[global] type = global endpoint_identifier_order = username,ip,anonymous [transport-udp] type = transport protocol = udp bind = 0.0.0.0:16555 tos = cs3 [transport-tcp] type = transport protocol = tcp bind = 0.0.0.0:16555 tos = cs3 ; If you don't have TLS certificates and aren't using TLS, don't uncomment these. PJSIP will error out and not load. ;[transport-tls] ;type = transport ;protocol = tls ;bind = 0.0.0.0:16556 ;tos = cs3 ;cert_file = /etc/letsencrypt/live/example.com/fullchain.pem ;priv_key_file = /etc/letsencrypt/live/example.com/privkey.pem ;verify_server = no ;method = tlsv1 ; PJSIP lets you set up multiple transports, so you can run different versions of TLS on different ports so supporting equipment can run TLS 1.2+ and you can still have TLS 1.0 on a different port for backwards-compatability. e.g. GS HT802 can do TLS 1.2 but HT704 can only do up to TLS 1.0. ;[transport-tls12] ; some older ATAs require TLS 1.0, so also configure a transport with a newer TLS version for those that can support it. ;type = transport ;protocol = tls ;bind = 0.0.0.0:16556 ;tos = cs3 ;cert_file = /etc/letsencrypt/live/example.com/fullchain.pem ;priv_key_file = /etc/letsencrypt/live/example.com/privkey.pem ;verify_server = no ;method = tlsv1_2 ; Sample CallCentric registration for PSTN: ;-- [reg_callcentric] type=registration transport=transport-udp outbound_auth=callcentric_auth retry_interval=60 expiration=3600 auth_rejection_permanent=yes contact_user=17775551212 server_uri=sip:callcentric.com client_uri=sip:17775551212@callcentric.com [callcentric_auth] type=auth auth_type=userpass password=samplepassword username=17775551212 [callcentric] type=aor contact=sip:17775551212@callcentric.com [callcentric] type=identify endpoint=callcentric match=callcentric.com [callcentric] type = endpoint rtp_symmetric = yes force_rport = yes rewrite_contact = yes direct_media = no tos_audio = ef disallow = all allow = ulaw language = en transport=transport-udp context=from-callcentric outbound_auth=callcentric_auth aors=callcentric from_domain=callcentric.com from_user=17775551212 sdp_owner=17775551212 ice_support=no send_rpid=yes rtp_symmetric=yes force_rport=yes timers=no --; [lines-endpoint](!) type = endpoint disallow = all allow = ulaw rtp_symmetric = yes force_rport = yes rewrite_contact = yes direct_media = no inband_progress = yes tos_audio = ef device_state_busy_at = 1 trust_id_outbound = no trust_id_inbound = no notify_early_inuse_ringing = yes context = from-internal ; context in the dialplan in which this user originates a call allow_subscribe = yes subscribe_context = phreaknet-hints [lines-aor](!) type = aor max_contacts = 1 qualify_frequency = 30 [lines-auth](!) type = auth ; every user needs to have an AOR (address of record) section, auth section, and endpoint section. To minimize clutter, we use templates for each. [DeskPhone1](lines-aor) [DeskPhone1](lines-auth) username = DeskPhone1 password = samplepasswordhere [DeskPhone1](lines-endpoint) callerid = "John Smith" <5552368> ; change the CNAM and caller ID of your line here ;media_encryption = sdes ; for SRTP (voice path), if your endpoint supports it. Make sure to connect to the TLS port so the signaling is encrypted, too. auth = DeskPhone1 aors = DeskPhone1 ;mailboxes = 2368@vmcontext ; for voicemail MWI