chrispopp Posted May 26, 2015 Report Share Posted May 26, 2015 How do I enable TLS and secure RTP on 5.2? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 27, 2015 Report Share Posted May 27, 2015 Sure. Actually it should be the default e.g. for snom phones (not sure about Polycom at that time). Make sure that the transport layer on the phone SIP registration is TLS. You might have to put the PBX certificate into the phone, so that it will trust the PBX. Quote Link to comment Share on other sites More sharing options...
chrispopp Posted May 27, 2015 Author Report Share Posted May 27, 2015 It's not... that's the whole problem i'm trying to solve. outbound proxy: sip:office.pbx.com:5060;transport=tcp Problem is that my phones are usually off-site and don't have direct access to them. Is there a way to force or push the certificate to them? or have them push the protocol to TLS mode? Replacing the transport to TLS works fine, but I want to do it automatically. In version 4.x it was easy. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 27, 2015 Report Share Posted May 27, 2015 Well what phones are you using? Did you change the templates? Quote Link to comment Share on other sites More sharing options...
chrispopp Posted May 27, 2015 Author Report Share Posted May 27, 2015 Well what phones are you using? Did you change the templates? We're testing with 300 series and 700 series. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 27, 2015 Report Share Posted May 27, 2015 Well that should really, really work unless you have a firewall that blocks TLS. Quote Link to comment Share on other sites More sharing options...
chrispopp Posted May 27, 2015 Author Report Share Posted May 27, 2015 I used mac based provisioning over WAN. If it matters. In 4.5 i know i have an option to push TLS instead of TCP/UDP. Is there any other way to ensure that all phones are working ove TLS? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 27, 2015 Report Share Posted May 27, 2015 In 5.2 you can control the outbound proxy based on the location where the phone is being provisioned. The classical use case for this is that a corporate office is using a local SIP-aware firewall that should act as proxy (so that the bandwidth can be properly allocated). More information on http://www.vodia.com/documentation/domain_settings and http://blog.vodia.com/2014/04/hosted-pbx-and-sip-alg.html Quote Link to comment Share on other sites More sharing options...
chrispopp Posted May 28, 2015 Author Report Share Posted May 28, 2015 In 5.2 you can control the outbound proxy based on the location where the phone is being provisioned. The classical use case for this is that a corporate office is using a local SIP-aware firewall that should act as proxy (so that the bandwidth can be properly allocated). More information on http://www.vodia.com/documentation/domain_settings and http://blog.vodia.com/2014/04/hosted-pbx-and-sip-alg.html I don't see how that would change anything over WAN. The PBX is sitting on a public IP, and we use Snom Active to provision these phones ove WAN using the Mac address... There aren't any sip aware routers, that's for sure. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 28, 2015 Report Share Posted May 28, 2015 Sorry forgot to point out that you can use that trick to set the outbound proxy for all devices. Just use 0.0.0.0/0 as the net mask and it will apply to everything. Quote Link to comment Share on other sites More sharing options...
chrispopp Posted June 1, 2015 Author Report Share Posted June 1, 2015 Sorry forgot to point out that you can use that trick to set the outbound proxy for all devices. Just use 0.0.0.0/0 as the net mask and it will apply to everything. Set this where? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted June 1, 2015 Report Share Posted June 1, 2015 In the outbound proxy for the domain (see above for the links). Quote Link to comment Share on other sites More sharing options...
chrispopp Posted June 4, 2015 Author Report Share Posted June 4, 2015 I think i might have not explained my issue correctly. The problem I'm currently facing is that all the phones automatically provision over WAN on TCP. I want to change this to work over TLS. I know that we can log-in into every phone and modify the transport to TLS, but what I'm looking is for something similar to this feature in version 4.5. Changing the Transport Layer in the field, changes all the provisioned phones directly to TLS. It seems this is the variable that would like to be modified to TLS: Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted June 4, 2015 Report Share Posted June 4, 2015 Yes, that is what I was talking about. The "outbound-proxy" will query the domain setting I was talking about in this thread. The snom_transport can also be used, but is kind of legacy (there is no web interface to edit that parameter AFAIK). Just put "0.0.0.0/0/your-pbx-adr:5060/tcp" (replace the address with the IP address or DNS address of your PBX) into the domain's "Outbound proxy pattern" and you are all done. Quote Link to comment Share on other sites More sharing options...
chrispopp Posted June 8, 2015 Author Report Share Posted June 8, 2015 Simply erasing the snom_transport, the configuration pushes the correct parameters (TLS :443). Therefore somewhere snom_transport is hard-coded to TCP. Removing it, works correctly, but I'm having a hard time deciding if this is the best course of action, in case in future versions, this will change... Quote Link to comment Share on other sites More sharing options...
chrispopp Posted June 16, 2015 Author Report Share Posted June 16, 2015 Yes, that is what I was talking about. The "outbound-proxy" will query the domain setting I was talking about in this thread. The snom_transport can also be used, but is kind of legacy (there is no web interface to edit that parameter AFAIK). Just put "0.0.0.0/0/your-pbx-adr:5060/tcp" (replace the address with the IP address or DNS address of your PBX) into the domain's "Outbound proxy pattern" and you are all done. Can you please show me a screenshot or a idiot-proof step by step instruction for this? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted June 16, 2015 Report Share Posted June 16, 2015 Ok here is a screen capture. Quote Link to comment Share on other sites More sharing options...
chrispopp Posted July 10, 2015 Author Report Share Posted July 10, 2015 I tried it and still doesn't work... keeps the phone on TCP anyway. I tried with 192.168.1.1/24/8.8.8.8:443/tls where 8.8.8.8 is the hosted PBX ip, and 192.168.1.1 is the internal network Edit: it worked with this: 0.0.0.0.0/0/8.8.8.8:443/tls Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted July 10, 2015 Report Share Posted July 10, 2015 Really port 443 or did you want to use 5061? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.