Hi,
I'm trying to understand the best (or reasonable) approach of offloading SSL encryption from backend to Kamailio. Let me simplify a little bit:
UAC == SIP/TLS ==> Kamailio == SIP/UDP ==> FreeSWITCH
My main problem is in Contact header of SIP packet which passes through Kamailio SIP proxy and remains unmodified.
For example, REGISTER request. There is FreeSWITCH backend which is registrar server as well. UAC send REGISTER request to it through Kamailio SIP proxy via SIP/TLS. This request dispatches to backend(s) by Kamailio with dispatcher module. Backend does not configured to support TLS.
In this case everything works fine: I see REGISTER requests on FreeSWITCH. But Contact header of SIP message which is passing Kamailio remains unmodified. And as result I see on FreeSWITCH something like the following:
Call-ID: Jpmjp4ruHI
User: user_name@domain_name
Contact: "" <sip:user_name@uac_ip:27026;transport=tls;fs_path=sip%3Akamailio_ip%3A5060>
Agent: Linphone/3.10.2 (belle-sip/1.5.0)
Status: Registered(TLS)(unknown) EXP(2016-11-28 11:48:28) EXPSECS(110)
Ping-Status: Reachable
Ping-Time: 0.00
Host: kamailio_host
IP: kamailio_ip
Port: 5060
Auth-User: unknown
Auth-Realm: domain_name
MWI-Account: user_name@domain_name
As a result FreeSWITCH tries to originate call over SIP/TLS and it fails because FreeSWITCH does not configured to work with TLS.
I want to understand what is correct workaraound of this issue. Do I need to modify Contact header manually on kamailio host and this is right approach? Or kamailio in case of correct config rewrites this header itself?
If parts of my kamailio config would be useful I will post it later.
Thanks in advance.
--
С уважением,
Владислав Захожай