Asterisk - The Open Source Telephony Project GIT-master-f36a736
iax.conf
;
; Inter-Asterisk eXchange v2 (IAX2) Channel Driver configuration
;
; This configuration is read when the chan_iax2.so module is loaded, and is
; re-read when the module is reloaded, such as when invoking the CLI command:
;
;     *CLI> iax2 reload
;

; General settings, like port number to bind to, and an option address (the
; default is to bind to all local addresses).

[general]

; Listener Addresses
;
; Use the 'bindaddr' and 'bindport' options to specify on which address and port
; the IAX2 channel driver will listen for incoming requests.
;
;

;bindport=4569           ; The default port to listen on
                         ; NOTE: bindport must be specified BEFORE bindaddr or
                         ; may be specified on a specific bindaddr if followed by
                         ; colon and port (e.g. bindaddr=192.168.0.1:4569) or for
                         ; IPv6 the address needs to be in brackets then colon
                         ; and port (e.g. bindaddr=[2001:db8::1]:4569).

;bindaddr=192.168.0.1    ; You can specify 'bindaddr' more than once to bind to
                         ; multiple addresses, but the first will be the
                         ; default. IPv6 addresses are accepted.

;
; Set 'iaxcompat' to yes if you plan to use layered switches or some other
; scenario which may cause some delay when doing a lookup in the dialplan. It
; incurs a small performance hit to enable it. This option causes Asterisk to
; spawn a separate thread when it receives an IAX2 DPREQ (Dialplan Request)
; instead of blocking while it waits for a response.
;
; Accepted values: yes, no
; Default value:   no
;
;iaxcompat=yes
;

;
; Disable UDP checksums (if nochecksums is set, then no checksums will
; be calculated/checked on systems supporting this feature)
;
; Accepted values: yes, no
; Default value:   no
;
;nochecksums=yes
;

;
; For increased security against brute force password attacks enable
; 'delayreject' which will delay the sending of authentication reject for REGREQ
; or AUTHREP if there is a password.
;
; Accepted values: yes, no
; Default value:   no
;
;delayreject=yes
;

;
; You may specify a global default AMA flag for iax calls.  These flags are
; used in the generation of call detail records.
;
; Accepted values: default, omit, billing, documentation
; Default value:   default
;
;amaflags=billing
;

;
; ADSI (Analog Display Services Interface) can be enabled if you have (or may
; have) ADSI compatible CPE equipment.
;
; Accepted values: yes, no
; Default value:   no
;
;adsi=yes
;

;
; Whether or not to perform an SRV lookup on outbound calls.
;
; Accepted values: yes, no
; Default value:   no
;
;srvlookup=yes
;

;
; You may specify a default account for Call Detail Records (CDRs) in addition to
; specifying on a per-user basis.
;
; Accepted values: Any string value up to 19 characters in length
; Default value:   <empty>
;
;accountcode=lss0101
;

;
; You may specify a global default language for users.  This can be specified
; also on a per-user basis.  If omitted, will fallback to English (en).
;
; Accepted values: A language tag such as 'en' or 'es'
; Default value:   en
;
;language=en
;

;
; This option specifies a preference for which music-on-hold class this channel
; should listen to when put on hold if the music class has not been set on the
; channel with Set(CHANNEL(musicclass)=whatever) in the dialplan, and the peer
; channel putting this one on hold did not suggest a music class.
;
; If this option is set to "passthrough", then the hold message will always be
; passed through as signalling instead of generating hold music locally.
;
; This option may be specified globally, or on a per-user or per-peer basis.
;
; Accepted values: passthrough, or any music-on-hold class name
; Default value:   <empty>
;
;mohinterpret=default
;

;
; The 'mohsuggest' option specifies which music on hold class to suggest to the
; peer channel when this channel places the peer on hold. It may be specified
; globally or on a per-user or per-peer basis.
;
;mohsuggest=default
;

