diff --git a/files/platon/accessgranted.gsm b/files/platon/accessgranted.gsm new file mode 100644 index 0000000..8bef92c Binary files /dev/null and b/files/platon/accessgranted.gsm differ diff --git a/files/platon/denied.gsm b/files/platon/denied.gsm new file mode 100644 index 0000000..bb57874 Binary files /dev/null and b/files/platon/denied.gsm differ diff --git a/files/platon/granted.gsm b/files/platon/granted.gsm new file mode 100644 index 0000000..0d6f5bd Binary files /dev/null and b/files/platon/granted.gsm differ diff --git a/files/platon/hello.gsm b/files/platon/hello.gsm new file mode 100644 index 0000000..fbdbace Binary files /dev/null and b/files/platon/hello.gsm differ diff --git a/files/platon/welcome.gsm b/files/platon/welcome.gsm new file mode 100644 index 0000000..3d8e319 Binary files /dev/null and b/files/platon/welcome.gsm differ diff --git a/files/platon/youcannotpass.gsm b/files/platon/youcannotpass.gsm new file mode 100644 index 0000000..da67f12 Binary files /dev/null and b/files/platon/youcannotpass.gsm differ diff --git a/inventory.yml b/inventory.yml index d9459f3..c1bc095 100644 --- a/inventory.yml +++ b/inventory.yml @@ -88,6 +88,14 @@ all: server_admin: "admin+platon@netz39.de" mac: "b8:27:eb:8f:98:2f" gatekeeper_user: pi + gatekeeper_sip_registration: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31306464613437343762323366393132323231306362393762636361353230353632333834663430 + 3133663661396566623664323134353737643039646263320a333434326561383962643739346265 + 61376631393266393737306261393137353364353637623335386663613834373233633264316130 + 3931316365663739380a616334626264376164376165346263353366363234646462383637383034 + 62343231636664623938356233363137383166306232373063306362366265333061623532393066 + 6261613435373465336463376431366164373538376465343031 radon.n39.eu: server_admin: "admin+radon@netz39.de" krypton.n39.eu: diff --git a/platon.yml b/platon.yml index adad5b9..6fae250 100644 --- a/platon.yml +++ b/platon.yml @@ -30,6 +30,8 @@ - mpg123 - mosquitto - i2c-tools + - asterisk + - asterisk-mp3 - name: Set MAC address for proper DHCP recognition @@ -243,6 +245,51 @@ mode: "0644" notify: restart rsyslog + + ### Asterisk + + - name: Set up SIP settings for asterisk + # This uses the variable gatekeeper_sip_registration + ansible.builtin.template: + src: templates/platon/sip.conf.j2 + dest: /etc/asterisk/sip.conf + owner: root + group: root + mode: "0644" + notify: restart asterisk + + - name: Set up extensions for asterisk + # This uses the variables gatekeeper_user and door_open_command + ansible.builtin.template: + src: templates/platon/extensions.conf.j2 + dest: /etc/asterisk/extensions.conf + owner: root + group: root + mode: "0644" + notify: restart asterisk + + - name: Ensure asterisk is in the right groups + ansible.builtin.user: + name: asterisk + groups: audio,i2c,gpio + append: yes + notify: restart asterisk + + - name: Copy sounds + ansible.builtin.copy: + src: "files/platon/{{item}}" + dest: "/usr/local/share/asterisk/sounds/n39/" + owner: root + group: root + mode: "0644" + loop: + # Check the extensions.conf.j2 template to see which files are needed + - hello.gsm + - granted.gsm + - denied.gsm + # Asterisk restart is not necessary + + handlers: - name: restart mosquitto service: @@ -255,3 +302,9 @@ name: rsyslog state: restarted enabled: yes + + - name: restart asterisk + service: + name: asterisk + state: restarted + enabled: yes diff --git a/templates/platon/extensions.conf.j2 b/templates/platon/extensions.conf.j2 new file mode 100644 index 0000000..9bfaf55 --- /dev/null +++ b/templates/platon/extensions.conf.j2 @@ -0,0 +1,130 @@ +; extensions.conf - the Asterisk dial plan +; +; Static extension configuration file, used by +; the pbx_config module. This is where you configure all your +; inbound and outbound calls in Asterisk. +; +; This configuration file is reloaded +; - With the "dialplan reload" command in the CLI +; - With the "reload" command (that reloads everything) in the CLI + +; +; The "General" category is for certain variables. +; +[general] +; +; If static is set to no, or omitted, then the pbx_config will rewrite +; this file when extensions are modified. Remember that all comments +; made in the file will be lost when that happens. +; +; XXX Not yet implemented XXX +; +static=yes +; +; if static=yes and writeprotect=no, you can save dialplan by +; CLI command "dialplan save" too +; +writeprotect=yes +; +; If autofallthrough is set, then if an extension runs out of +; things to do, it will terminate the call with BUSY, CONGESTION +; or HANGUP depending on Asterisk's best guess. This is the default. +; +; If autofallthrough is not set, then if an extension runs out of +; things to do, Asterisk will wait for a new extension to be dialed +; (this is the original behavior of Asterisk 1.0 and earlier). +; +;autofallthrough=no +; +; +; +; If clearglobalvars is set, global variables will be cleared +; and reparsed on a dialplan