Asterisk at Home Handbook [PDF]

Zitiervorschau

•

Asterisk@Home Handbook Wiki Chapter 0 About the Project o 0.1 Please Donate!!! o 0.2 Project Manager o 0.3 Handbook & Documentation Editor o 0.4 Handbook Wishlist (Please enter your requests here) o 0.5 The problem with writing/editing this Handbook. o 0.6 Everyone is encouraged to edit this Handbook. o 0.7 Liability Disclaimer

•

Asterisk@Home Handbook Wiki Chapter 1 Introduction to Asterisk@Home o 1.1 What is Asterisk o 1.2 What is Asterisk@Home o 1.3 Current list of software in Asterisk@Home. o 1.4 Licensing for Asterisk@Home o 1.5 Licensing for the Asterisk@Home Handbook Wiki o 1.6 Please do not contact Digium for support.

•

Asterisk@Home Handbook Wiki Chapter 2 Installation of Asterisk@Home

•

o o o o o

2.1 2.2 2.3 2.4 2.5

o o o o

2.6 2.7 2.8 2.9

Hardware Requirements Install from an .ISO Setting up your Time Zone and/or Keybord Layout Install to an existing CentOS 4.2 system Setting up your router/firewall to work with Asterisk@Home ƒ 2.5.1 What is NAT? ƒ 2.5.2 What is a STUN Server? ƒ 2.5.3 What is SIP? ƒ 2.5.3.1 Setting up your router/firewall so Asterisk@Home can communicate with a VOIP Provider via SIP ƒ 2.5.3.2 Setting a remote router/firewall so your remote SIP phones can communicate with your Asterisk@Home Server via SIP ƒ 2.5.4 What is IAX? ƒ 2.5.4.1 Setting up your router/firewall so Asterisk@Home can communicate with a VOIP Provider or another Asterisk server via IAX through a NAT ƒ 2.5.4.2 Setting a remote router/firewall so your remote IAX phones can communicate with your Asterisk@Home Server via IAX through a NAT ƒ 2.5.5 How to deal with a constantly changing internet IP address? ƒ 2.5.5.1 What is DNS? ƒ 2.5.5.2 What is Dynamic DNS? ƒ 2.5.5.3 How do I get Dynamic DNS to work? ƒ 2.5.5.3.1 Dynamic DNS with router that has DynDNS client built in? ƒ 2.5.5.3.2 Dynamic DNS with DynDNS client running on Asterisk@Home? ƒ 2.5.5.4 How do I use Dynamic DNS with Asterisk@Home Putting your Asterisk@Home Server directly on the internet How do I know what versions of software is installed on my Asterisk@Home Server? Modifying the A@H branding to something more Corporate friendly. Quick Set Up guide. This is to assist with re installs ƒ 2.9.1 Securing Asterisk ƒ 2.9.2 Rebuilding Zaptel drivers ƒ 2.9.3 NAT configuration ƒ 2.9.4 Trunk configurations (IAX2/SIP with Telasip) ƒ 2.9.5 Outbound routing ƒ 2.9.6 Auto Attendant configurations ƒ 2.9.7 Updating Asterisk ƒ 2.9.8 VMWare Tools installation and configuration ƒ 2.9.9 Backing up, migrating and restoring

Asterisk@Home Handbook Wiki Chapter 3 Securing your Asterisk@Home server o 3.1 Giving your Asterisk@Home Server a static IP address o 3.2 Changing your default CentOS Password o 3.3 Changing your default AMP Password o 3.4 Changing your default FOP Password o 3.5 Changing your default MeetMe Password

1

o o o o o o o o

3.6 Changing your default System Mail Password 3.7 Changing your default Sugar CRM Password 3.8 Securing the ALT-F9 into the Asterisk CLI console #9 feature/security risk 3.9 Placing a password on the Asterisk@Home Splash page 3.10 Changing your default MySQL Password 3.11 Changing your host name 3.12 Updating patches to CentOS 3.13 Backup and restore of Asterisk@Home ƒ 3.13.1 Backup ƒ 3.13.2 Restore ƒ 3.13.3 Backup Storage

•

Asterisk@Home Handbook Wiki Chapter 4 Using AMP to Configure your Asterisk@Home Server o 4.1 What is AMP? o 4.2 How does AMP work? o 4.3 How to Log into AMP o 4.3 Configuring an extension o 4.4 Configuring a trunk for outbound and inbound calls o 4.5 Configuring Outbound Routing o 4.6 Configuring Incoming Calls o 4.7 Configuring the digital receptionist ƒ 4.7.1 How to connect a caller to a default extension when one is not chosen o 4.8 Trunking two Asterisk@Home Servers

•

Asterisk@Home Handbook Wiki Chapter 5 PSTN interface cards o 5.1 FXO Cards ƒ 5.1.1 Digium Wildcard X100P OEM FXO PCI Card ƒ 5.2.1 Cisco / Linksys / Sipura SPA-3000 FXO/FXS Device o 5.2 FXS Cards ƒ 5.2.1 Digium TDM400P FXO/FXS Card o 5.3 T1/PRI Cards o 5.4 ISDN Cards ƒ 5.4.1 ISDN BRI Cards ƒ 5.4.1.1 ISDN BRI Cards with HFC chipset ƒ 5.4.1.2 ISDN BRI Cards with HFC chipset ƒ 5.4.2 ISDN PRI Cards ƒ 5.4.2.1 ISDN PRI Cards, Digium ƒ 5.4.2.2 ISDN PRI Cards, Sangoma o 5.5 Channel banks

•

Asterisk@Home Handbook Wiki Chapter 6 VOIP Service Providers o 6.1 Free World Dialup (FWD) o 6.2 Free World Dialup OUT (FWD) o 6.3 VoicePulse o 6.4 Sixtel o 6.5 VoipJet o 6.6 MyNetfone - AUSTRALIA o 6.7 Telasip o 6.8 Exgn LLC o 6.9 Gizmo Project / SIPphone o 6.10 Iristel o 6.11 Voxee o 6.12 Gafachi o 6.13 Acanac o 6.14 Stanaphone o 6.15 Vbuzzer o 6.16 Broadvoice

•

Asterisk@Home Handbook Wiki Chapter 7 VOIP Phones o 7.1 Soft phones ƒ 7.1.1 X-Ten Lite ƒ 7.1.2 sipXphone ƒ 7.1.3 Express Talk ƒ 7.1.4 Yate ƒ 7.1.5 Idefisk o 7.2 Hard phones

2

ƒ ƒ

7.2.1 Cisco 7960/7940 ƒ 7.2.1.1 Setting up a Cisco phone step by step 7.2.2 Polycom ƒ 7.2.2.1 Why choose Polycom VOIP Phones? ƒ 7.2.2.2 How to get Polycom Firmware and SIP Updates ƒ 7.2.2.3 Polycom and NATS. Welcome to hell (at least as of 01/20/06) ƒ 7.2.2.4 How to use Provisioning (Central Boot Server) to deploy a fleet of Polycoms ƒ 7.2.2.4.1 Contents of the Polycom SIP update & Bootrom Zip file ƒ 7.2.2.4.2 Create an FTP site and configure your phone to connect to it ƒ 7.2.2.4.3 Updating the SIP Application and the Bootrom ƒ 7.2.2.4.4 What are those MACADDRESS-*.log files in my FTP Polycom root directory? ƒ 7.2.2.4.5 Master Configuration Files ƒ 7.2.2.4.6 Application Configuration Files ƒ 7.2.2.4.7 Contact Directory Files ƒ 7.2.2.5 Suggestions on how to setup Polycom File Provisioning ƒ 7.2.2.5.1 Suggestions on editing the sip.cfg file ƒ 7.2.2.5.2 Suggestions on editing the MACADDRESS.cfg file ƒ 7.2.2.5.3 Suggestions on editing the x1001.cfg file ƒ 7.2.2.5.4 Suggestions on Speed Dial and Company Wide Contacts Directory ƒ 7.2.2.6 Polycom Cheat Sheet ƒ 7.2.2.7 Please put in a product enhancement request at the Polycom Site

•

Asterisk@Home Handbook Wiki Chapter 8 Configuring and using Asterisk@Home extra features o 8.1 Conferencing ƒ 8.1.1 External access to conferences o 8.2 Weather Forecast Dialing o 8.3 DHCP server o 8.4 Flash Operator Panel (FOP) ƒ 8.4.1 Hang-up on a Call ƒ 8.4.2 Transfering a Call ƒ 8.4.3 Initiating a Call ƒ 8.4.4 How to Create a Conference o 8.5 FTP server (vsftpd) o 8.6 Cisco XML Services o 8.7 Music On Hold (mpg123) o 8.8 FAX to E-mail o 8.8.1 Fax support (SpanDSP) o 8.9 xPL o 8.10 Sugar CRM o 8.11 Festival o 8.12 Voicemail o 8.13 Connecting to your CentOS Command Line Remotely (Using SSH) o 8.14 Open A2Billing o 8.15 Bluetooth Presence Detection o 8.16 Setting up your NTP Time Server o 8.17 Changing *60 to give the exact time

•

Asterisk@Home Handbook Wiki Chapter 9 Software that is not installed with Asterisk@Home o 9.1 Click-to-Dial using Microsoft Outlook and AstTapi ƒ 9.1.1 Download AstTapi and install it ƒ 9.1.2 Modifying the "Manager_Custom.conf" file in A@H (don't panic! this is easy!) ƒ 9.1.3 Configuring AstTapi in outlook o 9.2 H.323 add-on o 9.3 Webmin - Web Based Linux Management o 9.4 How to use Shorewall Firewall to protect your A@H Server ƒ 9.4.1 What is Shorewall ƒ 9.4.2 How do I download and Install Shorewall? ƒ 9.4.3 How do I configure Shorewall o 9.5 How to use IPCOP firewall to protect the A@H Server o 9.6 The definitive guide to Sound Card Installation A@H 2.0-2.19.7 o 9.7 The definitive guide to Sound Card Installation, configuration and usage with A@H 2.2+ o 9.8 AsteriDex o 9.9 AsteriDex II o 9.10 Qmail o 9.11 Web Admin Interface Upgrade (Admin-UI v2.0) o 9.12 NetMgr Network Bandwidth Monitoring

3

•

Asterisk@Home Handbook Wiki Chapter 10 CentOS Tips, tricks and command line help o 10.1 Helpful commands to know in CentOS o 10.2 What if I use Non-Standard Hardware? o 10.2.1 VIA EPIA 800 mhz board (586 board)

•

Asterisk@Home Handbook Wiki Chapter 11 Chapter 11 Asterisk End User's Manual o 11.1 Asterisk's Basic Phone Feature List o 11.2 Administrative Phone Feature List

•

Asterisk@Home Handbook Wiki Chapter 12 Web Resources

•

Asterisk@Home Handbook Wiki Chapter 13 Consultants and Consulting Companies that support A@H o 13.1 Baldwin Technology Solutions Inc. o 13.2 Tech Data Pros o 13.3 Pibix o 13.4 Jonathan Roper o 13.5 Anteil, Inc. o 13.6 Tinnio konsulting o 13.7 HealthTech o 13.8 Dimi Telecom o 13.9 TightWire o 13.10 OFB Consulting o 13.11 Gyantec Consulting o 13.12 Memon Consulting o 13.13 Enterux Solutions

Chapter 0 About the Project Putting together an easy to use, self configured, works everytime (almost), asterisk PBX solution is not an easy task. It takes an awful lot of time and energy to successfully pull it off. If you find Asterisk@Home a worthy product, please go to our donations page and donate. Your support can help our developers continue putting out great releases.

0.1 Please Donate!!! Please visit our donations page at http://sourceforge.net/donate/index.php?group_id=123387 and contribute. To view Asterisk@Home Supporters please visit http://sourceforge.net/project/project_donations.php?group_id=123387 0.2 Project Manager The Asterisk@Home Project Manager is Andrew. His alias at SourceForge.net is Agillis. 0.3 Handbook & Documentation Editor The Asterisk@Home's Handbook and Documentation Editor is Ginel Lipan. My alias at SourceForge.net is GinelLipan. I'm a Network Admin at Kawasaki Rail Car, Inc. in Yonkers, NY. When I first stumbled onto A@H, I was completely floored. A@H is an amazing compilation of software that makes it more than the sum of its parts. Asterisk alone is highly configurable, but when you put it together into a package like Asterisk@Home did, it really goes above and beyond. Asterisk@Home has managed to deliver Asterisk to a swath of users that otherwise wouldn't of even dreamed of trying to use it (including me). Asterisk by itself tends to require a high level of command line and technical expertise. Luckily A@H covers much of the work (installing an OS, installing asterisk, installing a web based configuration tool (AMP), etc etc). On top of it all I am grateful for the Open Source Community's time and effort that has benefited us all with extremely high quality software. Without a community of contributors, the world's options would have been severely limited. Now that the 3rd World is beginning to enter into the global IT economy, open source software and its development is really set to take off. So I've decided to give back to the community by trying to put together a high quality piece of documentation that both beginners and experts can gain from. I encourage everyone to contribute to this handbook so new users can learn from our pool of collective knowledge and experience. Comments and critiques are always welcome. If you'd like to send me an email, I can be reached at . For any requests for help concerning A@H, please RTFM (Read This Fine Manual) or search our SourceForge forum. If there isn't anything in the Handbook or forum, please post your question in the forum. Next time anyone with the same problem searches the forum, they'll be able to find your question and hopefully an answer.

4

0.4 Handbook Wishlist (Please enter your requests here) There are just too many facets to A@H for me to be able to know what needs to go into the handbook. Please put your Handbook wishlist here so the community can see what documentation needs there are. 1. 2. 3. 4. 5. 6. 7. 8.

