install all required Asterisk dependency packages
apt -y install git curl wget libnewt-dev libssl-dev libncurses5-dev ipset subversion  libsqlite3-dev build-essential libjansson-dev libxml2-dev  uuid-dev

Download Asterisk tarball
cd /usr/src && wget https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-16-current.tar.gz
tar xfv asterisk-16-current.tar.gz
cd asterisk-16*/

Run the following command to download the mp3 decoder library into the source tree
contrib/scripts/get_mp3_source.sh
A    addons/mp3
A    addons/mp3/MPGLIB_README
A    addons/mp3/common.c
A    addons/mp3/huffman.h
A    addons/mp3/tabinit.c
A    addons/mp3/Makefile
A    addons/mp3/README
A    addons/mp3/decode_i386.c
A    addons/mp3/dct64_i386.c
A    addons/mp3/MPGLIB_TODO
A    addons/mp3/mpg123.h
A    addons/mp3/layer3.c
A    addons/mp3/mpglib.h
A    addons/mp3/decode_ntom.c
A    addons/mp3/interface.c
Exported revision 202.
Ensure all dependencies are resolved
contrib/scripts/install_prereq install
You should get a success message at the end
#############################################
## install completed successfully
#############################################
Run the configure script to satisfy build dependencies
./configure
A success should have an output like below
configure: creating ./config.status
config.status: creating makeopts
config.status: creating autoconfig.h
configure: Menuselect build configuration successfully completed

               .$$$$$$$$$$$$$$$=..
            .$7$7..          .7$$7:.
          .$$:.                 ,$7.7
        .$7.     7$$$$           .$$77
     ..$$.       $$$$$            .$$$7
    ..7$   .?.   $$$$$   .?.       7$$$.
   $.$.   .$$$7. $$$$7 .7$$$.      .$$$.
 .777.   .$$$$$$77$$$77$$$$$7.      $$$,
 $$$~      .7$$$$$$$$$$$$$7.       .$$$.
.$$7          .7$$$$$$$7:          ?$$$.
$$$          ?7$$$$$$$$$$I        .$$$7
$$$       .7$$$$$$$$$$$$$$$$      :$$$.
$$$       $$$$$$7$$$$$$$$$$$$    .$$$.
$$$        $$$   7$$$7  .$$$    .$$$.
$$$$             $$$$7         .$$$.
7$$$7            7$$$$        7$$$
 $$$$$                        $$$
  $$$$7.                       $$  (TM)
   $$$$$$$.           .7$$$$$$  $$
     $$$$$$$$$$$$7$$$$$$$$$.$$$$$$
       $$$$$$$$$$$$$$$$.

configure: Package configured for:
configure: OS type  : linux-gnu
configure: Host CPU : x86_64
configure: build-cpu:vendor:os: x86_64 : pc : linux-gnu :
configure: host-cpu:vendor:os: x86_64 : pc : linux-gnu :
Setup menu options by running the following command
make menuconfig
Use arrow keys to navigate, and Enter key to select. You can change any configurations you see fit. When done, save and exit then install Asterisk with selected modules. Build Asterisk by running this command:
make
The make command will take a while, you should see an output like this:
Building Documentation For: third-party channels pbx apps codecs formats cdr cel bridges funcs tests main res addons 
 +--------- Asterisk Build Complete ---------+
 + Asterisk has successfully been built, and +
 + can be installed by running:              +
 +                                           +
 +                make install               +
When done, install Asterisk by running this command:
make install
When done, you should see an output like this:
+---- Asterisk Installation Complete -------+
 +                                           +
 +    YOU MUST READ THE SECURITY DOCUMENT    +
 +                                           +
 + Asterisk has successfully been installed. +
 + If you would like to install the sample   +
 + configuration files (overwriting any      +
 + existing config files), run:              +
 +                                           +
 + For generic reference documentation:      +
 +    make samples                           +
 +                                           +
 + For a sample basic PBX:                   +
 +    make basic-pbx                         +
 +                                           +
 +                                           +
 +-----------------  or ---------------------+
 +                                           +
 + You can go ahead and install the asterisk +
 + program documentation now or later run:   +
 +                                           +
 +               make progdocs               +
 +                                           +
 + **Note** This requires that you have      +
 + doxygen installed on your local system    +
 +-------------------------------------------+
Finally, install config samples
make samples && make config
Create a dedicated user and group to run asterisk services, and assign correct permissions
groupadd asterisk
useradd -r -d /var/lib/asterisk -g asterisk asterisk
usermod -aG audio,dialout asterisk
chown -R asterisk.asterisk /etc/asterisk
chown -R asterisk.asterisk /var/{lib,log,spool}/asterisk
chown -R asterisk.asterisk /usr/lib/asterisk
Set Asterisk default user to asterisk
# vim /etc/default/asterisk
AST_USER="asterisk"
AST_GROUP="asterisk"

