19 Apr
2007
19 Apr
'07
4:15 p.m.
Hi,
I have configured two SIP domains using OpenSER v 1.1.1 with authentication
(digest authentication) and TLS support. Each domain has clients (UAC)
running minisip (3220) with TLS and certificates configured. When there is a
call between a user from one domain to a user in the other domain, the SIP
communications between minisip clients and their corresponding OpenSER
proxies is done via TLS (port 5061/TCP), however, the SIP communication
between the two OpenSER proxies is still done via UDP (port 5060/UDP).
The TLS configuration in both servers is as follows:
disable_tls = 0
listen = tls:192.168.1.10:5061
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 1
tls_method = TLSv1
tls_certificate = "/etc/openser/tls/sipdA/sipdA-cert.pem"
tls_private_key = "/etc/openser/tls/sipdA/sipdA-privkey.pem"
tls_ca_list = "/etc/openser/tls/sipdA/sipdA-calist.pem"
Any ideas or suggestions regarding how to enable SIPS (TLS) between OpenSER
SIP proxies?
Thanks.
JB74
_________________________________________________________________
Live Search, for accurate results! http://www.live.nl
19 Apr
19 Apr
5:02 p.m.
It depends on how the call is forwarded from proxy1 to proxy2. If you
manually rewrite the URI, make sure the new URI has the transport=tls
parameter.
If the call is just relayed (e.g. client1 calls
client2(a)proxy2.domain.com) then openser forwards according to RFC3263.
Thus, you have to make sure that there is a NAPTR record for the domain
with TLS as the most preferred protocol.
regards
klaus
John Barry wrote:
Hi,
I have configured two SIP domains using OpenSER v 1.1.1 with
authentication (digest authentication) and TLS support. Each domain has
clients (UAC) running minisip (3220) with TLS and certificates
configured. When there is a call between a user from one domain to a
user in the other domain, the SIP communications between minisip clients
and their corresponding OpenSER proxies is done via TLS (port 5061/TCP),
however, the SIP communication between the two OpenSER proxies is still
done via UDP (port 5060/UDP).
The TLS configuration in both servers is as follows:
disable_tls = 0
listen = tls:192.168.1.10:5061
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 1
tls_method = TLSv1
tls_certificate = "/etc/openser/tls/sipdA/sipdA-cert.pem"
tls_private_key = "/etc/openser/tls/sipdA/sipdA-privkey.pem"
tls_ca_list = "/etc/openser/tls/sipdA/sipdA-calist.pem"
Any ideas or suggestions regarding how to enable SIPS (TLS) between
OpenSER SIP proxies?
Thanks.
JB74
_________________________________________________________________
Live Search, for accurate results! http://www.live.nl
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
6433
days inactive
6433
days old
1 comments
2 participants
participants (2)
-
John Barry -
Klaus Darilion