LogoLogo
Partner Portal Login
  • Welcome
  • Getting Started
    • Becoming A Partner
    • Getting Support
      • Community Services
        • SMTP Servers
        • DNS Servers
      • Service Status and Incidents
        • Status Page
        • nbn Incident Notifications
    • Accounts & Billing
      • Billing Overview
      • How to pay
  • Services
    • Connectivity
      • nbn TC4
        • Getting Started
        • Troubleshooting
          • nbn Self-Diagnostic Tool
        • Technical References
          • nbn TC4 Sevice Classes
          • nbn TC4 AVC-ID
      • nbn Enterprise Ethernet
        • Getting Started
      • Internet Services
        • IP Geolocation
        • Troubleshooting
          • Advanced Troubleshooting
            • nbn Enterprise Ethernet
            • Telstra Ethernet Access and AAPT Fibre
            • nbn TC4 Connectivity
              • FTTP (Fibre to the Premise)
              • FTTN/B (Fibre to the Node/Basement) or VDSL2
              • FTTC (Fibre to the Curb)
              • HFC (Hybrid Fibre Coaxial)
              • Wireless
          • Logging a fault for your WAN Service
          • WAN Diagnostic Tool
          • WAN Monitoring
        • Technical Reference
          • What is CGNAT and How does it work?
          • Ethernet Service Shaping Requirements
          • Router configuration for Telstra 4G/5G services
      • SD-WAN
        • Getting Started
          • How to login to Antares V2 Portal
          • Getting Familiar with Antares Portal
      • Requesting co-managed router access
    • Voice over IP (VoIP)
      • Best Practices to Protect You from Toll Fraud
      • Best Practice Guidelines
      • Inbound Numbering System
        • How to access the Inbound Numbering System?
        • Creating a new user
        • Diverting a 1300/1800 number
        • Moving a DID between services
        • Creating a basic IVR
      • Grandstream Device Management System (GDMS)
        • How to login to the GDMS platform
        • How to run diagnostic tests within the GDMS
        • How to add a site and move a VoIP Device into it
        • How do I add/remove users from the GDMS Portal?
      • 3CX Guides
        • How to configure our CTS Trunk on 3CX
        • Resolving Call Quality issues on 3CX deployments
        • How to configure a SIP Trunk on 3CX
        • Changes to default 3CX Headers
      • Microsoft Teams Direct Routing
        • Getting Support for Microsoft Direct Routing
        • Configuration Guide
        • Troubleshooting Call Routing
        • Unable to Dial Internationally from Teams
        • Creating a resource account and assigning a Direct Routing DID
        • "Call cannot be connected" error with Auto-Attendants and Queues
        • Creating Dial Plans to Prefix Outbound Calls
      • Brand Specific Guides
        • NetComm Router/ATA
          • How to register VOIPnow extension to NetComm device (NL1901ACV)
        • Cisco
          • SPA112 - Fax Settings
        • Grandstream
          • How to enable TLS encryption on Grandstream phone
          • Upgrading the firmware on Grandsteam phones
          • Setting up voicemail on the DP720 (Cordless Handset)
          • How to setup a VoIP Account on a Grandstream phone
          • Grandstream GXP2140 Voicemail
          • Setting up Monitored Call Parking
      • General
        • Getting Started with your VoIP Reseller Account
        • How much bandwidth do I need for VoIP?
      • VoIP Troubleshooting
        • VoIP Troubleshooting Guide
        • VoIP Fault Guide
        • SIP ALG and turning it off
        • Emails from VoIPNow going to SPAM
      • Number Porting
        • Can I port my existing phone numbers over?
        • How do I port numbers over to Hosted Network?
        • Reasons for Number Port Rejection
      • VoIPNow Guides
        • How to activate call recording in VOIPnow
        • Configuring Charging Plans to add margin to outbound calls
        • Configuring Charging Plans to add margin to 13/1300/1800 Inbound calls
        • What is a valid Caller ID?
        • How can I make Anonymous Calls?
        • Getting a breakdown on the resources for an Organization
        • Configuring Fax to Email
        • VoIP Bundle Creation & Implementation
