Page tree
Skip to end of metadata
Go to start of metadata


Premium SIPStation SIP Trunking encrypts SIP and RTP with TLS and SRTP between your PBX site and Sangoma's Data Centers. This feature is presently under BETA testing. If you would like to be part of the testing, please complete this short survey first → https://www.surveymonkey.com/r/Y2JCDS9

Prior to using this page as a guide, our technical staff have to enable the feature in our back office systems.

Overview

This document will guide you through the process of configuring Vega series of Gateway’s to work with the Premium SIPStation SIP Trunking service.  Premium SIPStation provides SIP Trunks over TLS and SRTP.  This guide will focus on the setup of CA Certificates and SRTP configuration along with the typical SIP trunk requirements.

Introduction

For Trunking solutions, the Vega Gateway can connect to the Premium SIPStation SIP Trunking service, this guide provides detailed information about the configuration requirements in Vega series of Gateways Vega 50, Vega 60G, Vega 3000G and Vega 3050G.  A typical deployment connects the Premium SIPStation SIP Trunking service to the Vega Gateway on one side using a secure TLS and SRTP SIP Trunk and then on the other side connects to a FXS Port which may have a Legacy PBX or POTS phone.  The Vega Gateways could also route to a FXO port if available, but this is a more uncommon type of connectivity.



Premium SIPStation Configuration

General Configuration

SIPStation is a SIP Trunking Service offered by Sangoma, A customer purchases the SIP Trunking Service and then can being to make calls from their Vega Gateway to the SIPStation Service.  SIPStation uses FQDNs as the SIP Server address.  In this configuration we are purchasing the SIPStation service, finding out where the SIPStation Trunk attributes are located for provisioning in the Vega Gateway.  Once the Vega Gateway is configured, the Vega Gateway will REGISTER with SIPStation and be allowed to make Outgoing Calls and Incoming Calls.

SIPStation Purchase

There are Wikis to step through purchasing SIPStation DIDs.  This document will simply overview the highlights.

https://wiki.sangoma.com/display/ST/SIPStation+and+FAXStation


NOTE:  Premium SIPStation is still in Beta.  Option to buy is not yet available on the SIPStation Portal.  Once available, this next instruction will indicate how to purchase Premium SIPStation trunks.


Login into www.sipstation.com, begin to purchase your Inbound Numbers.  Proceed to Checkout and complete the purchase.



Once purchased, go to My Account | Trunk Groups and record the following information:

  • SIP Username:  This is the Registration Username
  • SIP Password:  This is the Registration Password
  • SIP Gateway:  This is SIPStation FQDN
    • Premium SIPStation will show premiumtrunk1.freepbx.com and premiumtrunk2.freepbx.com



Vega Gateway Configuration

General Configuration

DHCP

All Vega Gateways use DHCP to assign an IP Address.  Plug the Vega Gateway to the network, DHCP will assign an IP Address to the unit.  To know what the IP Address that was assigned to Vega do one of the following;

  • Attach Serial Cable to the Vega, 115200 8N1, login admin/admin - IP Address will be displayed on the Banner, or type Show Banner
  • Refer to the DHCP Server reservation
  • Use a network scan tool, look for the IP based on the MAC



Use of Static IP

NOTE: Although the out-of-the-box Vega Gateway obtains an IP Address dynamically, it is recommended that Gateways use a Static IP Address.  Configuration of Static IP will be done in each section.


Licensing

By default, ALL Vega Gateways are sold without SRTP Licenses.  But FREE of charge, Sangoma will provide new License for the Vega Gateway to enable SRTP.


Check your Vega Gateway licenses to determine the state of the SRTP License.

SSH into the Vega Gateway.  Type SHOW LICENSE  (or SHOW SUPPORT) - this is also seen on the Vega WebGUI

Here is an example showing no SRTP License.

 

To acquire a SRTP license from Sangoma.  Contact your local Sangoma Sales Representative, or Sangoma Support (support.sangoma.com) and request a SRTP License for your Vega Gateway.  You will need to provide the MAC address (or Serial Number) of the Vega Gateway.  For Vega 60Gs, it is helpful to also provide the variant type of Vega, like 4FXS + 4FXO.

