VoIP channels in Asterisk represent connections to the protocols they support. Each protocol you wish to use requires a configuration file, containing general parameters defining how your system handles the protocol as well as specific parameters for each channel (or device) you will want to reference in your dialplan. In this appendix, we’ll take an in-depth look at the IAX and SIP configuration files.
The IAX configuration file (iax.conf)
contains all of the configuration information Asterisk needs to create
and manage IAX protocol channels. The sections in the file are separated
by headings, which are formed by a word framed in square brackets ([]).
The name in the brackets will be the name of the channel, with one
notable exception: the [general]
section, which is not a channel, is the area where global protocol
parameters are defined.
This section examines the various general and channel-specific
settings for iax.conf. We will define each
parameter and then give an example of its use. Certain options may have
several valid arguments. These arguments are listed beside the option,
separated with the pipe symbol (|). For
example, bandwidth=low|medium|high
means that the bandwidth option
accepts one of the values low,
medium, or high as its argument.
You can insert comments anywhere in the
iax.conf file, by preceding the comment text with
the semicolon character (;).
Everything to the right of the semicolon will be ignored. Feel free to
use comments liberally.
The first non-comment line in your iax.conf
file must be the heading [general].
The parameters in this section will apply to all connections using
this protocol, unless defined differently in a specific channel’s
definition. Since some of these settings can be defined on a
per-channel basis, we have identified settings that are always global
with the tag “(global)” and those that can optionally be configured
for individual channels with the tag “(channel).” If you define a
channel parameter under the [general] section, you do not need to define
it in each channel; its value becomes the default. Keep in mind that
setting a parameter in the [general] section does not prevent you from
setting it differently for specific channels; it merely makes this
setting the default. Also keep in mind that not defining these
parameters may, in some cases, cause a system default to be used
instead.
Here are the parameters that you can configure:
accountcode(channel)The account code can be defined on a per-user basis. If defined, this account code will be assigned to a call record whenever no specific user account code is set. The
accountcodename configured will be used as the filename.csv in the /var/log/asterisk/cdr-csv/ directory to store Call Detail Records (CDRs) for the user/peer/friend:accountcode=iax-
usernameadsi(channel)Support for ADSI (Analog Display Services Interface) can be enabled if you have ADSI-compatible CPE equipment:
adsi=yes|no
allowanddisallow(channel)Specific codecs can be allowed or disallowed, limiting codec use to those preferred by the system designer.
allowanddisallowcan also be defined on a per-channel basis. Keep in mind thatallowstatements in the[general]section will carry over to each of the channels, unless you reset with adisallow=all. Codec negotiation is attempted in the order in which the codecs are defined. Best practice suggests that you definedisallow=all, followed by explicitallowstatements for each codec you wish to use. If nothing is defined,allow=allis assumed:disallow=all allow=ulaw allow=gsm allow=ilbc
amaflags(channel)Automatic Message Accounting (AMA) is defined in the Telcordia Family of Documents listed under FR-AMA-1. These documents specify standard mechanisms for generation and transmission of CDRs. You can specify one of four AMA flags to apply to all IAX connections:
amaflags=default|omit|billing|documentation
authdebug(global)You can minimize the amount of authorization debugging by disabling it with
authdebug=no. Authorization debugging is enabled by default if not explicitly disabled:authdebug=no
autokill(global)To minimize the danger of stalling when a host is unreachable, you can set
autokilltoyesto specify that any new connection should be torn down if anACKis not received within 2,000 ms. (This is obviously not advised for hosts with high latency.) Alternatively, you can replaceyeswith the number of milliseconds to wait before considering a peer unreachable.autokillconfigures the wait for all IAX2 peers, but you can configure it differently for individual peers with the use of thequalifycommand:autokill=
1500bandwidth(channel)bandwidthis a shortcut that may help you get around usingdisallow=alland multipleallowstatements to specify which codecs to use. The valid options are:bindportandbindaddr(global)These optional parameters allow you to control the IP interface and port on which you wish to accept IAX connections. If omitted, the port will be set to 4569, and all IP addresses in your Asterisk system will accept incoming IAX connections. If multiple bind addresses are configured, only the defined interface will accept IAX connections.[160] The address 0.0.0.0 tells Asterisk to listen on all interfaces:
bindport=4569 bindaddr=192.168.0.1
codecpriority(channel)The
codecpriorityoption controls which end of an inbound call leg will have priority over the negotiation of codecs. If set in the[general]section, the selected options will be inherited by all user entries in the channel configuration file; however, they can be defined in the individual user entries for more granular control. If set in both the[general]and user sections, the user entry will override the entry that is configured in the[general]section. If this parameter is not configured, the value defaults tohost.Valid options include:
callerThe inbound caller has priority over the host.
