Asterisk 8 and later on Debian
Some Asterisk tips and tricks.
IPv6 Configuration
Asterisk supports IPv6 for IAX, RTP and SIP.
asterisk.conf
Automatically set systemname to hostname doesn't always work the way it should.
systemname=my_system_name
iax.conf
More recent versions of Asterisk support IPv6 for IAX as well.
Enable IPv6;
bindaddr=::
sip.conf
Enable IPv6
Make sure that '/proc/sys/net/ipv6/bindv6only' is '0'. Otherwise Asterisk will be IPv6 only! You can set this in '/etc/sysctl.d/bindv6only.conf'.
bindaddr=::
RTP proxy
'directmedia=no' will turn Asterisk into a RTP audio proxy server. It will convert IPv6 RTP audio streams into IPv4 and IPv4 into IPv6 whenever required.
directmedia=no
Call-ID
Asterisk may use IPv6 address based Call-IDs when communicating with IPv4 only systems. This may confuse some software. Using a domain instead solves this problem.
fromdomain=mydomain.tld
TCP
If you want to use TCP enable it;
tcpenable=yes
To use SIP over TCP, just put it in the dial string;
SIP/username[:password[:md5secret[:authname[:transport]]]]@host[:port]
EG;
SIP/john::::tcp@example.org
TLS
If you want to use TLS enable it;
tlsenable=yes
TLS cert and key;
tlscertfile=/etc/asterisk/asterisk.crt tlsprivatekey=/etc/asterisk/asterisk.key
Allow self signed certs;
tlsdontverifyserver=yes
For a self singed cert, a modified version of the Exim cert generation
script can be used. Modify to suit your
needs.
A let's encrypt dehydrated setup here. It
uses a dns-01 DNS challenge and wildcard.
Example dial string;
SIP/john:tls@example.org
Paranoid options
Stuff for extra security
File permissions
Default, Debian will install the config files mode 640 / -rw-r-----
asterisk:asterisk. This means that the Asterisk daemon can write to it's
own config files. Personally I do not think that this a good idea. This is
why I change the owner to 'root:asterisk'. And the 'manager.d/' to mode
775 / drwxrwxr-x. In extensions.conf I set 'writeprotect=yes'. So only
root can change the configuration (this may interfere with the way you
like to administer Asterisk).
Note: Debian will reset these permissions during updates!
Incoming calls
In sip.conf I set 'allowguest=no'. This means that Asterisk will demand a
login for incoming calls from unknown IP addresses.
This may cause trouble if your trunk provider uses multiple IP
addresses!
An example of how to fix this here:
Freedom Internet VoIP
Music on hold
You may want to replace the default music on hold files that come with Asterisk
by some other public domain music. You may also want to use SLN instead of GSM
files. These sound a lot better then GSM files!
From man soxformat;
.sln Asterisk PBX `signed linear' 8khz, 16-bit signed integer, little-endian
raw format.
Asterisk will convert these files on the fly to alaw, µlaw or whatever is required.
Convert the files
Below two ways to convert MP3 to SLN files. Both limit the bandwidth to 300 - 3400 Hz before limiting the sample rate to 8000 samples per second.
#!/bin/bash
if ! [ -f "${1}" ]
then
echo "File ${1} not found"
exit 1
fi
# Base name
NAME=$( basename "${1}" .mp3 )
echo "Converting ${NAME}.mp3"
# Convert to wav
# Limit bandwidth to 300 - 3400 Hz, Mono
ffmpeg -i "${1}" -filter "highpass=f=300, lowpass=f=3400" -ac 1 "${NAME}.wav"
# Convert to sln
sox "${NAME}.wav" -t raw -r 8000 -e signed-integer -b 16 -c 1 "${NAME}.sln"
And a flac version: flac-to-sln.sh;
Use the script for the conversion;
~$ mp3-to-sln.sh File_Name.mp3
If the above script complains about clipping, use the scripts below instead.
