Asterisk teams configuration
Jump to navigation
Jump to search
In the pjsip.conf file for your asterisk server, create a new transport named transporttls and reletad indentify and aor sections. That will be different from your usual transport-tls used for normal PJSIP phones.
[transporttls] type=transport protocol=tls bind=0.0.0.0:5091 cert_file=/etc/opensips/ssl/cert.crt ca_list_file=/etc/opensips/ssl/ca.crt priv_key_file=/etc/opensips/ssl/privkey.crt cipher=ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-AES128-SHA256,AES256-GCM-SHA384,AES128-GCM-SHA256 method=sslv23 external_media_address = 139.*****.91 external_signaling_address = 139.*****.91 [msteams_trunk_from_teams] type=endpoint transport=transporttls context=msteams disallow=all allow=ulaw aors=aor_msteams_trunk_from_teams media_encryption=sdes from_domain=vir-ast-fe-04.*****.net send_pai=no rewrite_contact=no force_rport=no sdp_owner=- sdp_session=FullysPBX allow_transfer=yes ice_support=no direct_media=no [aor_msteams_trunk_from_teams] type = aor qualify_frequency=60 contact=sip:sbc.*****.net:5067 [msteams_trunk_from_teams] type=identify endpoint = msteams_trunk_from_teams match = 139.*****.91
Then you need to modify your sorcery.conf as following:
[res_pjsip] endpoint=realtime,ps_endpoints endpoint=config,pjsip.conf,criteria=type=endpoint auth=realtime,ps_auths aor=realtime,ps_aors aor=config,pjsip.conf,criteria=type=aor domain_alias=realtime,ps_domain_aliases contact=realtime,ps_contacts [res_pjsip_endpoint_identifier_ip] identify=realtime,ps_endpoint_id_ips identify=config,pjsip.conf,criteria=type=identify [res_pjsip_publish_asterisk] asterisk-publication=realtime,ps_asterisk_publications [res_pjsip_outbound_publish] outbound-publish=realtime,ps_outbound_publishes [res_pjsip_pubsub] inbound-publication=realtime,ps_inbound_publications
The certificate generation is important and must contain all your Teams domains
./acme.sh --issue --keylength 4096 --standalone -d asterisk.yourdomain.com -d opensips.yourdomain.com -d teams1.yourdomain.com --fullchain-file /etc/opensips/ssl/cert.crt --cert-file /etc/opensips/ssl/ca.crt --key-file /etc/opensips/ssl/privkey.crt --server https://acme-v02.api.letsencrypt.org/directory
If you have not yet installed the acme.sh script, you can do using:
curl https://get.acme.sh | sh -s email=support@<yourdomain.com>