Gotchas
- Debian SIP only uses TLS, while TLS support in Asterisk can be troublesome
- It is not recommended that you connect Asterisk directly to the public Internet, there are two ways to use it safely:
- # Consider a firewall configuration that only allows:
- outbound TCP (TLS) connections, such as the connection to Debian SIP service
Inbound and outbound UDP traffic in the port range defined in /etc/asterisk/rtp.conf
- Asterisk can talk to the proxy over straight TCP without TLS
- The proxy can then use TLS to interact with outside peers such as Debian SIP and all other federated SIP domains
See the RTC Quick Start guide to set up a SIP proxy like this
- # Consider a firewall configuration that only allows:
/etc/asterisk/sip.conf
Look for the exmaple register declarations
- Add something like this:
register => tls://username@debian.org:password@debian.org/8000
username@debian.org should be replaced with your SIP user ID
password is where you put your RTC password from Debian LDAP
@debian.org tells Asterisk you want to register to the debian.org SIP service
It is meant to take the tls:// prefix and the debian.org domain and do an SRV lookup to find the SIP proxy
Finally, it routes any incoming calls from the service to extension 8000 in the default context
The default context is the context defined in the [general] section of sip.conf
WebRTC support
Asterisk can talk to WebRTC clients, such as those calling from rtc.debian.org using JSCommunicator for example.
However, each peer definition in sip.conf must either explicitly be configured for AVPF (used by all legacy clients and softphones) or SAVPF (used by WebRTC)
- One way to deal with this is to run two Asterisk instances
one with savpf=no in sip.conf
the other using savpf=yes in sip.conf
- You then use a SIP proxy to route each call to the correct Asterisk instance
Here are the typically sip.conf settings (defined globally or on a per-peer basis) for WebRTC clients to talk to Asterisk:
savpf=yes encryption=yes icesupport=yes
Also consider defining a TURN server in /etc/asterisk/rtp.conf