Premium SIPStation SIP Trunking encrypts SIP and RTP with TLS and SRTP between your PBX site and Sangoma's Data Centers. This feature is presently under BETA testing. If you would like to be part of the testing, please complete this short survey first → https://www.surveymonkey.com/r/Y2JCDS9

Prior to using this page as a guide, our technical staff have to enable the feature in our back office systems.

Overview

This document will guide you through the process of configuring Vega series of Gateway’s to work with the Premium SIPStation SIP Trunking service.  Premium SIPStation provides SIP Trunks over TLS and SRTP.  This guide will focus on the setup of CA Certificates and SRTP configuration along with the typical SIP trunk requirements.

Introduction

For Trunking solutions, the Vega Gateway can connect to the Premium SIPStation SIP Trunking service, this guide provides detailed information about the configuration requirements in Vega series of Gateways, Vega 60G BRI, Vega 100G, Vega 200G and Vega 400G.  A typical deployment connects the Premium SIPStation SIP Trunking service to the Vega Gateway on one side using a secure TLS and SRTP SIP Trunk and then on the other side connects to a T1/E1/BRI Port on a Legacy PBX.




Premium SIPStation Configuration

General Configuration

SIPStation is a SIP Trunking Service offered by Sangoma, A customer purchases the SIP Trunking Service and then can being to make calls from their Vega Gateway to the SIPStation Service.  SIPStation uses FQDNs as the SIP Server address.  In this configuration we are purchasing the SIPStation service, finding out where the SIPStation Trunk attributes are located for provisioning in the Vega Gateway.  Once the Vega Gateway is configured, the Vega Gateway will REGISTER with SIPStation and be allowed to make Outgoing Calls and Incoming Calls.

SIPStation Purchase

There are Wikis to step through purchasing SIPStation DIDs.  This document will simply overview the highlights.

https://wiki.sangoma.com/display/ST/SIPStation+and+FAXStation


NOTE:  Premium SIPStation is still in Beta.  Option to buy is not yet available on the SIPStation Portal.  Once available, this next instruction will indicate how to purchase Premium SIPStation trunks.


Login into www.sipstation.com, begin to purchase your Inbound Numbers.  Proceed to Checkout and complete the purchase.



Once purchased, go to My Account | Trunk Groups and record the following information:



Vega Gateway Configuration

General Configuration

DHCP

All Vega Gateways use DHCP to assign an IP Address.  Plug the Vega Gateway to the network, DHCP will assign an IP Address to the unit.  To know what the IP Address that was assigned to Vega do one of the following;



Use of Static IP

NOTE: Although the out-of-the-box Vega Gateway obtains an IP Address dynamically, it is recommended that Gateways use a Static IP Address.  Configuration of Static IP will be done in each section.


Licensing

By default, ALL Vega Gateways are sold without SRTP Licenses.  But FREE of charge, Sangoma will provide new License for the Vega Gateway to enable SRTP.


Check your Vega Gateway licenses to determine the state of the SRTP License.

SSH into the Vega Gateway.  Type SHOW LICENSE  (or SHOW SUPPORT) - this is also seen on the Vega WebGUI

Here is an example showing no SRTP License.

 

To acquire a SRTP license from Sangoma.  Contact your local Sangoma Sales Representative, or Sangoma Support (support.sangoma.com) and request a SRTP License for your Vega Gateway.  You will need to provide the MAC address (or Serial Number) of the Vega Gateway.  For Vega 60Gs, it is helpful to also provide the variant type of Vega, like 4FXS + 4FXO.

From Sangoma Sales or Support you will receive new license key, looks like the following;

001306505ff05DB2006000003010180000000f0603d2799b0426303c99f3eb0c551a2d687dR1XXXXXX


Configuration  |  Expert Config  |  System Maintenance

Click "Show License Information"


Copy and Paste the License Key into the "Enter New License Key" field and press Submit


You will have to Reboot the Vega Gateway to make the changes effective.


After the reboot, when the Vega Gateway is up, you can return to Configuration  |  Expert Config  |  System Maintenance to see that the license is now on.


Quick Config

Quick Config is the Vega Gateway's configuration Wizard.  The Wizard asks some specific questions related to the nature of your installation and upon Saving Configuration, the Wizard will complete the programming of the Vega Gateway, through the entire Expert Config.  This document will focus on the Quick Config wizard and any supplemental Expert Config requirements.  All Quick Config are the same across all Vega Gateways, although specific to Analog or Digital options for corresponding Gateway interfaces.

Quick Config

When you login into the Vega Gateway, the System Status page is seen,



Click on Configuration


Click on Quick Config, a Warning will pop up, reminding you that any Edits here will overwrite the config. Click Continue



Quick Config - Step 1 - Basic Configuration

First step in the Quick Config wizard, items such as Country, Time Zone, Emergency Numbers and LAN Interface details,


Select the appropriate Country, this is important to define the correct CallerID, Tones, Line Impedance, Digital framing and more for your region.

Change the Gateway from Dynamic IP to Static IP, this is not necessary, but recommended.


Quick Config - Step 2 - VoIP

This section is where the Premium SIPStation is defined, SIPStation Domain, Transport and Port.



