License

Copyright (C) 2008-2017 Oliver Bohlen.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

A copy of the license is included in the section entitled "GNU Free Documentation License".

Introduction

This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Howto: Asterisk as SIP PBX for Gentoo Linux

This will show how you can setup an Voice over IP (VoIP) phonebox

If you want to use this solution you need the following howto(s) finished:

Required software

The required software has to be installed with the following command(s):
emerge net-misc/asterisk

Changes in /etc/asterisk/extensions.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/asterisk/extensions.conf

Changed on 07.09.17
Issued by olli
Beginning line 1

Call routing / Action plans


; General settings
[general]
static=yes
writeprotect=no

[local]
; Internal calls ^3[0-9]$
exten => _3X,1,NoOp(${CALLERID})
exten => _3X,n,Dial(SIP/${EXTEN},120)

[1und1_out]
; local area code calls
exten => _ZX.,1,NoOp(${CALLERID})
; Optional: look up in the Horde addressbook for the caller name
exten => _ZX.,n,Set(CALLNAME=${SHELL(/etc/asterisk/hordelookup.sh ${CALLERID(dnid)})})
; Optional: Notify outgoing call per eMail
exten => _ZX.,n,System(echo "`date`: ${CALLERID(all)} ruft ${CALLNAME} <${CALLERID(dnid)}> an!" | mail -s "Telefonat nach drau&szlig;en ${CALLERID(all)} -> ${CALLERID(dnid)}" mail@example.com )
; Optional: Record call
exten => _ZX.,n,System(mkdir "/home/asterisk/${CALLERID(number)}")
exten => _ZX.,n,Set(FILENAME=${STRFTIME(${EPOCH},,%d%m%Y-%H:%M:%S)}-${EXTEN})
exten => _ZX.,n,Set(MONITOR_EXEC_ARGS=&& mv "/var/spool/asterisk/monitor/${FILENAME}.wav" "/home/asterisk/calls/")
exten => _ZX.,n,Monitor(wav,${FILENAME},mb)
; Remove Name
exten => _ZX.,n,Set(CALLERID(all)="PHONENUMBER" <PHONENUMBER>)
; Route to SIP-Provider
exten => _ZX.,n,Dial(SIP/PHONENUMBER/0DIALPREFIX${EXTEN},120)

; Other Outgoing calls 
exten => _[+0]XX.,1,NoOp(${CALLERID})
; Optional: Look up in the Horde addressbook for the caller name
exten => _[+0]XX.,n,Set(CALLNAME=${SHELL(/etc/asterisk/hordelookup.sh ${CALLERID(dnid)})})
; Optional: Notify outgoing call per eMail
exten => _[+0]XX.,n,System(echo "`date`: ${CALLERID(all)} ruft ${CALLNAME} <${CALLERID(dnid)}> an!" | mail -s "Telefonat nach drau&szlig;en ${CALLERID(all)} -> ${CALLERID(dnid)}" mail@example.com )
; Optional: Record call
exten => _[+0]XX.,n,System(mkdir "/home/asterisk/${CALLERID(number)}")
exten => _[+0]XX.,n,Set(FILENAME=${STRFTIME(${EPOCH},,%d%m%Y-%H:%M:%S)}-${EXTEN})
exten => _[+0]XX.,n,Set(MONITOR_EXEC_ARGS=&& mv "/var/spool/asterisk/monitor/${FILENAME}.wav" "/home/asterisk/calls/")
exten => _[+0]XX.,n,Monitor(wav,${FILENAME},mb)
; Remove Name
exten => _[+0]XX.,n,Set(CALLERID(all)="PHONENUMBER" <PHONENUMBER>)
; Route to SIP-Provider
exten => _[+0]XX.,n,Dial(SIP/PHONENUMBER/${EXTEN},120)

