Asterisk的SIP type和身份认证

Asterisk目录及配置文件/etc/asterisk/Asterisk主目录,包含其它关于Asterisk的配置文件;*zaptel.conf这个配置文件放在/etc,因为其它软件也可以使用Zaptel这个硬件及其驱动,所以不是放在/etc/asterisk里./usr/lib/asterisk/modules/这个目录包含所有可以加载Asterisk模块(应用程序\编辑器\格式和有用通道),在Asterisk启运时会加载这些模块(可以编辑modules.conf)./var/lib/asterisk/比较重要的是astdb文件与agi-bin目录;astdb包含Asterisk当地数据库信息.sounds/所有声音提示的文件在里面,包括Asterisk原代码中的sounds.txt文件mohmp3/如果配置了音乐保持,应用程序会在这个目录下查找mp3(用CBR从文件中去除身份标签).keys/使用公钥和私钥系统认证与一个由RSA数字签名形成的一对等连接.公钥和私钥的扩展名分别为.pub和.keyfirmware/这个目录含了很多Asterisk相兼容的设备固件,它只有iax/这个子目录,其中有Digium的IAXy的二进制固件镜像.images/只有在较多的支持并且利用图解式的图像设备被发布,这个目录将会与相应的目录有更大的关联./var/lib/asterisk/agi-bin agi-bin包含所有脚本,可以通过许多已经建立的AGI应用程序与Asterisk连接./var/spool/asteriskoutgoing/gcall/tmp/voicemail/================配置文件================/etc/asterisk/asterisk.conf主要配置文件，/etc/zaptel.conf硬件接口的基本层.修改这个配置文件要用modprobe装载Linux Kernel使用模块./etc/asterisk/zapata.conf为硬件配置Asterisk的接口./etc/asterisk/extensions.conf拨号方案./etc/asterisk/sip.conf SIP协议配置文件/etc/asterisk/iax.conf呼入和呼出IAX通道/etc/asterisk/extensions.conf拨号方案配置文件/etc/asterisk/moduprobe.conf加载模块配置文件Asterisk developer\'s documentation 翻译计划by serva今天，Asterisk已经成为一个VOIP业界使用最广泛的一个集成电信级别P BX的工具，IPPBX如今已经成为VOIP商家争夺的一块重要市场，在我们越来越熟悉使用Asterisk的同时，我们希望能够越来越深入的了解asterisk，特别是对于开发人员，如果有自己特定的需求，在复杂的asterisk文件夹和asteri sk的源代码文件中迷失了方向，不知所措。

asterisk使⽤SIP相互对接当⽤户数量上去,单凭⼀台asterisk是很能⽀持庞⼤的⽤户群体,所以要根据⽤户量来部署多台asterisk来应付实际情况的需求.但部署多台asterisk所带来的⼀个问题就是A服务器的⽤户如果Call B服务器的⽤户呢?其实asterisk的设计者早已帮我们解决问题,以下是通过SIP把两台asterisk对接起来(不过官⽅推荐asterisk的对接⽤AIX).分别在192.168.1.21 和192.168.1.22两台服务器上装上asterisk,然后配置各⾃的⽤户，TRUNK和转发规则。

配置192.168.1.21打开/etc/asterisk/sip.conf在[general]组下添加注册到22的命令register=>AST22:123456@192.168.1.22然后在⽂件尾添加相关组信息[AST21]type=friendsecret=123456host=dynamicusername=AST21disallow=allallow=ulaw;alawcontext=FROMSIP[22TRUNK]type=friendusername=AST22secret=123456host=192.168.1.22dtmfmode=rfc2833context=FROMSIPfromuser=AST22insecure=very打开/etc/asterisk/extensions.conf 添加下⾯内容[FROMSIP]Exten => _90.,1,dila(sip/91${exten:2}@22TRUNK,40,m(default))拔打90开头的号码，把91代替90后转发192.168.1.22,拔打等待40秒，等待的时候播放default这个采铃。

Exten => _91.,1,dial(sip/${exten:2},40,m(default))当接收到91开头的号码，把91后⾯的号码进⾏内部呼叫。

asterisk常用调试监测命令asterisk是开源的VOIP系统。

是目前最流行的VOIP开源软件。

在使用过程中可以使用下述的命令，对系统进行监控调试。

下文来自网络，非本人原创1. 运行调试常用命令./asterisk & 在后台启动asterisk./asterisk –vvvc 启动asterisk并尽量多的在控制台显示调试信息./asterisk –r 连接asterisk控制台set verbose 9999 设置打印详细信息2.asterisk控制台下常用命令sip reload 重新加载sip配置信息sip set debug on 设置显示更多的sip信息sip set debug off关闭显示更多的sip信息sip show channels 显示所有活动的SIP通道sip show peers 显示所有已定义的SIP peerdialplan show 显示拨号方案dialplan reload重新加载拨打方案stop gracefully 优雅地停止asteriskstop now 立即停止运行asteriskmodule show 显示所有已加载模块module load cdr_radius.so 加载模块cdr_radius.somodule reload cdr_radius.so 重新加载模块cdr_radius.somodule unload cdr_radius.so 卸载模块cdr_radius.socore show applications 显示所有的应用，比如Dial, Radius, Hangup, Answer等core show channels 显示所有的通话频道core show codecs 显示所有支持的编解码器core show functions 显示所有的功能函数ps -aux ：显示进程命令。

