Frequently Asked Question
Asterisk Trunk Guide
Last Updated about a month ago
► Technical Guide — Asterisk / chan_sip
Asterisk SIP Trunk Configuration
sip.conf · chan_sip · TLS + SRTP · Codecs: G729 · ULAW · ALAW
⚠ Basic reference values: This guide contains the minimum recommended configuration. Your device may require additional parameters. Contact us if you have questions.
???? SIP Credentials: The username and password are your SIP Account credentials — NOT your web portal credentials. Find them in the SIP Accounts / VoIP Accounts / extension data section of your AJTEL portal.
Variables to replace
Before using the configuration, replace the following values. Replaced fields do NOT include curly braces { }.
| Variable | Replace with |
| {sipuser} | Your SIP username — NOT your web login |
| {sip-password} | Your SIP password — NOT your web password |
| {did} | Your DID / assigned number |
| your.crt | Your SSL certificate filename |
| your.key | Your SSL private key filename |
| root.crt | Root CA certificate from your SSL provider |
▸ SSL/TLS: You need a valid SSL certificate. You can get a free one at ZeroSSL or another free provider like Let's Encrypt.
▸ Servidor: En los ejemplos se usa sbc-tls.ajtel.net (TLS). El servidor puede variar según su cuenta. Consúltenos si no sabe cuál usar.
Configuration — sip.conf TLS Mandatory
Add or edit the following section in your sip.conf file:
| ; ── AJTEL Trunk ─────────────────────────── | ||
| [ajtel] | ||
| username | = | {sipuser} ← NOT your web login |
| user | = | {sipuser} ← NOT your web login |
| type | = | friend |
| secret | = | {sip-password} ← NOT your web password |
| qualify | = | yes |
| nat | = | force_rport,comedia |
| host | = | sbc-tls.ajtel.net ← assigned server |
| fromdomain | = | sbc-tls.ajtel.net ← assigned server |
| dtmfmode | = | rfc2833 |
| disallow | = | all |
| defaultexpiry | = | 180 |
| canreinvite | = | no |
| allow | = | g729&ulaw&alaw |
| trustrpid | = | yes |
| sendrpid | = | yes |
| transport | = | tls |
| tlscipher | = | ALL |
| tlsclientmethod | = | tlsv1_2 |
| tlsclientmethod | = | tlsv1_3 |
| force_avp | = | no |
| icesupport | = | yes |
| rtcp_mux | = | yes |
| encryption | = | yes |
| ; ── SSL certificate paths ────────────── | ||
| tlscertfile | = | /etc/pki/tls/certs/your.crt |
| tlsprivatekey | = | /etc/pki/tls/private/your.key |
| tlscafile | = | /etc/pki/tls/certs/root.crt |
| ; ── TLS port and binding ────────────────── | ||
| port | = | 5061 |
| tlsbindaddr | = | 0.0.0.0:5061 |
Registration String Crítico
Add the following registration line in the [general] section of your sip.conf:
register = tls://{sipuser}:{sip-password}@sbc-tls.ajtel.net/{did}
| {sipuser} | Your SIP username — NOT your web login |
| {sip-password} | Your SIP password — NOT your web password |
| {did} | Your DID / assigned number |
● TLS — Mandatory Without TLS, traffic will be rejected. transport=tls port=5061 | ● SRTP — Mandatory Audio encryption required. encryption=yes | ● SSL — Required A valid SSL certificate is required. zerossl.com — gratuito |
▸ Server without TLS (sbc.ajtel.net)
If your account is on the sbc.ajtel.net server (no TLS), change the following parameters:
| host | = | sbc.ajtel.net o IP: 216.238.73.38 |
| fromdomain | = | sbc.ajtel.net |
| transport | = | udp (no TLS) |
| port | = | 5060 |
⚠ If using the IP directly 216.238.73.38, do NOT use TLS (the certificate is bound to the hostname). All other parameters remain the same.