# vim /etc/asterisk/asterisk.conf
runuser = asterisk ; The user to run as.
rungroup = asterisk ; The group to run as.
Start asterisk service after making the changes and
systemctl start asterisk && systemctl enable asterisk
Service should be running without errors
# systemctl status asterisk
● asterisk.service - LSB: Asterisk PBX
     Loaded: loaded (/etc/init.d/asterisk; generated)
     Active: active (running) since Tue 2021-09-07 21:29:27 CEST; 5s ago
       Docs: man:systemd-sysv-generator(8)
      Tasks: 74 (limit: 9510)
     Memory: 45.0M
        CPU: 989ms
     CGroup: /system.slice/asterisk.service
             └─2910083 /usr/sbin/asterisk

Sep 07 21:29:27 debian systemd[1]: Starting LSB: Asterisk PBX...
Sep 07 21:29:27 debian asterisk[2910071]: Starting Asterisk PBX: asterisk.
Sep 07 21:29:27 debian systemd[1]: Started LSB: Asterisk PBX.

Nowadays there are lots of brute force attack and VoIP Fraud attempts targeting Asterisk and other PBX systems on the internet.

It is a task of any systems Administrator to ensure success rate for such attempts is close to zero. One way to secure Asterisk such attempts is by using custom firewall rules.
This will save you bandwidth and protect your business. To make our work easier, we will use a country based IP blacklist. We just built a service for a german client, he will expect customers from germany only, therefore we going to allow only german traffic to our SIP ports.

Create a new file called germany.sh and add the following contents
# Germany
ipset -F sip.zone
ipset -N sip.zone nethash
for IP in $(wget -O - http://www.ipdeny.com/ipblocks/data/countries/de.zone)
        do ipset -A sip.zone $IP
        echo $IP
done
Execute the script
chmod +x germany.sh
./germany.sh

To get a list of countries that you can block or allow please visit https://www.ipdeny.com/ipblocks/

For example, to replace Germany with canada you will need to change this

de.zone

To this

ca.zone
Execute the following commands to allow the country you want
iptables -A INPUT -s 127.0.0.1/32 -j ACCEPT
iptables -A INPUT -p udp -m set --match-set sip.zone src -m udp --dport 5060 -j ACCEPT
iptables -A INPUT -p tcp -m set --match-set sip.zone src -m tcp --dport 5060 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m set ! --match-set sip.zone src -m tcp -j DROP
iptables -A INPUT -p udp -m set ! --match-set sip.zone src -m udp -j DROP

These will allow the following:

  • Allow local connections
  • Allow UDP,TCP connections to port 5060 from the country you set in your shell script
  • Allow related and established connections
  • Allow SSH from anywhere
  • Drop all TCP and UDP connections not matching the country that you listed in your shell script

Thats it, now you have installed Asterisk16 on Debian Bullseye.
Your suggestions are always welcome! We want to say thank you for your continued liking and sharing. If you haven’t liked this post yet, you may do that by hitting the buttons at the sidebar. If you are a blogger and you appreciate the hard work, whether or not you copied this post, we implore you to kindly link back this post here, you may do it anyhow you can. We consider that a great contribution.