There are many tools out there to monitor and block IP addresses that repeatedly attempt to connect. My needs were:

• low memory (memory is precious on a VPS)
• simple
• customizable

After wasting time installing various complicated python and perl scripts, I found a clever use of awk that counts matches in a log file and I put together this simple shell script:

#!/bin/sh

# scan /var/log/secure for ssh attempts
# use iptables to block the bad guys

# Looking for attempts on existing and non-existing users. For example:
# Nov  2 22:44:07 pbxer sshd[28318]: Failed password for root from 74.143.42.70 port 52416 ssh2
# Nov  3 00:06:57 pbxer sshd[31767]: Failed password for invalid user mat3 from 192.203.145.200 port 35841 ssh2

tail -1000 /var/log/secure | awk '/sshd/ && /Failed password for/ { if (/invalid user/) try[$13]++; else try[$11]++; }
END { for (h in try) if (try[h] > 4) print h; }' |
while read ip
do
	# note: check if IP is already blocked...
	/sbin/iptables -L -n | grep $ip > /dev/null
	if [ $? -eq 0 ] ; then
		# echo "already denied ip: [$ip]" ;
		true
	else
		# echo "Subject: denying ip: $ip" | /usr/sbin/sendmail notify@email.com
		logger -p authpriv.notice "*** Blocking SSH attempt from: $ip"
		/sbin/iptables -I INPUT -s $ip -j DROP
	fi
done

awk does all the magic. It grabs relevant lines, splits the lines into tokens, stores IP addresses in a hash and counts how many times they were seen, and finally outputs all IP addresses that were seen more than four times.

For the first few days, it’s interesting to receive an email when IP addresses are banned. Add your email and comment out that line.

Once you’re sure that the script is working how you’d like, you can add it to cron so that it runs every few minutes. I found that every two minutes works for me.

# scan the secure log every 2 minutes
*/2 * * * * /root/scan-secure.sh

After a few months you might find that the iptables are started to get cluttered.

You can clean them out by “flushing” them.

Now sleep tight knowing that people aren’t continually coming by to see if you locked your doors.

One technique is for scripts simply to look for any accounts with easy to guess usernames and passwords. It’s easy to spot these attempts in the log files. Just look for any “Fail” messages:

[Jun 18 07:42:15] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as6f2c0dfb
[Jun 18 07:49:45] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as51af5dba
[Jun 18 09:02:47] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as3c4e5e5b
[Jun 18 09:57:09] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as22d69494
...

As you can see, some joker at 74.55.157.130 tried several times to authenticate on my server. Now, I have passwords that are not easy to guess, but still I’d prefer to block them from even getting to my asterisk server. Linux has a built-in firewall and it is possible to simply reject any packets from this IP address.

That translates to: If any packets come from this particular IP address (source), ignore (drop) them.

To view (list) all the blocked IP addresses:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  74.55.157.130        0.0.0.0/0

This is tedious to remember, so I created a small perl script.

#!/usr/bin/perl

# block jerks

$ip = $ARGV[0];

if ($ip == '') { print "\nUsage: $0 [IP]\n\n"; exit; } 

if ($ip !~ /\d+\.\d+\.\d+\.\d+/) { print "error: expected an IP address\n\n"; exit; }

`iptables -I INPUT -s $ip -j DROP`;

print "Future requests from ip [$ip] will be ignored.\n";
print "To view all blocked IPs: iptables -L \n";

Be careful with using iptables. It is surprisingly easy to block your own ip address, which will lock you out of your own server!

The drawback to this approach is that you need to manually check the log file. I suggest a cronjob to scan the log files and send you an email if there are repeated attempts from a particular IP address.

There are various commands to record calls on asterisk, but the easiest is MixMonitor. It records both sides of the conversation and then merges them together into a single wav file.

Below are some ways to use MixMonitor in your PBX. All of these approaches rely on the following macro in your dialplan.

