Page tree
Skip to end of metadata
Go to start of metadata

Premium SIPStation SIP Trunking encrypts SIP and RTP with TLS and SRTP between your PBX site and Sangoma's Data Centers. This feature is presently under BETA testing. If you would like to be part of the testing, please complete this short survey first →

Prior to using this page as a guide, our technical staff have to enable the feature in our back office systems.


This document will guide you through the process of configuring Vega series of Gateway’s to work with the Premium SIPStation SIP Trunking service.  Premium SIPStation provides SIP Trunks over TLS and SRTP.  This guide will focus on the setup of CA Certificates and SRTP configuration along with the typical SIP trunk requirements.


For Trunking solutions, the Vega Gateway can connect to the Premium SIPStation SIP Trunking service, this guide provides detailed information about the configuration requirements in Vega series of Gateways, Vega 60G BRI, Vega 100G, Vega 200G and Vega 400G.  A typical deployment connects the Premium SIPStation SIP Trunking service to the Vega Gateway on one side using a secure TLS and SRTP SIP Trunk and then on the other side connects to a T1/E1/BRI Port on a Legacy PBX.

Premium SIPStation Configuration

General Configuration

SIPStation is a SIP Trunking Service offered by Sangoma, A customer purchases the SIP Trunking Service and then can being to make calls from their Vega Gateway to the SIPStation Service.  SIPStation uses FQDNs as the SIP Server address.  In this configuration we are purchasing the SIPStation service, finding out where the SIPStation Trunk attributes are located for provisioning in the Vega Gateway.  Once the Vega Gateway is configured, the Vega Gateway will REGISTER with SIPStation and be allowed to make Outgoing Calls and Incoming Calls.

SIPStation Purchase

There are Wikis to step through purchasing SIPStation DIDs.  This document will simply overview the highlights.

NOTE:  Premium SIPStation is still in Beta.  Option to buy is not yet available on the SIPStation Portal.  Once available, this next instruction will indicate how to purchase Premium SIPStation trunks.

Login into, begin to purchase your Inbound Numbers.  Proceed to Checkout and complete the purchase.

Once purchased, go to My Account | Trunk Groups and record the following information:

Vega Gateway Configuration

General Configuration


All Vega Gateways use DHCP to assign an IP Address.  Plug the Vega Gateway to the network, DHCP will assign an IP Address to the unit.  To know what the IP Address that was assigned to Vega do one of the following;

  • Attach Serial Cable to the Vega, 115200 8N1, login admin/admin - IP Address will be displayed on the Banner, or type Show Banner
  • Refer to the DHCP Server reservation
  • Use a network scan tool, look for the IP based on the MAC

Use of Static IP

NOTE: Although the out-of-the-box Vega Gateway obtains an IP Address dynamically, it is recommended that Gateways use a Static IP Address.  Configuration of Static IP will be done in each section.


By default, ALL Vega Gateways are sold without SRTP Licenses.  But FREE of charge, Sangoma will provide new License for the Vega Gateway to enable SRTP.

Check your Vega Gateway licenses to determine the state of the SRTP License.

SSH into the Vega Gateway.  Type SHOW LICENSE  (or SHOW SUPPORT) - this is also seen on the Vega WebGUI

Here is an example showing no SRTP License.


To acquire a SRTP license from Sangoma.  Contact your local Sangoma Sales Representative, or Sangoma Support ( and request a SRTP License for your Vega Gateway.  You will need to provide the MAC address (or Serial Number) of the Vega Gateway.  For Vega 60Gs, it is helpful to also provide the variant type of Vega, like 4FXS + 4FXO.

From Sangoma Sales or Support you will receive new license key, looks like the following;


Configuration  |  Expert Config  |  System Maintenance

Click "Show License Information"

Copy and Paste the License Key into the "Enter New License Key" field and press Submit

You will have to Reboot the Vega Gateway to make the changes effective.

