Using EPM with Yealink and TLS/SRTP

I don’t know if this is a long standing issue or a recent regression, but this ticket is marked as resolved:

EPM provisioning of Yealink endpoints with TLS/SRTP.

So many issues/questions… Like everything dealing with a Commercial module ticket (even when it was not a FREEI ticket)…
How was it implemented. @kgupta1 posted no examples on the ticket. You posted nothing here.

Does EPM now force TLS/SRTP on each extension? Is it an option when I map the extension in EPM?

Do I just update a site and randomly have to guess?

EPM will use the transport and encryption that is set on the Advanced tab when you define the extension. If the extension has TLS set for transport, then EPM should config the phone to use TLS, otherwise no device will register. Likewise if media encryption is set for the extension, then EPM needs to provision the device with matching encryption params. If everything is left to defaults, with transport set to auto, then UDP transport with no media encryption is used.

One of the points of pjsip is to allow multiple contacts. Yet not all endpoints can use TLS as created by FreePBX’s implmentation of the ACME protocol.

So that means if I leave transport on auto I can have an endpoint connect with either UDP or TLS.

Additionally, if I set media encryption as stated.

There is an entirely separate option for requiring it or letting it be opportunistic.
And this option is ONLY POSSIBLE is media encryption is not “none”…

This change is a mess. This functionality should have been made in the endpoint mapping section.

1 Like

This is not working for me.

I have a hosted test environment FreePBX on Vultr with commercial SysAdmin Pro and Endpoint Manager modules. All latest updates installed.

I have S705, D65 and DECT DC201 all running great HTTPS provisioning with TLS/SRTP. Support was logged into this install 2 weeks ago helping with diagnosing TLS issue with Digium phones which they found the problem and updated the Wiki for TLS/SRTP setup…So I know all my TLS and HTTPS setup is correct. Im running a LE cert.

I am testing with a Yealink T46S today and when I set Extension transport to auto, log into the Yealink WebGUI and set Auto Provision server to (2443 is my HTTPS provisioning port) it provisions no problem and works great…

When I change transport to TLS and Media to SRTP for this same extension, default the phone, upon reboot log into Yealink WebGUI and set auto provision server to it pulls the config, the phone reboots, but the extension will not register… Switch Transport back to Auto in Extension and it registers right away.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.