From aa-asterisk.org.uk wiki
Jump to: navigation, search

The #a&a-asterisk DUNDi service is a way of people on the channel to link their Asterisk servers together using a common dialplan. This page describes how to connect your server to the #a&a-asterisk network. These instructions have been tested on 1.6.2 but there is no reason why they shouldn't work on any recent version from 1.4 onwards.

First steps

  • First of all, if you haven't done so already, allocate yourself an 8xx code from the official list, which can be found on the Dialling Codes page.
  • Make sure that UDP port 4520 is enabled on your firewall otherwise the DUNDi requests will be blocked.
  • Also make sure your firewall allows through IAX2 (usually UDP 4569) if you follow the examples as written here.

Generate a DUNDi key

To use the DUNDi service you need to generate a encryption keypair for Asterisk to use. This is very simple to set up; just log in to your Asterisk box as the user you normally run asterisk as and change to the directory where the keypairs are stored. This is, on a standard setup, in /var/lib/asterisk/keys; however yours may be different.

Once there, execute the following command to generate a keypair:

astgenkey -n

to generate the key. When asked for the key name, make sure you specify the key name as aa-asterisk otherwise you'll have to edit the dundi.conf file, and it's a lot less hassle just to name the key as aa-asterisk

  • Example
shaun:/tmp# astgenkey -n

This script generates an RSA private and public key pair
in PEM format for use by Asterisk.  You will be asked to
enter a passcode for your key multiple times.  Please
enter the same code each time.  The resulting files will
need to be moved to /var/lib/asterisk/keys if you want
to use them, and any private keys (.key files) will
need to be initialized at runtime either by running
Asterisk with the '-i' option, or with the 'init keys'
command once Asterisk is running.

Press ENTER to continue or ^C to cancel.

Enter key name: aa-asterisk
Generating SSL key 'aa-asterisk':
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
writing RSA key
Key creation successful.
Public key:  aa-asterisk.pub
Private key: aa-asterisk.key

Once you've done this make you have a copy of your public key which you have just generated in a file called aa-asterisk-<your nick-in-lowercase>.pub as well as the aa-asterisk.pub file if you want to be able to call yourself [for testing purposes only, of course :)] You can do this by copying the file or symbolic linking it, as you want.

Important security note: Please remember to set permissions appropriately on the private key (that is the aa-asterisk.key file)! It should not be world readable, but only readable by the user that asterisk runs as.

Import other people's keys

To talk to other servers on the network, you will need to put a copy of each server's public key into your keys directory.

You can download the current set of public keys from this file here: File:Aa-asterisk-keys.tar. Untar this file into your /var/lib/asterisk/keys directory (or equivalent) on your Asterisk server. GaryH is the current maintainer of this file, so you can either mail/pm your public key to him and he'll add it into the file, or you can add it yourself and upload a new copy of the file, as you want to. Make sure the filename is called aa-asterisk-<your nick>.pub - this is important!

Set up your dundi.conf

There are two main sections to your DUNDi configuration file, the general part where your details are set up, and a second part where all of the links to other servers are defined.

First section

The first part will look something like this. You can use this as a starting point for your own dundi.conf file. Please set the department as it makes it easy to tell who owns what peer, but organization, locality, stateprov and country, email and phone are all optional.

department=GaryH   <-- enter your #a&a-asterisk nick 
email=blah@example.com  <-- might be helpful to include this
phone=+441234567890  <-- if you use it, should be in international format
bindaddr=  <-- you can change this to a specific IPv4 if you prefer
port=4520  <-- default UDP port for DUNDi
entityid=00:1f:26:07:e4:e2  <-- this is the MAC address of your * box

aa-asterisk => incoming-aa-asterisk,0,IAX2,aa-asterisk:${SECRET}@<your IP address>/${NUMBER}  <-- See note below


  • In the [mappings] section, "incoming-aa-asterisk" is the name of the context in your dialplan that DUNDI requests will come into. This needs to be a special context you use for incoming DUNDi requests. You can use a different context name if you want to. Put your IP address where <your IP address> is indicated. Sometimes ${IPADDR} also works, but not always it seems.

DUNDi peers list

The second part of the file contains a list of all the possible DUNDi peers that you can peer with. Each section contains an entityid in square brackets followed by a few parameters.

