Hello All -

I am testing out VitalPBX and have configured my first trunk. It passes calls happily but when configuring for TLS and SRTP I have no clear way to configure SRTP on the VitalPBX side.

A Google search does not reveal much more information about configuring SRTP on trunks, rather only for device profiles.

Is it possible to configure SRTP on a PJSIP trunk on VitalPBX?


Good Day,

Pleased to meet you, I am new here. I too will be testing this out later this week. However, from my perusal through the UI I noticed that there are first Global Settings under Settings —> Technology Settings —> PJSIP Settings and PJSIP Transports. I haven’t checked it myself to test, but I believe this is a good place to start. Within these settings you choose your certificate and SSL/TLS version. Then in the Trunks section under Calls Routing, there is a section called General Configurations that has a Transport selection that allows for TLS and TLS+Teams.
Secondly, there is a section Settings → Technology Settings → Device Profiles. Under this section you create a PJSIP profile that is used for SRTP and Secure SIP. After this is done, I believe you can use this profile in place of the Default PJSIP profile under Trunks.

I hope this helps, again I am not certain this is correct, but it seems like the likely places for the configuration.

Not intuitive but it appears I should apply the DEVICE profile to the trunk.

I’ve done that and see the crypto offer in the SDP but my carrier doesn’t like it. I’ll have to compare it to the offer on a working Asterisk install and see what’s going on.


Do they even support TLS/SRTP?

Yes, they support TLS/SRTP. I’ve been running that way for years under fpbx with this carrier.

The SDP looks good from VitalPBX but something is not entirely right as the call is ultimately rejected by the carrier when the audio path tries to come up. I’ll get some time to debug over the next few days and report back. Maybe there’s something I’m missing between Asterisk 16 (my working fpbx) and Asterisk 18.

There shouldn’t be really anything that can break this.

I assume that it’s either a codec or crypto mismatch

I did notice the codec offers from VitalPBX doesn’t match the configuration - that is to say in PJSIP Settings I have VitalPBX set for g722 and ulaw but the SDP offer is ulaw, alaw, and g729.

It should still work matching on ulaw, tho.

The crypto offer matches what I see from the working fpbx config. I don’t think that’s the issue, either.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.