Cloud Hosted FreePBX (Public IP)
I have recently switched over and started using a different provider (Voyant -> Twilio) because they are discontinuing their SIP trunking services. I also wanted to implement secure trunking, which has worked, no problem. So it seems I can accomplish TLS/SRTP from server to provider. But I am having difficulty accomplishing the same from server to endpoints, which are all Yealink T48S phones. Currently they will register and work fine using UDP 5060. My test phone seems to register just fine via TLS, but SRTP won’t negotiate and connect. So even when I try *60 from the phone, I get “call failed, Not acceptable here”. I need to know what I am doing wrong, hopefully a second pair of eyes or two can identify what I’m missing.
Asterisk SIP Settings:
- Valid and active LE Certificate selected
- Verify Client / Server = No
- UDP - 5060 - Enabled
- TLS - 5061 - Enabled
(Asterisk has been fully stopped and restarted in CLI when those above settings were originally adjusted.)
I only have ulaw codec selected.
Underneath my test user I have the following set:
- Transport: 0.0.0.0-tls
- Media Encryption: SRTP via in-SDP
- Allow Non-Encrypted Media: No
Settings on the Yealink Phone:
- Sip Server: Pointing to my cloud FQDN
- Sip Server Port: 5061
- Sip Server Transport: TLS
- Advanced -> RTP Encryption (SRTP): Compulsory
- Security -> Trusted Certificates -> Only Accept Trusted Certificates: Disabled (For the sake of troubleshooting)
Turning off the media encryption for the user and in the Yealink phone, calls will work just fine. But they fail as soon as I enable. Anyone have any ideas?