Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[asterisk-users] Asterisk on OpenWrt (first time user)


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users
View previous topic :: View next topic  
Author Message
sebastian_ml at gmx.net
Guest
PostPosted: Fri Mar 20, 2015 4:37 am    Post subject: [asterisk-users] Asterisk on OpenWrt (first time user) Reply with quote
Hello list,

I'm hoping that you could read through this mail and give me some tips
on how to improve my setup (functionality, security, really anything).
It's my first Asterisk installation and meant for simple home use.

I installed Asterisk 11 on an OpenWrt Barrier Breaker router. Currently
it's configured for Ekiga so I can test. In a few weeks I'll change to a
Telco SIP provider for a PSTN connect.

My Ekiga test calls are successful. So it does seem to work Smile

The router is configured like this:

- has a user 'asteriskpbx' so Asterisk doesn't run as root
- has a USB stick for logs and CDRs
- has a LAN port which I removed from the regular LAN VLAN and put into
its own VLAN; only the hardware SIP phone is connected; there's no
forwarding to and from this network
- firewall allows SIP and RTP packets from the outside, but only from
Ekiga.net

The main config file:

[directories]
astdbdir => /mnt/usb/asterisk/dbdir
astlogdir => /mnt/usb/asterisk/logdir

[options]
systemname = my.dynamic.domain.com
runuser = asteriskpbx
rungroup = asteriskpbx
defaultlanguage = de
documentation_language = en_US
live_dangerously = no

[compat]
pbx_realtime=1.6
res_agi=1.6
app_set=1.6

Here's the SIP setup:

[general]
context=unauthenticated
allowguest=no
srvlookup=no
udpbindaddr=0.0.0.0
tcpenable=no
localnet=172.16.28.0/24
alwaysauthreject=yes
language=de

register => MyEkigaUser:MyEkigaPass@ekiga.net/MyEkigaUser

[my-codecs](!)
allow=!all,alaw

[home-phone](!,my-codecs)
acl=voice_vlan
directmedia=no
type=friend
host=dynamic
context=LocalSets

[MyPhoneMacAddress](home-phone)
secret=MyPhonePassword

[ekiga_inbound](my-codecs)
acl=acl_ekiga_inbound
type=peer
host=ekiga.net
context=from-ekiga

[ekiga_outbound](my-codecs)
acl=acl_ekiga_outbound
type=peer
host=ekiga.net
defaultuser=MyEkigaUser
remotesecret=MyEkigaPass
fromuser=MyEkigaUser
fromdomain=ekiga.net

This is my dialplan:

[LocalSets]
exten => 101,1,Dial(SIP/MyPhoneMacAddress,30)
exten => 500,1,Dial(SIP/ekiga_outbound/500,30)
exten => 501,1,Set(GROUP(users)=CallsToProvider)
same => n,NoOp(There are ${GROUP_COUNT(CallsToProvider)} calls for account CallsToProvider.)
same => n,GotoIf($[${GROUP_COUNT(CallsToProvider)} > 1]?denied:continue)
same => n(denied),NoOp(There are too many calls up already. Hang up.)
same => n,HangUp()
same => n(continue),NoOp(Continue processing call as normal here ...)
same => n,Dial(SIP/ekiga_outbound/501,30)
exten => 520,1,Dial(SIP/ekiga_outbound/520,30)

; For later when dialing out via the PSTN connect
;
; Apparently the German RegTP says that local numbers are at least
; 4 digits long. So the following will catch all calls (1234, 0242113,
; 003412314 etc.). Lets strip everything except numbers from the
; extension, though. And only allow 1 call at a time.
;
; exten => _XXXX.,1,Set(GROUP(users)=CallsToProvider)
; same => n,NoOp(There are ${GROUP_COUNT(CallsToProvider)} calls from LocalSets to sip_provider_out.)
; same => n,GotoIf($[${GROUP_COUNT(CallsToProvider)} > 1]?denied:continue)
; same => n(denied),NoOp(There are too many calls up already. Hang up.)
; same => n,HangUp()
; same => n(continue),NoOp(Continue processing call as normal here ...)
; same => n,Set(SAFE_EXTEN=${FILTER(0-9,${EXTEN})})
; same => n,Set(CALLERID(name)=area code + number)
; same => n,Set(CALLERID(num)=area code + number)
; same => n,Dial(SIP/sip_provider_out/${SAFE_EXTEN},30)
;
; Emergeny numbers (110, 112 and 115):
;
; exten => _11[025],1,Set(CALLERID(name)=area code + number)
; same => n,Set(CALLERID(num)=area code + number)
; same => n,Dial(SIP/sip_provider_out/${EXTEN})

[from-ekiga]
exten => MyEkigaUser,1,Dial(SIP/MyPhoneMacAddress,30)

The AMI Manager is disabled, as is CLI access for anybody except root:

[general]
default_perm = deny
[root]
permit = all

Named ACLs:

[voice_vlan]
deny=0.0.0.0/0.0.0.0
permit=172.16.28.0/255.255.255.0

[acl_ekiga_inbound]
deny=0.0.0.0/0.0.0.0
permit=86.64.162.35

[acl_ekiga_outbound]
deny=0.0.0.0/0.0.0.0

Only load necessary modules:

[modules]
autoload=no
load => chan_sip.so
load => res_rtp_asterisk.so
load => app_dial.so
load => pbx_config.so
load => app_cdr.so
load => cdr_csv.so
load => func_strings
load => func_groupcount.so

Any tips/hints/suggestions appreciated. Thanks for reading!

Kind regards,
Sebastian

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services