Asterisk Hell: A Minefield Navigation Guide for Newbies

We're going to take a serious look at Asterisk® through the eyes of a typical new user today. Our objective is to turn newly built Asterisk servers into stellar performers, IP telephony systems that work reliably without the quirks that are all too familiar to those of us who have tiptoed through the minefield for many years. Whether you've chosen to run PBX in a Flash, or a trixbox system, or Elastix, or rolled your own Asterisk system, that's the least of your problems. And it doesn't really matter which flavor you chose because most of the pitfalls we'll be discussing today apply more or less to all of the distributions. Our yardstick for whether your system is performing satisfactorily is straightforward. When your significant other begins screaming for the return of a plain old telephone, you know, one where people on the other end of a call can actually hear what you're saying... you've got a problem.

Download Blues. You can't build an Asterisk-based turnkey system without knowing how to deal with an ISO download. If you have questions about how to create a usable CD from an ISO download or, if your newly minted CD won't boot, follow these simple steps. With a Mac, use Roxio Toast. Choose Copy, click Image File, and drag the ISO file you downloaded into the folder. Click Burn after inserting a blank CD. If you don’t own Toast for your Mac, go to the Applications->Utilities folder and run Disk Utility. Click on Images->Burn from the Title Bar and choose the ISO file you downloaded. Then click Burn to begin. For those in the PC World, you’ll need either Roxio Easy CD Creator or Nero to create a CD from an ISO image. With Easy CD Creator, choose Create Data CD. Then in the File menu, select Create CD from Image, and choose your downloaded file. Now click burn to begin. With Nero, go to Recorder from the top menu and choose Burn Image. Select your download file. Then from the Burn Compilation Window, choose Burn to begin.

Hardware Nightmare. Our Wild Ass Guess (WAG) would be that 90% of the installation problems experienced by new Asterisk users are directly related to crappy hardware. If it sounds like we're tired of hearing about this, you'd be right. The issues range from clone X100P cards that don't work (those that do work usually don't work for long!) to 10 year old systems that barely work to $3,000 top-of-the-line dual everything systems that Linux simply does not yet recognize because the hardware is so new that the glue isn't even dry on the motherboard. The video card is brand new, the onboard network adapter has been in production less than a month, and the SATA RAID drive adapter has been customized just for Dell. Guess what, Dude? The operating system won't load. ATTN: Everybody. Do yourself (and us) a favor. Throw your 10-year-old system in the recycle bin where it belongs. And don't replace it with the most expensive new system from Dell that you can find. We've got nothing against Dell by the way. Keep in mind that we're not loading Windows Vista Premium Deluxe that needs 10,000 horsepower to get out of bed every morning. For a Linux-based telephony server that is going to support under 100 people, the $3,000 server is just overkill and will cause many more problems than it solves. Instead, scratch together $200 and buy yourself a new WalMart Special, a.k.a. the Everex Green PC. You also can get one from NewEgg if you hate WalMart.everything. Now add a gig of RAM for $25 and call it a day. Bottom line: It works. It's reliable. It's new. And it's got performance to spare. Worried about a system failure? Then buy two of them, and we'll show you how to build mirrored servers in coming weeks.

Hardware Nightmare, Part II. For newbies that skimp on hardware, their next purchase is usually the cheapest SIP telephone on the planet. Don't! It's a Death Wish Come True. A week later you'll be wondering why all your friends say it sounds like you're calling from a tunnel. The Little Mrs., of course, has long since begun making all of her calls on a cellphone... which tells you how bad your new system really is! Our advice: Take the $200 you saved buying the WalMart Special above, and buy yourself ONE decent SIP telephone. You'll never be sorry. The Aastra 57i is a perfect phone, period. You can read why here. We even have free software that will automatically configure Aastra 57i's for you. All you have to do is plug it in. And, if you like the flexibility that comes with cordless handsets, splurge for the 57i CT for about $100 more, and you'll have the best phone plus one or more cordless handsets with incredible range.

Software Nightmare. Whether you barely understand Linux or consider yourself a Linux guru, unless you know just as much about Asterisk, save yourself (and the existing Asterisk community) weeks and weeks of headaches. Download one of the Asterisk aggregations that's already been built for you such as PBX in a Flash. In the case of PBX in a Flash, it includes all of the source code necessary to recompile anything on the system once you get your feet wet. Believe it or not, the people that put these aggregations together have decades of Linux, networking, and telephony experience. They actually know what they're doing (in most cases), and the FreePBX web interface to Asterisk that is included in most of these packages was written by some of the best Asterisk gurus on the planet. These aggregations are self-contained ISO images that include the operating system and every piece of the puzzle that you'll need to get an Asterisk system up and running in under an hour. No small feat! If you pick the right one, everything works out of the box, and you can keep it current by issuing one simple command from the Linux prompt... any time you like. It's also easy to add your own pieces down the road using the included compiler and compilation tools. For those that say "I wanna learn as I go" but don't know the difference in a Dialplan, a Bedpan, and a Portapotty (HINT: see inset), here's a tip. Start with an aggregation and then build your own Asterisk system from the ground up... in about six months after you return from Asterisk Bootcamp. In the meantime, pick up a copy of Linux for Dummies. If you're too cheap to cough up the twenty bucks, at least read Joe Roper's Conversational Linux for Newbies. It's free.

It's Your Firewall, Stupid. I wish I had a nickel for every message thread that has been written that goes something like this. "I can make calls out of my system, but the people I call can't hear me." Or vice versa. The answer is pretty simple if you stop and think about it for a second. A phone call has two participants. One talks and the other one listens. Then you take turns. At least that's the theory. For that to actually work in the world of Internet telephony, the talking legs of the call have to be able to get from Point A to Point B and from Point B to Point A. If your IP-based telephone or Asterisk system is sitting behind a firewall/router, you have to configure your router to pass the incoming data into the server and telephone on your private network. If the telephone or Asterisk system on the other end of the call happens to also be sitting behind a firewall/router, then we have what's called "double NAT issues." And, no, this doesn't refer to no-see-ums on a steamy summer night in Dixie. Bottom line: If any of this communications traffic can't find it's way to the other end, then someone can't hear all or part of the telephone conversation.

To fix NAT problems with Asterisk, you simply tell your router to forward all data received on UDP ports 4569, 5004 to 5037, 5039 to 5082, and 10000 to 20000 to the private IP address of your Asterisk server. You also must make certain that the following entries exist in /etc/asterisk/rtp.conf:

[general]
rtpstart=10000
rtpend=20000

And bindport = 5060 must exist in the [general] context of /etc/asterisk/sip.conf. The aggregations take care of the rtp.conf and sip.conf setups for you. But you must reconfigure your router/firewall. Last, but not least, you probably need to complete the next step below as well.

Wherefore Art Thou, Server? If you plan to add additional telephones to your system which are not behind the firewall with your Asterisk server, then those phones have to know the public IP address of your server... all the time. The same holds true with some Internet telephony hosting providers. In lieu of a static IP address, you can use a fully-qualified domain name, e.g. mypbx.dyndns.org. This avoids a problem if your Internet service provider only gives you a dynamic IP address which changes from time to time. There's one more step in making this work. You have to set this information up in Asterisk. Here's how.

Log into your Asterisk server as root and edit sip_custom.conf: nano -w /etc/asterisk/sip_custom.conf. The entries depend upon whether your Internet connection has a fixed IP address or a DHCP address issued by your provider. In the latter case, you also need to configure your router to support Dynamic DNS (DDNS) using a service such as dyndns.org. If you have a fixed IP address, then enter settings like the following using your actual public IP address and your private IP subnet:

externip=180.12.12.12
localnet=192.168.1.0/255.255.255.0      (NOTE: The first 3 octets need to match your private IP addresses!)

If you have a public address that changes and you're using DDNS, then the settings would look something like the following:

externhost=mypbx.dyndns.org
localnet=192.168.0.0/255.255.255.0      (NOTE: The first 3 octets need to match your private IP addresses!)

Once you've made your entries, save the file: Ctrl-X, Y, then Enter. Reload Asterisk: amportal restart. If you assigned a permanent IP address, reboot your server: shutdown -r now.

