; ; Inter-Asterisk eXchange v2 (IAX2) Channel Driver configuration ; ; This configuration is read when the chan_iax2.so module is loaded, and is ; re-read when the module is reloaded, such as when invoking the CLI command: ; ; *CLI> iax2 reload ; ; General settings, like port number to bind to, and an option address (the ; default is to bind to all local addresses). [general] ; Listener Addresses ; ; Use the 'bindaddr' and 'bindport' options to specify on which address and port ; the IAX2 channel driver will listen for incoming requests. ; ; ;bindport=4569 ; The default port to listen on ; NOTE: bindport must be specified BEFORE bindaddr or ; may be specified on a specific bindaddr if followed by ; colon and port (e.g. bindaddr=192.168.0.1:4569) or for ; IPv6 the address needs to be in brackets then colon ; and port (e.g. bindaddr=[2001:db8::1]:4569). ;bindaddr=192.168.0.1 ; You can specify 'bindaddr' more than once to bind to ; multiple addresses, but the first will be the ; default. IPv6 addresses are accepted. ; ; Set 'iaxcompat' to yes if you plan to use layered switches or some other ; scenario which may cause some delay when doing a lookup in the dialplan. It ; incurs a small performance hit to enable it. This option causes Asterisk to ; spawn a separate thread when it receives an IAX2 DPREQ (Dialplan Request) ; instead of blocking while it waits for a response. ; ; Accepted values: yes, no ; Default value: no ; ;iaxcompat=yes ; ; ; Disable UDP checksums (if nochecksums is set, then no checksums will ; be calculated/checked on systems supporting this feature) ; ; Accepted values: yes, no ; Default value: no ; ;nochecksums=yes ; ; ; For increased security against brute force password attacks enable ; 'delayreject' which will delay the sending of authentication reject for REGREQ ; or AUTHREP if there is a password. ; ; Accepted values: yes, no ; Default value: no ; ;delayreject=yes ; ; ; You may specify a global default AMA flag for iaxtel calls. These flags are ; used in the generation of call detail records. ; ; Accepted values: default, omit, billing, documentation ; Default value: default ; ;amaflags=billing ; ; ; ADSI (Analog Display Services Interface) can be enabled if you have (or may ; have) ADSI compatible CPE equipment. ; ; Accepted values: yes, no ; Default value: no ; ;adsi=yes ; ; ; Whether or not to perform an SRV lookup on outbound calls. ; ; Accepted values: yes, no ; Default value: no ; ;srvlookup=yes ; ; ; You may specify a default account for Call Detail Records (CDRs) in addition to ; specifying on a per-user basis. ; ; Accepted values: Any string value up to 19 characters in length ; Default value: ; ;accountcode=lss0101 ; ; ; You may specify a global default language for users. This can be specified ; also on a per-user basis. If omitted, will fallback to English (en). ; ; Accepted values: A language tag such as 'en' or 'es' ; Default value: en ; ;language=en ; ; ; This option specifies a preference for which music-on-hold class this channel ; should listen to when put on hold if the music class has not been set on the ; channel with Set(CHANNEL(musicclass)=whatever) in the dialplan, and the peer ; channel putting this one on hold did not suggest a music class. ; ; If this option is set to "passthrough", then the hold message will always be ; passed through as signalling instead of generating hold music locally. ; ; This option may be specified globally, or on a per-user or per-peer basis. ; ; Accepted values: passthrough, or any music-on-hold class name ; Default value: ; ;mohinterpret=default ; ; ; The 'mohsuggest' option specifies which music on hold class to suggest to the ; peer channel when this channel places the peer on hold. It may be specified ; globally or on a per-user or per-peer basis. ; ;mohsuggest=default ; ; ; Specify bandwidth of low, medium, or high to control which codecs are used ; in general. ; bandwidth=low ; ; ; You can also fine tune codecs here using "allow" and "disallow" clauses with ; specific codecs. Use "all" to represent all formats. ; ;allow=all ;disallow=g723.1 disallow=lpc10 ;allow=gsm ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Jitter Buffer ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; ; You can adjust several parameters relating to the jitter buffer. The jitter ; buffer's function is to compensate for varying network delay. ; ; All of the jitter buffer settings are in milliseconds. The jitter buffer ; works for INCOMING audio only - the outbound audio will be dejittered by the ; jitter buffer at the other end. ; ; jitterbuffer=yes|no: global default as to whether you want ; the jitter buffer at all. ; ; maxjitterbuffer: a maximum size for the jitter buffer. ; Setting a reasonable maximum here will prevent the call delay ; from rising to silly values in extreme situations; you'll hear ; SOMETHING, even though it will be jittery. ; ; resyncthreshold: when the jitterbuffer notices a significant change in delay ; that continues over a few frames, it will resync, assuming that the change in ; delay was caused by a timestamping mix-up. The threshold for noticing a ; change in delay is measured as twice the measured jitter plus this resync ; threshold. ; Resyncing can be disabled by setting this parameter to -1. ; ; maxjitterinterps: the maximum number of interpolation frames the jitterbuffer ; should return in a row. Since some clients do not send CNG/DTX frames to ; indicate silence, the jitterbuffer will assume silence has begun after ; returning this many interpolations. This prevents interpolating throughout ; a long silence. ; ; jittertargetextra: number of milliseconds by which the new jitter buffer ; will pad its size. the default is 40, so without modification, the new ; jitter buffer will set its size to the jitter value plus 40 milliseconds. ; increasing this value may help if your network normally has low jitter, ; but occasionally has spikes. ; jitterbuffer=no ;maxjitterbuffer=1000 ;maxjitterinterps=10 ;resyncthreshold=1000 ;jittertargetextra=40 ; There are three authentication methods that are supported: md5, plaintext, ; and rsa. The least secure is "plaintext", which sends passwords cleartext ; across the net. "md5" uses a challenge/response md5 sum arrangement, but ; still requires both ends have plain text access to the secret. "rsa" allows ; unidirectional secret knowledge through public/private keys. There is no ; default unless set here in the [general] section. Only md5 and rsa support ; media encryption. ; ;auth=md5 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; IAX2 Encryption ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; ; Enable IAX2 encryption. The default is no. This option does not force ; encryption for calls, it merely allows it to be used for calls. ; encryption=yes ; ; Force encryption insures no connection is established unless both sides ; support encryption. By turning this option on, encryption is automatically ; turned on as well. The default is no. ; ;forceencryption=yes ; ; This option defines the maximum payload in bytes an IAX2 trunk can support at ; a given time. The best way to explain this is to provide an example. If the ; maximum number of calls to be supported is 800, and each call transmits 20ms ; frames of audio using ulaw: ; ; (8000hz / 1000ms) * 20ms * 1 byte per sample = 160 bytes per frame ; ; The maximum load in bytes is: ; ; (160 bytes per frame) * (800 calls) = 128000 bytes ; ; Once this limit is reached, calls may be dropped or begin to lose audio. ; Depending on the codec in use and number of channels to be supported this value ; may need to be raised, but in most cases the default value is large enough. ; ; trunkmaxsize = 128000 ; defaults to 128000 bytes, which supports up to 800 ; calls of ulaw at 20ms a frame. ; With a large amount of traffic on IAX2 trunks, there is a risk of bad voice ; quality when allowing the Linux system to handle fragmentation of UDP packets. ; Depending on the size of each payload, allowing the OS to handle fragmentation ; may not be very efficient. This setting sets the maximum transmission unit for ; IAX2 UDP trunking. The default is 1240 bytes which means if a trunk's payload ; is over 1240 bytes for every 20ms it will be broken into multiple 1240 byte ; messages. Zero disables this functionality and let's the OS handle ; fragmentation. ; ; trunkmtu = 1240 ; trunk