[macro-automon]
exten => s,1,Set(MONITOR_FILENAME=${STRFTIME(${EPOCH},,%Y%m%d-%H%M%S)}-${CALLERID(num)})
; exten => s,n,Playback(beep) ; optional - hear when recording starts
exten => s,n,MixMonitor(${MONITOR_FILENAME}.wav,b)

1. Record All Calls

This might be overkill – and could be dangerous/expensive/embarassing if a hacker gets into your server gets access to your business or personal phone calls. To minimize the risk, and reduce diskspace, you should remove all recorded calls that are older than a week.

To record you need to call the macro for all incoming and outgoing calls. Assuming you want to record all calls from the phone ‘aastra1′, your dialplan would look like…

[aastra1]
exten => _XX.,1,Noop(Outbound call to: ${EXTEN})
exten => _XX.,n,Macro(automon) ; start monitor
exten => _XX.,n,Dial(SIP/lesnet_peer/1${EXTEN})

For incoming calls, you need to call the macro before ringing the local extension with the Dial command.

[incoming]
exten => 2,1,Noop(Dialing aastra1);
exten => 2,n,Macro(automon) ; start monitor
exten => 2,n,Dial(SIP/aastra1,20) ; 20 secs
exten => 2,n,Goto(s-${DIALSTATUS},1) ; Jump based on status (NOANSWER,BUSY,CHANUNAVAIL,CONGESTION,ANSWER)
exten => 2-NOANSWER,1,Voicemail(20,us) ; If unavailable, send to voicemail w/ unavail announce
exten => 2-NOANSWER,n,Playback(vm-goodbye)
exten => 2-NOANSWER,n,Hangup
exten => 2-BUSY,1,Voicemail(${MACRO_EXTEN},bs) ; If busy, send to voicemail w/ busy announce
exten => 2-BUSY,n,Playback(vm-goodbye)
exten => 2-BUSY,n,Hangup
exten => _2-.,1,Goto(s-NOANSWER,1) ; Treat anything else as no answer

To clear out files that are older than 7 days, you’ll need a cronjob.

# remove old recordings at 8am
0 8 * * * /usr/bin/find /var/spool/asterisk/monitor/ -mtime +7 -exec /bin/rm '{}' \;

Note: you can edit your crontab with the command:

2. Record on Demand

The idea is that if you want to record, you can press a key combination such as * 1 to start recording.

First, You activate the key combination in the features configuration file.

[applicationmap]
automon =>*1,self,Macro,automon

Next, you need to set the DYNAMIC_FEATURES variable before dialing and pass the ‘w’ or ‘W’ option to the Dial command. (Note: The documentation says a capital ‘W’ allows the caller to start monitoring and the lowercase ‘w’ allows the callee to start monitoring. I’ve found that both ‘w’ and ‘W’ allow the caller to start monitoring and the callee cannot start monitoring. If you have more insight into this, I’d love to hear it.)

[incoming]
exten => 2,1,Noop(Dialing aastra1);
exten => 2,n,Set(DYNAMIC_FEATURES=automon) ;; enable monitoring
exten => 2,n,Dial(SIP/aastra1,20,w) ; w = callee can start monitoring ; note: doesn't work!

[aastra1]
exten => _XX.,1,Noop(Outbound call to: ${EXTEN})
exten => _XX.,n,Set(DYNAMIC_FEATURES=automon) ;; enable monitoring
exten => _XX.,n,Dial(SIP/lesnet_peer/1${EXTEN},W) ;; W = caller can start monitoring

The main drawback to this approach is that you need to be speaking with the person before recording, so you might miss a few seconds at the start. Also, if you don’t have the beep in the automon macro, you can’t be sure if the recording is actually working unless you’re looking at the asterisk console output while talking.

3. Use a dialing prefix to Trigger Recording

To automatically record a call, I found that adding a prefix to the dialed number was a simple solution. All that is required is a simple modification of the dialplan to handle the prefix. (I used ’00′).