asterisk -rvc 进入到asterisk。

Asterisk with Twilio Elastic SIP Trunking Configuration Guide This guide shows one way of configuring Asterisk to work with Twilio’s Elastic SIP Trunking product.Asterisk is a hugely flexible piece of software and it is quite possible to depart,significantly,from the instructions provided here and still bring up a fully working trunk. I’ve tried to highlight the essential concepts that you will need to follow.If you have any feedback on this or any of our other configuration guides,please do email us at s***********************************Contents:Installing AsteriskSetting up your Twilio Elastic SIP TrunkTermination URIACLCredentialsOrigination URIPhone NumbersConfiguring your Asterisksip.confpjsip.confextensions.confUsing Secure TrunkingTwilio account portalchan_sipPJSIP Channel DriverInstalling AsteriskThe first thing to do is to set up a server and install Asterisk.I installed Asterisk on an Amazon EC2instance running Redhat.Wherever you build your Asterisk,remember to configure firewall or security settings so that you can receive SIP and RTP from Twilioand any other SIP devices(like phones)you will be using.Please see https:///docs/api/sip-trunking/getting-started#whitelist for all the IP addresses you will need to whitelist.NB:If you know that you want to use TLS and SRTP on this trunk,please read Using Secure Trunking, below.There’s a pretty good guide for how to install Asterisk at /sample-device-configurations/41-asterisk/179-asterisk-13-on-ce ntos.We found that we had to install two extra packages before we could install asterisk: ncurses-devel and libuuid-devel.Setting up your Twilio Elastic SIP TrunkWe have a pretty comprehensive guide on how to configure an Elastic SIP Trunk through your Twilio account portal at https:///docs/sip-trunking/getting-started. I will highlight 5 aspects here.Termination URIThis is where you configure a unique URI that identifies your trunk.You will need to remember this when configuring your Asterisk because we need it to reference this URI in its SIP requests.The termination URI I’ve chosen here is .It’s too long to fit neatly into the text box in the screenshot.ACLYou can add an ACL that contains the public IP address of your Asterisk.This tells Twilio to ignore SIP from anywhere except for your PBX,reducing the chance of anyone making fraudulent calls on your trunk.You will need to add either an ACL or SIP credentials to your trunk.CredentialsYou can add credentials to your trunk.If you do,we will expect any server that sends SIP requests to Twilio on this trunk to authenticate using these credentials.Again,this is a way of reducing the chance of someone making fraudulent calls on your trunk.If you do not add credentials to your trunk, you will need to add an ACL.Origination URIThe easiest way to configure the Origination URI is using“sip:”followed by the public IP address of your Asterisk.In my case,that would be“sip:52.23.233.7”.Although I have used an IP address here, you can also use an FQDN.Phone NumbersIf you want to receive calls from the PSTN,across your new trunk,you will need to add a phone number to it.If someone calls this number,Twilio will contact your PBX using the Origination URI, above.Configuring your AsteriskIn this section we’re going to walk through a minimal configuration to use your Asterisk system for inbound and outbound calls over a Twilio SIP Trunk.sip.confIf you are using the default SIP driver,chan_sip,you will need to edit sip.conf.First,set up some global parameters.Because I was building on an AWS EC2instance,my asterisk server was behind NAT so I needed to account for this:[general]udpenable=yestcpenable=yespreferred_codec_only=yesdisallow=allallow=ulaw ;Twilio does G.711 onlysipdebug=yeslocalnet=172.31.0.0/16;My EC2instance had a private IP in this rangeexternaddr=52.23.233.7 ;The public IP of my EC2 instance Then, we need to build a trunk to Twilio.[twilio-trunk](!)type=peercontext=from-twilio ;Which dialplan to use for incoming calls dtmfmode=rfc4733canreinivite=noinsecure=port,invite[twilio0](twilio-trunk)host= ;Our Termination URI remotesecret=nottelling;password,if you are using credentialsdefaultuser=myuser;username,if you are using credentials[twilio1](twilio-trunk)host=54.172.60.2[twilio2](twilio-trunk)host=54.172.60.0[twilio3](twilio-trunk)host=54.172.60.1[twilio4](twilio-trunk)host=54.172.60.3In the US,Twilio has4different IP addresses that it uses for SIP signaling.We need the Asterisk server to recognize a SIP INVITE coming from any of these addresses as coming over this trunk.That means we need to build a trunk for each address.We then need to build another trunk for outgoing calls to Twilio,one that uses the Termination URI we configured earlier.When you are building multiple objects with similar configuration objects on Asterisk,using templates makes life easier.A template is denoted by putting a(!)at the end of the object name.We then use that template by putting its name in () at the end of a new object’s name.If you want to use non-US numbers on your trunk,you will need to authorize other Twilio Regional IP addresses.The full list can be found at https:///docs/api/sip-trunking/getting-started#whitelistThen, build objects for the SIP phones you will register with the Asterisk.[office-phone](!)type=friendcontext=from-phoneshost=dynamicsecret=Asterisk15dtmfmode=autodisallow=allallow=ulaw[1001](office-phone)pjsip.confIf you have installed,and are using pjsip,instead of chan_sip,you will need to edit pjsip.conf.First,we need to build a transport.Again,I had to account for the fact that my EC2 instance is behind NAT.[transport-udp-nat]type=transportprotocol=udpbind=0.0.0.0local_net=172.31.0.0/16external_media_address=52.23.233.7external_signaling_address=52.23.233.7Then, we set up our trunk. Again, I will use templates to make life easier.[twilio-trunks](!)type=endpointtransport=transport-udp-natcontext=from-twiliodisallow=allallow=ulaw[auth-out](!)type=authauth_type=userpass[twilio0](twilio-trunks)aors=twilio0-aorsoutbound_auth=twilio0-auth;if we are using credentials[twilio0-aors]type=aorcontact=sip::5060[twilio0-ident]type=identifyendpoint=twilio0match=54.172.60.0match=54.172.60.1match=54.172.60.2match=54.172.60.3[twilio0-auth](auth-out)password=nottelling;password on our credentialsusername=myuser;username on our credentialsAnd then we build objects for our SIP phones.[endpoint-basic](!)type=endpointtransport=transport-udp-natcontext=from-phonesdisallow=allallow=ulaw[auth-userpass](!)type=authauth_type=userpass[aor-single-reg](!)type=aormax_contacts=1[1001](endpoint-basic)auth=auth1001aors=1001[auth1001](auth-userpass)password=ImNotTellingYouusername=1001[1001](aor-single-reg)extensions.confThis is where we tell the Asterisk how to handle incoming calls.The examples here are for very, very basic North American dialing.We’ll start with calls coming in from the Twilio SIP trunk.We’re just going to send all incoming calls to the one SIP phone registered as1001.This is enough for testing but you will want to end up with something more complicated that this,probably.This example assumes you are using chan_sip.I f you are using PJSIP,replace the“SIP”with “PJSIP”[from-twilio]exten => _+1NXXXXXXXXX,1,Dial(SIP/1001)Then,for calls from our SIP phones,we’ll just worry about ones that are to go out over the trunk. If you are using chan_sip:[from-phones]exten => _NXXNXXXXXX,1,Set(CALLERID(all)="David" <7845551234>) same => n,Dial(SIP/twilio0/+1${EXTEN})If you are using pjsip, the second line should be:same => n,Dial(PJSIP/+1${EXTEN}@twilio0)Using Secure TrunkingTwilio account portalIn the General Settings section for your trunk, you will need to enable secure trunking.chan_sipBefore you can use secure trunking with chan_sip,you need to install srtp.Before you can install srtp, you need to install words!$cd /usr/src$sudo yum install -y wordsThe SRTP module uses words for self testing$wgethttps:///project/srtp/srtp/1.4.4/srtp-1.4.4.tgz$tar zxvf srtp-1.4.4.tgz$cd /usr/src/srtp$./configure CFLAGS=-fPIC --prefix=/usr/local/lib$makehere, you’re going to have to fix up one of the install scripts.cd testvi rtpw_test.shchange line 7 from “R TPW=rtpw” to “R TPW=./rtpw”save and exit (<esc>followed by :wq)cd ..$make runtest$make installNow,when you configure Asterisk,replace the“./configure”command with “./configure--with-srtp=/usr/local/lib”This tells asterisk to include the SRTP module and where to find the linkable libraries(note that we told the SRTP module to use /usr/local/lib when configuring it, above).Then,you can follow the instructions in https:///wiki/display/AST/Secure+Calling+Tutorial to enable TLS and SRTP on your asterisk.Using TLS with Twilio requires a couple more settings,too.On the transport object for TLS, you should settlsdontverifyserver=yesOn the peer object for the SIP trunk, you should setencryption=yesmedia_encryption=sdesPJSIP Channel DriverAsterisk ships by default with c han_sip driver and works well with Twilio.However,if you have some reason to run p jsip driver with Asterisk, please note the following:●Asterisk13.8cert2defaults to P JSIP 2.5and it does not work with Twilio forTLS/SRTP purposes. Non-encrypted calls do work.●Asterisk13.8cert2can also use the latest P JSIP driver,which at this time is2.5.5.Twilio works well with it despite the following message appearing in yourlog:Sep 27 13:03:56] ERROR[10886]: pjproject:0 <?>:tlsc0x7f217c03RFC5922(section7.2)does not allow TLS wildcard certificates. Advise your SIP provider, please!The following link is a guide to installing a non-bundled version of P JSIP.Change the version to 2.5.5 in the steps.Installing PJSIP channel driver。