        • Uploading Sound files to VoIPNow
        • How does Call Parking work on VoIPNow?
        • Transferring Calls Waiting in Queues
        • How to setup a Queue (Hunt Group)
        • How to find a list of all the numbers assigned to your Service Provider account
        • How to do a context jump based on the incoming Called DID
        • How to change Music on Hold for an extension
        • Creating and updating a time interval
        • How to apply a time interval to an Incoming Call Rule
        • How to add an Incoming Caller ID Prefix with an IVR
        • Applying sound files to an IVR
        • How to configure an IVR to transfer to an external number
        • How to enable International Call barring on Organizations and Users
        • List of the common issues submitted by the partners
        • How to Configure BLF on Virtual Multi-Purpose Key
        • How to configure Intercom/Paging
        • How to configure TLS and SRTP on VOIPnow and Grandstream Phones
        • How to give end customer an access to VOIPnow to view/manage the CDR and Call recordings
      • SIP Trunk Requirements: Ports, Protocols, and Codecs
    • Cloud
      • Infrastructure as a Service
        • Getting Started
          • How to login to vCloud Director
          • vCloud Resource Allocation
        • Virtual Machines & vApps
          • Creating a new Virtual Machine
          • What is a vApp and how to create one?
          • Mounting an ISO to a VM
          • Accessing the VM console
          • Using VM snapshots
          • Converting a VM to a Template
        • Backup and Restorations
          • Accessing Veeam Self Service Backup Portal
          • Creating a Backup Job
          • Enabling Application-Aware Processing in Veeam Self-Service Portal
          • Setting up Guest Processing
          • How to start a File Level Restore
          • How to carry out a full VM restore
          • Archived: Restoring a VM or guest files
        • Networking
          • Routed, Isolated and Direct networks in vCloud
          • How to create/delete a vApp network
          • How to create/delete a new Organization level network
        • Administrative Tasks
          • Creating Users
          • What is a 'Catalog' and how to create one
          • Uploading ISO files or OVA/OVF templates
          • Setting up Azure AD SAML based authentication for vCloud
          • Microsoft Software Licensing
          • Activating Windows Servers
          • Checking and Decreasing IaaS resources
      • Backup as a Service
        • Tenant Management via VSPC
          • VSPC Overview
          • Creating Companies
          • Adjusting tenant storage allocation
        • Configuration with Veeam B&R
          • Getting Started
          • Configuring Backup Jobs
          • Configuring Backup Copy Jobs
            • Seeding Backup Copies
        • Configuration of Veeam Agents via VSPC
          • Getting Started
          • Installing Agents
          • Using backup policies
      • Disaster Recovery as a Service
        • Getting Started
        • Configuring Replication Jobs
        • Seeding Replicas
        • Failover
          • Partial Failover
          • Full Site Failover
          • Accessing replica VMs
  • Partner Portal
    • General
      • Manage Contacts
      • How to cancel services in the Partner Portal
    • Rebilling System
      • End Customers Management
        • Services
        • Recurring and Once-Off Charges
      • Charging Plans
      • Rebilling Configuration
        • Integrations
        • Integration Errors
        • Email Settings
        • Product Settings
        • Bank Account
        • Invoice Details
    • Service Qualifications
      • How perform a WAN Service Qualification
      • WAN Service Qualifications Drafts
      • WAN Service Qualification History
      • FTTP Upgrade
    • Security
      • Multi-Factor Authentication
      • Microsoft Single Sign-On (SSO)
      • Account Permissions
Powered by GitBook
On this page
  • Important Notes / Requirements
  • What is TLS/SRTP?
  • Why do we need to enable the TLS/SRTP protocol?
  • How do I enable SRTP in VoIPNow?
  • Configuring TLS/SRTP on a Grandstream GXP2170
  1. Services
  2. Voice over IP (VoIP)
  3. VoIPNow Guides