;
; Specify bandwidth of low, medium, or high to control which codecs are used
; in general. This setting will restrict codecs used to only those that comply
; with the bandwidth setting. In most cases, you should set this to 'high' so
; that high-quality codecs may be used; if set to a lower value, this will
; degrade call quality, so you probably only want to do this if you have
; actual significant bandwidth constraints.
;
bandwidth=high
;

;
; You can also fine tune codecs here using "allow" and "disallow" clauses with
; specific codecs.  Use "all" to represent all formats.
;
;allow=all
;disallow=g723.1
disallow=lpc10
;allow=gsm
;

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Jitter Buffer
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;
; You can adjust several parameters relating to the jitter buffer.  The jitter
; buffer's function is to compensate for varying network delay.
;
; All of the jitter buffer settings are in milliseconds.  The jitter buffer
; works for INCOMING audio only - the outbound audio will be dejittered by the
; jitter buffer at the other end.
;
; jitterbuffer=yes|no: global default as to whether you want
; the jitter buffer at all.
;
; maxjitterbuffer: a maximum size for the jitter buffer.
; Setting a reasonable maximum here will prevent the call delay
; from rising to silly values in extreme situations; you'll hear
; SOMETHING, even though it will be jittery.
;
; resyncthreshold: when the jitterbuffer notices a significant change in delay
; that continues over a few frames, it will resync, assuming that the change in
; delay was caused by a timestamping mix-up. The threshold for noticing a
; change in delay is measured as twice the measured jitter plus this resync
; threshold.
; Resyncing can be disabled by setting this parameter to -1.
;
; maxjitterinterps: the maximum number of interpolation frames the jitterbuffer
; should return in a row. Since some clients do not send CNG/DTX frames to
; indicate silence, the jitterbuffer will assume silence has begun after
; returning this many interpolations. This prevents interpolating throughout
; a long silence.
;
; jittertargetextra: number of milliseconds by which the new jitter buffer
; will pad its size. the default is 40, so without modification, the new
; jitter buffer will set its size to the jitter value plus 40 milliseconds.
; increasing this value may help if your network normally has low jitter,
; but occasionally has spikes.
;

jitterbuffer=no
;maxjitterbuffer=1000
;maxjitterinterps=10
;resyncthreshold=1000
;jittertargetextra=40

; There are three authentication methods that are supported:  md5, plaintext,
; and rsa.  The least secure is "plaintext", which sends passwords cleartext
; across the net.  "md5" uses a challenge/response md5 sum arrangement, but
; still requires both ends have plain text access to the secret.  "rsa" allows
; unidirectional secret knowledge through public/private keys.  There is no
; default unless set here in the [general] section. Only md5 and rsa support
; media encryption.
;
;auth=md5

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; IAX2 Encryption
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;
; Enable IAX2 encryption.  The default is no. This option does not force
; encryption for calls, it merely allows it to be used for calls.
;
encryption=yes

;
; Force encryption insures no connection is established unless both sides
; support encryption.  By turning this option on, encryption is automatically
; turned on as well.  The default is no.
;
;forceencryption=yes
;

; This option defines the maximum payload in bytes an IAX2 trunk can support at
; a given time.  The best way to explain this is to provide an example.  If the
; maximum number of calls to be supported is 800, and each call transmits 20ms
; frames of audio using ulaw:
;
;     (8000hz / 1000ms) * 20ms * 1 byte per sample = 160 bytes per frame
;
; The maximum load in bytes is:
;
;     (160 bytes per frame) * (800 calls) = 128000 bytes
;
; Once this limit is reached, calls may be dropped or begin to lose audio.
; Depending on the codec in use and number of channels to be supported this value
; may need to be raised, but in most cases the default value is large enough.
;
; trunkmaxsize = 128000 ; defaults to 128000 bytes, which supports up to 800
                        ; calls of ulaw at 20ms a frame.