Finish the Shorewall Instructions (based on Samy Antoun instructions at http://samyantoun.50webs.com/asterisk/firewall/firewall.htm and Work on seriously expanding the AMP instructions. Work on the SSH instructions See if IPCOP would make a better, easier to configure firewall solution than Shorewall and put up instructions on how to install it. IPCOP is really really easy and has a LOT of nice web based configuration pages. Open A2Billing Instructions and how it works Voicemail to email notification and Voicemail to email as an attachment setup instructions (so that a newbie can understand it). Anyway the voicemail to email attachment can be encoded as an MP3 instead of a wav? (smaller attachment) How to troubleshoot a problem using the software tools in AAH

0.5 The problem with writing/editing this Handbook. The problem with writing/editing this handbook is that Asterisk@Home encompasses an incredible amount of different software packages. There is a wealth of information already on the net concerning each piece of software (CentOS, Asterisk, etc). Unfortunately, it would be to easy to just send users to external web sites and have them find the information they're looking for. But what happens when those links no longer work? That's why the editors of this handbook will do their best to concisely explain instructions and information even though it may be a repeat of information already offered elsewhere. The handbook may grow fairly large because of this but at least all the information will be in one place and not scattered around. What it comes down to is the fact that you will be able to use this Handbook for a handful of other things that may have only a little to do with Asterisk@Home (example: Dynamic DNS information, using a DHCP server with CentOS, etc). I will do my best to make sure all the information you need to use Asterisk@Home is here in this handbook without having to send you to half a dozen other web sites to figure things out. 0.6 Everyone is encouraged to edit this Handbook. This Handbook cannot exist without a community effort. If you see places in the handbook that needs editing for clarification or just adding additional information, don't hesitate to add it. This way the Handbook can gain from all of our experience and evolve into a great resource for everyone. This Handbook should be the FIRST thing users read when installing Asterisk@Home instead of searching around the net for bits and pieces of information and how-to's. 0.7 Liability Disclaimer The authors/editors of this handbook are NOT responsible for any damage done to your system for following its instructions. Since this is a wiki, it has been edited by hundreds of people and the filtering out of mistakes is simply impossible. Do not follow this handbook blindly. Understand what is taking place and make an informed decision when messing around with your hardware/software. Chapter 1 Introduction to Asterisk@Home 1.1 What is Asterisk

According to the Wikipedia http://en.wikipedia.org/wiki/Asterisk_PBX Asterisk is an open source software implementation of a telephone private branch exchange (PBX). Like any PBX, it allows a number of attached telephones to make calls to one another, and to connect to other telephone services including the PSTN. "Its name comes from the asterisk symbol, *, which in UNIX (including Linux) and DOS environments represents a wildcard, matching any filename." Asterisk is free software, released under the GNU General Public License (GPL). Mark Spencer of Digium originally created Asterisk and remains its primary maintainer; dozens of other programmers have contributed features and functionality. Originally designed for the Linux operating system, Asterisk now also runs on OpenBSD, FreeBSD, Mac OS X, Sun Solaris, and Microsoft Windows, although as the "native" platform, Linux is the best-supported of these. The basic Asterisk software includes many features previously only available in expensive proprietary PBX

5

systems — voice mail, conference calling, interactive voice response (phone menus), and automatic call distribution. Users can create new functionality by writing dial plan scripts in Asterisk's own language, by adding custom modules written in C, or by writing Asterisk Gateway Interface scripts in Perl or other languages. To attach ordinary telephones to a Linux server running Asterisk, or to connect to PSTN trunk lines, the server must be fitted with special hardware. (An ordinary modem will not suffice.) Digium and a number of other firms sell PCI cards to attach telephones, telephone lines, T1 and E1 lines, and other analog and digital phone services to a server. Perhaps of more interest to many deployers today, Asterisk also supports a wide range of Voice over IP protocols, including SIP and H.323. Asterisk can interoperate with most SIP telephones, acting both as registrar and as a gateway between IP phones and the PSTN. Asterisk developers have also designed a new protocol, IAX, for efficient trunking of calls among Asterisk PBXes. By supporting a mix of traditional and VoIP telephony services, Asterisk allows deployers to build new telephone systems efficiently, or gradually migrate existing systems to new technologies. Some sites are using Asterisk servers to replace aging proprietary PBXes; others to provide additional features (such as voice mail or phone menus) or to cut costs by carrying long-distance calls over the Internet (toll bypass).

1.2 What is Asterisk@Home

Asterisk@Home was created to make installing Asterisk easy. Experimenting with Asterisk should be fun and not take hours, days or asterisk experts to set up. Don't let the name Asterisk@Home fool you either. Asterisk@Home contains the full version of asterisk and other pre-configured software that makes this self installing/configuring CD a fully functional PBX upon installation. Ward Mundy's Nerd Vittles site quoted someone from Voxilla who put it nicely: Why Use Asterisk@Home and Not Roll Your Own? One of our favorite pundits on Voxilla summed it up this way: After using Asterisk@Home for three months, we haven’t found a single thing we couldn’t do that someone with a roll-your-own version of Asterisk could. Asterisk@Home is not crippled in any way. In fact, it’s just the opposite. It’s not only full-blown Asterisk but it’s also AMP (Asterisk Management Panel, think of it as PHPmyAdmin for Asterisk) plus functioning music on hold (just try to get it working on a vanilla Linux box!) plus voice support for any speech application you can dream up plus a Flash Operator Panel plus ring groups plus calling queues plus conferencing plus DID routing plus SQL-compliant Call Detail Reporting plus SugarCRM contact management with integrated dialing plus SpanDSP fax support plus Microsoft Outlook TAPI integration with a Microsoft TAPI gateway (that works!) plus Apache, PHP, SSH, SFTP, sendmail, Web Mail, and MySQL integration plus Cisco XML support (to load your contact management info into your Cisco IP phones) plus xPL for Home Automation plus H.323 NetMeeting support plus turnkey support for SIP, IAX2, auto-configuring ZAP channels, and ENUM. What we have found is that we can implement solutions for clients in a couple of minutes or hours that would have taken weeks or months to learn to do had we gone the roll-your-own route. That includes building IVR and AutoAttendant solutions literally in minutes, supporting five or more VoIP providers and numerous departments each with numerous phones of all flavors, implementing complex dialing rules, remote phone access, voicemail with email and SMS alerts, and out-of-the-box support for virtually every 3-digit calling feature provided by local Baby Bells. Are there folks that want to master calling plans, extension syntax, contexts, Linux, Apache, sendmail, MySQL, PHPmyAdmin, WebMin, Web Mail, Asterisk and all its add-on’s plus Linux dependency hell? Absolutely. But Asterisk@Home doesn’t preclude your using anything you learn. It just gives you an incredible, leveraged head start. Asterisk@Home is a deceptive moniker. It’s not stripped-down, crippled, or condensed in any way. Quite the contrary, it’s Asterisk on Steroids, plain and simple. Worked great for Major League Baseball, didn’t it? Some people, however, have complained over the name of the project. It IS possible that using this product would be difficult --if only decision makers at a company don't take well to installing their mission critical PBX by the name "Asterisk@Home". No big deal. Please read the part of the wiki that explains how to change the associated gifs and jpgs to something more "Corporate" or "Clueless Manager/Executive Friendly". Remember, this is an open source project. You cannot pull this off with Avaya or Cisco equipment. You can edit the A@H source as much as you like to meet your needs.

1.3 Current list of software in Asterisk@Home The software that is currently installed as of Asterisk@Home version 2.7 (03/13/06) is:

6

•

• •

• •

• • •

•

•

• •

•

• •

Asterisk (1.2.5) - http://www.asterisk.org/ An open source software implementation of a telephone private branch exchange (PBX). A PBX connects one or more telephones on one side to one or more telephone lines on the other side. A good example of this is a small company with 100 internal telephones sharing 20 outgoing/incoming telephone lines. A PBX can be more cost effective then having 100 direct telephone lines. AMP (1.10.010) - http://www.coalescentsystems.ca - Asterisk Management Panel is a web based GUI that allows you to easily manage Asterisk without having to edit sometimes complicated text configuration files. This package can really make a difference in learning and configuring asterisk easily. Flash Operator Panel (023.001) - http://www.asternic.org/ - Flash Operator Panel is a switchboard type application for the Asterisk PBX. It runs on a web browser with the flash plugin. It is able to display information about your PBX activity in real time. You can see what all of your extensions, trunks, and conferences are doing. You can also hang up, transfer, initiate a call or create a conference call. MPG123 Music On Hold (0.59r) - Asterisk@Home now uses native music on hold so the MP3 music on hold interface in AMP will not work. The old mpg123 is still running. If you change the config files to use MP3s you can upload with AMP. SugarCRM (4.0.1a)with Cisco XML Services interface + Click to Dial http://www.sugarcrm.com/crm/ - SugarCRM is designed to be a complete customer/contact manager. Using SugarCRM we can manage all types of communications (faxes, text messages, phone calls, emails, and even tasks and scheduling) within one single system. Otherwise all these systems are separate and isolated from each other. One way it is integrated with A@H is once you enter all your contacts all you need to do to dial them is use the "click to dial" feature without having to dial the numbers manually. Your phone rings and when you pick up, A@H calls the contact you've requested. Festival Speech Engine version (1.96) - http://festvox.org/festival/ - Festival is a speech synthesis system. It allows you to enter text that the Asterisk@Home server "reads out loud" to anyone calling the server. Using this, you can be sure the same voice is used across the whole asterisk server. Asterisk Span DSP (0.0.2pre25) (Fax Support) - Optional Software based FAX. Automatically detects and receives incoming fax (on zaptel hardware). It sends the fax as e-mail with a MIME .PDF attachment. Open A2Billing () http://www.areski.net/a2billing/ - A2Billing with Asterisk is trying to complete the needs for large, medium-sized companies and start-up who appreciate the Calling Cards business model. A2Billing allows you to craft a calling card management system over your Asterisk Server. Its powerful callingcard platform can be easily deployed with Asterisk, providing wide set of tools to manage a complex & advanced callingcard system! With A2Billing & Asterisk, prepaid/postpaid calling card services are easy to implement via a user-friendly web interface with powerful/advanced functionality. Linux CentOS (4.2 Final) - http://www.centos.org/ - CentOS is 100% compatible rebuild of the Red Hat Enterprise Linux (RHEL), in full compliance with Red Hat's redistribution requirements. CentOS 2, 3, and 4 are built from publicly available open source SRPMS provided by Red Hat. CentOS conforms fully to the upstream vendor's redistribution policies and aims to be 100% binary compatible. CentOS mainly changes packages to remove upstream vendor branding and artwork. CentOS is for people who need an enterprise level operating system with stability to match without the associated cost and support. Apache Web Server (2.0.52-22.ent.centos4) - http://www.apache.org/ - The Apache HTTP Server Project is a collaborative software development effort aimed at creating a robust, commercial-grade, feature rich, and freely-available source code implementation of an HTTP (Web) server. The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation. PHP (4.3.9) - http://www.php.net/ PHP is an open-source, reflective programming language used mainly for developing server-side applications and dynamic web content, and more recently, other software. PHPMyAdmin (2.7.0-pl2) - http://www.phpmyadmin.net/ phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Internet. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, and manage keys on fields. MySQL Database (4.1.12-3.RHEL4.1) - http://www.mysql.com/ MySQL is a multithreaded, multiuser, SQL (Structured Query Language) Database Management System (DBMS) with an estimated six million installations. MySQL AB makes MySQL available as free software under the GNU General Public License (GPL), but they also sell it under traditional commercial licensing arrangements for cases where the intended use is incompatible with use of the GPL. It is used in A@H Call Detail Reports and optional configuration information. VSFTPD (2.0.1-5.EL4.3) - http://vsftpd.beasts.org/ Very Secure FTPD is a GPL licensed FTP server for UNIX systems, including Linux. It is very secure, stable and extremely fast. sendmail (8.13.1-2) - http://www.sendmail.org/ - Sendmail is an open source mail transfer agent. A mail transfer agent or MTA (also called a mail server, or a mail exchange server in the context of the Domain Name System) is a computer program or software agent that transfers electronic mail messages from one computer to another.

7

•

OpenSSH (_3.9p1) - http://www.openssh.com/ - OpenSSH (Open Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol. It was created as an open alternative to the proprietary Secure Shell software.

• •

xPL () - We have a built in xPL connector that sends out information on Voicemail and CallerID. Integrated WebMeetMe GUI (A@H 2.7) - WebMeetMe is a front end to the MeetMe add-on. It gives users full control and the ability to monitor telephone conferences over on a web browser. Digium card auto-config (A@H 2.7) Weather agi scripts (A@H 2.7) - Weather agi scripts Fetch the weather from weather.noaa.gov. At weather.noaa.gov is the weather stored in a text file that this script downloads and converts to a sound that is sent to the phone call. Default is Andrew's home city New York;-) This covers only US locations. Wakeup calls (1.11) - Wakeup calls This is a wake up call feature. By dialing a phone number you can set the wakeup time when you would like to get a wakeup call. Cisco SIP phone support () - We have a web interface and TFTP server that can configure Cisco SIP phones like the 7960 uLaw Sound Files Java based SSH client Samba Auto-Setup Script VMware support -

• • • • • • • •

1.4 Licensing for Asterisk@Home As you can see by the above list, Asterisk@Home contains many different software packages that do not "belong" to A@H. A@H installs & configures them all using scripts that are written and maintained by Andrew. The A@H installation also configures features to make the different packages easily accessible (a good example is the A@H splash screen, the A@H password changer etc). However, you may want to make changes to fit your particular needs. This is where GPLed Open Source Software beats the pants off of ANY proprietary solutions. You can make as many changes you like as long as it fits within the licensing agreement that covers the software package you want to modify (for example AMP). This usually means releasing the changes you've made to the public. Obviously you'll have to look up the type of licensing that each of the software packages uses to understand the rules of making any changes. Most software in A@H is GPLed but it doesn't hurt to find their web sites and make absolutely sure. When it comes down to the A@H side of things, you can make as many changes as you like. Even though Andrew's scripts are not officially GPLed (yet), they are Open Sourced (you can view the scripts) and can be changed as needed. However please submit the changed scripts to Andrew so he can consider using them or not. The same goes for any A@H branding. You can change the A@H branding and turn around and sell it with your services if you like. Remember, if you make any changes to the scripts, please act as if the scripts are GPLed and release them publicly if you do improve upon them. 1.5 Licensing for the Asterisk@Home Handbook Wiki With community involvement, this handbook is growing by leaps and bounds and truly starting to shape up into a professional piece of documentation. That makes it more and more valuable which makes it also a target for wholesale copying. I've spoken to Andrew (The Project Leader and the original Author of the A@H Handbook) and we've agreed to release this handbook under the "GNU Free Documentation License". Please read this CAREFULLY before using the Handbook for any reason other than using it as a reference (selling it, copying it, etc). The licence is easy to read and will not confuse you like some EULA's I've come across. For an excellent explanation of the GPL Licence, please read http://www.gnu.org/copyleft/fdl.html. The preamble from the "GNU Free Documentation License" gives a brief description of the licence: PREAMBLE The purpose of this License is to make a manual, textbook, or other functional and useful document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or non-commercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others. This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software. We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference.