[incoming]
; Incoming calls to PHONENUMBER
exten => PHONENUMBER,1,NoOp(${CALLERID})
; Optional: Look up in the Horde addressbook for the caller name
exten => PHONENUMBER,n,Set(CALLERID(name)=${SHELL(/etc/asterisk/hordelookup.sh ${CALLERID(num)})})
; Optional: Notify incoming call per eMail
exten => PHONENUMBER,n,System(echo "`date`: ${CALLERID(all)} ruft an." | mail -s 'Anrufbenachrichtigung ${CALLERID(all)}' mail@example.com)
; Optional: Block blackisted 
; blacklist administrated ober CLI ("asterisk -r")
; Adding a number to be blocked
; *CLI> database put blacklist 1234 "TEST"
; Removing a number from being blocked
; *CLI> database del blacklist 1234
; Listing current blocks
; pbx*CLI> databse show blacklist
exten => PHONENUMBER,n,GotoIf(${BLACKLIST()}?blacklisted)
; Optional: Don't ring in night time excluding numbers in phonebook
exten => PHONENUMBER,n,GotoIf($["${CALLERID(name)}" != ""]?ring)
exten => PHONENUMBER,n,GotoIfTime(23:00-23:59,sun-sat,*,*?noring)
exten => PHONENUMBER,n,GotoIfTime(00:00-05:00,sun-sat,*,*?noring)
; Optional: Record call
exten => PHONENUMBER,n(ring),System(mkdir -p "/home/asterisk/calls")
exten => PHONENUMBER,n,Set(FILENAME=${STRFTIME(${EPOCH},,%d%m%Y-%H:%M:%S)}-${EXTEN})
exten => PHONENUMBER,n,Set(MONITOR_EXEC_ARGS=&& mv "/var/spool/asterisk/monitor/${FILENAME}.wav" "/home/asterisk/calls/")
exten => PHONENUMBER,n,Monitor(wav,${FILENAME},mb)
; Route the call to local SIP-Phones - ringing (try for 60 seconds)
exten => PHONENUMBER,n,Dial(SIP/30&SIP/31&SIP/32,60)
; Set Language for Voicemail-Answer
exten => PHONENUMBER,n(noring),Set(CHANNEL(language)=de)
; Start Voicemail
exten => PHONENUMBER,n,Voicemail(30&31)
exten => PHONENUMBER,n,Playback(vm-goodbye)
exten => PHONENUMBER,n(blacklisted),Hangup()

; Default rules Be careful: You have to block all IPs expect these of your SIP-Provider to use this option in a most secure way
[default]
include => incoming

; Only for internal phones
[phones]
include => local
include => 1und1_out


Changes in /etc/asterisk/hordelookup.sh

File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x

Click here for a download of the complete file: /etc/asterisk/hordelookup.sh

Changed on 07.09.17
Issued by olli
Beginning line 2

Script for a Horde Addressbook lookup with a ReadOnly-DB-User

#!/bin/sh
num=`echo "$1" | perl -pe 's/^0+//; s/[^0-9]//g;'`
pw=`/usr/local/sbin/gtc-crypt -a horde-asterisk -p`
echo "SELECT object_firstname, object_lastname, object_company, object_cellphone, object_workphone, object_homephone FROM turba_objects" |  mysql -u asterisk -p$pw horde 2>/dev/null | perl -pe 's/NULL//g; s/\+([0-9][0-9])/$1/g; s/\t0/\t/g; s/![0-9]+([^0-9\n])/$1/g; s/([0-9])[^0-9\n]+/$1/g;' | grep "$num" | head -n1 | perl -pe '@a=split(/\t/, $_); $_=""; print "$a[0] $a[1]" if ($a[0] || $a[1]); print "$a[2]" unless ($a[0] || $a[1]);'

Changes in /etc/asterisk/rtp.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/asterisk/rtp.conf

Changed on 04.03.17
Issued by olli
Beginning line 10

Only few rtp-Ports (Firewall has to be opened/forwarded for 5060/udp and these Ports/udp)


Before change
;rtpstart=10000
;rtpend=20000
After change
rtpstart=5000
rtpend=5040

Changes in /etc/asterisk/sip.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/asterisk/sip.conf

Changed on 07.09.17
Issued by olli
Beginning line 1

SIP Phone and Provider settings

; general settings
[general]
context=default
; listen generally to all on Port 5060
bindaddr=0.0.0.0
bindport=5060
; seems to halp in some cases
srvlookup=yes
; Lang
; cd /var/lib/asterisk/sounds/de
; wget -O core.zip https://www.asterisksounds.org/de/download/asterisk-sounds-core-de-sln16.zip
; wget -O extra.zip https://www.asterisksounds.org/de/download/asterisk-sounds-extra-de-sln16.zip
; unzip core.zip
; unzip extra.zip
; chown -R asterisk:asterisk /var/lib/asterisk/sounds/de
; find /var/lib/asterisk/sounds/de -type d -exec chmod 0775 {} \;
; rm core.zip extra.zip
language=de
; NAT
nat=force_rport,comedia
; No NAT for localnet
localnet=my.lan.network.ip/XXX.XXX.XXX.XXX
localnet=XXX.XXX.XXX.XXX/XXX.XXX.XXX.XXX
localnet=XXX.XXX.XXX.XXX/XXX.XXX.XXX.XXX
; General Video Support
videosupport=yes
; Be careful: You have to block all IPs expect these of your SIP-Provider to use this option in a most secure way
allowguest=yes
rtpkeepalive=30
; Codecs
disallow=all
allow=alaw
allow=ulaw
allow=ilbc
allow=g723
allow=gsm
allow=g726
allow=adpcm
allow=slin
allow=lpc10
allow=g729
allow=speex
allow=speex16
allow=g726aal2
allow=g722
allow=slin16
allow=jpeg
allow=png
allow=h261
allow=h263
allow=h263p
allow=h264
allow=mpeg4
allow=red
allow=t140
allow=siren7
allow=siren14
allow=testlaw
allow=g719
allow=speex32
allow=slin12
allow=slin24
allow=slin32
allow=slin44
allow=slin48
allow=slin96
allow=slin192
allow=silk8
allow=silk12
allow=silk16
allow=silk24
; Provider SIP Account
registerattempts=60
registerattempts=0
trustrpid=yes
sendrpid=no
register => PHONENUMBER:PASSWORD@SIP-PROVIDER-HOSTNAME/PHONENUMBER
canreinvite=yes

; outgoing calls
[PHONENUMBER]
type=peer
defaultuser=PHONENUMBER
fromuser=PHONENUMBER
secret=PASSWORD
extension=sipuid
host=SIP-PROVIDER-HOSTNAME
qualify=yes
directmedia=no
dtmfmode=rfc2833
nat=force_rport,comedia
insecure=invite
canreinvite=yes

; incoming calls
[1und1_de_in] 
type=peer
fromdomain=SIP-PROVIDER-HOSTNAME
qualify=yes
insecure=port,invite
context=incoming
nat=force_rport,comedia
allowguest=yes

; local SIP-Phones
[30]
callerid=user1Phone <30>
host=dynamic
domain=XXX.XXX.XXX.XXX
user=30
secret=PASSWORD
type=friend
language=de
canreinvite=no
context=phones
qualify=yes

[31]
callerid=BeckyPhone <31>
host=dynamic
domain=XXX.XXX.XXX.XXX
user=31
secret=PASSWORD
type=friend
language=de
canreinvite=no
context=phones
qualify=yes

[32]
callerid=HomePhone <32>
host=dynamic
domain=XXX.XXX.XXX.XXX
user=32
secret=PASSWORD
type=friend
language=de
canreinvite=no
context=phones
qualify=yes

Changes in /etc/asterisk/voicemail.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/asterisk/voicemail.conf

