Asterisk@Home Handbook Wiki Chapter 2

Business PBX Solutions
Provider Solution Details
3CX Software PBX for Windows
  • Windows Software Solution
  • Easy to Install and Manage
  • Auto Configures Phones & Trunks
  • Android, iOS, Windows & Mac clients
Details
Bicom VoIP Become an ITSP Now!
  • Become a serious competitor in VoIP Immediately
  • FULL Consultancy, Installation, Training & Support
  • Sell Hosted IP PBXs, Biz Lines, Call Centre
  • Turnkey Provisioning at your data center
Details
4PSA's VoipNow Cloud Communications Platform
  • Enjoy your custom licensing plan - Pay-As-You-Grow!
  • Your fastest go-to-market solution - from deployment to billing.
  • Professional support, training and knowledge base to help you grow your business
  • On your infrastructure or cloud-based, it's up to you.
Details


Page Contents


Chapter 2 Installation of Asterisk@Home

2.1 Hardware Requirements

The faster the system you use to run Asterisk the more simultaneous calls it will be able to handle. A 500MHz PIII with 128 Megs of RAM should easily meet the needs of the average home use. 2Gb Hard Disk minimum.



2.2 Install from an .ISO

Download the latest .ISO from trixbox and burn it to a CD. Most CD burning software can burn .ISO (In Side Out) images. If anyone knows of a free CD burning utility that can burn ISO images, please list it here.
a free CD burning utility that can burn ISO's: DeepBurner http://www.deepburner.com
a free ISO burning utility that will burn ISO's from Windows: ISORecorder http://isorecorder.alexfeinman.com/isorecorder.htm
ImgBurn is a free and very fast ISO burning utility for Windows. http://www.imgburn.com
CDBurnerXP is a free application to burn CDs and DVDs, including Blu-Ray and HD-DVDs. It also includes the feature to burn and create ISOs,... free and works well. (Windows) cdburnerxp.se/ Apr 13, 2010

On Mac OS X 10.3/4.x use the provided Disk Utilities to burn an ISO disk.

If you would perfer to purchase pre-made CDs, use this link:

Insert the newly created Asterisk CD into the CD-ROM or DVD-ROM drive of the system on which you want to install Asterisk@Home. Reboot the “soon to be� Asterisk system and make sure the bios of the system is set up to boot off the CD or DVD drive. You will see the CD-ROM's boot screen with the A@H logo. At this point you can simply press Enter to begin the install (see warning below). However, if you need to pass boot-time parameters to the kernel (such as "acpi=off") you will need to prepend the word 'auto' instead of 'linux' as the text on the help screen states (i.e. "auto acpi=off" not "linux acpi=off"). This ensures that the A@H auto-installation continues as expected. If you use 'linux' by mistake, you will wind up in the normal prompted CentOS installer and A@H will not be set up for you.

So if you need to pass kernel parameters, go ahead and type them in. Otherwise just press Enter to continue with the installation.

Warning: By pressing enter, you will erase all the data on the hard drive of the PC!!!

Either remove the network wire from the back of the PC or plug it into a hub or switch that has nothing else connected to it. This way we can be certain that a newly loaded A@H server is not hacked by using default passwords.

After Linux has loaded, the CD will eject. Remove the CD from the system and wait for the system to reboot. Booting the system might take a while, depending on the speed of your computer. It is necessary for the system to build Asterisk from source, so be patient. Once this process is complete, log in to your new Asterisk@Home system with the following:

username: root
password: password

NOTE: You MUST update the trixbox install to the current version.
For example, the May 31, 2006 ISO does not include the files to run your digium board!
Updating the trixbox requires network connectivity. If there is ANY chance that someone else could get into your trixbox by any means (esp. ssh or http), you should probably edit all of the default passwords as indicated in chapter 3 before connecting to the net.

Otherwise (or after you have changed the default passwords),

netconfig to set up your IP, DNS, etc unless you have or are running under a dhcp server

trixbox-update.sh to get the current update script from the net

trixbox-update.sh update to run the update script

reboot when instructed.

It may be that if you use the trixbox-update.sh script you don't need to use yum (does anybody know?). In any case, enabling yum for an automatic update on a production machine will probably eventually have you waking up one morning to an automatically-updated system that no longer works.

Also, be aware that you can use
help-trixbox to get a list of some helpful commands


2.2.1 Editing files for non-Linux users


To go much further you're going to have to start editing files. Many guides refer to nano which as about intelligible as Wordstar (for those who remember it). You can also edit files from the file manager in Webmin but I had a lot of problems with the Java editor locking up on me. Seking something better I found http://michigantelephone.mi.org/blog/2006/03/asteriskhome-27-unabridged.html, the appropriate part of which is reproduced here:

The first thing is, after you complete the installation, do the upgrades, install Webmin, etc. you will find that you need to make changes to some configuration files. Nerd Vittles wants you to do it using a Linux text editor called nano, which I'm sure is a fine editor if you're used to it, but it can drive you a bit crazy at first if you are used to working in Windows. So bear in mind that there are a couple of things you can do at this point. One is to get Samba (support for Windows-style networking) up and running, and in this version of Asterisk@Home they actually give you a way to do that without having to resort to doing it through Webmin (which, by the way, is still considerably easier than trying to configure Samba to work on your own). Once Samba is configured, you can then treat your Asterisk@Home box as a shared resource on your local network, and you can edit files using a text editor on your Windows box, but if you do that, there are a couple of pitfalls to watch out for.

The first is a thing called permissions - this is a form of security in Linux, which is a derivation of Unix, which was originally designed back in the days of time-sharing computers, when many users and many unrelated processes might be sharing the same system. Permissions are designed as a way to keep files restricted to only those people and processes that are supposed to have access to them. It would take far too much space here to go into greater detail about permissions but suffice it to say that when the permissions aren't set correctly on a file, things break. If you plan on learning anything about Linux, permissions should probably be one of the first subjects you study.

Normally, if you use your Windows-based text editor to load a file in from your Asterisk box over the local network, make some changes, and save it back, the permissions won't change (but beware of changed line endings - we'll get to that in a moment). However, if you create a new file, or change the filename before saving it, or delete the original file before saving the changes, that may (probably will) change either the permissions, or the owner and user, and suddenly the file may become inaccessible to the software. Yeah, I really hate this, while folks who love Linux seem to think it's one of the best features of that operating system. Get bitten by permissions a few times (when you are scratching your head wondering why Asterisk seems to be ignoring a file that you know is there) and you will probably wish the software ran under Windows. I don't think most Linux users have any idea how foreign the concept of permissions is to a typical Windows user.

