M4 TLS

From Kolmisoft Wiki
Jump to navigationJump to search

Description

M4 supports TLS connections to encrypt signaling (SIP) traffic. To enable this feature, you need to configure Kamailio with a valid private key and certificate.
By default, TLS connections are established on port 5061. This guide will walk you through the process of configuring TLS for your M4 server.

Setup

To use TLS, a private key and certificate must be set up on the server side (M4 server) where Kamailio is running.

Generating a self-signed private key and certificate

To generate a self-signed private key and certificate, execute the following commands on Kamailio server: 

cd /usr/src/kamailio/src/modules/tls
make install-tls-cert

This will install a private key and certificate in: 

/usr/local/etc/kamailio/kamailio-selfsigned.key
/usr/local/etc/kamailio/kamailio-selfsigned.pem

Kamailio configuration

TLS settings for Kamailio are defined in /etc/m2/system.conf 

# Kamailio TLS settings
kamailio_tls_enabled = 0
kamailio_tls_private_key = /path/to/private.key
kamailio_tls_certificate = /path/to/certificate.crt
kamailio_tls_method = TLSv1.1+

If these settings are not present in /etc/m2/system.conf, add them manually.

  • kamailio_tls_enabled - should TLS be enabled in Kamailio? 1 - yes, 0 - no.
  • kamailio_tls_private_key - path to private key.
  • kamailio_tls_certificate - path to certificate.
  • kamailio_tls_method - TLS method (see possible values below).

TLS methods:

  • TLSv1.3+ - TLSv1.3 or newer (TLSv1.3, ...) connections are accepted.
  • TLSv1.3 - only TLSv1.3 connections are accepted.
  • TLSv1.2+ - TLSv1.2 or newer (TLSv1.3, ...) connections are accepted.
  • TLSv1.2 - only TLSv1.2 connections are accepted.
  • TLSv1.1+ - TLSv1.1 or newer (TLSv1.2, ...) connections are accepted.
  • TLSv1.1 - only TLSv1.1 connections are accepted.
  • TLSv1+ - TLSv1.0 or newer (TLSv1.1, TLSv1.2, ...) connections are accepted.
  • TLSv1 - only TLSv1 (TLSv1.0) connections are accepted.


After TLS settings are configured in /etc/m2/system.conf, run Kamailio configure script: 

/usr/src/m4/kamailio/kamailio_cfg_update.sh

Kamailio restart is required after changing these settings: 

systemctl restart kamailio

Allowing TLS connections

To allow TLS connections for specific Origination Point, enable TLS transport protocol in Origination Point Authentication settings (advanced authentication settings).

Op tls.png

Sending TLS calls

To send calls using TLS transport protocol, set TLS in Termination Point Signaling settings.

TODO

Retrieved from "https://wiki.kolmisoft.com/index.php?title=M4_TLS&oldid=29901"