Asterisk
Minimal config to start asterisk from NAT.
add your local_net, external_media_address and external_signaling_address to file
pjsip.conf
[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0:5060
local_net = 192.168.168.0/24
external_media_address = 1.1.1.1
external_signaling_address = 1.1.1.1
[transport-tcp]
type = transport
protocol = tcp
bind = 0.0.0.0:5060
local_net = 192.168.168.0/24
external_media_address = 1.1.1.1
external_signaling_address = 1.1.1.1
#include "phones/*.conf"
#include "trunks/*.conf"
Set RTP ports on file rtp.conf
configure NAT ports
SIP tcp port 5060
SIP udp port 5060
RTP udp port range 10000-20000
Disable SIP ALG to your router
If you want to use custom numbers, for example, assign each intercom its own number to call the SOS or the concierge, the behavior can be overridden. In the intercom settings, specify the concierge and SOS numbers in the format PJSIP/extension:
Then put local accounts for concierge and SOS to /etc/asterisk/phones/*.conf. For example:
; /etc/asterisk/phones/1010.conf
[1010]
type = aor
max_contacts = 1
remove_existing = yes
[1010]
type = auth
username = 1010
password = concierge_passwd
[1010]
type = endpoint
context = default
disallow = all
allow = alaw,h264
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
timers = no
direct_media = no
inband_progress = no
allow_subscribe = yes
dtmf_mode = rfc4733
ice_support = no
send_pai = yes
send_rpid = yes
trust_id_inbound = yes
trust_id_outbound = yes
auth = 1010
outbound_auth = 1010
aors = 1010
callerid = "Ludvig Aristarhovich" <1010>
Reload PJSIP:
sudo asterisk -x "module reload res_pjsip"In the apartment settings, you can specify an additional dial string. Below is an example of how to configure a SIP gateway for calling analog handsets.
Place the configuration file in /etc/asterisk/phones/*.conf. For example:
; /etc/asterisk/phones/sip-gw.conf
[sip-gw]
type = aor
contact = sip:192.168.13.82:5060
[sip-gw]
type = endpoint
context = default
disallow = all
allow = alaw
direct_media = no
aors = sip-gw
Reload PJSIP:
sudo asterisk -x "module reload res_pjsip"Enable logs, edit file and restart asterisk service /etc/asterisk/logger.conf
[logfiles]
fail2ban.log => notice
full.log => debug,error,notice,verbose,warning
Reload logger after modify config:
asterisk -x "logger reload"
Enable PBX logs, edit file /etc/asterisk/config.lua set log.outfile
realm = "rbt"
dm_server = "http://127.0.0.1/asterisk/extensions"
redis_server_host = "127.0.0.1"
redis_server_port = 6379
redis_server_auth = "qqq"
log.outfile = "/var/log/asterisk/pbx_lua.log"
trunk = "first"
lang = "ru"
Reload module after modify config:
asterisk -x "module reload pbx_lua"
- Install fail2ban
- Configure asterisk logs
- Edit jail: /etc/fail2ban/jail.local
[DEFAULT]
maxretry = 4
findtime = 10
bantime = 720
action = firewallcmd-ipset
ignoreip = 127.0.0.1/8
[asterisk]
enabled = true
filter = asterisk
action = iptables-allports[name=asterisk, protocol=all]
logpath = /var/log/asterisk/fail2ban.log
- Restart fail2ban
systemctl restart fail2ban.service
- Show status fail2ban
fail2ban-client status asterisk
- Show banned IP address
iptables -L -v -n