So, changing a file on your Windows box may not always be such a great idea. Fortunately, there are still easier ways of doing things than sitting right at your Asterisk box and using nano. The trick is to set up a SSH client on your Windows box such as PuTTY, assuming you are not in a country where where encryption is outlawed (if you are, there are probably components of Asterisk@Home itself that may be illegal in your country). Install PuTTY and use it to connect to your Asterisk@Home box, using an appropriate user name and password (root will let you do anything on the system, but it's also the most dangerous way to operate if you don't know what you're doing). Before you connect for the first time, you may want to change a couple of configuration settings in PuTTY, so that your numeric keypad works as expected.

In PuTTY configuration, open up the Terminal settings and click on Keyboard. Then make sure you have the following settings checked:

The Backspace key: Control-? (127)

The Home and End keys: Standard

The Function keys and keypad: Xterm R6

Application keypad settings: Both should be Normal

Enable extra keyboard features: Check Control-Alt is different from AltGr

Click on Window and look at the scrollback buffer size - you may want to expand this a bit beyond the default (if you don't see the need now, you can always come back and do it later). Then click on Translation and look to see which option is used for "Handling of line drawing characters" - if you get display weirdness in some situations you can try changing this around (I use "Use Unicode line drawing code points" but I will not guarantee that's the best setting). Then click on Selection and note the mouse options - again you may want to change these as you get more familiar with the program, or if you already have a personal preference.

You really shouldn't have to change anything else unless you're operating under special circumstances. Once you have PuTTY configured, click on Session, put the IP address of your Asterisk box in the Host name field, give this configuration a name (in the Saved Sessions text box - I suggest using the name Asterisk), then click the button to save this configuration.

Now click the Open button and you should get a login prompt. Login using one of your user names and passwords that you set during installation. Once you login and are at a command prompt, it's just as if you are sitting in front of your Asterisk@Home box.

Now, whether you are connecting through PuTTY, or actually at your Asterisk@Home box keyboard, you can make changes to the text files from within Linux itself. You could use nano, but there's another way that many from a Windows background will consider easier, especially if you've ever used a dual-pane file manager like Norton/Windows/Total Commander (or a similar program). From the Linux command prompt, type mc -a (mc stands for Midnight Commander) and you will find yourself in front of a (hopefully) familiar environment. The -a option makes it render the line drawing characters as something at least a little more presentable when using PuTTY; you probably don't need (or want) to use that option if you're actually at your Asterisk box.

In Midnight Commander, as in the Windows variants, you can highlight a file, then press or click on F4 to bring up an editor, which is probably going to work a lot more as you'd expect it to work than nano if you come from a Windows/DOS background.

Remember how I talked about permissions above, and how they can give you fits? Well, you can use Midnight Commander to manage them, also. Highlight a file, then click on File (in the top menu bar), then I suggest using Advanced chown which shows both the permissions, and the owner and group settings, and allows you to easily change them.

If you want to learn more about Midnight Commander, there's a FAQ here.

Should you decide to edit configuration files on your Windows box, be aware that Windows normally saves text files with a carriage return and a linefeed at the end of each line, while the Linux/Unix convention is to use a linefeed only (this is the other pitfall I was referring to). If you save a configuration file with carriage returns in it, you may get all sort of unpredictable (and bad) results. So, be sure to use a text editor that will let you save files in the format Linux prefers, and then remember to save the files that way (you may have to use the "Save As" command rather than just doing a simple "Save"). Just to confuse matters, I'll mention that some other types of systems (Macs, I think) use a carriage return only to end a line. If your text editor doesn't give you an option to save files in the Linux/Unix format, it might not be able to do it. That's why it's probably better to use nano or the Midnight Commander editor to make changes in the configuration files.






2.3 Setting up your Time Zone and Keyboard layout

At the CentOS command prompt, type in the following command to change your time zone and/or keyboard layout:

config

This script is calling two other applications :

redhat-config-date CentOS 3.x

system-config-date CentOS 4.x

and

redhat-config-keyboard CentOS 3.x

system-config-keyboard CentOS 4.x

Note: CentOS has changed the syntax on all configuration tools from the CentOS 4.x versions.



2.4 Install to an existing CentOS 4.2 system

If you have problems with the ISO you can install onto an existing CentOS server. You can also enable other options like software RAID.

Note: you will need to disable selinux for Asterisk to run. (edit /etc/selinux/config)

Download CentOS 4.2 ISOs from the CentOS Mirrors. Make a directory to install from, put the install file there, and install.

mkdir /var/aah_load

cp asteriskathome-2.4.tar.gz /var/aah_load

cd /var/aah_load

tar xvfz asteriskathome-2.4.tar.gz

./install.sh


2.5 Setting up your router/firewall to work with Asterisk@Home

If your Asterisk@Home server isn't going to be directly connected to the internet with a permanent IP address, it will be behind some kind of router/firewall. This means your Asterisk@Home server is going to receive a private IP address (example: 192.168.*.*) and will be using NAT to communicate with the rest of the world.


2.5.1 What is NAT?

According to the Wikipedia http://en.wikipedia.org/wiki/NAT the process of network address translation (NAT, also known as network masquerading or IP-masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address. According to specifications, routers should not act in this way, but many network administrators find NAT a convenient technique and use it widely. Nonetheless, NAT can introduce complications in communication between hosts.

In other words your home/work router/firewall has only 1 internet IP address even though you may have 5 computers behind it. Those 5 PCs can communicate with the world at the same time only if your router/firewall is using NAT. Otherwise you'd be out of luck. The down side is sometimes NAT breaks things.


