[SR-Users] Fwd: Re: Fwd: Re: Kamailio and NAPTR lookup with TLS

Klaus Darilion klaus.mailinglists at pernau.at
Fri Jul 9 09:37:45 CEST 2010


To use TLS you have 2 choices:

1. Let Kamailio decide: That means you only specify a domain and 
Kamailio will do NAPTR lookups and uses the most protocol with highest 
priority (thus TLS NAPTR should have highest priority)

2. Force TLS: Kamailio differs between request URI (RURI, $ru) and 
destination URI (DURI, $du). RURI is the SIP URI in the first line of 
the SIP request. DURI is just a Kamailio internal SIP URI which is used 
for routing. If DURI is not set, then Kamailio uses the RURI for 
routing. If DURI is set, Kamailio usues the DURI for routing, regardless 
of the value in the RURI.

Thus in your case I would not change the RURI, but instead set a DURI 
with transport=tls parameter. So, if DURI is empty, you can just use:

   $du= "sip:ip.address.ofnext.hop:5061;transport=tls"

regards
Klaus


Am 08.07.2010 18:56, schrieb Matteo Campana:
>
> Hi klaus,
> Suppose I can't access to NAPTR settings.
> I need to manage SIP URI, so , If I right understand, the only way to
> use TLS protocol in kamailio 1.5 is to append ";transport=tls" in R-URI
> before relay.
> In other words I need to rewrite R-URI:
>
> $ru = $ru + ";transport=tls" ;
> # and the t_relay
> t_relay() ;
>
> something like that?
>
> Regards,
>
> Daniel
>
>
>
> Il 08/07/2010 18.45, Matteo Campana ha scritto:
>>
>>
>> -------- Messaggio originale --------
>> Oggetto: 	Re: [SR-Users] Kamailio and NAPTR lookup with TLS
>> Data: 	Thu, 08 Jul 2010 18:44:27 +0200
>> Mittente: 	Klaus Darilion <klaus.mailinglists at pernau.at>
>> A: 	Daniel-Constantin Mierla <miconda at gmail.com>
>> CC: 	matteo.campana at klarya.it, sr-users at lists.sip-router.org
>>
>>
>>
>> Am 08.07.2010 18:10, schrieb Daniel-Constantin Mierla:
>> >  Hello,
>> >
>> >  On 7/8/10 5:59 PM, Matteo Campana wrote:
>> >>
>> >>  Hi all,
>> >>  I'm using kamailio 1.5 with TLS module.
>> >>  I need to make ENUM query and get NAPTR record.
>> >>  >   From NAPTR lookup, I'd like to relay my SIP Invite with tls protocol.
>> >>
>> >>  How can I tell Kamailio to use TLS protocol ( instead of udp) after
>> >>  NAPTR lookup ?
>> >>
>> >>  I've try to set :
>> >>
>> >>  dns_tls_pref=1
>> >>  dns_udp_pref=2
>> >>  dns_tcp_pref=3
>> >>
>> >>  in the general section of kamailio.cfg, but I get a parse error.
>> >>
>> >  these parameters were introduced in kamailio with version 3.0.
>> >
>> >  If you need TLS then it is recommended to use 3.0 anyhow, it is a far
>> >  better implementation. That will make the life easier to migrate to
>> >  upcoming 3.1 that will bring asynchronous TLS.
>> >
>> >  No matter what you have in R-URI, you can force TLS via setting outbound
>> >  proxy address to be a TLS uri:
>> >
>> >  $du ="sip:__ip_or_host__;transport=tls";
>> >  t_relay();
>>
>> IIRC we do have NAPTR support in Kamailio 1.5 - don't we?
>>
>> Then I think it should work when putting a domain into $du and makeing
>> sure that there is no transport parameter, no port, and NAPTR TLS record
>> has highest priority.
>>
>> regards
>> klaus
>>
>> >
>> >  The IP or host you can take from R-URI without any problem via PV $rd.
>> >  Other option is to use function from tm - t_relay_to_tls():
>> >
>> >  http://kamailio.org/docs/modules/stable/modules/tm.html#t_relay_to_udp
>> >
>> >  Cheers,
>> >  Daniel
>> >
>>
>>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



More information about the sr-users mailing list