Is there any reason SRTP and TLS are not configured by default?
I've been experimenting with encryption I finally appear to have something working with IncrediblePBX 11.4 and CentOS 6.5
I had to rebuild asterisk with support for srtp.
It would be helpful if srtp was installed and enable in asterisk by default (maybe it is in newer versions?)
Here is a list of commands that were required:
Also, on a related note, it might be helpful if TLS was also enabled by default. Apache installs self signed keys that can be used. On CentOS they are "/etc/pki/tls/certs/localhost.crt" and "/etc/pki/tls/private/localhost.key".
So far I seem to be able to register with TLS and check voicemail using SRTP. Note that if you are using the Media5-fone app you must uncheck the "Enable MKI" option because of an outstanding bug in asterisk (https://issues.asterisk.org/view.php?id=19339)
I've been experimenting with encryption I finally appear to have something working with IncrediblePBX 11.4 and CentOS 6.5
I had to rebuild asterisk with support for srtp.
It would be helpful if srtp was installed and enable in asterisk by default (maybe it is in newer versions?)
Here is a list of commands that were required:
Code:
cd /usr/local/src/
wget https://downloads.sourceforge.net/project/srtp/srtp/1.4.4/srtp-1.4.4.tgz
tar zxvf srtp-1.4.4.tgz
cd /usr/local/src/srtp
./configure CFLAGS=-fPIC
make && make install
cd /usr/src/asterisk*
amportal stop
./configure
make && make install
amportal start
Also, on a related note, it might be helpful if TLS was also enabled by default. Apache installs self signed keys that can be used. On CentOS they are "/etc/pki/tls/certs/localhost.crt" and "/etc/pki/tls/private/localhost.key".
Code:
cat /etc/pki/tls/private/localhost.key > /etc/pki/tls/private/localhost.pem
cat /etc/pki/tls/certs/localhost.crt >> /etc/pki/tls/private/localhost.pem
chmod 0400 /etc/pki/tls/private/localhost.pem
chown asterisk:asterisk /etc/pki/tls/private/localhost.pem
cp /etc/asterisk/sip_general_custom.conf /etc/asterisk/sip_general_custom.conf.bak
echo "tlsenable=yes" >> /etc/asterisk/sip_general_custom.conf
echo "tlscertfile=/etc/pki/tls/private/localhost.pem" >> /etc/asterisk/sip_general_custom.conf
amportal restart
So far I seem to be able to register with TLS and check voicemail using SRTP. Note that if you are using the Media5-fone app you must uncheck the "Enable MKI" option because of an outstanding bug in asterisk (https://issues.asterisk.org/view.php?id=19339)