MYVOIPAPP products blog – Software based SIP-PBX

miniSIPPhone V26.1

2026/01/26 Gilson

The latest version of miniSIPPhone V26.1 has been released recently, which primarily includes the following key features or modifications:

1. support DTLS-SRTP

After miniSIPServer added support for DTLS-SRTP, we updated miniSIPPhone to enable encrypted voice stream transmission via DTLS-SRTP. When deploying enterprise communication networks, especially those involving external public cloud systems, we fully implement high-strength encryption for both signaling and media to ensure the security of enterprise communications.

In both miniSIPServer and miniSIPPhone, we have uniformly implemented the following restrictions for DTLS-SRTP:

(1) DTLS must be DTLSv1.2 or above.

(2) The encryption suite is fixed to SRTP_AES128_CM_SHA1_80. Although the specification defines several encryption suites, we use the highest-strength encryption and do not support negotiating other encryption suites.

(3) The fingerprint always uses SHA-256 encoding and does not support SHA-1 or other encoding methods.

2. Simplify SIP account configuration

In the new version, when configuring SIP accounts, there is no longer a need for separate configuration to specify the port, as shown in the figure below:

Typically, SIP servers use standard ports to provide services, and users do not need to understand the port information specified by the protocol (just as we rarely specify or know about ports like 80 and 443 when accessing the internet). Therefore, we have removed the “Server Port” configuration option.

However, there are cases where SIP servers use non-standard ports (for example, miniSIPServer Cloud uses port 6060 for SIP-TLS access instead of the standard 5061 port). In the new version, we can specify both the address and port information together in the “Server Address” field, for example:

15000.s2.minisipserver.com:6060

If the server provides an IPv6 address and a non-standard port, we can configure it using the following example method:

[fe80::5a11:22ff:fe74:8198]:6060

Optimize “SIP over TLS”

2026/01/18 Gilson

In previous versions of miniSIPServer, in order to enable “SIP over TLS”, it was necessary to configure certificate and key files (including self-signed certificates and keys). If these files were not present in the configuration directory, miniSIPServer would not enable SIP over TLS by default.

Most customers deploy “SIP over TLS” using self-signed certificates and keys. Linux systems come with the openssl tool built-in, making it very easy and convenient to create these files. However, Windows systems do not have the openssl tool by default, requiring customers to download the tool to create certificates and keys, which is slightly more troublesome.

To reduce the workload for our customers, we have streamlined the steps for enabling “SIP over TLS” in miniSIPServer:

miniSIPServer now enables “SIP over TLS” by default. If certificate and key files are configured, it uses the customer’s provided certificates and keys to encrypt SIP messages. If no certificate or key files are configured, miniSIPServer automatically creates a self-signed certificate and key to encrypt SIP.

Therefore, when miniSIPServer starts, we can see the TLS port information, indicating that “SIP over TLS” has been enabled.

Run miniSIPServer on SUSE, Fedora, …

2025/11/21 Gilson

We typically develop and release the miniSIPServer software for Linux systems exclusively on Debian and Ubuntu, with versions distributed as deb installation packages by default. For users in the other major Linux ecosystem—the RPM camp—deploying miniSIPServer can be quite inconvenient. An increasing number of customers are expressing a desire to deploy miniSIPServer on operating systems such as SUSE, Fedora, openEuler, and so on.

Considering our limited resources (including manpower, equipment, etc.), we have decided to release the installation package in AppImage format, which is compatible with almost all non-Debian-based Linux systems. Of course, it currently only supports the x86_64 (AMD64) architecture and does not yet support the ARM64 architecture.

Please download versions from our website:

It is very simple to use and does not even require installation. Save the downloaded miniSIPServer software (for example, minisipserver_u500.AppImage) in any directory, and then set the “executable permission”:

chmod +x minisipserver_u500.AppImage

Double-click the file or run it directly from the command line:

./minisipserver_u500.AppImage

Everything else is the same as with the deb package installation method. Configuration files are also stored in the $HOME/.minisipserver directory.

We tested on openSUSE (Leap 16), Fedora 42, and openEuler (24.03 LTS SP2) respectively, with satisfactory results:

We welcome everyone to give it a try!

Optimize the “hunting-group” service

2025/11/12 Gilson

The “hunting group” is a long-established enterprise communication service that was widely used in the circuit-switched telephone era and remains deployed by many businesses even in the VoIP era. However, times have changed, and the service itself must evolve to keep pace with the characteristics and requirements of IP networks. Based on recent customer needs and changes in the network environment, we have implemented several optimizations to the hunting group feature in miniSIPServer.

The focus has been on modifying and optimizing the “Operator” feature within the service. Please refer to the image below:

Change 1: One operator can now be assigned to multiple hunting groups simultaneously. Previously, an operator was restricted to a single hunting group, which no longer meets the needs of modern enterprises. As employees often handle multifaceted roles, there is a significant need for them to support multiple hunting groups at the same time. This new feature addresses this requirement.

During the era of circuit-switched telephony, phone terminals lacked sufficient capabilities. Therefore, hunting groups typically allowed operators to log in or out by dialing specific codes. However, for the following reasons, the new hunting group feature in miniSIPServer no longer supports manual operator login or logout:

(1) Most modern SIP terminals now have sufficient functionality to implement features like “Do Not Disturb” directly on the device side, making manual login/logout unnecessary.

(2) Now that one operator can support multiple hunting groups simultaneously, simple login/logout actions are inadequate. Operations would need to be performed for specific hunting groups, making dialing procedures cumbersome and unnecessary.

Change 2: For hunting groups using the “Linear” policy, operators can now be assigned a sequence number to define their selection order. Previously, the selection order was based solely on the sequence in which operators logged into the system, which essentially resulted in a random order and could not meet practical requirements. In real-world scenarios, certain operators often need different priority levels within the group.

