Manualshelf

System information

ManualsBrandsATech Machine ManualsComputer equipmentLIBRA-02 M
121122123124125126127128129130
In the [office-phone] template we’ve defined several options required for authentica-
tion and control of calls to and from devices that use that template. The first option
we’ve configured is the type, which we’ve set to friend. This tells the channel driver to
attempt to match on name first, and then IP address.
SIP Configuration Matching and the type Option
In the example we have provided, the configuration for SIP phones is set with
type=friend. There are two other type definitions you can use: user and peer. The
difference between them has to do with how Asterisk interprets incoming SIP requests.
The rules are covered in this table:
type = Description
peer Match incoming requests to a configuration entry using the source IP address and port number.
user Match incoming requests to a configuration entry using the username in the From header of the SIP
request. This name is matched to a section in sip.conf with the same name in square brackets.
friend This enables matching rules for both peer and user. This is the setting most commonly used for SIP phones.
When a request from a telephone is received and authenticated by Asterisk, the re-
quested extension number is handled by the dialplan in the context defined in the device
configuration; in our case, the context named LocalSets.
The host option is used when we need to send a request to the telephone (such as when
we want to call someone). Asterisk needs to know where the device is on the network.
By defining the value as dynamic, we let Asterisk know that the telephone will tell us
where it is on the network instead of having its location defined statically. If we wanted
to define the address statically, we could replace dynamic with an IP address such as
192.168.128.30.
The nat option is used to tell Asterisk to enable some tricks to make phone calls work
when a SIP phone may be located behind a NAT. This is important because the SIP
protocol includes IP addresses in messages. If a phone is on a private network, it may
end up placing private addresses in SIP messages, which are often not useful.
The password for the device is defined by the secret parameter. While this is not strictly
required, you should note that it is quite common for unsavory folks to run phishing
scripts that look for exposed VoIP accounts with insecure passwords and simple device
names (such as a device name of 100 with a password of 1234). By utilizing an uncom-
mon device name such as a MAC address, and a password that is a little harder to guess,
we can significantly lower the risk to our system should we need to expose it to the
outside world.
Configuring Asterisk | 93