; With a large amount of traffic on IAX2 trunks, there is a risk of bad voice
; quality when allowing the Linux system to handle fragmentation of UDP packets.
; Depending on the size of each payload, allowing the OS to handle fragmentation
; may not be very efficient. This setting sets the maximum transmission unit for
; IAX2 UDP trunking. The default is 1240 bytes which means if a trunk's payload
; is over 1240 bytes for every 20ms it will be broken into multiple 1240 byte
; messages.  Zero disables this functionality and let's the OS handle
; fragmentation.
;
; trunkmtu = 1240    ; trunk data will be sent in 1240 byte messages.

; trunkfreq sets how frequently trunk messages are sent in milliseconds. This
; value is 20ms by default, which means the trunk will send all the data queued
; to it in the past 20ms.  By increasing the time between sending trunk messages,
; the trunk's payload size will increase as well.  Note, depending on the size
; set by trunkmtu, messages may be sent more often than specified.  For example
; if a trunk's message size grows to the trunkmtu size before 20ms is reached
; that message will be sent immediately.  Acceptable values are between 10ms and
; 1000ms.
;
; trunkfreq=20    ; How frequently to send trunk msgs (in ms). This is 20ms by
                  ; default.

; Should we send timestamps for the individual sub-frames within trunk frames?
; There is a small bandwidth use for these (less than 1kbps/call), but they
; ensure that frame timestamps get sent end-to-end properly.  If both ends of
; all your trunks go directly to TDM, _and_ your trunkfreq equals the frame
; length for your codecs, you can probably suppress these.  The receiver must
; also support this feature, although they do not also need to have it enabled.
;
; trunktimestamps=yes

; Minimum and maximum amounts of time that IAX2 peers can request as a
; registration expiration interval (in seconds).
; minregexpire = 60
; maxregexpire = 60

; IAX2 helper threads

; Establishes the number of iax helper threads to handle I/O.
; iaxthreadcount = 10

; Establishes the number of extra dynamic threads that may be spawned to handle I/O
; iaxmaxthreadcount = 100

;
; We can register with another IAX2 server to let him know where we are
; in case we have a dynamic IP address for example
;
; Register with tormenta using username marko and password secretpass
;
;register => marko:secretpass@tormenta.linux-support.net
;
; Register joe at remote host with no password
;
;register => joe@remotehost:5656
;
; Register marko at tormenta.linux-support.net using RSA key "torkey"
;
;register => marko:[torkey]@tormenta.linux-support.net
;
; Through the use of the res_stun_monitor module, Asterisk has the ability to detect when the
; perceived external network address has changed.  When the stun_monitor is installed and
; configured, chan_iax will renew all outbound registrations when the monitor detects any sort
; of network change has occurred. By default this option is enabled, but only takes effect once
; res_stun_monitor is configured.  If res_stun_monitor is enabled and you wish to not
; generate all outbound registrations on a network change, use the option below to disable
; this feature.
;
; subscribe_network_change_event = yes ; on by default
;
; You can enable authentication debugging to increase the amount of
; debugging traffic.
;
;authdebug = yes
;
; See https://docs.asterisk.org/Configuration/Channel-Drivers/IP-Quality-of-Service for a description of these parameters.
;tos=ef
;cos=5
;
; If regcontext is specified, Asterisk will dynamically create and destroy
; a NoOp priority 1 extension for a given peer who registers or unregisters
; with us.  The actual extension is the 'regexten' parameter of the registering
; peer or its name if 'regexten' is not provided.  More than one regexten
; may be supplied if they are separated by '&'.  Patterns may be used in
; regexten.
;
;regcontext=iaxregistrations
;
; If we don't get ACK to our NEW within 2000ms, and autokill is set to yes,
; then we cancel the whole thing (that's enough time for one retransmission
; only).  This is used to keep things from stalling for a long time for a host
; that is not available, but would be ill advised for bad connections.  In
; addition to 'yes' or 'no' you can also specify a number of milliseconds.
; See 'qualify' for individual peers to turn on for just a specific peer.
;
autokill=yes
;
; codecpriority controls the codec negotiation of an inbound IAX2 call.
; This option is inherited to all user entities.  It can also be defined
; in each user entity separately which will override the setting in general.
;
; The valid values are:
;
; caller   - Consider the callers preferred order ahead of the host's.
; host     - Consider the host's preferred order ahead of the caller's.
; disabled - Disable the consideration of codec preference altogether.
;            (this is the original behaviour before preferences were added)
; reqonly  - Same as disabled, only do not consider capabilities if
;            the requested format is not available the call will only
;            be accepted if the requested format is available.
;
; The default value is 'host'
;
;codecpriority=host
;
; allowfwdownload controls whether this host will serve out firmware to
; IAX2 clients which request it.  This has only been used for the IAXy,
; and it has been recently proven that this firmware distribution method
; can be used as a source of traffic amplification attacks.  Also, the
; IAXy firmware has not been updated since at least 2012, so unless
; you are provisioning IAXys in a secure network, we recommend that you
; leave this option to the default, off.
;
;allowfwdownload=yes

