TLS/SRTP with Easybell - Germany


Nov 30, 2016
Bavaria, Germany
The German provider Easybell ( provides TLS and SRTP encryption via a dedicated gateway - registrar/proxy is . When routing calls via this gateway, TLS and SRTP are forced.
Basic TLS/SRTP for FusionPBX/Freeswitch can be found under

Once TLS is working, I had to set up the following to get everything working on FusionPBX 4.5.20 with Freeswitch 1.10.5:
  • Create a dedicated external SIP profile with the option "tls-only" set to true to force all communication via port 5061
  • Set up a gateway with proxy "" and link it to the profile created above
  • Modify/add the following statements to the outbound route used before the bridge statement:
    • set rtp_secure_media_outbound=mandatory​
    • export rtp_secure_media_outbound=mandatory​
    • set sdp_secure_savp_only=true​
    • export sdp_secure_savp_only=true​
    • set rtp_secure_media=true​
    • export rtp_secure_media=true​
  • Add/update the following variable in Advanced -> variables -> SIP: rtp_secure_media_inbound with the value "optional"
  • Disable late-inbound-negotiation on your sip profiles if any phones/devices on your system are not able to use TLS with SRTP. - otherwise you might see 488 "Not Acceptable Here" responses.
Note: To aid debugging TLS connections look at