-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsip.conf
62 lines (57 loc) · 3.16 KB
/
sip.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
; ***************** STOP STOP STOP STOP *****************
; If you are new and setting up Asterisk for the first
; time, you almost definitely should be using PJSIP
; instead of SIP. SIP has been deprecated for years
; and will be removed soon from Asterisk. PJSIP is
; recommended to future-proof your config. This is
; provided for historical and compatability purposes only.
[general]
;bindport=16555 ;set it to a UDP port and never tell anyone what it is! Do not forward the port in your router
; bindport sets all 3 at once. TCP and UDP should be the same, TLS should be a different port. ATAs will need to specify the port
tcpbindaddr=0.0.0.0:16555 ; SIP over TCP (default is 5060)
udpbindaddr=0.0.0.0:16555 ; SIP over UDP (default is 5060)
tlsbindaddr=0.0.0.0:16556 ; SIP over TLS (default is 5061)
;do not use port 5600 for external SIP connections; change your port to something non-standard i.e. bindport=39145 pick a port between 16383 and 65535 and never tell anyone what port you are using! Do not forward that UDP port in your router and ensure that UDP port 5600 is not forwarded in your router either. Indeed you should not need RTP UDP ports (usually 10000-20000) forwarded either.
allowguest=no ;keep intruders out
alwaysauthreject=yes ;make life difficult for scanners trying to find a way into your dialplan
match_auth_username = yes ; match on usernames, not IPs!!!
nat=force_rport,comedia ;should make nat more secure
tos_sip=cs3 ; Sets TOS for SIP packets.
tos_audio=ef ; Sets TOS for RTP audio packets.
threewaycalling = yes
transfer = yes
disallowed_methods=UPDATE
srvlookup=yes
;tlscertfile=/etc/letsencrypt/live/example.com/fullchain.pem ; if you set up TLS (which you should if your users are remote from Asterisk and not on the same LAN), configure these
;tlsprivatekey=/etc/letsencrypt/live/example.com/privkey.pem
;tlsdontverifyserver=yes
;tlscipher=ALL
[lines](!) ; template for all user logins (e.g. ATAs)
type = peer
host = dynamic
disallow=all
allow=ulaw
allow=alaw
qualify = yes
insecure = port,invite
canreinvite = no ; don't allow RTP voice traffic to bypass Asterisk
relaxdtmf = yes ; or no... play around with this
progressinband = yes
directmedia=no ; direct media is generally undesired, and can cause one-way audio issues
call-limit=2
transport=udp,tcp,tls ; list of protocols allowed
callcounter=yes
busylevel=1
trust_id_outbound = no
subscribecontext=phreaknet-hints ; for Busy Lamp Field (BLF)
allowsubscribe=yes ; BLF. Keep in mind this allows all users using this template to subscribe to BLF state for all lines with hints in the specified context. This could be changed, of course, if not desired.
[DeskPhone1](lines) ; SIP login for user DeskPhone1
defaultuser = DeskPhone1
authid = DeskPhone1 ; generally same as username
secret = thisisaninsecurepasswordushouldchange
callerid = "John Smith" <5552368> ; change the CNAM and caller ID of your line here
context = from-internal ; context in the dialplan in which this user originates a call
;dtmfmethod = rfc2833 ; you can allow the user to choose a DTMF mode or set one here
;transport=tls ; for TLS encryption (signaling)
;encryption=yes ; for SRTP encryption (voice path)
;mailbox=2368@vmcontext ; for voicemail MWI