[asterisk-users] TLS and NAT
Steve Matzura
sm at noisynotes.com
Sun Apr 9 12:55:13 CDT 2023
Thanks, Michael. A few questions:
Is [transport_name] a reserved word, or am I supposed to replace it with
a name of my own, like '[did-transport]'?
Some of the keywords I haven't seen before. Is ca_list_file supposed to
be an aggregate of the public and private key? And what are the
'method,' 'tos' and 'cos' keywords, which are commented out in your
instructions?
Otherwise, the rest is quite clear.
On 4/8/2023 12:35 PM, Michael Maier wrote:
> Hello Steve,
>
> use the following configuration for the transport and bind this
> transport to the trunk:
>
> [transport_name]
> type=transport
> protocol=tls
> bind=192.168.13.24 ; your bind IP
> ca_list_file=/etc/pki/tls/certs/ca-bundle.crt
> ; method=tlsv1_2
> verify_server=yes
> allow_reload=no
> ;tos=0xb8
> ;cos=3
> external_media_address=your.ext.host.name ; hostname pointing to your
> ext. IP
> external_signaling_address=your.ext.host.name ; hostname pointing to
> your ext. IP
> local_net=192.168.0.0/24 # your local net
>
>
> Regards
> Michael
>
> On 07.04.23 at 17:25 Steve Matzura wrote:
>> I want to configure communication with my phone provider using TLS
>> for all the obvious reasons. Since I'm behind a firewall, I'll be
>> needing to do it with NAT. There are examples of UDP plus NAT in
>> pjsip.conf, but none for TLS plus NAT. Would it be correct to set up
>> the TLS transport stanza to look like the [transport-udp-nat] stanza
>> example, replacing UDP with TLS in lines like 'transport=tls' and
>> 'protocol=tls', and including the lines for local_net,
>> external_media_address and external_signaling_address?
>>
>
More information about the asterisk-users
mailing list