Manualshelf

System information

ManualsBrandsATech Machine ManualsComputer equipmentLIBRA-02 M
181182183184185186187188189190
-- Executing [1234@incoming:1] Answer("SIP/serverA-00000000", "") in new stack
-- Executing [1234@incoming:2] GotoIf("SIP/serverA-00000000",
"1?secure:insecure") in new stack
-- Goto (incoming,1234,3)
-- Executing [1234@incoming:3] NoOp("SIP/serverA-00000000",
"Signaling is encrypted.") in new stack
-- Executing [1234@incoming:4] Hangup("SIP/serverA-00000000", "") in new stack
Now that SIP TLS has been set up for calls between serverA and serverB, we will set
up SRTP so that the media streams associated with the call are encrypted as well.
Luckily, it is quite easy to configure, compared to what was required to get SIP TLS
working. First, make sure that you have the res_srtp module loaded in Asterisk:
*CLI> module show like res_srtp.so
Module Description Use Count
res_srtp.so Secure RTP (SRTP) 0
1 modules loaded
To enable SRTP, set the CHANNEL(secure_bridge_media) function to 1:
[default]
exten => 1234,1,Set(CHANNEL(secure_bridge_signaling)=1)
same => n,Set(CHANNEL(secure_bridge_media)=1)
same => n,Dial(SIP/1234@serverB)
This indicates that encrypted media is required for an outbound call. When the call is
sent out via SIP, Asterisk will require that SRTP be used, or the call will fail.
With all of these tools in place, you can ensure that calls between two Asterisk servers
are fully encrypted. The same techniques should be applied for encrypting calls between
Asterisk and a SIP phone.
The dialplan functions provide a mechanism for verifying the encryption status of an
incoming call and forcing encryption on an outgoing call. However, keep in mind that
these tools only provide the means for controlling encryption for one hop of the call
path. If the call goes through multiple servers, these tools do not guarantee that the call
is encrypted through the entire call path. It is important to carefully consider what your
requirements are for secure calls and take all of the necessary steps to ensure that those
requirements are respected throughout the entire call path. Security is complicated,
hard work.
Configuring IAX trunks between Asterisk systems
The Inter-Asterisk eXchange protocol, version 2 (most commonly known as IAX
*
) is
Asterisk’s own VoIP protocol. It is different from SIP in that the signaling and media
are carried in the same connection. This difference is one of the advantages of the IAX
protocol, as it makes getting IAX to work across NAT connections much simpler.
* Pronounced “eeks.”
VoIP | 153