Premium SIPStation SIP Trunking encrypts SIP and RTP with TLS and SRTP between your PBX site and Sangoma's Data Centers. This feature is presently under BETA testing. If you would like to be part of the testing, please complete this short survey first → https://www.surveymonkey.com/r/Y2JCDS9
Prior to using this page as a guide, our technical staff have to enable the feature in our back office systems.
This document will guide you through the process of configuring Vega series of Gateway’s to work with the Premium SIPStation SIP Trunking service. Premium SIPStation provides SIP Trunks over TLS and SRTP. This guide will focus on the setup of CA Certificates and SRTP configuration along with the typical SIP trunk requirements.
For Trunking solutions, the Vega Gateway can connect to the Premium SIPStation SIP Trunking service, this guide provides detailed information about the configuration requirements in Vega series of Gateways, Vega 60G BRI, Vega 100G, Vega 200G and Vega 400G. A typical deployment connects the Premium SIPStation SIP Trunking service to the Vega Gateway on one side using a secure TLS and SRTP SIP Trunk and then on the other side connects to a T1/E1/BRI Port on a Legacy PBX.
SIPStation is a SIP Trunking Service offered by Sangoma, A customer purchases the SIP Trunking Service and then can being to make calls from their Vega Gateway to the SIPStation Service. SIPStation uses FQDNs as the SIP Server address. In this configuration we are purchasing the SIPStation service, finding out where the SIPStation Trunk attributes are located for provisioning in the Vega Gateway. Once the Vega Gateway is configured, the Vega Gateway will REGISTER with SIPStation and be allowed to make Outgoing Calls and Incoming Calls.
There are Wikis to step through purchasing SIPStation DIDs. This document will simply overview the highlights.
NOTE: Premium SIPStation is still in Beta. Option to buy is not yet available on the SIPStation Portal. Once available, this next instruction will indicate how to purchase Premium SIPStation trunks.
Login into www.sipstation.com, begin to purchase your Inbound Numbers. Proceed to Checkout and complete the purchase.
Once purchased, go to My Account | Trunk Groups and record the following information:
All Vega Gateways use DHCP to assign an IP Address. Plug the Vega Gateway to the network, DHCP will assign an IP Address to the unit. To know what the IP Address that was assigned to Vega do one of the following;
Use of Static IP
NOTE: Although the out-of-the-box Vega Gateway obtains an IP Address dynamically, it is recommended that Gateways use a Static IP Address. Configuration of Static IP will be done in each section.
By default, ALL Vega Gateways are sold without SRTP Licenses. But FREE of charge, Sangoma will provide new License for the Vega Gateway to enable SRTP.
Check your Vega Gateway licenses to determine the state of the SRTP License.
SSH into the Vega Gateway. Type SHOW LICENSE (or SHOW SUPPORT) - this is also seen on the Vega WebGUI
Here is an example showing no SRTP License.
To acquire a SRTP license from Sangoma. Contact your local Sangoma Sales Representative, or Sangoma Support (support.sangoma.com) and request a SRTP License for your Vega Gateway. You will need to provide the MAC address (or Serial Number) of the Vega Gateway. For Vega 60Gs, it is helpful to also provide the variant type of Vega, like 4FXS + 4FXO.
From Sangoma Sales or Support you will receive new license key, looks like the following;
Configuration | Expert Config | System Maintenance
Click "Show License Information"
Copy and Paste the License Key into the "Enter New License Key" field and press Submit
You will have to Reboot the Vega Gateway to make the changes effective.
After the reboot, when the Vega Gateway is up, you can return to Configuration | Expert Config | System Maintenance to see that the license is now on.
Quick Config is the Vega Gateway's configuration Wizard. The Wizard asks some specific questions related to the nature of your installation and upon Saving Configuration, the Wizard will complete the programming of the Vega Gateway, through the entire Expert Config. This document will focus on the Quick Config wizard and any supplemental Expert Config requirements. All Quick Config are the same across all Vega Gateways, although specific to Analog or Digital options for corresponding Gateway interfaces.