Changed on 07.09.17
Issued by olli
Beginning line 1

Voicemail setting


[general]
format=wav49
serveremail=asterisk
attach=yes
delete=yes
maxsilence=10
maxsecs=300
silencethreshold=128
maxlogins=3
emaildateformat=%A, %d %B %Y at %H:%M:%S
locale=de_DE.utf8 
fromstring=GaboshPBX
emailsubject=Neue Sprachnachricht von ${VM_CALLERID} (Anrufbeantworter)
emailbody=Hallo ${VM_NAME},\n\nEs ist eine neue Sprachnachricht (Nummer ${VM_MSGNUM}) vom Anrufbeantworter eingetroffen.\n\nDatum:    ${VM_DATE}\nAnrufer:  ${VM_CALLERID}\nDauer:    ${VM_DUR} Minuten\n\nDie Nachricht befindet sich im Anhang dieser eMail!
emaildateformat=%d.%m.%Y %H:%M:%S

[zonemessages]
eastern=America/New_York|'vm-received' Q 'digits/at' IMp
central=America/Chicago|'vm-received' Q 'digits/at' IMp
central24=America/Chicago|'vm-received' q 'digits/at' H N 'hours'
military=Zulu|'vm-received' q 'digits/at' H N 'hours' 'phonetic/z_p'
european=Europe/Copenhagen|'vm-received' a d b 'digits/at' HM

[default]
30 => 1234,user1,mail@example.com
;31 => 1234,user2,mail@example.com


Changes in /usr/local/sbin/fire.sh

File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x

Click here for a download of the complete file: /usr/local/sbin/fire.sh

Changed on 07.09.17
Issued by olli
Beginning line 307

Allow incomming SIP Connections only from my SIP Provider (1und1 Calls)

iptables -A gabosh-inet -p udp -s XXX.XXX.XXX.XXX/24 --dport 5060 -m conntrack --ctstate NEW -j ACCEPT
iptables -A gabosh-inet -p udp -s XXX.XXX.XXX.XXX/24 --dport $RTPRANGE -m conntrack --ctstate NEW -j ACCEPT
iptables -A gabosh-inet -p udp -s XXX.XXX.XXX.XXX/24 --dport 5060 -m conntrack --ctstate NEW -j ACCEPT
iptables -A gabosh-inet -p udp -s XXX.XXX.XXX.XXX/24 --dport $RTPRANGE -m conntrack --ctstate NEW -j ACCEPT
iptables -A gabosh-inet -p udp -s XXX.XXX.XXX.XXX/32 --dport 5060 -m conntrack --ctstate NEW -j ACCEPT
iptables -A gabosh-inet -p udp -s XXX.XXX.XXX.XXX/32 --dport $RTPRANGE -m conntrack --ctstate NEW -j ACCEPT
iptables -A gabosh-inet -p udp -s XXX.XXX.XXX.XXX/32 --dport 5060 -m conntrack --ctstate NEW -j ACCEPT
iptables -A gabosh-inet -p udp -s XXX.XXX.XXX.XXX/32 --dport $RTPRANGE -m conntrack --ctstate NEW -j ACCEPT
iptables -A gabosh-inet -p udp -s XXX.XXX.XXX.XXX/24 --dport 5060 -m conntrack --ctstate NEW -j ACCEPT
iptables -A gabosh-inet -p udp -s XXX.XXX.XXX.XXX/24 --dport $RTPRANGE -m conntrack --ctstate NEW -j ACCEPT

Setting up services

For starting the new service after system reboot you should add it to a runlevel with the following command(s):

rc-update add asterisk default

Please send a feedback to: doc<at>gabosh.net

Howto listing
File Index

Here you can find the official Gentoo Linux Forums where you can find a lot of answers.

Here a link to the official Gentoo Linux Homepage.

Edit Howto

About / Impressum

Click here for About / Impressum

Wishlist

If you want to support my work you can find my Amazon whishlist here