TLS And NAT

Home » Asterisk Users » TLS And NAT
Asterisk Users 3 Comments

I want to configure communication with my phone provider using TLS for all the obvious reasons. Since I’m behind a firewall, I’ll be needing to do it with NAT. There are examples of UDP plus NAT in pjsip.conf, but none for TLS plus NAT. Would it be correct to set up the TLS transport stanza to look like the [transport-udp-nat] stanza example, replacing UDP with TLS in lines like ‘transport=tls’ and ‘protocol=tls’, and including the lines for local_net, external_media_address and external_signaling_address?

3 thoughts on - TLS And NAT

  • Hello Steve,

    use the following configuration for the transport and bind this transport to the trunk:

    [transport_name]
    type=transport protocol=tls bind=192.168.13.24 ; your bind IP
    ca_list_file=/etc/pki/tls/certs/ca-bundle.crt
    ; method=tlsv1_2
    verify_server=yes allow_reload=no
    ;tos=0xb8
    ;cos=3
    external_media_address=your.ext.host.name ; hostname pointing to your ext. IP
    external_signaling_address=your.ext.host.name ; hostname pointing to your ext. IP
    local_net=192.168.0.0/24 # your local net

    Regards Michael

  • Thanks, Michael. A few questions:

    Is [transport_name] a reserved word, or am I supposed to replace it with a name of my own, like ‘[did-transport]’?

    Some of the keywords I haven’t seen before. Is ca_list_file supposed to be an aggregate of the public and private key? And what are the
    ‘method,’ ‘tos’ and ‘cos’ keywords, which are commented out in your instructions?

    Otherwise, the rest is quite clear.