An operator with a smaller “Linear sequence number” will be selected earlier by the hunting group. If multiple operators have the same sequence number, they will be sorted by their login time, with those who logged in earlier receiving priority.

Of course, this new configuration does not apply to the “round-robin” strategy. The round-robin strategy always strives to distribute calls as evenly as possible among operators to balance the workload.

The hunting group feature has been updated in both the on-premises and cloud versions of miniSIPServer. There are no differences in configuration or usage between the two versions. Please refer to the product documentation for more detailed information.

Secure enterprise SIP communication

2025/10/22 Gilson

Enterprise communication systems are typically deployed within private networks, with Session Border Controllers (SBCs) or voice gateways installed at the network edge to facilitate external communication. Therefore, in most scenarios, enterprise communications remain highly secure. However, a growing number of businesses are now deploying SIP servers in the cloud, while an increasing volume of SIP terminals within enterprises are accessing these corporate SIP servers from external networks. This shift has exposed part (or all) of enterprise communication systems to public networks, making security concerns increasingly severe.

The security of enterprise SIP communication involves many aspects of the network system, such as firewalls. Focusing solely on the SIP communication itself, it must be encrypted to prevent the exposure of communication information to other network users. Encrypted SIP communication consists of two parts: (1) SIP message (signaling) encryption, and (2) voice stream (RTP) encryption, as illustrated in the figure below:

Secure enterprise SIP communication network topology

Certainly, enterprises can deploy VPNs to encrypt the entire network system — not just communication systems but also office systems and more. Encrypted SIP communication can also be established over a VPN. However, setting up an enterprise VPN involves relatively high costs and complex systems. This article focuses solely on encrypted SIP communication and does not cover other network security technologies such as VPNs.

SIP message encryption is achieved through “SIP over TLS.” Both cloud-based miniSIPServer, on-premises miniSIPServer, and miniSIPPhone support SIP over TLSv1.2 / TLSv1.3. Please refer to the online documentation for details, as this article will not elaborate further on this topic.

Voice streams are encrypted through SRTP or DTLS-SRTP transmission. The master key and master salt for SRTP are transmitted and negotiated via the SDP (RFC4568) in SIP messages. Therefore, only when SIP messages are encrypted can the critical information of SRTP be ensured not to be leaked. Simply encrypting voice streams with SRTP while transmitting SIP messages in plaintext cannot guarantee the overall security of SIP communication.

RFC4568 defines several cryptographic suites. Currently, we have chosen to support the default AES_CM_128_HMAC_SHA1_80 and do not yet support other encryption suites.

The SRTP protocol family includes numerous extensions. Currently, miniSIPServer and miniSIPPhone support the most fundamental RFC3711 protocol, which is also the basic SRTP protocol supported by the vast majority of SIP devices (including servers, PBXs, SBCs, and endpoints). miniSIPServer can also support RFC5763 which is the basic protocol for DTLS-SRTP. (At present, some SIP clients don’t support DTLS-SRTP, so if you want to deploy that, please carefullu check their capabilities.)

miniSIPServer and miniSIPPhone can enable SRTP by default without requiring additional configuration. Some SIP devices need explicit configuration to select SRTP. For example, when configuring an account in MicroSIP, the “Media Encryption” setting must be configured as follows:

Welcome! Debian 13 (Trixie)!

2025/08/11 Gilson

Debian 13 (Trixie) was released yesterday. It is the latest stable version and quite suitable for business deployments. We are big fans of Debian, so we immediately run and test miniSIPServer on this system. All test cases are passed. Perfect!

You can deploy enterprise VoIP network with Trixie, it is an exciting choice.

miniSIPPhone supports SIP over TCP/TLS

2025/06/20 Gilson

Yes, we upgrade miniSIPPhone. Again!

miniSIPPhone V10.10 can support SIP over TCP and TLS now. In the account configuration, there is a new item ‘Transport’ to indicate which transport should be used to connect to SIP server.

miniSIPPhone account configuration, including transport configuration.

If SIP is over TLS, the messages are encrypted. It is quite necessary for enterprise communication if the servers or clients are deployed in public networks. As we know cloud miniSIPServer can support SIP over TLS and all virtual servers are deployed in the public network, so if you deploy miniSIPPhone at the same time, it could be safer for the whole VoIP network.

Of course, miniSIPPhone can work with other SIP servers who can support SIP over TCP/TLS to build a complete and safe enterprise VoIP system.

Send or receive instant messages

2025/05/29 Gilson

The latest version of miniSIPPhone is released today to support two key features: (1) Contact, and (2) Instant messages.

It has a new window to create and manage contact list like belowing:

In the contact window, you can select the target user and double click it to make a call out, or you can press ‘C’ key or click ‘Call’ button to do that.

If you want to send instant messages, you can select the target user and press ‘M’ key or click the ‘Message’ button, then you will get instant messages’ windows:

Instant message window on Windows system

One instant message window is used for one user. Each window has three areas: (1) Display area. It displays both incoming messages and outgoing messages. (2) Input area. You can input the instant message content here, and press ‘Ctrl+Enter’ keys to send the message out. (3) ‘Send’ button. Click it to send the message out.

At this time, miniSIPPhone uses SIP-MESSAGE to send and receive instant messages, and can only support plain text messages, so you cannot insert images, files, audios and videos into the messages.

Of course, miniSIPPhone can run on Windows system and Linux system (including AMD64 and ARM64). In fact, the users in above figure run miniSIPPhone on different systems.

Hope you can enjoy it. 🙂

Say goodbye to skype

2025/03/01 Gilson

We got a news that shype will be retired on May 5, 2025, so we have to say goodbye to skype. If you want to contact us, please refer to the online contact page to get details.