This is the current list of DUNDi peers in the network:

; db (801)
model = symmetric
auth = rsa
host = pbx.dbrooke.me.uk
inkey = aa-asterisk-db
outkey = aa-asterisk
include = aa-asterisk
permit = aa-asterisk

; BUTT (802)
model = symmetric
auth = rsa
host = rogg.tripleone.co.uk
inkey = aa-asterisk-butt
outkey = aa-asterisk
include = aa-asterisk
permit = aa-asterisk

; jzaw (805)
model = symmetric
auth = rsa
host = asterisk.dizzykey.co.uk
inkey = aa-asterisk-jzaw
outkey = aa-asterisk
include = aa-asterisk
permit = aa-asterisk

; gr0mit (806)
model = symmetric
auth = rsa
host = voice.txrx.org.uk
inkey = aa-asterisk-gr0mit
outkey = aa-asterisk
include = aa-asterisk
permit = aa-asterisk

; drrk (809)
model = symmetric
auth = rsa
host = iax.bowerham.net
inkey = aa-asterisk-drrk
outkey = aa-asterisk
include = aa-asterisk
permit = aa-asterisk

; JohnnyD (810)
model = symmetric
auth = rsa
host =
inkey = aa-asterisk-johnnyd
outkey = aa-asterisk
include = aa-asterisk
permit = aa-asterisk

; NAB (811)
model = symmetric
auth = rsa
host = pbx10.vitell.co.uk
inkey = aa-asterisk-NAB
outkey = aa-asterisk
include = aa-asterisk
permit = aa-asterisk
qualify = yes

; TonyHoyle (812)
model = symmetric
auth = rsa
host = pbx.nodomain.org
inkey = aa-asterisk-tonyhoyle
outkey = aa-asterisk
include = aa-asterisk
permit = aa-asterisk

; iain (820)
model = symmetric
auth = rsa
host =
inkey = aa-asterisk-iain
outkey = aa-asterisk
include = aa-asterisk
permit = aa-asterisk

Set up your IAX peer

In your iax.conf, you will need to set up a special peer called aa-asterisk which will accept the calls into your dialplan.

encryption=aes128  <-- if you want to enable call encryption
context=incoming-aa-asterisk  <-- if you altered this in the [mappings] then change here too

Configure your dialplan to accept incoming DUNDi requests

Your [incoming-aa-asterisk] context in the dialplan (or whatever you changed it to) needs to be set up to accept incoming DUNDi requests. To do this, just put in extensions like you would normally and then you can do whatever you want with them. The extension numbers should include the 8xx code before any internal extension numbers. Here are some examples, the action you take for a particular number can be anything you like just like in a normal dialplan. But you must define the number in this context otherwise DUNDi will not advertise the number to the other peers.

exten => 8761555,1,Goto(internal,1555,1)
exten => _8762XXX,1,Goto(internal,${EXTEN:3},1)
exten => 8761234,1,Hangup(34)
exten => _8763X.,1,Busy

There is an alternative way of doing this and that is to do nothing with the numbers you define but include other contexts:

exten => 8761234,1,NoOp
exten => 8761235,1,NoOp
exten => _8762XXX,1,NoOp
include => internal

Final steps

Restart Asterisk and everything (if all is set up correctly) should start working.

How to test

You can do number lookups from the Asterisk command line using this command:

dundi lookup 8761555@aa-asterisk bypass

where 8761555 is the number you want to look up, and the optional bypass parameter ignores the local cache (which is good for testing). If you get a result from a remote peer then all is working!

Calling other aa-asterisk DUNDi numbers from your dialplan

Here's an example of how you can call other aa-asterisk DUNDi members from your dialplan (based on 1.6):

exten => _8XX[012345679].,1,Set(CALLERID(num)=8xx${CALLERID(num)}) <-- replace 8xx with your 8xx code
exten => _8XX[012345679].,n,Dial(${DUNDILOOKUP(${EXTEN},aa-asterisk)});
exten => _8XX[012345679].,n,Hangup(${HANGUPCAUSE});

If you're using extensions.ael rather than extensions.conf this is an example of an outbound context to dial your DUNDi members

context outbound-aa-asterisk {                           <-- context that your internal phones have access to
  _8XX[012345679]. => {
    Set(CALLERID(num)=8xx${CALLERID(num)});                <--- replace 8xx with your own 8xx code