[aastra1]
exten => _XX.,1,Noop(Normal Outbound call to: ${EXTEN}")
exten => _XX.,n,Dial(SIP/lesnet_peer/1${EXTEN})

exten => _00X.,1,Noop(Recording outbound call to: ${EXTEN})
exten => _00X.,n,Macro(automon)
exten => _00X.,n,Dial(SIP/lesnet_peer/1${EXTEN:2},60) ; :2 = removes 00 prefix from number
exten => _00X.,n,Hangup

The recording files can all be found in /var/spool/asterisk/monitor/. For example:

20080917-120735-4165551212.wav		20080917-122353-4165551212.wav
20080917-120746-4165551212.wav		20080917-125437-4165551212.wav

Have fun. Oh, and you might want to read up on the legal issues surround recording phone calls in your area before rolling out this feature on your PBX.

To get distinctive rings on the Aastra 9133i, I had to use multiple lines. The phone supports up to 9 lines, but still it required having to create a SIP account for each line, and the phone had to register each of these lines. It worked, but it wasn’t particularly elegant.

From a post at TrixBox forums I learned of a page on voip-info that explains how to get distinctive rings. (They call it “Priority Alerting”.) All that needed was the addition of an Alert-Info header using the SipAddHeader command.

exten => 3,1,Noop(Call Bob)
exten => 3,n,Dial(SIP/aastra1,20)

exten => 4,1,Noop(Call Joe)
exten => 4,n,SIPAddHeader(Alert-Info: info=<Bellcore-dr3>)  ; distinctive ring!
exten => 4,n,Dial(SIP/aastra1,20)

In this example, if sometime dials 3 to get Bob, the phone rings as normal. If they dial 4 to get Joe, the phone now has a noticably different ring.

The variables seem to change the timing of the ring tone, as opposed to the tone itself, so you still don’t have total control over the ringtone. The possible values for the info variable are:

  <Bellcore-dr1>
  <Bellcore-dr2>
  <Bellcore-dr3>
  <Bellcore-dr4>
  <Bellcore-dr5>

If the Aastra people are listening, it would be amazing if the Alert-Info command was able to select different ring tones.

Let’s walk through this diagram.

There are couple of VOIP phones that connect to a standard router. The router is connected to the internet using a broadband connection (probably ADSL or cable) that has a minimum speed of 100kbps (kilo-bits-per-second).

The phones connect to our PBX which will run on a VPS (virtual private server). We’ll configure our PBX to use a VOIP provider which will allow us to make calls to regular telephones, and if our VOIP provider gives us a telephone number, we’ll also be able to receive calls from regular phones as well.

Of course, your setup might have some slight variations. For example, you might only have one VOIP phone. Or you might have two VOIP phones at separate locations (so each would require it’s own router and broadband internet connection). We’ll be explaining configuration options (not just cut and paste configuration files) so you’ll be able to make these minor adjustments as we walk through your PBX setup.

asterisk -r

Now, if you were already logged in as root, you could do this in one step:

asterisk -rx "dialplan reload"

Or if you were a regular user:

sudo /usr/sbin/asterisk -rx "dialplan reload"

But, the big problem here is that you need to be ‘root’ to run these commands. I don’t think it’s a bad thing to simply login as the root user (with great power comes great responsibility), but if want an asterisk command to be executed by a webserver (for example, as part of a monitoring script), then sudo’ing to root is not possible.

What we’ll do is create a “Set UID” executable that can only run a fixed command. “Set UID” means that the executable will run with the same permissions as owner of the executable.

To do this, we need to write a small C program which will run our common asterisk command. Create the following file:

#include 
#include 
#include 

int main (int argc, char *argv[])
{
  argv[0] = "/usr/sbin/asterisk";
  argv[1] = "-rx";
  argv[2] = "dialplan reload";

  execv(*argv, argv);

}

Now, compile the file.

gcc dialplan-reload.c -o dialplan-reload

You will now have an executible that will reload the dialplan. It needs to be set so that it will run as root.

sudo chown root dialplan-reload
sudo chmod u+s dialplan-reload

Now, if you give your regular login write access to your dialplan, you can edit it without having to ‘sudo’ or login as the root user.

Another useful executable views the status of all the SIP peers. Compile and set the permissions the same as the dialplan-reload command.

#include 
#include 
#include 

int main (int argc, char *argv[])
{
  argv[0] = "/usr/sbin/asterisk";
  argv[1] = "-rx";
  argv[2] = "sip show peers";

  execv(*argv, argv);

}

This executable will be used to help create a simple PBX monitoring tool that I’ll discuss in a future post.

Create an Account

Les.net uses a pay-as-you-go model, so you need to create an account and add a few dollars to get started. Assuming you have a verified Paypal account, your payment is immediately added to your account. (If you don’t have to a verified account, you have to wait 14 days.) It’s possible to pay with a normal credit card, but this involves printing and faxing an application, so I never bothered with that. You are responsible for any payment fees, which usually is in the 3% range. Also, if you are in Canada, GST will be charged. This means that if you add $10 to your account, the actual amount added is a bit less. The payment system at Les.net is by far the most difficult part of the whole process. Once you get some money is your account, you are given all the necessary tools to select a phone number and configure your account.

Get a Phone Number

If you want people to call your PBX from anywhere, you need a number. This is called a DID, and you can hopefully get one for the area code you need. Or you can get a Toll-free number. If you just want to make calls, and don’t want people to be able to call you, you can save some money and skip the DID.

Create a Peer

On the Peers/Trunks screen you can create a peer. The peer is a number which is essentially your username. Once you’ve created your peer, edit it. You’ll see a screen with many options. Setup the peer as follows:

# Les.net - Edit Peer
Peer Name:          999999     // pre-defined - this is your 'username'
Your Description    PBX        // whatever you like
Peer Technology     SIP
DTMF Mode           INFO
Error Method        Coded
Codecs              G.711

Peer Type           Registration
Peer Address                      // ignore
Password            voipsecret    // choose your own secret password!
Registered                        // ignore
Registered IP                     // ignore
Registration Expires              // ignore

Outbound CallerID                 // ignore
7-Digit Dialing                   // ignore
7-Digit Area Code Prefix          // ignore
10-Digit Dialing, Prefix 1        // ignore

Voicemail Enabled                 // unchecked
Go to voicemail after (seconds)   // ignore
Voicemail Password                // ignore
Voicemail Access Code             // ignore
Email voicemail to                // ignore

Click “Save Settings” and you now have a peer.

Connect DID to Peer

You want incoming calls to go to this new peer. On the “Your DIDs” screen you can see all of your DID numbers. Click on your number to edit it, and set “Route to” to the new peer.

Tell the PBX about the VOIP provider

Now that the VOIP provider is setup, you need to tell the PBX to use the VOIP provider. First, we need the PBX to register with the VOIP provider. Second, we need to specify what happens for incoming calls from the outside world, as well as outgoing calls from your VOIP phone.

Register

Just as your phone registers with your PBX, your PBX registers with your VOIP provider. Under the [general] context, add the username and password in the form:

register => username:password@did.voip.les.net/username

Using the values from the example above,

username: 999999
password: voipsecret

This would look like:

[general]

register => 999999:voipsecret@did.voip.les.net/999999

Now we need to define some basic parameters for this connection. Add this after the [general] context:

[lesnet_peer]
type=friend
host=did.voip.les.net
dtmfmode=auto
insecure=very
disallow=all
allow=ulaw
context=incoming ; incoming DID calls will arrive in the incoming context. see: /etc/asterisk/extensions.conf
canreinvite=no

We now have defined a SIP extension called “lesnet_peer”. What does that mean? It means we can dial to the outside world. We do that in the dialplan file extensions.conf

.