hostThe host has priority over the inbound caller.
disabledCodec preferences are not considered; this is the default behavior before the implementation of codec preferences.
reqonlyCodec preferences are ignored, and the call is accepted only if the requested codec is available:
codecpriority=caller|host|disabled|reqonly
delayreject(global)If an incorrect password is received on an IAX channel, this will delay the sending of the
REGREQorAUTHREPreject messages, which will help to secure against brute-force password attacks. The delay time is 1,000 ms:delayreject=yes|no
forcejitterbuffer(channel)Since Asterisk attempts to bridge channels (endpoints) directly together, the endpoints are normally allowed to perform jitter buffering themselves. However, if the endpoints have a poor jitter buffer implementation, you may wish to force Asterisk to perform jitter buffering no matter what. You can force jitter buffering to be performed with
forcejitterbuffer=yes:forcejitterbuffer=yes
iaxthreadsandiaxmaxthreads(global)The
iaxthreadssetting specifies the number of IAX helper threads that are created on startup to handle IAX communications.The
iaxmaxthreadssetting specifies the maximum number of additional IAX helper threads that may be spawned to handle higher IAX traffic levels:iaxthreads=
10iaxmaxthreads=100jitterbuffer(channel)Jitter refers to the varying latency between packets. When packets are sent from an end device, they are sent at a constant rate with very little latency variation. However, as the packets traverse the Internet, the latency between the packets may become varied; thus, they may arrive at the destination at different times, and possibly even out of order.
The jitter buffer is, in a sense, a staging area where the packets can be reordered and delivered in a regulated stream. Without a jitter buffer, the user may perceive anomalies in the stream, experienced as static, strange sound effects, garbled words, or, in severe cases, missed words or syllables.
The jitter buffer affects only data received from the far end. Any data you transmit will not be affected by your jitter buffer, as the far end will be responsible for the de-jittering of its incoming connections.
The jitter buffer is enabled with the use of
jitterbuffer=yes:jitterbuffer=yes|no
language(channel)This sets the language flag to whatever you define. The global default language is English. The language that is set is sent by the channel as an information element. It is also used by applications such as
SayNumber()that have different files for different languages. Keep in mind that languages other than English are not explicitly installed on the system, and it is up to you to configure the system to ensure that the language you specify is handled properly:language=
enmailboxdetail(global)If
mailboxdetailis set toyes, the new/old message count is sent to the user, instead of a simple statement of whether new and old messages exist.mailboxdetailcan also be set on a per-peer basis:mailboxdetail=yes
maxjitterbuffer(channel)This parameter is used to set the maximum size of the jitter buffer, in milliseconds. Be sure not to set
maxjitterbuffertoo high, or you will needlessly increase your latency:maxjitterbuffer=
500maxjitterinterps(channel)The maximum number of interpolation frames the jitter buffer should return in a row. Since some clients do not send CNG/DTX frames to indicate silence, the jitter buffer will assume silence has begun after returning this many interpolations. This prevents interpolating throughout a long silence:
maxjitterinterps=
10maxregexpireandminregexpire(channel)Specifies the maximum and minimum time intervals for registration expiration, in seconds:
maxregexpire=
180minregexpire=60mohinterpret(channel)This option specifies a preference for which music-on-hold class this channel should listen to when put on hold if the music class has not been set on the channel with
Set(CHANNEL(musicclass)=in the dialplan, and the peer channel putting this all on hold did not suggest a music class.whatever)If this option is set to
passthrough, then the hold message will always be passed through as signaling instead of generating hold music locally.This option may be specified globally, or on a per-user or per-peer basis:
mohinterpret=default
