Difference between revisions of "M4 TLS"
Line 46: | Line 46: | ||
<br/> | <br/> | ||
After TLS settings are configured in /etc/m2/system.conf, run Kamailio configure script: | After TLS settings are configured in '''/etc/m2/system.conf''', run Kamailio configure script: | ||
/usr/src/m4/kamailio/kamailio_cfg_update.sh | /usr/src/m4/kamailio/kamailio_cfg_update.sh |
Revision as of 17:35, 9 December 2024
Description
M4 supports TLS connections to encrypt signaling (SIP) traffic. To enable this feature, you need to configure Kamailio with a valid private key and certificate.
By default, TLS connections are established on port 5061. This guide will walk you through the process of configuring TLS for your M4 server.
Setup
To use TLS, a private key and certificate must be set up on the server side (M4 server) where Kamailio is running.
Generating a self-signed private key and certificate
To generate a self-signed private key and certificate, execute the following commands on Kamailio server:
cd /usr/src/kamailio/src/modules/tls make install-tls-cert
This will install a private key and certificate in:
/usr/local/etc/kamailio/kamailio-selfsigned.key /usr/local/etc/kamailio/kamailio-selfsigned.pem
Kamailio configuration
TLS settings for Kamailio are defined in /etc/m2/system.conf
# Kamailio TLS settings kamailio_tls_enabled = 0 kamailio_tls_private_key = /path/to/private.key kamailio_tls_certificate = /path/to/certificate.crt kamailio_tls_method = TLSv1.1+
If these settings are not present in /etc/m2/system.conf, add them manually.
- kamailio_tls_enabled - should TLS be enabled in Kamailio? 1 - yes, 0 - no.
- kamailio_tls_private_key - path to private key.
- kamailio_tls_certificate - path to certificate.
- kamailio_tls_method - TLS method (see possible values below).
TLS methods:
- TLSv1.3+ - TLSv1.3 or newer (TLSv1.3, ...) connections are accepted.
- TLSv1.3 - only TLSv1.3 connections are accepted.
- TLSv1.2+ - TLSv1.2 or newer (TLSv1.3, ...) connections are accepted.
- TLSv1.2 - only TLSv1.2 connections are accepted.
- TLSv1.1+ - TLSv1.1 or newer (TLSv1.2, ...) connections are accepted.
- TLSv1.1 - only TLSv1.1 connections are accepted.
- TLSv1+ - TLSv1.0 or newer (TLSv1.1, TLSv1.2, ...) connections are accepted.
- TLSv1 - only TLSv1 (TLSv1.0) connections are accepted.
After TLS settings are configured in /etc/m2/system.conf, run Kamailio configure script:
/usr/src/m4/kamailio/kamailio_cfg_update.sh
Kamailio restart is required after changing these settings:
systemctl restart kamailio
Allowing TLS connections
To allow TLS connections for specific Origination Point, enable TLS transport protocol in Origination Point Authentication settings (advanced authentication settings).
Sending TLS calls
To send calls using TLS transport protocol, set TLS in Termination Point Signaling settings.