Configuring inbound SIP URI calls with trixbox

By Steve Biddle, in , posted: 2-Apr-2010 21:34

One of the great things about VoIP is the ability to make calls directly between VoIP phones, over the internet, without having to pay anything for the cost of the call.

Most IP phones on the market allow IP dialling direct to another phone. Many VoIP providers allow outbound SIP calling from phones to any SIP device on the internet. Some, but not all will allow inbound SIP URI calls. If you are running an IP PBX such as trixbox (or any Asterisk variant) you have the ability to accept inbound URI calls but this feature may not configured.

A SIP URI (Uniform Resource Locater) is essentially a form of  internet phone number, except it follows a SIP:name@domain or SIP:number@domain format and looks much like a cross between an email address and a website (but should not be confused with either). If you have a trixbox PBX with multiple extensions, IVR, or ringgroups, these can be called directly over the internet by another VoIP user, direct to your PBX, without having to go via the regular PSTN network or your VoIP provider. To implement this feature you need to have a static IP address for your internet connection, or be using a dynamic hostname provider such as DDNS.

Lets say your company is called Acme Phone Systems and you have the domain name of www.acmepbxphonesystems.com. You have 3 telephone extensions and a main incoming IVR welcoming callers, and want to allow people the ability to call you via SIP URI as well as your existing PSTN phone numbers.

You could allocate the main IVR it's own SIP URI which will allow callers to connect directly over the internet without having to call your PSTN phone number. They could simply call [email protected] from their IP phone and be connected directly you IP PBX. Likewise you could also allow individual extensions to be called, for example [email protected] or [email protected]. If you wanted you could also use your existing PSTN phone number and use [email protected] - the choice is up to you.

By default trixbox will not allow anonymous inbound SIP calls for security reasons. This feature is controlled by a setting "Allow Anonymous Inbound SIP Calls" which is in the General Settings menu.

 

image

Changing this to YES will automatically allow SIP URI's to work, but it's an extremely bad move. Unless you fully understand the significant security implications of enabling this it should always be set to off. Enabling this has the ability to allow unauthorised users to have access to your system and make free outbound calls if you have your system poorly configured or an insecure dialplan. When this is set to NO most inbound SIP URI calls will not be authenticated (ie they are anonymous) and will be blocked. A message saying "the number you have dialled is not in service" will be heard by the caller trying to call a SIP URI on your trixbox system.

A few simple changes need to be made to the trixbox configuration to allow inbound URI calls.

Log into your trixbox PBX and go to the PBX menu and select Config File Editor. This allows manual editing of all the Asterisk and trixbox configuration files.

  1. Click on /etc/asterisk
  2. Click on extensions.conf
  3. Click on from-sip-external
  4. Select and copy this text to your clipboard with Crtl-C

This text is the context settings called [from-sip-external] that processes all inbound SIP calls into your PBX. We can't edit this file because it's self generated by FreePBX, so we need to insert it into the extensions_override_freepbx.conf file.

As of March 2010 the content of this context is as follows, but is subject to change in future which is why it's best to use your own local copy.

[from-sip-external]
;give external sip users congestion and hangup
; Yes. This is _really_ meant to be _. - I know asterisk whines about it, but
; I do know what I'm doing. This is correct.
exten => _.,1,NoOp(Received incoming SIP connection from unknown peer to ${EXTEN})
exten => _.,n,Set(DID=${IF($["${EXTEN:1:2}"=""]?s:${EXTEN})})
exten => _.,n,Goto(s,1)
exten => s,1,GotoIf($["${ALLOW_SIP_ANON}"="yes"]?from-trunk,${DID},1)
exten => s,n,Set(TIMEOUT(absolute)=15)
exten => s,n,Answer
exten => s,n,Wait(2)
exten => s,n,Playback(ss-noservice)
exten => s,n,Playtones(congestion)
exten => s,n,Congestion(5)
exten => h,1,NoOp(Hangup)
exten => i,1,NoOp(Invalid)
exten => t,1,NoOp(Timeout)

 

  1. Click on /etc/asterisk
  2. Click of extensions_override_freepbx.conf
  3. Paste the contents of your clipboard into the editor using Ctrl-V

The [from-sip-external] context will now be used from the extensions_override_freepbx.conf file instead of the extensions.conf file. You can now manually edit this file to allow certain inbound SIP URI destinations to pass to your Inbound Routes in the PBX menu. These can be added in the area show below ====>>>>

    [from-sip-external]
    ;give external sip users congestion and hangup
    ; Yes. This is _really_ meant to be _. - I know asterisk whines about it, but
    ; I do know what I'm doing. This is correct.
    exten => _.,1,NoOp(Received incoming SIP connection from unknown peer to ${EXTEN})
    exten => _.,n,Set(DID=${IF($["${EXTEN:1:2}"=""]?s:${EXTEN})})
    exten => _.,n,Goto(s,1)
    exten => s,1,GotoIf($["${ALLOW_SIP_ANON}"="yes"]?from-trunk,${DID},1)

    ====>>>>

    exten => s,n,Set(TIMEOUT(absolute)=15)
    exten => s,n,Answer
    exten => s,n,Wait(2)
    exten => s,n,Playback(ss-noservice)
    exten => s,n,Playtones(congestion)
    exten => s,n,Congestion(5)
    exten => h,1,NoOp(Hangup)
    exten => i,1,NoOp(Invalid)
    exten => t,1,NoOp(Timeout)

     

    A few examples:

    exten => 202,1,Goto(from-trunk,202,1)

    exten => 205,1,Goto(from-trunk,205,1)

    exten => office,1,Goto(from-trunk,office,1)

     

    The file will now look like this:

