aboutsummaryrefslogtreecommitdiffstats
path: root/configs/iax.conf.sample
blob: d08aa31dce59fc339cb848dcb1d1ec2bd9cea576 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
; Inter-Asterisk eXchange driver definition
;
; This configuration is re-read at reload
; or with the CLI command
; 	reload chan_iax2.so
;
; General settings, like port number to bind to, and
; an option address (the default is to bind to all
; local addresses).
;
[general]
;bindport=4569			; bindport and bindaddr may be specified
;                               ; NOTE: bindport must be specified BEFORE
				; bindaddr or may be specified on a specific
				; bindaddr if followed by colon and port
				;  (e.g. bindaddr=192.168.0.1:4569)
;bindaddr=192.168.0.1		; more than once to bind to multiple
;                               ; addresses, but the first will be the
;                               ; default
;
; Set iaxcompat to yes if you plan to use layered switches or
; some other scenario which may cause some delay when doing a
; lookup in the dialplan. It incurs a small performance hit to
; enable it. This option causes Asterisk to spawn a separate thread
; when it receives an IAX DPREQ (Dialplan Request) instead of
; blocking while it waits for a response.
;
;iaxcompat=yes
;
; Disable UDP checksums (if nochecksums is set, then no checkums will
; be calculated/checked on systems supporting this feature)
;
;nochecksums=no
;
;
; For increased security against brute force password attacks
; enable "delayreject" which will delay the sending of authentication
; reject for REGREQ or AUTHREP if there is a password.
;
;delayreject=yes
;
; You may specify a global default AMA flag for iaxtel calls.  It must be
; one of 'default', 'omit', 'billing', or 'documentation'.  These flags
; are used in the generation of call detail records.
;
;amaflags=default
;
; ADSI (Analog Display Services Interface) can be enabled if you have
; (or may have) ADSI compatible CPE equipment
;
;adsi=no
;
; Perform an SRV lookup on outbound calls
;
;srvlookup=yes
;
; You may specify a default account for Call Detail Records in addition
; to specifying on a per-user basis
;
;accountcode=lss0101
;
; You may specify a global default language for users.
; Can be specified also on a per-user basis
; If omitted, will fallback to english
;
;language=en
;
; This option specifies a preference for which music on hold class this channel
; should listen to when put on hold if the music class has not been set on the
; channel with Set(CHANNEL(musicclass)=whatever) in the dialplan, and the peer
; channel putting this one on hold did not suggest a music class.
;
; If this option is set to "passthrough", then the hold message will always be
; passed through as signalling instead of generating hold music locally.
;
; This option may be specified globally, or on a per-user or per-peer basis.
;
;mohinterpret=default
;
; This option specifies which music on hold class to suggest to the peer channel
; when this channel places the peer on hold. It may be specified globally or on
; a per-user or per-peer basis.
;
;mohsuggest=default
;
; Specify bandwidth of low, medium, or high to control which codecs are used
; in general.
;
bandwidth=low
;
; You can also fine tune codecs here using "allow" and "disallow" clauses
; with specific codecs.  Use "all" to represent all formats.
;
;allow=all			; same as bandwidth=high
;disallow=g723.1		; Hm...  Proprietary, don't use it...
disallow=lpc10			; Icky sound quality...  Mr. Roboto.
;allow=gsm			; Always allow GSM, it's cool :)
;

; You can adjust several parameters relating to the jitter buffer.
; The jitter buffer's function is to compensate for varying
; network delay.
;
; All the jitter buffer settings are in milliseconds.
; The jitter buffer works for INCOMING audio - the outbound audio
; will be dejittered by the jitter buffer at the other end.
;
; jitterbuffer=yes|no: global default as to whether you want
; the jitter buffer at all.
;
; forcejitterbuffer=yes|no: in the ideal world, when we bridge VoIP channels
; we don't want to do jitterbuffering on the switch, since the endpoints
; can each handle this.  However, some endpoints may have poor jitterbuffers
; themselves, so this option will force * to always jitterbuffer, even in this
; case.
;
; maxjitterbuffer: a maximum size for the jitter buffer.
; Setting a reasonable maximum here will prevent the call delay
; from rising to silly values in extreme situations; you'll hear
; SOMETHING, even though it will be jittery.
;
; resyncthreshold: when the jitterbuffer notices a significant change in delay
; that continues over a few frames, it will resync, assuming that the change in
; delay was caused by a timestamping mix-up. The threshold for noticing a
; change in delay is measured as twice the measured jitter plus this resync
; threshold.
; Resyncing can be disabled by setting this parameter to -1.
;
; maxjitterinterps: the maximum number of interpolation frames the jitterbuffer
; should return in a row. Since some clients do not send CNG/DTX frames to
; indicate silence, the jitterbuffer will assume silence has begun after
; returning this many interpolations. This prevents interpolating throughout
; a long silence.
;
;
; jittertargetextra: number of milliseconds by which the new jitter buffer
; will pad its size. the default is 40, so without modification, the new
; jitter buffer will set its size to the jitter value plus 40 milliseconds.
; increasing this value may help if your network normally has low jitter,
; but occasionally has spikes.
;

