Outbound Route Permissions

This module allows you to block access to certain routes from specified extensions. You can do bulk changes (for a range of extensions) on the module's main page, or you can individually change access to routes on each extension's page.

You can also pick a Default Destination if a call is denied (so you can send the caller to a recording, etc.). If you wish to use a different destination for denied calls in a particular situation, see the usage tip below.

Note that Asterisk is incapable of having two identical routes and trying to force calls to use the other route if one of them is banned by this module. It will not work. You must have unique outbound routes for the proper selection to work. N.B. Just having different trunk selections does NOT make the routes non-identical!

If you wish to emulate this functionality, you can use the 'Redirect' function. Any number you type in the 'Redirect' range will be PREPENDED to the number dialed, and the call will then be sent through the dialplan again (specifically, it will be sent back to the from-internal context). For example:

• Route 1: Zap/1 matches 0|.
• Route 2: Sip/Foo matches 1|.

If you wanted to stop extension 100 from using Zap/1 at all, and send all his calls through Sip/Foo, you would need to DENY 100 access to Route1, and create a NEW route, Route3:

• Route 3: Sip/Foo matches 9990|.

In the 'Redirect' field, type '999'. When extension 100 dials 0123456, they match Route 1. Route 1 FAILS, and then system invisibly changes the number dialed to be 9990123456 (note the '0' he dialled originally is preserved, and you then strip 9990 from the front in Route 3), which matches Route 3 and the call is then sent via Sip/Foo.

Redirect rules are only checked if the route is DENIED.

You can set a Default Destination if calls are denied. If you wish to use something other than the default in a specific instance, you can use a Redirect prefix and a Misc. Application. Example: set the redirect prefix to 000123, then create a Misc. Application and set the Feature Code to _000123. (note the underscore at the start and the period at the end of the Feature Code - both are necessary), then make the destination of the Misc. Application whatever you wish.

Caveats: If you already have a large dialplan, see How to increase the execution time and/or memory allowed for "orange bar" reloads - you may need to increase one or both of those values. Also, you probably should be running the SVN version of FreePBX (however, it appears to work with FreePBX 2.5.1.2).

The latest release can be found at:
http://www.freepbx.org/trac/browser/contributed_modules/release
(the filename is routepermissions-version.tgz)

Usage tips:

Apparently some users seem to be having problems because they don't understand that you need to have one route where the number called by the user is matched exactly. For example, if you want different groups of users to access different trunks whenever 1NXXNXXXXXX is called, you must have a route that has the pattern 1NXXNXXXXXX (or some acceptable variation - see next paragraph) in the Dial Patterns textbox, and that should be set to use the trunks that you want the majority of your users to be accessing. You allow access to that route for those users, then for the "exceptions" you disallow access to that route and (optionally) use a Redirect Prefix to redirect the call to another outbound route. What you cannot do is use is use a Redirect Prefix in front of the pattern on ALL your outbound routes. One route should contain a pattern that exactly matches whatever the caller dials. Then you can have other routes that include the same pattern, but with a Redirect Prefix.

Note that saying that the pattern must be matched exactly does not mean that you cannot add or strip digits in your primary route - it just means that one route must have a pattern that exactly matches what the user actually dials. So if your users dial 1NXXNXXXXXX but all of your providers only want to see the last ten digits, you could use 1|NXXNXXXXXX in your primary route, and then if you want to use a Redirect Prefix of 00009 with some extensions, you'd have another route with the pattern 000091|NXXNXXXXXX (note that in real-world use, it's probably better to strip the leading "1" at the trunk level, because different providers have different requirements. But this is just an example to clarify what is permissible).

