cwernstedt Posted September 19, 2017 Report Share Posted September 19, 2017 Does anyone know if TLS with Skype should "just work" if using the standard template, or if any particular settings are needed? I get all sorts of errors if I try to force port 5061 or put sips: in the outbound proxy address. Best, Christian Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 19, 2017 Report Share Posted September 19, 2017 IMHO it should work pretty much right out of the box. The only problem I can think of would be that the certificate validation has problems, but if you add the right Root CA (if missing) then I don't see a problem. Quote Link to comment Share on other sites More sharing options...
cwernstedt Posted September 20, 2017 Author Report Share Posted September 20, 2017 Hm... The VOIP provider template for Skype sets the proxy to sip:sip.skype.com:5060 suggesting that it doesn't attempt TLS (right)? Setting the proxy simply to sip.skype.com doesn't work . SRV records look like this, suggesting that sips and TLS should be possible, but still doesn't work.. A 1.sip.skype.com 63.209.144.201 00:19 A 2.sip.skype.com 204.9.161.164 00:19 A sip.skype.com 63.209.144.201 00:19 AAAA 1.sip.skype.com 11:28:15 AAAA 2.sip.skype.com 11:28:15 AAAA sip.skype.com 11:28:15 NAPTR sip.skype.com 11:28:15 SRV _sip._tcp.sip.skype.com 11:28:15 SRV _sip._tls.sip.skype.com 11:28:15 SRV _sip._udp.sip.skype.com 0 0 1.sip.skype.com 5060 1 0 2.sip.skype.com 5060 00:19 SRV _sips._tcp.sip.skype.com 1 0 2.sip.skype.com 5061 0 0 1.sip.skype.com 5061 Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 20, 2017 Report Share Posted September 20, 2017 They obviously don't advertise TLS. Seems they use also port 5061 for UDP, which might be a little but confusing; but it is only for UDP and it is okay. I would try setting the outbound proxy to sip:sip.skype.com;transport=tls and see what happens. Quote Link to comment Share on other sites More sharing options...
cwernstedt Posted September 20, 2017 Author Report Share Posted September 20, 2017 OK. Tried that. But no luck. sip:sip.skype.com;transport=tls results in timeout errors. What confuses me is that in the SRV records (which I must admit that I don't fully understand) I see references to both TLS and SIPS... There is also a document from Skype here which details what to do to get TLS and sRTP . Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 21, 2017 Report Share Posted September 21, 2017 The document is from 2011. Not sure if anything has changed since then? Maybe you can try to run a wireshark to see if there is even a basic handshake going on or the port is just not open. Quote Link to comment Share on other sites More sharing options...
cwernstedt Posted September 21, 2017 Author Report Share Posted September 21, 2017 Yes, my suspicion is that Skype has quietly dropped support for the needed ports and protocols.... For our Swiss provider things seem to "just work"...(Though I haven't been able to verify that SRTP is actually happening.) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.