jitterbuffer=no
forcejitterbuffer=no
;maxjitterbuffer=1000
;maxjitterinterps=10
;resyncthreshold=1000
;jittertargetextra=40

; Minimum and maximum amounts of time that IAX peers can request as
; a registration expiration interval (in seconds).
; minregexpire = 60
; maxregexpire = 60
;
; Enable IAX2 encryption.  The default is no.
;
; encryption = yes
;
; Force encryption insures no connection is established unless both sides support
; encryption.  By turning this option on, encryption is automatically turned on as well.
;
; forceencryption = yes

; This option defines the maximum payload in bytes an IAX2 trunk can support at a given time.
; The best way to explain this is to provide an example.  If the maximum number of calls
; to be supported is 800, and each call transmits 20ms frames of audio using ulaw
; ((8000hz / 1000ms) * 20ms * 1 byte per sample = 160 bytes per frame), the maximum load
; in bytes is (160 bytes per frame) * (800 calls) = 128000 bytes total. Once this limit is
; reached, calls may be dropped or begin to lose audio.  Depending on the codec in use and
; number of channels to be supported this value may need to be raised, but in most cases the
; default value is large enough.
;
; trunkmaxsize = 128000 ; defaults to 128000 bytes, which supports up to 800 calls of ulaw
;                       ; at 20ms a frame.

; With a large amount of traffic on IAX2 trunks, there is a risk of bad voice quality when
; allowing the Linux system to handle fragmentation of UDP packets. Depending on the size of
; each payload, allowing the O/S to handle fragmentation may not be very efficient. This
; setting sets the maximum transmission unit for IAX2 UDP trunking. The default is 1240 bytes
; which means if a trunk's payload is over 1240 bytes for every 20ms it will be broken into
; multiple 1240 byte messages.  Zero disables this functionality and let's the O/S handle
; fragmentation.
;
; trunkmtu = 1240 ; trunk data will be sent in 1240 byte messages.

; trunkfreq sets how frequently trunk messages are sent in milliseconds. This value is 20ms by
; default, which means the trunk will send all the date queued to it in the past 20ms.  By
; increasing the time between sending trunk messages, the trunk's payload size will increase as
; well.  Note, depending on the size set by trunkmtu, messages may be sent more often than
; specified.  For example if a trunk's message size grows to the trunkmtu size before 20ms is
; reached that message will be sent immediately.
;
; trunkfreq=20     ; How frequently to send trunk msgs (in ms). This is 20ms by default.

; Should we send timestamps for the individual sub-frames within trunk frames?
; There is a small bandwidth use for these (less than 1kbps/call), but they
; ensure that frame timestamps get sent end-to-end properly.  If both ends of
; all your trunks go directly to TDM, _and_ your trunkfreq equals the frame
; length for your codecs, you can probably suppress these.  The receiver must
; also support this feature, although they do not also need to have it enabled.
;
; trunktimestamps=yes
;

