Hi,

I'm trying to understand the best (or reasonable) approach of offloading SSL encryption from backend to Kamailio. Let me simplify a little bit:

UAC == SIP/TLS ==> Kamailio == SIP/UDP ==> FreeSWITCH

My main problem is in Contact header of SIP packet which passes through Kamailio SIP proxy and remains unmodified.

For example, REGISTER request. There is FreeSWITCH backend which is registrar server as well. UAC send REGISTER request to it through Kamailio SIP proxy via SIP/TLS. This request dispatches to backend(s) by Kamailio with dispatcher module. Backend does not configured to support TLS.

In this case everything works fine: I see REGISTER requests on FreeSWITCH. But Contact header of SIP message which is passing Kamailio remains unmodified. And as result I see on FreeSWITCH something like the following:

Call-ID: Jpmjp4ruHI

User: user_name@domain_name

Contact: "" <sip:user_name@uac_ip:27026;transport=tls;fs_path=sip%3Akamailio_ip%3A5060>

Agent: Linphone/3.10.2 (belle-sip/1.5.0)

Status: Registered(TLS)(unknown) EXP(2016-11-28 11:48:28) EXPSECS(110)

Ping-Status: Reachable

Ping-Time: 0.00

Host: kamailio_host

IP: kamailio_ip

Port: 5060

Auth-User: unknown

Auth-Realm: domain_name

MWI-Account: user_name@domain_name

As a result FreeSWITCH tries to originate call over SIP/TLS and it fails because FreeSWITCH does not configured to work with TLS.

I want to understand what is correct workaraound of this issue. Do I need to modify Contact header manually on kamailio host and this is right approach? Or kamailio in case of correct config rewrites this header itself?

If parts of my kamailio config would be useful I will post it later.

Thanks in advance.

С уважением,
Владислав Захожай