show registration <registration>

During a call:

core show channels
core show channel <channel>

You can execute Asterisk commands from outside the CLI, for example to control the Asterisk server via a shell script:

asterisk -rx "pjsip show endpoints"
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2022/12/26 11:51
  • by heybrowhatsup