;rtcachefriends=yes ; Cache realtime friends by adding them to the internal list
                    ; just like friends added from the config file only on a
                    ; as-needed basis? (yes|no)

;rtsavesysname=yes  ; Save systemname in realtime database at registration
                    ; Default = no

;rtupdate=yes       ; Send registry updates to database using realtime? (yes|no)
                    ; If set to yes, when a IAX2 peer registers successfully,
                    ; the IP address, the origination port, the registration period,
                    ; and the username of the peer will be set to database via realtime.
                    ; If not present, defaults to 'yes'.

;rtautoclear=yes    ; Auto-Expire friends created on the fly on the same schedule
                    ; as if it had just registered? (yes|no|<seconds>)
                    ; If set to yes, when the registration expires, the friend will
                    ; vanish from the configuration until requested again.
                    ; If set to an integer, friends expire within this number of
                    ; seconds instead of the registration interval.

;rtignoreregexpire=yes ; When reading a peer from Realtime, if the peer's registration
                       ; has expired based on its registration interval, used the stored
                       ; address information regardless. (yes|no)

;parkinglot=edvina     ; Default parkinglot for IAX2 peers and users
                       ; This can also be configured per device
                       ; Parkinglots are defined in features.conf

;
; The following two options are used to disable call token validation for the
; purposes of interoperability with IAX2 endpoints that do not yet support it.
;
; Call token validation can be set as optional for a single IP address or IP
; address range by using the 'calltokenoptional' option. 'calltokenoptional' is
; only a global option.
;
;calltokenoptional=209.16.236.73/255.255.255.0
;
; By setting 'requirecalltoken=no', call token validation becomes optional for
; that peer/user.  By setting 'requirecalltoken=auto', call token validation
; is optional until a call token supporting peer registers successfully using
; call token validation.  This is used as an indication that from now on, we
; can require it from this peer.  So, requirecalltoken is internally set to yes.
; requirecalltoken may only be used in peer/user/friend definitions,
; not in the global scope.
; By default, 'requirecalltoken=yes'.
;
;requirecalltoken=no
;
; Maximum time allowed for call token authentication handshaking. Default is 10 seconds.
; Use higher values in lagged or high packet loss networks.
;
;calltokenexpiration=10

;
; These options are used to limit the amount of call numbers allocated to a
; single IP address.  Before changing any of these values, it is highly encouraged
; to read the user guide associated with these options first.  In most cases, the
; default values for these options are sufficient.
;
; The 'maxcallnumbers' option limits the amount of call numbers allowed for each
; individual remote IP address.  Once an IP address reaches it's call number
; limit, no more new connections are allowed until the previous ones close.  This
; option can be used in a peer definition as well, but only takes effect for
; the IP of a dynamic peer after it completes registration.
;
;maxcallnumbers=512
;
; The 'maxcallnumbers_nonvalidated' is used to set the combined number of call
; numbers that can be allocated for connections where call token  validation
; has been disabled.  Unlike the 'maxcallnumbers' option, this limit is not
; separate for each individual IP address.  Any connection resulting in a
; non-call token validated call number being allocated contributes to this
; limit.  For use cases, see the call token user guide.  This option's
; default value of 8192 should be sufficient in most cases.
;
;maxcallnumbers_nonvalidated=1024
;
; The [callnumberlimits] section allows custom call number limits to be set
; for specific IP addresses and IP address ranges.  These limits take precedence
; over the global 'maxcallnumbers' option, but may still be overridden by a
; peer defined 'maxcallnumbers' entry.  Note that these limits take effect
; for every individual address within the range, not the range as a whole.
;
;[callnumberlimits]
;10.1.1.0/255.255.255.0 = 24
;10.1.2.0/255.255.255.0 = 32
;

