Yeastar S-Series VoIP PBX supports TLS protocol. You can setup Yeastar S-Series VoIP PBX with Secure SIP (TLS) to secure the SIP messaging to ensure the communication between the different devices. We use mobile APP Zoiper in this case.
We tested with:
- Yeastar S100: firmware version 18.104.22.168; Local IP address: 192.168.5.150
- Zoiper in iPhone: Zoiper version 3.14
- Zoiper in Android Phone: Zoiper version 2.2.29
Configuration in Router and S-Series VoIP PBX
Step 1. Configure port forwarding on router
Example: The router’s public IP is 110.X.X.X.
Since Yeastar S-Series VoIP PBX is behind the router, register to Yeastar S-Series VoIP PBX remotely, you need to forward the SIP port on the router which is connected to Yeastar S-Series PBX, so that all the packets received on the router WAN port (110.X.X.X:5061) will be forwarded to the Yeastar S-Series VoIP PBX (192.168.5.150:5061). Below is the setting page in a Linksys router.
Note: we must map TCP port 5061 and TCP port 10000-12000.
Step 2. Configure NAT settings in Yeastar S-Series PBX.
Login Yeastar S-Series VoIP PBX web interface and go to “Setting> General> SIP> NAT”, configure the NAT settings according to the directions below.
NAT Type: choose “External IP Address”, you can choose “External Host” or “STUN” if you don’t have a static public IP address.
External IP Address: fill in the router’s public IP address
Local Network Address: fill in your local network segment and subnet mask (i.e.192.168.5.150/255.255.255.0)
NAT mode: Yes
Step 3. Setup an extension in Yeastar S-Series PBX. (i.e. 1002).
Register Remotely: Yes
Step 4. Enable TLS on S100.
- Navigate to Settings> PBX> General> SIP> PBX> TLS.
- Check the checkbox of Enable TLS.
- Don't select any certificate of Certificate.
- Click Save and click Yes on the pop-up window to reboot the PBX.
Step 5. Setup a TLS extension.
Go to Settings> PBX> Extensions> Advanced, choose an extension and edit it, set the transport as TLS.
Configuration in Mobile Zoiper (iPhone)
Step 1. Fill the information in Zoiper.
Access the path: Settings> Accounts in the Zoiper, then click "+" > Yes> Manual configuration> SIP Account
Account name: the number of extension
Domain: public IP address of router, the port is 5061(TLS)
User name: the number of extension
Caller ID: the number of extension
Auth Username: the number of extension
Step 2. Enable the TLS in Zoiper.
The path is Settings> Accounts(500)> ADDITIONAL SETTINGS> Network Settings
Then you can registered it.
Configuration in Mobile APP Zoiper (Android)
Step 1. Fill the information in Zoiper
Access the path: Settings> Accounts
Step 2. Enable the TLS
Access the path: Settings> Accounts> Transport> TLS
Choose the protocol of TLS
Path:Settings> Advanced> Security> TLS Options> Protocol Suite, SSL v2/v3
Then you can register and make a call.