0

I need to ask few question about Asterisk
1) Does ACL mean by Access Control list here ?
If yes than how could i use it?

>ip show user 6001
  * Name       : 6001
  Secret       : <Set>
  MD5Secret    : <Not set>
  Context      : DLPN_Admin
  Language     :
  AMA flags    : Unknown
  Transfer mode: open
  MaxCallBR    : 384 kbps
  CallingPres  : Presentation Allowed, Not Screened
  Call limit   : 2147483647
  Callgroup    : 1
  Pickupgroup  : 1
  Callerid     : "test" <6001>
  ACL          : No
  Sess-Timers  : Accept
  Sess-Refresh : uas
  Sess-Expires : 1800 secs
  Sess-Min-SE  : 90 secs
  RTP Engine   : asterisk
  Codec Order  : (ulaw:20,gsm:20)
  Auto-Framing:  No


2) What is mean by "Require Call Token" in Asterisk Digium GIU on Create new User Panel

3) Is There any command from where i can get users VOICE MAIL password ?

4) What AMI or CLI command set call recording on or off for user ? and if i want that file to be stored on client computer not on server memory what could i do ?

Arham Ali Qureshi
  • 159
  • 1
  • 17

1 Answers1

1

Question 1: Yes, ACL does stand for Access Control List. You can use the settings "contextpermit/contactdeny" to control what addresses a UA can register from; "permit/deny" to control what addresses a UA can establish calls from (INVITE request); and "directmediapermit/directmediadeny" to control what addresses a UA can use to set up direct media between UAs. Note that all of this is in the sample sip.conf, delivered with Asterisk.

Question 2: Call Token refers to the IAX setting "requirecalltoken". Older Asterisk clients (1.2 before 1.2.35) don't support call tokens. Note that call tokens were added to address a security vulnerability (AST-2009-006). From the AST notification:

"A lot of time was spent trying to come up with a way to resolve this issue in a way that was completely backwards compatible. However, the final resolution ended up requiring a modification to the IAX2 protocol. This modification is referred to as call token validation. Call token validation is used as a handshake before call numbers are assigned to IAX2 connections.

Call token validation by itself does not resolve the issue. However, it does allow an IAX2 server to validate that the source of the messages has not been spoofed. In addition to call token validation, Asterisk now also has the ability to limit the amount of call numbers assigned to a given remote IP address.

The combination of call token validation and call number allocation limits is used to mitigate this denial of service issue."

Question 3: No. That doesn't mean you couldn't use AGI to call out to a script with the user's voicemail extension, do the parsing yourself, and put the result in a channel variable.

Question 4: AMI commands are documented at Asterisk AMI Actions. I'm going to assume that by "set recording" you mean start a Monitor application on some particular channel (and not change CDRs, CELs, etc.) In that case, you'd use the Monitor AMI action to start the recording, and StopMonitor AMI action to stop the recording. Once the file is created, you can move it off the server yourself using AGI or some other externally spawned mechanism.

Matt Jordan
  • 2,899
  • 1
  • 27
  • 29
  • Thank a lot for your reply. I thought, I am will never get reply. One thing I can't understand is that, is there not any command in Asterisk CLI to get User's VM password ? – Arham Ali Qureshi Mar 29 '12 at 19:54
  • I'm curious what the use case is for obtaining the VM password from the CLI. I suppose you could extrapolate something, but in general, a user's passwords are their business, not anyone else's - unless you want the admin to reset their password. In that case, however, accessing that through the CLI may not be the best mechanism. – Matt Jordan Mar 30 '12 at 03:16
  • Sir as the command "sip show users" display login password for users, I thought there could be any way to get VM password also. I am trying to put security on file browser in php that allow users to browse their voicemail folders and play them directly and in additional if you don't mind to reply do you know any code that i could just copy paste into my PHP script that could fulfill my task of playing browsing VM and playing them directly. – Arham Ali Qureshi Mar 30 '12 at 21:12
  • Uhm, no. There are people who write very complete voicemail systems on top of Asterisk, ones that interact with app_voicemail/app_minivm over AMI/AGI as well as interact with the file/odbc backends, depending on the configuration. They've done what you're looking to do, but its not something you simply copy + paste. – Matt Jordan Apr 08 '12 at 02:27
  • can you please provide me few links? If you like. – Arham Ali Qureshi Apr 13 '12 at 22:39
  • The easiest is the one that's already delivered with Asterisk: http://www.voip-info.org/wiki/view/Asterisk+gui+vmail.cgi Google is your friend for others. Some may be open source; some have certainly been developed by others for their companies and may not be free. – Matt Jordan Apr 14 '12 at 02:45