Another point: When a call is denied and a prefix is prepended, the call is then sent back to the from-internal context, as if the user had dialed the call with the prefix prepended. While it's normally expected that the system will try to match the modified number using a route, so that the call will be sent out on a different trunk (or group of trunks) for that particular user, that doesn't necessarily have to be the case. Here's a trivial example:

Let's say you have to pay a charge for directory assistance calls. You have a route set up that handles nothing but directory assistance calls (matching 411, 1NXX5551212, and perhaps other patterns associated with the service). You have one user that refuses to look numbers up online or in the telephone directory, and has run up hundreds of dollars in directory assistance changes. You want to block his calls to directory assistance, but you also want to play a recording of the boss telling him that if he runs up one more cent in directory assistance charges he's fired!

So you block the calls and use a redirect prefix (I always suggest using redirect prefixes that start with several zeroes because generally speaking, no "normal" dialing pattern would ever start with more than about two zeroes). So let's say you make the redirect prefix 0000034733 (34733=FIRED on a phone keypad, it's just an example here). Now you create a Misc. Application and set the Feature Code to _0000034733. (note the underscore at the start and the period at the end - the underscore specifies that this is a pattern and the period that there will be additional digits after the prefix). Make the destination of the Misc. Application the Announcement that corresponds to the boss's recording.

Now, whenever he makes a call to directory assistance, the number he called will have the prefix prepened, and then the call will be sent back to from-internal where the Misc. Application will catch it. And note that you can use a Misc. Application in this way to send the call to almost any system destination. Coupled with a Misc. Destination, you could even reroute calls from a particular user to a particular number, to go to a different particular number. This potentially makes this module a very powerful tool in routing calls from a particular extension.

Here's another example: You can have speed dial codes that are specific to a group of extensions. For example, let's say you want to make 222 a universal speed dial on your system for the home telephone number of the department manager, but you have several departments, each with their own manager. You could make a Misc. Destination for each manager's home phone (with the manager's number in the "Dial" field), then make a Misc. Application for each (making the destination the Misc. Destination you just created), but in the Feature Code textbox use a unique prefix in front of the 222 (first manager would be 00001222, second would be 00002222, third would be 00003222, etc.).

Also create a "catch all" Misc. Application that goes to Terminate Call: Congestion, or to a "Sorry, you call cannot be completed" recording or something of that nature, and assign the Feature Code 0000000000 to it (this will only be used if a caller dials 222 from a phone that is not part of a department with a manager).

Then make a CUSTOM trunk with the following Custom Dial String (this is the only field you need to fill in): Local/0000000000@from-internal

After creating the trunk, create a new Outbound Route with 222 as the only entry in the Dial Patterns textbox, and select the Local/0000000000@from-internal trunk (created in the previous paragraph) as the only trunk choice for that route.

Finally, in the Outbound Route Permissions section of each extension's configuration page (for every extension that is part of a group with a manager that should be reachable by dialing 222), check "No" for the 222 Outbound Route, then enter the appropriate prefix of the correct manager in the Redirect Prefix text box (00001, 00002, 00003, etc.). Alternately, you can make bulk changes to entire groups of extensions at once from the Outbound Route Permissions page. Now, when a user in a department dials 222, the call to the "222" route will be disallowed, but the correct prefix will be prepended and then the call will flow through the Misc. Application/Misc. Destination pair and call out to the appropriate manager. Should someone dial 222 from a phone not part of a department, use of the Outbound Route will be allowed (unless you simply disallow it and don't specify a redirect prefix), but it will go to the Custom Trunk which will send it to the "catch all" Misc Application.

Why it doesn't work when you try to use the same dial pattern in two different routes:

Some people try to make two routes that contain identical dial patterns and wonder why the second route in never used, even when access to the first is denied.

Perhaps it will help if I explain it this way. When you place a call, irregardless of what you may or may not have done in routepermissions, Asterisk goes through your routes one by one and tries to match the number called to the patterns in your routes. It stops searching on the FIRST match it finds, and that's it - under no circumstances will it look at any other route once it's found a match. Only AFTER it has found a match (actually, only after it's already sent the call to a trunk) does it check to see if the user has permission to use that route. If yes, the call goes through, but if no, the call stops dead in its tracks (and if you haven't supplied a redirect prefix, it goes to the default destination).