reload, or Asterisk reload. +; +; If clearglobalvars is not set, then global variables will persist +; through reloads, and even if deleted from the extensions.conf or +; one of its included files, will remain set to the previous value. +; +; NOTE: A complication sets in, if you put your global variables into +; the AEL file, instead of the extensions.conf file. With clearglobalvars +; set, a "reload" will often leave the globals vars cleared, because it +; is not unusual to have extensions.conf (which will have no globals) +; load after the extensions.ael file (where the global vars are stored). +; So, with "reload" in this particular situation, first the AEL file will +; clear and then set all the global vars, then, later, when the extensions.conf +; file is loaded, the global vars are all cleared, and then not set, because +; they are not stored in the extensions.conf file. +; +clearglobalvars=no +; +; User context is where entries from users.conf are registered. The +; default value is 'default' +; +;userscontext=default +; +; You can include other config files, use the #include command +; (without the ';'). Note that this is different from the "include" command +; that includes contexts within other contexts. The #include command works +; in all asterisk configuration files. +;#include "filename.conf" +;#include +;#include filename.conf +; +; You can execute a program or script that produces config files, and they +; will be inserted where you insert the #exec command. The #exec command +; works on all asterisk configuration files. However, you will need to +; activate them within asterisk.conf with the "execincludes" option. They +; are otherwise considered a security risk. +;#exec /opt/bin/build-extra-contexts.sh +;#exec /opt/bin/build-extra-contexts.sh --foo="bar" +;#exec +;#exec "/opt/bin/build-extra-contexts.sh --foo=\"bar\"" +; + +; The "Globals" category contains global variables that can be referenced +; in the dialplan with the GLOBAL dialplan function: +; ${GLOBAL(VARIABLE)} +; ${${GLOBAL(VARIABLE)}} or ${text${GLOBAL(VARIABLE)}} or any hybrid +; Unix/Linux environmental variables can be reached with the ENV dialplan +; function: ${ENV(VARIABLE)} +; +[globals] + +;;; Dialplans + +[default] + +;; get the caller ID as number +exten => s,1, Set(cid=${CALLERID(number)}) +exten => s,n, Verbose(2,Incoming call from ${cid}) +exten => s,n, Answer +exten => s,n, Playback(silence/1) +;; welcome message +;exten => s,n, Playback(n39/welcome) +exten => s,n, Playback(custom/n39/hello) +;; get the PIN +exten => s,n, Read(pin) +;; check PIN and CID +exten => s,n, Set(access=${SHELL( /home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/asterisk/door-phone-auth.sh ${cid} ${pin} /home/{{ gatekeeper_user }}/phone-whitelist.txt )}) +exten => s,n, NoOp(Access result: ${access}) +exten => s,n, GotoIf($[ "${access}" = "OK" ]?granted:failed) +exten => s,n, Hangup() + +;; access granted +exten => s,100(granted), noop() +;exten => s,n, Playback(n39/accessgranted) +exten => s,n, System({{ door_open_command }}) +exten => s,n, Playback(custom/n39/granted) +exten => s,n, Goto(done) + +;; access failed +exten => s,200(failed), noop() +;exten => s,n, Playback(n39/youcannotpass) +exten => s,n, Playback(custom/n39/denied) +exten => s,n, Goto(done) + +;; done +exten => s,300(done), noop() +exten => s,n, Hangup() + + diff --git a/templates/platon/sip.conf.j2 b/templates/platon/sip.conf.j2 new file mode 100644 index 0000000..a01b3c6 --- /dev/null +++ b/templates/platon/sip.conf.j2 @@ -0,0 +1,642 @@ +; SIP Configuration for Asterisk + +[general] +context=default ; Default context for incoming calls +allowguest=yes ; Allow or reject guest calls (default is yes) + ; If your Asterisk is connected to the Internet + ; and you have allowguest=yes + ; you want to check which services you offer everyone + ; out there, by enabling them in the default context (see below). +;match_auth_username=yes ; if available, match user entry using the + ; 'username' field from the authentication line + ; instead of the From: field. +allowoverlap=no ; Disable overlap dialing support. (Default is yes) +;allowoverlap=yes ; Enable RFC3578 overlap dialing support. + ; Can use the Incomplete application to collect the + ; needed digits from an ambiguous dialplan match. +;allowoverlap=dtmf ; Enable overlap dialing support using DTMF delivery + ; methods (inband, RFC2833, SIP INFO) in the early + ; media phase. Uses the Incomplete application to + ; collect the needed digits. +;allowtransfer=no ; Disable all transfers (unless enabled in peers or users) + ; Default is enabled. The Dial() options 't' and 'T' are not + ; related as to whether SIP transfers are allowed or not. +;realm=mydomain.tld ; Realm for digest authentication + ; defaults to "asterisk". If you set a system name in + ; asterisk.conf, it defaults to that system name + ; Realms MUST be globally unique according to RFC 3261 + ; Set this to your host name or domain