Be aware that, with some hosting providers, you may experience problems with the externhost approach outlined above. If your ISP only gives you a dynamic IP address, you still can use the externip approach above so long as you have a method to frequently verify your IP address. The approach we actually use on our network is to run a little script every 5 minutes. If it finds that your outside IP address has changed, it will automatically update your sip_custom.conf file with the new address. To use this approach, create a file in /var/lib/asterisk/agi-bin named ip.sh. For this to work, you have to be able to ping your fully-qualified domain name and get a response! Here's the code:1

#!/bin/bash
fqdn="mypbx.dyndns.org"
localnet="192.168.0.0"
externip=`ping -c 1 $fqdn | cut -f 2 -d "(" | cut -f 1 -d ")" -s ↩
| grep -m 1 ^`
if [ -e /tmp/$externip ] ; then
echo No IP Update Required ;
else
echo IP Update Required ;
touch /tmp/$externip ;
echo "externip=$externip" > /etc/asterisk/sip_custom.conf
echo "localnet=$localnet/255.255.255.0" >> /etc/asterisk/sip_custom.conf
asterisk -rx "dialplan reload" ;
fi

On line 2 of the above code, enter the fully-qualified domain name for your server that is registered with your DDNS host. Take a look at this thread for information on DNS-O-Matic which is free.

On line 3, enter the internal subnet for your server. This is usually 192.168.0.0 or 192.168.1.0. YMMV!

Save the file and give it execute permissions: chmod +x /var/lib/asterisk/agi-bin/ip.sh. Then make asterisk the file owner: chown asterisk:asterisk /var/lib/asterisk/agi-bin/ip.sh.

Finally, add the following entry to the bottom of /etc/crontab:

*/5 * * * * asterisk /var/lib/asterisk/agi-bin/ip.sh > /dev/null

Snap, Crackle, and Pop. No. Your phone calls are not supposed to sound like a bowl of Kellogg's Rice Krispies. If they do, it usually means your Internet bandwidth is insufficient to support a reliable VoIP call. Using an uncompressed codec such as ULAW, a single call requires roughly 128 kbps of bandwidth in both directions for a reliable conversation. A full T1 can handle roughly 20 simultaneous calls. If you have a dial up Internet connection, do your friends a favor. Go back to tin cans and a string. It'll work just as well and maybe better. Keep in mind that most ISPs do not offer any QOS guarantees with their service and upstream bandwidth is severely restricted. Not surprisingly, this seems to have gotten worse as more and more ISPs try to steer their customers towards their own VoIP offerings. If you have Internet bandwidth to spare but have a busy LAN, you may want to consider a router that provides increased throughput for certain types of data, e.g. SIP and IAX traffic. Most gaming routers provide good traffic shaping functionality. For example, the dLink DGL-4300 Gaming Router provides excellent results and is currently available at Amazon for under $85 after rebate. Another option is to use a different codec for your calls. See this table for the bandwidth calculations. But be aware that as VoIP data gets compressed, you also run the risk of serious degradation in calls if there is any appreciable packet loss because of the geometric effect this has on compressed data. See this thread for some other troubleshooting tips.

Got Those Disappearing Email Blues. Where did my emails go? Nowhere is the usual answer. Sending email messages with your latest voicemails attached is a wonderful feature that PBX in a Flash and other FreePBX-based systems fully support. There are two common problems in sending emails from your LAMP-based Asterisk server. Either your server isn't configured to send out email or your ISP is blocking the transmission of emails that originate from your system. It's usually easier to troubleshoot email problems by first determining whether your ISP is blocking the emails. Then it's pretty simple to test whether your server is properly configured to send the messages... but, first, a brief history lesson.

Many ISPs don't like downstream servers that function as so-called SMTP hosts because of SPAM and email relay hosts. An improperly configured SendMail server can be used to generate thousands of messages an hour from anyone with an Internet connection. One of the first SPAM messages we received after creation of the Department of Homeland Security was a message using a DHS sendmail server as an email relay host. That inspired confidence. To avoid this problem, ISPs do several things. Typically they block port 25 on their servers so that you can't send out email from downstram SMTP servers. Instead, you have to use their SMTP server to send all outbound email. Comcast takes it a step further. On some systems, they block port 25 on your cable modem so that email never leaves your home or office. Do they typically tell you when they do this? Of course not. While all of this is done in the name of reducing SPAM, it's also a convenient excuse for imposing service restrictions which also happen to save them bandwidth... which you are paying for.

