Asterisk teams configuration: Difference between revisions
Jump to navigation
Jump to search
(Created page with "In the pjsip.conf file for your asterisk server, create a new transport named transporttls and reletad indentify and aor sections. That will be different from your usual transport-tls used for normal PJSIP phones. <pre> [transporttls] type=transport protocol=tls bind=0.0.0.0:5091 cert_file=/etc/opensips/ssl/cert.crt ca_list_file=/etc/opensips/ssl/ca.crt priv_key_file=/etc/opensips/ssl/privkey.crt cipher=ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-A...") |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 41: | Line 41: | ||
endpoint = msteams_trunk_from_teams | endpoint = msteams_trunk_from_teams | ||
match = 139.*****.91 | match = 139.*****.91 | ||
</pre> | |||
Then you need to modify your sorcery.conf as following: | |||
<pre> | |||
[res_pjsip] | |||
endpoint=realtime,ps_endpoints | |||
endpoint=config,pjsip.conf,criteria=type=endpoint | |||
auth=realtime,ps_auths | |||
aor=realtime,ps_aors | |||
aor=config,pjsip.conf,criteria=type=aor | |||
domain_alias=realtime,ps_domain_aliases | |||
contact=realtime,ps_contacts | |||
[res_pjsip_endpoint_identifier_ip] | |||
identify=realtime,ps_endpoint_id_ips | |||
identify=config,pjsip.conf,criteria=type=identify | |||
[res_pjsip_publish_asterisk] | |||
asterisk-publication=realtime,ps_asterisk_publications | |||
[res_pjsip_outbound_publish] | |||
outbound-publish=realtime,ps_outbound_publishes | |||
[res_pjsip_pubsub] | |||
inbound-publication=realtime,ps_inbound_publications | |||
</pre> | </pre> | ||
Line 48: | Line 79: | ||
<pre> | <pre> | ||
./acme.sh --issue --keylength 4096 --standalone -d asterisk.yourdomain.com -d opensips.yourdomain.com -d teams1.yourdomain.com --fullchain-file /etc/opensips/ssl/cert.crt --cert-file /etc/opensips/ssl/ca.crt --key-file /etc/opensips/ssl/privkey.crt --server https://acme-v02.api.letsencrypt.org/directory | ./acme.sh --issue --keylength 4096 --standalone -d asterisk.yourdomain.com -d opensips.yourdomain.com -d teams1.yourdomain.com --fullchain-file /etc/opensips/ssl/cert.crt --cert-file /etc/opensips/ssl/ca.crt --key-file /etc/opensips/ssl/privkey.crt --server https://acme-v02.api.letsencrypt.org/directory | ||
</pre> | |||
If you have not yet installed the acme.sh script, you can do using: | |||
<pre> | |||
curl https://get.acme.sh | sh -s email=support@<yourdomain.com> | |||
</pre> | </pre> |
Latest revision as of 12:25, 29 May 2024
In the pjsip.conf file for your asterisk server, create a new transport named transporttls and reletad indentify and aor sections. That will be different from your usual transport-tls used for normal PJSIP phones.
[transporttls] type=transport protocol=tls bind=0.0.0.0:5091 cert_file=/etc/opensips/ssl/cert.crt ca_list_file=/etc/opensips/ssl/ca.crt priv_key_file=/etc/opensips/ssl/privkey.crt cipher=ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-AES128-SHA256,AES256-GCM-SHA384,AES128-GCM-SHA256 method=sslv23 external_media_address = 139.*****.91 external_signaling_address = 139.*****.91 [msteams_trunk_from_teams] type=endpoint transport=transporttls context=msteams disallow=all allow=ulaw aors=aor_msteams_trunk_from_teams media_encryption=sdes from_domain=vir-ast-fe-04.*****.net send_pai=no rewrite_contact=no force_rport=no sdp_owner=- sdp_session=FullysPBX allow_transfer=yes ice_support=no direct_media=no [aor_msteams_trunk_from_teams] type = aor qualify_frequency=60 contact=sip:sbc.*****.net:5067 [msteams_trunk_from_teams] type=identify endpoint = msteams_trunk_from_teams match = 139.*****.91
Then you need to modify your sorcery.conf as following:
[res_pjsip] endpoint=realtime,ps_endpoints endpoint=config,pjsip.conf,criteria=type=endpoint auth=realtime,ps_auths aor=realtime,ps_aors aor=config,pjsip.conf,criteria=type=aor domain_alias=realtime,ps_domain_aliases contact=realtime,ps_contacts [res_pjsip_endpoint_identifier_ip] identify=realtime,ps_endpoint_id_ips identify=config,pjsip.conf,criteria=type=identify [res_pjsip_publish_asterisk] asterisk-publication=realtime,ps_asterisk_publications [res_pjsip_outbound_publish] outbound-publish=realtime,ps_outbound_publishes [res_pjsip_pubsub] inbound-publication=realtime,ps_inbound_publications
The certificate generation is important and must contain all your Teams domains
./acme.sh --issue --keylength 4096 --standalone -d asterisk.yourdomain.com -d opensips.yourdomain.com -d teams1.yourdomain.com --fullchain-file /etc/opensips/ssl/cert.crt --cert-file /etc/opensips/ssl/ca.crt --key-file /etc/opensips/ssl/privkey.crt --server https://acme-v02.api.letsencrypt.org/directory
If you have not yet installed the acme.sh script, you can do using:
curl https://get.acme.sh | sh -s email=support@<yourdomain.com>