I'm wondering if someone can help me debug this problem I'm having. I'm trying to get secure trunking setup between my FreePBX server and Twilio using the PJSIP stack.
Unencrypted trunking works fine over UDP. However, when I try to enable TLS/SRTP, I can't seem to get it to work. As soon as I update the trunk to use 5061 and the TLS transport I get the following in the Asterisk logs.
WARNING[5268] pjproject: tsx0x27c4cd8 .Failed to send Request msg OPTIONS/cseq=28056 (tdta0x26d3af0)! err=171064 (Unsuitable transport selected (PJSIP_ETPNOTSUITABLE))
ERROR[5268] res_pjsip.c: Error 171064 'Unsuitable transport selected (PJSIP_ETPNOTSUITABLE)' sending OPTIONS request to endpoint Twilio
I think the issue may be that PJSIP does not support wildcard SSL certs and Twilio uses one, but I'm not sure how I can be sure. Any ideas on how to debug this would be very helpful.
Update: I tweaked some of the URIs directly in the asterisk config files and now I've gotten past the unsuitable transport error. The new error is as I feared:
ERROR[524] pjproject: RFC 5922 (section 7.2) does not allow TLS wildcard certificates. Advise your SIP provider, please!
Any ideas on how to work around this?
After talking with Twilio support, encrypted SIP trunking is only supported on PJSIP 2.5.5 or higher. I tested it on an Alpha build of the FreePBX Distro which runs 2.5.5, and it still complained about the wildcard cert, but it allowed the call to go through.
Of course, the older chan_sip module works with encrypted trunking on any modern version of FreePBX.