[Kamailio-Users] kamailio with tls

Klaus Darilion klaus.mailinglists at pernau.at
Fri Oct 24 19:45:24 CEST 2008


(cc'ed to the mailinglist)

ingdavidcespedes at cable.net.co schrieb:
> Enable TLS in Kamailio is only for connection between other Kamailio
> (SIP Proxy Servers), it doesn't have anything to do with UA, or am I
> wrong? . As I understand, you can not implement TLS between UA's and
> Kamailio.

Of course you can. If the SIP client supports TLS you can also use TLS 
between UA and Kamailio - no problem.

I use it with eyebeam clients and SNOM phones. Also pjsip supports TLS, 
for example you can test it using QjSimple.
http://www.ipcom.at/index.php?id=560

regards
klaus


> 
> ----- Mensaje original ----- De: Klaus Darilion
> <klaus.mailinglists at pernau.at> Fecha: Viernes, Octubre 24, 2008 11:04
> am Asunto: Re: [Kamailio-Users] kamailio with tls
> 
>> 
>> paulo leonardo schrieb:
>>> Hi,
>>> 
>>> I would like a litle help :D!
>>> 
>>> I installed kamailio and everything is ok :D! But i want to use
>> TLS, but
>>> when i  setup TLS in kamailio, don't work the REGISTER (i can't
>> register
>>> my sofphone ...). And i compliled kamilio with TLS!!! when i
>> comment the
>>> cofigurantion TLS and use port 5060 works!
>> 
>> So, "what" does not work?
>> 
>> - Does Kamailio start (ps -Alf|grep kamailio)? - Does K listen to
>> the specified TLS socket (netstat -anp|grep kama)? - which client
>> do you use? - is a TCP connection set up? - is a TLS handshake
>> happening (ssldump)? - what is in the logfile of Kamailio? .....
>> 
>> Your error description is to short!
>> 
>> regards klaus
>> 
>> 
>> 
>> 
>>> below is my configuration
>>> 
>>> ----------------------------------------- disable_tls = no listen
>>> = tls:192.168.170.101:5061 <http://192.168.170.101:5061> 
>>> tls_verify_server = 1 tls_verify_client = 1 
>>> tls_require_client_certificate = 1 tls_method = TLSv1 
>>> tls_certificate =
>>> "/usr/local/etc/kamailio/tls/user/user-cert.pem" tls_private_key
>>> = "/usr/local/etc/kamailio/tls/user/user-
>> privkey.pem"> tls_ca_list
>>> ---------------------------------------
>>> 
>>> if (!www_authorize("192.168.170.101 <http://192.168.170.101>", 
>>> "subscriber")) { www_challenge("192.168.170.101
>> <http://192.168.170.101>", "0");
>>> exit; }
>>> 
>>> ----------------------------------------
>>> 
>>> root at pst:/usr/local/etc/kamailio# ls -R tls/ tls/: ca.conf
>>> README  request.conf  rootCA  user  user.conf
>>> 
>>> tls/rootCA: cacert.pem  certs  index.txt  private  serial
>>> 
>>> tls/rootCA/certs:
>>> 
>>> tls/rootCA/private: cakey.pem
>>> 
>>> tls/user: user-calist.pem  user-cert.pem  user-cert_req.pem
>>> user-privkey.pem
>>> 
>>> 
>>> thanks!!!
>>> 
>>> 
>>> 
>>> ------------------------------------------------------------------
>>> 
>> ------
>>> _______________________________________________ Users mailing
>>> list Users at lists.kamailio.org 
>>> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
>> _______________________________________________ Users mailing list 
>> Users at lists.kamailio.org 
>> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
>> 
> 




More information about the sr-users mailing list