To test whether your ISP is blocking port 25, log into your Asterisk server as root and issue the following command:

telnet nerdvittles.com 25

If your provider isn't blocking port 25, you should get a response like this:

Trying 69.89.21.89...
Connected to nerdvittles.com (69.89.21.89).
Escape character is '^]'
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.

If your ISP is blocking port 25, then the first step to get email flowing from your Asterisk server is to reconfigure SendMail in one of two ways. You can either send the messages through your ISP's SMTP server (and this won't work if port 25 is blocked on your cable modem!) or you can send secure messages using gMail as your SMTP relay host on port 587. This requires that you set up a free gMail account first. For detailed instructions on the gMail setup, go to this message thread and follow the instructions. For an example of using Comcast as your SMTP relay host using port 587, read this thread.

Now we're ready to configure your Asterisk server to reliably send out email messages. There's a simple trick to get this working. A fully-qualified domain name for your server must match the "from" address for the email messages that are sent. This domain does not actually have to be accurate so long as you don't expect to get return emails. Think of it as putting a fake return address on a letter which you mail. It doesn't keep the letter from getting to the designated destination. It just means that you'll never get it back if it were incorrectly addressed. So... our recommended scenario is to do the following. Log into your server as root and edit /etc/hosts. Insert pbxinaflash.dyndns.org in front of pbx.local and separate the entries with a space. Save the file and then restart your network: service network restart. Now edit /etc/asterisk/vm_general.inc and change the serveremail line to read as follows: serveremail=vm@pbxinaflash.dyndns.org. Save the change and reload your dialplan: asterisk -rx "dialplan reload".

Finally, we want to send a test message to be sure everything works. Then you can use FreePBX to tell Asterisk to deliver voicemails to your email address by editing your Extensions settings. To send a test message, log into your server as root and type the following using your real email address. Wait a minute and then check your mailbox (including your SPAM mailbox) to be sure you got it somewhere.

echo "test" | mail -s testmessage nerduno@dyndns.org

Decipherable TouchTones Really Are Part Magic. For the poor soul that finally has a system where he can both speak and hear on the phone (just like in the Old Days), the next hurdle usually rears its head the first time you connect to your favorite doctor's office or credit card company and need to press zero for customer service. After pressing 0 for the hundredth time, you conclude that the buttons on your phone are not working. Before too long, you rightly conclude that there's something wrong with Asterisk. Correctomundo! If you want the technical reason for why you may have lost DTMF signalling, take a look at the RFC. To put it down where the goats can get, if you go into a Chinese restaurant where only Chinese is spoken and you happen to only speak English, chances are you may leave hungry. In the world of touchtones and Asterisk, there are several different dtmfmode settings. There's one for your phone to communicate with your Asterisk server, there's another for your server to communicate with your phone, there's another for your Asterisk trunk to communicate with your provider, and there's another for your provider to talk to you. Now multiply all those combinations by two for communications with another party, and you'll have some idea of the technical hurdles... even with a perfect connection between Party A and Party B. In short, perhaps you just should be thankful you can hear the person at the other end of the call at all.

If different portions of the call are using different DTMF settings and with some compressed codecs, the touchtones cannot be deciphered at the other end of the call. There are several things you can do to improve your chances of DTMF tones working. First, use a reliable provider and buy decent phones. Second, set your server trunks, extensions, and your phones to dtmfmode=rfc2833 and see how it goes. If you still have problems, try adjusting the dtmfmode settings on just your phone and extension to some other value supported by your phone. These two must match. Try dtmfmode=inband and dtmfmode=info. Next, make certain that the dtmfmode setting for your trunk matches what your service provider is using to communicate with your server. This pair of settings must match as well. If you still don't have any luck, try a little Googling for the dtmfmode for your phone type and your provider. If it worked for someone else, chances are it will work for you. If all else fails, try another phone or a more reliable telephony service provider. Assuming you can understand them, you typically can tell whether your service provider understands the problems within about 30 seconds after the music on hold ends... which brings us to our favorite topic.

My Telephony Provider SUX. Yes. There are telephony providers and then there are telephony providers. As with most things in the world, you get what you pay for. Cheap telephony rates don't always mean crappy service, but it certainly improves your chances. All-you-can-eat plans are notoriously dangerous. Even if the telephone service is fairly good, the terms of service typically are shocking. Some even force you to agree to pay exorbitant backdated fees plus attorneys' fees if they, in their sole discretion, determine that you have used your plan for unauthorized calling.

