Hi, I have confgured Kamailio with TLS in an Kamailio-Asterisk implementation. The phones (Bria - Eyebeam - Aastra 57i) are registering in Kamailio without problems, but the registration is not being forwarded to Asterisk. Kamailio is listening on port tls:5061 only and Asterisk on udp:5080. Should Kamailio has to listen on port 5060 also for UAC module functions? If I enable the port 5060, how do I prevent common SIP - UDP registrations? I mean, I want the registrations to be over TLS only. I would appreciate if someone can put me on the right path. Thanks in advance.
Lucas Alvarez
Hi Lucas!
Am 20.05.2011 22:39, schrieb Lucas Alvarez:
You should describe what you want to achieve. Should the registration be done on Kamailio, on Asterisk or both?
Anyway, it is just about forwarding a request to another destination.
If Kamailio needs to send via UDP, you also have to configure at least one listen=udp:.... address. Otherwise Kamailio can not use UDP transport. You can use port 5060 or any other port.
If I enable the port 5060, how do I prevent common SIP - UDP registrations?
I would deny UDP registrations to Kamailio using 2 different approaches:
1. Firewalling: Use a firewall or local iptables rules to prevent UDP between the clients and Kamailio's UDP listening port.
2. Additionally check transport in kamailio.cfg and reject requests if transport is not TLS (as a "backup" if the firewalling fails), e.g:
if(proto!=TLS) { sl_send_reply("403","Use TLS as transport!"); exit; };
regards klaus
-
Klaus Darilion -
Lucas Alvarez