前面是我写给我喜欢的女孩的东北二人转荷子香染衣, 不拘世人前月淡树影寒, 车远客行单雨洒千楼小, 风入九窍曲未闲终成句, 疏散始期许正文开始：布：exten => _1NXXNXXXXXX,1,Dial,H323/${EXTEN}@ip.or.hostnameszmzsm：我装的是TRIXBOX 1。

1就是后面多了个IP？布：你先编译usr/src/asterisk/channels/h323(路径根据你的来)然后拷贝h323.conf.sample到/etc/asterisk配置帐号.然后配置规则.szmzsm：请问SIP gateway怎样连接到ASTERISK上，我用下面的设置在asterisk里的sip show peers 里看到2002 为unspecified.请问怎样解决？我的SIP。

CONF的设置是[2002]type=friendusername=2002secret=2002host=dynamiccontext=outgoingextensions.conf里的设置是[outgoing]exten => _2002,1,Dial(SIP/ ${EXTEN}@192.168.1.46,20,rt)gateway的ip 为192.168.1.46请问哪里有问题呢？布：你这是自己给自己打?需要开两个帐号帐号1 打帐号2szmzsm：我的sip.conf[2001]type=friendusername=2001host=dynamiccontext=outgoing[2002]type=friendusername=2002secret=2002host=dynamiccontext=outgoing[2004]type=friendusername=2004secret=2004host=dynamiccontext=outgoing其中2001，2002为软电话，2004为sip gateway我的extensions.conf[outgoing]exten => _2001,1,Dial(SIP/ ${EXTEN},20,rt)exten => _2002,1,Dial(SIP/ ${EXTEN},20,rt)exten => _1NXXNXXXXXX,1,Dial,SIP/ ${EXTEN}@192.168.1.46 布：你想用SIP 打到H323上?szmzsm不是，是SIP软电话打到sip gateway上请问extensions.conf中最后的改为[outgoing]exten => _2004,1,Dial,SIP/ ${EXTEN}@192.168.1.46szmzsm(624047449) 13:29:55但是现在好象连sip gateway用2004注册到asterisk都不行布：[outgoing]sip.conf[general]port = 5063bindaddr = 0.0.0.0context = default在extensions.conf[2002]type=friendusername=2002secret=2002host=192.168.xx.xx(根据你的情况而定)port=5065szmzsm：我的general是用他默认的，是[general]port = 5060bindaddr = 0.0.0.0disallow=allallow=ulawallow=alawcontext = from-sip-externalcallerid = Unknowntos=0x68是不是把其他的注释掉啊只用port disallow context还有bindaddrport是用5063吗？？布：enszmzsm我现在的2002是软电话2004是gateway布你网关能注册到asterisk上不?szmzsm现在不行就是SIP.CONF里怎么加才能注册上布:type=peerport = 5060host=XXX.XXX.XXX.XXXbindaddr=XXX.XXX.XXX.XXX ; Local interface insecure=veryqualify=nocanreinvite=nodisallow=allallow=alawallow=ulawregister=>:@XXX.XXX.XXX.XXX ; Local interface在outgoing中exten => _2XXX,1,Dial(SIP/${EXTEN}@2004,60)试试.szmzsm请问bindaddr=XXX.XXX.XXX.XXX 用的是哪个IP是gateway 的吗？布对szmzsm现在可以call sip gateway了但是他不能call回来我把上面的peer改成friend也是一样，还是只能接，不能打出去布：把sip gateway的context设置成outgoing1[ougoing1]exten => _2XXX,1,Dial(SIP/${EXTEN}@2002,60)。

配置AsteriskSiSky企业版为Asterisk提供多达16路的Skype通道！方法1：配置Asterisk(例如：Asterisk不带有freePBX) --> 请点击这儿。

