Configure Manager Interface

To configure the Manager generally you just need to fill the Manager Username and Password as defined in your /etc/asterisk/manager.conf.

In the manager settings you will find other two options:

  • Apply Privacy Rules
    This Option Enable/Disable the Privacy rule on VoixManager, hiding the incoming call number
  • Use FreePbx
    This Option Enable/Disable compatibility with Freepbx. If you use the FreePbx frontend check this option.

Press the apply button to save the changes.

 

  • VoixManager Settings Manager
  • Unlock VoixManager Settings

Manger Interface (AMI)

The Asterisk Manager allows a client program to connect to an Asterisk instance and issue commands or read PBX events over a TCP/IP stream.
So is Fundamental that the AMI is enabled on the Asterisk server, or you can’t interact with any extension.
To check id the AMI is enabled on your Asterisk open the file manager.conf in /etc/asterisk/manager.conf, your configuration should be like this:

[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0

[your user]
secret=xxxxxxxxxx
deny=0.0.0.0/0.0.0.0
permit=192.168.1.0/255.255.255.0
read = system,call,log,verbose,command,agent,user
write = system,call,log,verbose,command,agent,user

Security:

Note that activating the manager API opens a TCP port. Make sure you know what you are doing. Maybe it's enough to just activate this for the local loopback interface, 127.0.0.1 and the ip that will use the interface. es.

[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0

[your user]
secret=xxxxxxxxxx
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
permit=192.168.1.5/255.255.255.0
read = system,call,log,verbose,command,agent,user
write = system,call,log,verbose,command,agent,user

If bindaddr = 0.0.0.0 then the manager will bind to ALL Ip's on the server.
if you have deny=0.0.0.0/0.0.0.0 after any explicit permits it will always deny. Put the deny at the top of the list and then list explicit permits below.
In the manager interface it will be a common problem with firewall, since it can block incoming connections to port 5038.

Don't enable it on a public IP. Use a vpn, or a SSH tunnel.
Limit the privileges per user especially the system!
Remember to set a password for the users