When you login into the Vega Gateway, the System Status page is seen,
Click on Configuration
Click on Quick Config, a Warning will pop up, reminding you that any Edits here will overwrite the config. Click Continue
First step in the Quick Config wizard, items such as Country, Time Zone, Emergency Numbers and LAN Interface details,
Select the appropriate Country, this is important to define the correct CallerID, Tones, Line Impedance, Digital framing and more for your region.
Change the Gateway from Dynamic IP to Static IP, this is not necessary, but recommended.
This section is where the Premium SIPStation is defined, SIPStation Domain, Transport and Port.
General VoIP Configuration - Registration Mode
Here there are potentially three options, only one is applicable to Premium SIPStation: GATEWAY
Remote Server Configuration
Here is where the Premium SIPStation location is configured, along with the SIP Port, Transport, SIP Accessibility Check (OPTIONS Ping) and the Registration Username and Password
Premium SIPStation offers a greater variety of Codecs. Premium SIPStation Codecs include;
In the following section, select the Codec you wish to use in the priority you wish to use.
This section is where the Vega Gateway T1/E1/BRI interfaces are defined, this section will map the SIPStation DID to the specific FXS Analog port. Every call from SIPStation, calling a specific DID into the Vega will ring a specific FXS Analog Port. This FXS Port is typically connected to a FXO port on a Legacy PBX or a POTS phone or FAX Machine.
This section is where the Vega Gateway Digital interfaces are defined, this section changes depending on the Vega Gateway variant and Country selected. But all versions are very similar,
Interface: 0401 0402 0403 0404 Examples: 04xx - Digital T1/E1 03xx - BRI ... 0401 - 1st T1 Interface
Telephone number list: This is configured as " .* " which is routing terminology for any telephone number character with any length of characters. The field defines which telephone numbers will route out to the E1/T1 trunk interfaces. The Telephone number list will need to be configured for EACH E1/T1 port that is being used
NT?: Defines whether each interface should be configured as NT or TE. Typically in this scenario the Vega will be emulating a telco and so should be set to NT mode. This field should be configured for EACH E1/T1 port that is being used (by default E1/T1 2 and 4 are NT mode)
Protocol: Defines which Protocol is to be used for the E1 or T1 links. this will depend completely on the country and Telco that gateway is to operate against
You are done. Press Save Configuration.
You will have to reboot as well when changing IP Addresses.
There are two methods for creating a CA and Server Cert for the Vega Gateway
Pick one of the two methods, and the end result of either method will be a CA Root Cert and a Server Cert in a PEM format
Open Server Cert - "vega1.domain.net 20181029_key.pem" in Notepad++ (https://notepad-plus-plus.org/)
Notice that the Server Cert has two components.
Copy everything from -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY-----
Paste into a new Text File. Save this "RSA Key Only" file with any name. For Example "vega1.domain.net 20181030_just_key.pem"
You have three files now. Server Cert, Key, and Root.
The Vega Gateway needs a Server Cert and the RSA Private Key installed separately.
Go to Upload/Download File within System Maintenance
Note: Do the next few steps one at a time, as multiple Uploads of multiple files will not work.
Under TLS Files
For Certificate File - Click Browse. Find and select the Server Cert, for example - "vega1.domain.net 20181029_key.pem"
For Key File - Click Browse. Find and select the Server Key, for example - "vega1.domain.net 20181029_just_key.pem"
Note: The Server CA Root Cert does not need to be installed.
We need to install the SIPStation CA Root Cert.
Go the following Website.
Download the GoDaddy Secure Server Certificate (Intermediate Certificate) - G2 - gdig2.crt.pem (pem) file.
Go to Upload/Download File within System Maintenance
Under TLS Files
For Root Certificate File - Click Browse. Find and select the GoDaddy Secure Server Certificate (Intermediate Certificate) - G2 - gdig2.crt.pem (pem) file.
After loading the two Certs and the Key. The Vega Gateway will need to be rebooted.
Premium SIPStation also requires the use of SRTP for encryption of the Audio Media stream.
You can follow the directions for enabling SRTP on the Vega Gateway here;
For Premium SIPStation, these are the settings;
Be sure to Apply Configuration and Save Configuration
Note: If these settings are not shown in the SIP Profile. They can be entered via CLI.
Type on the Vega CLI via SSH (or CLI on the WebGUI)