I have asterisk server running and I can make calls on local network only. How difficult is it to make the server accessible over the internet? I searched for similar topics but couldn’t find anything. I assume it possible by just getting a domain and deploying the asterisk server (Just like making local website public?). Where can I find good resources/tutorials for making this happen? Forgive me, I have no idea how it works. Would I also have to change/make additional configuration settings?
Make your Asterisk listen on public IP address and you’re done. Since that your Asterisk will be accessible over Internet.
Maybe you have to set ‘externip’ parameter. In fact, we absolutely don’t know the topology of your network and don’t know if your Asterisk is behind NAT or not. It matters.
But be careful. It will become a target for attacks. Assuming you ask such questions, I guess you have to read and learn much information.
But Asterisk security is a particular topic.
Hi Lexus 45,
Thank you for your answer! Are there any instructions that I can follow for setting up the network configuration properly? I mean for different kind of network topologies. I would appreciate if you could provide me a link to those documents/web pages.
For now, I can put the Asterisk server on a public network. There is no NAT but there is a firewall on this network i.e. I have to unblock some ports manually. And I am not talking about the firewall on the Asterisk server itself. I am using PJSIP and port 5060. However, I assume this is only for incoming connection to the server, or? For outgoing connections the ports vary, right? I see that in RTP settings, there is start and end port range. Do those also need to be unblocked in firewall? And if so, how can I do that in an automated way?
Thank you very much! Any help/tip is appreciated!
The local port numbers for both send and receive are as configured in Asterisk (e.g. 5060 for SIP). The remote port numbers are determined by the remote equipment. Unless you have specific knowledge of the remote equipment configuration, you should not filter incoming traffic by source port and you should not filter outgoing traffic by destination port.
Details of the local RTP port numbers are in rtp.conf.sample.
(It is possible to let the firewall generate dynamic rules, but it is better to avoid that.
Thank you for your reply david55!
I just put it now on a public network. No port filtering. Tested with hello world from one endpoint, and it worked. I will test again tomorrow with endpoint to endpoint call. It is getting quite late at my place
When opening asterisk to the internet, you will be scanned daily by dozens of robots, testing if free calls can be placed. Be sure to correctly secure your server, there are a lot of posts about that - or be prepared to face high $$$$ bills…
My server is not for commercial purposes. At the moment there are just 10 endpoints on my server. They can only make calls to each other and making calls to outside (real phone numbers) is not implemented yet, and I am not planning to implement it anyway. Is it still dangerous if my server gets hacked?
That is up to you to decide…
Most attackers are only interested in getting past authentication and making toll calls, possibly to premium rate numbers that they own. However there may be some who want to use Asterisk to root the system and attack your internal network (or use any other software on the machine that they can access and break).
Ah ok, good to know I have just two smartphones connected to the same network, and there is almost nothing else other than Asterisk running on my PC. So, I think there is nothing to worry about.
BTW, david55, you are awesome! I see your replies and posts everywhere on this forum We appreciate it very much! And also all the others who have contributed!