aboutsummaryrefslogtreecommitdiff
path: root/src/blog/building-a-personal-voip-system
diff options
context:
space:
mode:
Diffstat (limited to 'src/blog/building-a-personal-voip-system')
-rw-r--r--src/blog/building-a-personal-voip-system/index.md991
1 files changed, 991 insertions, 0 deletions
diff --git a/src/blog/building-a-personal-voip-system/index.md b/src/blog/building-a-personal-voip-system/index.md
new file mode 100644
index 0000000..4d32748
--- /dev/null
+++ b/src/blog/building-a-personal-voip-system/index.md
@@ -0,0 +1,991 @@
+---
+title: Building a Personal VoIP System
+date: May 25, 2023
+description: Take control of your telephony with Asterisk!
+---
+
+I've always been a big [self-hoster](https://github.com/sacredheartsc/selfhosted),
+but had never attempted anything related to VoIP. I recently purchased some IP
+phones and set up a personal home phone network using [Asterisk](https://www.asterisk.org/).
+This guide will help you set up your own digital telephone system using
+open-source tools.
+
+This guide is written for those who are experienced with self-hosting, but are
+totally unfamiliar with VoIP. Therefore, I'm going to gloss over certain
+uninteresting technicalities for the sake of brevity.
+
+
+## SIP: A Brief Introduction
+
+Before getting your hands dirty with phone configuration and Asterisk dialplans,
+it's worth taking some time to understand the underlying network protocols
+involved. This will pay dividends later on when you're debugging the inevitable
+connectivity issues with your voice calls (trust me).
+
+The [Session Initialization Protocol](https://www.ietf.org/rfc/rfc3261.txt), or
+SIP, is a signaling protocol used by basically every digital telephony device
+produced in the last two decades. VoIP phones, softphones, office conferencing
+devices...they all use SIP. SIP can use either TCP or UDP, and usually listens
+on port 5060.
+
+There are two really important things you need to know about about SIP.
+
+ 1. SIP does **not** carry the voice data. It's just a signaling protocol,
+ and it's only used to negotiate which IP address, port, and audio format
+ should be used to carry the audio stream.
+
+ 2. SIP was initially released in 1999, and was designed with the assumption
+ that each device has its own globally routable public IP address. After
+ all, the IPv6 standard was released back in 1995, and NAT would soon be a
+ thing of the past...right? Unforunately, this did not end up being the case.
+
+For example, let's say we have a standard home network with two VoIP phones in
+the local 192.168.1.0/24 subnet. Consider what happens when these two phones want
+to call each other. In plain English, the SIP handshake will go something like
+this:
+
+> Hello 192.168.1.6.<br>
+> I would like to place an audio call using the G.711 codec.<br>
+> Please send your audio frames to me at address 192.168.1.5, port 20000.
+
+> Hi there, 192.168.1.5!<br>
+> Sure, I support the G.711 codec.<br>
+> Please send your audio frames to me at address 192.168.1.6, port 30000.
+
+Each phone randomly chooses an unused UDP port on which to receive the other
+party's audio stream. After the SIP negotiation, they will both send voice data
+to each other using the [Real-Time Transport Protocol](https://www.rfc-editor.org/rfc/rfc3550),
+or RTP. Since they are both on the same local network, this works fine.
+
+### NAT Problems
+
+Now consider what happens when we call someone _outside_ of our local network.
+Let's say our router has a public IP of 203.0.113.8, and our friend Alice has
+address 198.51.100.7.
+
+> Hello 198.51.100.7. Is Alice there?<br>
+> I would like to place an audio call using the G.711 codec.<br>
+> Please send your audio frames to me at address 192.168.1.5, port 20000.
+
+> Hi there, "192.168.1.5". I see you have source IP 203.0.113.8...strange!<br>
+> Sure, I support the G.711 codec.<br>
+> Please send your audio frames to me at address 198.51.100.7, port 30000.
+
+Thanks to [network address translation](https://en.wikipedia.org/wiki/Network_address_translation),
+or NAT, we are able to make the SIP connection to Alice. Unfortunately, you
+will probably find that audio only works in one direction!
+
+We've got two problems. First, we've asked Alice to send her audio to our _local_
+IP address, which won't route over the Internet. Luckily, most devices are smart
+enough to use the source address of the incoming packet when these don't match up.
+So Alice's audio stream will probably end up at our router.
+
+But second, our router will still block all of her audio traffic! When it receives
+a UDP packet from Alice's audio stream, there's no stateful NAT connection to
+match it back to an internal client, so it's silently dropped. Sad!
+
+### NAT Solutions
+
+There are three ways to solve this problem.
+
+1. Give each of your SIP devices its own public IP (probably not feasible).
+
+2. Use a SIP [Application Layer Gateway](https://www.voip-info.org/routers-sip-alg/).
+ This is a horrible feature offered by some routers. Basically, it deep-packet-inspects
+ your SIP traffic, rewrites the headers, and creates port forwards on-the-fly
+ to make sure the inbound audio stream makes its way to your device.