8

As per Voip-info.org's terms of service, we are releasing the Asterisk@Home Handbook Wiki releasing the under the "GNU Free Documentation License". This way the community can be assured that any work that is put into this handbook cannot be claimed by any one person or web site and is protected against wholesale copying. Voip-info's terms of service http://www.voip-info.org/terms_of_service.html states that "When you enter content into any area of this web site, unless stated otherwise, you grant voip-info.org and its affiliates a nonexclusive, royalty-free, perpetual, irrevocable, and fully sublicensable right to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and display such content throughout the world in any media." 1.6 Please do not contact Digium for support. Asterisk is a trademark of Digium Inc., and is used by permission. The Asterisk@Home project is not sponsored, endorsed, or supported by Digium, and its authors and maintainers are not affiliated with Digium. Digium does not provide free technical support for Asterisk@Home and has asked us to make sure our users understand this. Please do not contact Digium for support or post on their forums. Thanks.

Chapter 2 Installation of Asterisk@Home 2.1 Hardware Requirements The faster the system you use to run Asterisk the more simultaneous calls it will be able to handle. A 500MHz PIII with 128 Megs of RAM should easily meet the needs of the average home use. 2Gb Hard Disk minimum.

2.2 Install from an .ISO Download the latest .ISO from http://asteriskathome.sourceforge.net and burn it to a CD. Most CD burning software can burn .ISO (In Side Out) images. If anyone knows of a free CD burning utility that can burn ISO images, please list it here. a free CD burning utility that can burn ISO's: DeepBurner (www.deepburner.com) a free ISO burning utility that will burn ISO's from Windows: ISORecorder http://isorecorder.alexfeinman.com/isorecorder.htm ImgBurn is a free and very fast ISO burning utility for Windows. http://www.imgburn.com On Mac OS X 10.3/4.x use the provided Disk Utilities to burn an ISO disk. If you would perfer to purchase pre-made CDs, use this link:

•

Asterisk@Home CD's Shipped anywhere in the US for only $10.

Insert the newly created Asterisk CD into the CD-ROM or DVD-ROM drive of the system on which you want to install Asterisk@Home. Reboot the “soon to be” Asterisk system and make sure the bios of the system is set up to boot off the CD or DVD drive. Press Enter when prompted. Warning: By pressing enter, you will erase all the data on the hard drive of the PC!!! Either remove the network wire from the back of the PC or plug it into a hub or switch that has nothing else connected to it. This way we can be certain that a newly loaded A@H server is not hacked by using default passwords. After Linux has loaded, the CD will eject. Remove the CD from the system and wait for the system to reboot. Booting the system might take a while, depending on the speed of your computer. It is necessary for the system to build Asterisk from source, so be patient. Once this process is complete, log in to your new Asterisk@Home system with the following: username: root password: password

9

2.2.1 Editing files for non-Linux users To go much further you're going to have to start editing files. Many guides refer to nano which as about intelligible as Wordstar (for those who remember it). You can also edit files from the file manager in Webmin but I had a lot of problems with the Java editor locking up on me. Seking something better I found http://michigantelephone.mi.org/blog/2006/03/asteriskhome-27-unabridged.html, the appropriate part of which is reproduced here: The first thing is, after you complete the installation, do the upgrades, install Webmin, etc. you will find that you need to make changes to some configuration files. Nerd Vittles wants you to do it using a Linux text editor called nano, which I'm sure is a fine editor if you're used to it, but it can drive you a bit crazy at first if you are used to working in Windows. So bear in mind that there are a couple of things you can do at this point. One is to get Samba (support for Windows-style networking) up and running, and in this version of Asterisk@Home they actually give you a way to do that without having to resort to doing it through Webmin (which, by the way, is still considerably easier than trying to configure Samba to work on your own). Once Samba is configured, you can then treat your Asterisk@Home box as a shared resource on your local network, and you can edit files using a text editor on your Windows box, but if you do that, there are a couple of pitfalls to watch out for. The first is a thing called permissions - this is a form of security in Linux, which is a derivation of Unix, which was originally designed back in the days of time-sharing computers, when many users and many unrelated processes might be sharing the same system. Permissions are designed as a way to keep files restricted to only those people and processes that are supposed to have access to them. It would take far too much space here to go into greater detail about permissions but suffice it to say that when the permissions aren't set correctly on a file, things break. If you plan on learning anything about Linux, permissions should probably be one of the first subjects you study. Normally, if you use your Windows-based text editor to load a file in from your Asterisk box over the local network, make some changes, and save it back, the permissions won't change (but beware of changed line endings - we'll get to that in a moment). However, if you create a new file, or change the filename before saving it, or delete the original file before saving the changes, that may (probably will) change either the permissions, or the owner and user, and suddenly the file may become inaccessible to the software. Yeah, I really hate this, while folks who love Linux seem to think it's one of the best features of that operating system. Get bitten by permissions a few times (when you are scratching your head wondering why Asterisk seems to be ignoring a file that you know is there) and you will probably wish the software ran under Windows. I don't think most Linux users have any idea how foreign the concept of permissions is to a typical Windows user. So, changing a file on your Windows box may not always be such a great idea. Fortunately, there are still easier ways of doing things than sitting right at your Asterisk box and using nano. The trick is to set up a SSH client on your Windows box such as PuTTY, assuming you are not in a country where where encryption is outlawed (if you are, there are probably components of Asterisk@Home itself that may be illegal in your country). Install PuTTY and use it to connect to your Asterisk@Home box, using an appropriate user name and password (root will let you do anything on the system, but it's also the most dangerous way to operate if you don't know what you're doing). Before you connect for the first time, you may want to change a couple of configuration settings in PuTTY, so that your numeric keypad works as expected. In PuTTY configuration, open up the Terminal settings and click on Keyboard. Then make sure you have the following settings checked: The Backspace key: Control-? (127) The Home and End keys: Standard The Function keys and keypad: Xterm R6 Application keypad settings: Both should be Normal Enable extra keyboard features: Check Control-Alt is different from AltGr Click on Window and look at the scrollback buffer size - you may want to expand this a bit beyond the default (if you don't see the need now, you can always come back and do it later). Then click on Translation and look to see which option is used for "Handling of line drawing characters" - if you get display weirdness in some situations you can try changing this around (I use "Use Unicode line drawing code points" but I will not guarantee that's the best setting). Then click on Selection and note the mouse options - again you may want to change these as you get more familiar with the program, or if you already have a personal preference. You really shouldn't have to change anything else unless you're operating under special circumstances. Once you have PuTTY configured, click on Session, put the IP address of your Asterisk box in the Host name field, give this configuration a name (in the Saved Sessions text box - I suggest using the name Asterisk), then click the button to save this configuration. Now click the Open button and you should get a login prompt. Login using one of your user names and passwords that you set during installation. Once you login and are at a command prompt, it's just as if you are sitting in front of your Asterisk@Home box.

10

Now, whether you are connecting through PuTTY, or actually at your Asterisk@Home box keyboard, you can make changes to the text files from within Linux itself. You could use nano, but there's another way that many from a Windows background will consider easier, especially if you've ever used a dual-pane file manager like Norton/Windows/Total Commander (or a similar program). From the Linux command prompt, type mc -a (mc stands for Midnight Commander) and you will find yourself in front of a (hopefully) familiar environment. The -a option makes it render the line drawing characters as something at least a little more presentable when using PuTTY; you probably don't need (or want) to use that option if you're actually at your Asterisk box. In Midnight Commander, as in the Windows variants, you can highlight a file, then press or click on F4 to bring up an editor, which is probably going to work a lot more as you'd expect it to work than nano if you come from a Windows/DOS background. Remember how I talked about permissions above, and how they can give you fits? Well, you can use Midnight Commander to manage them, also. Highlight a file, then click on File (in the top menu bar), then I suggest using Advanced chown which shows both the permissions, and the owner and group settings, and allows you to easily change them. If you want to learn more about Midnight Commander, there's a FAQ here. Should you decide to edit configuration files on your Windows box, be aware that Windows normally saves text files with a carriage return and a linefeed at the end of each line, while the Linux/Unix convention is to use a linefeed only (this is the other pitfall I was referring to). If you save a configuration file with carriage returns in it, you may get all sort of unpredictable (and bad) results. So, be sure to use a text editor that will let you save files in the format Linux prefers, and then remember to save the files that way (you may have to use the "Save As" command rather than just doing a simple "Save"). Just to confuse matters, I'll mention that some other types of systems (Macs, I think) use a carriage return only to end a line. If your text editor doesn't give you an option to save files in the Linux/Unix format, it might not be able to do it. That's why it's probably better to use nano or the Midnight Commander editor to make changes in the configuration files.

2.3 Setting up your Time Zone and Keyboard layout At the CentOS command prompt, type in the following command to change your time zone and/or keyboard layout: config This script is calling two other applications : redhat-config-date CentOS 3.x system-config-date CentOS 4.x and redhat-config-keyboard CentOS 3.x system-config-keyboard CentOS 4.x Note: CentOS has changed the syntax on all configuration tools from the CentOS 4.x versions.

2.4 Install to an existing CentOS 4.2 system If you have problems with the ISO you can install onto an existing CentOS server. You can also enable other options like software RAID. Note: you will need to disable selinux for Asterisk to run. (edit /etc/selinux/config) Download CentOS 4.2 ISOs from the CentOS Mirrors. Make a directory to install from, put the install file there, and install. mkdir /var/aah_load cp asteriskathome-2.4.tar.gz /var/aah_load cd /var/aah_load tar xvfz asteriskathome-2.4.tar.gz ./install.sh

2.5 Setting up your router/firewall to work with Asterisk@Home

11

If your Asterisk@Home server isn't going to be directly connected to the internet with a permanent IP address, it will be behind some kind of router/firewall. This means your Asterisk@Home server is going to receive a private IP address (example: 192.168.*.*) and will be using NAT to communicate with the rest of the world.

2.5.1 What is NAT? According to the Wikipedia http://en.wikipedia.org/wiki/NAT the process of network address translation (NAT, also known as network masquerading or IP-masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address. According to specifications, routers should not act in this way, but many network administrators find NAT a convenient technique and use it widely. Nonetheless, NAT can introduce complications in communication between hosts. In other words your home/work router/firewall has only 1 internet IP address even though you may have 5 computers behind it. Those 5 PCs can communicate with the world at the same time only if your router/firewall is using NAT. Otherwise you'd be out of luck. The down side is sometimes NAT breaks things.

2.5.2 What is a STUN Server? From http://www.voip-info.org/wiki-STUN STUN (Simple Traversal of UDP through NATs (Network Address Translation)) is a protocol for assisting devices behind a NAT firewall or router with their packet routing. STUN enables a device to find out its public IP address and the type of NAT service its sitting behind. STUN operates on TCP and UDP port 3478. STUN is not widely supported by VOIP devices yet. STUN may use DNS SRV records to find STUN servers attached to a domain. The service name is _stun._udp or _stun._tcp Please note: The STUN RFC states: This protocol is not a cure-all for the problems associated with NAT. The problems with STUN are not design flaws in STUN. The problems in STUN have to do with the lack of standardized behaviors and controls in NATs. The result of this lack of standardization has been a proliferation of devices whose behavior is highly unpredictable, extremely variable, and uncontrollable. STUN does the best it can in such a hostile environment. Ultimately, the solution is to make the environment less hostile, and to introduce controls and standardized behaviors into NAT. However, until such time as that happens, STUN provides a good short term solution given the terrible conditions under which it is forced to operate. List of public STUN Servers that you can use stun.fwd.org (no DNS SRV record) stun01.sipphone.com (no DNS SRV record) stun.softjoys.com (no DNS SRV record) stun.voipbuster.com (no DNS SRV record) stun.voxgratia.org (no DNS SRV record) stun.xten.com stun1.noc.ams-ix.net By using a stun server in your configuration, you may avoid some NAT issues that occur. (Hey guys, when you enter a stun server on either end's configuration (asterisk & the remote phone), do you still need to mess with router/firewall port forwarding? Hell, I can't even find where to put the STUN info on the asterisk side -ginellipan) (This section needs to be flushed out. Examples of how to use/setup STUN would be most helpful. As is, not very useful to a newbie which it seem like this wiki is geared towards. — filmo) 2.5.3 What is SIP? According to the Wikipedia http://en.wikipedia.org/wiki/SIP Session Initiation Protocol (SIP) is a protocol developed by the IETF MMUSIC Working Group and proposed standard for initiating, modifying, and terminating an interactive user session that involves multimedia elements such as video, voice, instant messaging, online games, and virtual reality. In November 2000, SIP was accepted as a 3GPP signalling protocol and permanent element of the IMS architecture . It is one of the leading signalling protocols for Voice over IP, along with H.323. In other words, SIP is the protocol that most VOIP conversations are transmitted over. All you need to know is NAT breaks SIP. This is how you fix it.

