How to Install Asterisk on CentOS 7

Asterisk is an open source framework used for building communication applications.

28

Asterisk is an open source framework used for building communication applications. You can use it to turn a local computer or server to communication server. It is used to power IP PBX systems, VoIP gateways, conference servers and other solutions. It’s used by all kind of organizations worldwide and finally, but not last it is free and open source.

In this tutorial, we are going to show you how to install Asterisk on CentOS 7 (instructions also works on RHEL 7), but before we start, we will need to make some preparations so Asterisk can run smoothly after the installation.

Asterisk is compatible and works well with Alibaba Cloud Elastic Compute Service (ECS) servers. As a developer, I prefer the services of Alibaba Cloud to Install Asterisk on CentOS 7. Alibaba Elastic Compute (ECS) is highly flexible and you can upgrade the hardware resources anytime when you get more traffic.

Let us now proceed to how you can get it working on your CentOS 7 system by following these steps below:

Prerequisites

  1. You must have Alibaba Cloud Elastic Compute Service(ECS) activated. If you are a new user, you can get Free Credits in your Alibaba Cloud account. If you don’t know about how to setup your ECS instance, you can refer to this tutorial or check quick-start guide.
  2. You should setup your server’s hostname.
  3. Access to VNC console in your Alibaba Cloud or SSH client installed in your PC.

Logging to your Console

After completing the prerequisites, login as root user with your root username & password via SSH client (e.g. Putty – You can get Putty from https://www.putty.org ) or VNC console available in your Alibaba Cloud account dashboard.

Also Read: How to Use Python Decouple in Django on Ubuntu 16.04

To complete this tutorial, you will need:

  • make sure you are logged in as a user with sudo privileges.
  • Update your CentOS system and install the development tools that are required to compile Asterisk source code:
sudo yum update 
sudo yum groupinstall core base “Development Tools”

 

Disable Selinux

If SELinux is set to enforcing mode, Asterisk will not function correctly.

To disable SELinux security features, open the /etc/selinux/config file and set SELINUX=disabled

  
 # This file controls the state of SELinux on the system.
 # SELINUX= can take one of these three values:
 #       enforcing - SELinux security policy is enforced.
 #       permissive - SELinux prints warnings instead of enforcing.
 #       disabled - No SELinux policy is loaded.
 SELINUX=disabled
 # SELINUXTYPE= can take one of these two values:
 #       targeted - Targeted processes are protected,
 #       mls - Multi Level Security protection.
 SELINUXTYPE=targeted

Save the file and reboot your CentOS system with:

sudo shutown –r now

Once the machine boots up, make sure that the getenforce command returns Disabled:

getenfoce
                                            Output
Disabled

 

Configuring iptables

iptables will be used to secure the CentOS against unwanted traffic. The Server should not have any firewall rules configured.

Check for current firewall rules:

sudo iptables - L

It should show an empty rule table:

 Chain INPUT (policy ACCEPT)
 target      prot opt source                    destination

 Chain FORWARD (policy ACCEPT)
 target      prot opt source                    destination

 Chain OUTPUT (policy ACCEPT)
 target      prot opt source                    destination

Create /etc/iptables.firewall.rules using your preferred text editor. This file will be used to activate the firewall with the desired rules every time the server boots.

 

/etc/iptables.firewall.rules

 *filter

 #  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
 -A INPUT -i lo -j ACCEPT
 -A INPUT -d 127.0.0.0/8 -j REJECT

 #  Accept all established inbound connections
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

 #  Allow all outbound traffic - you can modify this to only allow certain traffic
 -A OUTPUT -j ACCEPT

 #  Allow SSH connections
 #
 #  The -dport number should be the same port number you set in sshd_config, ie 8050
 #
 -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

 # SIP on UDP port 5060, 5061 for secure signaling. Used for signals such as "hang up"
 -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
 -A INPUT -p udp -m udp --dport 5061 -j ACCEPT

 # IAX2- the IAX protocol - comment out if you don't plan to use IAX
 # -A INPUT -p udp -m udp --dport 4569 -j ACCEPT

 # IAX - old IAX protocol, uncomment if needed for legacy systems.
 # -A INPUT -p udp -m udp --dport 5036 -j ACCEPT

 # RTP - the media stream - you can change this in /etc/asterisk/rtp.conf
 -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

 # MGCP - if you use media gateway control protocol in your configuration
 -A INPUT -p udp -m udp --dport 2727 -j ACCEPT


 # Uncomment these lines if you plan to use FreePBX to manage Asterisk
 # -A INPUT -p tcp --dport 80 -j ACCEPT
 # -A INPUT -p tcp --dport 443 -j ACCEPT

 #  Allow ping
 -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

 #  Log iptables denied calls
 -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

 #  Drop all other inbound - default deny unless explicitly allowed policy
 -A INPUT -j DROP
 -A FORWARD -j DROP

 COMMIT


 

Start Firewall at Boot

CentOS 7 does not come with the iptables-services pre-installed, it will have to be installed so the firewall can load at boot.

