Creating a Basic IP PBX with Asterisk

3
11296

IP PBX visual

Asterisk is a software switching platform, capable of running on standardised PC hardware with the requisite accessories to connect to various telecom networks. In this third article in the series, the author explains how to create a basic IP private branch exchange (PBX).

Transforming the open source Asterisk software to a fully functional IP PBX is achieved with a few simple steps. In the previous sessions, we have familiarised ourselves with the general Asterisk environment as well as the common hardware involved. In this article, we will go into the details of creating a basic IP PBX.
We first need to decide on the configuration of the PBX —is it going to be a pure IP PBX or will it also connect to ISDN, GSM, etc? Let’s select a very common configuration for the Indian scenario—an IP PBX for 100 subscribers with one PRI and four GSM trunks.
Let us start by defining the OS, which could theoretically be any Linux flavour like Debian, CentOS, Ubuntu, etc. We will base all further discussions on CentOS.
Next is the selection of the hardware. It’s preferable to select server hardware rather than typical desktop hardware, as we expect the PBX to run 24 hours and have a lifespan of at least 5-10 years. In a 100-subscriber scenario, we can opt for an Intel dual core or a Core i3 with 4GB RAM and a 500GB hard disk drive. The 100-subscriber configuration can also work with 2GB RAM, but may have quality issues, when a lot of subscribers make calls simultaneously. Even the 4GB RAM set-up may have problems if all the 100 subscribers make calls at the same time. These values are based on my experience of the typical load in a 100-subscriber environment. For higher loads like 500 or 1000 subscribers, the use of higher RAM configurations and SSD hard disks for CDRs and log files is recommended.
After hardware selection and installation of the OS, we move on towards the software installation.

Disabling SELinux
In CentOS, the security-enhanced Linux (SELinux) system is enabled by default, and it often gets in the way of Asterisk. There are multiple articles on the Internet that describe the correct configuration of SELinux, but we’ll disable it for the sake of simplicity.

Installing basic libraries
The code given below will install OpenSSL security, the gcc compiler, the ncurses GUI library, the XML library, the SQLite database, etc.

yum install -y make wget openssl-devel ncurses-devel newt-devel libxml2-devel kernel-devel gcc gcc-c++ sqlite-devel libuuid-devel

These base libraries are required for subsequent modules.

Installing DAHDI
DAHDI (Digium/Asterisk Hardware Device Interface) is a framework for interfacing with digital telephony cards in Asterisk. It contains drivers for the interface and also tools for monitoring. As we are using a PRI card in our configuration, this installation needs to be done.

Download:
cd /usr/src/
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-2.9.2+2.9.2.tar.gz
Unzip:
tar zxvf dahdi-linux-complete-2.9.2+2.9.2.tar.gz
Install:
cd /usr/src/dahdi-linux-complete-2.9.2+2.9.2
make
make install
make config

Installing libpri

libpri is required to handle the protocol part of the PRI interface.

Download:
wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-1.4.15.tar.gz
Unzip:
tar zxvf libpri-1.4.15.tar.gz
Install:
cd /usr/src/libpri-1.4.15.tar.gz
make
make install

Installing Asterisk
Now, we are ready to install a basic version of Asterisk. Let’s download version 11, which is a LTS (Long Term Support) release.

Download:
wget http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-11.11.0.tar.gz
Unzip:
tar zxvf asterisk-11.11.0.tar.gz
Install:
cd /usr/src/asterisk-11.11.0
./configure
make menuselect

Now you get a GUI, a Menuselect menu, listing categories such as applications, channel drivers, and PBX modules. On the right-hand side, you’ll see a list of modules that correspond with the select category. At the bottom of the screen, you’ll see two buttons. You can use the Tab key to switch between the various sections, and press the Enter key to select or unselect a particular module. If you see [*] next to a module name, it signifies that the module has been selected. If you see *XXX next to a module name, it signifies that the select module cannot be built, as one of its dependencies is missing. In that case, you can look at the bottom of the screen for the line labelled ‘Depends upon:’ for a description of the missing dependency. Once Menuselect is executed, and the required applications, channel drivers and modules selected, exit the GUI.

make
make install
make config
make samples

make samples installs the configuration and contains more than just an example configuration. The sample configuration files historically were used predominantly for documentation of available options. As such, they contain many examples for configuring Asterisk that may not be ideal for standard deployments. Sample installation is helpful as it creates sample configurations of all configuration files. We can select specific ones like sip.conf and extensions.conf and overwrite them. Else, we might need to create a series of configuration files from scratch.

Start services

service dahdi start
service asterisk start

For Debian or Ubuntu users, the installation of basic libraries and start services is slightly different, as shown below:

apt-get install build-essential wget libssl-dev libncurses5-dev libnewt-dev libxml2-dev linux-headers-$(uname -r) libsqlite3-dev uuid-dev
Start services:
/etc/init.d/dahdi start
/etc/init.d/asterisk start

All the other steps remain the same.

