[Freeswitch-users] FreeSWITCH Registrar TLS offload

Vladyslav Zakhozhai v.zakhozhai at gmail.com
Fri Nov 25 14:15:35 MSK 2016 

David,

yes of course I'll be back with solution here :) But I'm not sure when
exactly.

2016-11-24 12:30 GMT+02:00 David Villasmil <david.villasmil.work at gmail.com>:

> Hello,
>
> Please come back with the solution when you have it. It should be
> interesting for people using kamailio/freeswitch.
>
> Regards,
>
> David
>
> On Wed, Nov 23, 2016 at 10:37 AM Vladyslav Zakhozhai <
> v.zakhozhai at gmail.com> wrote:
>
>> Alexandru, thank you for the answer. I think you've given me right
>> direction to investigate.
>>
>> As you've mentioned this is really kamailio issue/question. So I'm moving
>> to sr-users list.
>>
>>
>> 2016-11-22 13:03 GMT+02:00 Alexandru Covalschi <568691 at gmail.com>:
>>
>> Do you have set_contact_alias or add_contact_alias in Kamailio? Anyways
>> you're doing something wrong as AFAIK Kamailio translates contact header to
>> udp automatically. You should try to post on sr-users list.
>>
>> 2016-11-22 12:33 GMT+02:00 Vladyslav Zakhozhai <v.zakhozhai at gmail.com>:
>>
>> Hi,
>>
>> I'm trying to understand what is the best or suitable approach to the
>> following use case. Let me simplify thing a little bit.
>>
>> Suppose we have one FreeSWITCH registrar behind SIP proxy (kamailio). I'd
>> like to offload SSL/TLS encryption/decryption to SIP proxy:
>>
>> REGISTER:
>>
>> Request: UAC == SIP/TLS ==> Kamailio == UDP ==> FreeSWITCH:50
>> Reply: UAC <== SIP/TLS == Kamailio <== UDP == FreeSWITCH
>>
>> INVITE:
>> UAC1 == SIP/TLS ==> Kamailio == UDP == > FreeSWITCH == UDP ==> Kamailio
>> == SIP/TLS ==> UAC2
>>
>> (FreeSWITCH uses kamailio as outbound proxy with fs_path tag appended in
>> dialplan).
>>
>> The main problem is in Contact header which contains transport=tls and we
>> can see it in FreeSWITCH console:
>>
>> User:       user at domain.com
>> Contact:   "" <sip:user at UAC_IP:57976;transport=tls>
>> Status:     Registered(TLS)(unknown) EXP(2016-11-22 10:16:59)
>> EXPSECS(108)
>> IP:         SIP_PROXY_IP
>> Port:       5060
>>
>> When FreeSWITCH sends INVITE to UAC2 (during call) it tries to establish
>> TLS session to UAC2. It fails because there is no TLS-enabled sofia
>> profiles in the config of FreeSWITCH.
>>
>> I have only one solution in my mind: rewrite transport tag in Contact
>> header on SIP proxy (transport=udp to FreeSWITCH, and transport=tls to UAC).
>>
>> I'd like to know it this solution ok or there is more elegant solutions.
>>
>> I've tried appending tag transport=udp in FreeSWITCH's dialplan but no
>> success.
>>
>> Thank you in advance.
>>
>> --
>> С уважением,
>> Владислав Захожай
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>>
>> --
>> Alexandru Covalschi
>> VoIP engineer and system administrator
>> tel: +37367398493
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>>
>> --
>> С уважением,
>> Владислав Захожай
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
С уважением,
Владислав Захожай
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161125/b6ee2852/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list