Last week we began our quest to install the free Asterisk® PBX. We won’t repeat ourselves so read Part I before continuing here. We’re also assuming you’ve already signed up for a BYOD-Lite BroadVoice account (using your free coupon from Voxilla). Be sure you’re signed up for a Generic SIP account to use with Asterisk. If not, call BroadVoice customer service and ask them (nicely) to change it. There’s no charge for this change. You also should have picked out your server hardware and have either procured an IP telephone set (we recommend the GrandStream GXP-2000 for under $100) or a Sipura VoIP adapter to use plain old telephones, or you plan to use a software-based telephone with your Mac or PC. We’ll cover installation of the latter option shortly because we’re going to use a softphone to make sure Asterisk is set up correctly before adding additional extensions and other bells and whistles.
Editor’s Note: This version of Asterisk@Home has been superceded. For the latest tutorial, click here.
Overview of Asterisk Installation Process. Our installation procedure for today goes like this. We’ll download Asterisk@Home, our favorite bundled Asterisk installation for new users. Then we’ll burn an installation CD from the ISO image. Next we’ll fire up our soon-to-be Asterisk server with the installation CD in place. The installation process will erase your hard disk and then load Linux, Asterisk, Apache, PHP, SendMail, MySQL, and lots of other stuff without your lifting a finger (we hope). For those that have been following our other ISP-In-A-Box tutorials, this process and the collection of open source application software should sound familiar. Once the install completes, we’ll reboot the server, configure Asterisk for use with your new BroadVoice account, download a softphone for testing, and make our first call. If all goes well, the whole process should take about an hour. We’ll then sketch out a deployment plan for Asterisk@Home depending upon how you plan to use it. For this week’s homework, we’ll let you continue building your Asterisk extensions and voicemail accounts. Then next week we’ll get to the fun part by adding an Auto Attendant, an Interactive Voice Response system, Music on Hold, and a few terrific surprises that you’d find it difficult to implement even with a $250,000 PBX install from one of the ‘Big Boys.’ “And what does all this cost,” you might be asking. Assuming you have a clunker PC lying around, next to nothing. A 400MHz Pentium III with 128MB of RAM is more than adequate for a home or home office PBX. Your BroadVoice account comes with a 30-day money-back guarantee plus you get free setup and a month of free service if you purchase either a phone or VoIP adapter from Voxilla (either of which is under $100), and Asterisk@Home is free. If you want to use a softphone instead of an IP phone or VoIP adapter, then BroadVoice costs $9.95 for setup, and $8.45 a month for a phone number in almost any area code, unlimited incoming calls, and 100 minutes a month of outgoing within the U.S. So let’s get started. And why do you need a VoIP provider? Because outgoing calls to garden-variety telephones need to travel on the packet-switched voice network (PSTN), and that costs money. As a practical matter, you also need a PSTN phone number if you want folks to be able to easily call you.
Downloading the Software. First, we need to download an ISO image of Asterisk@Home. Version 1.5 is the latest and greatest, and it fixed some bugs so let’s use it. Just find a link close to your home base and click on it to begin the download. If you’ve never burned a CD from an ISO image, here’s how. For the Mac using Roxio Toast, choose Copy, click Image File, and drag the ISO file you downloaded into the folder. Click Burn after inserting a blank CD. If you don’t own Toast for your Mac, go to the Applications->Utilities folder and run Disk Utility. Click on Images->Burn from the Title Bar and choose the ISO file you downloaded. Then click Burn to begin. For those in the PC World, you’ll need either Roxio Easy CD Creator or Nero to create a CD from an ISO image. With Easy CD Creator, choose Create Data CD. Then in the File menu, select Create CD from Image, and choose your downloaded file. Now click burn to begin. With Nero, go to Recorder from the top menu and choose Burn Image. Select your download file. Then from the Burn Compilation Window, choose Burn to begin. When your CD is ready, insert it into your clunker PC, and reboot. Important: make sure this machine is connected to a network behind a router/firewall and can obtain a valid IP address from a DHCP server (i.e. the machine has working Internet access) before beginning this installation. The reason for this is that Asterisk@Home needs Internet access to properly configure the machine at the conclusion of the setup process. And, remember, everything on the hard disk of this machine will be erased before the Asterisk@Home installation process begins. You’ve been warned. In case you haven’t already figured it out, Asterisk@Home out of the box is anything but secure on the Internet so don’t expose it with a direct network connection until we get it locked down. Any time you can log on to a Linux system as root using password as your password, you have a system which will be hacked in a matter of minutes once it’s exposed to the big, bad Internet. While you’re waiting on Asterisk@Home to install, let’s download our favorite softphone so you’ll have a way to test your new Asterisk PBX once the installation completes. Free versions of X-Lite 2.0 are available for Mac OS X, Windows, and Linux here. So choose your favorite platform and install it on your desktop PC or Mac.0
