ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Hosted Freepbx TLS

    IT Discussion
    2
    10
    662
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • CloudKnightC
      CloudKnight
      last edited by

      Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

      JaredBuschJ 1 Reply Last reply Reply Quote 1
      • JaredBuschJ
        JaredBusch @CloudKnight
        last edited by

        @stuartjordan said in Hosted Freepbx TLS:

        Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

        TLS for the SIP and SRTP is you want for the audio.

        You have to be careful of LE certs with Yealink phones though.

        JaredBuschJ CloudKnightC 2 Replies Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch @JaredBusch
          last edited by

          @jaredbusch said in Hosted Freepbx TLS:

          @stuartjordan said in Hosted Freepbx TLS:

          Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

          TLS for the SIP

          Note, you ALWAYS want TLS on the SIP or else your extension credentials are flying out unencrypted every time the phone registers.

          CloudKnightC 1 Reply Last reply Reply Quote 1
          • CloudKnightC
            CloudKnight @JaredBusch
            last edited by

            @jaredbusch said in Hosted Freepbx TLS:

            @stuartjordan said in Hosted Freepbx TLS:

            Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

            TLS for the SIP and SRTP is you want for the audio.

            You have to be careful of LE certs with Yealink phones though.

            Hi Jared, What issue is there using Letsencypt with these phones? I've created a new letsencypt certificate and currently using that.

            JaredBuschJ 1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @CloudKnight
              last edited by

              @stuartjordan said in Hosted Freepbx TLS:

              @jaredbusch said in Hosted Freepbx TLS:

              @stuartjordan said in Hosted Freepbx TLS:

              Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

              TLS for the SIP and SRTP is you want for the audio.

              You have to be careful of LE certs with Yealink phones though.

              Hi Jared, What issue is there using Letsencypt with these phones? I've created a new letsencypt certificate and currently using that.

              If you have the T4xS models, nothing. But the T4xG models do not work.

              1 Reply Last reply Reply Quote 1
              • CloudKnightC
                CloudKnight @JaredBusch
                last edited by

                @jaredbusch said in Hosted Freepbx TLS:

                @jaredbusch said in Hosted Freepbx TLS:

                @stuartjordan said in Hosted Freepbx TLS:

                Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

                TLS for the SIP

                Note, you ALWAYS want TLS on the SIP or else your extension credentials are flying out unencrypted every time the phone registers.

                You mean SIP Trunk yeah? and not endpoints to pbx?

                JaredBuschJ 1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @CloudKnight
                  last edited by

                  @stuartjordan said in Hosted Freepbx TLS:

                  @jaredbusch said in Hosted Freepbx TLS:

                  @jaredbusch said in Hosted Freepbx TLS:

                  @stuartjordan said in Hosted Freepbx TLS:

                  Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

                  TLS for the SIP

                  Note, you ALWAYS want TLS on the SIP or else your extension credentials are flying out unencrypted every time the phone registers.

                  You mean SIP Trunk yeah? and not endpoints to pbx?

                  No, I mean the endpoints.

                  I don't care about the SIP trunk so much because I can easily control what registrations are allowed to come to that.

                  But endpoints are coming from all over the globe potentially

                  1 Reply Last reply Reply Quote 1
                  • CloudKnightC
                    CloudKnight
                    last edited by

                    These are my setting on pjsip, all good you think?

                    0_1519668594200_2018-02-26 18_08_43-FreePBX Administration.png

                    1 Reply Last reply Reply Quote 0
                    • CloudKnightC
                      CloudKnight
                      last edited by

                      0_1519668836565_2018-02-26 18_13_30-.png

                      1 Reply Last reply Reply Quote 0
                      • CloudKnightC
                        CloudKnight
                        last edited by

                        I will be removing web mangement secure from accessing remotely once I have spoken to the consultant who this if for and enabled a dyndns update client, at least this will lower the attack service as well.

                        1 Reply Last reply Reply Quote 0
                        • 1 / 1
                        • First post
                          Last post