+
+ SIP ALGs are a total hack and notoriously buggy. In addition, when you decide
+ to encrypt your SIP traffic using TLS, they quit working altogether.
+
+3. Configure a fixed RTP port range on each of your SIP devices, then create
+ static port forwarding rules on your router for each device. This is really
+ the only decent option.
+
+ Note that since we'll be using Asterisk, you also have the option of
+ "proxying" all your audio streams through the Asterisk box--then you only
+ have one port forward to set up (we'll get to that later).
+
+
+## Asterisk: What _is_ it?
+
+[Asterisk](https://www.asterisk.org/) is an open-source implementation of a
+[private branch exchange](https://en.wikipedia.org/wiki/Business_telephone_system#Private_branch_exchange),
+or PBX. If you're a VoIP novice like I was, this is probably meaningless to you.
+
+A PBX is the central brain of any private telephone network. The general idea is
+this: You plug a bunch of dumb telephones into one side of the PBX, and you plug
+one or more uplinks to the [PSTN](https://en.wikipedia.org/wiki/Public_switched_telephone_network "Public Switched Telephone Network")
+into the other side. The PBX lets the internal phones dial each other using
+private internal extensions, while multiplexing calls to and from the PSTN. It
+also handles advanced features like voicemail, call queues, hunt groups, and
+interactive menus for callers.
+
+In the old days, the PBX would be a huge box down in the server room with a
+rat's nest of of RJ-11 telephone cables sprawling out, connecting it to every
+single phone in the office. These monstrosities have since been replaced with
+software-based PBXes that talk SIP over standard Ethernet networks. Asterisk is
+the de-facto open source PBX.
+
+
+## Jargon Glossary
+
+Before we get started, you need to know some lingo. Asterisk is an _old_ project,
+with an unintuitive configuration. Hopefully this section will help you decipher
+some of the documentation and setup guides you find out there.
+
+Extensions
+: Technically, in Asterisk parlance, any dialed number is an extension. In
+ practice though, an _extension_ typically refers to a _local_ phone number
+ (like 6001) with an associated SIP account. While extensions can be
+ alphanumeric, virtually no one does this--most people use 3- or 4-digit
+ numbers.
+
+Queues
+: Asterisk [queues](https://www.voip-info.org/asterisk-call-queues/) are a
+ mechanism for managing incoming callers. You can configure which local
+ extensions should ring for each queue, and even play custom music while
+ callers are waiting.
+
+SIP Trunk
+: A "SIP Trunk" is just a fancy term for your upstream telephone provider. For
+ example, if you subscribe to a provider like [VOIP.ms](https://voip.ms/en/invite/MzU5Nzc4),
+ they'll give you a public phone number and a SIP server to connect to, along
+ with a username and password. This is your "SIP Trunk."
+
+DID
+: A DID, or "Direct Inward Dial," is the technical term for a public phone number.
+
+Contexts
+: In Asterisk, every call is assigned a _context_. The context is simply a
+ name of your choosing, and you specify it when you configure each extension
+ or SIP trunk. For example, I give all my internal phones a context called
+ `from-home`, and I give my SIP trunk a context called `from-pstn`.
+
+Dialplan
+: The Asterisk [dialplan](https://wiki.asterisk.org/wiki/display/AST/Dialplan)
+ is an arcane scripting language where you define what happens when you dial a
+ number or an incoming call is received. The dialplan is the glue between the
+ _extensions_ and _contexts_ described above. The syntax is fairly unintuitive,
+ but don't worry! We'll walk through it in a later section.
+
+Codecs
+: A codec is a type of digital encoding used for the audio stream over the
+ wire. Every VoIP device supports one or more codecs, and you need at least
+ one common codec with the other party to make calls. When no shared codecs
+ are supported, Asterisk has the ability to do man-in-the-middle transcoding.
+ <br>
+ [G.711](https://en.wikipedia.org/wiki/G.711) is basically the only codec with
+ universal support. It has two versions: `ulaw` (North America/Japan) and
+ `alaw` (everywhere else). I use a higher quality codec ([G.722](https://en.wikipedia.org/wiki/G.722))
+ for internal calls, and let Asterisk transcode down to G.711 when I call out
+ to the PSTN.
+
+BLF / Presence
+: The BLF, or busy lamp field, is a little LED on your VoIP phone that lights
+ up when one of your contacts is using their line. In Asterisk, this functionality
+ is enabled by something called a [presence subscription](https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip+for+Presence+Subscriptions).
+
+SIP / PJSIP
+: On some guides online, you will see references to the `chan_sip` and `chan_pjsip`
+ modules. `chan_sip` is the legacy Asterisk SIP implementation. You should be
+ using PJSIP for everything these days.
+
+
+## Step 1: Acquire an IP Phone
+
+First, you will need one or more VoIP phones. Any device that supports SIP
+calling should work fine with Asterisk, so this mostly comes down to personal
+preference.