IP Configuration of Asterisk. We need a consistent IP address or domain name both on your internal network and externally if you expect to receive incoming calls reliably. There are three pieces to IP configuration: (1) setting the internal IP address of your Asterisk server, (2) configuring an external qualified domain name which will always point to your router/firewall, and (3) configuring your router to transfer incoming Asterisk packets to your Asterisk server. Once the install completes, remove the CD, and reboot your new Asterisk@Home server. When startup finishes, log in as root with password as your password. Now type ifconfig eth0 (that’s “e-t-h-zero”) then enter, and write down both your inet addr and your HWaddr on the Ethernet 0 interface, eth0. Inet addr is the internal IP address of your Asterisk box assigned by your DHCP server (i.e. your router/firewall). HWAddr is the MAC address of your Asterisk server’s eth0 network card. To assure a consistent internal IP address, you can either configure your router/DHCP server to make certain that it always hands out this same address to your Asterisk machine, or you can manually configure an IP address for this machine which is not in the range of addresses used by your DHCP server. Almost all routers now make it easy to preassign DHCP addresses so we prefer option 1. It’s generally under the tab for LAN IP Setup and is generally called something like Reserved IP table. Just add an entry and call it Asterisk PBX and specify the IP address and MAC address that you wrote down above. Now each time you reboot your Asterisk server, your router will assign it this same IP addreess. To assure a consistent external address is a little trickier. Unless you have a static (fixed) IP address, you’ll want to use a Dynamic DNS service such as dyndns.org and configure your router to always advertise its external IP address to dyndns.org. DynDNS.org will take care of revising the IP address associated with your domain name when your ISP changes your dynamic IP address. Then you can configure your BroadVoice account using your fully-qualified dyndns.org domain name, e.g. windswept.dyndns.org provides access to our beach house network even though Time Warner cable hands out dynamic IP addresses which change from time to time. For more details, read our article on the subject.
Basic Asterisk Configuration Using AMP. The crown jewel of Asterisk@Home is a web-based administration tool for Asterisk called the Asterisk Management Portal (AMP). Using your favorite web browser, call up AMP by typing in the internal IP address of your Asterisk server. Now click on the Asterisk Management Portal. When prompted for a username, type admin. The default password is … you guessed it … password. Click on the Setup tab to begin. Our first order of business is to set up Asterisk to work with your VoIP provider, BroadVoice. In Asterisk-speak, this is known as a SIP Trunk. So click on Trunks, and then choose Add SIP Trunk.
Under General Settings, enter your BroadVoice-chosen phone number for your Outbound Caller ID and enter 2 for Maximum Channels. This will assure that BroadVoice doesn’t shut down your account when ten of your friends attempt to make outgoing calls at the same time.
For Outgoing Dial Rules, enter the following on three separate lines. It means you can use BroadVoice to place 7 and 10-digit calls as well as 1-areacode-phonenumber calls in the U.S.
For Outgoing Settings, name this trunk bv and then cut the following code and paste it into the Peer Details section. Once you have finished, replace the three occurrences of 9994567890 with your actual 10-digit BroadVoice phone number and replace yourBVpassword with your actual BroadVoice SIP password. This is NOT the password you set up to log in to your BroadVoice portal account at www.broadvoice.com. To retrieve your SIP password, log in to your BroadVoice portal at www.broadvoice.com and then click on the Account tab. Under My Devices, click Show Settings. In the list of settings will be your auth_password. Write it down, or better yet, cut and paste it into your Asterisk@Home configuration immediately after secret= with no intervening or trailing spaces.
For Incoming Settings, name the USER Context, sip.broadvoice.com. Then cut and paste the following into the User Details section of the form. Replace the two occurrences of 9994567890 with your actual 10-digit BroadVoice phone number and again replace yourBVpassword with your actual BroadVoice SIP password just as you did above.
There’s one more step in the SIP Trunk configuration, and it’s the place where most folks make typos so BE CAREFUL. In the Register String field, enter the code below. Replace the two occurrences of 9994567890 with your actual 10-digit BroadVoice phone number and again replace yourBVpassword with your actual BroadVoice SIP password just as you did above. Note that there are three sections to this register string, your BroadVoice account address in email format, your BV SIP password, and your BroadVoice account address again in email format. The three sections are separated from each other by two colons which must not be deleted.
