How to set up an IAX2 trunk in FreePBX



  • If you have more than one Asterisk based PBX that you want to have talk to each other, the best solution is to use an IAX2 trunk.

    IAX stands for Inter-Asterisk eXchange. The protocol was developed specifically for Asterisk and has a huge benefit over SIP in that it only needs a single port (UDP 4569). The Wikipedia article is pretty solid for IAX2.

    The most common use for an IAX2 trunk is for interoffice calling, but it can most certainly be used for trunking in other contexts. VoIP.ms offers IAX2 as an option for their trunks as long as you setup a sub-account.

    So what to do?

    Mentally tag the TWO PBX systems as PBX1 and PBX2 and keep them straight. You have to put things from one side in the other side as you go.

    Go to Connectivity -> Trunks
    0ff2f61a-9349-48c0-b438-531467c885db-image.png

    Click the Add Trunk drop down and select IAX2.
    75532bd1-f58c-4f63-a660-bb5aaa46a3da-image.png

    One the General tab of PBX1 name it something that makes sense like To_PBX2 or IAX2_To_PBX2. This name does not matter technically, but does have to be selected when you make your routes later, so it is better to use something that makes sense at a glance.
    61914f44-e9ff-4297-a90e-a1ea7e76274a-image.png

    Leave the manipulation rules tab empty.

    On the iax2 Settings tab you will need to populate the Trunk Name and Peer Details fields on the Outgoing tab. You will not put anything in the Incoming tab.
    f86743a0-2704-4515-8557-aa94a21afd72-image.png

    This is where you now have to make some decisions. If you trust your firewalls, you can simply create a trunk without username/passwords and move on. I do this all the time. If you do this, the Trunk Name can be anything, no spaces, and the Peer Details are simple.
    On PBX1
    1195f456-461a-4b91-8d4f-c5525ad4f96c-image.png

    type=friend
    qualify=yes
    host=pbx2.domain.com
    context=from-internal
    disallow=all
    allow=ulaw
    

    And the opposite on PBX2
    c218aaf2-e12f-4857-a74e-1ff59a784fec-image.png

    type=friend
    qualify=yes
    host=pbx1.domain.com
    context=from-internal
    disallow=all
    allow=ulaw
    

    Note: The qualify=yes really only matters if one side is behind NAT. I put it in out of habit, and it does not usually hurt anything. Details here is you are curious.

    You can use IP address instead of the FQDN for the host in the PEER Details

    Now, for a more secure method, where you are worried about possible spoofing of IP addresses and such, you can add authentication to an IAX2 trunk. This is how the FreePBX Wiki tells you to set up an IAX2 trunk in the first place.

    In this case, the Trunk Name is important and the Peer Details are more complex. You will use the Trunk Name from PBX1 as the username in the PEER Details of PBX2, so it can sometimes be confusing when looking at PBX1 and PBX2. I suggest making a scratchpad of the settings.

    The secret must be the same on both PBX1 and PBX2.

    On PBX1. As mentioned, notice that the Trunk Name looks backwards for PBX1 compared to the username.
    dd200b29-9330-4811-90b8-d5c6a87695e2-image.png

    host=pbx2.domain.com
    username=pbx1_to_pbx2
    secret=UseALongPasswordNumbersLike1234AreOk
    forceencryption=yes
    encryption=yes
    auth=md5
    type=friend
    qualify=yes
    context=from-internal
    disallow=all
    allow=ulaw
    

    Reverse things on PBX2
    f443b05a-0548-4d1b-928f-c53ed714ec71-image.png

    host=pbx1.domain.com
    username=pbx2_to_pbx1
    secret=UseALongPasswordNumbersLike1234AreOk
    forceencryption=yes
    encryption=yes
    auth=md5
    type=friend
    qualify=yes
    context=from-internal
    disallow=all
    allow=ulaw
    

    Now that the trunks are created, you need to create an outbound route on each system to route calls to the other system.

    Assuming that you planned ahead and your extension range on each system does not overlap, you can add a simple outbound rule and everyone will just dial extensions.

    As before, you have to do this on both PBX1 and PBX2.

    Go to Connectivity -> Outbound Routes

    dc543123-630d-48bf-a046-38ba96a27e96-image.png

    Click Add Outbound Route

    d67b3655-5a82-442b-864a-ca327649431c-image.png

    One the Route Settings tab, give it a descriptive name. Click the Intra-Company button, and then choose the appropriate trunk you previously created. Using the name from before, I would use To_PBX2 on PBX1 and To_PBX1 on PBX2.

    85fd34fe-b176-4cc7-9ea2-96f3e033d2ff-image.png

    On the Dial Patterns tab you will make a pattern that matches the extension range on the opposite PBX.
    Assuming that PBX1 uses extensions 1000 through 1999 and that PBX2 uses extensions 2000 through 2999, this is what it would look like.

    On PBX1
    281f2118-729e-48f8-8e5c-f241d5a45831-image.png

    On PBX2
    c60f2057-0438-4f90-9136-3c9177753a1b-image.png

    If you do not have the luxury of designing the extension ranges to not overlap, you can still use a trunk like this. You will simply need to add a prefix for interoffice calling.

    Assuming that PBX1 uses extensions 1000 through 1999 and that PBX2 uses extensions 1000 through 1099 (not even the same full range is common), you would simply setup a prefix and match pattern like this.

    On both PBX1 and PBX2
    420833b5-abe5-4624-af3a-feaed41e3d7b-image.png

    The 6 will get stripped and only the 4 digit extension will be passed over the IAX2 trunk.



  • The FreePBX wiki article had a few optional settings that can be used with either version of the Trunk PEER Details I showed above.

    qualifyfreqok=25000
    transfer=no
    trunk=yes
    

    The default qualifyfreqok is 60000. This just makes it qualify more often. This is usually less important on a trunk than an endpoint that uses IAX2.
    If you are setting up an IAX2 trunk, you already have tested your internet connection and know it is stable. If not, call me.. I'm more than happy to consult...

    The transfer=no is the same as the SIP allow reinvite that hands off a SIP call letting the endpoints not pass the call through the PBX any longer. Not applicable to an interoffice trunk.

    The trunk=yes will shave a few Kbps off of each call after the first going over the trunk as it reduces IP header information. You can read all the gory details here. Basically it is not enough to worry about.