mohsuggest(channel)This option specifies which music-on-hold class (as defined in musiconhold.conf) to suggest to the peer channel when this channel places the peer on hold. It may be specified globally or on a per-user or per-peer basis:
mohsuggest=default
nochecksums(global)If set, Asterisk will disable the calculation of UDP checksums and no longer check UDP checksums on systems supporting this feature:
nochecksums=yes
regcontext(channel)By specifying the context that contains the actions to perform, you can configure Asterisk to perform a number of actions when a peer registers to your server. This option works in conjunction with
regexten, which specifies the extension to execute. If noregextenis configured, the peer name is used as the extension. Asterisk will dynamically create and destroy aNoOpat priority 1 for the extension. All actions to be performed upon registration should start at priority 2. More than oneregextenmay be supplied, if separated by an&.regcontextcan be set on a per-peer basis or globally:regcontext=
registered-phonesregexten(channel)The
regextenoption is used in conjunction withregcontextto specify the extension to be executed within the configured context. Ifregextenis not explicitly configured, the peer name is used as the extension to match:regexten=
myphoneresyncthreshold(channel)The resynchronize threshold is used to resynchronize the jitter buffer if a significant change is detected over a few frames, assuming that the change was caused by a timestamp mixup. The resynchronization threshold is defined as the measured jitter plus the
resyncthresholdvalue, defined in milliseconds:resyncthreshold=
1000rtautoclear(global)This specifies whether or not Asterisk should auto-expire friends created on the fly on the same schedule as if they had just registered. If set to
yes, when the registration expires, the friend will vanish from the configuration until requested again. If set to an integer, friends expire within that number of seconds instead of the normal registration interval:rtautoclear=yes|no|
secondsrtcachefriends(global)If
rtcachefriendsis turned on, Asterisk will cache friends that come from the realtime engine, just as if they had come from iax.conf. This often helps with items such as message-waiting indications on realtime peers:rtcachefriends=yes|no
rtignoreregexpire(global)If
rtignoreregexpireis set toyes, and a realtime peer’s registration has expired (based on its registration interval), then Asterisk will continue to use the IP address and port stored in the database:rtignoreregexpire=yes|no
rtupdate(global)If set to
yesAsterisk will update the IP address, origination port, and registration period of a peer upon registration. Defaults toyes:rtupdate=yes|no
tos(global)Asterisk can set the Type of Service (TOS) bits in the IP header to help improve performance on routers that respect TOS bits in their routing calculations. The following values are valid:
CS0,CS1,CS2,CS3,CS4,CS5,CS6,CS7,AF11,AF12,AF13,AF21,AF22,AF23,AF31,AF32,AF33,AF41,AF42,AF43, andef(expedited forwarding). You may also use a numeric value for the TOS bits.For more information, see the doc/ip-tos.txt file in the Asterisk source directory.
trunk(channel)IAX2 trunking enables Asterisk to send media (as mini-frames) from multiple channels using a single header. The reduction in overhead makes the IAX2 protocol more efficient when sending multiple streams to the same endpoint (usually another Asterisk server):
trunk=yes|no
trunkfreq(channel)trunkfreqis used to control how frequently you send trunk messages, in milliseconds. Trunk messages are sent in conjunction with thetrunk=yescommand:trunkfreq=20
trunktimestamps(channel)Specifies whether or not Asterisk should send timestamps for the individual sub-frames within trunk frames. There is a small bandwidth penalty for sending these timestamps (less than 1 kbps/call), but they ensure that frame timestamps get sent end-to-end properly. If both ends of all your trunks go directly to TDM and your
trunkfreqequals the frame length for your codecs, you can probably suppress these. The receiver must also support this feature, although it does not also need to have it enabled:trunktimestamps=yes|no
The register switch (register
=>) is used to register your Asterisk box to a remote server—this
lets the remote end know where you are, in case you are configured
with a dynamic IP address. Note that register statements are used only when the
remote end has you configured as a peer, and when host=dynamic.