2.5.2 What is a STUN Server?

From http://www.voip-info.org/wiki-STUN
  • STUN (Simple Traversal of UDP through NATs (Network Address Translation)) is a protocol for assisting devices behind a NAT firewall or router with their packet routing.
  • STUN enables a device to find out its public IP address and the type of NAT service its sitting behind.
  • STUN operates on TCP and UDP port 3478.
  • STUN is not widely supported by VOIP devices yet.
  • STUN may use DNS SRV records to find STUN servers attached to a domain. The service name is _stun._udp or _stun._tcp

Please note: The STUN RFC states: This protocol is not a cure-all for the problems associated with NAT. The problems with STUN are not design flaws in STUN. The problems in STUN have to do with the lack of standardized behaviors and controls in NATs. The result of this lack of standardization has been a proliferation of devices whose behavior is highly unpredictable, extremely variable, and uncontrollable. STUN does the best it can in such a hostile environment. Ultimately, the solution is to make the environment less hostile, and to introduce controls and standardized behaviors into NAT. However, until such time as that happens, STUN provides a good short term solution given the terrible conditions under which it is forced to operate.

List of public STUN Servers that you can use

  • stun.fwd.org (no DNS SRV record)
  • stun01.sipphone.com (no DNS SRV record)
  • stun.softjoys.com (no DNS SRV record)
  • stun.voipbuster.com (no DNS SRV record)
  • stun.voxgratia.org (no DNS SRV record)
  • stun.xten.com
  • stun1.noc.ams-ix.net

By using a stun server in your configuration, you may avoid some NAT issues that occur.

(Hey guys, when you enter a stun server on either end's configuration (asterisk & the remote phone), do you still need to mess with router/firewall port forwarding? Hell, I can't even find where to put the STUN info on the asterisk side -ginellipan)

(This section needs to be flushed out. Examples of how to use/setup STUN would be most helpful. As is, not very useful to a newbie which it seem like this wiki is geared towards. — filmo)

2.5.3 What is SIP?

According to the Wikipedia http://en.wikipedia.org/wiki/SIP Session Initiation Protocol (SIP) is a protocol developed by the IETF MMUSIC Working Group and proposed standard for initiating, modifying, and terminating an interactive user session that involves multimedia elements such as video, voice, instant messaging, online games, and virtual reality. In November 2000, SIP was accepted as a 3GPP signalling protocol and permanent element of the IMS architecture . It is one of the leading signalling protocols for Voice over IP, along with H.323.

In other words, SIP is the protocol that most VOIP conversations are transmitted over. All you need to know is NAT breaks SIP. This is how you fix it.


2.5.3.1 Setting up your router/firewall so A@H can communicate with a VOIP Provider via SIP through a NAT

For Asterisk@Home to communicate successfully with a VOIP provider using SIP through a NAT, you have to make sure your router/firewall forwards the following ports to your LAN/Private IP address assigned to the Asterisk@Home server. Be sure the LAN/Private address is statically assigned to the Asterisk@Home server and it is not assigned dynamically via DHCP. (see Chapter 3 for directions) Some of the following port information was garnered from http://www.voip-info.org/tiki-index.php?page=Asterisk+firewall+rules.

UDP Port 5060 is for SIP communication. This is only used for setting up calls, taking down calls and so on. Some SIP resources also need the TCP ports.

UDP Port 5060-5082 range is also for SIP communications but only if you have multiple SIP providers. This is why you may want to include a range instead of just the UDP 5060 port. Some phones (ie. Grandstream GXP-2000) don't use the same SIP port for each subsequent line (line 1 registers with 5060, line 2 5062, line 3 5064 and line 4 5066) (thanks Alan Smith).

TCP Port 5060 is for SIP but thought to be rarely used. (thanks Alan Smith)

UDP Port 8000 is for "Free World Dialup" to work with the asterisk server. Any subsequent lines will use 8002, 8003, etc etc. (thanks Alan Smith).

UDP Port 10000 - 20000 is for RTP - the media stream aka the voice/video channel.

Here is our example:
The DNS Name (or you can enter the IP Address) of the VOIP SIP provider is sip.voipcompany.com.
The static LAN/Private IP address of your Asterisk@Home server is 192.168.1.2.
The static WAN/Public IP address of your router is 1.2.3.4 (if you use DynamicDNS, we'll use your domain name)

Enter your router/firewall configuration and add:

Forward UDP Port 5060-5082 to 192.168.1.2

Forward UDP Port 10000 to 20000 to 192.168.1.2

You also need to edit the sip_nat.conf file.
Inside of AMP, click Maintenance ----> Config Edit ----> sip_nat.conf. Inside of sip_nat.conf add the following and click "Update":

externip = 1.2.3.4 (enter your permanent WAN/Public internet address here. Or you if you have one, you can use a DynamicDNS domain name. Obviously it's easier to get a static IP address and avoid using DynamicDNS altogether.)

If you are using a dynamic dns domain name, you should rather use:

externhost = home.mydomain.com

externrefresh = 5 (which means lookup hostname every 5 minutes to refresh ip adress)

localnet = internal.network.address.0/255.255.255.0 (put your LAN/Private NETWORK address of your Asterisk@Home server, this is NOT the IP address of the server!!!!)


To determine your local NETWORK address (NOT the IP address!!) you have to know a little about your subnet mask (255.255.255.0 numbers).

If the IP address of the Asterisk@Home server is 192.168.1.5 255.255.255.0, then the NETWORK address is 192.168.1.0

If the IP address of the Asterisk@Home server is 192.168.7.2 255.255.255.0, then the NETWORK address is 192.168.7.0

If the IP address of the Asterisk@Home server is 192.168.100.84 255.255.255.0, then the NETWORK address is 192.168.100.0

To make it really secure (some routers/firewalls may not be able to do this), try to configure the router/firewall to ONLY forward those ports from the VOIP SIP provider IP address or DNS name. This way only your VOIP SIP provider traffic gets forwarded to your NATed Asterisk@Home server. HOWEVER, if you want to have remote phones floating around on the internet (example: Your sales person has a SoftPhone that he uses to make calls and check his voicemail from hotels, other companies, hotspots, etc.) don't institute the following example!! You will obviously cut off that remote phone from being able to speak to your asterisk server.

Forward UDP Port 5060-5082 to 192.168.1.2 only from sip.voipcompany.com

Forward UDP Port 10,000 to 20,000 to 192.168.1.2 only from sip.voipcompany.com

Here is a visual look at the setup we've created


Image

(click on the picture for a full version)



2.5.3.2 Setting up your router/firewall so your remote SIP phones can communicate with your A@H Server via SIP through a NAT

There will be times when you want a travelling user to be able to use their soft or hard phones with your Asterisk@Home Server. For example, your employees travel around and have a software based SIP Phone on their laptops. You want your employees to be able to connect to your asterisk server to make phone calls, listen to their messages, etc etc.

