Hello,
we are pretty new to SIP and kamailio, we do have some questions regarding the following scenario:
We have a number of UACs in a small network which are required to communicate without encryption because the are not able to consume certificates. We want to use kamailio (as a proxy?) to establish an encrypted connection to a backend UAS.
1. Is it possible to directly register the UACs with the UAS eventhough communication between kamailio and the UAS is encrypted ?
2. How do we need to configure kamailio in order to make this scenario work ?
Thank you for your suppport
On Tue, Jun 12, 2018 at 03:05:47PM +0200, mip FKF wrote:
We have a number of UACs in a small network which are required to communicate without encryption because the are not able to consume certificates. We want to use kamailio (as a proxy?) to establish an encrypted connection to a backend UAS.
- Is it possible to directly register the UACs with the UAS eventhough
communication between kamailio and the UAS is encrypted ?
Yes, kamailio could relay SIP over TLS
- How do we need to configure kamailio in order to make this scenario work?
Configure TLS on kamailio (there is an example in the default supplied configs) and for example use dispatcher with transport=tls
BTW this would only encrypt SIP. If you want to encrypt RTP you'll need rtpengine and its ability to transcode between SRTP and RTP. Though I failed to set this up correctly in the past it should work according to rtpengine documentation.
An alternative is to route traffic from kamailio to the UAS over an encrypted tunnel (aka VPN), but that is out of the scope of this mailinglist except that you'd need to setup a multihomed kamailio (e.g. mhomed=1)
-
Daniel Tryba -
mip FKF