Asterisk teams configuration

From MiRTA PBX documentation
Jump to navigation Jump to search

In the pjsip.conf file for your asterisk server, create a new transport named transporttls and reletad indentify and aor sections. That will be different from your usual transport-tls used for normal PJSIP phones.

[transporttls]
type=transport
protocol=tls
bind=0.0.0.0:5091
cert_file=/etc/opensips/ssl/cert.crt
ca_list_file=/etc/opensips/ssl/ca.crt
priv_key_file=/etc/opensips/ssl/privkey.crt
cipher=ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-AES128-SHA256,AES256-GCM-SHA384,AES128-GCM-SHA256
method=sslv23
external_media_address = 139.*****.91
external_signaling_address = 139.*****.91

[msteams_trunk_from_teams]
type=endpoint
transport=transporttls
context=msteams
disallow=all
allow=ulaw
aors=aor_msteams_trunk_from_teams
media_encryption=sdes
from_domain=vir-ast-fe-04.*****.net
send_pai=no
rewrite_contact=no
force_rport=no
sdp_owner=-
sdp_session=FullysPBX
allow_transfer=yes
ice_support=no
direct_media=no

[aor_msteams_trunk_from_teams]
type = aor
qualify_frequency=60
contact=sip:sbc.*****.net:5067

[msteams_trunk_from_teams]
type=identify
endpoint = msteams_trunk_from_teams
match = 139.*****.91

Then you need to modify your sorcery.conf as following:

[res_pjsip]
endpoint=realtime,ps_endpoints
endpoint=config,pjsip.conf,criteria=type=endpoint

auth=realtime,ps_auths

aor=realtime,ps_aors
aor=config,pjsip.conf,criteria=type=aor

domain_alias=realtime,ps_domain_aliases

contact=realtime,ps_contacts

[res_pjsip_endpoint_identifier_ip]
identify=realtime,ps_endpoint_id_ips
identify=config,pjsip.conf,criteria=type=identify
 
[res_pjsip_publish_asterisk]
asterisk-publication=realtime,ps_asterisk_publications

[res_pjsip_outbound_publish]
outbound-publish=realtime,ps_outbound_publishes
 
[res_pjsip_pubsub]
inbound-publication=realtime,ps_inbound_publications

The certificate generation is important and must contain all your Teams domains

./acme.sh --issue --keylength 4096 --standalone -d asterisk.yourdomain.com -d opensips.yourdomain.com -d teams1.yourdomain.com --fullchain-file /etc/opensips/ssl/cert.crt --cert-file /etc/opensips/ssl/ca.crt --key-file /etc/opensips/ssl/privkey.crt --server https://acme-v02.api.letsencrypt.org/directory

If you have not yet installed the acme.sh script, you can do using:

curl https://get.acme.sh | sh -s email=support@<yourdomain.com>