TLS only on the trunk?

Is it possible to only use TLS on the sip trunk and not between the Asterisk server and the LAN phones?

Yes, if you re using PJSIP this is dealed using transport section

Only on pjsip huh? Not on regular chansip?

chan_sip does not have the transport feature, you just need to create unencrypted devices for local Lan devices

Aww, well I use the USECALLMANAGER patch ( for my Cisco phones and I don’t think he’s coded that for pjsip yet. Getting TLS working on them is a pain, and I don’t really care to encrypt on my LAN.

If I have understood your query well then yes you can set transport=tls only on your trunk and use transport=udp or tcp on endpoint which is in LAN.
Asterisk is B2BUA so it should convert encrypted traffic from trunk to non-encrypted for your endpoint in LAN.

This should work for regular chan_sip as well, or only pjsip?

Both chan_sip and chan_pjsip behave the same way. Call legs are independent. One can be TLS, the other UDP or TCP.

Ok my asterisk was saying it was rejecting RTP traffic because it wasn’t encrypted and my voip provider was saying it was because I wasn’t using SRTP internally on my config. I kind of thought that was a bogus answer.

bah, libsrt installed but it needed libsrt-devel

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.