The basic format for a register statement is:
register =>username:password@remote-host
The password is optional (if not
configured on the remote system).
Alternatively, you can specify an RSA key by framing the
appropriate RSA key name[161] in square brackets ([]):
register =>username:[rsa-key-name]@remote-host
By default, register requests
will be sent via port 4569. You can direct them to a different port by
explicitly specifying it, as follows:
register =>username:password@remote-host:1234
With the general settings defined, we can now define our channels. Defining a guest channel is recommended whenever you want to accept anonymous IAX calls. This is a very common way for folks in the Asterisk community to contact one another. Before you decide that this is not for you, keep in mind that anyone whom you want to be able to connect to you via IAX (without you specifically configuring an account for them) will need to connect as a guest. This account, in effect, becomes your “IAX phone number.” Your guest channel definition should look something like this:
[guest] type=user context=incoming callerid="Incoming IAX Guest"
Tip
No doubt the spammers will find a way to harass these addresses, but in the short term this has not proven to be a problem. In the long term, we’ll probably use DUNDi (see Chapter 14 for more information).
If you wish to accept calls from the Free World Dialup network,
Asterisk comes with a predefined security key that ensures that
anonymous connections cannot spoof an incoming Free World Dialup call.
You’ll want to set up an iaxfwd
channel:
[iaxfwd] type=user context=incoming auth=rsa inkeys=freeworlddialup
If you have resources advertised on a DUNDi network, the associated user must be defined in iax.conf:
[dundi] type=user dbsecret=dundi/secret context=dundi-incoming
If you have IAX-based devices (such as an IAXy), or IAX-based users at a remote node, you may want to provide them with their own user definition with which to connect to the system.
Let’s say you have a user on a remote node for whom you want to
define an IAX user. We’ll call this hypothetical user sushi. The user definition might look
something like this:
[sushi] type=user context=local_users auth=md5,plaintext,rsa secret=wasabi transfer=no jitterbuffer=yes callerid="Happy Tempura" <(800) 555-1234> accountcode=seaweed deny=0.0.0.0/0.0.0.0 permit=192.168.1.100/255.255.255.0 language=en
Incoming calls from this user will arrive in the context
local_users and will ask the system
to accept the Caller ID Happy Tempura
<(800) 555-1234>. The system will be willing to accept
MD5, plain-text, or RSA authentication from this user, so long as the
password wasabi is provided and the
call comes from the IP address 192.168.1.100. All calls related to this
channel will be assigned the account code seaweed. Because we’ve set transfer to no, the media path for this channel will
always pass through Asterisk; it cannot be redirected to another IAX
node.
If you yourself are a remote node, and you need to connect into a remote node as a user, you would define that main node as your peer:
[sashimi_platter] type=peer username=sushi secret=wasabi host=192.168.1.101 qualify=yes trunk=yes
A peer is called from the
dialplan by using Dial() with the name
contained in square brackets. If you need to authenticate to the peer
with a username, you can set that username and secret in the username and secret fields.
Tip
Remember, an incoming call from a user specified in iax.conf must authenticate using the
name specified in square brackets. When Asterisk itself is calling
to an outside peer however, you
can use the username setting to
set the authentication username.
host is specified using
either IP dotted notation or a fully qualified domain name (FQDN). You
can determine the latency between you and the remote host, and whether
the peer is alive, with qualify=yes. To minimize the amount of
overhead for multiple calls going to the same peer, you can trunk them.
Trunking is unique to IAX and is designed to take advantage of the fact
that two large sites may have multiple, simultaneous VoIP connections
between them. IAX trunking reduces overhead by loading the audio from
several concurrent calls into each signaling packet.[162] You can enable trunking for a channel with trunk=yes in
iax.conf.
Figure A-1 shows a channel with trunking disabled, and Figure A-2 shows a channel with trunking enabled.