方法2：配置 Asterisk(例如： Asterisk+freePBX 或 Trixbox )。

下列以16个通道为例，您可以创建从501到516这16个SIP帐号作为SiSky的SIP 端口。

1. 将下面的内容添加到extensions_custom.conf的[from-internal-custom]中： exten => _500.,1,Dial(SIP/${EXTEN:0}@501)exten => _501.,1,Dial(SIP/${EXTEN:0}@501)exten => _502.,1,Dial(SIP/${EXTEN:0}@502)exten => _503.,1,Dial(SIP/${EXTEN:0}@503)exten => _504.,1,Dial(SIP/${EXTEN:0}@504)exten => _505.,1,Dial(SIP/${EXTEN:0}@505)exten => _506.,1,Dial(SIP/${EXTEN:0}@506)exten => _507.,1,Dial(SIP/${EXTEN:0}@507)exten => _508.,1,Dial(SIP/${EXTEN:0}@508)exten => _509.,1,Dial(SIP/${EXTEN:0}@509)exten => _510.,1,Dial(SIP/${EXTEN:0}@510)exten => _511.,1,Dial(SIP/${EXTEN:0}@511)exten => _512.,1,Dial(SIP/${EXTEN:0}@512)exten => _513.,1,Dial(SIP/${EXTEN:0}@513)exten => _514.,1,Dial(SIP/${EXTEN:0}@514)exten => _515.,1,Dial(SIP/${EXTEN:0}@515)exten => _516.,1,Dial(SIP/${EXTEN:0}@516)注意：exten => _500.,1,Dial (SIP/${EXTEN:0}@501)---表示自动从第1个到第16个Skype通道中，寻找空闲的通道进行呼出。

关于AsteriskAsterisk是一款实现用户电话交换机(PBX)功能的自由软件、开源软件。

Asterisk提供完善PBX 功能，可以连接多种不同的电话终端，包括普通电话机，IP电话机，软电话等，支持多种主流的IP电话协议和系统接口。

软件名称Asterisk－星号(*)，在Unix（包括Linux）和DOS操作系统中是通配符，用来在查找中适配任何字符，寓意该软件广泛的适用性。

Asterisk软件提供很多以前只有昂贵的专业PBX系统才支持的功能，比如：语音信箱，会议电话，交互式语音提示和自动电话转接等。

由于该软件开放的性质，用户可以灵活的配置方便的扩展系统的功能，甚至编程开发自己所需功能的模块。

Asterisk通常都运行在Linux操作系统下，当然它也可以在其他系统，如BSD, Windows或OS X下编译并安装。

Asterisk服务器不需要任何特殊的硬件即可提供VoIP的服务，只需服务器有网络连接即可。

它支持主流VoIP协议，包括会话发起协议(SIP)、H.323，既可作为IP电话服务器也可以作IP 电话和PSTN之间的转接。

Asterisk系统还设计了一个新协议，IAX，用于在Asterisk服务器之间维护话路通道。

如果需要连接普通电话或PSTN中继线，运行Asterisk的服务器则需要安装相应的硬件接口板。

许多厂商都生产用于连接普通电话、T1、E1中继线、ISDN等的接口板。

由于是自由软件且具有丰富的系统功能，Asterisk提供给用户一个廉价并功能强大的PBX解决方案。

它被越来越多的用于代替传统专用的PBX，或被用于跨国VoIP电话以节省长途费用。

一些国家的VoIP电话公司已经开始支持Asterisk，提供IAX2接口或允许用户的Asterisk 服务器使用SIP协议连接。

截止2008年4月22日，Asterisk的最新版本是1.4.19.1版。

Asterisk功能说明及基本呼叫流程1.Asterisk内部核心：共分为6个部分A.PBX核心交换模块B.调度和IO管理模块C.应用调用模块D.编码转换模块E.动态模块加载器模块F.CDR生成模块（即时呼叫详细记录报告）2.Asterisk基本呼叫流程(1)通过Asterisk的一个电话呼叫在一个通道驱动接口上到达，如SIP通道。

Asterisk基本配置Asterisk译为星号(*在很多应用中被用做通配符,Astrisk做为PBX系统的完美名称,原因之一是Asterisk可以连接数目庞大的接口类型,包括:1模拟接接口,如你的电话线或模拟电话.2数字线路,如T-1和E-1线路3Voip协议,如SIP和IAX目前正式版本是IAX2,但是IAX1的所有格式都已经停掉.所以当说到IAX都是特拽IAX2使用接口配置文件1.Zaptel.conf:硬件接口基层配置,我们将建立一个FX0和一个FXS通道.2.zapata.conf:硬件配置Asterisk的接口.3.extension.conf:拨号方案文件.4.sip.conf:配置SIP协议的文件5.iax.conf:配置呼入和呼出IAX通道的文件******编辑完zaptel.conf文件,需要使用/sbin/ztcfg -vv装载配置到硬件(不须要详细输出可以省略-vv;修改信令方法需要重启.在编辑sip.conf和iax.conf文档后,分别需要装载chan_iax2.so和chan_sip.soAsterisk译为星号(*在很多应用中被用做通配符,Astrisk做为PBX系统的完美名称,原因之一是Asterisk可以连接数目庞大的接口类型,包括:1模拟接接口,如你的电话线或模拟电话.2数字线路,如T-1和E-1线路3Voip协议,如SIP和IAX目前正式版本是IAX2,但是IAX1的所有格式都已经停掉.所以当说到IAX都是特拽IAX2使用接口配置文件1.Zaptel.conf:硬件接口基层配置,我们将建立一个FX0和一个FXS通道.2.zapata.conf:硬件配置Asterisk的接口.3.extension.conf:拨号方案文件.4.sip.conf:配置SIP协议的文件5.iax.conf:配置呼入和呼出IAX通道的文件******编辑完zaptel.conf文件,需要使用/sbin/ztcfg -vv装载配置到硬件(不须要详细输出可以省略-vv;修改信令方法需要重启.在编辑sip.conf和iax.conf文档后,分别需要装载chan_iax2.so和chan_sip.so******SIPSIP(会话初始协议,通常用于VOIP电话,进行呼叫建立,呼叫协商,呼叫结束.它帮助两个端互相通认,但它不处理媒体;当呼叫建立后,他通过实时传输协议(RTP在电话A到电话B直接传输媒体SIP和RTPSIP是一个应用层的信令协议.他使用的端口是5060(通常进行通信.SIP可以通过UDP和TCP传输层协议进行传输.Asterisk目前没有TCP用于传输SIP信息.RTP用于端点间传输媒体(语音,Asterisk中RTP使用大数字的无特权端口(默认10,000到20,000SIP优点:普通的被接受和结构灵活.其它的VOIP协议还有H.323,IAX,MGCP. SIP配置/etc/asterisk/sip.conf文件中:[general]srvlookup=yet[10000]type=friend;可以定义用户\端\朋友asterisk常用命令1. 运行调试常用命令./asterisk & 在后台启动asterisk./asterisk –vvvc 启动asterisk并尽量多的在控制台显示调试信息./asterisk –r 连接asterisk控制台set verbose 9999 设置打印详细信息2.asterisk控制台下常用命令sip reloadsip set debug 设置显示更多的sip信息sip set debug off关闭显示更多的sip信息sip show channels 显示所有活动的SIP通道sip show peers 显示所有已定义的SIP peersip show channels 查看当前SIP协议的并发。

