Versions Compared

Old Version 2

changes.mady.by.user Tatiana Bieliakova

Saved on

compared with

New Version Current

changes.mady.by.user Fabrizio Di Chello

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Scroll export button
scopecurrent
template-id0fa09813-8b86-460a-aa1d-ef450a80e9ce
quick-starttrue
add-onScroll PDF Exporter

Info

This document explains how to set up interconnection with operator Bayernto set up the configuration for Vodafone E-SBC for the Bavaria region in Germany. In particular, Vodafone's SIP trunks for the Bavaria region connected to the Wildix PBX must support the TLS protocol and, optionally, SRTP, using certificates issued by the Bavarian and Vodafone authorities.

Created: October 2022

Permalink: https://wildix.atlassian.net/wiki/x/AQD7Aw


Table of Contents

Introduction

How to set up

To make interconnection with Bayern operatorTo configure the trunk, follow the steps below:

  1. Upload the following CA certificates to the PBX, to the /etc/ssl/certs:

    1. bayern-softtoken-issuing-ca-2019_base64.cer 
    2. bayern-root-ca-2019_base64.cer

  2. Execute the below CLI command to add these certificates to the system:


    Code Block
    update-ca-certificates


  3. From the operator, get the certificate file (e.g. ssl_somethingsometext.bayern.de.p12) and upload it to the PBX

  4. On the PBX, make .key and .pem files from the .p12:

    Code Block
    openssl pkcs12 -in ./ssl_something.bayern.de.p12 -out /etc/kamailio/ssl/ssl_something.bayern.de.key -nocerts -nodes
openssl pkcs12 -in ./ssl_something.bayern.de.p12 -out /etc/kamailio/ssl/ssl_something.bayern.de.pem -clcerts -nokeys


  5. Copy the current tls config file for SIP proxy:

    Code Block
    cp /etc/kamailio/tls.cfg /etc/kamailio/tls_custom.cfg


  6. At the end of the file /etc/kamailio/tls_custom.cfg add the following block:

[client:any]
method = TLSv1.2
verify_certificate = yes
require_certificate = yes
ca_path = /etc/ssl/certs
server_name = esbc1.bybn.de
private_key = /etc/kamailio/ssl/ssl_somethingsometext.bayern.de.key
certificate = /etc/kamailio/ssl/ssl_somethingsometext.bayern.de.pem

[server:10.48.130.165:5061]
method = TLSv1.2
verify_certificate = yes
require_certificate = yes
ca_path = /etc/ssl/certs
private_key = /etc/kamailio/ssl/ssl_somethingsometext.bayern.de.key
certificate = /etc/kamailio/ssl/ssl_somethingsometext.bayern.de.pem

where:

  • esbc1.bybn.de = server name, which should be provided to you by the operator
  • 10.48.130.165 = an IP address of your interface for connection to the operator

7. Add the below row to the file /etc/kamailio/cfg.d/host_specific_custom.cfg:

modparam("tls", "config", "/etc/kamailio/tls_custom.cfg")

8. Restart the SIP proxy service:

...