+
+As a beginner, you'll probably want to select for ease of configuration. Most
+modern VoIP phones expose a friendly web GUI where you configure all your SIP
+accounts, ring settings, etc. I'd also recommend avoiding any devices that
+rely on proprietary setup tools.
+
+Personally, I've had zero problems with Yealink devices. I recommend the [T54W](https://www.yealink.com/en/product-detail/ip-phone-t54w)
+model for a desk phone, or the [W73P](https://www.yealink.com/en/product-detail/dect-phone-w73p)
+if you prefer a cordless model. You can buy these new at the usual online retailers,
+but eBay often has used models for sale if you want to save some money.
+
+If you don't want to buy a physical device, you can also use a softphone app
+like [Linphone](https://f-droid.org/en/packages/org.linphone/). I use it on my
+Android phone running [GrapheneOS](https://grapheneos.org/), and it works well
+with the right settings. I'll cover Linphone in a later section.
+
+
+## Step 2: Subscribe to a VoIP Provider
+
+Next, you need to subscribe to a VoIP service so you can make and receive calls
+over the PSTN. You'll often see people call this a "SIP Trunk."
+
+Basically, you pay a VoIP company a small monthly fee, usually $3-$5 per month
+for a single DID. In exchange, they give you a public telephone number, along
+with credentials for their SIP server. After configuring Asterisk to connect to
+that SIP server, you can make and receive calls via the PSTN with that number.
+
+I can personally recommend two providers.
+
+1. [VOIP.ms](https://voip.ms/en/invite/MzU5Nzc4) is an inexpensive provider with
+ servers in the USA, Canada, and western Europe. You can get "unlimited"
+ inbound calls with a single DID for about $5 a month, or less if you pay by the
+ minute.
+
+ VOIP.ms also supports call encryption via TLS/SRTP, which is nice.
+
+2. [JMP.chat](https://jmp.chat/) (USA/Canada only) is an XMPP-based service that
+ lets you make and receive voice calls and SMS/MMS messages using your
+ existing XMPP account. I especially like JMP because there's already tons of
+ high-quality native XMPP apps for both desktop and mobile devices. In
+ addition, their entire stack is open source.
+
+ While JMP is primarily focused on XMPP calling, they also provide you with
+ a SIP account that you can use with Asterisk.
+
+There are _tons_ of other VoIP providers out there, so shop around.
+
+
+## Step 3: Configure Asterisk
+
+Now you're ready to set up Asterisk. These instructions are written for RHEL-based
+distributions, but should be applicable to other Unixen.
+
+### Installation
+
+First, install Asterisk:
+
+```bash
+dnf install asterisk asterisk-pjsip asterisk-voicemail-plain
+```
+
+You'll also need the sound files. Some distributions include these with their
+Asterisk package (EPEL does not).
+
+```bash
+for codec in g722 g729 gsm sln16 ulaw wav; do
+ curl -sL "https://downloads.asterisk.org/pub/telephony/sounds/asterisk-core-sounds-en-${codec}-current.tar.gz" \
+ | tar xvz -C /usr/share/asterisk/sounds
+done
+```
+
+### Network Configuration
+
+Now we're ready to edit some config files. If you're behind a NAT (likely), you'll
+need to start by telling Asterisk about your local network. Edit `/etc/asterisk/pjsip.conf`
+and add some transport templates.
+
+```lisp
+; /etc/asterisk/pjsip.conf
+
+; This template contains default settings for all transports.
+[transport-defaults](!)
+type = transport
+bind = 0.0.0.0
+
+; For communication to any addresses within local_nets, Asterisk will not apply
+; NAT-related workarounds.
+local_net = 127.0.0.0/8
+local_net = 10.0.0.0/8
+local_net = 172.16.0.0/12
+local_net = 192.168.0.0/16
+
+; If you have a public static IP for your Asterisk server, set it here.
+external_media_address = 203.0.113.8
+external_signaling_address = 203.0.113.8
+
+
+; The following UDP and TCP transports will inherit from the defaults.
+[transport-udp](transport-defaults)
+protocol = udp
+
+[transport-tcp](transport-defaults)
+protocol = tcp
+```
+
+Remember our discussion about NAT and RTP audio streams above? We also need to
+set up a static port range for incoming UDP audio traffic. Choose a suitable
+range for your Asterisk server in `rtp.conf`. Then, set up port forwarding on
+your router/firewall to forward all incoming UDP traffic within that range to the
+internal IP of your Asterisk server.
+
+**If your Asterisk server is behind NAT and you forget to do this, you'll experience
+one-way audio in your phone calls.**
+
+```lisp
+; /etc/asterisk/rtp.conf
+
+[general]
+rtpstart=20000
+rtpend=20999
+```
+
+### SIP Trunks
+
+Next, we'll configure our SIP trunk(s). I'll be using `pjsip_wizard.conf`, since
+the PJSIP Wizard configuration style eliminates a ton of boilerplate.