sip协议中认证域SIP（Session Initiation Protocol）是一种用于建立、修改和终止会话的通信协议。

在SIP协议中，认证域是用于鉴别和验证用户身份的一种机制。

它允许SIP服务器在用户发起请求时进行认证，以确保只有合法用户才能访问网络服务。

认证域在SIP中起到了非常重要的作用，它提供了一个安全的身份验证机制。

通过认证域，用户可以凭借一定的身份凭证（如用户名和密码）来验证自己的身份。

这样一来，只有通过身份验证的用户才能进行会话，从而有效地保护了通信的安全性和隐私性。

SIP协议中的认证域具有以下特点和功能：1.安全性：认证域能够确保只有通过身份验证的用户才能进行通信。

通过用户名和密码的组合，认证域可以有效地验证用户的身份，并防止未经授权的用户进入系统。

2.隐私性：认证域可以保护用户的隐私数据，如密码等敏感信息。

通过使用加密算法对认证信息进行加密传输，可以防止信息被截获和恶意使用。

3.可扩展性：SIP协议中的认证域可以根据需求进行扩展和定制。

支持多种身份验证机制，如基于口令的认证、数字证书的认证等，以满足不同场景和需求的安全要求。

4.透明性：认证域对用户来说是透明的，用户并不需要了解具体的认证过程，只需要提供正确的用户名和密码即可。

这样可以简化用户的操作，并提高用户体验。

5.互操作性：认证域可以与其他安全机制结合使用，如TLS （Transport Layer Security）等，以实现更高层次的安全保护。

通过与其他协议的互操作，可以构建更安全、可靠的通信网络。

在SIP协议中，认证域主要包括以下几个组成部分：1.挑战应答流程（Challenge-Response Process）：服务器在接收到用户的请求后，会向用户发送一个挑战（Challenge），要求用户提供正确的身份凭证来进行认证。

用户接收到挑战后，根据服务器提供的算法，计算出正确的应答（Response）并发送给服务器。

sip协议中认证域SIP（Session Initiation Protocol，会话发起协议）是一种常用于建立、修改和终止多媒体会话的网络传输协议。

在SIP协议中，认证域（Authentication Domain）是指用于认证用户身份的一个域名或范围。

在SIP中，认证域的主要作用是确保通信的安全性和可靠性。

通过认证域，用户可以验证对方的身份，并确保只有经过授权的用户才能够访问和使用该会话。

认证域可以帮助防止未经授权的用户恶意攻击或滥用通信系统。

SIP认证域的实现通常基于加密技术和数字证书，以保护用户的身份和数据安全。

认证域中的用户身份信息通常包括用户名和密码等凭证，这些凭证将被用于验证用户身份的合法性。

当用户尝试与通信系统建立连接时，其在请求中会携带身份信息，并通过认证机制进行验证。

SIP协议中常用的认证机制包括基本认证（Basic Authentication）、摘要认证（Digest Authentication）和证书认证（Certificate Authentication）等。

基本认证是一种较为简单的认证方式，用户在请求中携带用户名和密码进行验证。

摘要认证是一种更为安全的认证方式，用户的凭证将通过哈希算法进行加密，以保护用户身份信息的安全。

证书认证则是基于公钥和私钥的加密技术，通过数字证书对用户进行验证。

认证域在SIP协议中的应用非常广泛。

它可以用于保护语音通话、视频通话、聊天、会议等多媒体通信。

通过认证域，用户可以建立起受保护的通信链路，确保通信双方的身份和数据安全。

认证域不仅在用户之间的通信中起到重要的作用，还对网络运营商、企业和组织等提供了一种安全的通信解决方案。

网络运营商可以通过认证域来管理用户的接入权限和资源分配，提供更加安全可靠的通信服务。

企业和组织可以借助认证域来管理员工和合作伙伴的权限，保护内部数据和信息的安全。

然而，认证域的应用也存在一些挑战和问题。

首先，认证域需要建立起一个可信的密码管理系统，确保用户凭证的安全性。

Asterisk常见问题Asterisk 常见问题Asterisk是否⽀持SIP的PRACK？IMS 等线路需要SIP INVITE 中⽀持Supported: 100rel"或"Require: 100rel", chan_sip⽬前不⽀持，官⽅有补丁，但是不⼀定完全可以使⽤。

必须使⽤Asterisk-13 以上的版本使⽤pjsip协议栈⽀持。

如果使⽤chan_SIP,在chan_sip.conf 配置⽂件中配置prack=yes, 在pjsip.conf 中设置100rel=yes。

Asterisk-13对接VOS：1）pjsip.conf 配置⽂件：[6001]type=endpointcontext=from-testdisallow=allallow=ulawtransport=simpletransauth=auth6001aors=6001[simpletrans]type=transportprotocol=udpbind=0.0.0.0[auth6001]type=authauth_type=userpasspassword=6001username=6001[6001]type=aormax_contacts=1contact=sip:6001@192.168.1.102:5060[mytrunk]type=registrationtransport=simpletransoutbound_auth=mytrunkserver_uri=sip:60102@VOS IP地址client_uri=sip:60102@VOS IP 地址retry_interval=60support_path=truecontact_user=mytrunkforbidden_retry_interval=10auth_rejection_permanent=true[mytrunk]type=authusername=60102 // VOS 帐号password=密码[mytrunk]type=aorcontact=sip:VOS 地址:5060[mytrunk]type=endpointtransport=simpletranscontext=from-testdisallow=allallow=ulaw,alaw,gsm,g726,g729outbound_auth=mytrunkaors=mytrunkfrom_user=601022）拨号规则。

l 安装完asterisk 配置sip.conf文件[8001]type=friendusername=8001accountcode=8001secret=8001context=from-exten-sip;followed advance settingshost=dynamicnat=yesqualify=2000canreinvite=nocallgroup=0,pickupgroup=0,setvar=call-limit=1说明：（1）type：sip的类型。

格式：type =user|peer|friend 。

peer用于认证呼出呼叫，如果想要一个用户(extension)中有多个电话,定义可以呼叫两个SIP peer 的extension。

user用于认证呼入呼叫,用户通过上下文鉴定到达服务器。

friend 用于认证呼入呼出，相当于（peer+user）。

（2）username ：格式：username =<username[@realm]>。

如果Asterisk接受来自远程SIP的SIP INVITE请求的客户端，这字段指定验证的用户名。

（3）accountcode：格式：accountcode =<string>。

此字段，是用来填充“accountcode“领域的CDR（呼叫详细记录）。

（4）secret：用于认证的密码。

如果Asterisk是作为一个SIP代理服务器，那么这个SIP 客户端必须使用此密码登录（一个共享密码）。

如果Asterisk是一个SIP客户端作为一个远程SIP的SIP INVITE的服务器要求身份验证，那么这个字段是用来验证该Asterisk的SIP协议提请发送到远程SIP服务器。

（5）context：格式:context = <context_name>定义了指令的地点，用于控制电话的权限，以及如何处理此号码的呼入呼叫。

Sip.confSynopsisThe sip.conf file contains parameters relating to the configuration of sip client access to the Asterisk server. Clients must be configured in this file before they can place or receive calls using the Asterisk server.ArrangementThe sip.conf file is read from the top down. The first section is for general server options, such as the IP address and port number to bind to. The following sections define client parameters such as the username, password, and default IP address for unregistered clients. Sections are delineated by a name in brackets. The first section is called general (which cannot be used as a client name.) The following sections begin with the client name in brackets, followed by the client options.KeywordsThe following keywords are defined in /etc/asterisk/sip.conf.In the general section:port: The port Asterisk should listen for incoming SIP connections. The default is 5060, in keeping with standards. Takes as an argument a port number (which must not be in use by any other service.)bindaddr: The IP address Asterisk should listen on for incoming SIP connections. If the machine has multiple real or aliased IP addresses, this option can be used to select which IP addresses Asterisk listens on. The default behavior is to listen on all available interfaces and aliases. Takes as it's argument an IP address (which must be an interface available on the system.)context: Sets a default context all further clients are placed in, unless overridden within their client definition.Client Optionstype: The type option sets the connection class for the client. Options arepeer: A device which recieves calls from the asterisk server.user: A device that makes calls through the asterisk server.friend: a device that can both recieve and send calls through the asterisk server.This makes sense for most desk handsets and other devices. If unsure, youshould probably set type to this value.secret: Sets the password for the client. Takes an alphanumeric string.host: Sets the IP address or resolvable host name of the device. This can alternately be set to 'dynamic' in which case the host is expected to come from any IP address. This is the most common option, and normally necessary within a DHCP network.defualtip: This option can be used when the host keyword is set to dynamic. When set, the Asterisk server will attempt to send calls to this IP address when a call is received for a SIP client that has not yet registered with the server.?username: This option sets the username the Asterisk server attempts to connect when a call is received. Used when for some reason the value is not the same as the username the client registered.canreinvite: This option is used to tell the server to never issue a reinvite to the client. This is used to interoperate with some (buggy) hardware that crashes if we reinvite, such as the common Cisco ATA 186.context: When defined within a client definition, this keyword sets the default context for this client only.Complete File ExampleThe following is a complete example of a workable /etc/asterisk/sip.conf file.[general]port=5060bindaddr=192.168.0.10context=default[snom]type=friendsecret=snom100host=dynamicdefaultip=192.168.0.15[cisco]type=friendsecret=mysecrethost=192.168.0.20canreinvite=nocontext=trusted。

