System information
to modify that configuration so that Asterisk knows that the calls between the two
servers should be encrypted. The only change required is to add the transport = tls
option to the peer entry for the other server.
On serverA:
[serverB]
type = peer
host = 192.168.1.102
username = serverA
secret = apples
context = incoming
disallow = all
allow = ulaw
transport = tls
On serverB:
[serverA]
type = peer
host = 192.168.1.101
username = serverB
secret = apples
context = incoming
disallow = all
allow = ulaw
transport = tls
Now when you make a call using Dial(SIP/serverA) or Dial(SIP/serverB), the SIP
signaling will be encrypted. You can modify the dialplan to force outgoing calls to have
encrypted signaling by setting the CHANNEL(secure_bridge_signaling) function to 1:
[default]
exten => 1234,1,Set(CHANNEL(secure_bridge_signaling)=1)
same => n,Dial(SIP/1234@serverB)
On the side receiving the call, you can check whether the signaling on an incoming call
is encrypted using the CHANNEL(secure_signaling) dialplan function. Consider the fol-
lowing example dialplan:
[incoming]
exten => _X.,1,Answer()
same => n,GotoIf($["${CHANNEL(secure_signaling)}" = "1"]?secure:insecure)
same => n(secure),NoOp(Signaling is encrypted.)
same => n,Hangup()
same => n(insecure),NoOp(Signaling is not encrypted.)
same => n,Hangup()
When a call is sent from serverA to serverB using this configuration, you can see from
the output on the Asterisk console that the dialplan determines that the signaling of
the incoming call is encrypted:
152 | Chapter 7: Outside Connectivity