+For this step, you'll need a server hostname and port, along with the username
+and password provided by your upstream SIP provider.
+
+```lisp
+; /etc/asterisk/pjsip_wizard.conf
+
+; This template contains default settings for all SIP trunks.
+[trunk-defaults](!)
+type = wizard
+
+; Require SIP authentication.
+sends_auth = yes
+
+; Require SIP registration.
+sends_registrations = yes
+
+; Send media to the address and port on the incoming packet, regardless of what
+; the SIP headers say (NAT workaround).
+endpoint/rtp_symmetric = yes
+
+; Rewrite the SIP contact to the address and port of the request (NAT workaround).
+endpoint/rewrite_contact = yes
+
+; Send the Remote-Party-ID SIP header. Some providers need this.
+endpoint/send_rpid = yes
+
+; Force the ulaw codec, which should work for everything in North America.
+endpoint/allow = !all,ulaw
+
+; Call encryption is out of scope for this guide.
+endpoint/media_encryption = no
+
+; If registration fails, keep trying ~forever.
+registration/max_retries = 4294967295
+
+; Don't assume an authentication failure is permanent.
+registration/auth_rejection_permanent = no
+
+; Perform a connectivity check every 30 seconds.
+aor/qualify_frequency = 30
+
+
+; Your SIP trunks go here. For this example, we'll assume you're using VOIP.ms.
+; You can pick whatever section name you like, as long as its unique.
+[voipms](trunk-defaults)
+; You almost certainly want to use TCP.
+transport = transport-tcp
+
+; Hostname and port for your SIP provider.
+remote_hosts = atlanta2.voip.ms:5060
+
+; Choose a context name for incoming calls from this account. You'll use this
+; name in your dialplan.
+endpoint/context = from-pstn
+
+; Your SIP provider will give you these credentials.
+outbound_auth/username = 555555
+outbound_auth/password = s3cret
+```
+
+### Local SIP Extensions
+
+In the same file, we'll also configure our local extensions. You'll need an
+extension for each VoIP handset or softphone within your network. I'll be
+using a prefix of `6XXX` for local extensions, but feel free to use whatever
+convention you prefer.
+
+The following example has three extensions: two dedicated VoIP
+handsets, and one Android softphone. Note that if you want
+to use a softphone outside of your local network, you'll need to either open
+your Asterisk instance to the world (not recommended, unless you know what you're doing)
+or set up some kind of VPN.
+
+```lisp
+; /etc/asterisk/pjsip_wizard.conf
+
+; This template contains default settings for all local extensions.
+[extension-defaults](!)
+type = wizard
+
+; Require clients to register.
+accepts_registrations = yes
+
+; Require clients to authenticate.
+accepts_auth = yes
+
+; When simultaneous logins from the same account exceed max_contacts, disconnect
+; the oldest session.
+aor/remove_existing = yes
+
+; For internal phones, allow the higher quality g722 codec in addition to ulaw.
+endpoint/allow = !all,g722,ulaw
+
+; Context name for BLF/presence subscriptions. This can be any string of your
+; choosing, but I'm using "subscribe". We'll use this in the dialplan later.
+endpoint/subscribe_context = subscribe
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Extension 6001 - VoIP phone
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[6001](extension-defaults)
+; Dialplan context name for calls originating from this account.
+endpoint/context = from-home
+
+; Voicemail address (note: I'm using the same voicemail address for all extensions)
+endpoint/mailboxes = 6000@default
+
+; Internal Caller ID string for this device.
+endpoint/callerid = Living Room <6001>
+
+; Username for SIP account. By convention, this should be the extension number.
+inbound_auth/username = 6001
+
+; Password for SIP account (you can choose whatever password you like).
+inbound_auth/password = s3cret
+
+; Maximum number of simultaneous logins for this account.
+aor/max_contacts = 1
+
+; Check connectivity every 30 seconds.
+aor/qualify_frequency = 30
+
+; Set connectivity check timeout to 3 seconds.
+aor/qualify_timeout = 3.0
+
+; IMPORTANT! This setting determines whether the audio stream will be proxied
+; through the Asterisk server.
+;
+; If this device is directly reachable by the internet (either by a publicly
+; routable IP, or static port mappings on your router), choose YES.
+;
+; Otherwise, if this device is hidden behind NAT, choose NO.
+endpoint/direct_media = yes
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Extension 6002 - VoIP phone
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; (Same settings as above, except for the extension number and password.)
+[6002](extension-defaults)
+endpoint/context = from-home
+endpoint/mailboxes = 6000@default
+endpoint/callerid = Kitchen <6002>
+inbound_auth/username = 6002
+inbound_auth/password = s3cret2
+aor/max_contacts = 1
+aor/qualify_frequency = 30
+aor/qualify_timeout = 3.0
+endpoint/direct_media = yes
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Extension 6003 - Linphone app on Android device
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[6003](extension-defaults)
+endpoint/context = from-home
+endpoint/mailboxes = 6000@default
+endpoint/callerid = Smartphone <6003>
+inbound_auth/username = 6003
+inbound_auth/password = s3cret3
+aor/max_contacts = 1
+endpoint/direct_media = no
+
+; For mobile devices, connectivity checks should be disabled.