Asterisk RealTime SIP/wiki/view/Asterisk+RealTime+Sipsip.conf SetupYou can keep any sip users in the flatfile AND use RealTime. How cool is that?Extconfig.conf Setup with Asterisk 1.6.1.1 Add the following line, swapping your own personal values if you wish:sipusers => mysql,general,sip_buddiessippeers => mysql,general,sip_buddiesextensions => mysql,general,extensions_tableDatabase Configput the following in res_mysql.conf[general]dbhost = 127.0.0.1dbname = asteriskdbuser = myuserdbpass = mypassdbport = 3306Values in sip.conf or iax.conf like in older versions of * are no longer used.Database TableLets create the table we need:NOTE: You can use any table name you wish, just make sure the table name matches what you have the family name bound to.NOTE: General principles: the column names in your database table correspond to the option names in sip.conf. You do not have to have all option names definedin your table; you only have to define those columns you actually use insip.conf. Exceptions to this are 'regserver' and 'regseconds', which the channel driver's realtime routines use for internal book-keeping. The 'name' field must also be present to hold equivalent of the category name in the sip.conf file. It is easily possible that different versions of Asterisk will require different tables. For instance, a 1.6 version of Asterisk would not use the "cancallforward", or 'restrictcid', or 'mask', or 'qualify', or "musiconhold" columns, but might require 'mohinterpret', 'mohsuggest', etc. etc. options instead. Options (column names) that not offered in sip.conf are ignored. Some options in sip.conf are OK to have multiple entries, but in a real-time database, Only one column is available. In these cases, you can add multiple values separated by semicolons. This occurs with setvar, allow/disallow, and permit/deny.NOTE:Column order is important!! If you place "ipaddr" before "host" (in the case of dynamic), you will never load the public IP address of your sip device, as it will be overwritten when "host" is encountered. allow/disallow and permit/ deny, the order of these statements is crucial in the config file, as they are applied in order. In the realtime db, the order is determined by the order of the columns in the table. You will note that the deny/disallow entries come before the allow/permit entries, to support the common usage of 'deny all', then permit '192.168.....'.## Table structure for table `sip_buddies`#CREATE TABLE `sip_buddies` (`id` int(11) NOT NULL auto_increment,`name` varchar(80) NOT NULL default '',`host` varchar(31) NOT NULL default '',`nat` varchar(5) NOT NULL default 'no',`type` enum('user','peer','friend') NOT NULL default 'friend',`accountcode` varchar(20) default NULL,`amaflags` varchar(13) default NULL,`call-limit` smallint(5) unsigned default NULL,`callgroup` varchar(10) default NULL,`callerid` varchar(80) default NULL,`cancallforward` char(3) default 'yes',`canreinvite` char(3) default 'yes',`context` varchar(80) default NULL,`defaultip` varchar(15) default NULL,`dtmfmode` varchar(7) default NULL,`fromuser` varchar(80) default NULL,`fromdomain` varchar(80) default NULL,`insecure` varchar(4) default NULL,`language` char(2) default NULL,`mailbox` varchar(50) default NULL,`md5secret` varchar(80) default NULL,`deny` varchar(95) default NULL,`permit` varchar(95) default NULL,`mask` varchar(95) default NULL,`musiconhold` varchar(100) default NULL,`pickupgroup` varchar(10) default NULL,`qualify` char(3) default NULL,`regexten` varchar(80) default NULL,`restrictcid` char(3) default NULL,`rtptimeout` char(3) default NULL,`rtpholdtimeout` char(3) default NULL,`secret` varchar(80) default NULL,`setvar` varchar(100) default NULL,`disallow` varchar(100) default 'all',`allow` varchar(100) default 'g729;ilbc;gsm;ulaw;alaw',`fullcontact` varchar(80) NOT NULL default '',`ipaddr` varchar(15) NOT NULL default '',`port` smallint(5) unsigned NOT NULL default '0',`regserver` varchar(100) default NULL,`regseconds` int(11) NOT NULL default '0',`lastms` int(11) NOT NULL default '0',`username` varchar(80) NOT NULL default '',`defaultuser` varchar(80) NOT NULL default '',`subscribecontext` varchar(80) default NULL,`useragent` varchar(20) default NULL,PRIMARY KEY (`id`),UNIQUE KEY `name` (`name`),KEY `name_2` (`name`)) ENGINE=MyISAM ROW_FORMAT=DYNAMIC;Apr 27/10 Serge Berney - iXo SASince 1.6.1.18 : Added 'useragent'To prevent the warning message : "Table sip_buddies requires a column 'useragent' of size '20', but no such column exists."If you have error message like :WARNING27599 acl.c: Invalid IP address inERROR27599 chan_sip.c: Bad ACL entry in configuration line 0 :Be sure that fields 'deny', 'permit', 'mask' contain valid IP or are set to "(NULL)" value (if no ACL control is needed)If you have error message like :WARNING27221 acl.c: Unable to lookup ''NOTICE27221chan_sip.c:Registrationfrom'<sip:*******.c.d:zzz>'failedfor' a.b.c.d' - No matching peer foundbe sure that field 'defaultip' is not null (set value to '0.0.0.0' if you don't need it).Apr 07/09 Akan NkweiniAdded 'lastms'.Without this I had the following errorres_config_mysql.c:376 update_mysql: MySQL RealTime: Failed to query database. Check debug for more info.Dec 03/08 ArtemAsterisk 1.4.21.2 (on Debian) does not work if qualify is set and rtcachefriends=yes (which is default).qualify must be NULL or should not be in the table at all. Otherwise this error message will flood your log file/console:handle_response_peerpoke: Peer 'xyz' is now Reachable.Sept 18/08 casparIt seems like Asterisk 1.6.0 RealTime SIP does not work without the following fields:•defaultip•defaultuser•regserver•regseconds•mask•fromuser•fromdomainMay 14/08 arf_Added 'subscribecontext' to the above as it's may be needed in some case (and it works a least with asterisk 1.4.18)Apr 15/08 bcnitAdded 'defaultuser' to the above as it's needed in Asterisk 1.6.Jul 9/07 bcnitNote that 'regserver' has been added to the above this doesn't appear to be used by anything other than the initial call RealTime makes to clear the record, but including it gets rid of a WARNING on the console!Jun 8/07 bcnitIf you are going to access the table above using MS Access and MyODBC, define port as:`port` mediumint(8) unsigned NOT NULL default '0'Or you'll have all sorts of problems trying to update rows!Jan 4/06 mhaynesI ran into problems using the Message Waiting Indicator with my Cisco 7960g phone using the realtime system under Asterisk 1.2.0. Turns out you need to set the rtcachefriends=yes in the general context of your flat file sip.conf. Once this is done, MWI starts working as usual.Nov 9/05 hfwangNote: It seems that since asterisk 1.0.2RC1 there is 1 additional field for SIP accounts called 'fullcontact'. Added this field in the table above.Updated by: DHuang(3/16/05) Updated by: utdrmac - incominglimit and outgoinglimit are deprecated. Use Asterisk cmd SetGroup instead.Jan 2/06 misakAdded setvar columnNOTE: The index created on the column 'name' is because RealTime does its SELECT query using that column everytime. That column must also be unique.You do not need every column listed above. If you wish, you can remove those columns you know you will never use. The columns in your tables should line up with the fields you would specify in the given entity declaration. If an entry would appear more than once, in the column it should be separated by a semicolon. For example, an entity that looks like:[foo]host=dynamicsecret=barcontext=defaultallow=gsmallow=ulawcould be stored in a table like this:name host secret context ipaddr port allowfoo dynamic bar default127.0.0.14569gsm;ulawYou do not need to insert the ipaddr, port or regseconds information. These columns will be updated periodicaly by RealTime.TestingThrow some data into the above table and try to register an extension. The /var/ log/asterisk/debug should give info on any problems.Realtime Caching...As of CVS-HEAD 3/16/05, if you enable RealTime caching in your sip.conf, Voicemail MWI works and so does 'sip show peers'. To do so, add "rtcachefriends=yes" to the general section of your sip.conf file.As the name implies, this caches the "RealTime" information from the database. As a result, there is a delay in updating some (if not all) fields in the SIP entry when you update the database. For instance, if you create an entry with a context = "context1" and Asterisk loads it from the database (perhaps the phone registered or tried to make a call), Asterisk holds on to that information as far as I can tell, indefinitely until a sip reload occurs.This also means that you will have to do a sip reload to clear out any entries. Removing them from the database does not seem to work. You can still add new entries though without reloading Asterisk.RealTime caching...isn't that an oxymoron anyways? :-) — (Someone check to see if this affects IAX too, I don't have any IAX phones at the moment. - Flobi) — (RealTime caching does affect IAX as well, works the same way. - Josh)Update : use "sip prune realtime PEERNAME" then "sip show peer PEERNAME load" to flush the peer and reload from db - (Voicemeup)See Also•Asterisk config sip.conf•Asterisk RealTime•Asterisk RealTime Static•Asterisk RealTime Sip•Asterisk RealTime IAX•Asterisk RealTime Voicemail•Asterisk RealTime Extensions。