First convert from MP3 to WAV;
#!/bin/bash
if ! [ -f "${1}" ]
then
echo "File ${1} not found"
exit 1
fi
# Base name
NAME=$( basename "${1}" .mp3 )
echo "Converting ${NAME}.mp3"
# Convert to wav
ffmpeg -i "${1}" "${NAME}.wav"
And a flac version: flac-to-wav.sh;
Then use the script below to convert to SLN;
#!/bin/bash
if ! [ -f "${1}" ]
then
echo "File ${1} not found"
exit 1
fi
# Base name
NAME=$( basename "${1}" .wav )
echo "Converting ${NAME}.wav"
# Convert to sln
if [ -n "${2}" ]
then
# Volume
sox -v "${2}" "${NAME}.wav" -t raw -r 8000 -e signed-integer -b 16 -c 1 "${NAME}.sln" highpass 300 lowpass 3400
else
sox "${NAME}.wav" -t raw -r 8000 -e signed-integer -b 16 -c 1 "${NAME}.sln" highpass 300 lowpass 3400
fi
Change the volume
If this script complains about clipping, reduce the volume by half;
~$ wav2sln.sh File_Name.wav 0.5
If on the other hand, there is no clipping whatsoever and the volume is rather low, you can increase the volume with the script sln-vol.sh.
#!/bin/bash
if ! [ -f "${1}" ]
then
echo "File ${1} not found"
exit 1
fi
sox -v "${3}" -t raw -r 8000 -e signed-integer -b 16 -c 1 "${1}" -t raw -r 8000 -e signed-integer -b 16 -c 1 "${2}"
Below a 6 dB increase in volume;
~$ sln-vol.sh Input_File_Name.sln Output_File_Name.sln 2
And you don't have to use integers. Below a 3 dB increase in volume;
~$ sln-vol.sh Input_File_Name.sln Output_File_Name.sln 1.41
Check the volume
Make sure the volume isn't too high. The peek value should be at least a few dB below 0. And the RMS peek value not much higher then -9 dBm. You can use the sox '-n stats' option to check;
~$ sox -t raw -r 8000 -e signed-integer -b 16 -c 1 File_Name.sln -n stats DC offset 0.000010 Min level -0.462158 Max level 0.505310 Pk lev dB -5.93 RMS lev dB -27.92 RMS Pk dB -14.87 RMS Tr dB -90.69 Crest factor 12.58 Flat factor 0.00 Pk count 2 Bit-depth 15/16 Num samples 2.86M Length s 357.440 Scale max 1.000000 Window s 0.050
Note that the '-n stats' bit goes after the file name.
The values displayed by sox are dBs below clip level. Clip level is about 3 dBm (See dBm and bits). So -9 dBm is about -15 dB RMS below clip level in sox stats. And -12 dBm -18 dB RMS in sox stats. So the 'RMS Pk dB' of -14.87 dB corresponds to about -9 dBm (See dB Conversion table).
I put the files in '/usr/local/share/asterisk/moh/'.
Change Asterisk Music on hold configuration
Edit (as root) /etc/asterisk/musiconhold.conf;
directory=/usr/local/share/asterisk/moh
You may want to set the order to random;
sort=random random=yes
Let Asterisk use the new configuration;
~# asterisk -rx "moh reload"
Check for errors;
~# tail /var/log/asterisk/messages
Anonymous calls
Privacy Manager
Some notes on Privacy Manager.
- Privacy Manager returns either 'SUCCESS' or 'FAILED'. Not 'FAILURE' as is mentioned in some documentation.
- If Privacy Manager thinks the number is OK it doesn't run at all and therefore returns nothing at all. In which case testing for 'SUCCESS' doesn't work.
- Privacy Manager sets CALLERID(NAME) to 'Privacy Manager'.
