[asterisk-users] TLS and NAT

[Michael Maier]

On 09.04.23 at 19:55 Steve Matzura wrote:
> Thanks, Michael. A few questions:
> 
> 
> Is [transport_name] a reserved word, or am I supposed to replace it with a name of 
> my own, like '[did-transport]'?

Yes. You are free.

> Some of the keywords I haven't seen before. Is ca_list_file supposed to be an 
> aggregate of the public and private key?

ca_list_file is the list of all CAs the server should accept as valid (these are 
public keys - no private keys) like Let's encrypt e.g..

> And what are the 'method,' 'tos' and 
> 'cos' keywords, which are commented out in your instructions?

Take a look here: 
https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample

Search for "tos=0"


Regards,
Michael

> Otherwise, the rest is quite clear.
> 
> 
> On 4/8/2023 12:35 PM, Michael Maier wrote:
>> Hello Steve,
>>
>> use the following configuration for the transport and bind this transport to the 
>> trunk:
>>
>> [transport_name]
>> type=transport
>> protocol=tls
>> bind=192.168.13.24 ; your bind IP
>> ca_list_file=/etc/pki/tls/certs/ca-bundle.crt
>> ; method=tlsv1_2
>> verify_server=yes
>> allow_reload=no
>> ;tos=0xb8
>> ;cos=3
>> external_media_address=your.ext.host.name ; hostname pointing to your ext. IP
>> external_signaling_address=your.ext.host.name ; hostname pointing to your ext. IP
>> local_net=192.168.0.0/24 # your local net
>>
>>
>> Regards
>> Michael
>>
>> On 07.04.23 at 17:25 Steve Matzura wrote:
>>> I want to configure communication with my phone provider using TLS for all the 
>>> obvious reasons. Since I'm behind a firewall, I'll be needing to do it with 
>>> NAT. There are examples of UDP plus NAT in pjsip.conf, but none for TLS plus 
>>> NAT. Would it be correct to set up the TLS transport stanza to look like the 
>>> [transport-udp-nat] stanza example, replacing UDP with TLS in lines like 
>>> 'transport=tls' and 'protocol=tls', and including the lines for local_net, 
>>> external_media_address and external_signaling_address?
>>>
>>
>