[SR-Users] transport=TLS
Daniel-Constantin Mierla
miconda at gmail.com
Fri Dec 2 13:24:27 CET 2011
Hello,
On 12/2/11 12:48 PM, Bruno Bresciani wrote:
> Hello
>
> Is attached the diagram showing the call flow... I have a cell phone
> with Android and Bria softphone registered on kamailio via TLS
> protocol. When I make a call by Bria, this INVITE is routed of the
> kamailio to gateway SIP via UDP protocolo because Bria specified
> transport=TLS only contact header and nothing in R-URI.
> I want all way the call is forwarded with TLS protocol.
do you want to force TLS between Kamailio and gateway only if calls
comes via TLS? Or always (e.g., call comes over UDP to Kamailio and has
to go via TLS to gateway)?
If you want to enforce always tls, then just set $du before relaying to
gateway:
$du = "sip:gatewayip;transport=tls";
There are also functions from tm where you can force tls transport (see
the readme of tm module).
If you want to send over tls only when it comes via TLS, then do the
checking
if(proto==TLS) {
# came over tls, enforce tls for outgoing to gateway
$du = "sip:gatewayip;transport=tls";
}
Cheers,
Daniel
>
> Cheers
>
>
>
> 2011/12/1 Daniel-Constantin Mierla <miconda at gmail.com
> <mailto:miconda at gmail.com>>
>
> Hello,
>
>
> On 11/30/11 11:59 AM, Bruno Bresciani wrote:
>> Now I understood why the messagem is forward with UDP protocol...
>> This problem occurs with bria on android plataform, this
>> softphone send the INVITE request with tls protocol specified
>> only on the contact header.
>>
>> Contact: "XXX" <sip:XXX at YYY.YYY.YYY.YYY:YYY;transport=TLS>.
>>
>> as Daniel pointed out, "The contact header address is not used
>> for routing SIP requests, only Route headers and R-URI addresses"
>>
>> In this case, I should add the transport protocol TLS on R-URI
>> before to forward message with t_relay function... Correct?
> it is not clear for me why you need to forward on TLS if the
> destination address is not requiring that. Maybe you can draw a
> diagram showing the call flow, who is on TLS and how is happening
> at this moment and what you would like to happen.
>
> Cheers,
> Daniel
>
>
>>
>> Cheers
>>
>>
>> 2011/11/29 Daniel-Constantin Mierla <miconda at gmail.com
>> <mailto:miconda at gmail.com>>
>>
>>
>>
>> On 11/29/11 6:24 PM, Bruno Bresciani wrote:
>>> Thank's for attention Andrew
>>>
>>> I'm reading the source code of tm module to try understand
>>> better this behavior...
>>> I can't understand what meaning that "the outbound proxy
>>> address is set"... where I define this address?
>>
>> Outbound proxy address is stored in an internal structure, it
>> is not part of a SIP request. It represents the address where
>> to send the request, regardless of request URI (r-uri)
>> address. One common use case is when dealing with NAT
>> routers, the r-uri is set to the contact address of the
>> destination phone and the outbound proxy address is set to
>> the NAT router.
>>
>> From configuration file, you can access it via $du (read and
>> write via assignment operation). There are couple of modules
>> that may set the outbound proxy address, like
>> registrar/usrloc, rr, lcr...
>>
>> Maybe the best is to post here an ngrep with the SIP trace of
>> such case, that we can see if something is wrong.
>>
>> Cheers,
>> Daniel
>>
>>>
>>>
>>> 2011/11/29 Andrew Pogrebennyk <apogrebennyk at sipwise.com
>>> <mailto:apogrebennyk at sipwise.com>>
>>>
>>> Bruno,
>>> the address from contact header is put into R-URI on
>>> outgoing request to
>>> that user. This is where I catch that parameter. I think
>>> we should debug
>>> why kamailio sends the request using UDP, it is not
>>> clear, as Daniel
>>> pointed out it should work automatically. I think I had
>>> to do these
>>> manipulations because in my case the outbound proxy
>>> address is set
>>>
>>> On 11/29/2011 05:38 PM, Bruno Bresciani wrote:
>>> > In my case the transport=TLS is present in contact
>>> header, has the same
>>> > treatment of R-URI?
>>> >
>>> > Cheers
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) -
>>> sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> <mailto:sr-users at lists.sip-router.org>
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>> --
>> Daniel-Constantin Mierla --http://www.asipto.com
>> Kamailio Advanced Training, Dec 5-8, Berlin:http://asipto.com/u/kat
>> http://linkedin.com/in/miconda -- http://twitter.com/miconda
>>
>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla --http://www.asipto.com
> Kamailio Advanced Training, Dec 5-8, Berlin:http://asipto.com/u/kat
> http://linkedin.com/in/miconda -- http://twitter.com/miconda
>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- http://www.asipto.com
Kamailio Advanced Training, Dec 5-8, Berlin: http://asipto.com/u/kat
http://linkedin.com/in/miconda -- http://twitter.com/miconda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20111202/8a8f871b/attachment.htm>
More information about the sr-users
mailing list