; IAX helper threads

; Establishes the number of iax helper threads to handle I/O.
; iaxthreadcount = 10
; Establishes the number of extra dynamic threads that may be spawned to handle I/O
; iaxmaxthreadcount = 100
;
; We can register with another IAX server to let him know where we are
; in case we have a dynamic IP address for example
;
; Register with tormenta using username marko and password secretpass
;
;register => marko:secretpass@tormenta.linux-support.net
;
; Register joe at remote host with no password
;
;register => joe@remotehost:5656
;
; Register marko at tormenta.linux-support.net using RSA key "torkey"
;
;register => marko:[torkey]@tormenta.linux-support.net
;
; Sample Registration for iaxtel
;
; Visit http://www.iaxtel.com to register with iaxtel.  Replace "user"
; and "pass" with your username and password for iaxtel.  Incoming
; calls arrive at the "s" extension of "default" context.
;
;register => user:pass@iaxtel.com
;
; Sample Registration for IAX + FWD
;
; To register using IAX with FWD, it must be enabled by visiting the URL
; http://www.fwdnet.net/index.php?section_id=112
;
; Note that you need an extension in you default context which matches
; your free world dialup number.  Please replace "FWDNumber" with your
; FWD number and "passwd" with your password.
;
;register => FWDNumber:passwd@iax.fwdnet.net
;
; Through the use of the res_stun_monitor module, Asterisk has the ability to detect when the
; perceived external network address has changed.  When the stun_monitor is installed and
; configured, chan_iax will renew all outbound registrations when the monitor detects any sort
; of network change has occurred. By default this option is enabled, but only takes effect once
; res_stun_monitor is configured.  If res_stun_monitor is enabled and you wish to not
; generate all outbound registrations on a network change, use the option below to disable
; this feature.
;
; subscribe_network_change_event = yes ; on by default
;
; You can disable authentication debugging to reduce the amount of
; debugging traffic.
;
;authdebug=no
;
; See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for a description of these parameters.
;tos=ef
;cos=5
;
; If regcontext is specified, Asterisk will dynamically create and destroy
; a NoOp priority 1 extension for a given peer who registers or unregisters
; with us.  The actual extension is the 'regexten' parameter of the registering
; peer or its name if 'regexten' is not provided.  More than one regexten
; may be supplied if they are separated by '&'.  Patterns may be used in
; regexten.
;
;regcontext=iaxregistrations
;
; If we don't get ACK to our NEW within 2000ms, and autokill is set to yes,
; then we cancel the whole thing (that's enough time for one retransmission
; only).  This is used to keep things from stalling for a long time for a host
; that is not available, but would be ill advised for bad connections.  In
; addition to 'yes' or 'no' you can also specify a number of milliseconds.
; See 'qualify' for individual peers to turn on for just a specific peer.
;
autokill=yes
;
; codecpriority controls the codec negotiation of an inbound IAX call.
; This option is inherited to all user entities.  It can also be defined
; in each user entity separately which will override the setting in general.
;
; The valid values are:
;
; caller   - Consider the callers preferred order ahead of the host's.
; host     - Consider the host's preferred order ahead of the caller's.
; disabled - Disable the consideration of codec preference altogether.
;            (this is the original behaviour before preferences were added)
; reqonly  - Same as disabled, only do not consider capabilities if
;            the requested format is not available the call will only
;            be accepted if the requested format is available.
;
; The default value is 'host'
;
;codecpriority=host
;
; allowfwdownload controls whether this host will serve out firmware to
; IAX clients which request it.  This has only been used for the IAXy,
; and it has been recently proven that this firmware distribution method
; can be used as a source of traffic amplification attacks.  Also, the
; IAXy firmware has not been updated for at least 18 months, so unless
; you are provisioning IAXys in a secure network, we recommend that you
; leave this option to the default, off.
;
;allowfwdownload=yes

;rtcachefriends=yes	; Cache realtime friends by adding them to the internal list
			; just like friends added from the config file only on a
			; as-needed basis? (yes|no)

;rtsavesysname=yes    ; Save systemname in realtime database at registration
                      ; Default = no

;rtupdate=yes		; Send registry updates to database using realtime? (yes|no)
			; If set to yes, when a IAX2 peer registers successfully,
			; the ip address, the origination port, the registration period,
			; and the username of the peer will be set to database via realtime.
			; If not present, defaults to 'yes'.

;rtautoclear=yes	; Auto-Expire friends created on the fly on the same schedule
			; as if it had just registered? (yes|no|<seconds>)
			; If set to yes, when the registration expires, the friend will
			; vanish from the configuration until requested again.
			; If set to an integer, friends expire within this number of
			; seconds instead of the registration interval.

