Separate names with a comma.
Discussion in '3CX Phone System - General' started by SimWhite, Dec 21, 2016.
Could you tell some info about 3CX Tunnel technology? Is it use any kind of encryption?
If you talk about the SBC, then you can enable TLS transport which uses industry standards of mutual TLS connection. As the compute power of mobile devices is not even some devices would not be able to handle this in a timely manner, so the only encryption would be a custom protocol which can not be seen as security as such
So as I understand the only way to get encrypted connection with encrypted voice is to use 3CX Client without 3CX Tunnel and use TLS with RTP Mode = Only secure? What about IP-phones? Other softphones?
IP Phones can not speak tunnel it self, they need the SBC and as said here you are fine.
In IP Phones other options are SIP TLS + sRTP or VPN the device to your Firewall.
But as I understand only 3CX Client can use SRTP, isn't it?
sRTP can also be used on an ip phone but without secure sip it is a bit of a "useless" exercise... If you talk about provisioning method then yes this needs to be custom build for your install in the template...
OK. Could you explain how TLS works in your 3CX clients? I install LE certificates on the server on port 5061, check it with openssl s_client and Phonerlite softphone and it works fine. But your client won't connect. As I understand if I use 3CX Tunnel the connection established from localhost (127.0.0.1) but TLS service didn't accept connections from the localhost (it seems it is bind to the interface IP and not to the 0.0.0.0 as UDP/TCP service). And when I disable 3CX Tunnel and try to connect directly to the port 5061 as any other softphone like Phonerlite, 3CX Client shows me TLS error. As I understand it won't accept LE certificate? Why?
CSIPsimple client for Android works well with TLS and SRTP
I don't have and don't use android-based devices. Also I need working push-technology so I try to use 3CX Client.