Calling the Outside World

We need to tell our phone what to do when we dial a phone number. So far, we’ve only told it how to dial single digits like 9 to get voicemail. If you dial a proper phone number (10-digits), we want to send that call to our VOIP provider. We need to add a rule to our dialplan.

[internal-phone1] ;; calls from our VOIP phone

exten => 9,1,Answer
exten => 9,n,Wait(1)	;; wait or we lose the first syllable
exten => 9,n,VoiceMailMain(s20) ;; s=skip login, listen to msgs in box 20

exten => _XX.,1,Noop(Dialing the outside world: ${EXTEN})
exten => _XX.,n,Dial(SIP/lesnet_peer/1${EXTEN})

Asterisk supports simple pattern matching in the dialplan. (The “_” indicates it is a pattern. The “X” matches any digit, and the “.” [period] matches one or more times. So, “_XX.” matches any three digits or more.) Reload your asterisk configuation, so these changes take effect and try calling a regular phone number.

Incoming Calls

Incoming calls are also handled in extensions.conf. In sip.conf we specified that calls should come in on the “incoming” context. We need to define that context. Incoming calls come from your DID number. If we assume our DID is ’212-555-9999′ we would need the following rule:

[incoming]
exten => 2125559999,1,Noop(Incoming call from: ${CALLERID(all))
exten => 2125559999,n,Dial(SIP/phone1,20)
exten => 2125559999,n,Playback(vm-goodbye)
exten => 2125559999,n,Hangup

An incoming call to your DID would simply rings your phone (for 20 seconds) and if there is no answer, the caller hears the ‘goodbye’ recording and the call ends.

Troubleshooting

If things don’t work as expected, there are several places to look for error messages. First, from the asterisk console, make sure you have verbose messages on.

You should see activity on your VOIP phone as you attempt to dial a number. Alternately, you can view the asterisk log file.

On the Les.net Edit Peer screen, you can see if your server is registered. The fields “Peer Address”, “Registered”, “Registered IP” and “Registration Expires” should all have relevant information. If they are empty, then asterisk has not registered with your VOIP provider.

Next Steps

You now have a functional PBX. It doesn’t do much at the moment, but it is a solid foundation uponw which you can start to build a phone system that works exactly how you want it to. Most of the behaviour of the phone system is controlled by the dialplan, which we will examine next.

Continue to: Overview of the essential Asterisk Dialplan Commands [Sorry, still working on the dialplan article... Can I interest you in how to record phone calls?]

There are several major vendors of VOIP phones. I’m going to outline the steps for a SNOM 320 and an Aastra 9133i phone. Configuring phones isn’t hard, since you basically need to enter three pieces of information:

1. username
2. password
3. asterisk server IP address

Despite only requiring these three pieces of information most VOIP phones seemed to have been designed to make this process as awkward as possible. So, take few deep breaths, and let’s get started.

Snom 320

SNOM phones are by far the easiest phones to setup. Documentation is freely available and you can do the setup directly from the phone.

Plug in the power and ethernet cables. Your router should have DHCP on and will assign the phone an IP address. After the phone boots it will enter a ‘wizard’ mode if it has not been configured before.

For the Account enter the username in sip.conf. For example: phone1

For the Registrar enter the IP address of your server running asterisk. (You can also enter a fully-qualified hostname such as pbx.mydomain.com if you have a domain name and have configured DNS for your server. If you don’t know what I’m talking about, use the IP address.)

The phone will contact the server and if all goes well, will ask for a Password which is what we defined as secret in the sip.conf config file.

And now you should be connected to the asterisk PBX. Dial 9 and you should be in the voicemail system.

If you see “NR”, that means Not Registered. More on how to debug connection problems below.

If you ever need to get into the administration menu, the default admin password is: 0000

Aastra 9133i

A nice, sturdy phone with better sound quality sound than the SNOM, but a bit more fiddly to configure.