12

2.5.3.1 Setting up your router/firewall so A@H can communicate with a VOIP Provider via SIP through a NAT For Asterisk@Home to communicate successfully with a VOIP provider using SIP through a NAT, you have to make sure your router/firewall forwards the following ports to your LAN/Private IP address assigned to the Asterisk@Home server. Be sure the LAN/Private address is statically assigned to the Asterisk@Home server and it is not assigned dynamically via DHCP. (see Chapter 3 for directions) Some of the following port information was garnered from http://www.voip-info.org/tiki-index.php?page=Asterisk+firewall+rules. UDP Port 5060 is for SIP communication. This is only used for setting up calls, taking down calls and so on. Some SIP resources also need the TCP ports. UDP Port 5060-5082 range is also for SIP communications but only if you have multiple SIP providers. This is why you may want to include a range instead of just the UDP 5060 port. Some phones (ie. Grandstream GXP2000) don't use the same SIP port for each subsequent line (line 1 registers with 5060, line 2 5062, line 3 5064 and line 4 5066) (thanks Alan Smith). TCP Port 5060 is for SIP but thought to be rarely used. (thanks Alan Smith) UDP Port 8000 is for "Free World Dialup" to work with the asterisk server. Any subsequent lines will use 8002, 8003, etc etc. (thanks Alan Smith). UDP Port 10000 - 20000 is for RTP - the media stream aka the voice/video channel. Here is our example: The DNS Name (or you can enter the IP Address) of the VOIP SIP provider is sip.voipcompany.com. The static LAN/Private IP address of your Asterisk@Home server is 192.168.1.2. The static WAN/Public IP address of your router is 1.2.3.4 (if you use DynamicDNS, we'll use your domain name) Enter your router/firewall configuration and add: Forward UDP Port 5060-5082 to 192.168.1.2 Forward UDP Port 10000 to 20000 to 192.168.1.2 You also need to edit the sip_nat.conf file. Inside of AMP, click Maintenance ----> Config Edit ----> sip_nat.conf. Inside of sip_nat.conf add the following and click "Update": externip = 1.2.3.4 (enter your permanent WAN/Public internet address here. Or you if you have one, you can use a DynamicDNS domain name. Obviously it's easier to get a static IP address and avoid using DynamicDNS altogether.) localnet = internal.network.address.0/255.255.255.0 (put your LAN/Private NETWORK address of your Asterisk@Home server, this is NOT the IP address of the server!!!!) To determine your local NETWORK address (NOT mask (255.255.255.0 numbers). If the IP address of the Asterisk@Home server is 192.168.1.0 If the IP address of the Asterisk@Home server is 192.168.7.0 If the IP address of the Asterisk@Home server is is 192.168.100.0

the IP address!!) you have to know a little about your subnet 192.168.1.5 255.255.255.0, then the NETWORK address is 192.168.7.2 255.255.255.0, then the NETWORK address is 192.168.100.84 255.255.255.0, then the NETWORK address

To make it really secure (some routers/firewalls may not be able to do this), try to configure the router/firewall to ONLY forward those ports from the VOIP SIP provider IP address or DNS name. This way only your VOIP SIP provider traffic gets forwarded to your NATed Asterisk@Home server. HOWEVER, if you want to have remote phones floating around on the internet (example: Your sales person has a SoftPhone that he uses to make calls and check his voicemail from hotels, other companies, hotspots, etc.) don't institute the following example!! You will obviously cut off that remote phone from being able to speak to your asterisk server. Forward UDP Port 5060-5082 to 192.168.1.2 only from sip.voipcompany.com Forward UDP Port 10,000 to 20,000 to 192.168.1.2 only from sip.voipcompany.com Here is a visual look at the setup we've created

13

(click on the picture for a full version)

2.5.3.2 Setting up your router/firewall so your remote SIP phones can communicate with your A@H Server via SIP through a NAT There will be times when you want a travelling user to be able to use their soft or hard phones with your Asterisk@Home Server. For example, your employees travel around and have a software based SIP Phone on their laptops. You want your employees to be able to connect to your asterisk server to make phone calls, listen to their messages, etc etc. I can imagine a time where hardphones will be as small and portable as cell phones but all you need to do is plug it into a network connection anywhere in the world and it'll be as if you were sitting in your office. Just wait until the hardphones also have WIFI (or cell phones with WIFI built in) and all you need to call is an open Hotspot. In this case you will need a Static Internet IP Address (or Dynamic DNS domain name) for your Asterisk@Home Server and program that info into your phones. You also have to make sure their phone's configuration knows that it may be behind a NAT when it makes the phone call to the asterisk server. Other then that, the port forwarding you did on the router/firewall that the Asterisk@Home server is behind will be enough to allow your remote users to make calls from anywhere. This is the only way SIP will work through a NAT. In the Asterisk@Home server, you will need to set the following in the extension's configuration in AMP. To do this in AMP, create an extension, THEN click on the extension after you've created it and you will see fields for "Nat" and "Qualify". You will not see these fields when you first create the extension. Please see our AMP Chapter in the handbook for more information. nat=yes This option causes Asterisk to ignore the address information in the SIP and SDP headers, and reply to the sender's IP address and port. NAT=yes enables a form of Symmetric RTP in Asterisk. set qualify=yes Syntax: qualify=xxx|no|yes Where XXX is the number of milliseconds used. If yes the default timeout is used, 2 seconds. If you turn on qualify in the configuration of a SIP device in sip.conf, Asterisk will send a SIP OPTIONS command regularly to check that the device is still online. If the device does not answer within the configured (or default) period (in ms) Asterisk considers the device off-line for future calls. This feature may also be used to keep a UDP session open to a device that is located behind a network address translator (NAT). By sending the OPTIONS request, the UDP port binding in the NAT (on the outside address of the NAT/firewall device) is maintained by sending traffic through it. If the binding were to expire, there would be no way for Asterisk to initiate a call to the SIP device. Most of the time, these softphones/hardphones have a STUN server setting you can input. Test the soft/hardphones with this setting first and see how it responds. In one case, I found that there was a significant delay when I used the STUN server on my hardphone. When I removed the STUN server, the delay disappeared. Testing is important. Here's a visual look at how your SIP Phone will connect from outside your LAN

14

(click on the picture for a full version) Here are some good examples of what you would need to do with some SIP phones (thanks Alan Smith): Xten-lite In the Sip Proxy definition Domain/Realm=1.2.3.4 (Public/WAN IP address of your router/firewall) STUN Server= (before entering your STUN server, test to see if it works without it) Sipura SPA-841 From the Advanced Admin Web page, in the SIP tab NAT Support Parameters Substitute VIA Addr:=yes EXT IP:=(Public/WAN IP address of the router/firewall that the PHONE is behind) Then in the Ext 1/2 page: NAT Settings NAT Mapping Enable:=yes Grandstream GXP-2000 Logged in as Admin, Advanced options tab: Use NAT IP = (Public/WAN IP address of the router/firewall that the PHONE is behind) Then in the ACCOUNT 1/2/3/4 page: NAT Traversal (STUN): yes 2.5.4 What is IAX? According to Wikipedia http://en.wikipedia.org/wiki/IAX IAX is the Inter-Asterisk eXchange protocol used by Asterisk. It is used to enable VoIP connections between Asterisk servers, and between servers and clients that also use the IAX protocol. IAX now most commonly refers to IAX2, the second version of the IAX protocol. The original IAX protocol has been deprecated almost universally in favor of IAX2. It is a very robust and fullfeatured yet simple as far as protocols go. It is agnostic to codecs and number of streams, meaning that it can be used as a transport for virtually any type of data. (This capability will be useful as videophones become common.) IAX2 uses a single UDP data stream (usually on port 4569) to communicate between endpoints, both for signalling and data. The voice traffic is transmitted in-band, making IAX2 easier to firewall and more likely to work behind network address translation. (This is in contrast to SIP, which uses an out-of-band RTP stream to deliver information.) IAX2 supports trunking, wherein a single link carries data and signalling for multiple channels. When trunking, data from multiple calls are merged into a single set of packets, meaning that one IP datagram can deliver information for more than one call, reducing the effective IP overhead without creating additional latency. This is a big advantage for VoIP users, where IP headers are large percentage of the bandwidth usage. The IAX2 Protocol or Inter-Asterisk Exchange Protocol was created by Mark Spencer for Asterisk for VoIP signalling. The protocol sets up internal sessions and these sessions can use whichever codec they want for voice transmission. The Inter-Asterisk Exchange protocol essentially provides control and transmission of streaming media over IP (Internet Protocol) networks. IAX is extremely flexible and can be used with any type of streaming media including video however it is mainly designed for control of IP voice calls. IAX’s design was based on many common control and transmission standards today including Session Initiation Protocol (SIP, which is the most common), Media Gateway Control Protocol (MGCP) and Real-time Transfer Protocol (RTP). The Primary goals for IAX was to minimize bandwidth used in media transmissions with particular attention

15

drawn to control and individual voice calls and to provide native support for NAT (Network Address Translation) transparency. The basic structure of IAX is that it multiplexes signalling and multiple media streams over a single UDP (user datagram protocol) stream between two computers. IAX is a binary protocol and is designed and organized in a manner to reduce overhead especially in regards to voice streams. Bandwidth efficiency in some places is sacrificed in order for bandwidth efficiency for individual voice calls.

2.5.4.1 Setting up your router/firewall so A@H can communicate with a VOIP Provider or another A@H server via IAX through a NAT For A@H to communicate successfully with a VOIP provider using IAX, you have to make sure your router/firewall forwards the following ports to the interior private IP address of the Asterisk@Home server. Unlike SIP, IAX only uses one UDP port (4569) to communicate and is very NAT friendly. This is gonna be simple. Forward UDP Port 4569 to 192.168.1.2 To make it really secure (some routers/firewalls may not be able to do this), try to configure the router/firewall to ONLY forward those ports from the VOIP IAX provider IP address or DNS name. This way only your VOIP IAX provider traffic gets forwarded to your Asterisk@Home server. For example: Forward UDP Port 4569 to 192.168.1.2 only from iax.voipcompany.com

2.5.4.2 Setting a remote router/firewall so your remote IAX phones can communicate with your A@H Server via IAX through a NAT There will be times when you want a travelling user to be able to use their soft or hard phones with your Asterisk@Home Server. For example, your employees travel around and have a software based IAX Phone on their laptops. You want your employees to be able to connect to your asterisk server to make phone calls, listen to their messages, etc etc. In this case you will need a Static Internet IP Address (or Dynamic DNS domain name) for your Asterisk@Home Server and program that info into your phones under its IAX settings. You also have to make sure their phone's configuration knows that it may be behind a NAT when it makes the phone call to the asterisk server. Other then that, the port forwarding you did on the router/firewall that the Asterisk@Home server is behind will be enough to allow your remote users to make calls from anywhere.

2.5.5 How to deal with changing internet IP addresses Some broadband ISPs use DHCP to hand out public IP addresses to their customers. This means that their customers do not receive a permanent IP address. This also means that their customers will now have a tougher time running server (like Asterisk@Home). In true internet fashion, there is a way around this. It's called Dynamic DNS.

2.5.5.1 What is DNS? According to the Wikipedia http://en.wikipedia.org/wiki/DNS the Domain Name System or DNS is a system that stores information about hostnames and domain names in a type of distributed database on networks, such as the Internet. Of the many types of information that can be stored, most importantly it provides a physical location (IP address) for each domain name, and lists the mail exchange servers accepting e-mail for each domain. The DNS provides a vital service on the Internet as it allows the transmission of technical information in a userfriendly way. While computers and network hardware work with IP addresses to perform tasks such as addressing and routing, humans generally find it easier to work with hostnames and domain names (such as www.example.com) in URLs and e-mail addresses. The DNS therefore mediates between the needs and preferences of humans and of software. In other words, instead of having to remember google's IP address (64.233.161.99) to be able to view it in a web browser, you can use www.google.com and DNS translates it into an IP address for you. This is purely a human need.

2.5.5.2 What is Dynamic DNS? According to the Wikipedia http://en.wikipedia.org/wiki/Dynamic_DNS Dynamic DNS is a system for allowing an Internet domain name to be assigned to a varying IP address. This makes it possible for other sites on the Internet to establish connections to the machine without needing to track the IP address themselves. A common use is for running server software on a computer that has a dynamic IP address (e.g., a dialup connection where a new address is assigned at each connection, or a cable or DSL service where the address is

16

changed by the internet service provider occasionally). To implement dynamic DNS it is necessary to set the maximum caching time of the domain to an unusually short period (typically a few minutes). This prevents other sites on the Internet from retaining the old address in their cache, so that they will typically contact the name server of the domain for each new connection. Dynamic DNS service is provided on a large scale by various organizations, which retain the current addresses in a database and provide a means for the user to update it as required. Some "client" programs will, when installed, operate in the background and check the IP address of the computer every few minutes. If it has changed, then it will send an update request to the service. Many routers and other networking components contain a feature such as this in their firmware. In other words, you can use a Dynamic DNS service that always points to your most recent Internet IP address that has been assigned to you by your ISP.

2.5.5.3 How do I get Dynamic DNS to work? Boy, these chapter numbers are getting long aren't they? How do you get Dynamic DNS to work? 1) Register a domain name (shameless plug: http://www.godaddy.com is really really cheap and easy) for example: mydomain.com 2) Buy a router/firewall that is compatible with Dynamic DNS. You may get lucky and find out all you need to do is upgrade your router/firewall's firmware to get this ability. 3) Head over to a web site that handles Dynamic DNS (shameless plug: http://www.dyndns.org works just fine) 4) Register mydomain.com with the site (sometimes they charge a 1 time fee for each domain name) 5) Setup your domain name according to the Dynamic DNS's sites instructions. 5) Enter your router/firewall and configure it to point its Dynamic DNS settings to the site of your choice. This way if your DHCP IP address lease runs out, and your router gets an entirely different IP address, your router will contact DynamicDNS and make the change on the fly. This way mydomain.com ALWAYS points to your router no matter what. 6) Now test to make sure mydomain.com points to the Internet IP address of your firewall/router. Call your friend and see if he can ping mydomain.com or something. 7) Now let's say you own another router (your kid's router at college). You can edit your domain at dyndns.org so college.mydomain.com points to your kid's IP address and home.mydomain.com points to your home router IP address. Both your router and your kid's router have DynamicDNS configured to update Dyndns.org if there are any changes in IP address. Pretty nifty no?

2.5.5.4 How do I use Dynamic DNS with Asterisk@Home You need to edit the sip_nat.conf file. Inside of AMP, click Maintenance ----> Config Edit ----> sip_nat.conf. Inside of sip_nat.conf add the following and click "Update": externip = home.mydomain.com (Enter your DynamicDNS domain name. Obviously it's just easier to get a static IP address and avoid using DynamicDNS altogether.) localnet = internal.network.address.0/255.255.255.0 (put your LAN/Private NETWORK address of your Asterisk@Home server, this is NOT the IP address of the server!!!!) To determine your local NETWORK address (NOT mask (255.255.255.0 numbers). If the IP address of the Asterisk@Home server is 192.168.1.0 If the IP address of the Asterisk@Home server is 192.168.7.0 If the IP address of the Asterisk@Home server is is 192.168.100.0

the IP address!!) you have to know a little about your subnet 192.168.1.5 255.255.255.0, then the NETWORK address is 192.168.7.2 255.255.255.0, then the NETWORK address is 192.168.100.84 255.255.255.0, then the NETWORK address

2.6 Putting your Asterisk@Home Server directly on the internet As you can see, it can get pretty complicated trying to get your Asterisk@Home server behind a router/firewall that is using NAT. Some people may seriously consider placing their Asterisk server directly on the internet with a static IP address. Now remember, CentOS is a very secure and stable operating system but you still have to use a firewall on the Asterisk@Home server none-the-less. Please read the IPCop or Shorewall section under Asterisk@Home add-ons.