前面是我写给我喜欢的女孩的东北二人转荷子香染衣, 不拘世人前月淡树影寒, 车远客行单雨洒千楼小, 风入九窍曲未闲终成句, 疏散始期许正文开始：布：exten => _1NXXNXXXXXX,1,Dial,H323/${EXTEN}@ip.or.hostnameszmzsm：我装的是TRIXBOX 1。

1就是后面多了个IP？布：你先编译usr/src/asterisk/channels/h323(路径根据你的来)然后拷贝h323.conf.sample到/etc/asterisk配置帐号.然后配置规则.szmzsm：请问SIP gateway怎样连接到ASTERISK上，我用下面的设置在asterisk里的sip show peers 里看到2002 为unspecified.请问怎样解决？我的SIP。

CONF的设置是[2002]type=friendusername=2002secret=2002host=dynamiccontext=outgoingextensions.conf里的设置是[outgoing]exten => _2002,1,Dial(SIP/ ${EXTEN}@192.168.1.46,20,rt)gateway的ip 为192.168.1.46请问哪里有问题呢？布：你这是自己给自己打?需要开两个帐号帐号1 打帐号2szmzsm：我的sip.conf[2001]type=friendusername=2001host=dynamiccontext=outgoing[2002]type=friendusername=2002secret=2002host=dynamiccontext=outgoing[2004]type=friendusername=2004secret=2004host=dynamiccontext=outgoing其中2001，2002为软电话，2004为sip gateway我的extensions.conf[outgoing]exten => _2001,1,Dial(SIP/ ${EXTEN},20,rt)exten => _2002,1,Dial(SIP/ ${EXTEN},20,rt)exten => _1NXXNXXXXXX,1,Dial,SIP/ ${EXTEN}@192.168.1.46 布：你想用SIP 打到H323上?szmzsm不是，是SIP软电话打到sip gateway上请问extensions.conf中最后的改为[outgoing]exten => _2004,1,Dial,SIP/ ${EXTEN}@192.168.1.46szmzsm(624047449) 13:29:55但是现在好象连sip gateway用2004注册到asterisk都不行布：[outgoing]sip.conf[general]port = 5063bindaddr = 0.0.0.0context = default在extensions.conf[2002]type=friendusername=2002secret=2002host=192.168.xx.xx(根据你的情况而定)port=5065szmzsm：我的general是用他默认的，是[general]port = 5060bindaddr = 0.0.0.0disallow=allallow=ulawallow=alawcontext = from-sip-externalcallerid = Unknowntos=0x68是不是把其他的注释掉啊只用port disallow context还有bindaddrport是用5063吗？？布：enszmzsm我现在的2002是软电话2004是gateway布你网关能注册到asterisk上不?szmzsm现在不行就是SIP.CONF里怎么加才能注册上布:type=peerport = 5060host=XXX.XXX.XXX.XXXbindaddr=XXX.XXX.XXX.XXX ; Local interface insecure=veryqualify=nocanreinvite=nodisallow=allallow=alawallow=ulawregister=>:@XXX.XXX.XXX.XXX ; Local interface在outgoing中exten => _2XXX,1,Dial(SIP/${EXTEN}@2004,60)试试.szmzsm请问bindaddr=XXX.XXX.XXX.XXX 用的是哪个IP是gateway 的吗？布对szmzsm现在可以call sip gateway了但是他不能call回来我把上面的peer改成friend也是一样，还是只能接，不能打出去布：把sip gateway的context设置成outgoing1[ougoing1]exten => _2XXX,1,Dial(SIP/${EXTEN}@2002,60)。

利用sip将两台asterisk服务器进行相连如有两台asterisk 服务器,ip地址为:192.168.2.96及192.168.2.97.先分别在两台服务器的sip.conf配置文件中建立用于两台asterisk 进行通讯的sip账号,及siptrunk账号.如下:1.在96机子建立666帐号,如下:[666]type=friendsecret=kentop123456host=dynamicusername=666context=MGConfigdisallow=allincominglimit=360outgoinglimit=1allow=gsmallow=alawallow=ulaw再在96下建立用于通讯的97trunk,如下:[97TRUNK]type=friendusername=888secret=kentop123456dtmfmode=rfc2833context=MGConfigfromuser=888insecure=verydisallow=allallow=gsmallow=alawallow=ulaw2 同样,我们在97下也建立888的sip帐户[888]type=friendsecret=kentop123456host=dynamicusername=888context=MGConfigdisallow=allallow=gsmallow=ulawallow=alaw建立96trunk[96TRUNK]type=friendusername=666secret=kentop123456fromuser=666dtmfmode=rfc2833context=MGConfiginsecure=verydisallow=allallow=gsmallow=ulawallow=alaw3.在96的sip.conf中注册97的888在 97的sip.conf中注册96的666如下:96机子:register=>888:********************.2.9797机子:register=>666:********************.2.964.在两台机子extension.conf中写入同样的拨号方案exten=>_96.,1,dial(SIP/97${EXTEN:2}@97TRUNK,40,r)exten=>_97.,1,Dial(SIP/${EXTEN:2},40,r)这样reload之后,只要在任意一台机子,呼96XXXX然后在另一台的机子的exten=>_97.,就会收到从呼收方发来的呼叫,这样,只要在这个exten去接收呼叫就可以了.。