[general] curltimeout = 5 ; default timeout of 5 seconds for curl requests [peer2peer](!) requestmethod = curl verifymethod = reverse local_var = __clidverif remote_var = IAXVAR(clidverif) via_remote_var = IAXVAR(nodevia) extendtrust=yes failgroup = spam via_number = 5551111 ; your 7D DISA number here! clli = HSTNTXMOCG0 ; your CLLI code here! region = US threshold = 4 failureaction = nothing flagprivateip = yes ; tech: ensures tech is IAX2 ; username: ensures alphanumeric username exists ; secret: allows alphanumeric secret to exist ; outkey: allows alphanumeric outkey to exist ; host: ensures at least 1 "." in the host (that it isn't a reference to a local peer with username/password), allows a numeric port ; extension: requires alphanumeric - plus *, #, ^, :, (, ) - extension ; context: allows an alphanumeric (plus underscore) context outregex = ^[iI][aA][xX]2\/[a-zA-Z0-9_\-]+(:[a-zA-Z0-9]+)?+(:\[[a-zA-Z0-9.]+\])?+@([a-zA-Z0-9_\-]+\.)+[a-zA-Z0-9_\-]+(:[0-9]+)?+\/([A-Za-z0-9*#^:\(\)])+(@[a-zA-Z0-9_\-]+)?$ successregex = [0-9]0 [pstn](!) verifymethod = pattern failgroup = spam local_var = __clidverif threshold = 10 successregex = [0-9]0 blacklist_endpoint = https://api.phreaknet.org/v1/blacklist?key=${interlinkedkey}&number=${FILTER(0-9,${CALLERID(num)})}&cvs=${clidverif} blacklist_threshold = 2.4 [pstn-us](pstn) verifycontext = pstn-us-verify-patterns code_fail = 32 ; should catch emtpy caller IDs stirshaken_var = __ssverstat ; Process STIR/SHAKEN dispositions ;Add this to the dialplan: ;[pstn-us-verify-patterns] ;exten => _[A-Za-z]!,1,Return(32) ;exten => _X!,1,Return(31) ;exten => _NXXNXXXXXX,1,Return(30) ;exten => _1NXXNXXXXXX,1,Return(30) ;exten => _N00NXXXXXX,1,Return(31) ;exten => _1N00NXXXXXX,1,Return(31) ;exten => _800NXXXXXX,1,Return(30) ;exten => _1800NXXXXXX,1,Return(30) ;exten => _[01]XXXXXXXXX,1,Return(31) ;exten => _XXX[01]XXXXXX,1,Return(31) ;exten => _[2-79]00NXXXXXX,1,Return(31) ;exten => _[2-79]22NXXXXXX,1,Return(31) ;exten => _[2-79]33NXXXXXX,1,Return(31) ;exten => _[2-79]44NXXXXXX,1,Return(31) ;exten => _[2-79]55NXXXXXX,1,Return(31) ;exten => _[2-79]66NXXXXXX,1,Return(31) ;exten => _[2-79]77NXXXXXX,1,Return(31) ;exten => _[2-79]88NXXXXXX,1,Return(31) ;exten => _[2-79]99NXXXXXX,1,Return(31) ;exten => _X11XXXXXXX,1,Return(31) [pstn-uk](pstn) verifycontext = pstn-uk-verify-patterns code_fail = 42 ; should catch emtpy caller IDs ;Add this to the dialplan: ;[pstn-uk-verify-patterns] ;exten => _[A-Za-z]!,1,Return(42) ;exten => _X!,1,Return(41) ;exten => _XXXXXXXX!,1,Return(40) ; minimum acceptable UK CLID length assumed to be 8 [pstn-au](pstn) verifycontext = pstn-au-verify-patterns code_fail = 52 ; should catch emtpy caller IDs ;Add this to the dialplan: ;[pstn-au-verify-patterns] ;exten => _[A-Za-z]!,1,Return(52) ;exten => _X!,1,Return(51) ;exten => _XXXXXXXXXX!,1,Return(50) ; minimum acceptable AU CLID is 10 ;exten => _0[169]!,1,Return(51) ; AU numbers don't start with 06 or 09 or 01 ;exten => _[1-9]XXXXXXXXX,1,Return(51) ; AU numbers start with a 0 (10th