Let's say you have a second route with identical dial patterns as the first. Your outbound calls will never use it, no matter what you do. Remember: Asterisk stops searching on the FIRST match, and it doesn't check to see if the user is allowed to use the route until AFTER it's made that match.

So that's the point of the redirect prefix. Let's say your first route has the pattern 1NXXNXXXXXX (not something I'd recommend unless you want to allow some really high-cost calls to the Caribbean, but it's just an example here). If in your second route you also put 1NXXNXXXXXX, that pattern will never be matched. It HAS to be unique. So what I might do is instead use something like 0001|1NXXNXXXXXX for the second route. Then when you deny access to that first route, you put the 0001 prefix in the "redirect" text entry box. Now let's say you make a call to 1-800-555-1212 from an "alternate route" extension:

● User dials 1-800-555-1212

● 18005551212 is sent to from-internal context which begins looking for a match on the number in the route dial patterns.

● A match for 18005551212 is found in a route, the one and only route that will ever be used for the number 18005551212.

● The call is then sent to the first trunk in the list associated with that route.

● One of the first things the trunk does is to determine if the user (identified by Caller ID number) is allowed to place calls via the route that the call just came from (which is still available in a variable). In this case it finds that no, the user is NOT allowed to place a call on this route, BUT that a redirect prefix of 0001 has been supplied

● The called number is then modified to be 000118005551212

● 000118005551212 is sent back to the from-internal context which begins looking for a match on that number in the route dial patterns.

● A match for 000118005551212 is found in a route (hopefully NOT the same one that would match 18005551212), the one and only route that will ever be used for the number 000118005551212.

● Because of the bar character in the dial pattern, the digits 0001 are removed from the called number - note that at this point the route has already been selected - so the number again becomes 18005551212 before being passed to the trunk.

● The call is then sent to the first trunk in the list associated with that route.

● One of the first things the trunk does is to determine if the user (identified by Caller ID number) is allowed to place calls via the route that the call just came from (which is still available in a variable). In this case it finds that yes, the user IS allowed to place a call on this route.

● The call then goes out the selected trunk - or if that trunk is busy, it will try any other trunks associated with that route.

I hope that helps you understand why you can't use the same pattern in two different routes and expect it to work. You must use a redirect prefix on at least one of the patterns so that it will be recognized as unique.

Printer-friendly version
Login or register to post comments

I am very confused,...almost

On September 12th, 2009 mwilson75 (tadpole) said:

I am very confused,...almost need visual aids to understand these instructions.

I have 4 extensions and 2 trunks and assume I need to create 3 outbound routes.

Here is what I have done.

I have 1st outbound route 'to-pstn' with only 1 possible trunk 'sip-callcentric'
Route 1, this one, has 0002|nxxxxxx dial patterns

I have 2nd outbound route 'to-ecomm' with only 1 possible trunk 'sip-ecomm'
Route 2 has 0001|nxxxxxx dial patterns

I have 3rd outbound route 'to-default' with 2 possible trunks 'sip-callcentric' and 'sip-ecomm' in that order.
Route 3 has no prefix nxxxxxx to the normal dial patterns

I want 6020 and 6030 extensions to use 'to-pstn' and make outbound calls using the trunk 'sip-callcentric'

So: I set 6020,6030 to allow on 'to-pstn' and did 6020,6030 redirect 0002 on 'to-ecomm'

I want 6005 and 6015 extensions to use 'to-ecomm' and make outbound calls using the trunk 'sip-ecomm'

So: I set 6005,6015 to allow on 'to-ecommm' and did 6005,6015 redirect 0001 on 'to-pstn'

Last but not least: I set All to Deny on the

Everything goes out on the 'sip-callcentric' trunk. It is the only trunk on the 'to-pstn' route and the 1st trunk on the 3rd outbound route called 'to-default' that's the one with normal dial patterns 'nxxxxxx'.

