Kamailio as session border controller for Microsoft Teams

  1. Common Area Phone Direct Routing
  2. Configure Direct Routing - Microsoft Teams Microsoft Docs

Update September 2020

Mar 23, 2021 Microsoft Phone System Direct Routing enables you to connect your on-premises telephony infrastructure to Microsoft Teams. The article lists the high-level steps required for connecting a supported on-premises Session Border Controller (SBC) to Direct Routing, and how to configure Teams users to use Direct Routing to connect to the Public Switched Telephone Network (PSTN). Microsoft Teams Direct Routing is being opted as the most recent business collaboration solution in the realm of digital communication. IT experts who deploy Direct Routing are aware of SBC security issues that arise as soon as they deploy the solution in place. Microsoft Teams Direct Routing allows a customer provided SBC to connect to Microsoft Phone System. The customer provided SBC can be connected to almost any telephony trunk or interconnect 3rd party PSTN equipment.

At this year Kamailio World Online conference I gave a more general talkabout using Kamailio as SBC for Microsoft teams. You can find the blogpost with the presentation and video recording here.

About Microsoft Teams

Microsoft Teams is a unified communication and collaboration platform thatcombines persistent workplace chat [and] video meetings [..]. The serviceintegrates with the company's Office 365 [..] suite and features extensionsthat can integrate with non-Microsoft products. Microsoft Teams is acompetitor to services such as Slack and is the evolution and upgrade pathfrom Microsoft Skype for Business. From wikipedia.

Using Kamailio to connect your existing infrastruture

Many companies have already existing PBX infrastructure and/or existingtelephone trunks. The Open Source SIP server Kamailio allows you to connecteasily and efficiently your telephone infrastructure with the Microsoft Cloudtelephony infrastructure.

This way you can provide interoperability between your existing phoneinfrastructure and continue to use your existing PSTN connection for outsidecalls. You can configure call-forwardings, use existing PBXs for routing orannouncements and many more..

Necessary requirements

Microsoft provides an extensive documentation about how to plan, setup andtroubleshoot direct routing link.So this article describes only the Kamailio parts of the implementation indetail.

Common Area Phone Direct Routing

Necessary knowledge

The setup of this infrastructure requires a good knowledge of Kamailio and alsothe relevant SIP standards. If you are looking for an easier approach, you'llfind a link to our product offerings at the bottom of this page.

SBC domain, DNS and certificate

Teams certified session border controllers

You need to use a proper domain for your tenant, the default 'onmicrosoft.com'domain is not supported. Choose a dedicated DNS name for the new SBC, e.g.sbc.domain.com. Don't use sip or other reserved domain names.

Configure Direct Routing - Microsoft Teams Microsoft Docs

In my tests I will setup a new SBC for my network dc-sbc.skalatan.de. Itwill be called SBC-DNS-DOMAIN in this article to allow easy adaption. Thepublic IP address of this SBC is called SBC-IP-ADDR.

Your SBC obviously needs a public IP, configure your DNS that the new domainpoints to this IP with forward- and reverse-lookup.

The Microsoft Teams infrastructure encrypts all the SIP traffic with TLS.Therefore you need a TLS certificate for the Kamailio SBC. Officially onlycommercial TLS certificates are supported, but LetsEncrypt certificates alsoworked in my tests.

Ensure that you configure the TLS inside Kamailio correctly to also providethe necessary certificate authority information. Otherwise the TLS connectionwill not work in one or both ways and Microsoft can't use the SBC.

Add the SBC to MS Teams

Before you add the new SBC with PowerShell to MS Teams make sure that the DNSnames can be lookup from the outside internet.

Get the proper credentials in PowerShell:

Then add the SBC to the Direct Routing:

You should now be able to see the Kamailio SBC in the MS Teams overview page.Of course it shows still a failed status as we did not configured it yet.

TLS configuration

As already mentioned, we need to setup TLS in Kamailio to properly interactwith the MS infrastructure. Enable TLS in the Kamailio default configurationcan be easily done with the existing #!define. Example tls.cfg:

Verify e.g. with openssl or with a soft phone that the TLS is workingcorrectly.

SBC detection and keep-alive

MS detect if the SBC is working in two ways:

  1. MS probes periodically the SBC with SIP OPTIONS requests, and
  2. the SBC probes periodically the MS infrastructure with SIP OPTIONS request

So we need to setup Kamailio to support this. If you use the defaultkamailio.cfg then Kamailio should already be replying to SIP OPTIONS with astatus 200 - 'Keepalive' reply. So the first part is already solved.

For the second part we will use the dispatcher module, which provideseverything what we need. First enable it in the Kamailio configuration:


And then provide a dispatcher.list file:

Teams expect an optional Contact header in the SIP request, otherwise it willnot accept it. This can be easily done with a special route in kamailio.cfg:

You need to adapt the cfg if this event route already exists in your Kamailioinstallation.

Verify e.g. with kamcmd dispatcher.list that the ping works correctly.

If the probing works correctly in both ways then the SBC should be listed asenabled in the MS Teams Admin overview (TLS active, OPTIONS active):

Outgoing and incoming calls

In order to properly route outgoing and incoming calls over the MSinfrastructure you need to complete two last steps.

First it necessary set the correct Record-Route header in Kamailio. This isused from Teams as authenticiation mechanism. Change in your configuration theexisting record_route() function call to this one:

It might be necessary to change the Record-Route functionality depending onyour network setup, e.g. only activate this logic for certain routing path.

Then you need to configure a voice routing policy in MS Teams and assign it toyour user(s). More information about this can be found in the extensiveMicrosoft documentation.

Now incoming and outgoing calls should be working, e.g. with a soft phone:

And you should see some statistics in the MS Teams Admin overwiew:

Depending on your soft phone you can also see the traffic from your Kamailioto it:


Now you can use all the existing possibilities that Kamailio provide to interactwith MS Teams as well!

Extend the MS Teams systems with the features that Kamailio provides,especially for SIP trunking, interconnecting with VoIP providers or connectingexternal SIP endpoints.

If you need redundancy in your setup, you can add two Kamailio SBCs to MS Teams.You can e.g. balance your calls between both by adapting the MS voice routingpolicy. The same way different regions or PSTN routing destinations could besupported.

It is also possible to support multiple tenants or different customers on oneKamailio server, with different subdomains.

We offer now a MS Teams Direct Connect compatible SBC - more informationhere

Coments are closed

Most Viewed Posts

  • Sspx Daily Mass
  • Pollux Discord
  • Merge Data From Two Sheets In Excel
  • Ios Testflight

Scroll to top