7 Jun
2013
7 Jun
'13
12:42 p.m.
- Asterisk doesn't automatically use it's bind IP:port for outgoing
connections to the proxy - so proxy ACLs are tricky to set up if the
Asterisk host has multiple IPs
Asterisk has severe issues - and have had for a long
time, with
selecting the sender's IP address if you have multiple IPs on
the host.
- if Asterisk tries to connect to a TLS proxy, and the proxy has
optional client cert verification enabled, Asterisk tries to send it's
cert. There seems to be no way to disable Asterisk sending a cert in
this scenario, but the proxy doesn't like the way the client cert is
submitted and so it seems impossible to connect to such a proxy.
THe current SIP
stacks implementation of TLS stinks and was
written and committed by people with very little knowledge of SIP
and TLS. As I had no power to block the commit, I marked it experimental
in release 1.6.0 and no one has stepped forward with resources to fix it.
Both of these issues are quite embarrassing and a reason to use
a proxy like Kamailio in front of Asterisk.
Hopefully it will get better with the new Asterisk SIP stack - but do
remember that it will take quite some time from release until that
stack is ready for large-scale production.
/O
-----
Edvina SIP Masterclass in Malaga, Spain, July 2013
Learn more about Kamailio and SIP!
http://edvina.net/blog/2013/01/sipmaster-malaga-2013/
Register now!