+; Two reasons for this:
+; 1. Poor cellular signal often causes the connectivity check to time out,
+; even when nothing is actually wrong.
+; 2. Frequent traffic on the TCP session causes constant wakeups and kills
+; battery life.
+aor/qualify_frequency = 0
+```
+
+### Voicemail
+
+Voicemail recordings are stored on the local filesystem of the Asterisk server.
+You can access them by dialing a special voicemail extension from a local phone
+(configured in your dialplan). In addition, if you have a local [MTA](https://en.wikipedia.org/wiki/Message_transfer_agent "Mail Transfer Agent")
+running, Asterisk can dispatch an email to an address of your choice whenever new
+voicemails arrive.
+
+In the previous section, we referenced a voicemail address called `6000@default`
+for our internal extensions. We'll create the actual voicemail box in `voicemail.conf`.
+
+```lisp
+; /etc/asterisk/voicemail.conf
+
+; This section contains global voicemail options.
+[general]
+; Audio formats to store voicemail files.
+format=wav49|gsm|wav
+
+; "From:" address used for sending voicemail emails.
+serveremail=asterisk-noreply@example.com
+
+; Whether to attach the voicemail audio file to notification emails.
+attach=yes
+
+; Maximum number of messages per mailbox.
+maxmsg=100
+
+; Maximum length of a voicemail message in seconds.
+maxsecs=300
+
+; Maximum length of a voicemail greeting in seconds.
+maxgreet=60
+
+; How many milliseconds to skip forward/back when rew/ff in message playback.
+skipms=3000
+
+; How many seconds of silence before we end the recording.
+maxsilence=10
+
+; Silence threshold (what we consider silence: the lower, the more sensitive).
+silencethreshold=128
+
+; Maximum number of failed login attempts.
+maxlogins=3
+
+; Email template for voicemail notifications.
+emailsubject=New voicemail ${VM_MSGNUM} in mailbox ${VM_MAILBOX}
+emailbody=Hi ${VM_NAME},\n\nYou have a new voicemail in mailbox ${VM_MAILBOX}.\n\nFrom: ${VM_CALLERID}\nDate: ${VM_DATE}\nDuration: ${VM_DUR}\nMessage Number: ${VM_MSGNUM}
+emaildateformat=%A, %B %d, %Y at %r
+
+; Default timezone for mailboxes (defined in zonemessages section below).
+tz=myzone
+
+; Locale for generating date/time strings.
+locale=en_US.UTF-8
+
+; Minimum voicemail password length.
+minpassword=4
+
+
+; Custom timezone definitions go in this section.
+[zonemessages]
+myzone=America/New_York|'vm-received' Q 'digits/at' IMp
+
+
+;;;;;;;;;;;;;;;;;
+; Voicemail Boxes
+;;;;;;;;;;;;;;;;;
+
+; Each of the following sections describe a voicemail "context," which is a
+; a collection of voicemail boxes. If you don't need multiple contexts, you
+; can specify "default".
+;
+; The format is as follows:
+; VOICEMAIL_NUMBER => INITIAL_PASSWORD,REAL_NAME,EMAIL_ADDRESS,,,
+;
+; The last three fields aren't relevant for simple configurations.
+
+[default]
+6000 => 1234,John Doe,johndoe@example.com,,,
+```
+
+### Queues
+
+When someone calls our phone number, we'd like all our phones to ring simultaneously
+(similar to a traditional landline phone). We can emulate this behavior in Asterisk
+using a `ringall` queue.
+
+Queues are configured in `queues.conf`.
+
+```lisp
+; /etc/asterisk/queues.conf
+
+; Global queue settings go in this section.
+[general]
+; Persist dynamic member lists in the astdb.
+persistentmembers = yes
+
+; Some options for more intuitive queue behavior.
+autofill = yes
+monitor-type = MixMonitor
+shared_lastcall = yes
+log_membername_as_agent = yes
+
+;;;;;;;;;;;;;;;;;;;
+; Queue Definitions
+;;;;;;;;;;;;;;;;;;;
+
+; The "home-phones" queue is for incoming calls to our home phone line.
+[home-phones]
+; For each incoming call, ring all members of the queue.
+strategy = ringall
+
+; Max number of seconds a caller waits in the queue.
+timeout = 30
+
+; Don't announce estimated hold time, etc.
+announce-frequency = 0
+announce-holdtime = no
+announce-position = no
+periodic-announce-frequency = 0
+
+; Allow ringing even when no queue members are present.
+joinempty = yes
+leavewhenempty = no
+
+; Ring member phones even when they are on another call.