name +;domainsasrealm=no ; Use domains list as realms + ; You can serve multiple Realms specifying several + ; 'domain=...' directives (see below). + ; In this case Realm will be based on request 'From'/'To' header + ; and should match one of domain names. + ; Otherwise default 'realm=...' will be used. + + +udpbindaddr=0.0.0.0 ; IP address to bind UDP listen socket to (0.0.0.0 binds to all) + ; Optionally add a port number, 192.168.1.1:5062 (default is port 5060) + + + tcpenable=no ; Enable server for incoming TCP connections (default is no) +tcpbindaddr=0.0.0.0 ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces) + ; Optionally add a port number, 192.168.1.1:5062 (default is port 5060) + +;tlsenable=no ; Enable server for incoming TLS (secure) connections (default is no) +;tlsbindaddr=0.0.0.0 ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces) + ; Optionally add a port number, 192.168.1.1:5063 (default is port 5061) + ; Remember that the IP address must match the common name (hostname) in the + ; certificate, so you don't want to bind a TLS socket to multiple IP addresses. + ; For details how to construct a certificate for SIP see + ; http://tools.ietf.org/html/draft-ietf-sip-domain-certs + +;tcpauthtimeout = 30 ; tcpauthtimeout specifies the maximum number + ; of seconds a client has to authenticate. If + ; the client does not authenticate beofre this + ; timeout expires, the client will be + ; disconnected. (default: 30 seconds) + +;tcpauthlimit = 100 ; tcpauthlimit specifies the maximum number of + ; unauthenticated sessions that will be allowed + ; to connect at any given time. (default: 100) + +transport=udp ; Set the default transports. The order determines the primary default transport. + ; If tcpenable=no and the transport set is tcp, we will fallback to UDP. + +srvlookup=yes ; Enable DNS SRV lookups on outbound calls + ; Note: Asterisk only uses the first host + ; in SRV records + ; Disabling DNS SRV lookups disables the + ; ability to place SIP calls based on domain + ; names to some other SIP users on the Internet + ; Specifying a port in a SIP peer definition or + ; when dialing outbound calls will supress SRV + ; lookups for that peer or call. + +;pedantic=yes ; Enable checking of tags in headers, + ; international character conversions in URIs + ; and multiline formatted headers for strict + ; SIP compatibility (defaults to "yes") + +; See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for a description of these parameters. +;tos_sip=cs3 ; Sets TOS for SIP packets. +;tos_audio=ef ; Sets TOS for RTP audio packets. +;tos_video=af41 ; Sets TOS for RTP video packets. +;tos_text=af41 ; Sets TOS for RTP text packets. + +;cos_sip=3 ; Sets 802.1p priority for SIP packets. +;cos_audio=5 ; Sets 802.1p priority for RTP audio packets. +;cos_video=4 ; Sets 802.1p priority for RTP video packets. +;cos_text=3 ; Sets 802.1p priority for RTP text packets. + +;maxexpiry=3600 ; Maximum allowed time of incoming registrations + ; and subscriptions (seconds) +;minexpiry=60 ; Minimum length of registrations/subscriptions (default 60) +;defaultexpiry=120 ; Default length of incoming/outgoing registration +;mwiexpiry=3600 ; Expiry time for outgoing MWI subscriptions +;maxforwards=70 ; Setting for the SIP Max-Forwards: header (loop prevention) + ; Default value is 70 +;qualifyfreq=60 ; Qualification: How often to check for the host to be up in seconds + ; and reported in milliseconds with sip show settings. + ; Set to low value if you use low timeout for NAT of UDP sessions + ; Default: 60 +;qualifygap=100 ; Number of milliseconds between each group of peers being qualified + ; Default: 100 +;qualifypeers=1 ; Number of peers in a group to be qualified at the same time + ; Default: 1 +;notifymimetype=text/plain ; Allow overriding of mime type in MWI NOTIFY +;buggymwi=no ; Cisco SIP firmware doesn't support the MWI RFC + ; fully. Enable this option to not get error messages + ; when sending MWI to phones with this bug. +;mwi_from=asterisk ; When sending MWI NOTIFY requests, use this setting in + ; the From: header as the "name" portion. Also fill the + ; "user" portion of the URI in the From: header with this + ; value if no fromuser is set + ; Default: empty +;vmexten=voicemail ; dialplan extension to reach mailbox sets the + ; Message-Account in the MWI notify message + ; defaults to "asterisk" + +; Codec negotiation +; +; When Asterisk is receiving a call, the codec will initially be set to the +; first codec in the allowed codecs defined for the user receiving the call +; that the caller also indicates that it supports. But, after the caller +; starts sending RTP, Asterisk will switch to using whatever codec the caller +; is sending. +; +; When Asterisk is placing a call, the codec used will be the first codec in +; the allowed codecs that the callee indicates that it supports. Asterisk will +; *not* switch to whatever codec the callee is sending. +; +preferred_codec_only=yes ; Respond to a SIP invite with the single most preferred codec + ; rather than advertising all joint codec capabilities. This + ; limits the other side's codec choice to exactly what we prefer. + +;disallow=all ; First disallow all codecs +allow=alaw +allow=ulaw ; Allow codecs in order of preference +allow=ilbc ; see https://wiki.asterisk.org/wiki/display/AST/RTP+Packetization + ; for framing options +; +; This option specifies a preference for which music on hold class this channel +; should listen to when put on hold if the music class has not been set on the +; channel with Set(CHANNEL(musicclass)=whatever) in the dialplan, and the peer +; channel putting this one on hold did not suggest a music class. +; +; This option may be specified globally, or on a per-user or per-peer basis. +; +;mohinterpret=default +; +; This option specifies which music on hold class to suggest to the peer channel +; when this channel places the peer on hold. It may be specified globally or on +; a per-user or per-peer basis. +; +;mohsuggest=default +; +;parkinglot=plaza ; Sets the default parking lot for call parking + ; This may also be set for individual users/peers + ; Parkinglots are configured in features.conf +;language=en ; Default language setting for all users/peers + ; This may also be set for individual users/peers +;relaxdtmf=yes ; Relax dtmf handling +;trustrpid = no ; If Remote-Party-ID should be trusted +;sendrpid = yes ; If Remote-Party-ID should be sent (defaults to no) +;sendrpid = rpid ; Use the "Remote-Party-ID" header + ; to send the identity of the remote party + ; This is identical to sendrpid=yes +;sendrpid = pai ; Use the "P-Asserted-Identity" header + ; to send the identity of the remote party +;rpid_update = no ; In certain cases, the only method by which a connected line + ; change may be immediately transmitted is with a SIP UPDATE request. + ; If communicating with another Asterisk server, and you wish to be able + ; transmit such UPDATE messages to it, then you must enable this option. + ; Otherwise, we will have to wait until we can send a reinvite to + ; transmit the information. +;prematuremedia=no ; Some ISDN links send empty media frames before + ; the call is in ringing or progress state. The SIP + ; channel will then send 183 indicating early media + ; which will be empty - thus users get no ring signal. + ; Setting this to "yes" will stop any media before we have + ; call progress (meaning the SIP channel will not send 183 Session + ; Progress for early media). Default is "yes". Also make sure that + ; the SIP peer is configured with progressinband=never. + ; + ; In order for "noanswer" applications to work, you need to run + ; the progress() application in the priority before the app. + +;progressinband=never ; If we should generate in-band ringing always + ; use 'never' to never use in-band signalling, even in cases + ; where some buggy devices might not render it + ; Valid values: yes, no, never Default: never +useragent=N39 Door PBX ; Allows you to change the user agent string + ; The default user agent string also contains the Asterisk + ; version. If you don't want to expose this, change the + ; useragent string. +;promiscredir = no ; If yes, allows 302 or REDIR to non-local SIP address + ; Note that promiscredir when redirects are made to the + ; local system will cause loops since Asterisk is incapable + ; of performing a "hairpin" call. +;usereqphone = no ; If yes, ";user=phone" is added to uri that contains + ; a valid phone number +;dtmfmode = rfc2833 ; Set default dtmfmode for sending DTMF. Default: rfc2833 + ; Other options: + ; info : SIP INFO messages (application/dtmf-relay) + ; shortinfo : SIP INFO messages (application/dtmf) + ; inband : Inband audio (requires 64 kbit codec -alaw, ulaw) + ; auto : Use rfc2833 if offered, inband otherwise + +;compactheaders = yes ; send compact sip headers. +; +;videosupport=yes ; Turn on support for SIP video. You need to turn this + ; on in this section to get any video support at all. + ; You can turn it off on a per peer basis if the general + ; video support is enabled, but you can't enable it for + ; one peer only without enabling in the general section. + ; If you set videosupport to "always", then RTP ports will + ; always be set up for video, even on clients that don't + ; support it. This assists callfile-derived calls and + ; certain transferred calls to use always use video when + ; available. [yes|NO|always] + +;maxcallbitrate=384 ; Maximum bitrate for video calls (default 384 kb/s) + ; Videosupport and maxcallbitrate is settable + ; for peers and users as well +;callevents=no ; generate manager events when sip ua + ; performs events (e.g. hold) +;authfailureevents=no ; generate manager "peerstatus" events when peer can't + ; authenticate with Asterisk. Peerstatus will be "rejected". +alwaysauthreject = yes ; When an incoming INVITE or REGISTER is to be rejected, + ; for any reason, always reject with