Asterisk teams configuration: Difference between revisions

From MiRTA PBX documentation
Jump to navigation Jump to search
(Created page with "In the pjsip.conf file for your asterisk server, create a new transport named transporttls and reletad indentify and aor sections. That will be different from your usual transport-tls used for normal PJSIP phones. <pre> [transporttls] type=transport protocol=tls bind=0.0.0.0:5091 cert_file=/etc/opensips/ssl/cert.crt ca_list_file=/etc/opensips/ssl/ca.crt priv_key_file=/etc/opensips/ssl/privkey.crt cipher=ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-A...")
 
No edit summary
Line 48: Line 48:
<pre>
<pre>
./acme.sh --issue --keylength 4096 --standalone -d asterisk.yourdomain.com -d opensips.yourdomain.com -d teams1.yourdomain.com --fullchain-file /etc/opensips/ssl/cert.crt --cert-file /etc/opensips/ssl/ca.crt --key-file /etc/opensips/ssl/privkey.crt --server https://acme-v02.api.letsencrypt.org/directory
./acme.sh --issue --keylength 4096 --standalone -d asterisk.yourdomain.com -d opensips.yourdomain.com -d teams1.yourdomain.com --fullchain-file /etc/opensips/ssl/cert.crt --cert-file /etc/opensips/ssl/ca.crt --key-file /etc/opensips/ssl/privkey.crt --server https://acme-v02.api.letsencrypt.org/directory
</pre>
If you have not yet installed the acme.sh script, you can do using:
<pre>
curl https://get.acme.sh | sh -s email=support@<yourdomain.com>
</pre>
</pre>

Revision as of 21:49, 7 April 2024

In the pjsip.conf file for your asterisk server, create a new transport named transporttls and reletad indentify and aor sections. That will be different from your usual transport-tls used for normal PJSIP phones.

[transporttls]
type=transport
protocol=tls
bind=0.0.0.0:5091
cert_file=/etc/opensips/ssl/cert.crt
ca_list_file=/etc/opensips/ssl/ca.crt
priv_key_file=/etc/opensips/ssl/privkey.crt
cipher=ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-AES128-SHA256,AES256-GCM-SHA384,AES128-GCM-SHA256
method=sslv23
external_media_address = 139.*****.91
external_signaling_address = 139.*****.91

[msteams_trunk_from_teams]
type=endpoint
transport=transporttls
context=msteams
disallow=all
allow=ulaw
aors=aor_msteams_trunk_from_teams
media_encryption=sdes
from_domain=vir-ast-fe-04.*****.net
send_pai=no
rewrite_contact=no
force_rport=no
sdp_owner=-
sdp_session=FullysPBX
allow_transfer=yes
ice_support=no
direct_media=no

[aor_msteams_trunk_from_teams]
type = aor
qualify_frequency=60
contact=sip:sbc.*****.net:5067

[msteams_trunk_from_teams]
type=identify
endpoint = msteams_trunk_from_teams
match = 139.*****.91

The certificate generation is important and must contain all your Teams domains

./acme.sh --issue --keylength 4096 --standalone -d asterisk.yourdomain.com -d opensips.yourdomain.com -d teams1.yourdomain.com --fullchain-file /etc/opensips/ssl/cert.crt --cert-file /etc/opensips/ssl/ca.crt --key-file /etc/opensips/ssl/privkey.crt --server https://acme-v02.api.letsencrypt.org/directory

If you have not yet installed the acme.sh script, you can do using:

curl https://get.acme.sh | sh -s email=support@<yourdomain.com>