This document explains how to set up the configuration for Vodafone E-SBC for the Bavaria region in Germany. In particular, Vodafone's SIP trunks for the Bavaria region connected to the Wildix PBX must support the TLS protocol and, optionally, SRTP, using certificates issued by the Bavarian and Vodafone authorities. Created: October 2022 Permalink: https://wildix.atlassian.net/wiki/x/AQD7Aw |
To configure the trunk, follow the steps below:
Upload the following CA certificates to the PBX, to the /etc/ssl/certs:
Execute the below CLI command to add these certificates to the system:
update-ca-certificates |
From the operator, get the certificate file (e.g. ssl_sometext.bayern.de.p12) and upload it to the PBX
On the PBX, make .key and .pem files from the .p12:
openssl pkcs12 -in ./ssl_something.bayern.de.p12 -out /etc/kamailio/ssl/ssl_something.bayern.de.key -nocerts -nodes openssl pkcs12 -in ./ssl_something.bayern.de.p12 -out /etc/kamailio/ssl/ssl_something.bayern.de.pem -clcerts -nokeys |
Copy the current tls config file for SIP proxy:
cp /etc/kamailio/tls.cfg /etc/kamailio/tls_custom.cfg |
[client:any]
method = TLSv1.2
verify_certificate = yes
require_certificate = yes
ca_path = /etc/ssl/certs
server_name = esbc1.bybn.de
private_key = /etc/kamailio/ssl/ssl_sometext.bayern.de.key
certificate = /etc/kamailio/ssl/ssl_sometext.bayern.de.pem[server:10.48.130.165:5061]
method = TLSv1.2
verify_certificate = yes
require_certificate = yes
ca_path = /etc/ssl/certs
private_key = /etc/kamailio/ssl/ssl_sometext.bayern.de.key
certificate = /etc/kamailio/ssl/ssl_sometext.bayern.de.pem
where:
7. Add the below row to the file /etc/kamailio/cfg.d/host_specific_custom.cfg:
modparam("tls", "config", "/etc/kamailio/tls_custom.cfg")
8. Restart the SIP proxy service:
systemctl restart kamailio.service |
9. Set up trunk on the wms-interface with: