Difference between revisions of "M4 TLS"
(One intermediate revision by the same user not shown) | |||
Line 7: | Line 7: | ||
<br/> | <br/> | ||
==Generating a self-signed | ==Generating a private key and self-signed certificate== | ||
To generate a self-signed | To generate a private key and self-signed certificate, execute the following commands on Kamailio server: | ||
cd /usr/src/kamailio/src/modules/tls | cd /usr/src/kamailio/src/modules/tls | ||
Line 25: | Line 25: | ||
kamailio_tls_private_key = /path/to/private.key | kamailio_tls_private_key = /path/to/private.key | ||
kamailio_tls_certificate = /path/to/certificate.crt | kamailio_tls_certificate = /path/to/certificate.crt | ||
kamailio_tls_method = TLSv1. | kamailio_tls_method = TLSv1.2+ | ||
''If these settings are not present in /etc/m2/system.conf, add them manually.'' | ''If these settings are not present in /etc/m2/system.conf, add them manually.'' | ||
Line 40: | Line 40: | ||
* TLSv1.2+ - TLSv1.2 or newer (TLSv1.3, ...) connections are accepted. | * TLSv1.2+ - TLSv1.2 or newer (TLSv1.3, ...) connections are accepted. | ||
* TLSv1.2 - only TLSv1.2 connections are accepted. | * TLSv1.2 - only TLSv1.2 connections are accepted. | ||
<br/> | <br/> |
Latest revision as of 17:35, 11 December 2024
Description
M4 supports TLS connections to encrypt signaling (SIP) traffic. To enable this feature, you need to configure Kamailio with a valid private key and certificate.
By default, TLS connections are established on port 5061. This guide will walk you through the process of configuring TLS for your M4 server.
Setup
To use TLS, a private key and certificate must be set up on the server side (M4 server) where Kamailio is running.
Generating a private key and self-signed certificate
To generate a private key and self-signed certificate, execute the following commands on Kamailio server:
cd /usr/src/kamailio/src/modules/tls make install-tls-cert
This will install a private key and certificate in:
/usr/local/etc/kamailio/kamailio-selfsigned.key /usr/local/etc/kamailio/kamailio-selfsigned.pem
Kamailio configuration
TLS settings for Kamailio are defined in /etc/m2/system.conf
# Kamailio TLS settings kamailio_tls_enabled = 0 kamailio_tls_private_key = /path/to/private.key kamailio_tls_certificate = /path/to/certificate.crt kamailio_tls_method = TLSv1.2+
If these settings are not present in /etc/m2/system.conf, add them manually.
- kamailio_tls_enabled - should TLS be enabled in Kamailio? 1 - yes, 0 - no.
- kamailio_tls_private_key - path to private key.
- kamailio_tls_certificate - path to certificate.
- kamailio_tls_method - TLS method (see possible values below).
TLS methods:
- TLSv1.3+ - TLSv1.3 or newer (TLSv1.3, ...) connections are accepted.
- TLSv1.3 - only TLSv1.3 connections are accepted.
- TLSv1.2+ - TLSv1.2 or newer (TLSv1.3, ...) connections are accepted.
- TLSv1.2 - only TLSv1.2 connections are accepted.
After TLS settings are configured in /etc/m2/system.conf, run Kamailio configure script:
/usr/src/m4/kamailio/kamailio_cfg_update.sh
Kamailio restart is required after changing these settings:
systemctl restart kamailio
Allowing TLS connections
To allow TLS connections for specific Origination Point, enable TLS transport protocol in Origination Point Authentication settings (advanced authentication settings).
Sending TLS calls
To send calls using TLS transport protocol, set TLS in Termination Point Signaling settings.