17

2.7 How do I know what versions of software are installed on my Asterisk@Home Server? There are times when you really need to know what version of the software that is installed in A@H. Especially when you're troubleshooting a problem. Here is a quick list of instructions on how to determine that

• • • • • • • • • • • • •

• • • • • • • • • •

Asterisk - First enter the Asterisk CLI (Command Line Interface) Asterisk -r then type show version then exit using quit AMP - Enter the A@H Splash Page by typing HTTP://PutYourAsterisk@HomeIpaddressHere into a browser and click on AMP. The version is displayed in the Welcome Screen. Flash Operator Panel - Type this at the CentOS Command Line: /var/www/html/panel/op_server.pl v Music On Hold (mpg123) - Type this at the CentOS Command Line mpg123 --help SugarCRM - Enter the A@H Splash Page by typing HTTP://PutYourAsterisk@HomeIpaddressHere and click on CRM. Login to SugarCRM. Click About on the top right. The version information will then be displayed. Festival Speech Engine - Type this at the CentOS Command Line: Festival The version is at the top. Type (quit) (literally WITH the parenthesis!!!) to exit. Asterisk Span DSP Faxing - At the CentOS Command Line type: cd /var/aah_load and look for the file that begins with spandsp- and the rest is the version #. Open A2Billing - (Someone please fill this part out, I couldn't find this information) Linux CentOS - Type cat /etc/redhat-release at the command line Apache Web Server - Type this at the CentOS Command Line: rpm -q httpd PHP - Type this at the CentOS Command Line: PHP: echo "" | php PhPMyAdmin - Enter the A@H Splash Page by typing HTTP://PutYourAsterisk@HomeIpaddressHere into a browser and click on AMP, then Maintenance, then phpmyadmin. MySQL Database - Enter the A@H Splash Page by typing HTTP://PutYourAsterisk@HomeIpaddressHere into a browser and click on AMP, then Maintenance, then phpmyadmin. The MySQL version will be displayed. Another method is to type the following into your CentOS Command Line rpm -q mysql Very Secure FTPD (VSFTPD) - Type this at the CentOS Command Line: rpm -q vsftpd SendMail - Type this at the CentOS Command Line: rpm -q sendmail OpenSSH - Type ssh -V xPL - (Someone please fill this part out, I couldn't find this information) Integrated WebMeetMe GUI - This is Andrew's Code and has the same version as Asterisk@Home Digium card auto-config - This is Andrew's Code and has the same version as Asterisk@Home Weather agi scripts - This is Andrew's Code and has the same version as Asterisk@Home Wakeup calls - This is Andrew's Code and has the same version as Asterisk@Home From what I can see it's created by Andy Wysocki (Se reference under section 1.3) and the version used in A@H 2.2 is 1.02 and current version is 1.11. Comment by MatsK Cisco SIP phone support - (Someone please fill this part out, I couldn't find this information) Complete List of all Software Installed - For a complete list of all software installed in A@H type the following at the CentOS Command Line rpm -qa

2.8 Modifying the A@H branding to something more Corporate friendly There has been a long rambunctious discussion in the forums over the naming of "Asterisk@Home" or even forking the project (gasp!). Even though we all know that A@H is really asterisk on steroids, non-technical Executives or Managers may not feel secure in using a product that has the name @Home in it. There is an easy way to handle this. Change the branding on the A@H install.

If you want to replace the Asterisk@Home logo with this one just follow the instructions below. note: this script is currently busted as the .png doesnt exist on the server. At the console type : wget http://www.voip-info.org/users/415/415/images/396/aah-change-logo.sh.txt dos2unix aah-change-logo.sh.txt sh aah-change-logo.sh.txt The script does the following. - Download the Asterisk@Work logo

18

- Replace the logos - Does text search and replace

Here is the script for A@H 2.4:

(you can click on this icon, and view the file contents)

2.9 Quick Set Up guide. This is to assist with re installs The following is not for beginners. It is simply a check list for moving from one version to another. The content was originally posted on the Asterisk@Home forum on sourceforge. 2.9.1 Securing asterisk: – change default passwords, enable HTTPS and update system. passwd admin passwd-maint passwd-amp passwd-meetme nano /var/www/html/panel/op_server.cfg http://asteriskathomeip/crm login:admin/password, my account upper right hand corner yum -y install mod_ssl /etc/init.d/httpd restart yum -y update reboot

2.9.2 Rebuid zaptel driver and disable uneeded modules: (needs to be done after upgrading kernel) rebuild_zaptel genzaptelconf nano /etc/sysconfig/zaptel and uncomment your devices (use ztdummy if you do not have any hardware installed) reboot

2.9.3 When asterisk is behind a NAT do not forget to specify: in sip_nat.conf externip = X.X.X.X ;(substitute your public ip address) localnet = 192.168.X.0/255.255.255.0 ;(substitute your lan subnet address) nat=yes Ports to forward on router: 4569 TCP/UDP - iax 5004-5082 TCP/UDP - sip 10000-20000 TCP/UDP - sip

2.9.4 Choose only one trunk config. I recommend IAX2, but its only available through request at [email protected]. SIP is enabled by default by telasip Telasip trunk configuration (SIP): Oubound caller ID: "j smith" (substitute with your name and DID) Maximum channels: 2 Dialing rules: (substituting your local area code for 404 below) 404+NXXXXXX Outgoing Settings: Trunk Name: telasip-gw Peer details (using your own account name/password): allow=g726 disallow=all type=peer host=gw4.telasip.com qualify=yes insecure=very context=telasip-in username=

19

secret= Registration: youraccountname:[email protected] Telasip trunk configuration (IAX2): Oubound caller ID: "j smith" (substitute with your name and DID) Maximum channels: 2 Dialing rules: (substituting your local area code for 404 below) 404+NXXXXXX Outgoing Settings: Trunk Name: telasip-gw Peer details (using your own account name/password): allow=g726 disallow=all host=gw4.telasip.com insecure=very qualify=yes secret= trunk=yes type=peer username= Incoming Settings: User Context: User details: context=telasip-in type=user Registration: youraccountname:[email protected]

2.9.5 Configure outbound routing: Add route: outgoing Dial patterns: 1NXXNXXXXXX NXXNXXXXXX NXXXXXX Trunk sequence: 0=SIP/telasip-gw

2.9.6 Configure auto attendant to answer, play music on hold, then transfer to ring group 1 (basic): in extensions_custom.conf (under from-external-custom: ring set to ringgroup1, voicemail set to extension 200, change as needed) [from-pstn-custom] exten => _.,1,Goto(from-external-custom,attendant,1) [telasip-in] exten => _.,1,Goto(from-external-custom,attendant,1) [from-external-custom] exten => attendant,1,Answer exten => attendant,2,Wait(1) exten => attendant,3,Background(pls-wait-connect-call) exten => attendant,4,Dial(local/1@from-internal,30,mt) exten => attendant,5,VoiceMail(200@default) Configure auto attendant to answer, perform reverse lookup on incoming number, play music on hold, then transfer to ring group 1 (intermediate): cd /var/lib/asterisk/agi-bin nano calleridname.agi copy/paste/save the following: ------------------------------#!/usr/bin/perl -w use Asterisk::AGI; use LWP::UserAgent; $AGI = new Asterisk::AGI; my %input = $AGI->ReadParse();

20

my $callerid = $input{'calleridnum'}; if($callerid eq ''){ $callerid=$input{'callerid'}; } $AGI->verbose("CALLERID IS: $callerid\n"); if ($callerid =~ /^(\d{3})(\d{3})(\d{4})$/) { $npa = $1; $nxx = $2; $station = $3; $AGI->verbose("Checking $npa $nxx $station...\n"); } elsif($callerid=~/\/){ $npa = $1; $nxx = $2; $station = $3; $AGI->verbose("Checking $npa $nxx $station...\n"); } else { $AGI->verbose("Unable to parse phone number for NPA/NXX/station. Phone number is: $callerid\n"); exit(0); } #$npa='641'; #$nxx='892'; #$station='8019'; if ($name = &anywho_lookup ($npa, $nxx, $station)) { $newcallerid = "\"$name \""; $AGI->set_callerid($newcallerid); } else{ $AGI->verbose("Unable to find a lookup."); } exit(0); sub anywho_lookup { my ($npa, $nxx, $station) = @_; my $ua = LWP::UserAgent->new( timeout => 45); my $URL = 'http://www.anywho.com/qry/wp_rl'; $URL .= '?npa=' . $npa . '&telephone=' . $nxx . $station; $ua->agent('AsteriskAGIQuery/1'); my $req = new HTTP::Request GET => $URL; my $res = $ua->request($req); if ($res->is_success()) { if ($res->content =~ //s) { my $listing = $1; if ($listing =~ /(.*)/) { my $clidname = $1; return $clidname; } } } return ''; } --------------------------------------chown asterisk:asterisk calleridname.agi chmod 755 calleridname.agi in extensions_custom.conf (under from-external-custom: ring set to ringgroup1, voicemail set to extension 200, change as needed) ;create extension for chanspy exten => *888,1,Answer exten => *888,2,Wait(1)

21

exten => *888,3,ChanSpy(SIP/,q) exten => *888,4,Hangup [from-pstn-custom] exten => _.,1,Goto(from-external-custom,attendant,1) ;the zap channel skips calleridname. [telasip-in] exten => _.,1,Goto(from-external-custom,calleridname,1) [from-external-custom] exten => calleridname,1,Answer exten => calleridname,2,Wait(1) exten => calleridname,3,Background(pls-wait-connect-call) exten => calleridname,4,AGI(calleridname.agi) exten => calleridname,5,Goto(from-external-custom,attendant,4) exten => attendant,1,Answer exten => attendant,2,Wait(1) exten => attendant,3,Background(pls-wait-connect-call) exten => attendant,4,Dial(local/1@from-internal,30,mt) exten => attendant,5,VoiceMail(200@default)

2.9.7 Updating Asterisk manually (preferred so you know you are getting stable releases) *note this was put in place in case of a critical update to the Asterisk source, otherwise its not needed and only meant for advanced configurations. #clean modules rm -f /usr/lib/asterisk/modules/* #asterisk 1.2.7.1 cd /usr/src rm -rf asterisk wget http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7.1.tar.gz tar -zxvf asterisk-1.2.7.1.tar.gz mv asterisk-1.2.7.1 asterisk #zaptel 1.2.5 cd /usr/src rm -rf zaptel wget http://ftp.digium.com/pub/zaptel/releases/zaptel-1.2.5.tar.gz tar -zxvf zaptel-1.2.5.tar.gz mv zaptel-1.2.5 zaptel #libpri 1.2.2 cd /usr/src rm -rf libpri wget http://ftp.digium.com/pub/libpri/releases/libpri-1.2.2.tar.gz tar -zxvf libpri-1.2.2.tar.gz mv libpri-1.2.2 libpri #addons 1.2.2 cd /usr/src rm -rf asterisk-addons wget http://ftp.digium.com/pub/asterisk/releases/asterisk-addons-1.2.2.tar.gz tar -zxvf asterisk-addons-1.2.2.tar.gz mv asterisk-addons-1.2.2 asterisk-addons #sounds 1.2.1 cd /usr/src rm -rf asterisk-sounds wget http://ftp.digium.com/pub/asterisk/releases/asterisk-sounds-1.2.1.tar.gz tar -zxvf asterisk-sounds-1.2.1.tar.gz mv asterisk-sounds-1.2.1 asterisk-sounds #now rebuild and reboot cd /usr/src ./rebuildastsrc.sh reboot #freepbx 2.0.1

22

cd /usr/src wget http://internap.dl.sourceforge.net/sourceforge/amportal/freepbx-2.0.1.tar.gz tar -zxvf freepbx-2.0.1.tar.gz cd freepbx-2.0.1 ./install_amp amportal restart *note: you will loose the maintenance feature. use may still use "http://server/maint/index.php?" Steps for updating SVN HEAD (bleeding edge stable, not recommended?): cd /usr/src rm -f /usr/lib/asterisk/modules/* ./rm_astsrc.sh ./getastsrc_head.sh ./rebuildastsrc.sh reboot

2.9.8 Steps for installing VMWare tools: mount /media/cdrom rpm -ivh /media/cdrom/VMwareTools-e.x.p-20925.rpm (2095 might not be the latest anymore, check /media/cdrom) /etc/init.d/vmware-tools start cd /usr/bin ./vmware-config-tools.pl use listed instructions to install the vmware tools net driver nano /boot/grub/grub.conf add clock=pit to the end of the kernel initialize line configure startup/shutdown features on image 'power on virtual machine' and 'shutdown guest operating system'

2.9.9 Steps for Backup/Migrate and Restoring your server: *note: This is a minimal guide that backs up only extension/trunks and call records. Dont forget to copy over your _custom.conf files. You must first upgrade to freepbx if your still running asterisk media portal, use the script under the "manual upgrade steps" section of this guide. from your old server: install/enable the phpmyadmin module http://oldserver/admin/modules/phpmyadmin/phpMyAdmin click export hold cntrl select asterisk and asteriskcdrdb enable "save as file", click go and save the .sql file then on your new server: install/enable the phpmyadmin module http://newserver/admin/modules/phpmyadmin/phpMyAdmin use dropdown on the left frame, select asterisk. click the "drop" tab. use dropdown again, select asteriskcdrdb click the "drop" tab click import browse for your sql file, click go. php /var/www/html/admin/config.php clk_reload=true /var/www/html/admin/bounce_op.sh re-establish your *_custom files if you used them.

Chapter 3 Securing your Asterisk@Home Server While the network connection is unplugged or at least connected to a hub or switch with nothing else connected to it, we can now change our default passwords without worrying about being hacked. It's very easy to enter and control ANY type of server that have their default logins and passwords unchanged. Asterisk@Home is no different. It would be a good idea to write these passwords down and store them in a VERY secure location. It's not such a good idea to store them on your PC. 3.1 Giving your Asterisk@Home Server a static IP address

23

To change all of our default passwords, we need to give our Asterisk@Home server a static IP address. You can give it a temporary one now and change it later. It's all up to you. At the CentOS command line type: netconfig A semi-graphical screen appears that can be explored by using the "tab" button. Enter all the requested information and tab to OK once you're done. After returning to the CentOS command prompt, type: reboot To reboot the server. NOTE: Lets say you aren't confortable in just listing 1 DNS server. After all, that one DNS server in there may go down leaving A@H nothing to resolve names with. To add another DNS server (or as many as you would like) type this at the command line: nano /etc/resolv.conf This file lists the name servers for the A@H server. Go ahead and enter your name servers. For example: nameserver 64.232.128.2 nameserver 209.125.236.3 Than press CTRL-X, and type in Y, hit enter. You'll be asked for the file name you want "File Name To Write: resolv.conf", so hit enter.

3.2 Changing your default CentOS Password A@H has a nice script that helps you configure some of these passwords. The default login and password for a newly installed CentOS operating system is: Username: root Password: password At the CentOS command prompt type the following command to change your password for the root user. You'll be asked to enter your old password and to type in your new password twice. passwd

3.3 Changing your default AMP Password To access AMP type the following into your web browser: HTTP://PutYourAsterisk@HomeIpaddressHere The default login and password for a newly installed AMP is Username: maint Password: password To change the default password at the CentOS command prompt type the following command. (note, this command is not really part of CentOS but a script that comes with A@H) passwd-maint You will see the following appear: ------------------------------------------Set password for AMP web GUI and maint GUI User: maint ------------------------------------------New password: Re-type new password: Updating password for user maint It will ask for a new password. Then it will ask to confirm your new password.