I can imagine a time where hardphones will be as small and portable as cell phones but all you need to do is plug it into a network connection anywhere in the world and it'll be as if you were sitting in your office. Just wait until the hardphones also have WIFI (or cell phones with WIFI built in) and all you need to call is an open Hotspot.

In this case you will need a Static Internet IP Address (or Dynamic DNS domain name) for your Asterisk@Home Server and program that info into your phones. You also have to make sure their phone's configuration knows that it may be behind a NAT when it makes the phone call to the asterisk server. Other then that, the port forwarding you did on the router/firewall that the Asterisk@Home server is behind will be enough to allow your remote users to make calls from anywhere. This is the only way SIP will work through a NAT.

In the Asterisk@Home server, you will need to set the following in the extension's configuration in AMP.

To do this in AMP, create an extension, THEN click on the extension after you've created it and you will see fields for "Nat" and "Qualify". You will not see these fields when you first create the extension. Please see our AMP Chapter in the handbook for more information.

nat=yes
This option causes Asterisk to ignore the address information in the SIP and SDP headers, and reply to the sender's IP address and port. NAT=yes enables a form of Symmetric RTP in Asterisk.

set qualify=yes
Syntax: qualify=xxx|no|yes
Where XXX is the number of milliseconds used. If yes the default timeout is used, 2 seconds. If you turn on qualify in the configuration of a SIP device in sip.conf, Asterisk will send a SIP OPTIONS command regularly to check that the device is still online. If the device does not answer within the configured (or default) period (in ms) Asterisk considers the device off-line for future calls.

This feature may also be used to keep a UDP session open to a device that is located behind a network address translator (NAT). By sending the OPTIONS request, the UDP port binding in the NAT (on the outside address of the NAT/firewall device) is maintained by sending traffic through it. If the binding were to expire, there would be no way for Asterisk to initiate a call to the SIP device.

Most of the time, these softphones/hardphones have a STUN server setting you can input. Test the soft/hardphones with this setting first and see how it responds. In one case, I found that there was a significant delay when I used the STUN server on my hardphone. When I removed the STUN server, the delay disappeared. Testing is important.

Here's a visual look at how your SIP Phone will connect from outside your LAN


Image

(click on the picture for a full version)


Here are some good examples of what you would need to do with some SIP phones (thanks Alan Smith):

Xten-lite
In the Sip Proxy definition
Domain/Realm=1.2.3.4 (Public/WAN IP address of your router/firewall)
STUN Server= (before entering your STUN server, test to see if it works without it)

Sipura SPA-841
From the Advanced Admin Web page, in the SIP tab
NAT Support Parameters
Substitute VIA Addr:=yes
EXT IP:=(Public/WAN IP address of the router/firewall that the PHONE is behind)

Then in the Ext 1/2 page:
NAT Settings
NAT Mapping Enable:=yes

Grandstream GXP-2000
Logged in as Admin, Advanced options tab:
Use NAT IP = (Public/WAN IP address of the router/firewall that the PHONE is behind)
Then in the ACCOUNT 1/2/3/4 page:
NAT Traversal (STUN): yes

2.5.4 What is IAX?

According to Wikipedia http://en.wikipedia.org/wiki/IAX IAX is the Inter-Asterisk eXchange protocol used by Asterisk. It is used to enable VoIP connections between Asterisk servers, and between servers and clients that also use the IAX protocol. IAX now most commonly refers to IAX2, the second version of the IAX protocol. The original IAX protocol has been deprecated almost universally in favor of IAX2. It is a very robust and full-featured yet simple as far as protocols go. It is agnostic to codecs and number of streams, meaning that it can be used as a transport for virtually any type of data. (This capability will be useful as videophones become common.)

IAX2 uses a single UDP data stream (usually on port 4569) to communicate between endpoints, both for signalling and data. The voice traffic is transmitted in-band, making IAX2 easier to firewall and more likely to work behind network address translation. (This is in contrast to SIP, which uses an out-of-band RTP stream to deliver information.)

IAX2 supports trunking, wherein a single link carries data and signalling for multiple channels. When trunking, data from multiple calls are merged into a single set of packets, meaning that one IP datagram can deliver information for more than one call, reducing the effective IP overhead without creating additional latency. This is a big advantage for VoIP users, where IP headers are large percentage of the bandwidth usage.


The IAX2 Protocol or Inter-Asterisk Exchange Protocol was created by Mark Spencer for Asterisk for VoIP signalling. The protocol sets up internal sessions and these sessions can use whichever codec they want for voice transmission. The Inter-Asterisk Exchange protocol essentially provides control and transmission of streaming media over IP (Internet Protocol) networks. IAX is extremely flexible and can be used with any type of streaming media including video however it is mainly designed for control of IP voice calls. IAX’s design was based on many common control and transmission standards today including Session Initiation Protocol (SIP, which is the most common), Media Gateway Control Protocol (MGCP) and Real-time Transfer Protocol (RTP).

The Primary goals for IAX was to minimize bandwidth used in media transmissions with particular attention drawn to control and individual voice calls and to provide native support for NAT (Network Address Translation) transparency. The basic structure of IAX is that it multiplexes signalling and multiple media streams over a single UDP (user datagram protocol) stream between two computers. IAX is a binary protocol and is designed and organized in a manner to reduce overhead especially in regards to voice streams. Bandwidth efficiency in some places is sacrificed in order for bandwidth efficiency for individual voice calls.


2.5.4.1 Setting up your router/firewall so A@H can communicate with a VOIP Provider or another A@H server via IAX through a NAT

For A@H to communicate successfully with a VOIP provider using IAX, you have to make sure your router/firewall forwards the following ports to the interior private IP address of the Asterisk@Home server. Unlike SIP, IAX only uses one UDP port (4569) to communicate and is very NAT friendly. This is gonna be simple.

Forward UDP Port 4569 to 192.168.1.2

To make it really secure (some routers/firewalls may not be able to do this), try to configure the router/firewall to ONLY forward those ports from the VOIP IAX provider IP address or DNS name. This way only your VOIP IAX provider traffic gets forwarded to your Asterisk@Home server. For example:

Forward UDP Port 4569 to 192.168.1.2 only from iax.voipcompany.com


2.5.4.2 Setting a remote router/firewall so your remote IAX phones can communicate with your A@H Server via IAX through a NAT

There will be times when you want a travelling user to be able to use their soft or hard phones with your Asterisk@Home Server. For example, your employees travel around and have a software based IAX Phone on their laptops. You want your employees to be able to connect to your asterisk server to make phone calls, listen to their messages, etc etc.