Once you’ve checked and double-checked and triple-checked your typing for typos, save the page. A red bar will display at the top of the screen, click on it to reload Asterisk with the new settings. Now let’s check and be sure you’re registered. Click on the Maintenance tab at the top of AMP. If prompted for a username and password, enter maint for the username and password for the password. Click Asterisk Info in the left column and a whole bunch of Asterisk details will be displayed. The section we’re interested in is Sip Peers. It should show sip.broadvoice.com with your phone number as the username. In the right column, if you have successfully logged in, it will show Registered. If it shows anything else, you need to make a small addition to your Linux configuration (which is a good idea anyway). Look at your BroadVoice device configuration settings screen again (where we found your SIP password), and there will be an entry like this: proxy_ip: proxy-atl.broadvoice.com. The entry we are most interested in is the three-letter city code following proxy-. As an aside, if you try to ping this domain, you’ll get an unknown domain message because BroadVoice has been too lazy to change the hyphen to a period which would be the correct name for this proxy. Anyway, this is BroadVoice’s best guess of their closest server to you. The other problem is that all of BroadVoice’s servers are not created equal. You can register with some and with others you time out. Atlanta (atl), for example, regularly rejects our registration requests, and we live in Atlanta. Go figure! Actually, we do need to go figure because we want this to work. So drop down to a command prompt, and ping the following IP addresses. Write down the response times for each of the IP addresses. Now what we want to do is point sip.broadvoice.com to the proxy with the shortest ping time and see if Asterisk will register. If not, we’ll move to the next shortest, and so on.
#Los Angeles proxy
#New York City proxy
#service network restart once change is made
Here’s how to set the default IP address for sip.broadvoice.com on your Asterisk server. Go to the Asterisk server console and log in as root with password of password. Change to the /etc directory: cd /etc. Type all of the code above into the bottom of the hosts file: nano hosts. The pound sign (#) at the beginning of a line means it’s a comment which is ignored by Linux. Now remove the # sign from the line with the IP address with the lowest ping time by pressing Ctrl-D while positioned over the # sign. Save your changes: Ctrl-X, y, then enter. Now restart the network services on your Linux machine: service network restart. Now refresh your AMP maintenance screen and check to see if you’re registered with BroadVoice. If not, repeat the drill. Remark out the line you unremarked and delete the # sign from the IP address line of the server with the next fastest ping times. Continue until you get a Registered message. If none of the servers work and you’re sure you typed your phone numbers and passwords correctly, call BroadVoice support: 1-978-418-7300. Nights and weekends have shorter hold times, and expect to get cut off once or twice. It’s a feature!
Creating Your First Asterisk Extension. Now that we have a VoIP connection, we need an internal phone number for each telephone that will connect to the Asterisk server. You guessed it. They’re called extensions. And you can number them any way you desire, but we’ll give you a suggestion (if you live in the U.S. of A) which will save you lots of heartbreak. Don’t use extensions that begin with numbers which are used in the North American dialing plan. They may work, but they may not. The best numbers for extensions begin with 1000 and go all the way up to 1199. After that, you’re bumping into the dialing plan. And three-digit numbers almost always begin some phone number in the United States. Having told you the best practice, let me admit that we use numbers in the range of 200 to 399 and have had no problems with BroadVoice service or Asterisk. If we had it to do over again, we’d probably heed our own advice, but …
To set up an Extension, click on the Setup tab and then choose Extensions. An almost blank form will appear with a default extension of 200 using SIP as the protocol with rfc2833 for DTMF signalling. Set the extension number to whatever you desire, but be sure the protocol says SIP and the DTMF setting is rfc2833, for now. For ease of explanation, let’s assume you chose 1000. Now let’s make the extension password 1000 also to keep things simple. Enter your name for the user name. Be sure the Voicemail and Directory option is Enabled. Make the voice mail password 1000 as well. Enter a working email address for this user account and leave the other defaults as they are for now. Click Add Extension to save your work. Click on the red bar again to reset Asterisk.
Configuring Asterisk for Incoming Calls. Only two more steps and we’ll be ready to try out our new system. Click the Incoming Calls tab. In both the Regular Hours and After Hours sections of the form, click the Extension radio button and choose your new extension number (1000) for receipt of incoming calls. Click Submit Changes and then click the red bar to reset Asterisk.
