Hi,
I have configured two SIP domains using OpenSER v 1.1.1 with authentication (digest authentication) and TLS support. Each domain has clients (UAC) running minisip (3220) with TLS and certificates configured. When there is a call between a user from one domain to a user in the other domain, the SIP communications between minisip clients and their corresponding OpenSER proxies is done via TLS (port 5061/TCP), however, the SIP communication between the two OpenSER proxies is still done via UDP (port 5060/UDP).
The TLS configuration in both servers is as follows:
disable_tls = 0 listen = tls:192.168.1.10:5061 tls_verify_server = 1 tls_verify_client = 1 tls_require_client_certificate = 1 tls_method = TLSv1 tls_certificate = "/etc/openser/tls/sipdA/sipdA-cert.pem" tls_private_key = "/etc/openser/tls/sipdA/sipdA-privkey.pem" tls_ca_list = "/etc/openser/tls/sipdA/sipdA-calist.pem"
Any ideas or suggestions regarding how to enable SIPS (TLS) between OpenSER SIP proxies?
Thanks. JB74
_________________________________________________________________ Live Search, for accurate results! http://www.live.nl
It depends on how the call is forwarded from proxy1 to proxy2. If you manually rewrite the URI, make sure the new URI has the transport=tls parameter.
If the call is just relayed (e.g. client1 calls client2@proxy2.domain.com) then openser forwards according to RFC3263. Thus, you have to make sure that there is a NAPTR record for the domain with TLS as the most preferred protocol.
regards klaus
John Barry wrote:
-
John Barry -
Klaus Darilion