Asterisk is an open source Private Exchange (PBX) server that uses Session Initiation Protocol (SIP) to route and manage phone calls. Notable features include customer service queues, standby music, conference calls, and phone recording.
This guide describes the steps required to configure a new CentOS 7 Linode as a dedicated Asterisk server for a home or office.
Note This guide is written for non-root users. Commands that require elevated privileges are prefixed with
sudo. If you are not familiar with thesudocommand, you can check our "[Users and Groups"] (https://www.linode.com/docs/tools-reference/linux-users-and-groups/) guide.
/etc/selinux/config to ensure that SELinux is disabled:sudo yum update
5. Restart your Linode:
reboot
iptables will be used to protect Linode from unnecessary traffic. Linode should not configure any firewall rules.
sudo iptables -L
It should show an empty rule table:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Create with your preferred text editor/etc/iptables.firewall.rules, this file will be used to activate the firewall with the required rules every time Linode starts.
/etc/iptables.firewall.rules 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950*filter # Allow all loopback(lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 -j REJECT # Accept all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow all outbound traffic - you can modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allow SSH connections # # The -dport number should be the same port number you set in sshd_config, ie 8050 # -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # SIP on UDP port 5060, 5061 for secure signaling. Used for signals such as "hang up" -A INPUT -p udp -m udp --dport 5060 -j ACCEPT -A INPUT -p udp -m udp --dport 5061 -j ACCEPT # IAX2- the IAX protocol - comment out if you don't plan to use IAX # -A INPUT -p udp -m udp --dport 4569-j ACCEPT # IAX - old IAX protocol, uncomment if needed for legacy systems. # -A INPUT -p udp -m udp --dport 5036-j ACCEPT # RTP - the media stream - you can change thisin/etc/asterisk/rtp.conf -A INPUT -p udp -m udp --dport 10000:20000-j ACCEPT # MGCP -if you use media gateway control protocol in your configuration -A INPUT -p udp -m udp --dport 2727-j ACCEPT # Uncomment these lines if you plan to use FreePBX to manage Asterisk # -A INPUT -p tcp --dport 80-j ACCEPT # -A INPUT -p tcp --dport 443-j ACCEPT # Allow ping -A INPUT -p icmp --icmp-type echo-request -j ACCEPT # Log iptables denied calls -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: "--log-level 7 # Drop all other inbound -default deny unless explicitly allowed policy -A INPUT -j DROP -A FORWARD -j DROP COMMITNoteLeave IAX commented out unless you know you need it. IAX is “Inter-Asterisk Exchange” and was meant to allow multiple Asterisk servers to communicate with one another. Some VOIP trunking providers use this, but most use SIP. Unless your VOIP provider requires it or you are running multiple Asterisk servers, you probably won’t need IAX or IAX2.
CentOS 7 does not have iptables-services pre-installed, it must be installed so that the firewall can be loaded at startup.
iptables-services, then enable and start it:sudo yum install -y iptables-services sudo systemctl enable iptables sudo systemctl start iptables
2. Load firewall rules:
sudo iptables-restore < /etc/iptables.firewall.rules
3. Recheck Linode's firewall rules:
sudo iptables -L
Your output should now look like this:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:8050 ACCEPT udp -- anywhere anywhere udp dpt:sip ACCEPT udp -- anywhere anywhere udp dpt:iax ACCEPT udp -- anywhere anywhere udp dpts:ndmp:dnp ACCEPT udp -- anywhere anywhere udp dpt:mgcp-callagent ACCEPT icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: " DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere
4. Save this rule set:
/usr/libexec/iptables/iptables.init save
5. In the new terminal, make sure you can log in:
Before installing Asterisk, many dependencies will be installed. To install them, run:
sudo yum install -y epel-release dmidecode gcc-c++ ncurses-devel libxml2-devel make wget openssl-devel newt-devel kernel-devel sqlite-devel libuuid-devel gtk2-devel jansson-devel binutils-devel
PJPROJECT is the SIP channel driver for Asterisk. It should provide better call clarity and performance than the old driver.
mkdir ~/build
2. Switch to this directory:
cd ~/build
3. Use wget to get the PJSIP fdriver source code:
wget http://www.pjsip.org/release/2.3/pjproject-2.3.tar.bz2
4. To decompress:
tar -jxvf pjproject-2.3.tar.bz2
5. Switch to the newly created directory:
cd pjproject-2.3
6. Prepare the software to be compiled:
. /configure CFLAGS="-DNDEBUG -DPJ_HAS_IPV6=1" --prefix=/usr --libdir=/usr/lib64 --enable-shared --disable-video --disable-sound --disable-opencore-amr
You should not see any error messages.