I have been at it for hours with trial and error. I am spinning the chamber now. Can someone help me before I pull the trigger.

I feel kind of silly for asking this but something is not clicking when I read these detailed instructions.

Version info

On September 12th, 2009 mwilson75 (tadpole) said:

Asterisk 1.4.26
Freepbx 2.6
Centos 5.3

Redirect does work. Thank

On September 20th, 2009 johnny2000 (tadpole) said:

Redirect does work. Thank you.

Route prefix working, Out bound Route Permissions NOT

On September 24th, 2009 mwilson75 (tadpole) said:

I have been trying to get my head around this for weeks. I have a sudo, multi-tenant system where I want certain people/groups to use certain trunks. On my 1st couple of attempts at using and installing outbound route permission I couldn't even get prefixes to choose a route.

I have that much working now but I can't DENY anything. If the extension knows the right prefix they can use any route they want.

I have chambered a round and spun the cylinder several times in my umpteen attempts to get this to work. I have done about 15 full installs of Asterisk 1.4 or 1.6 using FreePBX 2.5 or 2.6 on Centos 5x or Ubuntu 9x with all kinds of crazy options and never ran into anything as frustrating as this.

The system I am trying to get this module to work on is Centos 5.3 Asterisk 1.4.26 with FreePBX 2.6. The rest of the details on route and permissions are below.

Does anyone see any obvious mistakes? Does this module work with FreePBX 2.6?

The Setup:

1st outbound route

to-pstn

Only trunk in "Trunk Sequence"

sip/callcentric

---------------------
2nd outbound route

ecophone-out

Only trunk in "Trunk Sequence"

sip/ecomm

------------------------------

3rd outbound route

pstn-denied

If someone tries to dial out with 8 and their extension is set No on permissions for to-pstn (1st route) and the redirect on No permission is set to 9 they should go back through the dial plan and get a hit here,...right,...wrong??? Help it's not working.

Only trunk in "Trunk Sequence"

sip/ecomm

------------------------

3rd outbound route
ecomm-denied

If someone tries to dial out with 9 and their extension is set No on permissions for to-ecomm (2nd route) and the redirect on No permission is set to 9 they should go back through the dial plan and get a hit here,...right,...wrong??? Help it's not working.

Only trunk in "Trunk Sequence"

sip/callcentric

Any clues would be GREATLY appreciated!

Thanks,

Michael

You also posted this in a

On September 26th, 2009 wiseoldowl (Contributor) said:

You also posted this in a forum post and I replied there, but wanted to copy my reply here since it might be helpful to some:

First of all, don't use single digit numbers as you prefixes as those can get confused with something you might actually dial. Your users should NEVER, repeat NEVER, be actually dialing these prefixes - that defeats the whole point. So instead, use prefixes in a sequence… 00001, 00002, 00003… etc. Make them the same length (don't have some that are 4 digits, some that are 5, etc.)

Here's the part that may be confusing you: You SHOULD have a route that has no prefixes at all (something you apparently don't have at the moment). It's not necessary that any extensions actually be allowed to use it (though normally this would be the route that the majority of your extensions use), but you need to have it.

Now for each extension you want to restrict, on the extension set-up page, you should of course ALLOW access (by checking YES) to the route you want to use, BUT DON'T PUT THE PREFIX IN THE BOX FOR THAT ROUTE. When you have checked YES, the contents of the Redirect Prefix field is IGNORED. Instead, look at your catch-all route - the one that has the same patterns but with NO prefixes. You should DENY access (by checking NO) but THAT is where you put the prefix of pattern for the route you WANT it to use.

As an example, you have three routes for NANP numbers (which includes toll free numbers - your toll-free patterns in your examples are redundant and could be taken out):

Route 1: 00001|1NXXNXXXXXX
Route 2: 00002|1NXXNXXXXXX
Route 3: 1NXXNXXXXXX

You want a particular extension to use Route 2, so on the extensions page, outbound route permissions section...

