Page tree
Skip to end of metadata
Go to start of metadata

There are a few prerequisites that must be satisfied before setting up your Sangoma Phones to use TLS/SRTP on your FreePBX install:

  • FreePBX >= 14 
  • An FQDN must be assigned and resolve properly on your PBX.
  • A commercial certificate must be properly created and installed on your PBX ( see Certificate Management User Guide )
  • insure all modules are up to date - fwconsole ma upgradeall 
  • insure your phones are using latest firmware  - Phone Firmware Release Notes



document will assume at this point you are using pjsip only on default ports  ...


and on the pjsip specific tab


  • Once the prerequisites above are met then you will start by enabling TLS/SSL/SRTP in Asterisk SIP Settings pjsip
    • Choose the Certificate to use.  Certificates are setup in Certificate Manager module on your PBX.
    • Set SSL Method to use Default
    • Set Verify Client and Verify Server to yes



  • Next the Extension(s) you want to enable TLS ore SRTP for, under the advanced tab of the extension, enable TLS and SRTP as seen in the example below.
    • To enable TLS set the "Transport" to 0.0.0.0-tls to as shown below.    



    • To enable SRTP
    • Set Media Encryption to SRTP via in-SDP (Recommended)
    • Set Allow Non-Encrypted Media to No



 

If you phone is already setup in EPM go rebuild the config for the extensions you want to use SRTP or TLS based on the settings you changed above and reboot the phones and they will now use SRTP and or TLS based on what you have defined in the extension page for each device.

 


  • No labels