24

You can also change your wwwadmin password by using passwd-amp You will see the following appear: ------------------------------------------Set password for AMP web GUI and maint GUI User: wwwadmin ------------------------------------------New password: Re-type new password: Updating password for user wwwadmin (The difference between the maint and wwwadmin accounts is that the maint will allow you full access in AMP. wwwadmin will not allow you to see the maintenance tab.)

3.4 Changing your default FOP Password The default password for a newly installed Flash Operator Panel is: (yes the letter "o" is a "zero") Password: passw0rd To change this password, log into your CentOS machine using the root login and password and enter the FOP directory by typing: cd /var/www/html/panel Using nano as the editor, open the configuration file op_server.cfg nano op_server.cfg Go to the line that says security code=passw0rd. Replace the “passw0rd” with the password of your choice. security_code=whateverpasswordyouwant Then do a CTRL-X to exit and then a "Y" to save changes. Now restart the FOP server. amportal restart

3.5 Changing your default MeetMe Password To change the default password for MeetMe type the following into the CentOS command prompt. (note, this command is not really part of CentOS but a script that comes with A@H) passwd-meetme It will ask you for your new password twice.

3.6 Changing your default System Mail Password To change the default password for System Mail type the following into the CentOS command prompt. passwd admin It will ask you for your new password twice.

3.7 Changing your default Sugar CRM Password You can access SugarCRM from your splash page by typing HTTP://PutYourAsterisk@HomeIpaddressHere into your web browser. The default login and password is as follows:

25

Login: admin Password: password To change this, click on My Account in the upper right corner, and then click the Change Password button to change your CRM password.

3.8 Securing the ALT-F9 into the Asterisk CLI console #9 feature/security risk Asterisk has a hidden feature/security risk. On the keyboard you can just press down “Alt” & “F9” simultaneously, then you get access to Asterisk console without having to logon to the actual system and with no * restrictions. This little feature can be considered a security risk if you cannot guarantee the physical security of your asterisk@home server. Go ahead and try on your console to confirm this. At your CentOS console, let's edit the "safeasterisk" file by typing the following: nano /usr/sbin/safe_asterisk change CONSOLE=yes to CONSOLE=no And while you are at it, change the email address as well so you get emails when Asterisk crashes. The line to change is #[email protected] change it to: [email protected] And you might want to change the hostname variable which specifies which machine has crashed when sending the mail notification. Make sure to remove the quotes from the line. MACHINE=yourhostname Now restart asterisk with the following command: amportal stop and then amportal start Example from /usr/sbin/safe_asterisk CONSOLE=no # Whether or not you want a console (yes/no) [email protected] # Who to notify about crashes MACHINE=yourhostname #Specify which machine has crashed in email

3.9 Placing a password on the Asterisk@Home Splash page NEW NOTE: It would be a much better idea to just install Web Admin Interface Upgrade (Admin-UI) (click for very easy step by step instructions). The Admin-UI allows you to choose what links are on the start page (I usually just have the voice mail and meetme conference on the homepage) and a password protected admin page. This is a VERY nice thing to add on to your server. The Asterisk@Home splash page is the first thing that appears in your browser when you browse to your asterisk@home's IP address. This splash page was added in Asterisk@Home to make it easier to jump to different services that are running. The splash page contains:

ƒ ƒ ƒ ƒ ƒ

Web-access to Voicemail CRM Flash Operator Panel Web MeetMe Control Asterisk Management Portal

26

It wouldn't be a bad idea to place a password on this page to stop any "curious" employees. The idea behind it this requiring Apache (the web server doing all the heavy lifting for us in CentOS) to get a login and password from a user browsing to the Asterisk@Home Splash Page. Use your own user name instead of "NewUserName". (Note: this can be a real pain because you will be constantly asked for this password when you try to navigate through these pages. Example, to access the splash page you have to enter this new password, to then click other parts of the admin and splash pages, you will find yourself retyping passwords. It can get a bit confusing). htpasswd /usr/local/apache/passwd/wwwpasswd NewUserName (Apache will prompt you for a new password for the user name you've just indicated.) New password: (Apache will prompt you to retype your new password) Re-type new password: (Apache will then confirm the new user) Adding password for user NewUserName Now you have to add the user name you've just created to the "httpd.conf" file. To edit that file in "nano" type: nano /etc/httpd/conf/httpd.conf Now do a CTRL-W to search for "AuthUser" and you'll find the area where all the users are listed (for example: "maint", your AMP user). Now add the following lines: #Password protect the Asterisk@Home Splash Page /var/www/html

AuthType Basic AuthName "Restricted Area" AuthUserFile /usr/local/apache/passwd/wwwpasswd Require user NewUserName1 NewUserName2 NewUserName3 yaddayaddayadda

To delete an Apache user, type in the following and then remove the user from the "httpd.conf" file. htpasswd -D /usr/local/apache/passwd/wwwpasswd NewUserName Then restart apache. /etc/init.d/httpd restart

3.10 Changing your default MySQL Password The default password for root is: passw0rd Enter AMP by using typing HTTP://PutYourAsterisk@HomeIpaddressHere into your web browser Click On AMP --> Click on Maintenance ---> Click on phpMyAdmin ---> Click on the Database pulldown in the left pane and choose mysql. When the tables display, click on the user table (and a check mark appears by the "user" under the "table" column). Now click the Browse Icon (the first icon under the "Action" Column. If you hover your mouse over it, it will say "Browse". The entry we care about is the second one: asterisk1.local for root user access. If your password field is blank, you’ve got a serious security problem. What this entry means in layman’s terms is anyone on the Internet can connect to your MySQL databases as root with no password. Click on the pencil beside the second record (asterisk1.local - root). When the record displays, click on the function pulldown in the password row and choose PASSWORD. Then make up a password that’s secure and enter it in the password value field. Click Go to save your update. Now click the Browse tab again and be sure an encrypted password is shown for both root user entries in the table. We don’t care about the blank password for the blank user because you’ll note that all the database privileges are set to N for this account. You are not yet complete…. myphpadmin will no longer work. To repair this simply go to /var/www/html/maint/phpMyAdmin and edit the file config.default.php. Look for : $cfgServers>'Servers'$ipassword>'password' = 'passw0rd'; // MySQL pass word (only needed Change this to match what was done above, reboot and all is right in the world again…

27

(This was cut and copied from Ward's Site. It explains what the problem is) MySQL Security Alert. Recently, we happened to look at how security was set up on MySQL with Asterisk@Home. This may also apply to those using plain-old Asterisk with the Asterisk Management Portal. In any case, you need to check your system NOW! Using the Asterisk Management Portal, go to AMP>Maintenance->phpMyAdmin. Then click on the Database pulldown in the left pane and choose mysql. When the tables display, click on the user table. Now click the Browse tab at the top of the right pane. The entry we care about is the second one: asterisk1.local for root user access. If your password field is blank, you've got a potential security problem. What this entry means in layman's terms is anyone on the Internet can connect to your MySQL databases as root with no password. The only roadblock is being able to spoof the default hostname of your Asterisk@Home server. And hostname spoofing has been a reported vulnerability of MySQL so it's just not worth taking a chance. Keep in mind that all of your VoIP account usernames and passwords are stored in a MySQL table when you use the Asterisk Management Portal (AMP). Not a healthy situation when it's your wallet that's at risk. To fix the problem permanently, just click on the pencil beside the second record. When the record displays, click on the function pulldown in the password row and choose Encrypt. Then make up a password that's secure and enter it in the password value field. Click Go to save your update. Now click the Browse tab again and be sure an encrypted password is shown for both root user entries in the table. We don't care about the blank password for the blank user because you'll note that all the database privileges are set to N for this account. Fixed! 3.11 Changing your ARI (Asterisk Recording Interface) Password ARI is a new voicemail/recording utility that comes with AMP. Users can login using their extensions and voicemail passwords by using http://Asterisk-IP-address/recordings/. To change the administrator password, in CentOS execute the following command: nano -w /var/www/html/recordings/includes/main.conf And on line 53, change your admin password within the quotes. $ari_admin_password = "ari_password";

3.11 Changing your A2Billing Password To login to Open A2Billing, go to http://Asterisk-IP-Address/a2billing Default login details are "root" and "myroot".

3.11 Changing your host name Asterisk@Home installs with a default Hostname of Asterisk1. You might want to change this to something more meaningful to you. To do this, you must edit the hostname in two files in CentOS First, edit the hosts file: nano etc/hosts You will see a line: 127.0.0.1 asterisk1.local asterisk1 localhost you can change this to: 127.0.0.1 yourname.yourdomain.com yourname localhost Second, edit the network file: nano etc/sysconfig/network Change HOSTNAME=asterisk1.local to HOSTNAME=yourname.yourdomain.com reboot

3.12 Updating patches to CentOS

28

Every OS has patches that need to be applied. Wouldn't be a bad idea to make a ghost or backup your server at this point. From the CentOS command line, run the following command: yum -y update Additionally, you could setup automatic updating; however, be aware that this could cause issues with a production system. chkconfig yum on service yum start

3.13 Backup and restore of Asterisk@Home Now when you have invested some hours and work, now it's time to secure it for the unpreventable hard disk crash. As a wise man said, "there are two types of hard drives, the one that has crashed and the one that is going to..." Backups created by AMP is stored un the folder /var/lib/asterisk/backups/daily This folder has to be created and rights have to be set. mkdir /var/lib/asterisk/backups/daily chown asterisk:asterisk /var/lib/asterisk/backups/daily

3.13.1 Backup How to create backups with AMPortal Under the menu Setup there is a submenu Backup and Restore, choose Add Backup Schedule Give the backup schedule a name and choose what parts of the system you would like it to backup. From the pulldown menu below the choices, choose Now to make a backup as soon as you push the Submit Changes button (but remember that you may want to go back and set up a regular backup schedule), choose one of the pre-made schedules to backup at a later and repetitive time, or choose Follow schedule below to make your own schedule from the menus below. Click Submit Changes to activate your backup schedule. How to manually create backups Using AMP, go to Maintenance, then Backup. Click on Download Backup. You will download an "asteriskathome_backup.tar.gz" file to your usual internet download directory. This does not backup the root, maint, amp, admin, meetme passwords but does save the FOP, SugarCRM, A2Billing, and SQL DB passwords. It also does not backup custom recordings or custom music on hold files.

3.13.2 Restore From AMP, from a scheduled backup To restore a scheduled backup, in AMP click Maintenance, then Backup & Restore, then Restore from Backup. A list of backup schedule names should appear. Find the backup you would like to restore, then click on the backup file. Choose which set of data you would like to restore, then click yes when prompted. From an asteriskathome_backup.tar.gz file Make sure you have a backup downloaded from AMP - maintenance - backup... asteriskathome_backup.tar.gz . Use Winscp(or some other file transfer) to copy the backup to the /var/lib/asterisk/backups directory on your * box. Log in as root and navigate to the directory in which you placed the backup. This next step is immediate and doesn't ask for confirmation! At the command line enter this command: restore-aah asteriskathome_backup.tar.gz

3.13.3 Backup storage Store backups on a NFS file system How to export NFS file system isn't covered here. mount linux.box.com:/var/backup /mnt/backup Connects to NFS /var/backup on linux box linux.box.com and mount it in the local directory /mnt/backup/.

29

OBS the directory /mnt/backup/ must exist! Not complete! Store backups on a Windows share How to create windows shares isn't covered here. Note by default smbclient / smbmount is not installed, run the following at the shell to install: yum -y install samba-client Smbmount is assuming that the user that is used to connect to the windows user is the user specified in the variable USER. smbmount //winbox/c /mnt/backup Connects to Windows share c on the PC winbox and mount it in the local directory /mnt/backup/. After enter the user is prompted for password. OBS the directory /mnt/backup/ must exist! smbmount //winbox/c /mnt/backup -U=WINUSER Same as the example above but here we also specify the user with the parameter -U=WINUSER After enter the user is prompted for password. smbmount //WINUSER:PASSWORD@workgroup/winbox/c /mnt/backup This example is most suited for script because there is no need to type the password

Chapter 4 Using AMP to Configure your Asterisk@Home Server 4.1 What is AMP? Using AMP (Asterisk Management Portal) we can easily configure our asterisk server. AMP provides a graphical method (through a web browser) to configure the textual configuration files that Asterisk needs to function.

4.2 How does AMP work? Here is what AMP can configure in asterisk: Incoming Calls — Specify where to send calls coming from the outside Extensions — Add extensions and set voicemail properties Ring Groups — Group extensions that should ring simultaneously Queues — Place calls into queues and allow them to be answered in order Digital Receptionist — Create voice menus to greet callers Trunks — Set up trunks to connect to the outside world Outbound Routing — Manage which trunks outbound calls go out DID Routes — Specify the destination for calls if their trunk supports direct inward dial On Hold Music — Upload MP3 files to be played while users are on hold System Recordings — Record or upload messages for specific extensions Backup and Restore — Create, back up, and restore profiles of your system General Settings — Set basic dialing, company directory, and fax settings

4.3 How to Log into AMP To log into AMP and begin making your changes, point your browser to the IP address of the Asterisk@Home Server HTTP://PutYourAsterisk@HomeIpaddressHere The default login and password of AMP is Login: maint Password: password Hopefully by this point you've already changed your password! (See Chapter 3 Securing your Asterisk@Home server)

4.3 Configuring an extension

30

1) Use a pc on your network that has a web browser and connect to your Asterisk@Home box using HTTP://PutYourAsterisk@HomeIpaddressHere. 2) Click on Asterisk Management Portal and then click setup. 3) Click Extensions then Add Extension. 4) Select the type of extension.

•

• • •

A. SIP = Session Initiation Protocol o 1a) Use the default extension 200 and type in a password for registration like "abc123". Then enter the name of the person using this extension. If you can't find the password box to enter a password, create the user, you'll then need to set the password manually in the MySQL database. Click on Maintenance and PhpMyAdmin. Go to the Asterisk database and click on the users table. Click browse and find the extension you want to set the password on. Edit the entry, select 'Password' in the row Function pulldown and enter a password. o 2a) Go down to the voicemail section, select enable, and enter a voicemail password. Use something you can type on a phone keypad like '1234'. Enter an e-mail address where you would like your voice messages sent and click add extension. Then click on the red apply bar at the top of the screen. o 3a) Set up a phone for this extension. Get a SIP phone, an X-Ten soft phone is good for testing. See the section on the X-Ten phone. remember to use your extension and extension password. o 4a) Make a call from your phone. (try *45 this is a local echo test) (correction *43) B) IAX2 = Inter Asterisk Transport version 2 C) ZAP = PSTN based hardware providing FXO/FXS operations D) Custom = Used for special types of extensions o 1d) To create a custom extension which calls an external number enter the extension number for the new extension, 1234 will work nicely. o 2d) Enter the display name for the extension, "Joe's Cell Phone" will do nicely for this o 3d) Skip down to the "Dial" field. Enter the dial details in this format: TYPE/NUMBER@TRUNK OR TYPE/TRUNK/NUMBER. For example: SIP/5555551212@telasip-gw or ZAP/4/5555551212 (both formats seem to work) o 4d) Click Submit. Click the Red Bar that appears at the top of the screen o 5d) Try calling your new extension.

