[SR-Users] Offload SSL from backends with Kamailio

Wed Nov 30 18:24:01 CET 2016

Hi Sergey,

Thank you for the tip. I'm going to try topoh but not now.

The question is: is there a bug in freeswitch or bug in my kamailio's
config. And it seems to me that there is a bug in freeswitch. I see in Via
my SIP proxy without transport=tls. And as per RFC freeswitch must use
transport which is specified in Via for the next hop.

Maybe I'm wrong. But I do not think so :)

2016-11-30 18:20 GMT+02:00 Sergey Basov <sergey.v.basov at gmail.com>:

> Hi, Vladislav
>
> I had very simmilar issue, try to use topoh module.
> It will mask contact in header and called side will not try to send reply
> to contact dyrectly or using its proto.
> It will send using via or record-route headers.
> But this will work when kamailio is in statefull proxy mode.
>
> 29 нояб. 2016 г. 12:37 AM пользователь "Vladyslav Zakhozhai" <
> v.zakhozhai at gmail.com> написал:
>
> Ouch... It didn't work for me as expected. I forgot that I have configured
>> FreeSWITCH to work with TLS.
>> When I reverted sofia profile to work only over UDP originating call
>> fails again with message:
>>
>> [ERR] sofia_glue.c:943 TLS not supported by profile
>>
>>
>>
>> 2016-11-29 0:21 GMT+02:00 Vladyslav Zakhozhai <v.zakhozhai at gmail.com>:
>>
>>> Daniel, Alex, thank you for your answers.
>>>
>>> FreeSWITCH works with path as expected and it is my solution. add_path
>>> and add_path_received works fine in kamailio's config.
>>>
>>>
>>>
>>> 2016-11-28 19:02 GMT+02:00 Vladyslav Zakhozhai <v.zakhozhai at gmail.com>:
>>>
>>>> That is very interesting.
>>>>
>>>> I've added add_path_received in Kamailio config. And I can see that
>>>> FreeSWITCH received it and reflected in registration info.
>>>>
>>>> With SIP/UDP there is no problems. FreeSWITCH gets path and respnses
>>>> and INVITEs goes through Kamailio.
>>>>
>>>> But in case of TLS INVITES goes to Kamailio but FreeSWITCH tries to
>>>> originate call with TLS.
>>>>
>>>> Mybe this is FreeSWITCH issue. I'll check later.
>>>>
>>>> 2016-11-28 14:42 GMT+02:00 Daniel Tryba <d.tryba at pocos.nl>:
>>>>
>>>>> On Mon, Nov 28, 2016 at 01:15:03PM +0100, Daniel Tryba wrote:
>>>>> > > UAC == SIP/TLS ==> Kamailio == SIP/UDP ==> FreeSWITCH
>>>>> > >
>>>>> > solution is to use Path on the frontend/loadbalancer.
>>>>>
>>>>> According to this closed bug report it should work for
>>>>> Kamailio/Freeswitch:
>>>>> https://freeswitch.org/jira/si/jira.issueviews:issue-html/FS
>>>>> -4989/FS-4989.html
>>>>>
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>> sr-users at lists.sip-router.org
>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> С уважением,
>>>> Владислав Захожай
>>>>
>>>>
>>>
>>>
>>> --
>>> С уважением,
>>> Владислав Захожай
>>>
>>>
>>
>>
>> --
>> С уважением,
>> Владислав Захожай
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>

-- 
С уважением,
Владислав Захожай
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20161130/e2b0c35a/attachment.html>