data will be sent in 1240 byte messages. ; trunkfreq sets how frequently trunk messages are sent in milliseconds. This ; value is 20ms by default, which means the trunk will send all the data queued ; to it in the past 20ms. By increasing the time between sending trunk messages, ; the trunk's payload size will increase as well. Note, depending on the size ; set by trunkmtu, messages may be sent more often than specified. For example ; if a trunk's message size grows to the trunkmtu size before 20ms is reached ; that message will be sent immediately. Acceptable values are between 10ms and ; 1000ms. ; ; trunkfreq=20 ; How frequently to send trunk msgs (in ms). This is 20ms by ; default. ; Should we send timestamps for the individual sub-frames within trunk frames? ; There is a small bandwidth use for these (less than 1kbps/call), but they ; ensure that frame timestamps get sent end-to-end properly. If both ends of ; all your trunks go directly to TDM, _and_ your trunkfreq equals the frame ; length for your codecs, you can probably suppress these. The receiver must ; also support this feature, although they do not also need to have it enabled. ; ; trunktimestamps=yes ; Minimum and maximum amounts of time that IAX2 peers can request as a ; registration expiration interval (in seconds). ; minregexpire = 60 ; maxregexpire = 60 ; IAX2 helper threads ; Establishes the number of iax helper threads to handle I/O. ; iaxthreadcount = 10 ; Establishes the number of extra dynamic threads that may be spawned to handle I/O ; iaxmaxthreadcount = 100 ; ; We can register with another IAX2 server to let him know where we are ; in case we have a dynamic IP address for example ; ; Register with tormenta using username marko and password secretpass ; ;register => marko:secretpass@tormenta.linux-support.net ; ; Register joe at remote host with no password ; ;register => joe@remotehost:5656 ; ; Register marko at tormenta.linux-support.net using RSA key "torkey" ; ;register => marko:[torkey]@tormenta.linux-support.net ; ; Sample Registration for iaxtel ; ; Visit http://www.iaxtel.com to register with iaxtel. Replace "user" ; and "pass" with your username and password for iaxtel. Incoming ; calls arrive at the "s" extension of "default" context. ; ;register => user:pass@iaxtel.com ; ; Sample Registration for IAX2 + FWD ; ; To register using IAX2 with FWD, it must be enabled by visiting the URL ; http://www.fwdnet.net/index.php?section_id=112 ; ; Note that you need an extension in you default context which matches ; your free world dialup number. Please replace "FWDNumber" with your ; FWD number and "passwd" with your password. ; ;register => FWDNumber:passwd@iax.fwdnet.net ; ; Through the use of the res_stun_monitor module, Asterisk has the ability to detect when the ; perceived external network address has changed. When the stun_monitor is installed and ; configured, chan_iax will renew all outbound registrations when the monitor detects any sort ; of network change has occurred. By default this option is enabled, but only takes effect once ; res_stun_monitor is configured. If res_stun_monitor is enabled and you wish to not ; generate all outbound registrations on a network change, use the option below to disable ; this feature. ; ; subscribe_network_change_event = yes ; on by default ; ; You can enable authentication debugging to increase the amount of ; debugging traffic. ; ;authdebug = yes ; ; See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for a description of these parameters. ;tos=ef ;cos=5 ; ; If regcontext is specified, Asterisk will dynamically create and destroy ; a NoOp priority 1 extension for a given peer who registers or unregisters ; with us. The actual extension is the 'regexten' parameter of the registering ; peer or its name if 'regexten' is not provided. More than one regexten ; may be supplied if they are separated by '&'. Patterns may be used in ; regexten. ; ;regcontext=iaxregistrations ; ; If we don't get ACK to our NEW within 2000ms, and autokill is set to yes, ; then we cancel the whole thing (that's enough time for one retransmission ; only). This is used to keep things from stalling for a long time for a host ; that is not available, but would be ill advised for bad connections. In ; addition to 'yes' or 'no' you can also specify a number of milliseconds. ; See 'qualify' for individual peers to turn on for just a specific peer. ; autokill=yes ; ; codecpriority controls the codec negotiation of an inbound IAX2 call. ; This option is inherited to all user entities. It can also be defined ; in each user entity separately which will override the setting in general. ; ; The valid values are: ; ; caller - Consider the callers preferred order ahead of the host's. ; host - Consider the host's preferred order ahead of the caller's. ; disabled - Disable the consideration of codec preference altogether. ; (this is the original behaviour before preferences were added) ; reqonly - Same as disabled, only do not consider capabilities if ; the requested format is not available the call will only ; be accepted if the requested format is available. ; ; The default value is 'host' ; ;codecpriority=host ; ; allowfwdownload controls whether this host will serve out firmware to ; IAX2 clients which request it. This has only been used for the IAXy, ; and it has been recently proven that this firmware distribution method ; can be used as a source of traffic amplification attacks. Also, the ; IAXy firmware has not been updated since at least 2012, so unless ; you are provisioning IAXys in a secure network, we recommend that you ; leave this option to the default, off. ; ;allowfwdownload=yes ;rtcachefriends=yes ; Cache realtime friends by adding them to the internal list ; just like friends added from the config file only on a ; as-needed basis? (yes|no) ;rtsavesysname=yes ; Save systemname in realtime database at registration ; Default = no ;rtupdate=yes ; Send registry updates to database using realtime? (yes|no) ; If set to yes, when a IAX2 peer registers successfully, ; the IP address, the origination port, the registration period, ; and the username of the peer will be set to database via realtime. ; If not present, defaults to 'yes'. ;rtautoclear=yes ; Auto-Expire friends created on the fly on the same schedule ; as if it had just registered? (yes|no|) ; If set to yes, when the registration expires, the friend will ; vanish from the configuration until requested again. ; If set to an integer, friends expire within this number of ; seconds instead of the registration interval. ;rtignoreregexpire=yes ; When reading a peer from Realtime, if the peer's registration ; has expired based on its registration interval, used the stored ; address information regardless. (yes|no) ;parkinglot=edvina ; Default parkinglot for IAX2 peers and users ; This can also be configured per device ; Parkinglots are defined in features.conf ; ; The following two options are used to disable call token validation for the ; purposes of interoperability with IAX2 endpoints that do not yet support it. ; ; Call token validation can be set as optional for a single IP address or IP ; address range by using the 'calltokenoptional' option. 'calltokenoptional' is ; only a global option. ; ;calltokenoptional=209.16.236.73/255.255.255.0 ; ; By setting 'requirecalltoken=no', call token validation becomes optional for ; that peer/user. By setting 'requirecalltoken=auto', call token validation ; is optional until a call token supporting peer registers successfully using ; call token validation. This is used as an indication that from now on, we ; can require it from this peer. So, requirecalltoken is internally set to yes. ; requirecalltoken may only be used in peer/user/friend definitions, ; not in the global scope. ; By default, 'requirecalltoken=yes'. ; ;requirecalltoken=no ; ; Maximum time allowed for call token authentication handshaking. Default is 10 seconds. ; Use higher values in lagged or high packet loss networks. ; ;calltokenexpiration=10 ; ; These options are used to limit the amount of call numbers allocated to a ; single IP address. Before changing any of these values, it is highly encouraged ; to read the user guide associated with these options first. In most cases, the ; default values for these options are sufficient. ; ; The 'maxcallnumbers' option limits the amount of call numbers allowed for each ; individual remote IP address. Once an IP address reaches it's call number ; limit, no more new connections are allowed until the previous ones close. This ; option can be used in a peer definition as well, but only takes effect for ; the IP of a dynamic peer after it completes registration. ; ;maxcallnumbers=512 ; ; The 'maxcallnumbers_nonvalidated' is used to set the combined number of call ; numbers that can be allocated for connections where call token validation ; has been disabled. Unlike the 'maxcallnumbers' option, this limit is not ; separate for each individual IP address. Any connection resulting in a ; non-call token validated call number being allocated contributes to this ; limit. For use cases, see the call token user guide. This option's ; default value of 8192 should be sufficient in most cases. ; ;maxcallnumbers_nonvalidated=1024 ; ; The [callnumberlimits] section allows custom call number limits to be set ; for specific IP addresses and IP address ranges. These limits take precedence ; over the global 'maxcallnumbers' option, but may still be overridden by a ; peer defined 'maxcallnumbers' entry. Note that these limits take effect ; for every individual address within the range, not the range as a whole. ; ;[callnumberlimits] ;10.1.1.0/255.255.255.0 = 24 ;10.1.2.0/255.255.255.0 = 32 ; ; The shrinkcallerid function removes '(', ' ', ')', non-trailing '.', and '-' not ; in square brackets. For example, the Caller*ID value 555.5555 becomes 5555555 ; when this option is enabled. Disabling this option results in no modification ; of the Caller*ID value, which is necessary when the Caller*ID represents something ; that must be preserved. This option can only be used in the [general] section. ; By default this option is on. ; ;shrinkcallerid=yes ; on by default ; Guest sections for unauthenticated connection attempts. Just specify an ; empty secret, or provide no secret section. ; [guest] type=user context=public callerid="Guest IAX User" ; ; Trust Caller*ID Coming from iaxtel.com ; [iaxtel] type=user context=default auth=rsa inkeys=iaxtel ; ; Trust Caller*ID Coming from iax.fwdnet.net ; [iaxfwd] type=user context=default auth=rsa inkeys=freeworlddialup ; ; Trust Caller*ID delivered over DUNDi/e164 ; ;[dundi] ;type=user ;dbsecret=dundi/secret ;context=dundi-e164-local ; ; Further user sections may be added, specifying a context and a secret used ; for connections with that given authentication name. Limited IP based ; access control is allowed by use of "permit", "deny", and "acl" keywords. ; Multiple rules are permitted. Multiple permitted contexts may be specified, ; in which case the first will be the default. You can also override ; Caller*ID so that when you receive a call you set the Caller*ID to be what ; you want instead of trusting what the remote user provides ; ; There are three authentication methods that are supported: md5, plaintext, ; and rsa. The least secure is "plaintext", which sends passwords cleartext ; across the net. "md5" uses a challenge/response md5 sum arrangement, but ; still requires both ends have plain text access to the secret. "rsa" allows ; unidirectional secret knowledge through public/private keys. If "rsa" ; authentication is used, "inkeys" is a list of acceptable public keys on the ; local system that can be used to authenticate the remote peer, separated by ; the ":" character. "outkey" is a single, private key to use to authenticate ; to the other side. Public keys are named /var/lib/asterisk/keys/.pub ; while private keys are named /var/lib/asterisk/keys/.key. Private ; keys should always be 3DES encrypted. If encryption is used (applicable to ; md5 and rsa only), a secret must be provided. ; ; ; NOTE: All hostnames and IP addresses in this file are for example purposes ; only; you should not expect any of them to actually be available for ; your use. ; ;[markster] ;type=user ;context=default ;context=local ;auth=md5,plaintext,rsa ;secret=markpasswd ;setvar=ATTENDED_TRANSFER_COMPLETE_SOUND=beep ; This channel variable will ; cause the given audio file to ; be played upon completion of ; an attended transfer to the ; target of the