[Freeswitch-users] FreeSWITCH Registrar TLS offload

Brian West brian at freeswitch.org
Tue Nov 29 01:37:26 MSK 2016


You're using TLS/TCP the random port is how it happens.

/b


On Mon, Nov 28, 2016 at 4:31 PM, Vladyslav Zakhozhai <v.zakhozhai at gmail.com>
wrote:

> Hi, I'm from ser-userlist with a good news and testing results :)
>
> FreeSWITCH do honor path header and will back responses and will originate
> calls to/through SIP proxy IP address if it is in the path.
>
> Before relaying in Kamailio you need put add_path or add_path_received
> (both worked fine for me). FreeSWITCH will add it to Contact header:
>
> Contact:     "" <sip:user_name at user_ip:49335;transport=tls;fs_path=sip%
> 3Akamailio_ip%3Blr>
>
> No manual manipulations on Contact header is needed from kamailio side (as
> well as from FreeSWITCH side).
>
> But be aware of correct handling SIP requests (i.e. INVITEs) from
> FreeSWITCHes. For example my FreeSWITCHes backends are in dispatcher table
> (sip:IP_ADDR:UDP_PORT). And I've checked it with ds_is_from_list in
> kamailio. But FreeSWITCH originates INVITE to kamailio from
> IP_ADDR:RANDOM_PORT. In this case ds_is_from_list fails :(
>
> Now I'm checking is there mistakes in my configs or this is normal usecase
> for FreeSWITCH (I did not mention it earlier).
>
>
> 2016-11-25 13:15 GMT+02:00 Vladyslav Zakhozhai <v.zakhozhai at gmail.com>:
>
>> David,
>>
>> yes of course I'll be back with solution here :) But I'm not sure when
>> exactly.
>>
>> 2016-11-24 12:30 GMT+02:00 David Villasmil <david.villasmil.work at gmail.co
>> m>:
>>
>>> Hello,
>>>
>>> Please come back with the solution when you have it. It should be
>>> interesting for people using kamailio/freeswitch.
>>>
>>> Regards,
>>>
>>> David
>>>
>>> On Wed, Nov 23, 2016 at 10:37 AM Vladyslav Zakhozhai <
>>> v.zakhozhai at gmail.com> wrote:
>>>
>>>> Alexandru, thank you for the answer. I think you've given me right
>>>> direction to investigate.
>>>>
>>>> As you've mentioned this is really kamailio issue/question. So I'm
>>>> moving to sr-users list.
>>>>
>>>>
>>>> 2016-11-22 13:03 GMT+02:00 Alexandru Covalschi <568691 at gmail.com>:
>>>>
>>>> Do you have set_contact_alias or add_contact_alias in Kamailio? Anyways
>>>> you're doing something wrong as AFAIK Kamailio translates contact header to
>>>> udp automatically. You should try to post on sr-users list.
>>>>
>>>> 2016-11-22 12:33 GMT+02:00 Vladyslav Zakhozhai <v.zakhozhai at gmail.com>:
>>>>
>>>> Hi,
>>>>
>>>> I'm trying to understand what is the best or suitable approach to the
>>>> following use case. Let me simplify thing a little bit.
>>>>
>>>> Suppose we have one FreeSWITCH registrar behind SIP proxy (kamailio).
>>>> I'd like to offload SSL/TLS encryption/decryption to SIP proxy:
>>>>
>>>> REGISTER:
>>>>
>>>> Request: UAC == SIP/TLS ==> Kamailio == UDP ==> FreeSWITCH:50
>>>> Reply: UAC <== SIP/TLS == Kamailio <== UDP == FreeSWITCH
>>>>
>>>> INVITE:
>>>> UAC1 == SIP/TLS ==> Kamailio == UDP == > FreeSWITCH == UDP ==> Kamailio
>>>> == SIP/TLS ==> UAC2
>>>>
>>>> (FreeSWITCH uses kamailio as outbound proxy with fs_path tag appended
>>>> in dialplan).
>>>>
>>>> The main problem is in Contact header which contains transport=tls and
>>>> we can see it in FreeSWITCH console:
>>>>
>>>> User:       user at domain.com
>>>> Contact:   "" <sip:user at UAC_IP:57976;transport=tls>
>>>> Status:     Registered(TLS)(unknown) EXP(2016-11-22 10:16:59)
>>>> EXPSECS(108)
>>>> IP:         SIP_PROXY_IP
>>>> Port:       5060
>>>>
>>>> When FreeSWITCH sends INVITE to UAC2 (during call) it tries to
>>>> establish TLS session to UAC2. It fails because there is no TLS-enabled
>>>> sofia profiles in the config of FreeSWITCH.
>>>>
>>>> I have only one solution in my mind: rewrite transport tag in Contact
>>>> header on SIP proxy (transport=udp to FreeSWITCH, and transport=tls to UAC).
>>>>
>>>> I'd like to know it this solution ok or there is more elegant solutions.
>>>>
>>>> I've tried appending tag transport=udp in FreeSWITCH's dialplan but no
>>>> success.
>>>>
>>>> Thank you in advance.
>>>>
>>>> --
>>>> С уважением,
>>>> Владислав Захожай
>>>>
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Alexandru Covalschi
>>>> VoIP engineer and system administrator
>>>> tel: +37367398493
>>>>
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> С уважением,
>>>> Владислав Захожай
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>> С уважением,
>> Владислав Захожай
>>
>>
>
>
> --
> С уважением,
> Владислав Захожай
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 

*Brian West*
brian at freeswitch.org


*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
https://www.gofundme.com/freeswitch_ubuntu

Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>

*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161128/4f924712/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list