Configuring Asterisk for Outgoing Calls. Now click on the Outbound Routing tab. The Add Route form will display. For Route Name, call it Outside. Leave the password blank. For Dial Patterns, enter the following:
Finally, for the Trunk Sequence, choose SIP/bv. Check your entries carefully. Then press the Add button. Now click the Submit button. And click on the red bar to restart Asterisk.
Configuring the X-Lite Softphone. Start up X-Lite on your PC or Mac and choose Preferences->Systems Settings->SIP Proxy->Default from the menu bar. Make sure it is enabled. To keep things simple, enter 1000 for your Username, Authorization User, and Password. For Domain Realm and SIP Proxy, enter the internal IP address of your Asterisk server. You can change any or all of this later. Close the configuration menu and the softphone will try to register with Asterisk. If all went well, you’ll get a “Logged In” message with your extension 1000 displayed on the screen. You now should be able to dial a call anywhere in the U.S. using the same digits you’d use on your home telephone. Try it. You’ll like it! If that worked, you’re ready to take your first incoming call. Go to your cell phone or home phone and dial your BroadVoice number just as if it were your Aunt Betty’s phone number. All the area code and long distance rules still apply except you can dial any number in your own area code using BroadVoice by dialing a 7-digit number whether Ma Bell requires 10 digits or not.
Securing Asterisk. Now that we have things working, it’s time to make sure Asterisk@Home stays that way. There are two critical steps to securing Asterisk@Home. First, we need to install all of the patches which have been released since the bundled version for the CD was created. And second, we need to reset a number of passwords to secure passwords that only you know. Then we’ll be ready to put Asterisk on the DMZ of your firewall and expose it to every evil Internet person known to mankind. To get the latest Linux updates, log in to your Asterisk server as root, and type the following at the prompt: yum -y update. You may have to reboot your server when the update process completes. Get in the habit of doing this every couple of weeks, and you’ll never have a security problem with Linux.
Now for the passwords. First, think up a good one. Use letters and numbers. Now log out and back in to your Asterisk server. Read the screen and type: help-aah. As you can see, you need to change the Linux password (passwd), the maintenance password for AMP (passwd-maint), the standard AMP password (passwd-amp), the MeetMe password (passwd-meetme), and the admin password used to check email (passwd admin). One more you have to dig for is the password for the Flash Operator Panel (FOP). Change to the directory where the config file is stored: cd /var/www/html/panel. Edit the config file: nano op_server.cfg. Find the line with the password: Ctrl-W security_code. Then change passw0rd to something else and save your changes: Ctrl-X, y, then Enter. Don’t forget to stop and restart Asterisk: amportal stop then amportal start.. There’s really no reason you can’t use the same password for all of these passwords as long as it’s secure. Finally, log in to the Asterisk Management Panel (AMP) and click on CRM which starts up the Sugar CRM application. Login as admin with password for your password. Click on My Account in the upper right corner, and then click the Change Password button to change your CRM password.
Once you’ve completed all of these password changes, use a web browser to open the web interface to your router and find the option which let’s you designate an IP address as your DMZ server. Insert the IP address of your Asterisk server there. What this means is that Asterisk now is sitting out on the Internet without the protections of your router/firewall. You’ll need to do this if you plan to add remote extensions at other locations which can make calls off your Asterisk server. If you don’t care about this functionality, then the DMZ step is unnecessary.
Homework. We’ve covered enough to get you up and running with Asterisk@Home. Take a little time to add a few more extensions and enjoy your new toy. We’ll add the really fun stuff next week, but, if you want to get a head start, here are some of the best tutorials we’ve found: Asterisk@Home Handbook, Asterisk@Home for Dumb Me (especially good for those outside the U.S. that want to configure Asterisk for international dialing), The Hitchhiker’s Guide to Asterisk, Build Your Own PBX, Configuring Asterisk@Home for BroadVoice, the VoIP Wiki, Asterisk@Home Forums, and Voxilla’s Asterisk Forum.
Coming Attractions. One of the little goodies we’ve been working on for next week will let you access a web page stored on your Asterisk machine from anywhere in the world, type in the phone number of the phone sitting beside you, and have Asterisk call you back at that number with dial tone (after entering your password, of course). You then can make unlimited calls using your BroadVoice service at your home to anywhere in 21 countries … for free (assuming you have the BroadVoice $19.95 World Plan). For those that travel frequently outside the United States, you know what a big deal this really is. Stay tuned!
Some Recent Nerd Vittles Articles of Interest…