We've got some tips that we repeat often so if you've heard them already, skip along to the next topic.

  • Rule #1: If your business depends upon incoming telephone calls, don't use VoIP telephony service for all of your incoming calls. What you may want to do is order a single business line from AT&T and take Marty Tennant's advice: "You can order an arrangement called 'call forward/busy multi-path' from AT&T (confirm this beforehand) that will allow multiple call forwarding instances to another number (the VOIP one in this case)."
  • Rule #2: Do some reading on which providers have good reputations. We also have a good list of providers that we regularly recommend.
  • Rule #3: With pay-as-you-go termination providers for outbound calls, it doesn't cost you a dime to have numerous trunks provisioned and working on your Asterisk system. If a termination fails using your preferred provider, Asterisk will simply drop down the list until it can successfully complete the call. So don't ever put all your eggs in one basket for terminations.
  • Rule #4: All-you-can eat incoming service with a free DID is still a very good deal at least in the United States and Canada. See our list for suggestions.
  • Rule #5: Toll-free numbers no longer have to be expensive. See our recommendations for reasonably priced toll-free numbers, and give your business a shot in the arm for almost nothing!

What Happened to CallerID? CallerID really is the last vestige of the old Ma Bell monopoly. CallerID numbers are easily deciphered on almost all Asterisk systems regardless of your DID provider. This is true on inbound and outbound calls. CallerID name is a different story. The short answer is that the Baby Bells all maintain their own telephone directories. And chances are you're not in it if you're using VoIP telephony service. These companies seek to preserve their telephone monopoly by *NOT* processing CallerID names that are received from "foreign" systems. Instead, they take the CallerID number that is provided and look up the name in their proprietary directory. No entry = No CallerID Name display. So... the short answer is that, for outbound calls from your system, it does no good to send CallerID Name information. Almost every provider throws it in the bit bucket.

That still doesn't explain why you can't get CallerID names for incoming calls. Here's where your DID provider matters. Some of them subscribe to baby Bell-supported service that provides the names, and others don't. If your DID provider doesn't, then you can either set up your own service to supply CallerID name information, or you can get a new DID provider. For the best homegrown CallerID name service, we recommend Ultimate CNAM from Titanous. It works well on all PBX in a Flash systems and is extremely flexible in the choices provided for name lookups. It currently supports eight lookup providers: AsteriDex, WhoCalled.Us (registration required), Whitepages.com, AnyWho.com, Canada411.com, Google Phonebook, TelcoData (Ratecenter), and Fonetastic (Ratecenter).

My Passwords Don't Work Any Longer. What is it about Asterisk that makes everyone want to screw around improving their passwords? Leave them alone! So long as your initial root password is secure, you're absolutely safe from intruders except someone with physical access to your machine (even on the Internet) if you just do the following. First, using a web browser, go to the IP address of your new server. Click on Administration and then Menu Configuration and enter an Admin password that is as secure as your root password. Second, open FreePBX and click on Setup and then Administrators. Change the password for admin to something equally secure. Third, go to the Linux command prompt. Type each of the following commands and enter a secure password for each.

passwd-maint
passwd-amp
passwd-meetme
passwd-webmin

Now leave your damn passwords alone for at least six months unless you are tortured and forced to reveal all of your innermost secrets. If the annoying FreePBX password reminders bug you, then go to this link and follow the instructions to make the reminders disappear. Then leave your system alone for a week to make sure everything works reliably. Now you're free to add one new thing every other day checking often to make sure it didn't break something that was previously working. When you add ten new things at once, it's virtually impossible to put Humpty back together again. But, of course, you knew that. Enjoy!


PiaF Without Tears. Ben Sharif's PiaF Without Tears tutorial (all 208 pages) was released last week. For those that haven't yet taken a look, you're missing a treat!

Coming Attractions. With the new PBX in a Flash 1.2 release, there now are four different versions of Asterisk that can be installed: 32-bit Asterisk 1.4, 64-bit Asterisk 1.4, 32-bit Asterisk 1.6-beta, and 64-bit Asterisk 1.6-beta. Next week we'll address the installation issues with the Nerd Vittles applications using each of these new systems and expose a few more potholes in the Asterisk minefield. And we may have a new AsteriDex 4 add-on for you as well.