an identical response + ; equivalent to valid username and invalid password/hash + ; instead of letting the requester know whether there was + ; a matching user or peer for their request. This reduces + ; the ability of an attacker to scan for valid SIP usernames. + ; This option is set to "yes" by default. + +;auth_options_requests = yes ; Enabling this option will authenticate OPTIONS requests just like + ; INVITE requests are. By default this option is disabled. + +;g726nonstandard = yes ; If the peer negotiates G726-32 audio, use AAL2 packing + ; order instead of RFC3551 packing order (this is required + ; for Sipura and Grandstream ATAs, among others). This is + ; contrary to the RFC3551 specification, the peer _should_ + ; be negotiating AAL2-G726-32 instead :-( +;dynamic_exclude_static = yes ; Disallow all dynamic hosts from registering + ; as any IP address used for staticly defined + ; hosts. This helps avoid the configuration + ; error of allowing your users to register at + ; the same address as a SIP provider. + +;contactdeny=0.0.0.0/0.0.0.0 ; Use contactpermit and contactdeny to +;contactpermit=172.16.0.0/255.255.0.0 ; restrict at what IPs your users may + ; register their phones. +contactpermit=172.23.48.0/255.255.252.0 + + +;engine=asterisk ; RTP engine to use when communicating with the device + +; +; If regcontext is specified, Asterisk will dynamically create and destroy a +; NoOp priority 1 extension for a given peer who registers or unregisters with +; us and have a "regexten=" configuration item. +; Multiple contexts may be specified by separating them with '&'. The +; actual extension is the 'regexten' parameter of the registering peer or its +; name if 'regexten' is not provided. If more than one context is provided, +; the context must be specified within regexten by appending the desired +; context after '@'. More than one regexten may be supplied if they are +; separated by '&'. Patterns may be used in regexten. +; +;regcontext=sipregistrations +;regextenonqualify=yes ; Default "no" + ; If you have qualify on and the peer becomes unreachable + ; this setting will enforce inactivation of the regexten + ; extension for the peer +;legacy_useroption_parsing=yes ; Default "no" ; If you have this option enabled and there are semicolons + ; in the user field of a sip URI, the field be truncated + ; at the first semicolon seen. This effectively makes + ; semicolon a non-usable character for peer names, extensions, + ; and maybe other, less tested things. This can be useful + ; for improving compatability with devices that like to use + ; user options for whatever reason. The behavior is similar to + ; how SIP URI's were typically handled in 1.6.2, hence the name. + +; The shrinkcallerid function removes '(', ' ', ')', non-trailing '.', and '-' not +; in square brackets. For example, the caller id value 555.5555 becomes 5555555 +; when this option is enabled. Disabling this option results in no modification +; of the caller id value, which is necessary when the caller id represents something +; that must be preserved. This option can only be used in the [general] section. +; By default this option is on. +; +;shrinkcallerid=yes ; on by default + + +;use_q850_reason = no ; Default "no" + ; Set to yes add Reason header and use Reason header if it is available. + +;--------------------------- SIP timers ---------------------------------------------------- +; These timers are used primarily in INVITE transactions. +; The default for Timer T1 is 500 ms or the measured run-trip time between +; Asterisk and the device if you have qualify=yes for the device. +; +;t1min=100 ; Minimum roundtrip time for messages to monitored hosts + ; Defaults to 100 ms +;timert1=500 ; Default T1 timer + ; Defaults to 500 ms or the measured round-trip + ; time to a peer (qualify=yes). +;timerb=32000 ; Call setup timer. If a provisional response is not received + ; in this amount of time, the call will autocongest + ; Defaults to 64*timert1 + +;--------------------------- RTP timers ---------------------------------------------------- +; These timers are currently used for both audio and video streams. The RTP timeouts +; are only applied to the audio channel. +; The settings are settable in the global section as well as per device +; +;rtptimeout=60 ; Terminate call if 60 seconds of no RTP or RTCP activity + ; on the audio channel + ; when we're not on hold. This is to be able to hangup + ; a call in the case of a phone disappearing from the net, + ; like a powerloss or grandma tripping over a cable. +;rtpholdtimeout=300 ; Terminate call if 300 seconds of no RTP or RTCP activity + ; on the audio channel + ; when we're on hold (must be > rtptimeout) +;rtpkeepalive= ; Send keepalives in the RTP stream to keep NAT open + ; (default is off - zero) + +;--------------------------- SIP Session-Timers (RFC 4028)------------------------------------ +; SIP Session-Timers provide an end-to-end keep-alive