Secure Authentication from WAN

I have stood up Asterisk and would like to be able to use my travel ATA (SPA1001) to securely authenticate to the asterisk server from the internet (non LAN side).

There is a SPA 1001 has Subscriber information fields:

  1. Mini certificate
  2. SRTP Private Key

I would like to be able to send the username \ pw securely to the Asterisk server. Are there any examples of configuring Asterisk to do this? My Google search was not successful. If you have experience successfully doing this, please indicate this in the response.

Constructive and actionable responses are highly appreciated. Thank you.

If you want to secure your signaling to Asterisk, you’ll use TLS. I’ve no idea if that device supports TLS transport for SIP signaling.

Thank Malcolm. My SPA3102 device supports TLS SIP Transport:

Does this encrypt the credentials or the voice data?

Thank you.

TLS encrypts the signalling path, which includes the credentials. SRTP encrypts the speech.

Thanks David55. It would seem that unless you change the above setting to TLS with your VOIP provider, then one is sending their username and password unencrypted? I’m hoping that I’m wrong about this, but I hope someone that is using encryption with one of these SPA-ish device will comment.

If they offer MD5 authentication, the password will be hashed with a varying nonce. Asterisk does this.