Asterisk

Asterisk 11 on Ubuntu 12 using Sangoma hardware, with SRTP and TLS

Asterisk 11 on CentOS 6

Asterisk 1.8 on Another Linux OS = Asterisk CentOS 6 Install Guide (Asterisk 1.8)

___________________________________________________________________________________



___________________________________________________________________________________

Export Notice

  • Encryption source code posted on this web site is eligible for export as specified by Bureau of Industry and Security (BIS), of the U.S. Department of Commerce at 15 CFR Part 740.13 (e) (5). The source code is considered publicly available and is free of charge (15 CFR Part 734.3 (b) (3)).
  • Any source code derived from this web site that is made publicly available for download on the Internet would be subject to notification and review requirements of the BIS to export.
  • Any derived encryption product incorporating the encryption source code from this web site is considered a new product and is subject to notification and review requirements of the BIS.
  • Commercial encryption products that incorporate source code are eligible for export under the appropriate provisions of Export Administration Regulations (EAR), depending on the key length and the type of product, regardless of the source of the underlying encryption.
  • Users are urged to consult the Export Administration Regulations, the Bureau of Industry and Security, and other appropriate sources before exporting any encryption products. Users are responsible for compliance with U.S. and international laws.

___________________________________________________________________________________

___________________________________________________________________________________

Prepare your machine for Development

  • sudo apt-get install build-essential wget libssl-dev libncurses5-dev libnewt-dev libxml2-dev linux-headers-$(uname -r) libsqlite3-dev

___________________________________________________________________________________

Download:

___________________________________________________________________________________

Build and install:

  • Prerequisites:
  • build libsrtp
    • ./configure CFLAGS=-fPIC
    • make
    • make runtests (did it pass?)
    • sudo make install
  • build dahdi
    • cd dahdi
    • make
    • sudo make install
  • build libpri
    • cd libpri
    • make
    • sudo make install
  • build asterisk with SRTP
    • cd asterisk
    • ./configure --with-crypto --with-ssl --with-srtp
    • review the ouptut, Is the SRTP lib linkable?
    • make menuselect
    • make
    • sudo make install
    • sudo make samples (optional)
    • sudo make config
    • chkconfig asterisk on
  • create X.509 keys
    • use the script in Asterisk contrib directory
  • run Sangoma install script (optional)
    • cd wanpipe
    • to be continued, some issues here ...

___________________________________________________________________________________


Security

___________________________________________________________________________________

VoIP Fraud: Current Threats From A Law Enforcement Perspective Special Agent Michael McAndrews, FBI

https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Webinars

Presenters Special Agent Michael McAndrews, FBI Dan York, VOIP Security Alliance (VOIPSA) Jared Smith, Digium Tristan Degenhardt, Digium

Notes: Illegally route calls Phishing scams

Phishing Public Image - Caller ID victims Anti-Phishing Working Group First know cases - 2006 Began with websites, trojans and emails

Smishing SMS solicitations

Vishing Phone Calls through VOIP

SipVicious Tool Suite - svmap - scanner - svwar - extension identifier - svcrack - exploits weak passwords - svreport - reporting tool

VoIPPack for CANVAS

IaxPingPoker


Illegally route calls

Compromise server to allow outbound calls at owners expense (toll fraud) Use VoIP to launch vishing scams

Compromise server to allow inbound calls, crafted an extension, in collaboration with phishing emails, SMS

Launch outbound vishing scams, usually with an automated attendant.

___________________________________________________________________________________


Sample sip.conf

___________________________________________________________________________________

[demo-alice] type=friend host=dynamic secret=verysecretpassword ; put a strong, unique password here instead context=users deny=0.0.0.0/0 permit=192.168.5.0/255.255.255.0 ; replace with your network settings

[demo-bob] type=friend host=dynamic secret=othersecretpassword ; put a strong, unique password here instead context=users deny=0.0.0.0/0 permit=192.168.5.0/255.255.255.0 ; replace with your network settings

___________________________________________________________________________________


Starting and Stopping

___________________________________________________________________________________

Start:

  • wanrouter restart
  • start asterisk as a deamon
    • /etc/init.d/asterisk start
    • or asterisk vvvvvvvvv
    • or asterisk -vvvvvvgcdni (no need to connect remotely)

___________________________________________________________________________________

  • connect to asterisk remotely via the command line (optional)

sudo /usr/sbin/asterisk -rvvvvvgcdn

  • CLI>

___________________________________________________________________________________

Show channels

  • CLI>dahdi show channels

___________________________________________________________________________________

Stop:

  • CLI>core stop now
  • create or modify the sample dialplan, sip users ...
    • extensions.conf
    • sip.conf

