Jump to content

How to enable TLS on 5.2


chrispopp

Recommended Posts

Sure. Actually it should be the default e.g. for snom phones (not sure about Polycom at that time). Make sure that the transport layer on the phone SIP registration is TLS. You might have to put the PBX certificate into the phone, so that it will trust the PBX.

Link to comment
Share on other sites

It's not... that's the whole problem i'm trying to solve.

 

outbound proxy: sip:office.pbx.com:5060;transport=tcp

 

Problem is that my phones are usually off-site and don't have direct access to them. Is there a way to force or push the certificate to them? or have them push the protocol to TLS mode? Replacing the transport to TLS works fine, but I want to do it automatically. In version 4.x it was easy.

Link to comment
Share on other sites

In 5.2 you can control the outbound proxy based on the location where the phone is being provisioned. The classical use case for this is that a corporate office is using a local SIP-aware firewall that should act as proxy (so that the bandwidth can be properly allocated). More information on http://www.vodia.com/documentation/domain_settings and http://blog.vodia.com/2014/04/hosted-pbx-and-sip-alg.html

Link to comment
Share on other sites

In 5.2 you can control the outbound proxy based on the location where the phone is being provisioned. The classical use case for this is that a corporate office is using a local SIP-aware firewall that should act as proxy (so that the bandwidth can be properly allocated). More information on http://www.vodia.com/documentation/domain_settings and http://blog.vodia.com/2014/04/hosted-pbx-and-sip-alg.html

 

I don't see how that would change anything over WAN. The PBX is sitting on a public IP, and we use Snom Active to provision these phones ove WAN using the Mac address... There aren't any sip aware routers, that's for sure.

Link to comment
Share on other sites

I think i might have not explained my issue correctly. The problem I'm currently facing is that all the phones automatically provision over WAN on TCP. I want to change this to work over TLS. I know that we can log-in into every phone and modify the transport to TLS, but what I'm looking is for something similar to this feature in version 4.5. Changing the Transport Layer in the field, changes all the provisioned phones directly to TLS.

 

image.png

 

It seems this is the variable that would like to be modified to TLS:

 

image.png

Link to comment
Share on other sites

Yes, that is what I was talking about. The "outbound-proxy" will query the domain setting I was talking about in this thread. The snom_transport can also be used, but is kind of legacy (there is no web interface to edit that parameter AFAIK). Just put "0.0.0.0/0/your-pbx-adr:5060/tcp" (replace the address with the IP address or DNS address of your PBX) into the domain's "Outbound proxy pattern" and you are all done.

Link to comment
Share on other sites

Simply erasing the snom_transport, the configuration pushes the correct parameters (TLS :443). Therefore somewhere snom_transport is hard-coded to TCP. Removing it, works correctly, but I'm having a hard time deciding if this is the best course of action, in case in future versions, this will change...

Link to comment
Share on other sites

Yes, that is what I was talking about. The "outbound-proxy" will query the domain setting I was talking about in this thread. The snom_transport can also be used, but is kind of legacy (there is no web interface to edit that parameter AFAIK). Just put "0.0.0.0/0/your-pbx-adr:5060/tcp" (replace the address with the IP address or DNS address of your PBX) into the domain's "Outbound proxy pattern" and you are all done.

Can you please show me a screenshot or a idiot-proof step by step instruction for this?

Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...