<div dir="ltr">Hi,<div><br></div><div>I'm trying to understand the best (or reasonable) approach of offloading SSL encryption from backend to Kamailio. Let me simplify a little bit:</div><div><br></div><div>UAC == SIP/TLS ==> Kamailio == SIP/UDP ==> FreeSWITCH</div><div><br></div><div>My main problem is in Contact header of SIP packet which passes through Kamailio SIP proxy and remains unmodified.</div><div><br></div><div>For example, REGISTER request. There is FreeSWITCH backend which is registrar server as well. UAC send REGISTER request to it through Kamailio SIP proxy via SIP/TLS. This request dispatches to backend(s) by Kamailio with dispatcher module. Backend does not configured to support TLS.</div><div><br></div><div>In this case everything works fine: I see REGISTER requests on FreeSWITCH. But Contact header of SIP message which is passing Kamailio remains unmodified. And as result I see on FreeSWITCH something like the following:</div><div><br></div><div><div>Call-ID: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Jpmjp4ruHI</div><div>User: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>user_name@domain_name</div><div>Contact: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>"" <sip:user_name@uac_ip:27026;transport=tls;fs_path=sip%3Akamailio_ip%3A5060></div><div>Agent: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Linphone/3.10.2 (belle-sip/1.5.0)</div><div>Status: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Registered(TLS)(unknown) EXP(2016-11-28 11:48:28) EXPSECS(110)</div><div>Ping-Status:<span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Reachable</div><div>Ping-Time:<span class="gmail-Apple-tab-span" style="white-space:pre"> </span>0.00</div><div>Host: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>kamailio_host</div><div>IP: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>kamailio_ip</div><div>Port: <span class="gmail-Apple-tab-span" style="white-space:pre"> 5060</span></div><div>Auth-User: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>unknown</div><div>Auth-Realm: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>domain_name</div><div>MWI-Account:<span class="gmail-Apple-tab-span" style="white-space:pre"> </span>user_name@domain_name</div></div><div><br></div><div>As a result FreeSWITCH tries to originate call over SIP/TLS and it fails because FreeSWITCH does not configured to work with TLS.</div><div><br></div><div>I want to understand what is correct workaraound of this issue. Do I need to modify Contact header manually on kamailio host and this is right approach? Or kamailio in case of correct config rewrites this header itself?</div><div><br></div><div>If parts of my kamailio config would be useful I will post it later.</div><div><br></div><div>Thanks in advance.</div><div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">С уважением,<br>Владислав Захожай<br><br></div></div>
</div></div>