___________________________________________________________________________________

Restart: asterisk -vvvvvvgcdni

  • CLI>
  • dialpan reload ( if modifying the dialplan with asterisk running )
  • dialplay show
  • sip reload ( if modifying the sip configuration with asterisk running )
  • test

___________________________________________________________________________________

Help

  • CLI>help
  • ! Execute a shell command
  • ael reload Reload AEL configuration
  • ael set debug {read|tokens|mac Enable AEL debugging flags
  • agent logoff Sets an agent offline
  • agent show Show status of agents
  • agent show online Show all online agents
  • agi dump html Dumps a list of AGI commands in HTML format
  • agi exec Add AGI command to a channel in Async AGI
  • agi set debug [on|off] Enable/Disable AGI debugging
  • agi show commands [topic] List AGI commands or specific help
  • aoc set debug enable cli debugging of AOC messages
  • calendar dump sched Dump calendar sched context
  • calendar show calendar Display information about a calendar
  • calendar show calendars Show registered calendars
  • cc cancel Kill a CC transaction
  • cc report status Reports CC stats
  • cdr show status Display the CDR status
  • cel show status Display the CEL status
  • channel originate Originate a call
  • channel redirect Redirect a call
  • channel request hangup Request a hangup on a given channel
  • cli check permissions Try a permissions config for a user
  • cli reload permissions Reload CLI permissions config
  • cli show aliases Show CLI command aliases
  • cli show permissions Show CLI permissions
  • config list Show all files that have loaded a configuration file
  • config reload Force a reload on modules using a particular configuration file
  • console answer Answer an incoming console call
  • console boost Sets/displays mic boost in dB
  • console dial Dial an extension on the console
  • console flash Flash a call on the console
  • console hangup Hangup a call on the console
  • console {mute|unmute} [toggle] Disable/Enable mic input
  • console send text Send text to the remote device
  • console transfer Transfer a call to a different extension
  • console {device} Generic console command
  • console {set|show} autoanswer Sets/displays autoanswer
  • console {set|show} active [<de Sets/displays active console
  • core abort shutdown Cancel a running shutdown
  • core clear profile Clear profiling info
  • core ping taskprocessor Ping a named task processor
  • core reload Global reload
  • core restart gracefully Restart Asterisk gracefully
  • core restart now Restart Asterisk immediately
  • core restart when convenient Restart Asterisk at empty call volume
  • core set debug channel Enable/disable debugging on a channel
  • core set {debug|verbose} Set level of debug/verbose chattiness
  • core show applications [like|d Shows registered dialplan applications
  • core show application Describe a specific dialplan application
  • core show calls [uptime] Display information on calls
  • core show channels [concise|ve Display information on channels
  • core show channel Display information on a specific channel
  • core show channeltypes List available channel types
  • core show channeltype Give more details on that channel type
  • core show codecs [audio|video| Displays a list of codecs
  • core show codec Shows a specific codec
  • core show config mappings Display config mappings (file names to config engines)
  • core show file formats Displays file formats
  • core show file version [like] List versions of files used to build Asterisk
  • core show functions [like] Shows registered dialplan functions
  • core show function Describe a specific dialplan function
  • core show help Display help list, or specific help on a command
  • core show hints Show dialplan hints
  • core show hint Show dialplan hint
  • core show image formats Displays image formats
  • core show license Show the license(s) for this copy of Asterisk
  • core show profile Display profiling info
  • core show settings Show some core settings
  • core show switches Show alternative switches
  • core show sysinfo Show System Information
  • core show taskprocessors List instantiated task processors and statistics
  • core show threads Show running threads
  • core show translation Display translation matrix
  • core show uptime [seconds] Show uptime information
  • core show version Display version info
  • core show warranty Show the warranty (if any) for this copy of Asterisk
  • core stop gracefully Gracefully shut down Asterisk
  • core stop now Shut down Asterisk immediately
  • core stop when convenient Shut down Asterisk at empty call volume
  • core waitfullybooted Wait for Asterisk to be fully booted
  • dahdi destroy channel Destroy a channel
  • dahdi restart Fully restart DAHDI channels
  • dahdi set dnd Sets/resets DND (Do Not Disturb) mode on a channel
  • dahdi set hwgain Set hardware gain on a channel
  • dahdi set swgain Set software gain on a channel
  • dahdi show cadences List cadences
  • dahdi show channels [group|con Show active DAHDI channels
  • dahdi show channel Show information on a channel
  • dahdi show status Show all DAHDI cards status
  • dahdi show version Show the DAHDI version in use
  • data get Data API get
