[Freeswitch-users] FreeSWITCH Registrar TLS offload

Alexandru Covalschi 568691 at gmail.com
Tue Nov 22 14:03:55 MSK 2016


Do you have set_contact_alias or add_contact_alias in Kamailio? Anyways
you're doing something wrong as AFAIK Kamailio translates contact header to
udp automatically. You should try to post on sr-users list.

2016-11-22 12:33 GMT+02:00 Vladyslav Zakhozhai <v.zakhozhai at gmail.com>:

> Hi,
>
> I'm trying to understand what is the best or suitable approach to the
> following use case. Let me simplify thing a little bit.
>
> Suppose we have one FreeSWITCH registrar behind SIP proxy (kamailio). I'd
> like to offload SSL/TLS encryption/decryption to SIP proxy:
>
> REGISTER:
>
> Request: UAC == SIP/TLS ==> Kamailio == UDP ==> FreeSWITCH:50
> Reply: UAC <== SIP/TLS == Kamailio <== UDP == FreeSWITCH
>
> INVITE:
> UAC1 == SIP/TLS ==> Kamailio == UDP == > FreeSWITCH == UDP ==> Kamailio ==
> SIP/TLS ==> UAC2
>
> (FreeSWITCH uses kamailio as outbound proxy with fs_path tag appended in
> dialplan).
>
> The main problem is in Contact header which contains transport=tls and we
> can see it in FreeSWITCH console:
>
> User:       user at domain.com
> Contact:   "" <sip:user at UAC_IP:57976;transport=tls>
> Status:     Registered(TLS)(unknown) EXP(2016-11-22 10:16:59) EXPSECS(108)
> IP:         SIP_PROXY_IP
> Port:       5060
>
> When FreeSWITCH sends INVITE to UAC2 (during call) it tries to establish
> TLS session to UAC2. It fails because there is no TLS-enabled sofia
> profiles in the config of FreeSWITCH.
>
> I have only one solution in my mind: rewrite transport tag in Contact
> header on SIP proxy (transport=udp to FreeSWITCH, and transport=tls to UAC).
>
> I'd like to know it this solution ok or there is more elegant solutions.
>
> I've tried appending tag transport=udp in FreeSWITCH's dialplan but no
> success.
>
> Thank you in advance.
>
> --
> С уважением,
> Владислав Захожай
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Alexandru Covalschi
VoIP engineer and system administrator
tel: +37367398493
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161122/80f6ac9f/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list