     

    [from-sip-external]
    ;give external sip users congestion and hangup
    ; Yes. This is _really_ meant to be _. - I know asterisk whines about it, but
    ; I do know what I'm doing. This is correct.
    exten => _.,1,NoOp(Received incoming SIP connection from unknown peer to ${EXTEN})
    exten => _.,n,Set(DID=${IF($["${EXTEN:1:2}"=""]?s:${EXTEN})})
    exten => _.,n,Goto(s,1)
    exten => s,1,GotoIf($["${ALLOW_SIP_ANON}"="yes"]?from-trunk,${DID},1)
    exten => office,1,Goto(from-trunk,office,1)
    exten => 202,1,Goto(from-trunk,202,1)
    exten => s,n,Set(TIMEOUT(absolute)=15)
    exten => s,n,Answer
    exten => s,n,Wait(2)
    exten => s,n,Playback(ss-noservice)
    exten => s,n,Playtones(congestion)
    exten => s,n,Congestion(5)
    exten => h,1,NoOp(Hangup)
    exten => i,1,NoOp(Invalid)
    exten => t,1,NoOp(Timeout)

     

    We now need to set up some inbound routes in the PBX, Inbound Routes menu. An inbound route needs to be created for each SIP URI that you created above. Give the Incoming route a name and in the DID field enter the number or name that you used above for the URI and set the destination. For extension 202 you would like this to go to your local extension 202. For the office you may want to set this to a ring group or IVR menu.

     

    image image

     

    Once you have these set up you're all up and running. Any inbound SIP calls to the SIP addresses you specified will now be passed through to the selected destinations!

     

     



Other related posts:
Raspberry Pi – the ultimate home Asterisk PBX.
G.722 HD Audio. What’s the big deal?
Linksys SPA New Zealand Configuration








Comment by ohrass, on 25-Apr-2010 16:05

You are awesome! Worked like a charm! Thank you thank you thank you!


Comment by Ricardo, on 30-May-2010 11:15

Perfect! worked beautifully, thank you!


Comment by Joe Roper, on 16-Jun-2010 20:14

Your system is just as open whether anonymous SIP is on or off. Action when Allow SIP anonymous off: 1. Call comes in. 2. Call Answered 3. Sent to context which plays message - "This number is unavailable" 4. Call hung up. Result - caller knows it's a FreePBX / Asterisk system and can then go to the next step of identifying the distribution or aggregation, and then reaches for the appropriate hacker's tool box. Action when Allow SIP anonymous on: 1. Call comes in 2. Call Sent to inbound routes. 3. Matches on either caller ID or DID match. 4. If match on inbound route - then call goes to specified destination. 5. If no match. Sent to context which plays message - "This number is unavailable" Therefore, the results are pretty much identical which ever way you do it, except you have the extra functionality of accepting SIP URI. Stopping anonymous SIP callers dead in their tracks:- 1. Set allow anonymous sip calls to on. 2. Ensure every DID you own has an inbound route specific to the DID. 3. Add a catch-all where you have either _. or null in the DID field. 4. Set the catch-all Destination to "Hangup" Result. 1. Call comes in 2. Call Sent to inbound routes. 3. Matches on either caller ID or DID match. 4. If match on inbound route - then call goes to specified destination. 5. If no match, hung up immediately. I would say that this option is better than leaving anonymous SIP calls off. The call is never answered unless the caller knows your number. Advantages 1. Does not identify your platform type. 2. Allows people to call you for free - PROVIDED THEY KNOW YOUR NUMBER. 3. Less load on the platform for fishing expeditions - you are not playing a recorded message for every uninvited SIP call. 4. Hangs up people who try and phone you, and don't know your number. Conclusion. * This approach would appear to me to be far more secure than the default position. * The name "allow anonymous sip" calls gives the wrong impression as to its purpose. * Taking this approach will potentially reduce loads on your system, as well as offering extra functionality. * No manual changes to the dialplan are necessary. * People can phone you if they know your number - which is the same as its been since 1891 when Strowger released his automatic telephone exchange.


Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and shown in this blog post.

Your name:

Your e-mail:

Your webpage:

sbiddle's profile

Steve Biddle
Wellington
New Zealand


I'm an engineer who loves building solutions to solve problems.

My interests and skillset include:

*VoIP (Voice over IP). I work with various brands of hardware and PBX's on a daily basis
  -Asterisk (incl trixbox, PiaF, FreePBX, Elastix and AsteriskNOW)
  -Polycom
  -Cisco
  -Linksys
  -Patton
  -Zyxel
  -Snom
  -Sangoma
  -Audiocodes

*Telecommunications/Broadband
  -xDSL deployments
  -WiMAX
  -GSM/WCDMA

*Structured cabling
  -Home/office cabling
  -Phone & Data

*Computer networking
  -Mikrotik hardware
  -WAN/LAN solutions

*Wireless solutions
  -Motel/Hotel hotspot deployments
  -Outdoor wireless deployments, both small and large scale
  -Temporary wireless deployments
   
*CCTV solutions
  -Analogue and IP

I'm an #avgeek who loves to travel the world (preferably in seat 1A) and stay in nice hotels.


+My views do no represent my employer. I'm sure they'll be happy to give their own if you ask them.


You can contact me here or by email at [email protected]

twitter.com/stevebiddle










Located in NZ and after a cheap way to call friends or family in Australia?

Faktortel VoIP offers plans from $0 per month that offer you the convenience of being able to call landline numbers anywhere in Australia from A$ 10c per call (yes *per call*, not per minute!). An optional Australian DDI number also lets friends and family call you and they will only pay the cost of a local call. Interested? Check out Faktortel for more details.