Below an example;
exten => Your_Extention,1,Answer()
same => n,PrivacyManager()
same => n,GotoIf($["${PRIVACYMGRSTATUS}" = "FAILED"]?pmfail:num)
same => n(num),Dial(Your_Internal_Dial_Command)
same => n,Hangup()
same => n(pmfail),Playback(im-sorry)
same => n,Playback(vm-goodbye)
same => n,Hangup()
If for some reason you want to test the existence of a number first, you can do that too;
exten => Your_Extention,1,GotoIf($["${CALLERID(num)}" = ""]?nonum:num)
same => n(nonum),Answer()
same => n,PrivacyManager()
same => n,GotoIf($["${PRIVACYMGRSTATUS}" = "FAILED"]?pmfail:num)
same => n(num),Dial(Your_Internal_Dial_Command)
same => n,Hangup()
same => n(pmfail),Playback(im-sorry)
same => n,Playback(vm-goodbye)
same => n,Hangup()
In case of an anonymous call the 'number' may be 'anonymous' instead of empty. In this case you have to clear the number first for privacy manager to work;
exten => Your_Extention,1,GotoIf($["${CALLERID(num)}" = "anonymous"]?anon:nona)
same => n(anon),Set(CALLERID(num)=)
same => n(nona),Answer()
same => n,PrivacyManager()
same => n,GotoIf($["${PRIVACYMGRSTATUS}" = "FAILED"]?pmfail:num)
same => n(num),Dial(Your_Internal_Dial_Command)
same => n,Hangup()
same => n(pmfail),Playback(im-sorry)
same => n,Playback(vm-goodbye)
same => n,Hangup()
Privacy Manager will accept any DTMF 'digit' as input, but '#' only after the last 'digit'. So that's 0-9, A-D and '*', possibly followed by '#'.
Blocking anonymous calls
The following blocks anonymous calls completely.
exten => Your_Extention,1,GotoIf($["${CALLERID(num)}" = "anonymous"]?anon:nona)
same => n(nona),GotoIf($["${CALLERID(num)}" = ""]?anon:num)
same => n(num),Dial(Your_Internal_Dial_Command)
same => n,Hangup()
same => n(anon),Answer(500)
same => n,PlayBack(/usr/local/share/asterisk/mysounds/anonymous)
same => n,Hangup()
The '500' in 'Answer(500)' causes a 500 ms delay.
You can record your message with 'rec', which is in fact a symlink to
'sox' (you need 'sox' installed for this).
The following records 8000 16-bit little endian signed samples per second;
Wav format:
rec -c1 -e signed-integer -r 8000 -L anonymous.wav silence 1 0.1 3% 1 3.0 3%
Sln format:
rec -c1 -e signed-integer -r 8000 -t raw -L anonymous.sln silence 1 0.1 3% 1 3.0 3%
Note: You don't include the extension of the file (.wav or .sln) in
extensions.conf.
Note: If your microphone doesn't work and you use alsamixer to configure
your sound card, look here.
Blocking blacklisted numbers
And this one combines with blocking calls in your blacklist database;
exten => Your_Extention,1,GotoIf($["${CALLERID(num)}" = "anonymous"]?anon:nona)
same => n(nona),GotoIf($["${CALLERID(num)}" = ""]?anon:num)
same => n(num),GotoIf($[${BLACKLIST()} = 1]?blck:nobl)
same => n(nobl),Dial(Your_Internal_Dial_Command)
same => n,Hangup()
same => n(anon),Answer(500)
same => n,PlayBack(/usr/local/share/asterisk/mysounds/anonymous)
same => n(blck),Hangup()
A blacklisted caller-id immediately jumps to Hangup().
Edit blacklist
Add a new entry to the blacklist:
In 'rasterisk' / 'asterisk -r';
database put blacklist 9999999999 1
This adds the number '9999999999' to your blacklist.
Show entries;
database show blacklist /blacklist/9999999999 : 1 1 results found.
Remove;
database del blacklist 9999999999
More info
-
Asterisk name and location
lookup AGI
Display name or location of caller on your SIP phones. Comes with more then 20000 area codes from all over the world. -
Freedom Internet VoIP
An Asterisk SIP trunk setup with multiple remote IP addresses. - Asterisk™: The Definitive Guide
- Chapter 7. Outside Connectivity
- Asterisk: The Future of Telephony, Second Edition (PDF)
-
Call
Detail Records
The Asterisk Master.csv log format. - Secure Calling Tutorial