Installing SIP phones
Basic Asterisk is an IP PBX, which can interconnect IP phones with the SIP (Session Initiation Protocol) or IAX (Inter Asterisk eXchange) protocol. SIP is quite widespread and best suited for communication with other systems. IAX is a very compact protocol with less bandwidth requirements, which is proprietary to asterisk, and can be used where limited bandwidth is available.
There are three types of endpoints you would typically provide your users with, which could serve as a telephone set. They are popularly referred to as hardphones –- physical devices like normal telephones with a handset, buttons, etc; softphones -– software applications that run on top of laptops or desktops; and analogue terminal adaptors (ATAs) –- connectors for traditional analogue devices like analogue phones, faxes, etc. All of them are configured as SIP extensions in Asterisk. To configure the SIP extensions, we need to edit /etc/asterisk/sip.conf.

[general]

context=unauthenticated
allowguest=no
alwaysauthreject=yes

[test-phone](!)

type=friend
host=dynamic
context=office-device
disallow=all
allow=ulaw
allow=alaw

[ramesh](test-phone)

secret=my5UP3rp@s5!

[suresh](test-phone)

secret=my5UP3rp@s5II

The [general] section is a standard section that appears at the top of the configuration file for all channel modules, containing general configuration options for how that protocol relates to your system and can be used to define default parameters as well. In Asterisk, we define all actions based on context. In general, we specify that the default context is the context called ‘unauthenticated’, with no actions defined in this context. So, if users have not authenticated themselves in a context, they will not be able to carry out any action. The allowguest parameter specifies that any unauthenticated users are not allowed. Unethical hackers try to guess usernames by trying different usernames. By specifying alwaysauthreject, we instruct the system to output ‘userrejected’ for wrong username+password combinations, and not the ‘user not found’ message.
In the next section, we define a template we have chosen to name [test-phone]. We’ve created it as a template so that we can use the values within it for all of our devices.
In the [test-phone] template, we’ve defined several options required for authentication and control of calls to and from devices that use that template. The first option we’ve configured is the type, which we’ve set to friend. This tells the channel driver to attempt to match calls on the name first, and then on the IP address.
The host option is used when we need to send a request to the telephone (such as when we want to call someone). Asterisk needs to know where the device is on the network. By defining the value as dynamic, we let Asterisk know that the telephone will tell us where it is on the network instead of having its location defined statically.
When a request from a telephone is received and authenticated by Asterisk, the requested extension number is handled by the dialplan in the context defined in the device configuration; in our case, the context is named office-device.
The password for the device is defined by the secret parameter. While this is not strictly required, you should note that it is quite common for unethical hackers to run phishing scripts that look for exposed VoIP accounts with insecure passwords and simple device names (such as a device name of 666 with a password of 666). By utilising an uncommon device name such as a MAC address, and a password that is a little harder to guess, we can significantly lower the risk to our system should we need to expose it to the outside world.
Now that we’re finished with our template, we can define our device names and, using the test-phone template, greatly simplify the amount of details required under each device section. The device name is defined in the square brackets, and the template to be applied is defined in the parentheses following the device name. We can add additional options to the device name by specifying them below the device name.
Each time we change this file, we need to reload the file at the Asterisk prompt. To start Asterisk in verbose mode, use the following command:

asterisk -vvvvr

The number of ‘v’s indicate the level of verbosity required. You will obtain the CLI prompt. To reload SIP configurations, use the following command:

*CLI>sip reload

You may verify if the new channels are loaded, by typing the following command:

*CLI>sip show peers

You would have noticed that Suresh and Ramesh do not have any numbers allocated to them. This is done in the dialplan, by editing /etc/asterisk/extensions.conf.

[office-device]
exten => 100,1,Dial(SIP/ramesh)
exten => 101,1,Dial(SIP/suresh)

This basic dialplan will allow you to dial your SIP devices using extensions 100 and 101. If somebody dials the number 100 in the ‘office-device’ context, the call will be routed to Ramesh. All of these extensions are arbitrary numbers and could be anything you want. You may also choose 4- or 5-digit numbers. You will need to reload your dialplan before changes take effect in Asterisk.

*CLI>diaplan reload

You should now be able to dial between your two new extensions. Open up the CLI in order to see the call progression. Before that, you need to set up the new phones with the user name and password defined in sip.conf. It will show something like what follows:

Connected to Asterisk 1.8.23.0-vici currently running on localhost
Versbosity is atleast 21
[Oct 9 18:11:30] == Using SIP RTP CoS mark 5
[Oct 9 18:11:30] -- Executing [100@office-device:1] Dial(“SIP/ramesh-0000005”, “SIP/suresh”
[Oct 9 18:11:30] – Called SIP/suresh
[Oct 9 18:11:30] – SIP/suresh-000006 ringing
[Oct 9 18:11:30] – SIP/suresh-000006 answered SIP/ramesh-0000005
[Oct 9 18:11:30] – Locally bridging SIP/ramesh-00000005 and SIP/suresh-00000006

You have made your first successful call between two IP phones. Congratulations!

3 COMMENTS

  1. Great guide, Graham. Although it completely depends on the needs and size of the business, I would recommend an on-premise IP PBX system. Since every small business eventually becomes a medium and then a large business, it would be good to consider a long-term plan. An IP PBX may be expensive initially but if you consider it for a long-term use, you will see that it is more reasonable.

  2. Really, It’s a very helpful blog for those people, who want to know about PBX system. I would love to say that its very useful for my knowledge.

LEAVE A REPLY

Please enter your comment!
Please enter your name here