mechanism for active SIP sessions. +; This mechanism can detect and reclaim SIP channels that do not terminate through normal +; signaling procedures. Session-Timers can be configured globally or at a user/peer level. +; The operation of Session-Timers is driven by the following configuration parameters: +; +; * session-timers - Session-Timers feature operates in the following three modes: +; originate : Request and run session-timers always +; accept : Run session-timers only when requested by other UA +; refuse : Do not run session timers in any case +; The default mode of operation is 'accept'. +; * session-expires - Maximum session refresh interval in seconds. Defaults to 1800 secs. +; * session-minse - Minimum session refresh interval in seconds. Defualts to 90 secs. +; * session-refresher - The session refresher (uac|uas). Defaults to 'uas'. +; +;session-timers=originate +;session-expires=600 +;session-minse=90 +;session-refresher=uas +; +;--------------------------- SIP DEBUGGING --------------------------------------------------- +;sipdebug = yes ; Turn on SIP debugging by default, from + ; the moment the channel loads this configuration +;recordhistory=yes ; Record SIP history by default + ; (see sip history / sip no history) +;dumphistory=yes ; Dump SIP history at end of SIP dialogue + ; SIP history is output to the DEBUG logging channel + + +;--------------------------- STATUS NOTIFICATIONS (SUBSCRIPTIONS) ---------------------------- +; You can subscribe to the status of extensions with a "hint" priority +; (See extensions.conf.sample for examples) +; chan_sip support two major formats for notifications: dialog-info and SIMPLE +; +; You will get more detailed reports (busy etc) if you have a call counter enabled +; for a device. +; +; If you set the busylevel, we will indicate busy when we have a number of calls that +; matches the busylevel treshold. +; +; For queues, you will need this level of detail in status reporting, regardless +; if you use SIP subscriptions. Queues and manager use the same internal interface +; for reading status information. +; +; Note: Subscriptions does not work if you have a realtime dialplan and use the +; realtime switch. +; +;allowsubscribe=no ; Disable support for subscriptions. (Default is yes) +;subscribecontext = default ; Set a specific context for SUBSCRIBE requests + ; Useful to limit subscriptions to local extensions + ; Settable per peer/user also +;notifyringing = no ; Control whether subscriptions already INUSE get sent + ; RINGING when another call is sent (default: yes) +;notifyhold = yes ; Notify subscriptions on HOLD state (default: no) + ; Turning on notifyringing and notifyhold will add a lot + ; more database transactions if you are using realtime. +;notifycid = yes ; Control whether caller ID information is sent along with + ; dialog-info+xml notifications (supported by snom phones). + ; Note that this feature will only work properly when the + ; incoming call is using the same extension and context that + ; is being used as the hint for the called extension. This means + ; that it won't work when using subscribecontext for your sip + ; user or peer (if subscribecontext is different than context). + ; This is also limited to a single caller, meaning that if an + ; extension is ringing because multiple calls are incoming, + ; only one will be used as the source of caller ID. Specify + ; 'ignore-context' to ignore the called context when looking + ; for the caller's channel. The default value is 'no.' Setting + ; notifycid to 'ignore-context' also causes call-pickups attempted + ; via SNOM's NOTIFY mechanism to set the context for the call pickup + ; to PICKUPMARK. +;callcounter = yes ; Enable call counters on devices. This can be set per + ; device too. + +;----------------------------------------- OUTBOUND SIP REGISTRATIONS ------------------------ +; Asterisk can register as a SIP user agent to a SIP proxy (provider) + +register => {{ gatekeeper_sip_registration }}/s +; +; This will pass incoming calls to the 's' extension + +;----------------------------------- MEDIA HANDLING -------------------------------- +; By default, Asterisk tries to re-invite media streams to an optimal path. If there's +; no reason for Asterisk to stay in the media path, the media will be redirected. +; This does not really work well in the case where Asterisk is outside and the +; clients are on the inside of a NAT. In that case, you want to set directmedia=nonat. +; +;directmedia=yes ; Asterisk by default tries to redirect the + ; RTP media stream to go directly from + ; the caller to the callee. Some devices do not + ; support this (especially if one of them is behind a NAT). + ; The default setting is YES. If you have all clients + ; behind a NAT, or for some other reason want Asterisk to + ; stay in the audio path, you may want to turn this off. + + ; This setting also affect direct RTP + ; at call setup (a new feature in 1.4 - setting up the + ; call directly between the endpoints instead of sending + ; a re-INVITE). + + ; Additionally this option does not disable all reINVITE operations. + ; It only controls Asterisk generating reINVITEs for the specific + ; purpose of setting up a direct media path. If a reINVITE is + ; needed to switch a media stream to inactive (when placed on + ; hold) or to T.38, it will still be done, regardless of this + ; setting. Note that direct T.38 is not supported. + +;directmedia=nonat ; An additional option is to allow media path redirection + ; (reinvite) but only when the peer where the media is being + ; sent is known to not be behind a NAT (as the RTP core can + ; determine it based on the apparent IP address the media + ; arrives from). + +;directmedia=update ; Yet a third option... use UPDATE for media path redirection, + ; instead of INVITE. This can be combined with 'nonat', as + ; 'directmedia=update,nonat'. It implies 'yes'. + +;directrtpsetup=yes ; Enable the new experimental direct RTP setup. This sets up + ; the call directly with media peer-2-peer without re-invites. + ; Will not work for video and cases where the callee sends + ; RTP payloads and fmtp headers in the 200 OK that does not match the + ; callers INVITE. This will also fail if directmedia is enabled when + ; the device is actually behind NAT. + +;directmediadeny=0.0.0.0/0 ; Use directmediapermit and directmediadeny to restrict +;directmediapermit=172.16.0.0/16; which peers should be able to pass directmedia to each other + ; (There is no default setting, this is just an example) + ; Use this if some of your phones are on IP addresses that + ; can not reach each other directly. This way you can force + ; RTP to always flow through asterisk in such cases. + +;ignoresdpversion=yes ; By default, Asterisk will honor the session version + ; number in SDP packets and will only modify the SDP + ; session if the version number changes. This option will + ; force asterisk to ignore the SDP session version number + ; and treat all SDP data as new data. This is required + ; for devices that send us non standard SDP packets + ; (observed with Microsoft OCS). By default this option is + ; off. + +;sdpsession=Asterisk PBX ; Allows you to change the SDP session name string, (s=) + ; Like the useragent parameter, the default user agent string + ; also contains the Asterisk version. +;sdpowner=root ; Allows you to change the username field in the SDP owner string, (o=) + ; This field MUST NOT contain spaces +;encryption=no ; Whether to offer SRTP encrypted media (and only SRTP encrypted media) + ; on outgoing calls to a peer. Calls will fail with HANGUPCAUSE=58 if + ; the peer does not support SRTP. Defaults to no. + +;----------------------------------------- REALTIME SUPPORT ------------------------ +; For additional information on ARA, the Asterisk Realtime Architecture, +; please read https://wiki.asterisk.org/wiki/display/AST/Realtime+Database+Configuration +; +;rtcachefriends=yes ; Cache realtime friends by adding them to the internal list + ; just like friends added from the config file only on a + ; as-needed basis? (yes|no) + +;rtsavesysname=yes ; Save systemname in realtime database at registration + ; Default= no + +;rtupdate=yes ; Send registry updates to database using realtime? (yes|no) + ; If set to yes, when a SIP UA registers successfully, the ip address, + ; the origination port, the registration period, and the username of + ; the UA will be set to database via realtime. + ; If not present, defaults to 'yes'. Note: realtime peers will + ; probably not function across reloads in the way that you expect, if + ; you turn this option off. +;rtautoclear=yes ; Auto-Expire friends created on the fly on the same schedule + ; as if it had just registered? (yes|no|) + ; If set to yes, when the registration expires, the friend will + ; vanish from the configuration until requested again. If set + ; to an integer, friends expire within this number of seconds + ; instead of the registration interval. + +;ignoreregexpire=yes ; Enabling this setting has two functions: + ; + ; For non-realtime peers, when their registration expires, the + ; information will _not_ be removed from memory or the Asterisk database + ; if you attempt to place a call to the peer, the existing information + ; will be used in spite of it having expired + ; + ; For realtime peers, when the peer is retrieved from realtime storage, + ; the registration information will be used regardless of whether + ; it has expired or not; if it expires while the realtime peer + ; is still in memory (due to caching or other reasons), the + ; information will not be removed from realtime storage + +;----------------------------------------- SIP DOMAIN SUPPORT ------------------------ +; Incoming INVITE and REFER messages can be matched against a list of 'allowed' +; domains, each of which can direct the call to a specific context if desired. +; By default, all domains