To use TLS you have 2 choices:
1. Let Kamailio decide: That means you only specify a domain and Kamailio will do NAPTR lookups and uses the most protocol with highest priority (thus TLS NAPTR should have highest priority)
2. Force TLS: Kamailio differs between request URI (RURI, $ru) and destination URI (DURI, $du). RURI is the SIP URI in the first line of the SIP request. DURI is just a Kamailio internal SIP URI which is used for routing. If DURI is not set, then Kamailio uses the RURI for routing. If DURI is set, Kamailio usues the DURI for routing, regardless of the value in the RURI.
Thus in your case I would not change the RURI, but instead set a DURI with transport=tls parameter. So, if DURI is empty, you can just use:
$du= "sip:ip.address.ofnext.hop:5061;transport=tls"
regards Klaus
Am 08.07.2010 18:56, schrieb Matteo Campana:
Hi klaus, Suppose I can't access to NAPTR settings. I need to manage SIP URI, so , If I right understand, the only way to use TLS protocol in kamailio 1.5 is to append ";transport=tls" in R-URI before relay. In other words I need to rewrite R-URI:
$ru = $ru + ";transport=tls" ; # and the t_relay t_relay() ;
something like that?
Regards,
Daniel
Il 08/07/2010 18.45, Matteo Campana ha scritto:
-------- Messaggio originale -------- Oggetto: Re: [SR-Users] Kamailio and NAPTR lookup with TLS Data: Thu, 08 Jul 2010 18:44:27 +0200 Mittente: Klaus Darilion klaus.mailinglists@pernau.at A: Daniel-Constantin Mierla miconda@gmail.com CC: matteo.campana@klarya.it, sr-users@lists.sip-router.org
Am 08.07.2010 18:10, schrieb Daniel-Constantin Mierla:
Hello,
On 7/8/10 5:59 PM, Matteo Campana wrote:
Hi all, I'm using kamailio 1.5 with TLS module. I need to make ENUM query and get NAPTR record.
From NAPTR lookup, I'd like to relay my SIP Invite with tls protocol.
How can I tell Kamailio to use TLS protocol ( instead of udp) after NAPTR lookup ?
I've try to set :
dns_tls_pref=1 dns_udp_pref=2 dns_tcp_pref=3
in the general section of kamailio.cfg, but I get a parse error.
these parameters were introduced in kamailio with version 3.0.
If you need TLS then it is recommended to use 3.0 anyhow, it is a far better implementation. That will make the life easier to migrate to upcoming 3.1 that will bring asynchronous TLS.
No matter what you have in R-URI, you can force TLS via setting outbound proxy address to be a TLS uri:
$du ="sip:__ip_or_host__;transport=tls"; t_relay();
IIRC we do have NAPTR support in Kamailio 1.5 - don't we?
Then I think it should work when putting a domain into $du and makeing sure that there is no transport parameter, no port, and NAPTR TLS record has highest priority.
regards klaus
The IP or host you can take from R-URI without any problem via PV $rd. Other option is to use function from tm - t_relay_to_tls():
http://kamailio.org/docs/modules/stable/modules/tm.html#t_relay_to_udp
Cheers, Daniel
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users