New Asterisk Setup


#1

Hello all!

Well I have decided to move to the asterisk world not to knly learn but to save some money. I am currently paying 50+ dollars a month for VoIP from my ISP :open_mouth:

Any who I recently encounter a problem which is puzzling me to no end…

I acquired service from voip.ms and proceed to do an install of asterisk. I left everything default and I only made the changes as per there wiki instructed. in my sip.conf I add it the bind port and address than add it the following.

[general]                
register => xxxxx:password@houston.voip.ms:5060
  
[voipms]
canreinvite=no
context=mycontext
host=houston.voip.ms
secret=password ;your password
type=peer
username=xxxx ;your account
disallow=all
allow=ulaw
; allow=g729 ; Uncomment if you support G729
fromuser=xxxxx ;your account
trustrpid=yes
sendrpid=yes
insecure=invite
nat=yes
qualify=yes

Than I left everything default in extensions.conf and add it:

[code][mycontext]
; Make sure to include inbound prior to outbound because the _NXXNXXXXXX handler will match the incoming call and create a loop
include => voipms-inbound
include => voipms-outbound

[voipms-outbound]
exten => _1NXXNXXXXXX,1,Dial(IAX2/voipms/${EXTEN})
exten => _1NXXNXXXXXX,n,Hangup()
exten => _NXXNXXXXXX,1,Dial(IAX2/voipms/1${EXTEN})
exten => _NXXNXXXXXX,n,Hangup()
exten => _011.,1,Dial(IAX2/voipms/${EXTEN})
exten => _011.,n,Hangup()
exten => _00.,1,Dial(IAX2/voipms/${EXTEN})
exten => _00.,n,Hangup()

; inbound context example for your DID numbers, do not add the number 1 in front

[voipms-inbound]
exten => xxxxxxxxx,Answer() ;your DID[/code]

where xxxxxxxxx is my did.

Now after I reload the asterisk module I get:

SIP Peer Status:

Name/username              Host                                    Dyn Forcerport ACL Port     Status
voipms/xxxxxx              209.62.1.2                                   N      5060     OK (1 ms)
1 sip peers [Monitored: 1 online, 0 offline Unmonitored: 0 online, 0 offline]

SIP Trunk Registrations:

Host                                    dnsmgr Username       Refresh State                Reg.Time
0 SIP registrations.

Please do note that I have a pfsense fireall with siproxd installed and port 5060 forwarded with nat traversal enabled and also port 10000 to 20000 also forwarded.

Any ideas why is not working? :frowning:

TIA!


#2

Not without at least verbose CLI diagnostics from a failed call.

You may want to note that you have an option that is either no longer supported under the name you used or for which that name is deprecated, but I don’t think they would cause a problem. Although you hint at bindport, you don’t have it. That also is, at least deprecated.

You almost certainly don’t want nat=yes. ISPs like adding it to sample files because they don’t understand it.

People report lots of problems with SIPALG in routers, which is probably what siprpoxd is. It is generally better to turn such features off and configure Asterisk for a NAT environment (see an earlier reply today).

You almost certainly do want allowguest=no.


#3

First thing what I see is: You’ve configured voip.ms as a sip service (sip.conf) while You’re trying to make outbound calls via the IAX2-protocol. This won’t work! Consider to change the IAX2-Tech-declaration by SIP in Your extensions.conf.
Second is that voip.ms is not registered with the provider and even no output is given for sip show registry. Please check whether You’ve got the [general] section twice in Your config. An alternative approach would be to delete the register-line in sip.conf and use callbackextension in the peer definition instead:

[voipms] canreinvite=no context=mycontext host=houston.voip.ms secret=password ;your password type=peer username=xxxx ;your account disallow=all allow=ulaw ; allow=g729 ; Uncomment if you support G729 callbackextension=xxxx ;your account


#4

[quote=“abw1oim”]First thing what I see is:
Second is that voip.ms is not registered with the provider and even no output is given for sip show registry. Please check whether You’ve got the [general] section twice in Your config.[/quote]

AH! Bingo!

Thank you very much! I was overlapping the general config :blush: it was there twice… I am now online with a registered trunk.

Sorry about the extensions.conf it was a copy and paste from an old config. here my new one:

[code]
[mycontext]
; Make sure to include inbound prior to outbound because the _NXXNXXXXXX handler will match the incoming call and create a loop
include => voipms-inbound
include => voipms-outbound

[voipms-outbound]
exten => _1NXXNXXXXXX,1,Dial(SIP/${EXTEN}@voipms)
exten => _1NXXNXXXXXX,n,Hangup()
exten => _NXXNXXXXXX,1,Dial(SIP/1${EXTEN}@voipms)
exten => _NXXNXXXXXX,n,Hangup()
exten => _011.,1,Dial(SIP/${EXTEN}@voipms)
exten => _011.,n,Hangup()
exten => _00.,1,Dial(SIP/${EXTEN}@voipms)
exten => _00.,n,Hangup()

; inbound context example for your DID numbers, do not add the number 1 in front

[voipms-inbound]
exten => xxxxxxxxx,1,Answer() ;your DID[/code]

I do have a question. everybody keeps telling me to get away from sip and configure IAX2. Though voip.ms is telling me not to use IAX2 and to use sip… What should I use and why?

TIA!


#5

The idea behind using IAX2 instead of SIP is on the one hand, that there’s less protocoll overhead and on the other hand, that it only consumes one port for both - signalling and RTP-data. As SIP uses different ports for signalling and RTP-data where RTP-ports are even handled out dynamically it makes it a bit more complicated for firewall-configs.
But: SIP gives You (in it’s overhead) a lot of informations not available over the IAX2-protocoll-stack. Thus using SIP is the better way especially if the connection is terminated outside the VOIP-world (e.g. when You’re calling to a “classic” landline or mobile phone).
That’s why most people prefer SIP when making/receiving calls on their side by VOIP where the other endpoint is known to be non-VOIP.


#6

[quote=“abw1oim”]The idea behind using IAX2 instead of SIP is on the one hand, that there’s less protocoll overhead and on the other hand, that it only consumes one port for both - signalling and RTP-data. As SIP uses different ports for signalling and RTP-data where RTP-ports are even handled out dynamically it makes it a bit more complicated for firewall-configs.
But: SIP gives You (in it’s overhead) a lot of informations not available over the IAX2-protocoll-stack. Thus using SIP is the better way especially if the connection is terminated outside the VOIP-world (e.g. when You’re calling to a “classic” landline or mobile phone).
That’s why most people prefer SIP when making/receiving calls on their side by VOIP where the other endpoint is known to be non-VOIP.[/quote]

I see. I learn a lot today. Thank You very much.
So is not that IAX2 is more secure than SIP is just a simpler protocol to manage. correct?


#7

From security aspects, IAX2 seems to be easier to handle as most clients/attackers won’t be able/won’t try IAX2, but: relying on this would be security by obscurity.
In other words: No matter, which IP-Protocol You’re using You should always have a look at the security of Your system.
This means proper firewall-configuration surrounding asterisk and securing asterisk itself, probably supported by a log-tracker like fail2ban.
Asterisk-related security tasks could be found at Digiums sites and are rather simple once You understood how dialplan-commands works in detail and how configuration options in the several files should be used.