are accepted and sent to the default context or the +; context associated with the user/peer placing the call. +; REGISTER to non-local domains will be automatically denied if a domain +; list is configured. +; +; Domains can be specified using: +; domain=[,] +; Examples: +; domain=myasterisk.dom +; domain=customer.com,customer-context +; +; In addition, all the 'default' domains associated with a server should be +; added if incoming request filtering is desired. +; autodomain=yes +; +; To disallow requests for domains not serviced by this server: +; allowexternaldomains=no + +;domain=mydomain.tld,mydomain-incoming + ; Add domain and configure incoming context + ; for external calls to this domain +;domain=1.2.3.4 ; Add IP address as local domain + ; You can have several "domain" settings +;allowexternaldomains=no ; Disable INVITE and REFER to non-local domains + ; Default is yes +;autodomain=yes ; Turn this on to have Asterisk add local host + ; name and local IP to domain list. + +; fromdomain=mydomain.tld ; When making outbound SIP INVITEs to + ; non-peers, use your primary domain "identity" + ; for From: headers instead of just your IP + ; address. This is to be polite and + ; it may be a mandatory requirement for some + ; destinations which do not have a prior + ; account relationship with your server. + +;------------------------------ Advice of Charge CONFIGURATION -------------------------- +; snom_aoc_enabled = yes; ; This options turns on and off support for sending AOC-D and + ; AOC-E to snom endpoints. This option can be used both in the + ; peer and global scope. The default for this option is off. + + +;------------------------------ JITTER BUFFER CONFIGURATION -------------------------- +; jbenable = yes ; Enables the use of a jitterbuffer on the receiving side of a + ; SIP channel. Defaults to "no". An enabled jitterbuffer will + ; be used only if the sending side can create and the receiving + ; side can not accept jitter. The SIP channel can accept jitter, + ; thus a jitterbuffer on the receive SIP side will be used only + ; if it is forced and enabled. + +; jbforce = no ; Forces the use of a jitterbuffer on the receive side of a SIP + ; channel. Defaults to "no". + +; jbmaxsize = 200 ; Max length of the jitterbuffer in milliseconds. + +; jbresyncthreshold = 1000 ; Jump in the frame timestamps over which the jitterbuffer is + ; resynchronized. Useful to improve the quality of the voice, with + ; big jumps in/broken timestamps, usually sent from exotic devices + ; and programs. Defaults to 1000. + +; jbimpl = fixed ; Jitterbuffer implementation, used on the receiving side of a SIP + ; channel. Two implementations are currently available - "fixed" + ; (with size always equals to jbmaxsize) and "adaptive" (with + ; variable size, actually the new jb of IAX2). Defaults to fixed. + +; jbtargetextra = 40 ; This option only affects the jb when 'jbimpl = adaptive' is set. + ; The option represents the number of milliseconds by which the new jitter buffer + ; will pad its size. the default is 40, so without modification, the new + ; jitter buffer will set its size to the jitter value plus 40 milliseconds. + ; increasing this value may help if your network normally has low jitter, + ; but occasionally has spikes. + +; jblog = no ; Enables jitterbuffer frame logging. Defaults to "no". + +;----------------------------- SIP_CAUSE reporting --------------------------------- +; storesipcause = no ; This option causes chan_sip to set the + ; HASH(SIP_CAUSE,) channel variable + ; to the value of the last sip response. + ; WARNING: enabling this option carries a + ; significant performance burden. It should only + ; be used in low call volume situations. This + ; option defaults to "no". + +;----------------------------------------------------------------------------------- + +[authentication] +; Global credentials for outbound calls, i.e. when a proxy challenges your +; Asterisk server for authentication. These credentials override +; any credentials in peer/register definition if realm is matched. +; +; This way, Asterisk can authenticate for outbound calls to other +; realms. We match realm on the proxy challenge and pick an set of +; credentials from this list +; Syntax: +; auth = :@ +; auth = #@ +; Example: +;auth=mark:topsecret@digium.com +; +; You may also add auth= statements to [peer] definitions +; Peer auth= override all other authentication settings if we match on realm + + +[basic-options](!) ; a template + dtmfmode=rfc2833 + context=from-office + type=friend + +[natted-phone](!,basic-options) ; another template inheriting basic-options + directmedia=no + host=dynamic + +[public-phone](!,basic-options) ; another template inheriting basic-options + directmedia=yes + +[my-codecs](!) ; a template for my preferred codecs + disallow=all + allow=ilbc + allow=g729 + allow=gsm + allow=g723 + allow=ulaw + +[ulaw-phone](!) ; and another one for ulaw-only + disallow=all + allow=ulaw