Well my week of fun is coming to a close, finally have everything working over tls with media encryption.
So for anyone following along, there were two configuration omissions on the Twilio guide that needed to be addressed.
The “no matching endpoint” was rectified with these additions (would go under the “trunk_defaults” on the twilio config:
identify/match=54.172.60.0/30
identify/match=54.172.51.0/30
identify/match=34.203.250.0/23
identify/match=168.86.128.0/18
Or as it is in my config:
[twilio0-ident]
type=identify
endpoint=twilio0
match=54.172.60.0/30
match=54.172.51.0/30
match=34.203.250.0/23
match=168.86.128.0/18
I don’t really understand why these were needed just enabling encryption, but they were.
Once I got that sorted out after using the new pjsip config, I needed to enable media encryption on the extension endpoints and set the transport to tls with these additions:
For endpoints/template:
transport=transport-tls-nat
media_encryption = sdes
for the stock Twilio guide these would need to be added to the “user_defaults” section in the wizard file:
endpoint/transport=0.0.0.0-tls
endpoint/media_encryption = sdes
Big Thanks to David for the sanity checks on this learning exercise!
Happy SIPing!