How to set up configuration for Vodafone E-SBC for the Bavaria region in Germany

To configure the trunk, follow the steps below:

1. Upload the following CA certificates to the PBX, to the /etc/ssl/certs:
   

   1. bayern-softtoken-issuing-ca-2019_base64.cer 
   2. bayern-root-ca-2019_base64.cer

2. Execute the below CLI command to add these certificates to the system:

   update-ca-certificates

3. From the operator, get the certificate file (e.g. ssl_sometext.bayern.de.p12) and upload it to the PBX

4. On the PBX, make .key and .pem files from the .p12:

   openssl pkcs12 -in ./ssl_something.bayern.de.p12 -out /etc/kamailio/ssl/ssl_something.bayern.de.key -nocerts -nodes
   openssl pkcs12 -in ./ssl_something.bayern.de.p12 -out /etc/kamailio/ssl/ssl_something.bayern.de.pem -clcerts -nokeys

5. Copy the current tls config file for SIP proxy:

   cp /etc/kamailio/tls.cfg /etc/kamailio/tls_custom.cfg

6. At the end of the file /etc/kamailio/tls_custom.cfg add the following block:

[client:any]
method = TLSv1.2
verify_certificate = yes
require_certificate = yes
ca_path = /etc/ssl/certs
server_name = esbc1.bybn.de
private_key = /etc/kamailio/ssl/ssl_sometext.bayern.de.key
certificate = /etc/kamailio/ssl/ssl_sometext.bayern.de.pem

[server:10.48.130.165:5061]
method = TLSv1.2
verify_certificate = yes
require_certificate = yes
ca_path = /etc/ssl/certs
private_key = /etc/kamailio/ssl/ssl_sometext.bayern.de.key
certificate = /etc/kamailio/ssl/ssl_sometext.bayern.de.pem

where:

• esbc1.bybn.de = server name, which should be provided to you by the operator
• 10.48.130.165 = an IP address of your interface for connection to the operator

7. Add the below row to the file /etc/kamailio/cfg.d/host_specific_custom.cfg:

modparam("tls", "config", "/etc/kamailio/tls_custom.cfg")

8. Restart the SIP proxy service:

systemctl restart kamailio.service

9. Set up trunk on the wms-interface with:

• Transport TLS
• Port 5061
• Enabled SDES-SRTP checkbox