Now, let’s take a look at the channel-specific parameters:
calleridYou can set a suggested Caller ID string for a user or peer with
callerid. If you define a Caller ID field for a user, any calls that come in on that channel will have that Caller ID assigned to them, regardless of what the far end sends to you. If you define Caller ID for a peer, you are requesting that the far end use that to identify you (although you have no way of ensuring it will do so). If you want incoming users to be able to define their own Caller IDs (i.e., for guests), make sure you do not set thecalleridfield:callerid=
John Smith <(800) 555-1234>defaultipThe
defaultipsetting complementshost=dynamic. If a host has not yet registered with your server, you’ll attempt to send messages to the default IP address configured here:defaultip=
192.168.1.101inkeysYou can use the
inkeysoption to authenticate a user with the use of an RSA key. To associate more than one RSA key with a user channel definition, separate the key names with a colon (:). Any one of those keys will be sufficient to validate a connection. The “inkey” is the public key you distribute to your users:inkeys=
server_one:server_twomailboxIf you associate a mailbox with a peer within the channel definition, voicemail will send a message waiting indication (MWI) to the nodes on the end of that channel. If the mailbox number is in a voicemail context other than
default, you can specify it asmailbox@context. To associate multiple mailboxes with a single peer, use multiplemailboxstatements:mailbox=
1000@internaloutkeyYou can use the
outkeyoption to authenticate a peer with the use of an RSA key. Only one RSA key may be used for outgoing authentication. The “outkey” is not distributed; it is your private key:outkey=
private_keyqualifyYou can set
qualifytoyes,no, or a time in milliseconds. If you setqualify=yes,PINGmessages will be sent periodically to the remote peers to determine whether they are available and what the latency between replies is. The peers will respond withPONGmessages. A peer will be determined unreachable if no reply is received within 2,000 ms (to change this default, instead setqualifyto the number of milliseconds to wait for the reply).qualifyfreqokandqualifyfreqnotokThese two settings are used to determine how frequently Asterisk should ping a peer when
qualifyis set. Thequalifyfreqoksetting determines how often to ping the peer when it’s in an OK state, andqualifyfreqnotokdetermines how often to ping the peer when it’s not in an OK state.qualifysmoothingYou can set
qualifysmoothingtoyesorno. If enabled, Asterisk will take the average of the last two qualify times. This helps eliminate having peers marked asLAGGED, especially on a lossy network.sendaniThe SS7 PSTN network uses Automatic Number Identification (ANI) to identify a caller, and Caller ID is what is delivered to the user. The Caller ID is generated from the ANI, so it’s easy to confuse the two. Blocking Caller ID sets a privacy flag on the ANI, but the backbone network still knows where the call is coming from:
sendani=yes
transferYou can set
transfertoyes,no, ormediaonly. If set toyes, Asterisk will transfer the call away from itself if it can, in order to make the packet path shorter between the two endpoints. (This obviously won’t work if Asterisk needs to transcode or translate between protocols, or if network conditions don’t allow the two endpoints to talk directly to each other.) If it is set tono, Asterisk will not try to transfer the call away from itself.If set to
mediaonly, Asterisk will attempt to transfer the media stream so that it goes directly between the two endpoints, but the call signaling (call setup and teardown messages) will still go through Asterisk. This is useful because it ensures that call detail records are still accurate, even though the media is no longer flowing through the Asterisk box.
[160] Currently, Asterisk will only work with a single
bindaddr option. If you
wish to listen to more than one address, you’ll need to use
0.0.0.0. Note that Asterisk will work in a multihomed
environment, but not with multi-address interfaces. Asterisk
will use the system’s routing table to select which
interface it sends the packet out on and it will use the
primary address on that interface as the source.
[161] Asterisk RSA keys are typically located in /var/lib/asterisk/keys/. You can generate your own keys using the astkeygen script.
[162] You can think of IAX trunking as carpooling for VoIP packets. This becomes very useful in many situations, as the IP overhead (UDP headers, IP headers, and so forth) is often bigger than the audio payload it carries. If you have several concurrent calls between two Asterisk boxes, you definitely want to turn on IAX trunking!
Get Asterisk: The Future of Telephony, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
