[Freeswitch-users] FreeSWITCH Registrar TLS offload
Vladyslav Zakhozhai
v.zakhozhai at gmail.com
Tue Nov 29 01:31:48 MSK 2016
Hi, I'm from ser-userlist with a good news and testing results :)
FreeSWITCH do honor path header and will back responses and will originate
calls to/through SIP proxy IP address if it is in the path.
Before relaying in Kamailio you need put add_path or add_path_received
(both worked fine for me). FreeSWITCH will add it to Contact header:
Contact: "" <sip:user_name at user_ip
:49335;transport=tls;fs_path=sip%3Akamailio_ip%3Blr>
No manual manipulations on Contact header is needed from kamailio side (as
well as from FreeSWITCH side).
But be aware of correct handling SIP requests (i.e. INVITEs) from
FreeSWITCHes. For example my FreeSWITCHes backends are in dispatcher table
(sip:IP_ADDR:UDP_PORT). And I've checked it with ds_is_from_list in
kamailio. But FreeSWITCH originates INVITE to kamailio from
IP_ADDR:RANDOM_PORT. In this case ds_is_from_list fails :(
Now I'm checking is there mistakes in my configs or this is normal usecase
for FreeSWITCH (I did not mention it earlier).
2016-11-25 13:15 GMT+02:00 Vladyslav Zakhozhai <v.zakhozhai at gmail.com>:
> David,
>
> yes of course I'll be back with solution here :) But I'm not sure when
> exactly.
>
> 2016-11-24 12:30 GMT+02:00 David Villasmil <david.villasmil.work at gmail.com
> >:
>
>> Hello,
>>
>> Please come back with the solution when you have it. It should be
>> interesting for people using kamailio/freeswitch.
>>
>> Regards,
>>
>> David
>>
>> On Wed, Nov 23, 2016 at 10:37 AM Vladyslav Zakhozhai <
>> v.zakhozhai at gmail.com> wrote:
>>
>>> Alexandru, thank you for the answer. I think you've given me right
>>> direction to investigate.
>>>
>>> As you've mentioned this is really kamailio issue/question. So I'm
>>> moving to sr-users list.
>>>
>>>
>>> 2016-11-22 13:03 GMT+02:00 Alexandru Covalschi <568691 at gmail.com>:
>>>
>>> Do you have set_contact_alias or add_contact_alias in Kamailio? Anyways
>>> you're doing something wrong as AFAIK Kamailio translates contact header to
>>> udp automatically. You should try to post on sr-users list.
>>>
>>> 2016-11-22 12:33 GMT+02:00 Vladyslav Zakhozhai <v.zakhozhai at gmail.com>:
>>>
>>> Hi,
>>>
>>> I'm trying to understand what is the best or suitable approach to the
>>> following use case. Let me simplify thing a little bit.
>>>
>>> Suppose we have one FreeSWITCH registrar behind SIP proxy (kamailio).
>>> I'd like to offload SSL/TLS encryption/decryption to SIP proxy:
>>>
>>> REGISTER:
>>>
>>> Request: UAC == SIP/TLS ==> Kamailio == UDP ==> FreeSWITCH:50
>>> Reply: UAC <== SIP/TLS == Kamailio <== UDP == FreeSWITCH
>>>
>>> INVITE:
>>> UAC1 == SIP/TLS ==> Kamailio == UDP == > FreeSWITCH == UDP ==> Kamailio
>>> == SIP/TLS ==> UAC2
>>>
>>> (FreeSWITCH uses kamailio as outbound proxy with fs_path tag appended in
>>> dialplan).
>>>
>>> The main problem is in Contact header which contains transport=tls and
>>> we can see it in FreeSWITCH console:
>>>
>>> User: user at domain.com
>>> Contact: "" <sip:user at UAC_IP:57976;transport=tls>
>>> Status: Registered(TLS)(unknown) EXP(2016-11-22 10:16:59)
>>> EXPSECS(108)
>>> IP: SIP_PROXY_IP
>>> Port: 5060
>>>
>>> When FreeSWITCH sends INVITE to UAC2 (during call) it tries to establish
>>> TLS session to UAC2. It fails because there is no TLS-enabled sofia
>>> profiles in the config of FreeSWITCH.
>>>
>>> I have only one solution in my mind: rewrite transport tag in Contact
>>> header on SIP proxy (transport=udp to FreeSWITCH, and transport=tls to UAC).
>>>
>>> I'd like to know it this solution ok or there is more elegant solutions.
>>>
>>> I've tried appending tag transport=udp in FreeSWITCH's dialplan but no
>>> success.
>>>
>>> Thank you in advance.
>>>
>>> --
>>> С уважением,
>>> Владислав Захожай
>>>
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>>
>>>
>>> --
>>> Alexandru Covalschi
>>> VoIP engineer and system administrator
>>> tel: +37367398493
>>>
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>>
>>>
>>> --
>>> С уважением,
>>> Владислав Захожай
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
> С уважением,
> Владислав Захожай
>
>
--
С уважением,
Владислав Захожай
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161129/dbfe11ec/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list