7. Make sure all dependencies are in place:
make dep make
8. installation:
sudo make install sudo ldconfig
9. Make sure the library is installed correctly:
sudo ldconfig -p | grep pj
You should get the following output:
libpjsua2.so.2 (libc6,x86-64) => /lib64/libpjsua2.so.2 libpjsua2.so (libc6,x86-64) => /lib64/libpjsua2.so libpjsua.so.2 (libc6,x86-64) => /lib64/libpjsua.so.2 libpjsua.so (libc6,x86-64) => /lib64/libpjsua.so libpjsip.so.2 (libc6,x86-64) => /lib64/libpjsip.so.2 libpjsip.so (libc6,x86-64) => /lib64/libpjsip.so libpjsip-ua.so.2 (libc6,x86-64) => /lib64/libpjsip-ua.so.2 libpjsip-ua.so (libc6,x86-64) => /lib64/libpjsip-ua.so libpjsip-simple.so.2 (libc6,x86-64) => /lib64/libpjsip-simple.so.2 libpjsip-simple.so (libc6,x86-64) => /lib64/libpjsip-simple.so libpjnath.so.2 (libc6,x86-64) => /lib64/libpjnath.so.2 libpjnath.so (libc6,x86-64) => /lib64/libpjnath.so libpjmedia.so.2 (libc6,x86-64) => /lib64/libpjmedia.so.2 libpjmedia.so (libc6,x86-64) => /lib64/libpjmedia.so libpjmedia-videodev.so.2 (libc6,x86-64) => /lib64/libpjmedia-videodev.so.2 libpjmedia-videodev.so (libc6,x86-64) => /lib64/libpjmedia-videodev.so libpjmedia-codec.so.2 (libc6,x86-64) => /lib64/libpjmedia-codec.so.2 libpjmedia-codec.so (libc6,x86-64) => /lib64/libpjmedia-codec.so libpjmedia-audiodev.so.2 (libc6,x86-64) => /lib64/libpjmedia-audiodev.so.2 libpjmedia-audiodev.so (libc6,x86-64) => /lib64/libpjmedia-audiodev.so libpjlib-util.so.2 (libc6,x86-64) => /lib64/libpjlib-util.so.2 libpjlib-util.so (libc6,x86-64) => /lib64/libpjlib-util.so libpj.so.2 (libc6,x86-64) => /lib64/libpj.so.2 libpj.so (libc6,x86-64) => /lib64/libpj.so
DAHDI or Digium / Asterisk hardware device interface is the kernel module that controls the telephone interface card. This type of card is usually used when adding Asterisk to an existing call center using old technology. Since it is not possible to add a physical card to a virtual machine, you may not need to install the DAHDI driver.
There is one exception: if you plan to host a conference call on your star box, multiple people can join the meeting room, and DAHDI also provides the time source for this feature.
Since DAHDI is a kernel module, it needs a kernel header to compile. The kernel provided by Linode is different from the header file version provided in the CentOS repository, so we need to switch to the kernel provided by the distribution.
After following this instruction [Run a kernel provided by a distribution on Linode of XEN] (https://www.linode.com/docs/tools-reference/custom-kernels-distros/run-a-distributionsupplied-kernel-with-pvgrub/) or [Run a kernel provided by a distribution of Linode on KVM] (https://www.linode.com/docs/tools-reference/custom-kernels-distros/run-a-distribution-supplied-kernel-with-kvm/) and the next steps, and then continue.
Warning You should not try to replace the kernel on a system that is currently in production.
With the new kernel, you can now build DAHDI.
cd ~/build
2. Download the latest version of DAHDI (version 2.10.2 at the time of writing):
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
3. unzip files:
tar -zxvf dahdi-linux-complete-current.tar.gz
4. Switch to the new directory:
cd dahdi-linux-complete-2.10.2+2.10.2/
Note Your version may be different, so please replace 2.10.2 with the extracted version.
5. Create DAHDI:
make
6. Install DAHDI:
sudo make install sudo make config
We are now ready to install Asterisk 13, which is the current long-term support version of Asterisk.
cd ~/build
2. Download the latest version of Asterisk 13:
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
3. unzip files:
tar -zxvf asterisk-13-current.tar.gz
4. Switch to the new Asterisk directory and replace 13.5.0 if necessary:
cd asterisk-13.5.0
To use MP3 files for standby music, some dependencies need to be installed.
sudo yum install svn
2. run:
contrib/scripts/get_mp3_source.sh
configure script to prepare the Asterisk source code for compilation:. /configure --libdir=/usr/lib64 If there are any missing dependencies, install them.
2. Start the build process:
make menuselect
After a moment, you should see a menu on the screen that allows you to configure the function you want to build.
3. If you want to use the MP3 format with standby music, you should select Add-Ons, and then use the right arrow to move to the right list. Navigate to format_mp3 and press Enter to select it.
4. Select other sound packs and music reservation packs in the left menu, and enable the wav format of the desired language. (That is, use the EN English package.)
5. Press F12 to save and exit.
6. Compile asterisk:
make
7. Install Asterisk on the system:
sudo make install
8. Install the sample configuration file:
sudo make samples
9. Configure Asterisk to start automatically at startup:
sudo make config
Congratulations! You now have a working Asterisk mobile server. Let's start Asterisk and make sure it runs.
sudo service asterisk start
2. Connect to Asterisk:
asterisk -rvv
You should be notified of the current version number.
3. To see a list of possible commands:
core show help
4. Disconnect type:
exit
After disconnection, Asterisk continues to run in the background.
Now that the Asterisk server is running on your Linode, you can now connect some phones, add extensions, and configure various options provided by Asterisk. For detailed instructions, please check the [Configuration Asterisk] (https://wiki.asterisk.org/wiki/display/AST/Basic+PBX+Functionality) guide of the Asterisk project.
Warning It is always a good habit to use SRTP to protect signaling data and the audio part of calls made with SRTP to prevent eavesdropping when running a telephone system on a remote server such as Linode. After completing the dial plan, be sure to follow the [Safe Call Guide] (https://wiki.asterisk.org/wiki/display/AST/Secure+Calling) to encrypt communications.
Recommended Posts