Jump to content
Vodia PBX forum
cwernstedt

Skype SIP trunk with TLS setup?

Recommended Posts

Does anyone know if TLS with Skype should "just work" if using the standard template, or if any particular settings are needed?

I get all sorts of errors if I try to force port 5061 or put sips:  in the outbound proxy address. 

Best,

Christian

Share this post


Link to post
Share on other sites

IMHO it should work pretty much right out of the box. The only problem I can think of would be that the certificate validation has problems, but if you add the right Root CA (if missing) then I don't see a problem.

Share this post


Link to post
Share on other sites

Hm... 


The VOIP provider template for Skype sets the proxy to sip:sip.skype.com:5060  suggesting that it doesn't attempt TLS (right)?

 

 
Setting the proxy simply to sip.skype.com doesn't work .
 
SRV records look like this, suggesting that sips and TLS should be possible, but still doesn't work..
 
A 1.sip.skype.com 63.209.144.201 00:19
A 2.sip.skype.com 204.9.161.164 00:19
A sip.skype.com 63.209.144.201 00:19
AAAA 1.sip.skype.com   11:28:15
AAAA 2.sip.skype.com   11:28:15
AAAA sip.skype.com   11:28:15
NAPTR sip.skype.com   11:28:15
SRV _sip._tcp.sip.skype.com   11:28:15
SRV _sip._tls.sip.skype.com   11:28:15
SRV _sip._udp.sip.skype.com 0 0 1.sip.skype.com 5060 1 0 2.sip.skype.com 5060 00:19
SRV _sips._tcp.sip.skype.com 1 0 2.sip.skype.com 5061 0 0 1.sip.skype.com 5061
 

Share this post


Link to post
Share on other sites

They obviously don't advertise TLS. Seems they use also port 5061 for UDP, which might be a little but confusing; but it is only for UDP and it is okay.

I would try setting the outbound proxy to sip:sip.skype.com;transport=tls and see what happens.

Share this post


Link to post
Share on other sites

OK. Tried that.

But no luck. 

sip:sip.skype.com;transport=tls results in timeout errors.

What confuses me is that in the SRV records (which I must admit that I don't fully understand) I see references to both TLS and SIPS...

There is also a document from Skype here which details what to do to get TLS and sRTP . skype-connect-requirements-guide.pdf

Share this post


Link to post
Share on other sites

The document is from 2011. Not sure if anything has changed since then? Maybe you can try to run a wireshark to see if there is even a basic handshake going on or the port is just not open.

Share this post


Link to post
Share on other sites

Yes, my suspicion is that Skype has quietly dropped support for the needed ports and protocols....

For our Swiss provider things seem to "just work"...(Though I haven't been able to verify that SRTP is actually happening.)

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×