transfer. ;dbsecret=mysecrets/place ; Secrets can be stored in astdb, too ;transfer=no ; Disable IAX2 native transfer ;transfer=mediaonly ; When doing IAX2 native transfers, transfer only ; the media stream ;jitterbuffer=yes ; Override the global setting and enable the jitter ; buffer for this user ;maxauthreq=10 ; Set the maximum number of outstanding AUTHREQs ; waiting for replies. If this limit is reached, ; any further authentication will be blocked, until ; the pending requests expire or a reply is ; received. ;callerid="Mark Spencer" <(256) 428-6275> ;deny=0.0.0.0/0.0.0.0 ;accountcode=markster0101 ;permit=209.16.236.73/255.255.255.0 ;language=en ; Use english as default language ;encryption=yes ; Enable IAX2 encryption. The default is no. ;keyrotate=off ; This is a compatibility option for older versions ; of IAX2 that do not support key rotation with ; encryption. This option will disable the ; IAX_COMMAND_RTENC message. The default is on. ; ; Peers may also be specified, with a secret and a remote hostname. ; ;[demo] ;type=peer ;username=asterisk ;secret=supersecret ;host=192.168.10.10 ;description=My IAX2 Peer ; Description of this peer, as listed by ; 'iax2 show peers' ;sendani=no ;host=asterisk.linux-support.net ;port=5036 ;mask=255.255.255.255 ;qualify=yes ; Make sure this peer is alive. ;qualifysmoothing = yes ; Use an average of the last two PONG results to ; reduce falsely detected LAGGED hosts. The default ; is 'no.' ;qualifyfreqok = 60000 ; How frequently to ping the peer when everything ; seems to be OK, in milliseconds. ;qualifyfreqnotok = 10000 ; How frequently to ping the peer when it's either ; LAGGED or UNAVAILABLE, in milliseconds. ;jitterbuffer=no ; Turn off jitter buffer for this peer ; ;encryption=yes ; Enable IAX2 encryption. The default is no. ;keyrotate=off ; This is a compatibility option for older versions ; of IAX2 that do not support key rotation with ; encryption. This option will disable the ; IAX_COMMAND_RTENC message. The default is 'on.' ; Peers can remotely register as well, so that they can be mobile. Default ; IPs can also optionally be given but are not required. Caller*ID can be ; suggested to the other side as well if it is for example a phone instead of ; another PBX. ;connectedline=yes ; Set if connected line and redirecting information updates ; ; are passed between Asterisk servers for this peer. ; ; yes - Sending and receiving updates are enabled. ; ; send - Only send updates. ; ; receive - Only process received updates. ; ; no - Sending and receiving updates are disabled. ; ; Default is "no". ; ; ; ; Note: Because of an incompatibility between Asterisk v1.4 ; ; and Asterisk v1.8 or later, this option must be set ; ; to "no" toward the Asterisk v1.4 peer. A symptom of the ; ; incompatibility is the call gets disconnected unexpectedly. ;[dynamichost] ;host=dynamic ;secret=mysecret ; Note: app_voicemail mailboxes must be in the form of mailbox@context. ;mailbox=1234 ; Notify about mailbox 1234 ;inkeys=key1:key2 ;peercontext=local ; Default context to request for calls to peer ;defaultip=216.207.245.34 ;callerid="Some Host" <(256) 428-6011> ;[biggateway] ;type=peer ;host=192.168.0.1 ;description=Gateway to PSTN ;context=* ;secret=myscret ;trunk=yes ; Use IAX2 trunking with this host ;timezone=America/New_York ; Set a timezone for the date/time IE ; ; Friends are a shortcut for creating a user and a peer with the same values. ; ;[marko] ;type=friend ;host=dynamic ;regexten=1234 ;secret=moofoo ; Multiple secrets may be specified. For a "user", all ;secret=foomoo ; specified entries will be accepted as valid. For a "peer", ;secret=shazbot ; only the last specified secret will be used. ;context=default ;permit=0.0.0.0/0.0.0.0 ;acl=example_named_acl ; ; With immediate=yes, an IAX2 phone or a phone on an IAXy acts as a hot-line ; which goes immediately to the s extension when picked up. Useful for ; elevator phones, manual service, or other similar applications. ; ;[manual] ;type=friend ;host=dynamic ;immediate=yes ; go immediately to s extension when picked up ;secret=moofoo ; when immediate=yes is specified, secret is required ;context=number-please ; we start at the s extension in this context ;