Using UDP, TCP, or TLS Transport to the IP PBX / Configuring TLS Transport |
Every VSTG generates its own self-signed certificate with its IP address and uses this certificate for TLS negotiation and encryption. The self-signed certificate for each VSTG needs to be loaded into the PBX certificate store for end-to-end TLS negotiation to succeed.
When VSTG acts as a TLS server, it binds and listens on TLS port 5061 for incoming TLS traffic. VSTG sends its self-signed certificate and the PBX accepts it by verifying that it is present in its certificate store.
When VSTG acts as a TLS client, it makes a single TLS connection with the PBX and uses the same socket/connection for all SIP communication with the PBX. This means that TLS negotiation with the PBX happens only on the initial call for that VSTG session.