; The shrinkcallerid function removes '(', ' ', ')', non-trailing '.', and '-' not
; in square brackets.  For example, the Caller*ID value 555.5555 becomes 5555555
; when this option is enabled.  Disabling this option results in no modification
; of the Caller*ID value, which is necessary when the Caller*ID represents something
; that must be preserved.  This option can only be used in the [general] section.
; By default this option is on.
;
;shrinkcallerid=yes     ; on by default

; Guest sections for unauthenticated connection attempts.  Just specify an
; empty secret, or provide no secret section.
;
[guest]
type=user
context=public
callerid="Guest IAX User"

;
; Trust Caller*ID delivered over DUNDi/e164
;
;[dundi]
;type=user
;dbsecret=dundi/secret
;context=dundi-e164-local

;
; Further user sections may be added, specifying a context and a secret used
; for connections with that given authentication name.  Limited IP based
; access control is allowed by use of "permit", "deny", and "acl" keywords.
; Multiple rules are permitted. Multiple permitted contexts may be specified,
; in which case the first will be the default.  You can also override
; Caller*ID so that when you receive a call you set the Caller*ID to be what
; you want instead of trusting what the remote user provides
;
; There are three authentication methods that are supported:  md5, plaintext,
; and rsa.  The least secure is "plaintext", which sends passwords cleartext
; across the net.  "md5" uses a challenge/response md5 sum arrangement, but
; still requires both ends have plain text access to the secret.  "rsa" allows
; unidirectional secret knowledge through public/private keys.  If "rsa"
; authentication is used, "inkeys" is a list of acceptable public keys on the
; local system that can be used to authenticate the remote peer, separated by
; the ":" character.  "outkey" is a single, private key to use to authenticate
; to the other side.  Public keys are named /var/lib/asterisk/keys/<name>.pub
; while private keys are named /var/lib/asterisk/keys/<name>.key.  Private
; keys should always be 3DES encrypted. If encryption is used (applicable to
; md5 and rsa only), a secret must be provided.
;
;
; NOTE: All hostnames and IP addresses in this file are for example purposes
;       only; you should not expect any of them to actually be available for
;       your use.
;
;[markster]
;type=user
;context=default
;context=local
;auth=md5,plaintext,rsa
;secret=markpasswd
;setvar=ATTENDED_TRANSFER_COMPLETE_SOUND=beep   ; This channel variable will
                                                ; cause the given audio file to
                                                ; be played upon completion of
                                                ; an attended transfer to the
                                                ; target of the transfer.
;dbsecret=mysecrets/place    ; Secrets can be stored in astdb, too
;transfer=no                 ; Disable IAX2 native transfer
;transfer=mediaonly          ; When doing IAX2 native transfers, transfer only
                             ; the media stream
;jitterbuffer=yes            ; Override the global setting and enable the jitter
                             ; buffer for this user
;maxauthreq=10               ; Set the maximum number of outstanding AUTHREQs
                             ; waiting for replies. If this limit is reached,
                             ; any further authentication will be blocked, until
                             ; the pending requests expire or a reply is
                             ; received.
;callerid="Mark Spencer" <(256) 428-6275>
;deny=0.0.0.0/0.0.0.0
;accountcode=markster0101
;permit=209.16.236.73/255.255.255.0
;language=en                 ; Use english as default language
;encryption=yes              ; Enable IAX2 encryption.  The default is no.
;keyrotate=off               ; This is a compatibility option for older versions
                             ; of IAX2 that do not support key rotation with
                             ; encryption.  This option will disable the
                             ; IAX_COMMAND_RTENC message.  The default is on.