Plug in the power and ethernet cables. Your router should assign the phone an IP address. If you don’t catch the IP address when booting, you can find the IP address in the phone’s menu system.

Press the Options button (top right) and use the arrow keys to navigate the menus:

Network Settings • Admin Password: 22222 • IP Address

Now, type the IP address into a web browser. The default admin username/password is: admin/22222

We need to configure two screens: Network Settings and Global SIP.

Network Settings

Most of these settings are automatic and defined by your router when the phone boots. The only field you need to define is the Time Server 1. There is a bug in Aastra firmware in their DNS resolution code that crashes the phone, so I suggest you use IP addresses instead of server names.

You can google for public NTP time servers or try one of the following servers below:

time.apple.com         17.151.16.20
time.euro.apple.com    17.72.255.11
time.nrc.ca            132.246.168.148
time-a.nist.gov        129.6.15.28

Add an IP address for Time Server 1 and click Save Settings.

Global SIP

There are a lot of fields on this screen. Some are not important, and many are duplicated. The following works for me. This configuration assumes the username is phone1, the password is xxxsecretxxx and the asterisk server IP address is 128.1.2.3. Unless specified, leave the default values as is.

# aastra 91331 - Global SIP Settings
Screen Name:         aastra
Phone Number:        phone1
Caller ID:           phone1
Authentication Name: phone1
Password:            xxxsecretxxx
Line Mode:           Generic

Proxy Server:          128.1.2.3
Proxy Port:            5060
Outbound Proxy Server: 128.1.2.3
Outbound Proxy Port:   5060
Registrar Server:      128.1.2.3
Registrar Port:        5060
Registration Period:   600

Once you click “Save Settings”, you’ll need to click the “Reset” menu option to reboot the phone before your settings will take effect.

If the phone boots, the red light goes off and you don’t see a “No Service” message, then you’re connected! To test, dial 9 to enter the voicemail system or any of the extensions we’ve defined.

Debugging Connection Problems

If you’re phones aren’t registering with the asterisk server, then you need to isolate the problem.

A command I often use to get an overview of all the sip phones is: sip show peers

On your asterisk server, as root, connect to asterisk:

If all is well, you should see something like the following:

Name/username              Host            Dyn Nat ACL Port     Status
phone1/phone1              88.10.11.12      D   N      5060     OK (115 ms)
1 sip peers [Monitored: 1 online, 0 offline Unmonitored: 0 online, 0 offline]

If the status is UNKNOWN or there is host address, then you need to get more information about the registration process.

Turn on more verbose messages.

Now reboot your phone and watch for error messages on the asterisk console. If you don’t see any – then your phone isn’t contacting the server.

A successful registration message is:

Registered SIP 'phone1' at 88.10.11.12 port 1025 expires 3600

If you want to see all of the SIP messages between your phone and the asterisk server, type:

But be warned that the raw SIP messages can be overwhelming! I find that cutting and pasting them into a text editor makes them a bit easier to decode.

Most of the time I had problems connecting a phone it was due to typos and having the wrong username or password entered into one of the fields. Double-check that the values in sip.conf match the ones you’ve entered into your phone’s configuration.

Summary

Now, you’re able to use your VOIP phone to call your PBX. That’s an important step, but in order to have a real phone system we need to be able to call the outside world, and let people call our PBX. To do that we need to create an account with a VOIP provider.

sip.conf – SIP is a protocol that allows VOIP devices to communicate. In this file you specify your VOIP provider as well as which VOIP phones will be connecting to your asterisk PBX.

voicemail.conf – Asterisk comes with a voicemail system. Each voicemail box is defined in this configuration file.

extensions.conf – Also known as the dialplan, it controls the behviour of your PBX. It outlines what happens when anyone calls your PBX. Interactions such as “Press 2 for Bob” are handled in this configuration file.

sip.conf

The default configuration files are massive and basically contains the documentation. It’s helpful to have around, but I suggest you start with a fresh new file. Initially, we are going to add one account, so you can connect to your asterisk server with a VOIP phone.

