Re-using an existing TLS connection

List overview All Threads
Download

newer

older

kamailio and certificate renewal

Info: SIP resources collection

Matthias Urlichs

25 Feb 2022 25 Feb '22

3:32 a.m.

Hello,

My problem: our provider opens a TLS connection to us. They want us to use this channel for outgoing calls, instead of opening a new SIP connection to their server.

Is there a way to teach Kamailio to do that?

-- -- Matthias Urlichs

Attachments:

matthias.vcf (text/x-vcard — 4 bytes)
OpenPGP_signature.sig (application/pgp-signature — 840 bytes)

Show replies by date

Henning Westerholt

25 Feb 25 Feb

3:46 a.m.

Hello,

for a start - did you already tried this parameter: http://www.kamailio.org/wiki/cookbooks/5.5.x/core#tcp_reuse_port

Then have a look for example to this discussion: https://lists.kamailio.org/pipermail/sr-users/2019-November/107222.html

Cheers,

Henning

-- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com -----Original Message----- From: sr-users sr-users-bounces@lists.kamailio.org On Behalf Of Matthias Urlichs Sent: Friday, February 25, 2022 9:32 AM To: sr-users@lists.kamailio.org Subject: [SR-Users] Re-using an existing TLS connection Hello, My problem: our provider opens a TLS connection to us. They want us to use this channel for outgoing calls, instead of opening a new SIP connection to their server. Is there a way to teach Kamailio to do that? -- -- Matthias Urlichs

Matthias Urlichs

5:54 a.m.

Hi,

...

for a start - did you already tried this parameter:http://www.kamailio.org/wiki/cookbooks/5.5.x/core#tcp_reuse_port

Then have a look for example to this discussion:https://lists.kamailio.org/pipermail/sr-users/2019-November/107222.html

Thanks for the pointers. Got it to work.

For the record, what I did:

* add "name sock_tls" to the listen= parameter

* set tcp_reuse_port=yes

* the handler for OPTIONS saves the remote port to $shv(port__XXX)

* my call handler sets $fsn="sock_tls" and $rp to $shv(port__XXX)

… and that's it. So that was easier than expected.

NB, when browsing the sources for this I noticed that the "tcp_reuse_port" option is not recognized at all if the OS does not support SO_REUSEPORT.

However, here we're re-using an existing connection instead of opening a new connection from a port that has existing connections. Thus on systems that don't have SO_REUSEPORT (some BSDs, AFAIK) this method doesn't work (but should).

This mismatch is also the reason why I didn't notice this option in the documentation …

-- -- Matthias Urlichs

Olle E. Johansson

4:07 a.m.

...

On 25 Feb 2022, at 09:32, Matthias Urlichs matthias@urlichs.de wrote:

Signed PGP part Hello,

My problem: our provider opens a TLS connection to us. They want us to use this channel for outgoing calls, instead of opening a new SIP connection to their server.

Is there a way to teach Kamailio to do that?

As Henning already answered, yes. But if you are security-consious it would from a SIP security standpoint require that their side present a client cert that you can verify so you are really sending calls to the right provider.

1109

Age (days ago)

1109

Last active (days ago)

sr-users@lists.kamailio.org

3 comments

3 participants

tags (0)

participants (3)

Henning Westerholt
Matthias Urlichs
Olle E. Johansson