Technical Support

www http://www.keyyo.fr/fr/support/expert.php
1.0

Documentation technical support

type Configuration Asterisk / Keyyo

Preface:
Documentation provides by the operations team of Keyyo

Page - 1 -

Contents
1. Context of use ..............................................................
........................................... 3 2. Pre-requisite .................
................................................................................
.......................... 3 3. Diagram of operation ...........................
..................................................................... 3 4. Confi
guration Files .................................................................
................................... 3 4.1 SIP.conf .............................
................................................................................
............. 3 4.1.1 #include " /etc/asterisk/keyyo_line/REGISTER" ............
........................................ 3 4.1.2 #include " /etc/asterisk/keyyo_
line/ <line number>" .................................. 4 4.2 Other configuratio
n files ........................................................................
....... 4
Page - 2 -

1. CONTEXT OF USE
The configuration type provided with this document has for objective to provide
users Keyyo a minimalist configuration functional.
It does not aim to cover the whole range of possibilities for this IPBX.
2. PRE-REQUISITE
Asterisk 1.2 and later versions
3. DIAGRAM OF OPERATION
The proposed configuration is broken down into 2 parts:
- The global configuration of the IPBX - The configuration of the Keyyo accounts
linked to the IPBX
4. CONFIGURATION FILES
4.1 sip.conf
This file contains the configuration of the IPBX at the level of usable codecs a
nd accounts Keyyo configured connected to the IPBX
Here are the settings to update:
- realm = <IP ASTERISK>: Replace <IP ASTERISK>By the ip assigned to the IPBX - n
at = <yes|no>: Replace <yes|no>By yes or no according to the location of the IPB
X on the network.
4.1.1 #Include " /etc/asterisk/keyyo_line/REGISTER"
This file allows you to manage the link between the accounts Keyyo and agents lo
cally declared on the IPBX for incoming calls.
Record per line Keyyo:
register =&gt; <username keyyo>: <password keyyo>@ <custid>.lb.keyyo.net/ <age
nt local>
All lines Keyyo must be saved in this file.
List of parameters to customize:
- <username keyyo>: User name Keyyo - <password keyyo>: Associated password.
- <agent local>: Name of the user Asterisk locally declared - <custid>: Customer
number Keyyo (no. to 6 figures indicated on your invoices)
Page - 3 -

4.1.2 #include " /etc/asterisk/keyyo_line/ <line number>"

Each file represented by the above statement in the file sip.conf corresponds to
the recording settings for a line Keyyo and a local account for incoming calls
and outgoing.
List of parameters:
- <NUMERO KEYYO FORMAT INTERNATIONAL>: To replace by the number keyyo in interna
tional format. Example: 33123456789 which corresponds to "0123456789 " - <MOT DE
PASSE LOCAL>: Password for the identification on the asterisk to the local agen
t - <MOT DE PASSE DE LA LIGNE KEYYO>: Account Password Keyyo associated for outg
oing calls
to create each file, you can build on the file "template" named:
template_ligne.tpl
4.2 Other configuration files
The files, asterisk.conf, dnsmgr.conf and extensions.conf have been configured t
o operate without customization with the platform Keyyo.

Page - 4 -

5. SECURING THE INSTALLATION

We would like to draw your attention on the notions of security with the use of
the services of SIP Keyyo, in effect we are seeing an increase of hacks or hacki
ng attempts on the equipment of our customers.
It is therefore necessary that the facilities are properly secured to prevent fr
audulent use of SIP lines.
In addition, it has been detected a security vulnerability on all IPBX based on
a distribution asterisk "FreePbx" (trixbox, elastix, ect ... ), on all these IPB
X passwords SIP appear in clear through the Web interface. In the case where an
attacker successfully exploited to connect on the management interface of these
IPBX nothing would prevent to retrieve the SIP identifiers and the use of fraudu
lent manner.
We remind you therefore the rules of good securing of facilities:
it should be the preferred a restriction at the level of the firewall on the IP
sources rather than by port: it must avoid to leave a non-secure access from the
public internet on the equipment of your customers (port redirection for example
) It is imperative to change the passwords of implied IPBX
If you prefer to make an exception on the IP rather than the ports, open the 4 s
ubnets following (to the extent or the platform of SIP Keyyo is likely to evolve
, it is advisable to open the beaches complete) :
- 83.136.161.0 /24 be 83.136.161.1 255.255.255.0 =&gt; 83,136,161,254 255.255.25
5.0 - 83.136.162.0 /24 be 83.136.162.1 255.255.255.0 =&gt; 83,136,162,254 255.25
5.255.0 - 83.136.163.0 /24 be 83.136.163.1 255.255.255.0 =&gt; 83,136,163,254 25
5.255.255.0 - 83.136.164.0 /24 be 83.136.164.1 255.255.255.0 =&gt; 83,136,164,25
4 255.255.255.0
We remind you also that Keyyo cannot be held responsible for in the case or a ha
cking would be due to a poor integration of rules of client side security.
Page - 5 -