There appears to be a problem defining a custom extension (AAH ver 2.6). To have an extension call an outside number, create a custom extension with the following dial string Local/phonenumber_to_call@outbound-allroutes eg A call to a UK phone might use the following dial string: Local/01144xxxxxxxxx@outbound-allroutes Here is a discussion about this issue: http://sourceforge.net/forum/forum.php?thread_id=1434318&forum_id=420324 4.4 Configuring a trunk for outbound and inbound calls Using AMP (user: admin, pass: password) ([email protected] user: wwwadmin) select setup then trunks. Click on the type of trunk you want to create. See the VOIP Service Providers section for how to configure a trunk for your provider. See Example 6 for IAX trunking to a non A@H 2.5 host.

4.5 Configuring Outbound Routing Next you need a route to allow calls from your phones to go out on a trunk. If you have more than one trunk you can set up rules to determine how a trunk is chosen for each call. Here we will set all calls to go out one trunk. Using AMP (user: admin, pass: password) ([email protected] user: wwwadmin) select setup then Outbound Routing. Type in a name for your route. Then enter the following in the dial pattern box.

1NXXNXXXXXX NXXNXXXXXX NXXXXXX

31

This will set all calls to use this route. Next go to the Trunk Sequence section. Drop down the box and select the trunk you configured earlier. Click add. That's it. Click Submit Changes and then click on the red apply bar at the top of the screen. Try dialing a number on your phone like 19197543700 (RedHat customer support) and you should hear "Welcome to RedHat" In South America, we use 00+country+areacode+number but USA use 011+country+areacode+number To replace the 011 and start dialing with 00 and have the ability to dial local numbers, you have to add the Outgoing Dial Rules in your trunk: Outgoing Dial Rules for the trunk voip: 1+NXXNXXXXXX ; this is to call to USA 011+N. ; this is to call to rest of the world 0115935+2XXXXXX ; this is for local dialing at my area 011593+NNXXXXXX ; this is for regional calls at my country Next, create 3 outbound routing (localdialing, USA, restoftheworld) For localdialing: Dial Patterns: 0|2XXXXXXX 0|3XXXXXXX 0|4XXXXXXX 0|5XXXXXXX 0|6XXXXXXX 0|7XXXXXXX 0|8XXXXXXX 0|9XXXXXXX ; this if for mobile 2XXXXXX ; this is for dialing local city numbers --Trunk Sequence: voip for USA: Dial Patterns: 001|NXXNXXXXXX 001|800XXXXXXX ; toll free numbers Trunk Sequence: voip For restoftheworld : Dial Patterns: 00|Z. Trunk Sequence: voip

4.6 Configuring Incoming Calls

32

Next you need a route to allow calls from your provider to go someplace. Using AMP (user: maint, pass: password) select setup then Incoming Calls. Under the Send Incoming Calls from the PSTN to: section drop down the box next to Extension: and select the extension 200 you created earlier. Click Submit Changes and then click on the red apply bar at the top of the screen. Call the phone number from your provider with a cell phone or other non-IP phone. Your SIP phone at extension 200 should ring.

4.7 Configuring the digital receptionist

Go to the setup-digital receptionist page. digit your extension number (ie. the number of the phone you are going to use to record the message for the receptionist). Give a name to your menu (ex. business_hours) and write the text of the message in the box below, so when recording you'll "only" have to read. By default you can give # as an option to access the directory or dial the extension wanted you know it. Remember: you have to use options numbered 1, 2 3 and so on, not real extensions (ie: ... dial 3 for the marketing ... dial 550 for the marketing is wrong). a good(tm) example would be: Welcome to Acme! Thank you for your call. Dial the extension number if you know it or dial 1 to talk with administrators, 2 for the tech zone, 3 for the store, 4 to talk with an operator or 5 to leave a message in our mailbox. dial # to access the directory. Or zero for an operator. Thank You. Note: you can have 2 digital receptionists, one for business hours and one for night hours. ex: Welcome to Acme! Thank you for your call. Our offices are open from 8 to 5, Dial 1 to talk 24/24 support 5 to leave a message in our mailbox. Thank you. dial *77 and record your message. you can listen to your just recorded message via *99. repeat until satisfied and press continue. Insert the number of options you gave on the messages (in the example 5, dial extension and # does not count) and press continue. now associate every option with the corresponding action ... (ex. 1 goes to extension 545, 2 to the queue 600, 3 to the ring group 650, 4 to 211 and 5 211's mailbox). press continue and your first digital receptionist is created. now go to the setup-incoming-call and associate this digital receptionist to wanted incoming calls.

4.7.1 How to connect a caller to a default extension when one is not chosen Currently when caller does not make a choice from the options the call is disconnected after second message. To send the caller to a default extension, add the letter "t" to the Digital Receptionist ---> Options for Menu --> Dialed Option # ----> "T" ----> Then the extension you want the caller to be sent to. 4.8 Trunking two Asterisk@Home Servers There are many ways to trunk two asterisk servers together that offer different features and ability. Below is one such configuration using IAX2. Assumptions:

• • •

The two Asterisk@Home servers are named: SystemA and SystemB SystemA uses 2XX series extensions SystemB uses 3XX series extensions

SystemA Configuration

33

1. 2.

Add extension 201 (if needed) Add new IAX2 Trunk: 1. Trunk Name: systemb 2. Peer Details:

context=from-internal host=systemb.ip qualify=yes secret=systemb-pass type=peer username=systemb-user 1. 2.

User Context: systema-user User Details:

context=from-internal host=systemb.ip secret=systema-pass type=user 1.

Create outbound route: 1. Dial Patterns: 3XX 2. trunk Sequence: IAX2/systemb

SystemB Configuration 1. 2.

Add extension 201 (if needed) Add new IAX2 Trunk: 1. Trunk Name: systema 2. Peer Details:

context=from-internal host=systema.ip qualify=yes secret=systema-pass type=peer username=systema-user 1. 2.

User Context: systemb-user User Details:

context=from-internal host=systema.ip secret=systemb-pass type=user 1.

Create outbound route: 1. Dial Patterns: 2XX 2. trunk Sequence: IAX2/systema

Note: Change "systema.ip" and "systemb.ip" to the ip addresses of your respective servers. At this point, from extension 201, dialing 301, it will trunk through IAX2 to the next extension. 4.9 "Extension Mobility" "Phone Sharing" or "Disconnecting the extension from the phone". This little AMP custimization allows the administrator to disconnect the extension from the phone. In other words, users can now "Log Into" a phone will all the associated benefits. A good example when this would be great would be when there is a day and night shift using the same phones. The night shift comes in and logs into the same phone that a day shift person had just used. Another example would be a user that skips around your compan's remote sites. They won't have to lug the hard phone with them if all they need to do is log into the nearest hard phone to gain access to their extension. Another benefit to this custimization is if you have 1 hard phone at work and 1 soft phone on your laptop with

34

the same extension (example x1234). Usually, when the hard phone registers with the asterisk server, the registration would be "stolen" away by the soft phone when the soft phone is started. All incoming calls would go straight to the soft phone. The only way to get around this OTHER than this customization would be to assign your hard phone an extension (example: x12341) and your soft phone an extesion (x12342) and then tie them together with ring group with the extension that you want (x1234). This way both phones will ring if x1234 is called. AMP fuses the user and the device into an object called an extension. We are going to un-fuse it. 4.9.1 Editing the AMP config file We have to edit the AMP configuration file. At the CentOS command line, type the following: nano /etc/amportal.conf Look for an find the AMPEXTENSIONS= setting. Right now it is set for: AMPEXTENSIONS=extensions Change this to: AMPEXTENSIONS=deviceanduser Save the file, and restart AMP by typing the following at the CentOS command line: amportal restart

4.9.2 Configuring our Users and Devices If you login to AMP, you will notice that instead of the "Extensions" menu option in "Setup", there is now "Devices" and "Users". Chapter 5 PSTN interface cards There are many types of PSTN interface cards. These can include a single FXO card to allow 1 home telephone line to be connected to Asterisk, or a T1 card that allows a digital trunk to be connected to Asterisk. All of these cards allow you to make calls directly on the Public Switch Telephone Network without having to use a VOIP phone service provider. PSTN cards can also be used to connect a PSTN (Non VOIP) phone to Asterisk. These can include a single FXS card to allow 1 home telephone to be connected to Asterisk, or a T1 card that allows a channel bank with 24 phones or a tie line to a PBX to be connected to Asterisk.

5.1 FXO Cards These cards allow you to connect a POTS (plain Old Telephone System) line to your Asterisk@Home box.

5.1.1 Digium Wildcard X100P OEM FXO PCI Card These voice modems are available on e-bay for about $10.00 They are not made by Digium and are of low quality. Having said this they can work very well in many situations. If your phone line is well balanced they will work well. If it’s not you can get some bad echoes. We recommend them only for testing not for a production system. To configure these cards for use with Asterisk@Home first use the zaptel card auto-config utility to set up the zaptel driver. Type genzaptelconf -s -d from the command line (if the card was in the system when you installed aah this already done) Next go into the AMP web interface and create a trunk. There is already a trunk called ZAP/g0 edit this Enter the phone number for you pots line in the Caller ID field Enter 1 for Maximum channels

35

Set a dial rule if you want for this trunk Select an outbound dial prefix to select this trunk when dialing Set the Zap Identifier to 1 (the default is g0) This trunk is now configured you must add a route for incoming calls or asterisk will not answer this line click on incoming calls in amp and set up an incoming route. to make outbound calls you will need an outbound route. set one up in AMP Hardware Conflicts This card is especially sensistive to hardware conflicts. I had a problem where I was unable to make outbound or inbound calls and would hear static on the POTS line when asterisk tried to play its error message. I got errors like: "Everyone is busy/congested at this time", "ZT_CHANCONFIG failed on channel 1: No such device or address", and "wcfxo: probe of 0000:00:09.0 failed with error -5". I moved the PCI card from slot 1 to slot 2 and now everything works out-of-the-box. One symptom was that the card was listed in lspci (as a Tiger Jet Network Inc. Tiger3XX Modem/ISDN interface) but wcfxo had no interrupt assigned in /proc/interrupts. If one wanted to add an automated check for this problem in the installation or a debug tool, that might be a good criterion. 5.1.2 Cisco / Linksys / Sipura SPA-3000 FXO/FXS Device The device is available for less than $100. Sipura was bought by Linksys, Linksys was bought by Cisco. The device can be used as a stand-alone item, or with Asterisk@Home. When used with Asterisk@Home, it can be used to connect to the PSTN via its FXO interface, and can also act as an ATA for an analog phone connected to its FXS interface. The following instructions have ***NO SECURITY*** features enabled. Anyone who can access the IP address of the Sipura device could make calls using your PSTN, including long-distance, international and 900 lines. You have been warned! Again, there are no security measures in place in the following instructions! Do NOT use them as-is! They are only to initially get you started with a basic, no-frills, bare-bones, quick-and-dirty, setup to get Asterisk to talk to the FXO (PSTN) interface of your Sipura SPA-3000. So... Are you going to leave them running unattended? NO!!! Are you going to use them in a testing environment for more than 2 seconds? NO!! Are you going to use them in a production environment? NO!!! NO!!! NO!!! Assumptions: 1. The devices are on the same network (1.2.3.x) 2. No physical connection to any other network, or the internet exists (no security = isolated test lab environment is a must) 3. The PSTN service is from a provider in the United States 4. The PSTN service has Caller ID 5. You only want a starting point to get the devices to communicate. Then, you'll delve in deeper and setup your own security. Prerequisites: 1. Asterisk@Home 2.5 2. Sipura SPA-3000 with the 3.1.7(GWg) firmware installed, and reset to factory defaults IP Numbering Conventions used in this example: 1.2.3.4 represents Asterisk@Home 1.2.3.5 represents Sipura SPA-3000 Here goes... For the Sipura SPA-3000 1. Access the Sipura SPA-3000's Advanced Admin page at "http://1.2.3.5/admin/advanced" 2. Click on the "PSTN Line" tab 3. Scroll down to the "Proxy and Registration" settings 4. Set "Make Call Without Reg:" to "yes" 5. Set "Ans Call Without Reg:" to "yes" 6. Scroll down to the "Dial Plans" setting 7. Set "Dial Plan 2:" to read "(S0)" 8. Scroll down to "PSTN-To-VoIP Gateway Setup" 9. Set "PSTN Ring Thru Line 1:" to "no" 10. Set "PSTN CID for VoIP CID:" to "yes"

36

11. 12. 13. 14.

Set "PSTN Caller Default DP:" to "2" Scroll down to the "FXO Timer Values (sec)" settings Set "PSTN Answer Delay" to "3" Scroll down to the bottom of the page and click "Submit All Changes"

For Asterisk@Home 1. From the AMP main page, click "Setup" 2. Click "Trunks" 3. Click "Add Trunk" 4. Click "Add SIP Trunk" 5. Scroll down to the "Outgoing Settings" section 6. Set "Trunk Name:" to "1.2.3.5" 7. Replace the default entries in "Peer Details" with: context=from-pstn host=1.2.3.5 port=5061 type=peer 8. Scroll down to the "Incoming Settings" section 9. Delete the default "User Details:", leaving it blank 10. Scroll down to the bottom of the page and click "Submit Changes" 11. Click the "You have made changes - when finished, click here to APPLY them" at the top of the page. If all goes according to plan, the SPA-3000 will detect the PSTN line when it rings, and forward it to the configuration you've set in the AMP "Incoming Calls" section. For example, if you've set it to send incoming calls to ext. 200, then ext. 200 should ring when the PSTN line rings. To avoid having Asterisk tell the Sipura to pickup the ringing line, from the Asterisk management portal "General Settings" screen set the "extension of fax machine receiving faxes" to disabled. The PSTN line will not be answered (if the PSTN caller is calling from long-distance, the PSTN caller won't be charged) until ext. 200 answers (or if you have voicemail, until the call gets routed there). If the fax option is not set to disabled, Asterisk will answer the line itself in an attempt to determine if the call is a fax, before ringing the call through to ext. 200. To make outbound calls, you'll need to configure "Outbound Routing". Instructions for outboind routing are covered elsewhere in this handbook. Remember to secure the SPA-3000 now that you've got it talking to Asterisk@Home! 5.2 FXS Cards These cards allow you to connect an Analog phone to your Asterisk@Home box.

