Add new comment

Kamailio and Asterisk SIPTLS + SRTP

TLS for SIP and RTP has long been on my hit list. I've been traveling a lot more for work recently, so secure mobile VoIP has gone up in priority.

Step 1, create an SSL certificate.

openssl req -out certreq.pem -new -nodes -keyout key.pem

(Optional) Step 1a, sign the SSL cert with your own CA. Otherwise, get it signed by a trusted CA.

openssl ca -in certreq.pem -out cert.pem

Step 2, set up Asterisk. Add this to sip.conf:

tlsenable=yes
tlscertfile=/path/to/your/cert.pem
tlsprivatekey=/path/to/your/key.pem
tlscafile=/path/to/your/ca.pem

Step 2a, enable encryption for each peer:

[mysecurefriend]
encryption=yes

Step 3a, set up Kamailio. Add this to kamailio.cfg:

enable_tls=yes
loadmodule "tls.so"
modparam("tls", "config", "/etc/kamailio/tls.cfg")

Step 3b, create a tls.cfg:

[server:default]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/key.pem
certificate = /etc/kamailio/cert.pem
ca_list = /etc/kamailio/ca.pem

[client:default]
verify_certificate = yes
require_certificate = yes

Step 4, ensure that port 5061 is open in your firewall.

Step 5, enable TLS in your client. This part is left as an exercise to the reader.

Subscribe to zmonkey.org - All comments