After the reboot, when the Vega Gateway is up, you can return to Configuration  |  Expert Config  |  System Maintenance to see that the license is now on.

Quick Config

Quick Config is the Vega Gateway's configuration Wizard.  The Wizard asks some specific questions related to the nature of your installation and upon Saving Configuration, the Wizard will complete the programming of the Vega Gateway, through the entire Expert Config.  This document will focus on the Quick Config wizard and any supplemental Expert Config requirements.  All Quick Config are the same across all Vega Gateways, although specific to Analog or Digital options for corresponding Gateway interfaces.

Quick Config

When you login into the Vega Gateway, the System Status page is seen,

Click on Configuration

Click on Quick Config, a Warning will pop up, reminding you that any Edits here will overwrite the config. Click Continue

Quick Config - Step 1 - Basic Configuration

First step in the Quick Config wizard, items such as Country, Time Zone, Emergency Numbers and LAN Interface details,

Select the appropriate Country, this is important to define the correct CallerID, Tones, Line Impedance, Digital framing and more for your region.

Change the Gateway from Dynamic IP to Static IP, this is not necessary, but recommended.

  • Deselect "Obtain IP Settings automatically Using DHCP"
  • Enter in the IP Address, Subnet Mask, Default Gateway, DNS Servers and NTP Server

Quick Config - Step 2 - VoIP

This section is where the Premium SIPStation is defined, SIPStation Domain, Transport and Port.

General VoIP Configuration - Registration Mode

Here there are potentially three options, only one is applicable to Premium SIPStation:  GATEWAY 

  • Select GATEWAY, there is requirement to REGISTER and Authenticate with the SIPStation.

Remote Server Configuration

Here is where the Premium SIPStation location is configured, along with the SIP Port, Transport, SIP Accessibility Check (OPTIONS Ping) and the Registration Username and Password

  • SIP Server IP/FQDN: Enter the FQDN of the Premium SIPStation -
  • SIP Server Port: Enter 5061 - This is common for TLS
  • SIP Server Transport Mode: Select TLS
  • SIP Accessibility Check: Select Options
  • Registration/Authentication ID:  Enter the SIP Username from the SIPStation Portal - My Account - Trunk Groups
  • Authentication Password:  Enter SIP Password from the SIPStation Portal - My Account - Trunk Groups
  • Add Transport parameter in Contact Header of Register Request:  Check to Enable


Premium SIPStation offers a greater variety of Codecs. Premium SIPStation Codecs include;

  • G711 Codec
  • G729 Codec
  • G722 Codec
  • AMR-WB Codec
  • GSM Codec

In the following section, select the Codec you wish to use in the priority you wish to use.

Quick Config - Step 3 - T1/E1/BRI

This section is where the Vega Gateway T1/E1/BRI interfaces are defined, this section will map the SIPStation DID to the specific FXS Analog port.  Every call from SIPStation, calling a specific DID into the Vega will ring a specific FXS Analog Port.  This FXS Port is typically connected to a FXO port on a Legacy PBX or a POTS phone or FAX Machine.

This section is where the Vega Gateway Digital interfaces are defined, this section changes depending on the Vega Gateway variant and Country selected.  But all versions are very similar,

Telephone Connections

Interface:  0401  0402  0403  0404   Examples: 04xx - Digital T1/E1  03xx - BRI   ... 0401 - 1st T1 Interface

Telephone number list:  This is configured as " .* " which is routing terminology for any telephone number character with any length of characters.  The field defines which telephone numbers will route out to the E1/T1 trunk interfaces. The Telephone number list will need to be configured for EACH E1/T1 port that is being used

Port Configurations

NT?:  Defines whether each interface should be configured as NT or TE.  Typically in this scenario the Vega will be emulating a telco and so should be set to NT mode.  This field should be configured for EACH E1/T1 port that is being used (by default E1/T1 2 and 4 are NT mode)
Protocol:  Defines which Protocol is to be used for the E1 or T1 links. this will depend completely on the country and Telco that gateway is to operate against

  • For T1: NI(NI2), QSIG, dms, dms_m1 att, CAS-RBS, CASPW, arin and Auto will attempt identify the correct protocol being used
  • For E1/BRI:  ETSI (EURO ISDN), QSIG, VN, CAS-R2, CAS-PW, arinc, 1tr6 and Auto will attempt identify the correct protocol being used

Save Configuration

You are done.  Press Save Configuration.

