Kamailio and Asterisk SIPTLS + SRTP

TLS for SIP and RTP has long been on my hit list. I've been traveling a lot more for work recently, so secure mobile VoIP has gone up in priority.

Step 1, create an SSL certificate.

openssl req -out certreq.pem -new -nodes -keyout key.pem

(Optional) Step 1a, sign the SSL cert with your own CA. Otherwise, get it signed by a trusted CA.

openssl ca -in certreq.pem -out cert.pem

Step 2, set up Asterisk. Add this to sip.conf:


Step 2a, enable encryption for each peer:


Step 3a, set up Kamailio. Add this to kamailio.cfg:

loadmodule "tls.so"
modparam("tls", "config", "/etc/kamailio/tls.cfg")

Step 3b, create a tls.cfg:

method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/key.pem
certificate = /etc/kamailio/cert.pem
ca_list = /etc/kamailio/ca.pem

verify_certificate = yes
require_certificate = yes

Step 4, ensure that port 5061 is open in your firewall.

Step 5, enable TLS in your client. This part is left as an exercise to the reader.

Subscribe to Comments for "Kamailio and Asterisk SIPTLS + SRTP" Subscribe to zmonkey.org - All comments