Route 1: Check NO and put NOTHING in the Redirect Prefix field
Route 2: Check YES and put NOTHING in the Redirect Prefix field
Route 3: Check NO and put 00002 in the Redirect Prefix field

Again, the redirect prefix is IGNORED when YES is checked. Maybe there should be some sort of warning pop up if you try to save the settings and a YES box is checked and there is something in the prefix field, but right now there isn't.

I hope this helps!

Finally it works

On September 25th, 2009 mwilson75 (tadpole) said:

I had 2 problems:

- Apparently my earlier installs became corrupt or something. Uninstalling and reinstalling did not fix it until I downloaded the .tgz again, uploaded it and reinstalled. Once I did that permissions worked.

- Also I guess I misunderstood the howto. I thought the way it read the "redirect" was added to the 1st prefix and sent back through the dial plan. That's not true according to my observations on the FOP panel. The redirect replaces the original prefix.

Bingo,...now it works!!

Hope this helps some other poor frustrated sap like me. Please feel free to contact me or comment on this post if you have a hard time comprehending the instructions for this module like I did.

btw,...thanks Owl for prompting me to re-read the piece on route prefixes. That was my 1st clue to solve the puzzle.

I still have an issue that my not be able to be resolved and that is that I thought this "route permission" was supposed to somehow work without prefixes. Is there a way to add a prefix on the extension definition that does not get added when dialing features codes like *98 or *97?

I don't understand…

On September 26th, 2009 wiseoldowl (Contributor) said:

You wrote: "Is there a way to add a prefix on the extension definition that does not get added when dialing features codes like *98 or *97?"

Outbound route permissions only affects outbound routes - it should not affect access to feature codes in any way. The only way I can think of that might happen is if you put a feature code pattern in an outbound route for some reason? And if you did that, I'm still not sure it would work as intended, since I think that feature codes are processed earlier in the dial plan.

Anyway, glad you got it working!

Route Permissions module and asterisk 1.6

On March 3rd, 2010 efx456 (tadpole) said:

This module seems to stop working in asterisk 1.6? When I try to use it I get this error in the log file:

WARNING[15393] pbx.c: The application delimiter is now the comma, not the pipe.  Did you forget to convert your dialplan?  (Goto(reroute|1))
NOTICE[15393] pbx.c: No such label 'reroute|1' in extension 's' in context 'macro-dialout-trunk'
WARNING[15393] pbx.c: Priority 'reroute|1' must be a number > 0, or valid label

Is there a fix for this?

It was removed from the

On March 3rd, 2010 p_lindheimer (Developer) said:

It was removed from the Extended repository because of bugs that were never resolved. I have not seen anyone working on it actively. If there is interest, we can give access to anyone who wants to fix and maintain it and then put it back in the extended online repository.

Is this being updated for FreePBX 2.8.0beta2.4?

On June 18th, 2010 tdduarte (tadpole) said:

Hello,

I see that the module was just updated for 2.8.0alpha0 and bellow. This module is used in my system and would be a lot of work to convert it over to custom context... Any updates on whats going on with this now with the new 2.8 ver. of FreePBX?

-Tony

This module is a Third Party

On June 18th, 2010 p_lindheimer (Developer) said:

This module is a Third Party contributed module that is not part of the Extended Repository because there is no one actively supporting it.

The recent update was simply to modify the XML dependency information to keep new installations from trying to install it as it will not work.

There is no effort at this time to update the module. The author of the module is Rob who previously ran FreePBX a few years ago but is not typically active. You are welcome to try and contact him to see if he would care to update it to run on 2.8. Alternatively you could see if there are people willing to pay someone to update it like was the case with custom context.

