Hosted Freepbx TLS

StuartJordan

Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

JaredBusch

@stuartjordan said in Hosted Freepbx TLS:

Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

TLS for the SIP and SRTP is you want for the audio.

You have to be careful of LE certs with Yealink phones though.

JaredBusch

@jaredbusch said in Hosted Freepbx TLS:

@stuartjordan said in Hosted Freepbx TLS:

Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

TLS for the SIP

Note, you ALWAYS want TLS on the SIP or else your extension credentials are flying out unencrypted every time the phone registers.

StuartJordan

@jaredbusch said in Hosted Freepbx TLS:

@stuartjordan said in Hosted Freepbx TLS:

Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

TLS for the SIP and SRTP is you want for the audio.

You have to be careful of LE certs with Yealink phones though.

Hi Jared, What issue is there using Letsencypt with these phones? I've created a new letsencypt certificate and currently using that.

JaredBusch

@stuartjordan said in Hosted Freepbx TLS:

@jaredbusch said in Hosted Freepbx TLS:

@stuartjordan said in Hosted Freepbx TLS:

Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

TLS for the SIP and SRTP is you want for the audio.

You have to be careful of LE certs with Yealink phones though.

Hi Jared, What issue is there using Letsencypt with these phones? I've created a new letsencypt certificate and currently using that.

If you have the T4xS models, nothing. But the T4xG models do not work.

StuartJordan

@jaredbusch said in Hosted Freepbx TLS:

@jaredbusch said in Hosted Freepbx TLS:

@stuartjordan said in Hosted Freepbx TLS:

Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

TLS for the SIP

Note, you ALWAYS want TLS on the SIP or else your extension credentials are flying out unencrypted every time the phone registers.

You mean SIP Trunk yeah? and not endpoints to pbx?

JaredBusch

@stuartjordan said in Hosted Freepbx TLS:

@jaredbusch said in Hosted Freepbx TLS:

@jaredbusch said in Hosted Freepbx TLS:

@stuartjordan said in Hosted Freepbx TLS:

Hey everyone, got an instance of Freepbx running on a dedicated server as a VM instance. all working well, I've just wondered are most people here just connecting endpoints(phones) using UDP/TCP or are they using TLS for connections. I know it would pretty hard for someone to intercept packets anyway using UDP/TCP but was just curious if people are using encryption?

TLS for the SIP

Note, you ALWAYS want TLS on the SIP or else your extension credentials are flying out unencrypted every time the phone registers.

You mean SIP Trunk yeah? and not endpoints to pbx?

No, I mean the endpoints.

I don't care about the SIP trunk so much because I can easily control what registrations are allowed to come to that.

But endpoints are coming from all over the globe potentially

StuartJordan

These are my setting on pjsip, all good you think?

StuartJordan

StuartJordan

I will be removing web mangement secure from accessing remotely once I have spoken to the consultant who this if for and enabled a dyndns update client, at least this will lower the attack service as well.