[general]
context=default                 ; Default context for incoming calls
allowguest=no                   ; Allow or reject guest calls (default is yes)
allowoverlap=no                 ; Disable overlap dialing support. (Default is yes)
bindport=5060                   ; UDP Port to bind to (SIP standard port is 5060)
bindaddr=0.0.0.0                ; IP address to bind to (0.0.0.0 binds to all)
srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
rfc2833compensate=yes

[authentication] ;; needed?

[phone1]
type=friend
context=internal-phone1
username=phone1
secret=xxxpassword ;; *change this!*
host=dynamic
nat=yes
qualify=yes ;; keep NAT open
canreinvite=no
allow=all
mailbox=20  ;; voicemail box

You don’t need to understand every line here. The most important points are that you have created a username and secret (password), which you will add to your VOIP phone.

voicemail.conf

The default voicemail.conf configuration file has dozens of options, but the default values are fine for now. The only line you need to add is one to define a voicemail box on the system. At the end of the file, there is a [default] context, where you need to define a voicemail box, password, name, and email (if you want voicemail to be sent as email).

[default]
20 => 4444,Bob,bob@foo.com

extensions.conf

Now that you’ve defined how your VOIP phone will connect to the asterisk PBX, you need to program what happens when you (or anyone else) calls your PBX.

For now, we’ll set-up a simple server where 9 will allow you to listen to your voicemail. 1 will start an echo test 2 will record a wav file. 3 will allow you to hear what callers hear when the call.

[globals]
;; global variables can be defined here

[general]
static=yes
writeprotect=yes
autofallthrough=yes
clearglobalvars=yes
priorityjumping=no

[incoming] ;; calls from the outside world

exten => s,1,Noop('Call from the outside world')
exten => s,n,Answer
exten => s,n,Wait(1)
exten => s,n,Background(hello-world)
exten => s,n,VoiceMail(20)

[internal-phone1] ;; calls from our VOIP phone

exten => 1,1,Noop(start echo test)
exten => 1,n,Answer
exten => 1,n,Wait(1)
exten => 1,n,Echo
exten => 1,n,Hangup

exten => 2,1,Noop(record a wav file - stop recording with #)
exten => 2,n,Answer
exten => 2,n,Wait(1)
exten => 2,n,Record('/tmp/outgoing-message-%d.wav') ; stop record with #
exten => 2,n,Wait(1)
exten => 2,n,Playback(${RECORDED_FILE})
exten => 2,n,Hangup

exten => 3,1,Noop('Pretend that we are an outside caller.')
exten => 3,n,Goto(pbx-incoming,s,1)

exten => 9,1,Noop('Listen to any voicemail messages')
exten => 9,n,Answer
exten => 9,n,Wait(1)	;; wait or we lose the first syllable
exten => 9,n,VoiceMailMain(s20) ;; s=skip login, listen to msgs in box 20

exten => i,1,Background(vm-goodbye)	;; invalid keypress

exten => t,1,Background(vm-goodbye)	;; timeout

Take a few minutes to study this file. The format that asterisk uses is a bit obtuse, but it’s important to understand what you see here. Two contexts have been defined: incoming which is where incoming calls from the outside world will go and internal-phone1 which defines what we can dial from our internal VOIP phone.

Once we get our VOIP phone setup (which we will do in the next step) then we will be able to dial 1,2,3 or 9. In sip.conf we defined the context for the phone to be internal-phone1, so when we dial from our VOIP phone, the valid extensions are defined in [internal-phone1]. In extensions.conf we define the sequence of commands that are executed for each dialed numbers. For example, if we dial 9, first the phone is answered, then we wait one second, then we go to into the voicemail system for box 20.

The old-fashioned way to write these commands was to number each line. For example, the commands for extension 9 could also be written as:

exten => 9,1,Noop('Listen to any voicemail messages')
exten => 9,2,Answer
exten => 9,3,Wait(1)
exten => 9,4,VoiceMailMain(s20)

This makes the sequence more obvious, but it is tedious and error-prone to maintain. The ‘n’ shortcut (next) helps with this, although you still need to have an initial ’1′. I typically use a Noop (no operation) command for the initial command, so all the real commands will simply have an ‘n’ as the sequence number. The Noop command is also useful since the comments will show up in the logs and status messages which is helpful when debugging problems.

To start your asterisk server, run this command as root:

It should simply return quickly, but it has started asterisk. To connect to asterisk, as root, run:

Asterisk 1.4.21, Copyright (C) 1999 - 2008 Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 1.4.21 currently running on pbxer (pid = 21010)
Verbosity is at least 10
pbxer*CLI>

To make sure that asterisk is using the current dialplan, type:

To view the current dialplan type:

[ Context 'internal-phone1' created by 'pbx_config' ]
  '1' =>            1. Noop(start echo test)                      [pbx_config]
                    2. Answer()                                   [pbx_config]
                    3. Wait(1)                                    [pbx_config]
                    4. Echo()                                     [pbx_config]
                    5. Hangup()                                   [pbx_config]
  '2' =>            1. Noop(record a wav file - stop recording with #) [pbx_config]
                    2. Answer()                                   [pbx_config]
                    3. Wait(1)                                    [pbx_config]
                    4. Record(/tmp/outgoing-message-%d.wav)       [pbx_config]
                    5. Wait(1)                                    [pbx_config]
                    6. Playback(${RECORDED_FILE})                 [pbx_config]
                    7. Hangup()                                   [pbx_config]
  '3' =>            1. Noop(Pretend that we are an outside caller.) [pbx_config]
                    2. Goto(incoming|s|1)                         [pbx_config]
  '9' =>            1. Noop(Listen to any voicemail messages)     [pbx_config]
                    2. Answer()                                   [pbx_config]
                    3. Wait(1)                                    [pbx_config]
                    4. VoiceMailMain(s20)                         [pbx_config]
  'i' =>            1. Background(vm-goodbye)                     [pbx_config]
  't' =>            1. Background(vm-goodbye)                     [pbx_config]

[ Context 'pbx-incoming' created by 'pbx_config' ]
  's' =>            1. Noop(Call from the outside world)          [pbx_config]
                    2. Answer()                                   [pbx_config]
                    3. Wait(1)                                    [pbx_config]
                    4. Background(hello-world)                    [pbx_config]
                    5. VoiceMail(20)                              [pbx_config]

If you have any typos in your extensions.conf file, dialplan show is the a good way to spot them, since it shows how asterisk understands the file.

We’ve got the PBX configured, now we need to setup a phone to connect to it.

Download asterisk from digium. They’ve made it hard to find the link from their homepage, but you can browse the files from their download area.

At the time of writing, the latest version was 1.4.21.2, which you can be download directly onto your server.

curl -O http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.21.2.tar.gz
tar zxvf asterisk-1.4.21.2.tar.gz
cd asterisk-1.4.21.2
./configure
make
make install

If there are any errors, check that you aren’t missing any of the packages. For example, if you get errors about termcap, try searching in the package manager.

yum search termcap

You’ll also want to get the library of audio files. These are required for some of the built-in applications such as voicemail, but it’s also handy to have standard audio files such as “please wait while I try that extension”.

The file is called asterisk-sounds-1.2.1. You can download this file directly to your server with:

curl -O http://downloads.digium.com/pub/asterisk/releases/asterisk-sounds-1.2.1.tar.gz
tar xzvf asterisk-sounds-1.2.1.tar.gz
cd asterisk-sounds-1.2.1
make install

Now that you’ve got the asterisk PBX installed, you’re ready to configure it.