Lastly ... depending on what you are doing with it, you may be able to accomplish your requirements with the new capabilities of adding callerid information to outbound routes which can be configured to force different extensions down different routes connected to different trunks.

What Im trying to do is have

On June 18th, 2010 tdduarte (tadpole) said:

What Im trying to do is have a group of ext be able to dial 9 to get out where as a different group of ext dial 9 and go out there own trunk... I am not sure if the callerid idea will work for this. If so without a lot of down time that would be great. See what happens...

Is there a way to get into contact with Rob (Email Address maybe) just to at least see what his plan is if any..

-Tony

You can easily do what you

On June 18th, 2010 p_lindheimer (Developer) said:

You can easily do what you are trying to achieve with not extra module.

Here is one example using extension patterns to simplify it, you can extended this by having repeated entries of individual extensions if you don't have a common pattern.

In this example, I will assume assume "3" routes:

1. Emergency
2. Local-7
3. LD-11-2XX
4. LD-11-All-Others

The first two routes would be configured to trap emergency (911) and Local 7 digit dialing and in this example, all extensions would share the same trunks.

The 3rd and 4th routes are configured for 11 digiti dialing only. LD-11-2XX will be used for all extensions in the 200-299 range where as LD-11-All-Others will be used for all other extensions.

The LD-11-2XX Route looks like:

[ ][ ][1NXXNXXXXXX][2XX]

The LD-All-Others Route looks like:

[ ][ ][1NXXNXXXXXX][ ]

In each of the above, you would connect the appropriate trunk to the appropriate route.

As long as you have configured the routes in the order indicated, any 11 digit number dialed by any extension 2XX will use the LD-11-2XX route. Any other extension will not find a match and thus fall through to the LD-All-Others route which is of course configured with a different trunk.

The only place this "falls over" is in a Call Forward / Follow-Me situation. If Extension 222 is CF to an external number, it will choose the last route. However, I believe you have the same issue with Route Permissions and probably most other solutions that are commonly used.

yea see that would missmatch

On June 18th, 2010 tdduarte (tadpole) said:

yea see that would missmatch the trunks and that exactly what i dont want.. What i have here is 3 different sets of extentions and each of these sets are not of the same group... Each of the groups pays for there own trunk/POTs line... So the group of extentions use there own trunk and dont cross over to the others groups trunk. This was my first grouped PBX and it was because of that module... Now things get more complicated. Mind you im doing this all for free as its for Emergency Mangement/Ham Radio Applications..

-Tony

I just took a look at the

On June 18th, 2010 tdduarte (tadpole) said:

I just took a look at the new outbound roots and think i see the caller id setting your talking about.... I am not completely sure if it works the way I am thinking... Can I just add the dial 9 prefix in each outbound route and then add the prefix of the extentions that i want to use that trunk.. for example all ext that start with 31XXX to use a trunk and then all ext 32XXX to use another trunk??

yes My example was a very

On June 18th, 2010 p_lindheimer (Developer) said:

yes

My example was a very simple example that isolated one set of extensions for one specific dialing pattern.

If you extend my example to require them to dial 9 to get the LD-11 routes, you can simply add a 9 prefix in my example to both LD routes and you would have the 9 prefix.

If you want multiple groups you can simply replicate the LD-11-2XX for each group each with it's own trunk connection.

I suggest you experiment around a bit and it should become clear pretty quickly.

Outbound Route Permissions

Comment viewing options

I am very confused,...almost

Version info

Redirect does work. Thank

Route prefix working, Out bound Route Permissions NOT

You also posted this in a

Finally it works

I don't understand…

Route Permissions module and asterisk 1.6

It was removed from the

Is this being updated for FreePBX 2.8.0beta2.4?

This module is a Third Party

What Im trying to do is have

You can easily do what you

yea see that would missmatch

I just took a look at the

yes My example was a very

News Announcements

Technical Corner

Quick Nav

Documentation

Resources

Community

Development

About

Join Us!