;rtignoreregexpire=yes	; When reading a peer from Realtime, if the peer's registration
			; has expired based on its registration interval, used the stored
			; address information regardless. (yes|no)

;parkinglot=edvina		; Default parkinglot for IAX peers and users
				; This can also be configured per device
				; Parkinglots are defined in features.conf


;
; The following two options are used to disable call token validation for the
; purposes of interoperability with IAX2 endpoints that do not yet support it.
;
; Call token validation can be set as optional for a single IP address or IP
; address range by using the 'calltokenoptional' option. 'calltokenoptional' is
; only a global option.  
;
;calltokenoptional=209.16.236.73/255.255.255.0
;
; By setting 'requirecalltoken=no', call token validation becomes optional for
; that peer/user.  By setting 'requirecalltoken=auto', call token validation 
; is optional until a call token supporting peer registers successfully using
; call token validation.  This is used as an indication that from now on, we
; can require it from this peer.  So, requirecalltoken is internally set to yes.
; requirecalltoken may only be used in peer/user/friend definitions,
; not in the global scope.
; By default, 'requirecalltoken=yes'.
;
;requirecalltoken=no
;

;
; These options are used to limit the amount of call numbers allocated to a
; single IP address.  Before changing any of these values, it is highly encouraged
; to read the user guide associated with these options first.  In most cases, the
; default values for these options are sufficient.
;
; The 'maxcallnumbers' option limits the amount of call numbers allowed for each
; individual remote IP address.  Once an IP address reaches it's call number
; limit, no more new connections are allowed until the previous ones close.  This
; option can be used in a peer definition as well, but only takes effect for
; the IP of a dynamic peer after it completes registration.
;
;maxcallnumbers=512
;
; The 'maxcallnumbers_nonvalidated' is used to set the combined number of call
; numbers that can be allocated for connections where call token  validation
; has been disabled.  Unlike the 'maxcallnumbers' option, this limit is not
; separate for each individual IP address.  Any connection resulting in a
; non-call token validated call number being allocated contributes to this
; limit.  For use cases, see the call token user guide.  This option's 
; default value of 8192 should be sufficient in most cases.
;
;maxcallnumbers_nonvalidated=1024
;
; The [callnumberlimits] section allows custom call number limits to be set
; for specific IP addresses and IP address ranges.  These limits take precedence
; over the global 'maxcallnumbers' option, but may still be overridden by a
; peer defined 'maxcallnumbers' entry.  Note that these limits take effect
; for every individual address within the range, not the range as a whole. 
;
;[callnumberlimits]
;10.1.1.0/255.255.255.0 = 24
;10.1.2.0/255.255.255.0 = 32
;

; The shrinkcallerid function removes '(', ' ', ')', non-trailing '.', and '-' not
; in square brackets.  For example, the caller id value 555.5555 becomes 5555555
; when this option is enabled.  Disabling this option results in no modification
; of the caller id value, which is necessary when the caller id represents something
; that must be preserved.  This option can only be used in the [general] section.
; By default this option is on.
;
;shrinkcallerid=yes     ; on by default

; Guest sections for unauthenticated connection attempts.  Just specify an
; empty secret, or provide no secret section.
;
[guest]
type=user
context=default
callerid="Guest IAX User"

;
; Trust Caller*ID Coming from iaxtel.com
;
[iaxtel]
type=user
context=default
auth=rsa
inkeys=iaxtel

;
; Trust Caller*ID Coming from iax.fwdnet.net
;
[iaxfwd]
type=user
context=default
auth=rsa
inkeys=freeworlddialup

;
; Trust callerid delivered over DUNDi/e164
;
;
;[dundi]
;type=user
;dbsecret=dundi/secret
;context=dundi-e164-local