Nerd Vittles Cepstral Demos with Allison TTS (courtesy of les.net). You now can take some Nerd Vittles projects for a test drive... by phone! And it provides a good example of the VoIP quality you can expect with hosted service from Aretta Communications. The current demos include all five new applications preconfigured for Cepstral with the Allison TTS voice: (1) MailCall for Asterisk with password 1234 (retrieve POP3 email by phone), (2) NewsClips for Asterisk (latest news headlines in dozens of categories), (3) Weather Forecasts by U.S. Airport Code, (4) Weather Forecasts by U.S. ZIP Code, and (5) Worldwide Weather Forecasts.

The WalMart Special. We continue to believe that the Everex gPC (aka The WalMart Special) is an almost perfect server for Asterisk implementations with less than 30 simultaneous calls and up to 100 or so extensions. At $199, you can't beat the price. To make things even easier, we will have a preconfigured 2-CD ISO installation set for either the 32-bit Asterisk 1.4 or 1.6-beta version of PBX in a Flash in the next few weeks. It'll include all of the Nerd Vittles goodies plus a full system automatic backup system. All you'll need to add is a 4GB flash drive (about $15) for your weekly backups, and you'll never have to worry about losing your system again! So order your unit, and you'll be ready for the rollout. Here's the WalMart link and the NewEgg link for the latest hardware version. Add a gig of RAM for $25, and you'll have the perfect telephony server platform to begin your Asterisk adventure.


Some Recent Nerd Vittles Articles of Interest...

Be Sociable, Share!

  1. Join the following line as part of the line above when you see the ↩ character in the code. []

9 Responses to “Asterisk Hell: A Minefield Navigation Guide for Newbies”

  1. Wow, I don’t think I’ve read a step by step so comprehensive for newbies in NV since the AAH times… Great thing to write Ward!

  2. Don Tyler says:

    Ward, Great article… I only wish you would have gone deeper into the positive side of adapters. Many of us have gone though the X100P nightmares, but it would be nice to hear what adapters are solid bargains like the evergreen system.

    ~long time reader… first time writer

  3. Shane says:

    Amazingly clear article, really appreciate the steps being outlined.

    How do I paste the text from externip section using the command line?

    I am having trouble with typing in the following character in nano :

    |

    Thank You,

    Shane

  4. Don Moskaluk says:

    I like what you have done with Newbie guide and PiaF! Outstanding work! However I see that there is more opportunity here. Would it be possible to create a video of setup and some administration options?

    Although I’m a UNIX guy I do like see step by step instruction on configuration rather than a summary approach. Sometimes something simple as tarball can through the reader off.

    I noticed that you have multi version of the same product and it is very clear to me what can be in production and what is more experimental. Can you please give a life cycle of when you are going to retire different version of the software? I would hate to be reading this years from now and installing software that may be obsolete.

  5. sam says:

    This is great info. One other topic not covered (almsot came clos on the ‘reliable’topic – using POTS for incoming calls and VOIP for outgoing calls. What h/w is required and how to configure such setup.

    Thanks

  6. Mike says:

    I had to add the bindport=5060 in this file for my PBX in a flash system 1.0 /etc/asterisk/sip_custom.conf instead of sip.conf as it is overwritten. I did an “amportal restart” after saving the file and all was good from then on. The sip proxy DEMO started working after this.

  7. defilm says:

    Love the content and style/attitude, makes for good reading and a few laughs. Running TB now, but with Fontility dieing out, looking to move to the PBXIAF.

  8. Annabell Moron says:

    Had some laughs ^^^ Nice work!

  9. James says:

    I can’t begin to praise you enough for this awesome article! After 2 successful Asterisk installs and setups, I couldn’t figure out for the life of me why the 3rd wouldn’t. I’ve been banging my head for a week trying to figure out why I was only getting one side of the conversation. This article and the “externhost=…” setting saved my sanity and my poor keyboard (which was getting quite the stress test after 8 hours of troubleshooting today). Best… site… ever.

    — A thousand thank you’s from a new, loyal fan who’s about to spam the donate button.

Ringbinder theme by Themocracy