+ringinuse = yes
+
+; Queue Members
+;
+; Each member is specified with the following format:
+; member => INTERFACE,PENALTY,FRIENDLY_NAME,PRESENCE_INTERFACE
+;
+; The "penalty" value is not interesting for our use case.
+; With PJSIP, the BLF/Presence interface is identical to the standard interface name.
+member => PJSIP/6001,0,Living Room,PJSIP/6001
+member => PJSIP/6002,0,Kitchen,PJSIP/6002
+member => PJSIP/6003,0,Smartphone,PJSIP/6003
+```
+
+### The Dialplan
+
+At this point, we've configured our upstream SIP trunks, created SIP accounts for
+some local phone extensions, and even defined a queue for incoming calls.
+All that's left is to glue all this together in a [dialplan](https://wiki.asterisk.org/wiki/display/AST/Dialplan)!
+
+The dialplan is configured in `extensions.conf`, and it's definitely the least intuitive
+aspect of Asterisk. You'll most likely find its syntax to be confusing at first glance.
+
+The thing to remember is that in the dialplan, everything is an _application_.
+Hanging up is performed by the `Hangup()` application, and voicemail prompts are handled
+by the `Voicemail()` application. Dialing a phone number is handled by (you guessed it)
+the `Dial()` application. Each application can take one or more comma-separated arguments.
+
+Now, for the syntax. Each dialplan context is marked by square brackets. Each
+line within the context is (confusingly) called an _extension_, and has the
+following format:
+
+```lisp
+[context-name]
+exten => NAME,PRIORITY,APPLICATION()
+exten => NAME,PRIORITY,APPLICATION()
+; etc...
+```
+
+The _name_ is the number (or pattern) of the extension.
+
+The _priority_ defines the order in which the step should be executed.
+
+Finally, the _application_ performs some action on the call.
+
+A simple context definition might look something like this:
+
+```lisp
+[from-home]
+; ${EXTEN} is a macro which expands to the currently dialed number.
+exten => _6XXX,1,Dial(PJSIP/${EXTEN})
+exten => _6XXX,2,Hangup()
+```
+
+This dialplan section allows internal phones to call each other.
+The `_6XXX` is an extension pattern. When a device in the `from-home`
+context dials a 4-digit extension beginning with `6`, Asterisk will
+ring the corresponding PJSIP account.
+
+
+Because it gets tedious repeating the same extension name over and over,
+Asterisk provides some syntactic sugar. The exact same dialplan could also
+be written as the following:
+
+```lisp
+[from-home]
+exten => _6XXX,1,Dial(PJSIP/${EXTEN})
+ same => n,Hangup()
+```
+
+Below, I've provided a complete Asterisk dialplan for our example VoIP network.
+It supports the following features:
+
+ 1. Internal phones can dial each other via their 4-digit extension.
+
+ 2. Internal phones can dial out to the PSTN via standard 10-digit numbers.
+
+ 3. Internal phones can access the voicemail menu by dialing `*99`.
+
+ 4. Internal phones can show BLF/line status for all other phones.
+
+ 5. Incoming calls from the PSTN will ring all internal phones simultaneously.
+ Callers will be sent to voicemail if no one answers within 25 seconds.
+
+ 6. If your phones support the "auto answer" header, you can initiate a whole-house
+ intercom by dialing `6000`.
+
+I'll provide plenty of comments to help you understand the arcane syntax.
+Hopefully it will be enough to bootstrap your own dialplan!
+
+```lisp
+; /etc/asterisk/extensions.conf
+
+; Remember, context names for each SIP account are specified in pjsip_wizard.conf.
+
+; First, some safeguards against abuse of the built-in contexts.
+[public]
+exten => _X.,1,Hangup(3)
+[default]
+exten => _X.,1,Hangup(3)
+
+
+; Next, some global variables. You'll need to change some of these.
+[globals]
+; Your local area code.
+MY_AREA_CODE = 555
+
+; Your real name and public phone number. This will be used for outgoing calls
+; to the PSTN.
+MY_CALLER_ID = John Doe <+5555555555>
+
+; Dial this number from a local phone to access the voicemail menu.
+VOICEMAIL_NUMBER = *99
+
+; Voicemail address (configured in voicemail.conf)
+VOICEMAIL_BOX = 6000@default
+
+; Ring for this many seconds before forwarding the caller to voicemail.
+VOICEMAIL_RING_TIMEOUT = 25
+
+; Name of the 'ringall' queue for local phones.
+HOME_QUEUE = home-phones
+
+; Number to dial for local intercom.
+INTERCOM = 6000
+
+; Dial pattern for local extensions.
+LOCAL_EXTS = _6XXX
+
+
+; Boilerplate to enable BLF/presence subscriptions. Note that the context name
+; corresponds to the "endpoint/subscribe_context" value in pjsip_wizard.conf.
