12 Jun
2018
12 Jun
'18
4:05 p.m.
Hello,
we are pretty new to SIP and kamailio, we do have some questions regarding
the following scenario:
We have a number of UACs in a small network which are required to
communicate without encryption because the are not able to consume
certificates. We want to use kamailio (as a proxy?) to establish an
encrypted connection to a backend UAS.
1. Is it possible to directly register the UACs with the UAS eventhough
communication between kamailio and the UAS is encrypted ?
2. How do we need to configure kamailio in order to make this scenario work
?
Thank you for your suppport
13 Jun
13 Jun
4:07 p.m.
On Tue, Jun 12, 2018 at 03:05:47PM +0200, mip FKF wrote:
We have a number of UACs in a small network which are
required to
communicate without encryption because the are not able to consume
certificates. We want to use kamailio (as a proxy?) to establish an
encrypted connection to a backend UAS.
1. Is it possible to directly register the UACs with the UAS eventhough
communication between kamailio and the UAS is encrypted ?
Yes, kamailio could relay SIP over TLS
2. How do we need to configure kamailio in order to
make this scenario work?
Configure TLS on kamailio (there is an example in the default supplied
configs) and for example use dispatcher with transport=tls
BTW this would only encrypt SIP. If you want to encrypt RTP you'll need
rtpengine and its ability to transcode between SRTP and RTP. Though I
failed to set this up correctly in the past it should work according to
rtpengine documentation.
An alternative is to route traffic from kamailio to the UAS over an
encrypted tunnel (aka VPN), but that is out of the scope of this
mailinglist except that you'd need to setup a multihomed kamailio
(e.g. mhomed=1)
2354
days inactive
2355
days old
1 comments
2 participants
participants (2)
-
Daniel Tryba -
mip FKF