  • data show providers Show data providers
  • database del Removes database key/value
  • database deltree Removes database keytree/values
  • database get Gets database value
  • database put Adds/updates database value
  • database show Shows database contents
  • database showkey Shows database contents
  • devstate change Change a custom device state
  • devstate list List currently known custom device states
  • dialplan add extension Add new extension into context
  • dialplan add ignorepat Add new ignore pattern
  • dialplan add include Include context in other context
  • dialplan debug Show fast extension pattern matching data structures
  • dialplan reload Reload extensions and *only* extensions
  • dialplan remove extension Remove a specified extension
  • dialplan remove ignorepat Remove ignore pattern from context
  • dialplan remove include Remove a specified include from context
  • dialplan set chanvar Set a channel variable
  • dialplan set extenpatternmatch Use the Old extension pattern matching algorithm.
  • dialplan set extenpatternmatch Use the New extension pattern matching algorithm.
  • dialplan set global Set global dialplan variable
  • dialplan show chanvar Show channel variables
  • dialplan show globals Show global dialplan variables
  • dialplan show Show dialplan
  • dnsmgr refresh Performs an immediate refresh
  • dnsmgr reload Reloads the DNS manager configuration
  • dnsmgr status Display the DNS manager status
  • dundi flush [stats] Flush DUNDi cache
  • dundi lookup Lookup a number in DUNDi
  • dundi precache Precache a number in DUNDi
  • dundi query Query a DUNDi EID
  • dundi set debug {on|off} Enable/Disable DUNDi debugging
  • dundi show entityid Display Global Entity ID
  • dundi show mappings Show DUNDi mappings
  • dundi show peers [registered|i Show defined DUNDi peers
  • dundi show peer Show info on a specific DUNDi peer
  • dundi show precache Show DUNDi precache
  • dundi show requests Show DUNDi requests
  • dundi show trans Show active DUNDi transactions
  • dundi store history {on|off} Enable/Disable DUNDi historic records
  • fax set debug {on|off} Enable/Disable FAX debugging on new FAX sessions
  • fax show capabilities Show the capabilities of the registered FAX technology modules
  • fax show session Show the status of the named FAX sessions
  • fax show sessions Show the current FAX sessions
  • fax show settings Show the global settings and defaults of both the FAX core and technology modules
  • fax show stats Summarize FAX session history
  • fax show version Show versions of FAX For Asterisk components
  • features reload Reloads configured features
  • features show Lists configured features
  • file convert Convert audio file
  • group show channels Display active channels with group(s)
  • hangup request <no description available>
  • help <no description available>
  • http show status Display HTTP server status
  • iax2 provision Provision an IAX device
  • iax2 prune realtime Prune a cached realtime lookup
  • iax2 reload Reload IAX configuration
  • iax2 set debug {on|off|peer} Enable/Disable IAX debugging
  • iax2 set debug jb {on|off} Enable/Disable IAX jitterbuffer debugging
  • iax2 set debug trunk {on|off} Enable/Disable IAX trunk debugging
  • iax2 set mtu Set the IAX systemwide trunking MTU
  • iax2 show cache Display IAX cached dialplan
  • iax2 show callnumber usage Show current entries in IP call number limit table
  • iax2 show channels List active IAX channels
  • iax2 show firmware List available IAX firmware
  • iax2 show netstats List active IAX channel netstats
  • iax2 show peer Show details on specific IAX peer
  • iax2 show peers List defined IAX peers
  • iax2 show provisioning Display iax provisioning
  • iax2 show registry Display IAX registration status
  • iax2 show stats Display IAX statistics
  • iax2 show threads Display IAX helper thread info
  • iax2 show users [like] List defined IAX users
  • iax2 test losspct Set IAX2 incoming frame loss percentage
  • iax2 unregister Unregister (force expiration) an IAX2 peer from the registry
  • indication add Add the given indication to the country
  • indication remove Remove the given indication from the country
  • indication show Display a list of all countries/indications
  • local show channels List status of local channels
  • logger mute Toggle logging output to a console
  • logger reload Reopens the log files
  • logger rotate Rotates and reopens the log files
  • logger set level {DEBUG|NOTICE Enables/Disables a specific logging level for this console
  • logger show channels List configured log channels
  • manager reload Reload manager configurations
  • manager set debug [on|off] Show, enable, disable debugging of the manager code
  • manager show command Show a manager interface command
  • manager show commands List manager interface commands
  • manager show connected List connected manager interface users
  • manager show eventq List manager interface queued events
  • manager show settings Show manager global settings
  • manager show users List configured manager users
  • manager show user Display information on a specific manager user
  • meetme {lock|unlock|mute|unmut Execute a command on a conference or conferee
  • meetme list [concise] List all or one conference