Install iptables-services, then enable and start it:

sudo yum install -y iptables-services 
sudo systemctl enable iptables 
sudo systemctl start iptables

Load the firewall rules:

sudo iptables-restore < /etc/iptables.firewall.rules

Recheck the firewall rules:

sudo iptables -L

Your output should now look like this:

 Chain INPUT (policy ACCEPT)
target      prot opt source                    destination
ACCEPT      all  --  anywhere                 anywhere
REJECT      all  --  anywhere                 loopback/8              reject-with icmp-port-unreachable
ACCEPT      all  --  anywhere                 anywhere                 state RELATED,ESTABLISHED
ACCEPT      tcp  --  anywhere                 anywhere                 state NEW tcp dpt:8050
ACCEPT      udp  --  anywhere                 anywhere                 udp dpt:sip
ACCEPT      udp  --  anywhere                 anywhere                 udp dpt:iax
ACCEPT      udp  --  anywhere                 anywhere                 udp dpts:ndmp:dnp
ACCEPT      udp  --  anywhere                 anywhere                 udp dpt:mgcp-callagent
ACCEPT      icmp --  anywhere                 anywhere                 icmp echo-request
LOG          all  --  anywhere                 anywhere                 limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROP         all  --  anywhere                 anywhere

Chain FORWARD (policy ACCEPT)
target      prot opt source                    destination
DROP         all  --  anywhere                 anywhere

Chain OUTPUT (policy ACCEPT)
target      prot opt source                    destination
ACCEPT      all  --  anywhere                 anywhere

Save this ruleset:

/usr/libexec/iptables/iptables.init save

In a new terminal, make sure you can log in:

ssh [email protected]

 

Installing Dependencies

A number of dependencies will be to be installed prior to installing Asterisk. To install them run:

sudo yum install -y epel-release dmidecode gcc-c++ ncurses-devel libxml2-devel make wget openssl-devel newt-devel kernel-devel sqlite-devel libuuid-devel gtk2-devel jansson-devel binutils-devel

 

Installing Asterisk

We’re now ready to install Asterisk 13, the current long-term support release of Asterisk.

 

Installing Asterisk from Source

Switch to the build directory:

cd ~/build

Download the latest version of Asterisk 13:

wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz

Untar the file:

tar -zxvf asterisk-13-current.tar.gz

Switch to the new Asterisk directory, replacing 13.5.0 if needed:

cd asterisk-13.5.0

 

Enable MP3 Support

To use MP3 files for Music on Hold, some dependencies will need to be installed.

Install Subversion:

sudo yum install svn

Run:

contrib/scripts/get_mp3_source.sh

 

Configure and Build Asterisk

Run the configure script to prepare the Asterisk source code for compiling:

./configure --libdir=/usr/lib64

If there are any missing dependencies, install them.

Start the build process:

make menuselect

 

After a short while, you should get a menu on screen that allows you to configure the features you want to build.

If you want to use the MP3 format with Music on Hold, you should select Add-Ons, then use the right arrow to move to the right-hand list. Navigate to format_mp3 and press enter to select it.

Select addition sound packages and Music on Hold packs on the left menu, and enable the wav format for your desired language. (ie. use the EN package for English.)

Press F12 to save and exit.

Compile Asterisk:

make

Install Asterisk on the system:

sudo make install

Install sample configuration files:

sudo make samples

Configure Asterisk to start itself automatically on boot:

sudo make config

 

Create Asterisk User

By default Asterisk runs as a root user. For security reasons we will create a new system user and configure Asterisk to run as the newly created user.

To create a new system user named asterisk run the following command:

sudo adduser --system --user-group --home-dir /var/lib/asterisk --no-create-home asterisk

To configure Asterisk to run as asterisk user, open the /etc/sysconfig/asterisk file and uncomment the following two lines:

                     /etc/sysconfig/asterisk 

AST_USER="asterisk" 
AST_GROUP="asterisk"

Add the asterisk user to the dialout and audio groups:

sudo usermod -a -G dialout,audio asterisk

We also need to change the ownership of all asterisk files and directories so the user asterisk can access those files:

sudo chown -R asterisk: /var/{lib,log,run,spool}/asterisk /usr/lib64/asterisk /etc/asterisk 
sudo chmod -R 750 /var/{lib,log,run,spool}/asterisk /usr/lib64/asterisk /etc/asterisk

 

Try it Out

Congratulations! You now have a working Asterisk phone server. Let’s fire up Asterisk and make sure it runs.

 

Start Asterisk:

sudo service asterisk start

Connect to Asterisk:

asterisk -rvv

You should get a prompt with the current version number.

To see a list of possible commands:

core show help

To disconnect type:

exit

Once disconnected, Asterisk continues to run in the background.

 

Adjust the Firewall Rules

Now that Asterisk is installed and running you need to configure your firewall to allow traffic on Asterisk specific ports.

Note: If you don’t have firewall enabled on your system, you can skip this section.

Open your text editor of choice and create the following Firewalld service:

/etc/firewalld/services/asterisk.xml 

<?xml version="1.0" encoding="utf-8"?> 
<service version="1.0">
   <short>asterisk</short>
   <description>Asterisk is a software implementation of a telephone private branch exchange (PBX).</description>
   <port protocol="udp" port="10000-10100"/>
   <port protocol="udp" port="4569"/>
   <port protocol="udp" port="2727"/>
   <port protocol="udp" port="5060-5061"/>
 </service>

Save the file and apply the new firewall rules by typing:

sudo firewall-cmd --add-service=asterisk --permanent 
sudo firewall-cmd --reload

Finally check if the new firewall rules are applied successfully with:

sudo firewall-cmd --list-all

 

Output
  public (active)
   target: default
   icmp-block-inversion: no
   interfaces: eth0
   sources:
   services: ssh dhcpv6-client asterisk
   ports:
   protocols:
   masquerade: no
   forward-ports:
   source-ports:
   icmp-blocks:
   rich rules:

Feel free to adjust the firewall according to your need.

That’s All. You have now learned how to install Asterisk on CentOS 7.

 

Conclusion

In this guide we have shown you how to install the latest Asterisk version from source on your CentOS system. Now that you have an Asterisk server running, it’s time to connect some phones, add extensions, and configure the various options that are available with Asterisk. For detailed instructions, check out the Asterisk Project’s guide to Configuring Asterisk.

Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More