;
; Further user sections may be added, specifying a context and a secret used
; for connections with that given authentication name.  Limited IP based
; access control is allowed by use of "permit" and "deny" keywords.  Multiple
; rules are permitted.  Multiple permitted contexts may be specified, in
; which case the first will be the default.  You can also override caller*ID
; so that when you receive a call you set the Caller*ID to be what you want
; instead of trusting what the remote user provides
;
; There are three authentication methods that are supported:  md5, plaintext,
; and rsa.  The least secure is "plaintext", which sends passwords cleartext
; across the net.  "md5" uses a challenge/response md5 sum arrangement, but
; still requires both ends have plain text access to the secret.  "rsa" allows
; unidirectional secret knowledge through public/private keys.  If "rsa"
; authentication is used, "inkeys" is a list of acceptable public keys on the
; local system that can be used to authenticate the remote peer, separated by
; the ":" character.  "outkey" is a single, private key to use to authenticate
; to the other side.  Public keys are named /var/lib/asterisk/keys/<name>.pub
; while private keys are named /var/lib/asterisk/keys/<name>.key.  Private
; keys should always be 3DES encrypted.
;
;
; NOTE: All hostnames and IP addresses in this file are for example purposes
;       only; you should not expect any of them to actually be available for
;       your use.
;
;
;[markster]
;type=user
;context=default
;context=local
;auth=md5,plaintext,rsa
;secret=markpasswd
;setvar=ATTENDED_TRANSFER_COMPLETE_SOUND=beep   ; This channel variable will
                                                ; cause the given audio file to
                                                ; be played upon completion of
                                                ; an attended transfer.
;dbsecret=mysecrets/place	; Secrets can be stored in astdb, too
;transfer=no		; Disable IAX native transfer
;transfer=mediaonly	; When doing IAX native transfers, transfer
			; only media stream
;jitterbuffer=yes	; Override global setting an enable jitter buffer
;			; for this user
;maxauthreq=10          ; Set maximum number of outstanding AUTHREQs waiting for replies. Any further authentication attempts will be blocked
;                       ; if this limit is reached until they expire or a reply is received.
;callerid="Mark Spencer" <(256) 428-6275>
;deny=0.0.0.0/0.0.0.0
;accountcode=markster0101
;permit=209.16.236.73/255.255.255.0
;language=en		; Use english as default language
;encryption=yes ; Enable IAX2 encryption.  The default is no.
;keyrotate=off ; This is a compatibility option for older versions of
;              ; IAX2 that do not support key rotation with encryption.
;              ; This option will disable the IAX_COMMAND_RTENC message.
;              ; default is on.
;              ;
;
; Peers may also be specified, with a secret and
; a remote hostname.
;
[demo]
type=peer
username=asterisk
secret=supersecret
host=216.207.245.47
description=Demo System At Digium	; Description of this peer, as listed by 'iax2 show peers'
;sendani=no
;host=asterisk.linux-support.net
;port=5036
;mask=255.255.255.255
;qualify=yes			; Make sure this peer is alive
;qualifysmoothing = yes		; use an average of the last two PONG
				; results to reduce falsely detected LAGGED hosts
				; Default: Off
;qualifyfreqok = 60000		; how frequently to ping the peer when
				; everything seems to be ok, in milliseconds
;qualifyfreqnotok = 10000	; how frequently to ping the peer when it's
				; either LAGGED or UNAVAILABLE, in milliseconds
;jitterbuffer=no		; Turn off jitter buffer for this peer
;
;encryption=yes ; Enable IAX2 encryption.  The default is no.
;keyrotate=off ; This is a compatibility option for older versions of
;              ; IAX2 that do not support key rotation with encryption.
;              ; This option will disable the IAX_COMMAND_RTENC message.
;              ; default is on.
;              ;
; Peers can remotely register as well, so that they can be mobile.  Default
; IP's can also optionally be given but are not required.  Caller*ID can be
; suggested to the other side as well if it is for example a phone instead of
; another PBX.
;

;[dynamichost]
;host=dynamic
;secret=mysecret
;mailbox=1234		; Notify about mailbox 1234
;inkeys=key1:key2
;peercontext=local	; Default context to request for calls to peer
;defaultip=216.207.245.34
;callerid="Some Host" <(256) 428-6011>
;

;
;[biggateway]
;type=peer
;host=192.168.0.1
;description=Gateway to PSTN
;context=*
;secret=myscret
;trunk=yes			; Use IAX2 trunking with this host
;timezone=America/New_York	; Set a timezone for the date/time IE
;

;
; Friends are a short cut for creating a user and
; a peer with the same values.
;
;[marko]
;type=friend
;host=dynamic
;regexten=1234
;secret=moofoo   ; Multiple secrets may be specified. For a "user", all
;secret=foomoo   ; specified entries will be accepted as valid. For a "peer",
;secret=shazbot  ; only the last specified secret will be used.
;context=default
;permit=0.0.0.0/0.0.0.0

;
; With immediate=yes, an IAX phone or a phone on an IAXy acts as a hot-line
; which goes immediately to the s extension when picked up.  Useful for
; elevator phones, manual service, or other similar applications.
;
;[manual]
;type=friend
;host=dynamic
;immediate=yes  ; go immediately to s extension when picked up
;secret=moofoo	; when immediate=yes is specified, secret is required
;context=number-please ; we start at the s extension in this context
;