AllStar newbie question. I have AllStarLink running on a PI and have a Polycom SIP phone registered in Asterisk. My Allstar node is configured. What do I need to do in order to use the phone to connect to other nodes? Or even my node? Thanks
Here’s is how I do it. These are code snips, not complete files. Although I think sip.conf would work as is, extensions.conf not so much. All of this is normal Asterisk PBX. As you already have your Pollycom working all you need is to add the one magic line to the correct context in extensions.conf
Do not forward the sip port to your node unless you like getting hacked.
This is where you sip phone logs in:
sip.conf
;
; SIP Configuration example for Asterisk
;
[general]
context=default ; Default context for incoming calls
allowoverlap=no ; Disable overlap dialing support. (Default is yes)
bindport=5060 ; UDP Port to bind to (SIP standard port is 5060)
bindaddr=0.0.0.0 ; IP address to bind to (0.0.0.0 binds to all)
[210]
type=friend
host=dynamic
username=210
secret=<your passwd>
dtmfmode=rfc2833
context=sip-phones
callerid="Tim Line 1" <210>
add something like this to extensions.conf
[sip-phones]
; Extension 210 - Tim's line 1
exten => 210,1,Dial(SIP/210,60,rT)
; Allow SIP calls to local node - this is the magic part.
exten => 2522,1,rpt(2522|P)
I dial 2522 and go off hook… bingo! connected to node. Now I can dial up any other node or function your node just like you do from your radio.
fyi, search sip phones on this site. There’s tons of discussion.
edit: *99 makes ptt and # unkeys.
Any thoughts on why this wouldn’t work with an SPA525G attempting to connect to a vanilla ASL RPi image?
Could you say more.
Have you been able to make it work from a softphone or other voip sip phone ?
If not, you may need to edit modules.conf and enable sip.so
It is not enabled by default with both security and memory use in mind.
Then you must be sure that port 5060 (default) passes through your router and iptables firewall.
Please read up on security for sip in asterisk.
The default fail2ban protection (if installed) does not cover all needed to protect your system.
Mike thanks, you pointed out the problem.
My ASL node is in my LAN, using the Raspberry-Pi image. I’d edited extensions.conf and sip.conf using the examples here but I hadn’t realised that modules.conf needed editing to enable the loading of sip.so
Config changed, module reload didn’t enable the connection but a reboot of the pi did. Now the fun begins. Thanks again.
Glad to help.
Put these 2 lines at the top, above your first extension stanza in the general section of sip.conf
alwaysauthreject=yes
allowguest=no
This will limit some hacking. The ‘alwaysauthreject’ will make failed attempts look the same as no extension to the hacker, keeping them from IDing extensions to brute force attack later.
Use a password on all extensions.
Use this lines
deny=0.0.0.0/0.0.0.0
permit=192.168.1.112/255.255.255.255 to allow only the static ip of the phone
permit=192.168.1.0/255.255.255.0 would allow your network but exact ip is advised.
Every once in a while, using putty etc, run asterisk in the foreground (asterisk -rvvv) and watch the verbose output for bad activity. Most often they will be looking for valid extensions…
I’m hoping to write a better how2 for this stuff and add lots of security xtras.
Make sure you have installed fail2ban. See it from the security menu in ‘asl-menu’
Our default fail2ban set-up needs some updating for asterisk but better than nothing.
1 Like
What I missed was this:
I should have changed 2522 to my node number, and having done that, it works.
1 Like
That is something only you would have known… LOL
But now that I think about it, that is a very old public node number.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.