Example of a working pjsip.conf for Twilio with TLS/SRTP?

Asterisk Asterisk SIP
1

Does anyone have a working example of a Twilio TLS/SRTP connection that could be shared? The Twilio documentation for pjsip doesn’t have a working TLS example. I spent all morning trying to get my server to connect and it keeps saying registration rejected.

; TWILIO ROUTE --------------
[twilio]
type = registration
outbound_auth = twilio
client_uri = sips:pbx@pbx.pstn.twilio.com
server_uri = sips:pbx.pstn.twilio.com
expiration = 600

[twilio]
type = auth
auth_type = userpass
username = user
password = pass

[twilio]
type = aor
contact = sips:pbx.pstn.twilio.com
qualify_frequency = 60

[twilio]
type = endpoint
context = mainroute
allow = !all,ulaw
from_user = pbx
outbound_auth = twilio
aors = twilio
media_encryption=sdes
rewrite_contact=yes
rtp_symmetric=yes

;[twilio]
;type = identify
;endpoint = twilio
;match = pbx.pstn.twilio.com
; -----------------------------------

 <Registration/ServerURI..............................>  <Auth..........>  <Status.......>
==========================================================================================

 twilio/sips:pbx.pstn.twilio.com                      twilio            Rejected

<--- Transmitting SIP response (991 bytes) to UDP:34.226.36.33:5060 --->
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 34.226.36.33:5060;rport=5060;received=34.226.36.33;branch=z9hG4bK92fd.7b47248bfaa806fd7c6b98d0d616238f.0
Via: SIP/2.0/UDP 52.40.141.109:5060;branch=z9hG4bK1000884
Record-Route: <sip:34.226.36.33;lr>
Call-ID: 1502c936-f110fa08-b45fbc6@0.0.0.0
From: <sip:ping@invalid>;tag=uloc-62030df9-23-dbb1b7a1-c9b13e96-ebbf7d45
To: <sip:s@1.2.3.4>;tag=z9hG4bK92fd.7b47248bfaa806fd7c6b98d0d616238f.0
CSeq: 1 OPTIONS
Accept: application/dialog-info+xml, application/xpidf+xml, application/cpim-pidf+xml, application/pidf+xml, application/simple-message-summary, application/simple-message-summary, application/pidf+xml, application/dialog-info+xml, application/sdp, message/sipfrag;version=2.0
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub
Accept-Encoding: identity
Accept-Language: en
Server: Asterisk PBX 19.4.0
Content-Length:  0


<--- Transmitting SIP request (594 bytes) to TLS:54.172.60.1:5061 --->
REGISTER sips:pbx.pstn.twilio.com SIP/2.0
Via: SIP/2.0/TLS 1.2.3.4:5061;rport;branch=z9hG4bKPjd53e4c95-7218-4b6a-978d-98a7c3932808;alias
From: <sips:pbx@pbx.pstn.twilio.com>;tag=e878992a-f4c1-45d4-b585-12211a592a08
To: <sips:pbx@pbx.pstn.twilio.com>
Call-ID: 93f12e66-4c72-4123-ad20-3336d4c9f90a
CSeq: 62112 REGISTER
Contact: <sips:s@1.2.3.4:5061;transport=TLS>
Expires: 600
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Max-Forwards: 70
User-Agent: Asterisk PBX 19.4.0
Content-Length:  0
2

You haven’t specified a TLS transport, and the extract does not include one.

3

A couple of things look inconsistent. The initial response refers to port 5060, while your (later?) registration attempt uses 5061. You probably need to look a the transport section. I also wonder why you have commented out the identify section.

That said, Twilio has configuration guides for Asterisk/pjsip.

4

Thanks - Do I still need to specify “transport = transport-tls” if I specify “sips” as the protocol" In any case, I made the following adjustments but still not working. The Twilio documentation has examples but none for TLS, in any case it almost exactly matches my configuration. So not sure what’s going on.

; TWILIO ROUTE --------------
[twilio]
type = registration
outbound_auth = twilio
client_uri = sips:pbx@pbx.pstn.twilio.com:5061
server_uri = sips:pbx.pstn.twilio.com:5061
expiration = 600

[twilio]
type = auth
auth_type = userpass
username = user
password = pass

[twilio]
type = aor
contact = sips:pbx.pstn.twilio.com:5061
qualify_frequency = 60

[twilio]
type = endpoint
transport = transport-tls
context = mainroute
allow = !all,ulaw
from_user = pbx
outbound_auth = twilio
aors = twilio
media_encryption=sdes
rewrite_contact=yes
rtp_symmetric=yes

[twilio]
type = identify
endpoint = twilio
match = pbx.pstn.twilio.com
; -----------------------------------

REGISTER sips:pbx.pstn.twilio.com:5061 SIP/2.0
Via: SIP/2.0/TLS 1.2.3.4:5061;rport;branch=z9hG4bKPj1506c39a-e64a-4d76-97a1-220cfadc46b6;alias
From: <sips:pbx@pbx.pstn.twilio.com>;tag=d2bdef11-8541-4983-8a53-3ba29ae55aec
To: <sips:pbx@pbx.pstn.twilio.com>
Call-ID: 24731463-24cb-407e-b775-bfe375f2e270
CSeq: 64302 REGISTER
Contact: <sips:s@1.2.3.4:5061;transport=TLS>
Expires: 600
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Max-Forwards: 70
User-Agent: Asterisk PBX 19.4.0
Content-Length:  0

<--- Received SIP response (416 bytes) from TLS:54.172.60.2:5061 --->
SIP/2.0 200 OK
Via: SIP/2.0/TLS 1.2.3.4:5061;rport=36335;branch=z9hG4bKPj20a452a3-b4be-421b-9184-bc6d081a6e12;alias;received=1.2.3.4
From: <sip:pbx@1.2.3.4>;tag=76ebe59f-3f5e-485a-8494-8edfdb039c4f
To: <sips:pbx.pstn.twilio.com>;tag=0b91719d19ced0efc736a6dd0f485d58.4fd50a91
Call-ID: 2b987f26-7ec3-4853-8cf9-40bc629c8429
CSeq: 35739 OPTIONS
Server: Twilio Gateway
Content-Length: 0
6

I believe the answer to that is: yes, and in every section that uses TLS. You also need to define the transport, as TLS isn’t very secure unconfigued, so I doubt that there is a default TLS transport.

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.