+[subscribe]
+exten => _XXXX,hint,PJSIP/${EXTEN}
+
+
+; This context handles incoming calls from our SIP trunk provider. Each call is
+; is placed into a ringall queue. If there is no answer, the caller is forwarded
+; to voicemail.
+[from-pstn]
+exten => _X.,1,Queue(${HOME_QUEUE},nr,,,${VOICEMAIL_RING_TIMEOUT})
+ same => n,Answer(500)
+ same => n,Voicemail(${VOICEMAIL_BOX},su)
+ same => n,Hangup()
+
+
+; This is a function (or "gosub" in Asterisk lingo) that sets the "auto answer"
+; SIP header on an outgoing call.
+[gosub-intercom]
+exten => s,1,Set(PJSIP_HEADER(add,Alert-Info)=auto answer)
+ same => n,Return()
+
+
+; This context handles incoming calls from local phones.
+[from-home]
+; When the INTERCOM number is dialed, page all members of the "home-phones" queue
+; into a conference call.
+exten => ${INTERCOM},1,Set(CALLERID(all)=Intercom <${EXTEN}>
+ same => n,Page(${STRREPLACE(QUEUE_MEMBER_LIST(${HOME_QUEUE}),",","&")},db(gosub-intercom^s^1),10)
+ same => n,Hangup()
+
+; For local-to-local calls, ring indefinitely.
+exten => ${LOCAL_EXTS},1,Dial(PJSIP/${EXTEN})
+ same => n,Hangup()
+
+; When the voicemail number is dialed, dump the caller into the voicemail menu.
+exten => ${VOICEMAIL_NUMBER},1,Answer(500)
+ same => n,VoiceMailMain(${VOICEMAIL_BOX},s)
+ same => n,Hangup()
+
+; The following extensions are used to dial out to the PSTN via our SIP trunk,
+; using a personalized caller ID string.
+;
+; Recall that we named our SIP trunk "voipms" in pjsip_wizard.conf.
+;
+; N matches any digit 2-9
+; X matches any digit 1-9
+
+; For numbers formatted as +1xxxxxxxxxx, dial as-is.
+exten => _+1NXXNXXXXXX,1,Set(CALLERID(all)=${MY_CALLER_ID})
+ same => n,Dial(PJSIP/${EXTEN}@voipms)
+ same => n,Hangup()
+
+; For numbers like 1xxxxxxxxxx, add a leading "+".
+exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=${MY_CALLER_ID})
+ same => n,Dial(PJSIP/+${EXTEN}@voipms)
+ same => n,Hangup()
+
+; For numbers without a country code, add a "+1".
+exten => _NXXNXXXXXX,1,Set(CALLERID(all)=${MY_CALLER_ID})
+ same => n,Dial(PJSIP/+1${EXTEN}@voipms)
+ same => n,Hangup()
+
+; For 7-digit numbers, add the local area code.
+exten => _NXXXXXX,1,Set(CALLERID(all)=${MY_CALLER_ID})
+ same => n,Dial(PJSIP/+1${MY_AREA_CODE}${EXTEN}@voipms)
+ same => n,Hangup()
+
+; For 3-digit numbers, like 311, 411, 911 (UNTESTED!!!), dial as-is.
+exten => _N11,1,Set(CALLERID(all)=${MY_CALLER_ID})
+ same => n,Dial(PJSIP/${EXTEN}@voipms)
+ same => n,Hangup()
+```
+
+### Troubleshooting
+
+Once you've got all your configs in place, give Asterisk a kick:
+
+```bash
+systemctl restart asterisk
+```
+
+On RedHat-based distributions, you can check `/var/log/asterisk/messages` for
+errors. You can also check the systemd journal:
+
+```bash
+journalctl -u asterisk
+```
+
+You can also get lots of real-time information from the Asterisk console.
+To try it out, run the following command as root:
+
+```bash
+asterisk -rvvvvv
+```
+
+If you're experiencing connectivity issues with your voice calls, you can
+enable SIP debugging in the console using the following command:
+
+```default
+pjsip set logger on
+```
+
+## Step 4: Configure your IP Phones
+
+The final step is to configure your VoIP phones to connect to your Asterisk server,
+and make a few test calls! The instructions here are for Yealink phones, but they
+should easily translate to other manufacturers.
+
+### SIP Account
+
+Navigate to the IP address of the VoIP phone in your web browser, and log in with the
+default username and password (usually `admin/admin`). From here, you should be able to
+add a SIP account. In the Yealink interface, this is found under _Account→Register_.
+
+For the "Living Room" extension we created above, you would set the following:
+
+- **Register Name:** 6001
+- **Username:** 6001
+- **Password**: s3cret
+- **Server Host:** _IP/hostname of your Asterisk server_
+- **Server Port:** 5060
+- **Transport:** UDP
+
+### Codecs
+
+You should also make sure the appropriate codecs are enabled on the device. In
+the Yealink web interface, you'll find them under _Account→Codec_. I recommend
+enabling these codecs in the following priority:
+
+1. **G722**, for high-quality local calls
+2. **PCMU** (_ulaw_), for dialing out to the PSTN
+
+Asterisk will automatically transcode G722 down to _ulaw_ if the other side doesn't
+support it. You can mess around with even higher quality codecs like Opus, but
+in my experience they are not well supported nor easy to transcode.