In this case you will need a Static Internet IP Address (or Dynamic DNS domain name) for your Asterisk@Home Server and program that info into your phones under its IAX settings. You also have to make sure their phone's configuration knows that it may be behind a NAT when it makes the phone call to the asterisk server. Other then that, the port forwarding you did on the router/firewall that the Asterisk@Home server is behind will be enough to allow your remote users to make calls from anywhere.


2.5.5 How to deal with changing internet IP addresses

Some broadband ISPs use DHCP to hand out public IP addresses to their customers. This means that their customers do not receive a permanent IP address. This also means that their customers will now have a tougher time running server (like Asterisk@Home). In true internet fashion, there is a way around this. It's called Dynamic DNS.


2.5.5.1 What is DNS?

According to the Wikipedia http://en.wikipedia.org/wiki/DNS the Domain Name System or DNS is a system that stores information about hostnames and domain names in a type of distributed database on networks, such as the Internet. Of the many types of information that can be stored, most importantly it provides a physical location (IP address) for each domain name, and lists the mail exchange servers accepting e-mail for each domain.

The DNS provides a vital service on the Internet as it allows the transmission of technical information in a user-friendly way. While computers and network hardware work with IP addresses to perform tasks such as addressing and routing, humans generally find it easier to work with hostnames and domain names (such as www.example.com) in URLs and e-mail addresses. The DNS therefore mediates between the needs and preferences of humans and of software.

In other words, instead of having to remember google's IP address (64.233.161.99) to be able to view it in a web browser, you can use www.google.com and DNS translates it into an IP address for you. This is purely a human need.


2.5.5.2 What is Dynamic DNS?

According to the Wikipedia http://en.wikipedia.org/wiki/Dynamic_DNS Dynamic DNS is a system for allowing an Internet domain name to be assigned to a varying IP address. This makes it possible for other sites on the Internet to establish connections to the machine without needing to track the IP address themselves. A common use is for running server software on a computer that has a dynamic IP address (e.g., a dialup connection where a new address is assigned at each connection, or a cable or DSL service where the address is changed by the internet service provider occasionally).

To implement dynamic DNS it is necessary to set the maximum caching time of the domain to an unusually short period (typically a few minutes). This prevents other sites on the Internet from retaining the old address in their cache, so that they will typically contact the name server of the domain for each new connection.

Dynamic DNS service is provided on a large scale by various organizations, which retain the current addresses in a database and provide a means for the user to update it as required. Some "client" programs will, when installed, operate in the background and check the IP address of the computer every few minutes. If it has changed, then it will send an update request to the service. Many routers and other networking components contain a feature such as this in their firmware.

In other words, you can use a Dynamic DNS service that always points to your most recent Internet IP address that has been assigned to you by your ISP.


2.5.5.3 How do I get Dynamic DNS to work?

Boy, these chapter numbers are getting long aren't they? How do you get Dynamic DNS to work?

  1. Register a domain name (shameless plug: http://www.godaddy.com is really really cheap and easy) for example: mydomain.com
  2. Buy a router/firewall that is compatible with Dynamic DNS. You may get lucky and find out all you need to do is upgrade your router/firewall's firmware to get this ability.
  3. Head over to a web site that handles Dynamic DNS (shameless plug: http://www.dyndns.org works just fine)
  4. Register mydomain.com with the site (sometimes they charge a 1 time fee for each domain name)
  5. Setup your domain name according to the Dynamic DNS's sites instructions.
  6. Enter your router/firewall and configure it to point its Dynamic DNS settings to the site of your choice. This way if your DHCP IP address lease runs out, and your router gets an entirely different IP address, your router will contact DynamicDNS and make the change on the fly. This way mydomain.com ALWAYS points to your router no matter what.
  7. Now test to make sure mydomain.com points to the Internet IP address of your firewall/router. Call your friend and see if he can ping mydomain.com or something.
  8. Now let's say you own another router (your kid's router at college). You can edit your domain at dyndns.org so college.mydomain.com points to your kid's IP address and home.mydomain.com points to your home router IP address. Both your router and your kid's router have DynamicDNS configured to update Dyndns.org if there are any changes in IP address. Pretty nifty no?


2.5.5.4 How do I use Dynamic DNS with Asterisk@Home

You need to edit the sip_nat.conf file. Inside of AMP, click Maintenance ----> Config Edit ----> sip_nat.conf. Inside of sip_nat.conf add the following and click "Update":

externip = home.mydomain.com (Enter your DynamicDNS domain name. Obviously it's just easier to get a static IP address and avoid using DynamicDNS altogether.)

If you are using a dynamic dns domain name, you should rather use:

externhost = home.mydomain.com

externrefresh = 5 (which means lookup hostname every 5 minutes to refresh ip adress)

localnet = internal.network.address.0/255.255.255.0 (put your LAN/Private NETWORK address of your Asterisk@Home server, this is NOT the IP address of the server!!!!)

To determine your local NETWORK address (NOT the IP address!!) you have to know a little about your subnet mask (255.255.255.0 numbers).

If the IP address of the Asterisk@Home server is 192.168.1.5 255.255.255.0, then the NETWORK address is 192.168.1.0

If the IP address of the Asterisk@Home server is 192.168.7.2 255.255.255.0, then the NETWORK address is 192.168.7.0

If the IP address of the Asterisk@Home server is 192.168.100.84 255.255.255.0, then the NETWORK address is 192.168.100.0





2.6 Putting your Asterisk@Home Server directly on the internet

As you can see, it can get pretty complicated trying to get your Asterisk@Home server behind a router/firewall that is using NAT. Some people may seriously consider placing their Asterisk server directly on the internet with a static IP address. Now remember, CentOS is a very secure and stable operating system but you still have to use a firewall on the Asterisk@Home server none-the-less. Please read the IPCop or Shorewall section under Asterisk@Home add-ons.