From Sangoma Sales or Support you will receive new license key, looks like the following;

001306505ff05DB2006000003010180000000f0603d2799b0426303c99f3eb0c551a2d687dR1XXXXXX


Configuration  |  Expert Config  |  System Maintenance

Click "Show License Information"


Copy and Paste the License Key into the "Enter New License Key" field and press Submit


You will have to Reboot the Vega Gateway to make the changes effective.


After the reboot, when the Vega Gateway is up, you can return to Configuration  |  Expert Config  |  System Maintenance to see that the license is now on.


Quick Config

Quick Config is the Vega Gateway's configuration Wizard.  The Wizard asks some specific questions related to the nature of your installation and upon Saving Configuration, the Wizard will complete the programming of the Vega Gateway, through the entire Expert Config.  This document will focus on the Quick Config wizard and any supplemental Expert Config requirements.  All Quick Config are the same across all Vega Gateways, although specific to Analog or Digital options for corresponding Gateway interfaces.

Quick Config

When you login into the Vega Gateway, the System Status page is seen,



Click on Configuration


Click on Quick Config, a Warning will pop up, reminding you that any Edits here will overwrite the config. Click Continue



Quick Config - Step 1 - Basic Configuration

First step in the Quick Config wizard, items such as Country, Time Zone, Emergency Numbers and LAN Interface details,


Select the appropriate Country, this is important to define the correct CallerID, Tones, Line Impedance, Digital framing and more for your region.

Change the Gateway from Dynamic IP to Static IP, this is not necessary, but recommended.

  • Deselect "Obtain IP Settings automatically Using DHCP"
  • Enter in the IP Address, Subnet Mask, Default Gateway, DNS Servers and NTP Server


Quick Config - Step 2 - VoIP

This section is where the Premium SIPStation is defined, SIPStation Domain, Transport and Port.



General VoIP Configuration - Registration Mode

Here there are potentially three options, only one is applicable to Premium SIPStation:  GATEWAY 

  • Select GATEWAY, there is requirement to REGISTER and Authenticate with the SIPStation.



Remote Server Configuration

Here is where the Premium SIPStation location is configured, along with the SIP Port, Transport, SIP Accessibility Check (OPTIONS Ping) and the Registration Username and Password

  • SIP Server IP/FQDN: Enter the FQDN of the Premium SIPStation - premiumtrunk1.freepbx.com
  • SIP Server Port: Enter 5061 - This is common for TLS
  • SIP Server Transport Mode: Select TLS
  • SIP Accessibility Check: Select Options
  • Registration/Authentication ID:  Enter the SIP Username from the SIPStation Portal - My Account - Trunk Groups
  • Authentication Password:  Enter SIP Password from the SIPStation Portal - My Account - Trunk Groups
  • Add Transport parameter in Contact Header of Register Request:  Check to Enable


Codecs

Premium SIPStation offers a greater variety of Codecs. Premium SIPStation Codecs include;

  • G711 Codec
  • G729 Codec
  • G722 Codec
  • AMR-WB Codec
  • GSM Codec

In the following section, select the Codec you wish to use in the priority you wish to use.



Quick Config - Step 3 - FXS

This section is where the Vega Gateway FXS interfaces are defined, this section will map the SIPStation DID to the specific FXS Analog port.  Every call from SIPStation, calling a specific DID into the Vega will ring a specific FXS Analog Port.  This FXS Port is typically connected to a FXO port on a Legacy PBX or a POTS phone or FAX Machine.

FXS

  • Caller ID Type Information:  This is predefined based on Country variant selected earlier.  This is the format of the Analog CallerID generation. 
  • Digital Rx Gain:  Analog Receive Gain
  • Digital Tx Gain:  Analog Transmit Gain


Telephone Connections

  • Port:  Physical Port identification
  • Enabled?:  Turn On or Off the physical port.  It is best practice to Disable unused ports.
  • Enable Caller-Id Generation:  Enable or Disable CallerID Generation for the specific port.
  • Numeric Caller ID: When this Port make a call to the SIPStation service, this will be the Numeric Caller ID
  • Textual Caller ID: When this Port make a call to the SIPStation service, this will be the Name Caller ID
  • Telephone number(s) to route to the FXS interface:  This is the SIPStation DID that will ring this specific Port.  This is most import to match the DID selected when purchasing a SIPStation Trunk.  Each FXS port will require a unique DID if there are multiple DIDs purchased.  If you want one DID to ring multiple FXS Ports, Call Presentation Groups will need to used.
  • Registration and Authentication ID:  This is greyed out and not used as GATEWAY mode was selected.
  • Authentication Password: This is greyed out and not used as GATEWAY mode was selected.


