- Asterisk doesn't automatically use it's bind IP:port for outgoing
connections to the proxy - so proxy ACLs are tricky to set up if the Asterisk host has multiple IPs
Asterisk has severe issues - and have had for a long time, with selecting the sender's IP address if you have multiple IPs on the host.
- if Asterisk tries to connect to a TLS proxy, and the proxy has
optional client cert verification enabled, Asterisk tries to send it's cert. There seems to be no way to disable Asterisk sending a cert in this scenario, but the proxy doesn't like the way the client cert is submitted and so it seems impossible to connect to such a proxy.
THe current SIP stacks implementation of TLS stinks and was written and committed by people with very little knowledge of SIP and TLS. As I had no power to block the commit, I marked it experimental in release 1.6.0 and no one has stepped forward with resources to fix it.
Both of these issues are quite embarrassing and a reason to use a proxy like Kamailio in front of Asterisk.
Hopefully it will get better with the new Asterisk SIP stack - but do remember that it will take quite some time from release until that stack is ready for large-scale production.
/O
----- Edvina SIP Masterclass in Malaga, Spain, July 2013 Learn more about Kamailio and SIP! http://edvina.net/blog/2013/01/sipmaster-malaga-2013/ Register now!