2.7 How do I know what versions of software are installed on my Asterisk@Home Server?

There are times when you really need to know what version of the software that is installed in A@H. Especially when you're troubleshooting a problem. Here is a quick list of instructions on how to determine that

  • Asterisk - First enter the Asterisk CLI (Command Line Interface) Asterisk -r then type show version then exit using quit
  • AMP - Enter the A@H Splash Page by typing HTTP://PutYourAsterisk@HomeIpaddressHere into a browser and click on AMP. The version is displayed in the Welcome Screen.
  • Flash Operator Panel - Type this at the CentOS Command Line: /var/www/html/panel/op_server.pl -v
  • Music On Hold (mpg123) - Type this at the CentOS Command Line mpg123 --help
  • SugarCRM - Enter the A@H Splash Page by typing HTTP://PutYourAsterisk@HomeIpaddressHere and click on CRM. Login to SugarCRM. Click About on the top right. The version information will then be displayed.
  • Festival Speech Engine - Type this at the CentOS Command Line: Festival The version is at the top. Type (quit) (literally WITH the parenthesis!!!) to exit.
  • Asterisk Span DSP Faxing - At the CentOS Command Line type: cd /var/aah_load and look for the file that begins with spandsp- and the rest is the version #.
  • Open A2Billing - (Someone please fill this part out, I couldn't find this information)
  • Linux CentOS - Type cat /etc/redhat-release at the command line
  • Apache Web Server - Type this at the CentOS Command Line: rpm -q httpd
  • PHP - Type this at the CentOS Command Line: PHP: echo "<?php phpversion('tidy'); ?>" | php
  • PhPMyAdmin - Enter the A@H Splash Page by typing HTTP://PutYourAsterisk@HomeIpaddressHere into a browser and click on AMP, then Maintenance, then phpmyadmin.
  • MySQL Database - Enter the A@H Splash Page by typing HTTP://PutYourAsterisk@HomeIpaddressHere into a browser and click on AMP, then Maintenance, then phpmyadmin. The MySQL version will be displayed. Another method is to type the following into your CentOS Command Line rpm -q mysql
  • Very Secure FTPD (VSFTPD) - Type this at the CentOS Command Line: rpm -q vsftpd
  • SendMail - Type this at the CentOS Command Line: rpm -q sendmail
  • OpenSSH - Type ssh -V
  • xPL - (Someone please fill this part out, I couldn't find this information)
  • Integrated WebMeetMe GUI - This is Andrew's Code and has the same version as Asterisk@Home
  • Digium card auto-config - This is Andrew's Code and has the same version as Asterisk@Home
  • Weather agi scripts - This is Andrew's Code and has the same version as Asterisk@Home
  • Wakeup calls - This is Andrew's Code and has the same version as Asterisk@Home From what I can see it's created by Andy Wysocki (Se reference under section 1.3) and the version used in A@H 2.2 is 1.02 and current version is 1.11. Comment by MatsK
  • Cisco SIP phone support - (Someone please fill this part out, I couldn't find this information)
  • Complete List of all Software Installed - For a complete list of all software installed in A@H type the following at the CentOS Command Line rpm -qa




2.8 Modifying the A@H branding to something more Corporate friendly

There has been a long rambunctious discussion in the forums over the naming of "Asterisk@Home" or even forking the project (gasp!). Even though we all know that A@H is really asterisk on steroids, non-technical Executives or Managers may not feel secure in using a product that has the name @Home in it. There is an easy way to handle this. Change the branding on the A@H install.

If you want to replace the Asterisk@Home logo with this one
Image
just follow the instructions below.

note: this script is currently busted as the .png doesnt exist on the server.
At the console type :

wget http://www.voip-info.org/users/415/415/images/396/aah-change-logo.sh.txt

dos2unix aah-change-logo.sh.txt

sh aah-change-logo.sh.txt

The script does the following.
  • Download the Asterisk@Work logo
  • Replace the logos
  • Does text search and replace

Here is the script for A@H 2.4:
Image
(you can click on this icon, and view the file contents)


2.9 Quick Set Up guide. This is to assist with re installs

The following is not for beginners. It is simply a check list for moving from one version to another. The content was originally posted on the Asterisk@Home forum on sourceforge.

2.9.1 Securing asterisk: change default passwords, enable HTTPS and update system.


2.9.1.1 Change default passwords and update system


passwd-maint

passwd-amp

passwd-meetme

/usr/local/sbin/trixbox-update.sh update (launch this command until all trixbox updates applied)

reboot

2.9.1.2 Enable HTTPS

yum -y install mod_ssl

Edit /etc/httpd/conf/httpd.conf to comment the Listen line (you want the interface to only be available via HTTPS) :
  1. Listen 0.0.0.0:80

Then restart apache:
/etc/init.d/httpd restart


2.9.2 Optimizing zaptel


nano /etc/sysconfig/zaptel

and uncomment your devices (use ztdummy if you do not have any hardware installed)

reboot

2.9.3 When asterisk is behind a NAT do not forget to specify:


in sip_nat.conf

externip = X.X.X.X ;(substitute your public ip address)

localnet = 192.168.X.0/255.255.255.0 ;(substitute your lan subnet address)

nat=yes

Ports to forward on router:

4569 TCP/UDP - iax

5004-5082 TCP/UDP - sip

10000-20000 TCP/UDP - sip


2.9.4 Trunks (telasip)- Choose only one trunk config. I recommend IAX2, but its only available through request at support@telasip.com. SIP is enabled by default by telasip

Telasip trunk configuration (SIP):

Oubound caller ID: "j smith" <5212314214> (substitute with your name and DID)
Maximum channels: 2
Dialing rules: 	(substituting your local area code for 404 below)
404+NXXXXXX
Outgoing Settings:
Trunk Name: telasip-gw
Peer details (using your own account name/password):
allow=g726
disallow=all
type=peer
host=gw4.telasip.com
qualify=yes
insecure=very
context=telasip-in
username=<username>
secret=<secret>
Registration: youraccountname:yourpassword@gw4.telasip.com (register only if you want to recieve incoming calls here)


Telasip trunk configuration (IAX2):

Oubound caller ID: "j smith" <5212314214> (substitute with your name and DID)
Maximum channels: 2
Dialing rules: 	(substituting your local area code for 404 below)
404+NXXXXXX
Outgoing Settings:
Trunk Name: telasip-gw
Peer details (using your own account name/password):
allow=g726
disallow=all
host=gw4.telasip.com
insecure=very
qualify=yes
secret=<your-password>
trunk=yes
type=peer
username=<your-user-id>
Incoming Settings:
User Context:<username>
User details:
context=telasip-in
type=user
Registration: youraccountname:yourpassword@gw4.telasip.com


2.9.5 Configure outbound routing:


Add route: outgoing
Dial patterns:
1NXXNXXXXXX
NXXNXXXXXX
NXXXXXX
Trunk sequence: 0=SIP/telasip-gw


2.9.6 Configure auto attendant to answer, play music on hold, then transfer to ring group 1 (basic):

in extensions_custom.conf (under from-external-custom: ring set to ringgroup1, voicemail set to extension 200, change as needed)
**NOTE: if you upgrade to freepbx 220 with a script included within this reference guide, this will be easily configured via the gui :)

[from-pstn-custom]
exten => _.,1,Goto(from-external-custom,attendant,1)

[telasip-in]
exten => _.,1,Goto(from-external-custom,attendant,1)

[from-external-custom]
exten => attendant,1,Answer
exten => attendant,2,Wait(1)
exten => attendant,3,Background(pls-wait-connect-call)
exten => attendant,4,Dial(local/1@from-internal,30,mt)
exten => attendant,5,VoiceMail(200@default)

Configure auto attendant to answer, perform reverse lookup on incoming number, play music on hold, then transfer to ring group 1 (intermediate):
**NOTE: if you upgrade to freepbx 220 with a script included within this reference guide, this will be easily configured via the gui :)
http://bestof.nerdvittles.com/applications/callerid/ - this shows you how to do reverse lookup in freepbx220, again very easy with freepbx220 :)

nano /var/lib/asterisk/agi-bin/calleridname.agi
copy/paste/save the following:
-------------------------------
#!/usr/bin/perl -w

use Asterisk::AGI;
use LWP::UserAgent;

$AGI = new Asterisk::AGI;

my %input = $AGI->ReadParse();

my $callerid = $input{'calleridnum'};

if($callerid eq ''){
$callerid=$input{'callerid'};
}

$AGI->verbose("CALLERID IS: $callerid\n");

if ($callerid =~ /^(\d{3})(\d{3})(\d{4})$/) {
$npa = $1;
$nxx = $2;
$station = $3;
$AGI->verbose("Checking $npa $nxx $station...\n");
}
elsif($callerid=~/\<(\d{3})(\d{3})(\d{4})\>/){
$npa = $1;
$nxx = $2;
$station = $3;
$AGI->verbose("Checking $npa $nxx $station...\n");
}
else {
$AGI->verbose("Unable to parse phone number for NPA/NXX/station. Phone number is: $callerid\n");
exit(0);
}

#$npa='641';
#$nxx='892';
#$station='8019';

if ($name = &anywho_lookup ($npa, $nxx, $station)) {
$newcallerid = "\"$name <$npa$nxx$station>\"";
$AGI->set_callerid($newcallerid);
}
else{
$AGI->verbose("Unable to find a lookup.");
}

exit(0);

sub anywho_lookup {
my ($npa, $nxx, $station) = @_;
my $ua = LWP::UserAgent->new( timeout => 45);
my $URL = 'http://www.anywho.com/qry/wp_rl';
$URL .= '?npa=' . $npa . '&telephone=' . $nxx . $station;
$ua->agent('AsteriskAGIQuery/1');
my $req = new HTTP::Request GET => $URL;
my $res = $ua->request($req);
if ($res->is_success()) {
if ($res->content =~ /<!-- listing -->(.*)<!-- \/listing -->/s) {
my $listing = $1;
if ($listing =~ /<B>(.*)<\/B>/) {
my $clidname = $1;
return $clidname;
}

}
}
return '';
}
---------------------------------------
chown asterisk:asterisk /var/lib/asterisk/agi-bin/calleridname.agi
chmod +x /var/lib/asterisk/agi-bin/calleridname.agi

in extensions_custom.conf (under from-external-custom: ring set to ringgroup1, voicemail set to extension 200, change as needed)

[from-internal-custom]
;create extension for chanspy
exten => *888,1,Answer
exten => *888,2,Wait(1)
exten => *888,3,ChanSpy(SIP/,q)
exten => *888,4,Hangup

[from-pstn-custom]
exten => _.,1,Goto(from-external-custom,attendant,1) ;the zap channel skips calleridname.

[telasip-in]
exten => _.,1,Goto(from-external-custom,calleridname,1)

[from-external-custom]
exten => calleridname,1,Answer
exten => calleridname,2,Wait(1)
exten => calleridname,3,Background(pls-wait-connect-call)
exten => calleridname,4,AGI(calleridname.agi)
exten => calleridname,5,Goto(from-external-custom,attendant,4)
exten => attendant,1,Answer
exten => attendant,2,Wait(1)
exten => attendant,3,Background(pls-wait-connect-call)
exten => attendant,4,Dial(local/1@from-internal,30,mt)
exten => attendant,5,VoiceMail(200@default)

2.9.7 Updating Asterisk manually (preferred so you know you are getting stable releases)

*note: Ive included both new and the old steps in upgrading asterisk at home/trixbox. Since I still run AAH the trixbox steps are probably incomplete. I prefer the ability to upgrade my components at will so I stick with AAH.

Trixbox steps
/usr/local/sbin/trixbox-update.sh update
reboot

AAH steps
#clean modules
rm -f /usr/lib/asterisk/modules/*

ASTVER=1.2.24
ZAPVER=1.2.19
LIBVER=1.2.5
ADDVER=1.2.7
SNDVER=1.2.1

#asterisk
cd /usr/src
rm -rf asterisk
wget http://ftp.digium.com/pub/asterisk/releases/asterisk-$ASTVER.tar.gz
tar -zxvf asterisk-$ASTVER.tar.gz
mv asterisk-$ASTVER asterisk
rm -f asterisk-$ASTVER.tar.gz

#zaptel
cd /usr/src
rm -rf zaptel
wget http://ftp.digium.com/pub/zaptel/releases/zaptel-$ZAPVER.tar.gz
tar -zxvf zaptel-$ZAPVER.tar.gz
mv zaptel-$ZAPVER zaptel
rm -f zaptel-$ZAPVER.tar.gz