Save Configuration

You are done.  Press Save Configuration.

You will have to reboot as well when changing IP Addresses.



Creating a Server Cert for TLS

There are two methods for creating a CA and Server Cert for the Vega Gateway

  1. Using a Certificate Authority (Verisign, GoDaddy, and others)
    Similar to the process of the Sangoma SBC, found here;
    https://wiki.sangoma.com/display/SBC/How+to+create+SSL+Certificates+for+your+TLS+support+on+Sangoma+SBC
    BUT, the Vega Gateway does not have the ability to generate a CSR locally on the Gateway.  The CSR must be created externally, then sent to the CA Authority.  From there the Server Cert is then imported onto the Vega.

  2. Using Simple Authority
    Similar to the process of the Sangoma SBC, found here;
    https://wiki.sangoma.com/display/SBC/SBC+TLS+Certificates+using+Simple+Authority
    This process of using Simple Authority to generate a Server Cert works very well.

Pick one of the two methods, and the end result of either method will be a CA Root Cert and a Server Cert in a PEM format

For Example: 

  1. CA Root Cert - Sangoma 20181029_cert.pem
  2. Server Cert - vega1.domain.net 20181029_key.pem



Preparing the Server Certs

Open Server Cert - "vega1.domain.net 20181029_key.pem" in Notepad++ (https://notepad-plus-plus.org/)

Notice that the Server Cert has two components. 

  1. RSA Private Key
  2. Server Cert



Copy everything from  -----BEGIN RSA PRIVATE KEY-----  to   -----END RSA PRIVATE KEY----- 



Paste into a new Text File.  Save this "RSA Key Only" file with any name.  For Example "vega1.domain.net 20181030_just_key.pem"


You have three files now.  Server Cert, Key, and Root.

  1. CA Root Cert - Sangoma 20181029_cert.pem
  2. Server Cert - vega1.domain.net 20181029_key.pem
  3. Server Key - vega1.domain.net 20181029_just_key.pem


Configuration  |  Expert Config  |  System Maintenance

The Vega Gateway needs a Server Cert and the RSA Private Key installed separately. 

Go to Upload/Download File within System Maintenance


Note: Do the next few steps one at a time, as multiple Uploads of multiple files will not work.


Under TLS Files

For Certificate File - Click Browse.  Find and select the Server Cert, for example - "vega1.domain.net 20181029_key.pem"

Press Upload.

For Key File - Click Browse.  Find and select the Server Key, for example - "vega1.domain.net 20181029_just_key.pem"

Press Upload.

Note: The Server CA Root Cert does not need to be installed.


Download and install the SIPStation GoDaddy CA Root Cert

We need to install the SIPStation CA Root Cert.

Go the following Website.

https://certs.godaddy.com/repository


Download the GoDaddy Secure Server Certificate (Intermediate Certificate) - G2  - gdig2.crt.pem (pem) file.


Go to Upload/Download File within System Maintenance


Under TLS Files

For Root Certificate File - Click Browse.  Find and select the GoDaddy Secure Server Certificate (Intermediate Certificate) - G2  - gdig2.crt.pem (pem) file.

Press Upload.


After loading the two Certs and the Key.  The Vega Gateway will need to be rebooted.



Enabling SRTP

Premium SIPStation also requires the use of SRTP for encryption of the Audio Media stream.

You can follow the directions for enabling SRTP on the Vega Gateway here;

https://wiki.sangoma.com/display/VG/SRTP


For Premium SIPStation, these are the settings;

  • SRTP Mode:  Select "require_rfc4568"
  • SRTP Default Auth Bits:  Leave at 80
  • SRTP Minimum Auth Bits:  Leave at 32
  • Crypto Life Time:  Leave at default Medium
  • Crypto MKI Length:  Leave at default 1:1



Be sure to Apply Configuration and Save Configuration


Note:  If these settings are not shown in the SIP Profile.  They can be entered via CLI.

Type on the Vega CLI via SSH (or CLI on the WebGUI)

  • set sip.profile.1.srtp_mode=require_rfc4568
  • apply
  • save













  • No labels