I’m trying to build a VOIP system that will allow softphones to connect over the internet to my server. Ideally I need to be able to assign users an extension, and allow them to call one another. There would be no calling capability from land-lines to or from the users of this system.
I have an Ubuntu 14.04 server configured with Asterisk 13.1.0 and FreePBX 12. Do I need any other servers installed to accomplish this (i.e. Elastix, OpenSIPS, etc), or will Asterisk alone do what I’m wanting to do?
As with all simple questions, the answer is “it depends”.
If you set up the system so that it can be reached from the Internet (set up your firewall or drop it on a public address) then people hitting the server from their phones is pretty “no-brainery”. Set up the extensions, set up the passwords, give your friends the information and “Bob’s your uncle.” Assigning them all extension numbers on your system makes the calling between them simple - as long as the server knows the numbers, you should be good to go.
If you want to add the capability to call phones with real numbers, you will need to set up a connection to a VOIP service. There are lots of them (SIPStation being an obvious choice).
Having said all of that - the technology for making SIP calls can still be a PITA, so go slow and get one thing working at a time.
Asterisk and FreePBX is enough to handle that.
If you are opening your firewall to host remote users, you also need to think of security.
Having your server on a private IP is generally a better security model then having it on a public IP.
Then you open the ports you need on the firewall and forward them to your internal server. Default port for SIP is 5060 and RTP ports usually range between 10001 to 20000. For IAX open port 4569, or better change all ports to something else but default.
Your clients would register to the public IP of your router/firewall, which should be static.
Now if you open these ports to the internet at large, you will see a lot of attempts to exploit your system, trying to register a client guessing extension and password to make unauthorized calls from your server.
If you are not using a VoIP service to call real numbers in the PSTN like cynjut said, you are not in danger of losing money, but still have a big security vulnerability.
However if you do have signed up with a SIP trunk provider, then by all means you should source restrict your firewall to allow traffic through the relevant ports only from IP addresses that you know and chose to allow, i.e. your friends’ IP addresses.
If they have changing IP addresses, then you have them sign up with a free Dynamic-DNS provider (like No-IP), that matches an IP to a hostname that you chose. Then you allow traffic only from these chosen hostnames.
An alternative to above solution is to connect your remote clients to your internal server using openvpn.