last digit) [pstn-other](pstn) verifycontext = pstn-other-country-verify-patterns code_fail = 62 ; should catch emtpy caller IDs ;Add this to the dialplan: ;[pstn-other-countries-verify-patterns] ;exten => _[A-Za-z]!,1,Return(62) ;exten => _X!,1,Return(61) ;exten => _XXXXXXX!,1,Return(60) ; minimum acceptable CLID length assumed to be 7 [phreaknet](peer2peer) verifymethod = direct verifyrequest = https://api.phreaknet.org/v1/?key=${interlinkedkey}&asterisk=${VERSION()}&asteriskv=${VERSION(ASTERISK_VERSION_NUM)}&called=${EXTEN}&number=${IF(${EXISTS(${IAXVAR(nodevia)})}?${IAXVAR(nodevia)}:${VERIFYARG1})}&ip=${CHANNEL(peerip)}&clid=${CALLERID(num)}&ani2=${CALLERID(ani2)}&cnam=${STRREPLACE(FILTER(0-9A-Za-z \x20\x2C\x2D\x2E,${CALLERID(name)}), ,+)}&cvs=${IAXVAR(clidverif)}&threshold=2.4&token=${IAXVAR(vertoken)}&verify allowtoken = no ; PhreakNet supports tokens, but they're built into verifyrequest remote_stirshaken_var = IAXVAR(ssverstat) setinvars = fqdn='${CUT(clidverif,~,2)}',__clidverif='${CUT(clidverif,~,1)}',__mlppdigit=${IAXVAR(mlpp)},__ssverstat=${IAXVAR(ssverstat)} setoutvars = IAXVAR(mlpp)=${mlppdigit},IAXVAR(ssverstat)=${ssverstat} code_good = 70 code_fail = 71 code_requestfail = 77 code_spoof = 79 [cnet](peer2peer) threshold = 5 ; so few C*NET nodes use verification that a lower threshold would reject a substantial number of calls requestmethod = enum verifyrequest = +${VERIFYARG1},ALL,,1,std.ckts.info allowtoken = no ; C*NET doesn't support tokens. via_number = 12311111 code_good = 20 code_fail = 21 code_requestfail = 27 code_spoof = 29 blacklist_endpoint = https://api.phreaknet.org/v1/blacklist?key=${interlinkedkey}&number=${FILTER(0-9,${CALLERID(num)})}&cvs=${clidverif} blacklist_threshold = 2.4 blacklist_failopen = yes ; some C*NET nodes make calls from different IPs than the incoming calls go to. On C*NET, the only way to verify these is manual exceptions, since there is no support for tokens. exceptioncontext = cnet-exceptions-lookup ; add the below context to your dialplan: ;[cnet-exceptions-lookup] ; this is different from the [cnet-exceptions] in the verification subroutines. Last updated 20211212. ;exten => _1488XXXX,1,Return(199.199.196.82) ;exten => _1596XXXX,1,Return(45.32.212.173) [npstn](peer2peer) clli = NPSTNXY0 ; NPSTN uses NPSTN* CLLIs verifyrequest = https://crtc.npstn.us/api/v1/?auth=${npstnkey}&lookup=${VERIFYARG1} allowtoken = yes ; NPSTN uses standalone tokens validatetokenrequest = https://crtc.npstn.us/api/v1/verification/temptoken.php?auth=${npstnkey}&token=${IAXVAR(npstnverifytoken)} obtaintokenrequest = https://crtc.npstn.us/api/v1/verification/temptoken.php?auth=${npstnkey}&disavia=2311111 via_remote_var = IAXVAR(DISAVIA) token_remote_var = IAXVAR(npstnverifytoken) setinvars = __autovonprioritydigit=${IAXVAR(npstnmlpp)},__forcesecurechannel=${IAXVAR(forcesecurechannel)} setoutvars = IAXVAR(npstnmlpp)=${autovonprioritydigit},IAXVAR(forcesecurechannel)=${forcesecurechannel} code_good = 10 code_fail = 11 code_requestfail = 17 code_spoof = 19