  • mgcp audit endpoint Audit specified MGCP endpoint
  • mgcp reload Reload MGCP configuration
  • mgcp set debug {on|off} Enable/Disable MGCP debugging
  • mgcp show endpoints List defined MGCP endpoints
  • minivm list accounts List defined mini-voicemail boxes
  • minivm list templates List message templates
  • minivm list zones List zone message formats
  • minivm reload Reload Mini-voicemail configuration
  • minivm show settings Show mini-voicemail general settings
  • minivm show stats Show some mini-voicemail statistics
  • mixmonitor {start|stop} Execute a MixMonitor command
  • module load Load a module by name
  • module reload Reload configuration for a module
  • module show [like] List modules and info
  • module unload Unload a module by name
  • moh reload Reload MusicOnHold
  • moh show classes List MusicOnHold classes
  • moh show files List MusicOnHold file-based classes
  • no debug channel Disable debugging on channel(s)
  • originate <no description available>
  • parkedcalls show List currently parked calls
  • phoneprov show routes Show registered phoneprov http routes
  • pri intense debug span <no description available>
  • pri service disable channel Remove a channel from service
  • pri service enable channel Return a channel to service
  • pri set debug {on|off|0|1|2} s Enables PRI debugging on a span
  • pri set debug file Sends PRI debug output to the specified file
  • pri show debug Displays current PRI debug settings
  • pri show spans Displays PRI Information
  • pri show span Displays PRI Information
  • pri show version Displays libpri version
  • queue add member Add a channel to a specified queue
  • queue reload {parameters|membe Reload queues, members, queue rules, or parameters
  • queue remove member Removes a channel from a specified queue
  • queue reset stats Reset statistics for a queue
  • queue set penalty Set penalty for a channel of a specified queue
  • queue show Show status of a specified queue
  • queue {pause|unpause} member Pause or unpause a queue member
  • queue show rules Show the rules defined in queuerules.conf
  • realtime destroy Delete a row from a RealTime database
  • realtime load Used to print out RealTime variables.
  • realtime store Store a new row into a RealTime database
  • realtime update Used to update RealTime variables.
  • realtime update2 Used to test the RealTime update2 method
  • reload <no description available>
  • rtcp set debug {on|off|ip} Enable/Disable RTCP debugging
  • rtcp set stats {on|off} Enable/Disable RTCP stats
  • rtp set debug {on|off|ip} Enable/Disable RTP debugging
  • say load [new|old] Set or show the say mode
  • sip notify Send a notify packet to a SIP peer
  • sip prune realtime [peer|all] Prune cached Realtime users/peers
  • sip qualify peer Send an OPTIONS packet to a peer
  • sip reload Reload SIP configuration
  • sip set debug {on|off|ip|peer} Enable/Disable SIP debugging
  • sip set history {on|off} Enable/Disable SIP history
  • sip show {channels|subscriptio List active SIP channels or subscriptions
  • sip show channelstats List statistics for active SIP channels
  • sip show channel Show detailed SIP channel info
  • sip show domains List our local SIP domains
  • sip show history Show SIP dialog history
  • sip show inuse List all inuse/limits
  • sip show mwi Show MWI subscriptions
  • sip show objects List all SIP object allocations
  • sip show peers List defined SIP peers
  • sip show peer Show details on specific SIP peer
  • sip show registry List SIP registration status
  • sip show sched Present a report on the status of the scheduler queue
  • sip show settings Show SIP global settings
  • sip show tcp List TCP Connections
  • sip show users List defined SIP users
  • sip show user Show details on specific SIP user
  • sip unregister Unregister (force expiration) a SIP peer from the registry
  • skinny reload Reload Skinny config
  • skinny reset Reset Skinny device(s)
  • skinny set debug {off|on} Enable/Disable Skinny debugging
  • skinny show devices List defined Skinny devices
  • skinny show device List Skinny device information
  • skinny show lines [verbose] List defined Skinny lines per device
  • skinny show line List Skinny line information
  • skinny show settings List global Skinny settings
  • sla show stations Show SLA Stations
  • sla show trunks Show SLA Trunks
  • stun set debug {on|off} Enable/Disable STUN debugging
  • timing test Run a timing test
  • transcoder show Display DAHDI transcoder utilization.
  • udptl set debug {on|off|ip} Enable/Disable UDPTL debugging
  • ulimit Set or show process resource limits
  • unistim reload Reload UNISTIM configuration
  • unistim send packet Send packet (for reverse engineering)
  • unistim set debug {on|off} Toggle UNITSTIM debugging
  • unistim show info Show UNISTIM info
  • voicemail reload Reload voicemail configuration
  • voicemail show users List defined voicemail boxes
  • voicemail show zones List zone message formats

___________________________________________________________________________________

Interfaces:

FXS: Foreign Exchange Station End

  • FXS: Connects to and rings a phone.

FXO: Foreign Exhange Office End

  • FXO: Acts as a phone, e.g. connects to an FXS interface.
  • FXO: Has a ring detector and a dialer.