5.2.1 Digium TDM400P FXO/FXS Card This card has 4 module ports that can be loaded with FXS or FXO modules. You can auto config this card just like the X100P. Channel 1 is the top RJ-45 on the back of the TDM400P card. Note: On some cards with only two active ports the lower two ports may be the active ones. You can check before you install the cards by noting the position of the small daughter cards adjacent to each port. Otherwise you can check after installation by noting which LED's are active on back of the card. Start by installing the card into a free PCI slot. Make certain that you connect a power cable into the card. FXO and FXS cards require power in order to power the telephone line or extension. The TDM400P range of cards use the standard 4 pin harddrive power connector, if you don't have a free power connector you can always buy the equivalent of a double adaptor. Once installed close the box up and plug a telephone line (or extension) into each port of the card (I'm not certain this is actually required). Note: the TDM400P range of cards ALL have four ports on the back, however depending on which model you bought not all ports may be usable. For instance if you purchased a two port FXO card then only the top two ports are usable. Close the PC up and turn the power on. Note: the LED's adjacent to each port will not come on util the the device has been properly configured. You can check that your Operating System recognized the card by running the following command: lspci The TDM cards are recognized as: (don't ask me why) Network controller: Tiger Jet Network Inc. Tiger3XX Modem/ISDN interface

37

Note: The easiest way to install a TDM400P card is to install it before installing Asterisk@Home. If you installed the cards after installing Asterisk@home you may have to do some additional work: The two errors I recieved are (during boot): loading Zaptel framework: FATAL: Module zaptel not found. Missing /dev/zap/ctl The following actions overcame the problem. 1. edit /etc/udev/rules.d/50-udev.rules 2. add the following lines to the bottom of the file (first check that they don't exists elsewhere) 1.

Section for zaptel device

KERNEL="zapctl", NAME="zap/ctl" KERNEL="zaptimer", NAME="zap/timer" KERNEL="zapchannel", NAME="zap/channel" KERNEL="zappseudo", NAME="zap/pseudo" KERNEL="zap0-9*", NAME="zap/%n" 3. reboot 4. execute the following command: rebuild_zaptel 5. genzaptelconf Asterisk should now be up and running. Check that the TDM card has been recongnized by running the following from the Asterisk command prompt: zap show channels You should see something simliar to : Chan Extension Context Language pseudo from-internal en 1 from-internal en 2 from-internal en

MusicOnHold

You can find some of the details describing part of the above problem here: Details on fixing the problem with a messing /dev/zap/ctl can be found here. Next check that each card is running on its own IRQ. Asterisk is quite sensitive to IRQ response times so sharing an IRQ just isn't going to work. You can check what IRQ each TDM card is operating on by running: cat /proc/interrupts TDM cards show up as 'wctdm'. If the card is on the same line as any other device then you will need to reconfigure your systems IRQ. You can also refer to http://www.asteriskguru.com/tutorials/wildcard_tdm400p.html for a good article on getting the TDM400P range of cards operating. To configure these cards for use with Asterisk@Home first use the zaptel card auto-config utility to set up the zaptel driver. Type genzaptelconf -s -d from the command line (if the card was in the system when you installed aah this is already done). Check out what the config has with: Note: -s -d arn't supported in Asterisk 1.2. Just running genzaptelconf appears to be sufficent. ztcfg -vv HINT: If you cannot see the TDM400 card's resources you must make sure it has its own UNSHARED IRQ (interrupt). It must not share an IRQ with any other device or onboard resource. There may be a way in your BIOS to change IRQs. Using a different PCI slot can also resolve this issue. Next, using config edit, look in the zapata-auto.conf file you will see a list of all your channels. Set up the trunks as trunks and the extensions as extensions in AMP. For example if your zapata-auto.conf file looks like this Span 1

38

WCTDM/0 "Wildcard TDM400P REV E/F Board 1" signalling=fxo_ks Note this is an extension. Create a ZAP extension in AMP for Channel 1 channel => 1 signalling=fxs_ks Note this is a trunk. Create a ZAP trunk in AMP for Channel 2 context=from-pstn channel => 2 then add a zap extension for channel 1 and a zap trunk for channel 2 you may have to reboot your system to get everything going. you must add a route for incoming calls or asterisk will not answer your trunk click on incoming calls in amp and set up an incoming route. to make outbound calls you will need an outbound route. Set one up in AMP.

5.3 T1/PRI Cards Setup for Digium T100P and a PRI login to the CLI as root root@asterisk1 /# cd /etc root@asterisk1 etc# nano -w zaptel.conf Add these lines to /etc/zaptel.conf span=1,1,0,esf,b8zs bchan=1-23 # set this to 1-15,17-31 for E1 dchan=24 # set this to 16 for E1 Add # to front of fxsks=1 so it looks like this: span=1,1,0,esf,b8zs bchan=1-23 # set this to 1-15,17-31 for E1 dchan=24 # set this to 16 for E1 1.

fxsks=1

loadzone = us defaultzone=us Control-X then Y to save zaptel.conf Log into Asterisk@home using a browser http://-asterisk-ip-adress/admin Then click on Maintenance Then click on Config Edit Then click on zapata.conf Comment out with ; to signalling=fxs_ks: ;signalling=fxs_ks Then copy just below it: signalling=pri_cpe ; pri_cpe = PRI slave ; pri_net = PRI master

39

switchtype=national Then add this callerid=asreceived under ;usedistinctiveringdetection=yes Change echocancelwhenbridged=yes Change echotraining=400 ; Asterisk trains to the beginning of the call, number is in milliseconds at the end of the file copy and past: channel => 1-23 ; Set this to 1-15,17-31 for E1 Click Update and Click Re-Read Config Go back to SSH root root@asterisk1 etc# modprobe wct1xxp root@asterisk1 etc# ztcfg -vv Do a shutdown and restart the system root@asterisk1 etc# shutdown -r now You just need to login via web and make your setup.

5.4 ISDN Cards Integrated Services Digital Network (ISDN) is an international standard that defines a worldwide, completely digital switched telephone network. There are many different ISDN cards and there is two main types of ISDN and they are BRI and PRI. ISDN Basic Rate Interface, or BRI. On a single pair of ordinary phone wires, BRI offers two "bearer" channels at a 64kbps or 56kbps transmission rate and one "data" channel at 16kbps. This configuration is often referred to as 2B+D. "B" is the channel that transports, in this case, the voice traffic and the "D" channel is used for signalling. There is also ISDN Primary Rate Interface or PRI. There is mainly two types of PRI, American PRI and European PRI. An American PRI offers 23 "B" channels and one "D" channel. In Europe and Asia, this service offers 30 "B" channels and one "D" channel.

5.4.1 ISDN BRI Cards There is one main difference between card types, passive cards and active cards and how do you tell the difference ? The active card has its own cpu that offload the PC's cpu and therefore they are expensive. There are also BRI cards with multiple ports.

5.4.1.1 ISDN BRI Cards with HFC chipset

5.4.1.2 ISDN BRI Cards with HFC chipset

5.4.2 ISDN PRI Cards

5.4.2.1 ISDN PRI Cards, Digium

40

5.4.2.2 ISDN PRI Cards, Sangoma

5.5 Channel banks 5.6 Tips and trick for ZAP Trunks 5.6.1 Outgoing ZAP calls missing first dialed digit

Sometimes Asterisk Dials before the Dial tone is ready. This causes the first digit to be lost and the call to fail. Usually you get a massage from the phone company telling you to "dial 1 before the number" To fix this add a "w+" to the dialing prefix in the Zap trunk this forces hardware to wait a half-second (for each "w" you put) for the dial tone before dialing digits. Chapter 6 VOIP Service Providers

There are many service providers. Some provide proxy server that make it possible to connect to other members of that provider. Other providers offer both incoming and outgoing PSTN to VOIP termination. Here are a few common providers and how to make the work with Asterisk@Home. Most providers will give you phone number and a password for that provider some will also give you a user name. If you get a real PSTN number from the provider it will be a normal 10 digit number (US providers). some providers give out shorter number that can only be used by other members of that provider. The following site provides alot of useful information regarding VOIP providers rates, connection types, and county availability VOIP Charges

6.1 Free World Dialup (FWD) Contact: http://www.freeworlddialup.com/ Service: proxy to other FWD users, Gateway to other providers Protocol: SIP or IAX Cost: free You should have a phone number (123456) and a password (wibble). You also need to have your FWD account setup for IAX. This is achieved by visiting http://www.freeworlddialup.com, logging in and turning on IAX. This is done in the "Extra Features" area of your account page. It does take a little bit of time to be set up (10 mins or so), so do that first. Once you've turned it on and clicked 'Submit' enough times (I noticed I had to click Submit two or three times before it came up with 'Changes Successful', that may have just been a temporary glitch) you're ready to proceed below. Once again, you need to be in AMP, the Asterisk Management Portal. Click on Setup up the top, but this time click on Trunks on the left. Click on Add IAX2 Trunk Outbound Caller ID should (but doesn't have to be) set to your FWD Number. This is what is displayed when you call someone else through FWD. They'd normally just see your Extension (200). Outgoing Settings Trunk Name: fwd (This is just a descriptive name, and is what appears on the left of the screen) PEER Details: (Change '123456' and 'wibble' to be your FWD Number and Password)

host=iax2.fwdnet.net type=peer username=123456 secret=wibble

41

Incoming Settings USER Context: iaxfwd (Pay attention here. Don't change it. or it won't work) USER Details (Nothing needs to be changed here, this can be pasted straight in)

allow=ulaw auth=rsa context=from-pstn disallow=all inkeys=freeworlddialup type=user Register String: should be set to yournumber:[email protected], using our examples above, it would be 123456:[email protected] Click 'Outbound Routing' from the menu, and then click 'Add Route' Name your route something like 'fwd' The dial prefix is, usually, 393 — That's 'FWD' on your phones pad. Dial Patterns: 393|X. Trunk Sequence: IAX2/fwd Click 'Submit Changes' You may have to move the trunk further up the priority list. from the asterisk command line type the following to see if the new connection is registered. iax2 show registry Assuming you've got your username and password correct, you should now be able to dial '393612', Which will read out the time to you. IF you're feeling exceptionally brave, call '393613', which is a useful little echo tester - it'll just bounce back to you everything you say to it. You can then try '393514' which is FWD's 'Coffee Lounge' - I've never actually successfully had a conversation with anyone there, however, or '39355555', which calls a random volunteer, so you can actually speak to a live person!

6.2 Free World Dialup OUT (FWD) Contact: http://www.fwdout.net/web/ Service: Gateway to other providers Protocol: IAX Cost: Share and Share Alike FWDout is The Service Formerly Known as You must read the documentation carefully and be aware that a poorly configured *@Home box can be used by other people on the fwdOUT network to make long distance calls that you may end up paying dearly for. Create an account on http://www.fwdout.net/bell-cgi/signup.cgi Once again, you need to be in AMP, the Asterisk Management Portal. Click on Setup up the top, and click on Trunks on the left. Click on Add IAX2 Trunk Outbound Caller ID should left blank Outgoing Settings Trunk Name: fwdOUT (This is just a descriptive name, and is what appears on the left of the screen) PEER Details: (Change '123456' and 'wibble' to be your fwdOUT Number and Password)

username=123456 type=peer secret=wibble host=iax.fwdOUT.net

42

Incoming Settings USER Context: iaxfwdOUT (Pay attention here. Don't change it. or it won't work) USER Details (Nothing needs to be changed here, this can be pasted straight in)

type=user inkeys=freeworlddialup disallow=all context=from-pstn auth=rsa allow=ulaw allow=gsm Register String: should be set to yournumber:[email protected], using our examples above, it would be 123456:[email protected] Click 'Outbound Routing' from the menu, and then click 'Add Route' Name your route something like 'fwdOUT' The suggested Dial prefix for fwdOUT is 394, although this is optional Dial Patterns: 394|X. Trunk Sequence: IAX2/fwdOUT Click 'Submit Changes' You may have to move the trunk further up the priority list. from the asterisk command line type the following to see if the new connection is registered. iax2 show registry If you have another provider for long distance place the fwdOUT before your providers Trunk so that outbound calls are routed through fwdOUT fwdOUT will allow you to make long distance phone calls using other people's asterisk boxes, while allowing other people to route calls through your asterisk box. The idea is that you do not pay for calls in your local area, so you can let people route calls through your server, and other people do the same for you. 6.3 VoicePulse Contact: http://connect.voicepulse.com/ Service: PSTN termination Protocol: IAX Cost: pay Once again, you need to be in AMP, the Asterisk Management Portal. Click on Setup up the top, but this time click on Trunks on the left. Click on Add IAX2 Trunk Dial Prefix 9 if you're not already Leave Default Trunk switched off (or make this the default if you want all your calls to use it) Outbound Caller ID should (but doesn't have to be) set to your VoicePulse Number. Outgoing Settings Trunk Name: voicepulse-out-01 (This is just a descriptive name) PEER Details: (Change and to be your VoicePulse Number and Password)

host=gwiaxt01.voicepulse.com secret= type=peer username= Incoming Settings USER Context: voicepulse-in-01 (Pay attention here. Don't change it. or it won't work) USER Details (Nothing needs to be changed here, this can be pasted straight in)

43

auth=rsa context=from-pstn inkeys=voicepulse01 type=user Register String: should be set to :@gwiax-in-01.voicepulse.com example (bob:abc123 @gwiax-in-01.voicepulse.com) That's it. Click on Submit Changes, and then on the big red 'You have made changes' bar and you're done. For a test make a call (try 1-800-555-1212) 6.4 Sixtel Contact: http://www.iax.cc/ Service: PSTN termination Protocol: IAX Cost: pay Iax.cc, also known as sixTel is a small VOIP termination provider that offers very low rates for inbound and outbound calls. With rates at low as 1.43 cents per minute and a good number of local and toll free numbers to choose from, sixTel is a popular choice for home and small business users. Once again, you need to be in AMP, the Asterisk Management Portal. Click on Setup up the top, but this time click on Trunks on the left. Click on Add IAX2 Trunk Use the following example to get you up and going: Outbound caller ID: "Your Name" Maximum Channels: 4 Trunk Name: sixTel Peer Details: allow=all context=ext-did host=iax2.sixtel.net secret=myPassword type=friend username=myUserName User Context: User Details: Registration String: myusername:[email protected] On the DID tab, create a new DID DID: 949XXXXXXX