Asterisk is an open-source communications framework that turns a standard Linux server into a full-featured PBX (Private Branch Exchange). It handles SIP trunking, voicemail, IVR menus, call queuing, conferencing, and just about anything else you need from a phone system – without the per-seat licensing fees of commercial PBX platforms. Asterisk powers everything from small office phone systems to large call centers and is the engine behind FreePBX and other popular telephony GUIs.
This guide walks through installing Asterisk 22 LTS on Ubuntu 24.04 and Debian 13 from source. We cover compiling Asterisk with PJSIP support, configuring SIP endpoints, setting up a basic dialplan, opening firewall ports, and testing with a SIP softphone. Asterisk 22 is the current Long Term Support release with full support through October 2028 and security fixes until 2029 – see the official Asterisk version support page for details.
Prerequisites
- A server running Ubuntu 24.04 LTS or Debian 13 with at least 1 GB RAM and 2 CPU cores
- Root or sudo access
- A public IP address if you plan to connect remote SIP clients or trunks
- Ports 5060/UDP (SIP), 5061/TCP (SIP TLS), and 10000-20000/UDP (RTP media) open in your firewall
- A registered domain name pointed at the server if you want TLS/SRTP (optional but recommended for production)
Switch to root for the rest of this guide:
sudo -iStep 1: Install Asterisk Build Dependencies
Asterisk is compiled from source, so we need development libraries and build tools. Start by updating the package index and installing the required packages.
apt update && apt upgrade -yInstall the core build tools and libraries Asterisk needs for compilation:
apt install -y build-essential git curl wget subversion \
libncurses5-dev libssl-dev libxml2-dev libsqlite3-dev \
uuid-dev libjansson-dev libedit-dev pkg-config \
autoconf automake libtool unixodbc-dev libcurl4-openssl-dev \
libspeex-dev libspeexdsp-dev libogg-dev libvorbis-dev \
libsrtp2-dev libopus-dev libresample1-dev sox mpg123 \
xmlstarlet bison flexThese cover everything from TLS support (libssl-dev) to codec libraries (opus, speex, vorbis) and the SRTP stack needed for encrypted media.
Step 2: Download and Compile Asterisk 22 LTS
Download the latest Asterisk 22 LTS tarball from the official download server. The asterisk-22-current link always points to the newest 22.x release.
cd /usr/src
wget https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-22-current.tar.gz
tar xzf asterisk-22-current.tar.gz
cd asterisk-22.*/Run the prerequisite installation script to pull in any remaining dependencies specific to your distribution:
contrib/scripts/install_prereq installThe script detects your OS and installs any missing packages automatically. Next, configure the build with PJSIP support (the modern SIP stack that replaces the legacy chan_sip):
./configure --with-jansson-bundled --with-pjproject-bundledThe --with-pjproject-bundled flag builds PJSIP from the version bundled with Asterisk, which avoids library version conflicts with system packages. When the configure script finishes, you should see a summary showing all detected libraries.
Select which modules to build. The menuselect tool lets you enable or disable specific modules, codecs, and applications:
make menuselect.makeopts
menuselect/menuselect --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722 \
--enable MOH-OPSOUND-WAV --enable MOH-OPSOUND-G722 \
--enable EXTRA-SOUNDS-EN-WAV --enable EXTRA-SOUNDS-EN-G722 \
menuselect.makeoptsThis enables HD audio prompts (G.722) and music-on-hold files. Now compile Asterisk:
make -j$(nproc)Compilation takes 5-15 minutes depending on your hardware. The -j$(nproc) flag uses all available CPU cores to speed things up.
Step 3: Install Asterisk on Ubuntu / Debian
Once compilation finishes without errors, install the binaries, modules, and sample configuration files:
make install
make samples
make config
make install-logrotateHere is what each target does:
make install– copies binaries and modules to/usr/sbin/and/usr/lib/asterisk/make samples– installs sample configuration files to/etc/asterisk/make config– installs the systemd service unitmake install-logrotate– sets up log rotation so/var/log/asterisk/does not fill your disk
Create a dedicated system user for Asterisk. Running as a non-root user is a basic security requirement:
groupadd asterisk
useradd -r -d /var/lib/asterisk -g asterisk asterisk
chown -R asterisk:asterisk /etc/asterisk /var/lib/asterisk /var/log/asterisk /var/spool/asterisk /var/run/asterisk /usr/lib/asteriskTell Asterisk to run as this user by editing the main configuration file:
vi /etc/asterisk/asterisk.confFind the [options] section and set the run user and group:
[options]
runuser = asterisk
rungroup = asteriskStep 4: Configure PJSIP for SIP Connectivity
Asterisk 22 uses res_pjsip as its SIP channel driver. The legacy chan_sip module is deprecated and should not be used for new deployments. All SIP configuration goes in pjsip.conf – see the official PJSIP configuration guide for the full reference.