;
; Peers may also be specified, with a secret and a remote hostname.
;
;[demo]
;type=peer
;username=asterisk
;secret=supersecret
;host=192.168.10.10
;description=My IAX2 Peer            ; Description of this peer, as listed by
                                     ; 'iax2 show peers'
;sendani=no
;host=asterisk.linux-support.net
;port=5036
;mask=255.255.255.255
;qualify=yes                ; Make sure this peer is alive.
;qualifysmoothing = yes     ; Use an average of the last two PONG results to
                            ; reduce falsely detected LAGGED hosts.  The default
                            ; is 'no.'
;qualifyfreqok = 60000      ; How frequently to ping the peer when everything
                            ; seems to be OK, in milliseconds.
;qualifyfreqnotok = 10000   ; How frequently to ping the peer when it's either
                            ; LAGGED or UNAVAILABLE, in milliseconds.
;jitterbuffer=no            ; Turn off jitter buffer for this peer
;
;encryption=yes             ; Enable IAX2 encryption.  The default is no.
;keyrotate=off              ; This is a compatibility option for older versions
                            ; of IAX2 that do not support key rotation with
                            ; encryption.  This option will disable the
                            ; IAX_COMMAND_RTENC message.  The default is 'on.'

; Peers can remotely register as well, so that they can be mobile.  Default
; IPs can also optionally be given but are not required.  Caller*ID can be
; suggested to the other side as well if it is for example a phone instead of
; another PBX.
;connectedline=yes ; Set if connected line and redirecting information updates
;                  ; are passed between Asterisk servers for this peer.
;                  ; yes - Sending and receiving updates are enabled.
;                  ; send - Only send updates.
;                  ; receive - Only process received updates.
;                  ; no - Sending and receiving updates are disabled.
;                  ; Default is "no".
;                  ;
;                  ; Note: Because of an incompatibility between Asterisk v1.4
;                  ; and Asterisk v1.8 or later, this option must be set
;                  ; to "no" toward the Asterisk v1.4 peer.  A symptom of the
;                  ; incompatibility is the call gets disconnected unexpectedly.


;[dynamichost]
;host=dynamic
;secret=mysecret
; Note: app_voicemail mailboxes must be in the form of mailbox@context.
;mailbox=1234		; Notify about mailbox 1234
;inkeys=key1:key2
;peercontext=local	; Default context to request for calls to peer
;defaultip=216.207.245.34
;callerid="Some Host" <(256) 428-6011>

;[biggateway]
;type=peer
;host=192.168.0.1
;description=Gateway to PSTN
;context=*
;secret=myscret
;trunk=yes			; Use IAX2 trunking with this host
;timezone=America/New_York	; Set a timezone for the date/time IE

;
; Friends are a shortcut for creating a user and a peer with the same values.
;

;[marko]
;type=friend
;host=dynamic
;regexten=1234
;secret=moofoo   ; Multiple secrets may be specified. For a "user", all
;secret=foomoo   ; specified entries will be accepted as valid. For a "peer",
;secret=shazbot  ; only the last specified secret will be used.
;context=default
;permit=0.0.0.0/0.0.0.0
;acl=example_named_acl

;
; With immediate=yes, an IAX2 phone or a phone on an IAXy acts as a hot-line
; which goes immediately to the s extension when picked up.  Useful for
; elevator phones, manual service, or other similar applications.
;
;[manual]
;type=friend
;host=dynamic
;immediate=yes  ; go immediately to s extension when picked up
;secret=moofoo	; when immediate=yes is specified, secret is required
;context=number-please ; we start at the s extension in this context
;