How to configure TLS and SRTP on VOIPnow and Grandstream Phones

Secure SIP protects SIP messages by encrypting them over a TLS (Transport Layer Security) channel using a security certificate. Secure RTP (Real-time Transport Protocol) provides encryption, message a

Important Notes / Requirements

  • Access to VOIPnow

  • Access to Grandstream Phones

Your phone should support the crypto standard, otherwise, calls will not work. Fax is not supported on encrypted connections.

What is TLS/SRTP?

TLS is a cryptographic protocol that secures/encrypts SIP messages sent by a softphone, IP phone, or a PBX

This protocol offers a series of advantages as follows:

  • with TLS enabled, SIP messages cannot be intercepted, read, or altered by intruding parties;

  • being a recognized secure standard, TLS allows to unlock VoIP on many mobile networks around the world where it is being blocked by default (especially in more strictly regulated jurisdictions, for example in Gulf states);

  • adopting TLS can also help bypass Network Address Translation issues that often arise on 3G/LTE networks.

SRTP is another cryptographic protocol that encrypts the audio stream (RTP media) between the regional gateway and the Unified Communication platform or the IP-PBX. The result is that no party can intercept, read, and alter the audio stream during the call.

Why do we need to enable the TLS/SRTP protocol?

As we all know in this day and age of privacy concern and alleged snooping you wouldn’t access your bank over plain old HTTP, or send credit card details in an email for obvious reasons. that's why in VoIPnow we strongly recommend that you enable TLS/SRTP between Voipnow and your equipment for us to make sure that all packets are secured (SIP messages and Media packets)

How do I enable SRTP in VoIPNow?

You can enable the SRTP encryption on any Phone Terminal Extension within VoIPNow fairly easily, it is worth keeping in mind that you need to ensure the phone actually supports that Cryptographic standard otherwise your calls may fail to route.

Follow the steps below to enable SRTP in VoIPNow.

Configuration Steps

  1. Log in to your VOIPnow

2. Navigate to the User/Extension you want to enable the TLS/SRTP encryption then go to “SIP preferences”

3. Change the Media encryption to “SDES/DTLS-SRTP”

The configuration in VOIPnow is now completed.

Next, we will configure the IP Phone. In this example, we will be using Grandstream GXP2170

Note: This TLS/SRTP encryption are also tested on GRP Phones (GRP2615 and GRP2613) models

If you are using GRP Phones no need to follow Step 5 and 6 since it was set to Unlimted by default

Configuring TLS/SRTP on a Grandstream GXP2170

For this example, we will be using a Grandstream GXP2170, but the general concept is the same for the majority of SIP-based IP phones. This is assuming they support the configured Cryptographic standard selected in VoIPNow.

Follow the steps below to configure the GXP2170 with TLS/SRTPConfiguration Steps

Configuration Steps

  1. Log in to the Grandstream phone where the extension was registered

  2. Navigate to Accounts >>>>> Account 1 >>>>> SIP Settings >>>>> Basic settings

3. Change the SIP Transport parameter from “UDP” to “TLS/TCP” to activate the TLS protocol then apply changes

4. Navigate to Audio Settings and change the SRTP Mode from “No” to “Enabled and Forced” to activate SRTP protocol then apply changes

5. Navigate to Maintenance >>>>> Security Settings >>>>> Security

6. Change the “Minimum TLS Version” from TLS 1.1 to TLS 1.0 then apply changes

Congratulation you have successfully configured both VOIPnow and Grandstream phone to use TLS/SRTP protocol for encryption!

Make sure to do a test call inbound/outbound from the phone as well to confirm everything is working smoothly, some phones may require slightly different configuration settings.

PreviousHow to configure Intercom/PagingNextHow to give end customer an access to VOIPnow to view/manage the CDR and Call recordings

Last updated 4 years ago