Open the PJSIP configuration file:
vi /etc/asterisk/pjsip.confReplace the contents with a clean base configuration. Update external_media_address and external_signaling_address with your server’s public IP:
[global]
type = global
user_agent = Asterisk PBX
; === Transport - UDP on port 5060 ===
[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0:5060
external_media_address = 203.0.113.10
external_signaling_address = 203.0.113.10
local_net = 192.168.1.0/24
local_net = 10.0.0.0/8
; === Transport - TCP on port 5060 ===
[transport-tcp]
type = transport
protocol = tcp
bind = 0.0.0.0:5060
; === Transport - TLS on port 5061 (production recommended) ===
;[transport-tls]
;type = transport
;protocol = tls
;bind = 0.0.0.0:5061
;cert_file = /etc/asterisk/keys/asterisk.crt
;priv_key_file = /etc/asterisk/keys/asterisk.key
;method = tlsv1_2The external_media_address and external_signaling_address settings tell Asterisk what IP to advertise in SIP headers when behind NAT. The local_net entries define your private subnets so Asterisk knows when a client is local versus remote. Replace 203.0.113.10 with your actual public IP. The TLS transport is commented out – uncomment it and provide valid certificates for production use.
Step 5: Configure the Dialplan (extensions.conf)
The dialplan controls what happens when a call comes in or an extension is dialed. Open the extensions configuration:
vi /etc/asterisk/extensions.confReplace the contents with a basic internal calling dialplan:
[general]
static = yes
writeprotect = no
[globals]
[internal]
; Internal extensions - dial any 3-digit extension (100-199)
exten => _1XX,1,NoOp(Dialing extension ${EXTEN})
same => n,Dial(PJSIP/${EXTEN},30,tTr)
same => n,Voicemail(${EXTEN}@default,u)
same => n,Hangup()
; Voicemail access - dial *97
exten => *97,1,VoiceMailMain(${CALLERID(num)}@default)
same => n,Hangup()
; Echo test - dial *60 to verify audio path
exten => *60,1,Answer()
same => n,Echo()
same => n,Hangup()This dialplan creates a context called [internal] where any 3-digit extension from 100 to 199 rings for 30 seconds, then sends unanswered calls to voicemail. The *97 extension lets users check voicemail, and *60 provides an echo test for verifying audio works in both directions.
Step 6: Create SIP Endpoints
Each SIP phone or softphone needs an endpoint, authentication, and AOR (Address of Record) entry in pjsip.conf. Add these blocks to the end of your /etc/asterisk/pjsip.conf file for two sample extensions:
vi /etc/asterisk/pjsip.confAppend the following endpoint definitions:
; === Extension 100 ===
[100]
type = endpoint
context = internal
disallow = all
allow = ulaw
allow = alaw
allow = g722
allow = opus
auth = 100-auth
aors = 100-aor
direct_media = no
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
[100-auth]
type = auth
auth_type = userpass
username = 100
password = ChangeMeNow100!
[100-aor]
type = aor
max_contacts = 3
remove_existing = yes
qualify_frequency = 30
; === Extension 101 ===
[101]
type = endpoint
context = internal
disallow = all
allow = ulaw
allow = alaw
allow = g722
allow = opus
auth = 101-auth
aors = 101-aor
direct_media = no
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
[101-auth]
type = auth
auth_type = userpass
username = 101
password = ChangeMeNow101!
[101-aor]
type = aor
max_contacts = 3
remove_existing = yes
qualify_frequency = 30Key settings explained:
direct_media = no– forces media through Asterisk, which is essential when clients are behind NATrtp_symmetric = yesandforce_rport = yes– handle NAT traversal for both RTP and SIP signalingrewrite_contact = yes– rewrites the Contact header to the source address, fixing registration behind NATqualify_frequency = 30– sends OPTIONS pings every 30 seconds to keep NAT mappings alive and detect offline phonesmax_contacts = 3– allows the same extension to register from up to 3 devices simultaneously
Change the passwords to strong unique values before going to production. Never use default or weak passwords on a SIP server – automated scanners constantly probe port 5060.
