Hello all,
Thanks Klaus for your answer, it helps me a lot !!
For my configuration, do I need to install a database ?
After doing some research, I think for routing purposes a database is not
needed...
Thanks you very much for your input,
Regards
Message du 13/08/11 08:38
De : Klaus Darilion
A : sr-users@lists.sip-router.org
Copie à :
Objet : Re: [SR-Users] Question about encryption with Kamailio
On 12.08.2011 14:56, margot.basa wrote:
Hello all,
I would like to use Kamailio to encrypt contents of SIP messages (using
SIP TLS) between 2 endpoints, i.e.:
- To use 5061 port instead of 5060 port,
- To use sips uri instead of sip uri...
For example, T1 and T2 communicates with Server A like that:
1) T1 and T2 send REGISTER to Server A
2) T1 and T2 received 200 OK from Server A
...
3) Server A sends an INVITE message to T1 and T2
...
4) RTP flow between T1 and T2 (this should not be encrypted)
...
5) Server A sends a BYE request to T1 and T2
...
All those exchanges are made on Transport layer TCP or UDP on port 5060.
T1 and T2 are not able to support TLS but Server A needs to
receive/send messages in SIP TLS.
I would like to insert Kamailio between T1 and Server A, T2 and
Server B in order to encrypt contents of SIP messages.
I have some questions about that:
- I think Kamailio can do that but I am not sure, can you confirm that
to me please?
Yes, you can do that with Kamailio
- Can I use Kamailio as it is to do that?
Almost yes. You only have to load the TLS module and tell Kamailio to
listen on port 5061 for TLS.
Probably some modifications to the default configuration are needed.
- Do I have to add a Route header in requests in order that requests
between T1 and Server A go through Kamailio
Yes. When record-routing is activated (it is activated in the default
config), all in-dialog requests (ACK, reINVITE, BYE) will be routed
automatically via Kamailio.
The more complicated part will be the initial requests (REGISTER,
INVITE). Requests from the clients to the server are quite easy to handle:
if (src_ip != ip.address.of.server) {
$du = sip:ip.address.of.server;transport=tls;
t_relay();
Complicated are INVITEs from the server to the client. Usually during
registration the server stores the contact information of the client, to
send incoming calls to this address. This is either the information in
the Contact header, or the IP address:port from which the REGISTER was
received (if the server performs NAT traversal).
Both cases are bad - as the server should send the request to Kamailio,
but Kamailio needs to know where to forward the request.
The proper solution is using Path - see documentation of the Path
module. If your servers supports Path, then you are finished.
If your server does not support Path, there are 2 approaches:
A) The server stores the Contact, but sends the INVITE requests always
to Kamailio. Therefore, the server needs some kond of outbound proxy
functionality.
B) Kamailio stores the contact of the client, and forwards the REGISTER
with a contact pointing to itself. Thus, server will lookup the client,
finds the IP address of Kamailio and forwards the request. Then Kamailio
again looks up the client in the location table and then forwards the
request. This only works, if Kamailio puts an unique identifier of the
client into the username part of the Contact header.
- Does Kamailio is able to intercept SIP packets automatically (with a
certain configuration)?
No. Other nodes have to send SIP messages to Kamailio. This is why
record-routing is needed to tell the other clients to route in-dialog
requests via Kamailio too.
- Do you know difference between Freeswitch and Kamailio? (because I
have seen that Freeswitch can do what I need:
see Figure4: http://wiki.freeswitch.org/wiki/SIP_TLS)
No.
Klaus
Thank you very much for your input.
Regards
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ?
Je crée ma boîte mail www.laposte.net
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