General VoIP Configuration - Registration Mode

Here there are potentially three options, only one is applicable to Premium SIPStation:  GATEWAY 



Remote Server Configuration

Here is where the Premium SIPStation location is configured, along with the SIP Port, Transport, SIP Accessibility Check (OPTIONS Ping) and the Registration Username and Password



Codecs

Premium SIPStation offers a greater variety of Codecs. Premium SIPStation Codecs include;

In the following section, select the Codec you wish to use in the priority you wish to use.



Quick Config - Step 3 - T1/E1/BRI

This section is where the Vega Gateway T1/E1/BRI interfaces are defined, this section will map the SIPStation DID to the specific FXS Analog port.  Every call from SIPStation, calling a specific DID into the Vega will ring a specific FXS Analog Port.  This FXS Port is typically connected to a FXO port on a Legacy PBX or a POTS phone or FAX Machine.


This section is where the Vega Gateway Digital interfaces are defined, this section changes depending on the Vega Gateway variant and Country selected.  But all versions are very similar,


Telephone Connections

Interface:  0401  0402  0403  0404   Examples: 04xx - Digital T1/E1  03xx - BRI   ... 0401 - 1st T1 Interface

Telephone number list:  This is configured as " .* " which is routing terminology for any telephone number character with any length of characters.  The field defines which telephone numbers will route out to the E1/T1 trunk interfaces. The Telephone number list will need to be configured for EACH E1/T1 port that is being used


Port Configurations

NT?:  Defines whether each interface should be configured as NT or TE.  Typically in this scenario the Vega will be emulating a telco and so should be set to NT mode.  This field should be configured for EACH E1/T1 port that is being used (by default E1/T1 2 and 4 are NT mode)
Protocol:  Defines which Protocol is to be used for the E1 or T1 links. this will depend completely on the country and Telco that gateway is to operate against




Save Configuration

You are done.  Press Save Configuration.

You will have to reboot as well when changing IP Addresses.



Creating a Server Cert for TLS

There are two methods for creating a CA and Server Cert for the Vega Gateway

  1. Using a Certificate Authority (Verisign, GoDaddy, and others)
    Similar to the process of the Sangoma SBC, found here;
    https://wiki.sangoma.com/display/SBC/How+to+create+SSL+Certificates+for+your+TLS+support+on+Sangoma+SBC
    BUT, the Vega Gateway does not have the ability to generate a CSR locally on the Gateway.  The CSR must be created externally, then sent to the CA Authority.  From there the Server Cert is then imported onto the Vega.

  2. Using Simple Authority
    Similar to the process of the Sangoma SBC, found here;
    https://wiki.sangoma.com/display/SBC/SBC+TLS+Certificates+using+Simple+Authority
    This process of using Simple Authority to generate a Server Cert works very well.

Pick one of the two methods, and the end result of either method will be a CA Root Cert and a Server Cert in a PEM format

For Example: 

  1. CA Root Cert - Sangoma 20181029_cert.pem
  2. Server Cert - vega1.domain.net 20181029_key.pem



Preparing the Server Certs

Open Server Cert - "vega1.domain.net 20181029_key.pem" in Notepad++ (https://notepad-plus-plus.org/)

Notice that the Server Cert has two components. 

  1. RSA Private Key
  2. Server Cert



Copy everything from  -----BEGIN RSA PRIVATE KEY-----  to   -----END RSA PRIVATE KEY----- 



Paste into a new Text File.  Save this "RSA Key Only" file with any name.  For Example "vega1.domain.net 20181030_just_key.pem"


You have three files now.  Server Cert, Key, and Root.

  1. CA Root Cert - Sangoma 20181029_cert.pem
  2. Server Cert - vega1.domain.net 20181029_key.pem
  3. Server Key - vega1.domain.net 20181029_just_key.pem


Configuration  |  Expert Config  |  System Maintenance

The Vega Gateway needs a Server Cert and the RSA Private Key installed separately. 

Go to Upload/Download File within System Maintenance


Note: Do the next few steps one at a time, as multiple Uploads of multiple files will not work.


Under TLS Files

For Certificate File - Click Browse.  Find and select the Server Cert, for example - "vega1.domain.net 20181029_key.pem"

Press Upload.

For Key File - Click Browse.  Find and select the Server Key, for example - "vega1.domain.net 20181029_just_key.pem"

Press Upload.

Note: The Server CA Root Cert does not need to be installed.


Download and install the SIPStation GoDaddy CA Root Cert

We need to install the SIPStation CA Root Cert.

Go the following Website.

https://certs.godaddy.com/repository


Download the GoDaddy Secure Server Certificate (Intermediate Certificate) - G2  - gdig2.crt.pem (pem) file.


Go to Upload/Download File within System Maintenance


Under TLS Files

For Root Certificate File - Click Browse.  Find and select the GoDaddy Secure Server Certificate (Intermediate Certificate) - G2  - gdig2.crt.pem (pem) file.

Press Upload.


After loading the two Certs and the Key.  The Vega Gateway will need to be rebooted.



Enabling SRTP

Premium SIPStation also requires the use of SRTP for encryption of the Audio Media stream.

You can follow the directions for enabling SRTP on the Vega Gateway here;

https://wiki.sangoma.com/display/VG/SRTP


For Premium SIPStation, these are the settings;



Be sure to Apply Configuration and Save Configuration


Note:  If these settings are not shown in the SIP Profile.  They can be entered via CLI.

Type on the Vega CLI via SSH (or CLI on the WebGUI)