安装
sudo yum install -y https://files.freeswitch.org/repo/yum/centos-release/freeswitch-release-repo-0-1.noarch.rpm epel-release
sudo yum install -y freeswitch-config-vanilla freeswitch-lang-* freeswitch-sounds-*
sudo yum install fail2ban
配置
第一部分:修改: /etc/freeswitch/vars.xml
1. 修改default_password
<X-PRE-PROCESS cmd="set" data="default_password=密码"/>
2. 新增G729编码
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=OPUS,G722,PCMU,PCMA,H264,VP8,G729"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=OPUS,G722,PCMU,PCMA,H264,VP8,G729"/>
3. 修改 domain=公网IP
<X-PRE-PROCESS cmd="set" data="domain=IP地址"/>
4. 修改 external_sip_ip=公网IP
<X-PRE-PROCESS cmd="stun-set" data="external_rtp_ip=地址"/>
5. 修改 external_rtp_ip=公网IP
<X-PRE-PROCESS cmd="stun-set" data="external_sip_ip=IP地址"/>
第二部分:修改日志级别
6.修改 /etc/freeswitch/vars.xml
<X-PRE-PROCESS cmd="set" data="console_loglevel=warning"/>
7.修改 /etc/freeswitch/autoload_configs/switch.config.xml
<param name="loglevel" value="warning"/>
第三部分:配置sip账号
8.修改 /etc/freeswitch/dialplan/default.xml 更改拨号计划
<extension name="Local_Extension">
<condition field="destination_number" expression="^([1-9][0-9]{3})$">
<!-- 下面这行必须-->
<action application="bridge" data="user/${dialed_extension}@${domain_name}"/>
</condition>
</extension>
<extension name="Local_Extension_Skinny">
<condition field="destination_number" expression="^([1-9][0-9]{3})$">
</condition>
</extension>
9.创建脚本文件 /etc/freeswitch/directory/default/dialplan.sh
#!/bin/sh
for a in `seq 迭代次数`
do
i=`expr 初始值 + $a`
sed -e "s/1000/$i/" /etc/freeswitch/directory/default/1000.xml > $i.xml;
done
chmod a+x dialplan.sh
10:执行脚本创建sip账号
sh dialplan.sh
13 esl配置 修改/etc/freeswitch/event_socket.conf
<configuration name="event_socket.conf" description="Socket Client">
<settings>
<param name="nat-map" value="false"/>
<param name="listen-ip" value="内网IP"/>
<param name="listen-port" value="8021"/>
<param name="password" value="ClueCon"/>
<param name="apply-inbound-acl" value="lan"/>
<!--<param name="stop-on-bind-error" value="true"/>-->
</settings>
</configuration>
14 配置防火墙
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=5060/udp --permanent
firewall-cmd --zone=public --add-port=16384-65535/udp --permanent
firewall-cmd --reload
firewall-cmd --zone=public --list-ports
15.配置fail2ban
vim /etc/fail2ban/jail.d/freeswitch.local
[freeswitch]
enabled = true
# Ignore failures from our local internal network
ignoreip = 127.0.0.0/8
maxretry = 4 ; for a total of five failures
findtime = 3600 ; based on empirical testing
bantime = 1200 ; ban for 20m (which lets us pick up repeat offenders)
# We do not use 5061 and it is not open to the outside world, so act on 5060 only
port = 5060
# we do not want mail, so remove that action from standard jail.conf freeswitch config
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
# Add intrusion log, which contains special string for host (see freeswitch.local filter)
logpath = /var/log/freeswitch/freeswitch.log
/var/log/freeswitch/cdr-csv/intrusion.csv
16.启动freeswitch
systemctl start freeswitch
systemctl status freeswitch
17.启动fail2ban
systemctl start fail2ban
systemctl status fail2ban
fail2ban-client status freeswitch
端口说明
参考
https://freeswitch.org/confluence/display/FREESWITCH/CentOS+7+and+RHEL+7
https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban