Hello all, Thanks Klaus for your answer, it helps me a lot !! For my configuration, do I need to install a database ? After doing some research, I think for routing purposes a database is not needed...
Thanks you very much for your input, Regards > Message du 13/08/11 08:38 > De : "Klaus Darilion" > A : sr-users@lists.sip-router.org > Copie à : > Objet : Re: [SR-Users] Question about encryption with Kamailio > > > > On 12.08.2011 14:56, margot.basa wrote: > > Hello all, > > > > I would like to use Kamailio to encrypt contents of SIP messages (using > > SIP TLS) between 2 endpoints, i.e.: > > - To use 5061 port instead of 5060 port, > > - To use sips uri instead of sip uri... > > > > For example, T1 and T2 communicates with "Server A" like that: > > 1) T1 and T2 send REGISTER to "Server A" > > 2) T1 and T2 received 200 OK from "Server A" > > ... > > 3) "Server A" sends an INVITE message to T1 and T2 > > ... > > 4) RTP flow between T1 and T2 (this should not be encrypted) > > ... > > 5) "Server A" sends a BYE request to T1 and T2 > > ... > > > > All those exchanges are made on Transport layer TCP or UDP on port 5060. > > T1 and T2 are not able to support TLS but "Server A" needs to > > receive/send messages in SIP TLS. > > I would like to insert Kamailio between T1 and "Server A", T2 and > > "Server B" in order to encrypt contents of SIP messages. > > > > I have some questions about that: > > - I think Kamailio can do that but I am not sure, can you confirm that > > to me please? > > Yes, you can do that with Kamailio > > > - Can I use Kamailio as it is to do that? > > Almost yes. You only have to load the TLS module and tell Kamailio to > listen on port 5061 for TLS. > > Probably some modifications to the default configuration are needed. > > > - Do I have to add a "Route" header in requests in order that requests > > between T1 and "Server A" go through Kamailio > > Yes. When record-routing is activated (it is activated in the default > config), all in-dialog requests (ACK, reINVITE, BYE) will be routed > automatically via Kamailio. > > The more complicated part will be the initial requests (REGISTER, > INVITE). Requests from the clients to the server are quite easy to handle: > > if (src_ip != ip.address.of.server) { > $du = "sip:ip.address.of.server;transport=tls"; > t_relay(); > > Complicated are INVITEs from the server to the client. Usually during > registration the server stores the contact information of the client, to > send incoming calls to this address. This is either the information in > the Contact header, or the IP address:port from which the REGISTER was > received (if the server performs NAT traversal). > > Both cases are bad - as the server should send the request to Kamailio, > but Kamailio needs to know where to forward the request. > > The proper solution is using "Path" -> see documentation of the Path > module. If your servers supports "Path", then you are finished. > > If your server does not support Path, there are 2 approaches: > > A) The server stores the Contact, but sends the INVITE requests always > to Kamailio. Therefore, the server needs some kond of "outbound proxy" > functionality. > > B) Kamailio stores the contact of the client, and forwards the REGISTER > with a contact pointing to itself. Thus, server will lookup the client, > finds the IP address of Kamailio and forwards the request. Then Kamailio > again looks up the client in the location table and then forwards the > request. This only works, if Kamailio puts an unique identifier of the > client into the username part of the Contact header. > > > > - Does Kamailio is able to intercept SIP packets automatically (with a > > certain configuration)? > > No. Other nodes have to send SIP messages to Kamailio. This is why > record-routing is needed to tell the other clients to route in-dialog > requests via Kamailio too. > > > - Do you know difference between Freeswitch and Kamailio? (because I > > have seen that Freeswitch can do what I need: > > see Figure4: http://wiki.freeswitch.org/wiki/SIP_TLS) > > No. > > Klaus > > > > > Thank you very much for your input. > > Regards > > > > > > > > > > > > > > > > _______________________________________________ > > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > > sr-users@lists.sip-router.org > > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ? Je crée ma boîte mail www.laposte.net
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users