These parameters are only an example and you might need to change it based on your local setup to work properly.



sip.conf example:


username={VoIP Username}

secret={VoIP Password}

type=friend

qualify=yes

nat=force_rport,comedia

insecure=invite,port

host=169.55.62.168

fromdomain= (local Switchboard IP/DNS)

dtmfmode=rfc2833

disallow=all

allow=alaw

allow=ulaw

allow=g729

sendrpid=yes

trustrpid=yes

canreinvite=no  (this can be changed to "yes" if you allow bypassing RTP traffic, you must allow RTP from ANY IP Address)


(canreinvite= was renamed to directmedia= in Asterisk 1.6.2 to more accurately describe what this setting does. See also the closely related setting directrtpsetup)


Optional (highly recommend for security):

allowguest=no

alwaysauthreject=yes


The "allowguest" line disables anonymous SIP calls to your PBX. Some SIP providers connect as a guest user, however, so this may be inappropriate for your situation. 

Also, if you want to accept anonymous SIP calls, this line would block them, so you wouldn't want that. But it is listed here because it is the safest configuration.


The "alwaysauthreject" line is important. This causes a hacker to get the same response from your PBX when they try to guess passwords whether or not they guessed a valid username. 

This also has the side effect of making poorly written scanning scripts (the vast majority of hacker scripts seem to be poorly written) take less resources on your Asterisk box, as even if they scan a valid username, they'll think it doesn't exist.


In addition to these, verify that all peers listed in sip.conf are valid and have strong passwords.



Firewall

Please make sure you allow ALL traffic from the following IP Addresses: 

169.55.62.168




DNS SERVER

Asterisk does not support DNS SERVER lookups for inbound calls. If you also have virtual phone number with your SIP Trunk service please add the following line to the


sip_general_custom.conf file:

srvlookup=no