Difference between revisions of "Asterisk on centos (deprecated)"

From vpsget wiki
Jump to: navigation, search
Line 128: Line 128:
 
You should download Asterisk source code if you haven't download it before  from http://www.asterisk.org/downloads.
 
You should download Asterisk source code if you haven't download it before  from http://www.asterisk.org/downloads.
 
Unzip it to some folder  on your asterisk server.
 
Unzip it to some folder  on your asterisk server.
 +
tar -xvzf asterisk-11-current.tar.gz
 +
change dir to unzipped folder and run next command:
 +
contrib/scripts/./ast_tls_cert -C pbx.privatecompany.com -O "privatecompany" -d /etc/asterisk/keys
 +
 +
NOTE if you got hostname related error pls make next : http://wiki.vpsget.com/index.php/Set_hostname

Revision as of 18:18, 12 June 2013

this guide was gathered from official asteriks wikies (https://wiki.asterisk.org/wiki/display/AST/Asterisk+Packages#AsteriskPackages-YUM(CentOS6/RedHatEnterpriseLinux6, https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Specifics, https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial) and tested in VPS server with Centos 6 OS

first of all install libsrtp and libsrtp-devel

yum install libsrtp libsrtp-devel


Adding the repository

rpm -Uvh http://packages.asterisk.org/centos/6/current/i386/RPMS/asterisknow-version-3.0.0-1_centos6.noarch.rpm
yum update


install

yum install asterisk asterisk-configs --enablerepo=asterisk-11

install dahdi

yum install dahdi-linux dahdi-tools libpri

again upgrade

yum update

Basic configure add ser accounts into the /etc/asterisk/sip.conf


[user1]
type=friend
host=dynamic
secret=verysecretpassword ; put a strong, unique password here instead
context=users
;deny=0.0.0.0/0
;permit=192.168.5.0/255.255.255.0 ; replace with your network settings
 
[user2]
type=friend
host=dynamic
secret=othersecretpassword ; put a strong, unique password here instead
context=users
;deny=0.0.0.0/0
;permit=192.168.5.0/255.255.255.0 ; replace with your network settings


We have commented deny/permit lines with ";" character coz we would like to allow users to access server from anywhere. BUT! Asterisks wiki told us:

Be Serious About Account Security We can't stress enough how important it is for you to pick a strong password for all accounts on Asterisk, and to only allow access from trusted networks. Unfortunately, we've found many instances of people exposing their Asterisk to the internet at large with easily-guessable passwords, or no passwords at all. You could be at risk of toll fraud, scams, and other malicious behavior. For more information on Asterisk security and how you can protect yourself, check out http://www.asterisk.org/security/webinar/. (c)https://wiki.asterisk.org/wiki/display/AST/Creating+SIP+Accounts

go to the Asterisk command-line interface. with simple command

asterisk

make sip reload with netx command:

sip reload

Create Dialplan Extensions. add these lines into /etc/asterisk/extensions.conf

[users]
exten=>6001,1,Dial(SIP/user1,20)
exten=>6002,1,Dial(SIP/user2,20)

The extension numbered 6001 which attempts to ring user1 phone for twenty seconds, and an extension 6002 which attempts to rings user2 phone for twenty seconds.

make dialplan reload in the Asterisk command line interface

 dialplan reload

You can verify that Asterisk successfully read the configuration file by typing dialplan show users at the CLI.

dialplan show users

You can now try to make test call using for example ExpressTalk software for windows (http://www.nch.com.au/talk/index.html)

As another option you can configure your users in /etc/asterisk/users.conf Here is the example with NAT enabled, codecs and other options just for example. Simply add these lines to users.conf: adding 1 user

[6100]
fullname = test1
registersip = no
host = dynamic
callgroup = 1
mailbox = 6100
call-limit = 100
type = peer
username = 6100
transfer = yes
callcounter = yes
context = DLPN_DialPlan1
cid_number = 6100
hasvoicemail = no
vmsecret =
email =
threewaycalling = no
hasdirectory = yes
callwaiting = no
hasmanager = no
hasagent = no
hassip = yes
hasiax = yes
secret = P@ssword1
nat = yes
canreinvite = no
dtmfmode = rfc2833
insecure = no       
pickupgroup = 1
requirecalltoken = yes
macaddress = 6100
autoprov = yes
label = 6100
linenumber = 1        
LINEKEYS = 1    
disallow = all 
allow = ulaw,g729,alaw,gsm

if you want you can setup web gui for asteriks management regarding this guide: https://wiki.asterisk.org/wiki/display/AST/Asterisk+GUI#AsteriskGUI-Download Also sometimes it's necessary to fix permissions for make GUI work:

sudo chown -R asterisk:asterisk /var/lib/asterisk/static-http/


Adding security

You should download Asterisk source code if you haven't download it before from http://www.asterisk.org/downloads. Unzip it to some folder on your asterisk server.

tar -xvzf asterisk-11-current.tar.gz 

change dir to unzipped folder and run next command:

contrib/scripts/./ast_tls_cert -C pbx.privatecompany.com -O "privatecompany" -d /etc/asterisk/keys

NOTE if you got hostname related error pls make next : http://wiki.vpsget.com/index.php/Set_hostname