Configuring TLS Transport

I’ve been following a Twilio guide (can’t post the link).

  • Google “freepbx twilo tutorial”
  • Result named “SIP Trunking Configuration Guides - Twilio”
  • “FreePBX®”
  • “Click here to download the FreePBX Interconnection Guide]”

Got it working without TLS. My issue is when I changed from UDP to TLS (I disabled everything but TLS under SIP Settings > Transports.) my SIP client gets a “Service Unavailable” (using MicroSIP client). When at the section “Setting up Free PBX side”, I don’t see anything for step 4-6. The only place I can change the CA chain file is /etc/asterisk/pjsip.transports.conf; however, it says to not change the file. Naturally, I figured I should change pjsip.transports_custom.conf, but I noticed #include pjsip.transports_custom.conf is at the top of pjsip.transports.conf. pjsip show transports shows the following:

Transport: 0.0.0.0-tls tls 3 96 0.0.0.0:5061

  • How do I enable custom pjsip transports? Through the GUI configuration editor?
  • What is the value name for a CA Chain file?
  • Are there examples of config files? Otherwise, I have no idea what possible options there are, and their values.
1 Like

Whenever you change transports it is always good to restart Asterisk.

Can you post a screenshot of your trunks under Connectivity under Trunks?

Edit 3: MicroSIP worked fine when setting Media Encryption to Optional. Now I’m getting Service Unavailable after it dials for a few seconds.

Edit 2: Since “Not Acceptable Here” means something’s up with my dialplan, perhaps the error is actually saying the system thinks the number I dialed is an extension?

Edit: I’ve since changed my extension to 200, after seeing a recommendation elsewhere that 0xx,1xx, and 9xx are not advisable.

Yep, I usually reload/restart any time I make changes. Since this post, I’ve gotten 5061 accessible. I decided to use LetsEncrypt to handle all my certs. Anytime I dial I get “Not Acceptable Here” or “Not Found”. From the logs, this is all I can find.

[2020-03-26 21:12:16] NOTICE[2732] res_pjsip_session.c: Call from ‘100’ (TLS:192.1.2.100:28103) to extension ‘+18884699269’ rejected because extension not found in context ‘from-internal’.

I haven’t changed anything, and the context (under Advanced settings in Extensions) is set to “from-internal”. When I run “show dialplans from-internal”, I don’t see my extension. I can see it under “ext-local” context. I’ve tried changing the context in advanced settings, but didn’t help.

OK, so it seems Twilio didn’t have TLS enabled. Could’ve sworn I enabled that already. There’s still a bit of work to do on my end, so I guess I’ll keep at it for now.

After recreating my firewall rule, and doing another fwconsole reload, everything seems to work now.

Glad you figured it out.

Not having TLS set up on both sides is definitely something I have done in the past.

Now that you have TLS working you may want to walk back your extension range and any other changes you made as they should not have caused the calls to fail.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.