#libpri
cd /usr/src
rm -rf libpri
wget http://ftp.digium.com/pub/libpri/releases/libpri-$LIBVER.tar.gz
tar -zxvf libpri-$LIBVER.tar.gz
mv libpri-$LIBVER libpri
rm -f libpri-$LIBVER.tar.gz

#addons
cd /usr/src
rm -rf asterisk-addons
wget http://ftp.digium.com/pub/asterisk/releases/asterisk-addons-$ADDVER.tar.gz
tar -zxvf asterisk-addons-$ADDVER.tar.gz
mv asterisk-addons-$ADDVER asterisk-addons
rm -f asterisk-addons-$ADDVER.tar.gz

#sounds
cd /usr/src
rm -rf asterisk-sounds
wget http://ftp.digium.com/pub/asterisk/releases/asterisk-sounds-$SNDVER.tar.gz
tar -zxvf asterisk-sounds-$SNDVER.tar.gz
mv asterisk-sounds-$SNDVER asterisk-sounds
rm -f asterisk-sounds-$SNDVER.tar.gz

#now rebuild and reboot

cd /usr/src/zaptel
make clean
make install

cd ../libpri
make clean
make install

cd ../asterisk
make clean
make install

cd ../asterisk-addons
make clean
make install

cd ../asterisk-sounds
make clean
make install

reboot

FreePBX steps
FREEPBXVER=2.2.1
cd /usr/src
rm -rf freepbx
wget http://easynews.dl.sourceforge.net/sourceforge/amportal/freepbx-$FREEPBXVER.tar.gz
tar -zxvf freepbx-$FREEPBXVER$GETMODS.tar.gz
mv freepbx-$FREEPBXVER freepbx
rm -f freepbx-$FREEPBXVER
cd freepbx
./install_amp

*note: you will loose the A@Home modules however you can still get to them directly. for example "http://server/admin/modules/configedit/phpconfig.php?"
Steps for updating SVN HEAD (bleeding edge stable, not recommended?):

cd /usr/src
rm -f /usr/lib/asterisk/modules/*
./rm_astsrc.sh
./getastsrc_head.sh
./rebuildastsrc.sh
reboot

2.9.8 Steps for installing VMWare tools:

*note: if you are replacing an existing version of the tools, then you must first rpm -e VMwareTools from the console to uninstall previous version. I would then reboot and continue with the following steps.

mount /media/cdrom
rpm -ivh /media/cdrom/VMwareTools-VMwareTools-1.0.1-29996.i386.rpm (29996 might not be the latest anymore, check /media/cdrom)
/etc/init.d/vmware-tools start
/usr/bin/vmware-config-tools.pl
use listed instructions to install the vmware tools net driver
nano /boot/grub/grub.conf add clock=pit to the end of the kernel initialize line
configure startup/shutdown features on image 'power on virtual machine' and 'shutdown guest operating system'

2.9.9 Steps for Backup/Migrate and Restoring your server:

*note: Yes, its tedious, but will save you lots of time if you have lots of extensions. This information will continue to be posted until either trixbox incorporates a sensible backup/resotre method between servers, or its udpate script works without error. This is going from a Trixbox to Trixbox server.

from your old server:
  1. install/upgrade freepbx to same version as new server, this is very very important. upgrading freepbx is outlined earlier in this quick install guide.
  2. browse to http://oldserver/admin/modules/phpmyadmin/phpMyAdmin
  3. click export, then hold cntrl select asterisk and asteriskcdrdb
  4. enable "save as file", click go and save the .sql file

then on your new server:
  1. install/enable the phpmyadmin module
  2. browse to http://newserver/admin/modules/phpmyadmin/phpMyAdmin
  3. use dropdown on the left frame, select asterisk. then click the "drop" tab.
  4. use dropdown again, select asteriskcdrdb. then click the "drop" tab.
  5. click import, browse for your sql file, click go.
  6. execute the following in the console to restart asterisk/freepbx
php /var/www/html/admin/config.php clk_reload=true
/var/www/html/admin/bounce_op.sh
7. re-establish your *_custom files if you used them.

*note: recreate your mailboxes for extensions and re-establish outgoing dial rules on your iax trunks. these settings arent contained in the database so you must re-enable them manually. if you have iax extensions you must go into each one and click the submit button and click the red bar to have it update the iax.conf files, dont ask.

2.9.9.1 Fine Tuning: (This isnt recommended, its only here for my own setup)


#snag the digium asterisknow prefered kernel and use it!
*note: used http://howtoforge.com/kernel_compilation_centos_p2 on how to compile vanilla kernels in CentOS

cd /usr/src
rm -f linux
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.11.tar.gz
tar -zxvf linux-2.6.17.11.tar.gz
ln -s /usr/src/linux-2.6.17.11 linux
cd /usr/src/linux
cp /boot/config-'uname -r' /usr/src/linux/.config ; you need to echo uname -r for this, so dont copy/paste this thinking it will do it all.
make clean && make mrproper && make all && make modules_install && make install
nano /boot/grub/menu.lst to make new kernel boot by default

nano /usr/src/zaptel/zconfig.h - enabled the "latest and greatest" echo cancelation ECHO_CAN_MG2 and disable the existing.
/* #define ECHO_CAN_KB1 */
#define ECHO_CAN_MG2

Dont forget to recompile zaptel:
cd /usr/src/zaptel
make clean
make
make install

Disable unused services:

chkconfig kudzu off
chkconfig rawdevices off
chkconfig pcmcia off
chkconfig portmap off
chkconfig rpcidmapd off
chkconfig haldaemon off
chkconfig netfs off
chkconfig isdn off
chkconfig rpcgssd off
chkconfig iptables off
chkconfig irqbalance off
chkconfig vsftpd off
chkconfig auditd off
chkconfig smartd off
chkconfig readahead off
chkconfig microcode_ctl off
chkconfig cpuspeed off
chkconfig messagebus off
chkconfig readahead_early off
chkconfig nfslock off
chkconfig lm_sensors off
chkconfig autofs off
chkconfig openibd off
chkconfig cups off
chkconfig gpm off
chkconfig xplhub off
reboot

Created by: GinelLipan, Last modification: Tue 20 of Sep, 2011 (23:45 UTC) by admin


Please update this page with new information, just login and click on the "Edit" or "Discussion" tab. Get a free login here: Register Thanks! - Find us on Google+

Page Changes | Comments

 

Featured -

Search: