Enabling SRTP and SIP TLS

Hi, I have a working fusionPBX install, but I want to enable SRTP and TLS for SIP pn all my extensions. I haven't been able to find a complete explanation of how to do this either in the documentation or here on the forums.

I'm new to FusionPBX, coming from FreePBX, so I'm sorry if this is an elementary question.

Could anyone provide some pointers for how to accomplish this?

Thank you!

vuthy09 said:

Go to Advance -> Variables look for external_ssl_enable and internal_ssl_enable and set to true after that reload sip profile

Click to expand...

Thank you so much! That seems to have successfully enabled TLS for SIP! My phone can now register with TLS! I so much appreciate your help.

However this does not seem to have enabled SRTP. Is there anything else I need to do for making SRTP work?

Thank you so much! I really appreciate you taking the time to help me!

I tried adding in the internal SIP Profile (not the external profile as my trunk provider doesn't support SRTP), but I get this error: [BEARERCAPABILITY_NOTIMPL]. I also made SRTP compulsory in my Yealink phone. I used this phone in the past with SRTP in FreePBX, so I know it's not a phone issue. I can send the full log if that would be useful.

Is changing the SIP Profile alone always supposed to be sufficient to enable SRTP? Because I found these links that indicate I must add this in the dial plan to enable SRTP.

But I don't know where I am supposed to put that code within Dialplan Manager. And if editing the dialplan is not supposed to be necessary to enable SRTP, I'd like to know.

Thank you! so much! I really, really appreciate your time.

Update:
I added rtp_secure_media=mandatory to the internal SIP Profile. When I try to dial an external number, I get call failure [BEARERCAPABILITY_NOTIMPL].

However if I dial *9196 for echo test, I hear myself perfectly and see the SRTP lock symbol on my phone screen indicating session is encrypted.

So it seems that it's partly working, but calls to external numbers don't work.

Any idea how I can rectify this?

Thank you!

I added rtp_secure_media=forbidden to the External SIP profile. After flushing cache, reloading XML, and rebooting, no difference.

Without SRTP, all calls, inbound, outbound, and internal work flawlessly.

With SRTP I can call between internal extensions perfectly, no errors. But outbound calls to external numbers, error out with [BEARERCAPABILITY_NOTIMPL]. Incoming calls from external numbers, go to IVR and process normally until sent to an extension at which point they go direct to voicemail and error out with 'Originate Failed. Cause: INCOMPATIBLE_DESTINATION". (Again, without SRTP -- that is without rtp_secure_media=mandatory in the Internal SIP profile -- I get none of these errors and inbound/outbound calling works perfectly.)

I'm running the server in AWS EC2, and aside from SRTP, everything works perfectly.

I'm using BulkVS for trunking and they state they support both G.711u (PCMU) and G729a. I made sure each phone utilizes PCMU and G729, and in Variables > Codecs > global_codec_prefs and outbound_codec_prefs, I allowed both PCMU and G729. But I still have the same issue.

Any suggestions?