[SR-Users] Re: sips to sip with TLS proxy

Agree, the SIPS: URL was probably a good idea at the time of writing the SIP RFC (20 years ago) since other protocols had secure variants, like HTTPS, LDAPS etc. But the specs wasn’t very well considered and is today generally thought of as a bad idea. There has been a few attempts to fix it, but nothing that got implemented by a large amount of implementations. As an example: If your device registers with a SIPS: contact it has to have a server cert and accept incoming TLS connections from the server. This will not work if the phone is behind NAT. Better to use the SIP: URI and set transport to TLS. /O On 24 Apr 2023, at 16:22, Daniel-Constantin Mierla <miconda(a)gmail.com> wrote: The sips scheme is misleading because people expect to be SIP over TLS, but it is not, it is SIP over secure network, which can be a private network or a vpn. So the sips can meet the requirements even for sip over udp. But if you say that the call get's connected, only that is no audio and ends quickly, likely the issue is with the RTP layer, when the sips endpoint expect srtp and the other endpoint does not do it. Probably you have to share the ngrep output or pcap with all sip messages of such call. Cheers, Daniel On 24.04.23 16:14, Kiss Zoltán wrote: Hi, We have to test every scenario, but the latest issue was we have one way rtp and the call is dropped after 6 seconds cc. In the test the calle was the GS phone which is registered via Kamailio, and the called party was an another phone witch was registered directly tot he backend Asterisk. After switching GrandStream phone to sip scheme, then everything is working fine again. Zoltan *From:* Daniel-Constantin Mierla <miconda(a)gmail.com> <miconda(a)gmail.com> *Sent:* Monday, April 24, 2023 4:11 PM *To:* Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> <sr-users(a)lists.kamailio.org>rg>; Kiss Zoltán <kiss.zoltan(a)adertis.hu> <kiss.zoltan(a)adertis.hu> *Subject:* Re: [SR-Users] sips to sip with TLS proxy Hello, just to clarify: you cannot initiate calls from the phone or you can't sent calls to the phone? Cheers, Daniel On 24.04.23 15:58, Kiss Zoltán wrote: Hi all, We have a working Kamailio setup, lets call it a transparent proxy for Asterisk boxes. Its based on domain and dispatcher modules and everything is working as expected with the test clients (more or less microsip, softphone for ios, etc). We are tried to register with a Grandstream deskphone today, and we see that the phone sending sips:xxx in the Reg Contact field for example. Because the sips schema, the register is working, but we cannot initiate calls from this phone. If we are turning SIP scheme to sip from sips in the phone, then everything is working as expected. I think we can transform those requests from sips to sip with Kamailio, but currently we dont know where can we start. Has anybody a suggestion about this issue? I know that we can transform ruri, contact, etc with textops, nathelper and a lot of other modules, but what is the best for this sips->sip translation? Thanks for your help. With kind regards, Zoltan __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - June 5-7, 2023 - www.kamailioworld.com -- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - June 5-7, 2023 - www.kamailioworld.com __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: