Taking the plunge with SIP Trunks – Part 2

Recap
In part 1, I explained how a SIP Trunk is really just a virtual connection between your Asterisk PBX and the VoIP service provider. Standard SIP signalling is used on the trunk, but more than one simultaneous call is allowed and you may have more than one DDI number.

siptrunk_recap

Basic requirements to enable your SIP trunk

A SIP Trunk may be used for both inbound and outbound call traffic. To make outbound calls, your Asterisk or other PBX has to send a SIP INVITE request to the VoIP service provider’s equipment; when you receive an inbound call, the service provider is sending an INVITE to your PBX. While there are some subtle differences between the delivery of outbound calls and receipt of inbound calls, both share the following basic requirements:

  1. Location – knowing the address of the far-end equipment
  2. Authentication – the ability to confirm the identity of the sender

Authentication is especially important for outbound calls because these will generally incur service provider charges.

Resolving equipment location
The address of the VoIP service provider’s equipment is very predictable and unlikely to change over time. But how does the VoIP service provider know the address of your PBX? Some users will have a static IP address, but this is not universal and NAT can add further complications. For this reason, most VoIP service providers will require that your PBX registers itself on their equipment.

Your PBX does this by sending a SIP REGISTER request to the service provider at regular intervals (typically every 30 to 60 minutes). In so doing it provides up-to-date information about the location of your PBX. Keep-alive messages may also be sent to keep the route open through a NAT device or firewall.

Registration for Asterisk or Trixbox
In Asterisk, registration information is provided in a single line placed in the general section of sip.conf. Using Trixbox, this line appears at the end of the trunk definition form. Here is an example of the register line:

register => 43212345:mysecret@mysipsp.com/1234

The register line includes a host name (mysipsp.com) which tells Asterisk where to send the registration request; the number at the beginning of the line (43212345) is the user ID and mysecret is the password; finally, the number 1234 shown at the end of the line – after a forward slash – is an optional parameter that tells the service provider to use this number when sending INVITE requests to Asterisk.

Authentication
The user ID and password included in the registration line above are used to provide authentication during registration – to identify to the provider that you are the correct account holder. However, take note that inbound calls do not use password authentication at the time the call is delivered – instead, Asterisk knows the request is coming from your service provider by matching the sending IP address with the host parameter stored in sip.conf.

Some examples of Asterisk configuration
In Trixbox or FreePBX, the sections for dealing with inbound calls and registration are found at the end of the SIP trunk configuation form:

freepbx_trunkreg

If you are using raw Asterisk, the register string will look the same and the equivalent peer section in sip.conf would look like this:

[smartvox-in] type=peer
context=from-trunk
host=mysipsp.com

Note that Asterisk will not challenge for user ID and password when a new inbound call INVITE arrives from this peer because no value has been specified for the “secret” parameter. However, Asterisk will only do this for calls coming from the specified host address (mysipsp.com) because the type has been set to peer. In other words, Asterisk will trust requests coming from the address given in the host parameter which it regards as a static peer. Caution, never use use “host=dynamic” with no password as it is not secure.

More on dealing with inbound calls in part 3.

2 thoughts on “Taking the plunge with SIP Trunks – Part 2”

Comments are closed.