+
+### RTP Port Range
+
+To reduce load on the Asterisk server, you may want your VoIP phone to send and
+receive audio streams directly to and from the other party. To do this, you'll
+need to configure your router/firewall to forward all incoming RTP traffic for
+the device.
+
+First, give the device a static IP on your local network. Then, configure your
+router to port-forward all UDP traffic on your chosen RTP port range to that IP.
+
+In the Yealink web interface, you can configure a static RTP port range under
+_Network→Advanced→Local RTP Port_.
+
+If you _don't_ do all this, then make sure `endpoint/direct_media` is set to
+`no` for the SIP account in `pjsip_wizard.conf`!
+
+### Voicemail Number
+
+You'll also want to configure which number the phone should dial when you press
+the voicemail button. In the Yealink web interface, set _Account→Advanced→Voice Mail_
+to `*99` (or whatever you number you chose for `VOICEMAIL_NUMBER` above).
+
+### Busy Lamp Field (BLF)
+
+You may want to have your phone's LED light up when a given line is on a call. In the
+Yealink web interface, you can configure this under _Dsskey→Line Key_.
+
+For each line you're interested in, set **Type** to _BLF_ and **Value** to the other
+party's extension number.
+
+### Intercom
+
+For the intercom functionality described in the dialplan above, make sure the phone
+is configured to allow auto-answer. In the Yealink web interface, you can configure
+this by setting _Features→Intercom→Intercom Allow_ to _on_.
+
+## VoIP on Android: Linphone
+
+In the past, Android provided a built-in SIP client. Sadly, [as of Android 12](https://www.xda-developers.com/android-12-killing-native-sip-calling/),
+this has been removed.
+
+After trying all of the SIP apps available in F-Droid, I'm only able to recommend [Linphone](https://f-droid.org/en/packages/org.linphone/).
+It works with bluetooth devices, has an intuitive interface, and reliably delivers calls.
+
+To keep Android from killing the app, you'll need to make sure battery optimizations
+are disabled. Go to _Settings→Apps→See All Apps→Linphone→App Battery Usage_ and select
+_Unrestricted_.
+
+When configuring the SIP account in Linphone, use the following settings:
+
+- **Username:** 6003 _(or your chosen mobile extension)_
+- **Password:** _your chosen SIP account password_
+- **Domain:** _IP/hostname of your Asterisk server_
+- **Transport:** TCP
+- **Expire:** 3600
+- **Apply prefix for outgoing calls:** _enabled_
+
+You'll definitely want to use the TCP transport for a mobile device. Smartphone
+radios are exceedingly efficient at keeping a long-running TCP connection open,
+and TCP will reliably deliver your SIP packets even with a poor cellular signal.
+
+With _Expire_ set to 3600, your phone will wake up every hour to re-establish the
+SIP connection. I've never had any connectivity issues with the TCP transport, but
+if you're paranoid, you might want to set this to a lower value.
+
+I've also found the following Linphone settings useful:
+
+- **Settings→Audio→Echo cancellation:** _disabled_ (most phones have hardware-level echo cancellation)
+- **Settings→Audio→Adaptive rate control:** _enabled_
+- **Settings→Audio→Codec bitrate limit:** 128 kbits/s
+- **Settings→Audio→Codecs:** _enable PCMU and G722_
+- **Settings→Call→Improve interactions with bluetooth devices:** _enabled_
+- **Settings→Call→Voice mail URI:** \*99
+- **Settings→Advanced→Start at boot time:** _enabled_
+
+You may be tempted to hide the persistent notification icon while Linphone
+is running. Don't do it! Whenever I've tried to hide this icon, I get tons of
+missed calls, and Asterisk reports the device as offline for minutes at a time.
+As long I keep the icon visible in the notification area, I don't have any issues.
+
+
+## Closing Thoughts
+
+For the past few months, I've used this exact setup for my primary phone number,
+and I've been pleased with the results.
+
+If you decide to self-host your own VoIP infrastructure, you'll definitely want
+to configure some type of QoS on your router or firewall to prioritize voice
+traffic. Otherwise, you'll experience lags and poor audio quality whenever
+your network is congested.
+
+In addition, you may want to investigate encrypting your calls via STRP and SIP
+TLS. I don't personally do this, because voice calls are totally in the clear as
+soon as you connect to the PSTN anyway.
+
+If you'd like to check out the configs required for encrypting your calls, or if
+you just want to get some ideas for automating your Asterisk configuration,
+check out my Ansible role on [GitHub](https://github.com/sacredheartsc/selfhosted/tree/master/roles/asterisk).