You will have to reboot as well when changing IP Addresses.

Creating a Server Cert for TLS

There are two methods for creating a CA and Server Cert for the Vega Gateway

  1. Using a Certificate Authority (Verisign, GoDaddy, and others)
    Similar to the process of the Sangoma SBC, found here;
    BUT, the Vega Gateway does not have the ability to generate a CSR locally on the Gateway.  The CSR must be created externally, then sent to the CA Authority.  From there the Server Cert is then imported onto the Vega.

  2. Using Simple Authority
    Similar to the process of the Sangoma SBC, found here;
    This process of using Simple Authority to generate a Server Cert works very well.

Pick one of the two methods, and the end result of either method will be a CA Root Cert and a Server Cert in a PEM format

For Example: 

  1. CA Root Cert - Sangoma 20181029_cert.pem
  2. Server Cert - 20181029_key.pem

Preparing the Server Certs

Open Server Cert - " 20181029_key.pem" in Notepad++ (

Notice that the Server Cert has two components. 

  1. RSA Private Key
  2. Server Cert

Copy everything from  -----BEGIN RSA PRIVATE KEY-----  to   -----END RSA PRIVATE KEY----- 

Paste into a new Text File.  Save this "RSA Key Only" file with any name.  For Example " 20181030_just_key.pem"

You have three files now.  Server Cert, Key, and Root.

  1. CA Root Cert - Sangoma 20181029_cert.pem
  2. Server Cert - 20181029_key.pem
  3. Server Key - 20181029_just_key.pem

Configuration  |  Expert Config  |  System Maintenance

The Vega Gateway needs a Server Cert and the RSA Private Key installed separately. 

Go to Upload/Download File within System Maintenance

Note: Do the next few steps one at a time, as multiple Uploads of multiple files will not work.

Under TLS Files

For Certificate File - Click Browse.  Find and select the Server Cert, for example - " 20181029_key.pem"

Press Upload.

For Key File - Click Browse.  Find and select the Server Key, for example - " 20181029_just_key.pem"

Press Upload.

Note: The Server CA Root Cert does not need to be installed.

Download and install the SIPStation GoDaddy CA Root Cert

We need to install the SIPStation CA Root Cert.

Go the following Website.

Download the GoDaddy Secure Server Certificate (Intermediate Certificate) - G2  - gdig2.crt.pem (pem) file.

Go to Upload/Download File within System Maintenance

Under TLS Files

For Root Certificate File - Click Browse.  Find and select the GoDaddy Secure Server Certificate (Intermediate Certificate) - G2  - gdig2.crt.pem (pem) file.

Press Upload.

After loading the two Certs and the Key.  The Vega Gateway will need to be rebooted.

Enabling SRTP

Premium SIPStation also requires the use of SRTP for encryption of the Audio Media stream.

You can follow the directions for enabling SRTP on the Vega Gateway here;

For Premium SIPStation, these are the settings;

  • SRTP Mode:  Select "require_rfc4568"
  • SRTP Default Auth Bits:  Leave at 80
  • SRTP Minimum Auth Bits:  Leave at 32
  • Crypto Life Time:  Leave at default Medium
  • Crypto MKI Length:  Leave at default 1:1

Be sure to Apply Configuration and Save Configuration

Note:  If these settings are not shown in the SIP Profile.  They can be entered via CLI.

Type on the Vega CLI via SSH (or CLI on the WebGUI)

  • set sip.profile.1.srtp_mode=require_rfc4568
  • apply
  • save

  • No labels