Step 7: Start and Enable the Asterisk Service
Configure the RTP port range before starting Asterisk. Open the RTP configuration:
vi /etc/asterisk/rtp.confSet the port range for media traffic:
[general]
rtpstart = 10000
rtpend = 20000Now enable and start the Asterisk service:
systemctl enable asterisk
systemctl start asteriskVerify Asterisk is running and check the version:
systemctl status asteriskThe service should show active (running). You can also check the version from the Asterisk CLI:
asterisk -rx "core show version"This confirms Asterisk is running and shows the exact build version. To connect to the live Asterisk console for troubleshooting:
asterisk -rvvvThe v flags control verbosity level. Use -rvvvvv for maximum debug output when troubleshooting SIP registration issues.
Step 8: Configure Firewall for Asterisk PBX
Asterisk needs specific ports open for SIP signaling and RTP media. If you are running UFW (the default on Ubuntu), add these rules:
ufw allow 5060/udp comment "SIP signaling"
ufw allow 5060/tcp comment "SIP signaling TCP"
ufw allow 5061/tcp comment "SIP TLS"
ufw allow 10000:20000/udp comment "RTP media"
ufw reloadFor Debian systems using nftables or iptables directly:
iptables -A INPUT -p udp --dport 5060 -j ACCEPT
iptables -A INPUT -p tcp --dport 5060 -j ACCEPT
iptables -A INPUT -p tcp --dport 5061 -j ACCEPT
iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT
iptables-save > /etc/iptables/rules.v4Verify the ports are listening:
ss -ulnp | grep asteriskYou should see Asterisk listening on port 5060 for both UDP and TCP.
Production hardening tip: Do not expose SIP port 5060 to the entire internet. Use firewall rules to restrict access to known SIP trunk provider IP ranges and your office/VPN networks. SIP brute-force attacks are constant and aggressive. Consider using Kamailio as a SIP proxy in front of Asterisk for large deployments that need load balancing and advanced routing.
Step 9: Test with a SIP Client
Register a SIP softphone to verify the setup works. Popular free SIP clients include Linphone (Linux/Windows/Mac/mobile), MicroSIP (Windows), and Onaip (Android/iOS).
Configure the softphone with these settings:
- SIP Server / Domain: your server’s IP address or hostname
- Username: 100
- Password: ChangeMeNow100! (or whatever you set in pjsip.conf)
- Transport: UDP
- Port: 5060
After registering, check the registration status from the Asterisk console:
asterisk -rx "pjsip show endpoints"You should see your registered endpoint with status “Avail” (available). To verify audio, dial *60 from the softphone – this runs the echo test. Everything you say should echo back to you after a short delay.
If registration fails, check the Asterisk log for details:
tail -50 /var/log/asterisk/messagesCommon registration issues include wrong passwords, firewall blocking port 5060, or NAT settings misconfigured in the transport section. Make sure external_signaling_address in pjsip.conf matches your server’s actual public IP.
To test internal calling, register a second softphone as extension 101 and dial 100 from it. The phone on extension 100 should ring for 30 seconds as defined in the dialplan.
Step 10: Install FreePBX Web GUI (Optional)
If you prefer managing Asterisk through a web interface instead of config files, FreePBX provides a full-featured GUI on top of Asterisk. It handles extensions, trunks, IVR menus, ring groups, and call recording through a browser.
Install the web server and PHP dependencies FreePBX needs:
apt install -y apache2 mariadb-server mariadb-client \
php php-cli php-mysql php-gd php-curl php-mbstring \
php-xml php-zip php-bcmath php-intl \
nodejs npmEnable and start the database and web server:
systemctl enable --now mariadb apache2Download and install the latest FreePBX release:
cd /usr/src
wget https://github.com/FreePBX/framework/archive/refs/heads/release/17.0.zip -O freepbx-17.zip
unzip freepbx-17.zip
cd framework-release-17.0
./install -n --dbuser=rootAfter installation completes, open http://your-server-ip/admin in a browser to access the FreePBX dashboard. Set an admin password on first login.
If you only need a web GUI for basic PBX management, FreePBX is the standard choice. For advanced setups that integrate with XMPP chat servers or require custom AGI scripting, working directly with Asterisk config files gives you more control.
Conclusion
Asterisk 22 LTS is now running on your Ubuntu 24.04 or Debian 13 server with PJSIP endpoints configured, a basic internal dialplan, and firewall rules in place. You can extend this setup with SIP trunks from your ITSP, voicemail-to-email, IVR menus, call recording, and conference bridges.
For production deployments, enable TLS/SRTP for encrypted signaling and media, set up fail2ban to block SIP brute-force attempts, configure regular database backups if using FreePBX, and monitor your PBX with Asterisk’s built-in AMI (Asterisk Manager Interface) or SNMP integration.
I’d remove the -y option on your yum installs.
No problem. As long as you get the service up.