<div dir="ltr">Hi,<div><br></div><div>I'm trying to understand what is the best or suitable approach to the following use case. Let me simplify thing a little bit. </div><div><br></div><div>Suppose we have one FreeSWITCH registrar behind SIP proxy (kamailio). I'd like to offload SSL/TLS encryption/decryption to SIP proxy:</div><div><br></div><div>REGISTER:</div><div><br></div><div>Request: UAC == SIP/TLS ==> Kamailio == UDP ==> FreeSWITCH:50</div><div>Reply: UAC <== SIP/TLS == Kamailio <== UDP == FreeSWITCH</div><div><br></div><div>INVITE:</div><div>UAC1 == SIP/TLS ==> Kamailio == UDP == > FreeSWITCH == UDP ==> Kamailio == SIP/TLS ==> UAC2</div><div><br></div><div>(FreeSWITCH uses kamailio as outbound proxy with fs_path tag appended in dialplan).</div><div><br></div><div>The main problem is in Contact header which contains transport=tls and we can see it in FreeSWITCH console:</div><div><br></div><div>User: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span><a href="mailto:user@domain.com">user@domain.com</a></div><div>Contact: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>"" <sip:user@UAC_IP:57976;transport=tls><br></div><div>Status: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Registered(TLS)(unknown) EXP(2016-11-22 10:16:59) EXPSECS(108)</div><div>IP: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SIP_PROXY_IP<br></div><div>Port: <span class="gmail-Apple-tab-span" style="white-space:pre"> 5060</span><br clear="all"><div><br></div><div>When FreeSWITCH sends INVITE to UAC2 (during call) it tries to establish TLS session to UAC2. It fails because there is no TLS-enabled sofia profiles in the config of FreeSWITCH.</div><div><br></div><div>I have only one solution in my mind: rewrite transport tag in Contact header on SIP proxy (transport=udp to FreeSWITCH, and transport=tls to UAC).</div><div><br></div><div>I'd like to know it this solution ok or there is more elegant solutions.</div><div><br></div><div>I've tried appending tag transport=udp in FreeSWITCH's dialplan but no success.</div><div><br></div><div>Thank you in advance.</div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">С уважением,<br>Владислав Захожай<br><br></div></div>
</div></div>