Taking some time during this work-from-home event to refresh my Asterisk phone system. The old instance is over 5 years old. It’s time…
While the old PBX was on a simple Dell tower PC, I build the new one as a VM on a VMware ESXi host. I/O latency has been an issue in the past with a setup like this but it’s working nicely now. It’s Fedora Server 31 using stock packages so maintenance should be simpler than the hand-rolled instance I had.
Since the ancient version I ran earlier was released, Asterisk has fixed some logging issues so now Fail2ban should work to update the firewall and block the badguys trying SIP hacks. Ran into an issue though and ended up with this as my config to work around it:
# /etc/fail2ban/jail.d/asterisk.conf
[asterisk]
enabled = true
# copy of the orignal from ../jail.conf with "name=" fixed
action = %(banaction)s[actname=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s"]
%(banaction)s[actname=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s"]
%(mta)s-whois[actname=%(__name__)s, dest="%(destemail)s"]
The switch to pjsip
wasn’t painful and MeetMe has been replaced with
ConfBridge. Other than that, everything seems to work as originally configured.