[SR-Users] transport=TLS

Bruno Bresciani bruno.bresciani at gmail.com
Fri Dec 2 13:45:40 CET 2011 

Hello

I want to send over tls only when it comes via TLS, when some device
doesn't specify the TLS protocol on R-URI ... Thank's for your reply!!! I
wrote a other form to insert transport=tls at the kamailio.cfg, but you
wrote an easier way to update R-URI

Cheers

2011/12/2 Daniel-Constantin Mierla <miconda at gmail.com>

>  Hello,
>
>
> On 12/2/11 12:48 PM, Bruno Bresciani wrote:
>
> Hello
>
> Is attached the diagram showing the call flow... I have a cell phone with
> Android and Bria softphone registered on kamailio via TLS protocol. When I
> make a call by Bria, this INVITE is routed of the kamailio to gateway SIP
> via UDP protocolo because Bria specified transport=TLS only contact header
> and nothing in R-URI.
> I want all way the call is forwarded with TLS protocol.
>
>
> do you want to force TLS between Kamailio and gateway only if calls comes
> via TLS? Or always (e.g., call comes over UDP to Kamailio and has to go via
> TLS to gateway)?
>
> If you want to enforce always tls, then just set $du before relaying to
> gateway:
>
> $du = "sip:gatewayip;transport=tls";
>
> There are also functions from tm where you can force tls transport (see
> the readme of tm module).
>
> If you want to send over tls only when it comes via TLS, then do the
> checking
>
> if(proto==TLS) {
>    # came over tls, enforce tls for outgoing to gateway
>    $du = "sip:gatewayip;transport=tls";
> }
>
> Cheers,
> Daniel
>
>
> Cheers
>
>
>
> 2011/12/1 Daniel-Constantin Mierla <miconda at gmail.com>
>
>>  Hello,
>>
>>
>> On 11/30/11 11:59 AM, Bruno Bresciani wrote:
>>
>> Now I understood why the messagem is forward with UDP protocol... This
>> problem occurs with bria on android plataform, this softphone send the
>> INVITE request with tls protocol specified only on the contact header.
>>
>> Contact: "XXX" <sip:XXX at YYY.YYY.YYY.YYY:YYY;transport=TLS>.
>>
>> as Daniel pointed out, "The contact header address is not used for
>> routing SIP requests, only Route headers and R-URI addresses"
>>
>> In this case, I should add the transport protocol TLS on R-URI before to
>> forward message with t_relay function... Correct?
>>
>>  it is not clear for me why you need to forward on TLS if the destination
>> address is not requiring that. Maybe you can draw a diagram showing the
>> call flow, who is on TLS and how is happening at this moment and what you
>> would like to happen.
>>
>> Cheers,
>>  Daniel
>>
>>
>>
>> Cheers
>>
>>
>> 2011/11/29 Daniel-Constantin Mierla <miconda at gmail.com>
>>
>>>
>>>
>>> On 11/29/11 6:24 PM, Bruno Bresciani wrote:
>>>
>>> Thank's for attention Andrew
>>>
>>> I'm reading the source code of tm module to try understand better this
>>> behavior...
>>> I can't understand what meaning that "the outbound proxy address is
>>> set"... where I define this address?
>>>
>>>
>>>  Outbound proxy address is stored in an internal structure, it is not
>>> part of a SIP request. It represents the address where to send the request,
>>> regardless of request URI (r-uri) address. One common use case is when
>>> dealing with NAT routers, the r-uri is set to the contact address of the
>>> destination phone and the outbound proxy address is set to the NAT router.
>>>
>>> From configuration file, you can access it via $du (read and write via
>>> assignment operation). There are couple of modules that may set the
>>> outbound proxy address, like registrar/usrloc, rr, lcr...
>>>
>>> Maybe the best is to post here an ngrep with the SIP trace of such case,
>>> that we can see if something is wrong.
>>>
>>> Cheers,
>>>  Daniel
>>>
>>>
>>>
>>> 2011/11/29 Andrew Pogrebennyk <apogrebennyk at sipwise.com>
>>>
>>>> Bruno,
>>>> the address from contact header is put into R-URI on outgoing request to
>>>> that user. This is where I catch that parameter. I think we should debug
>>>> why kamailio sends the request using UDP, it is not clear, as Daniel
>>>> pointed out it should work automatically. I think I had to do these
>>>> manipulations because in my case the outbound proxy address is set
>>>>
>>>> On 11/29/2011 05:38 PM, Bruno Bresciani wrote:
>>>> > In my case the transport=TLS is present in contact header, has the
>>>> same
>>>> > treatment of R-URI?
>>>> >
>>>> > Cheers
>>>>
>>>>
>>>>  _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>>  --
>>> Daniel-Constantin Mierla -- http://www.asipto.com
>>> Kamailio Advanced Training, Dec 5-8, Berlin: http://asipto.com/u/kathttp://linkedin.com/in/miconda -- http://twitter.com/miconda
>>>
>>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>> --
>> Daniel-Constantin Mierla -- http://www.asipto.com
>> Kamailio Advanced Training, Dec 5-8, Berlin: http://asipto.com/u/kathttp://linkedin.com/in/miconda -- http://twitter.com/miconda
>>
>>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> --
> Daniel-Constantin Mierla -- http://www.asipto.com
> Kamailio Advanced Training, Dec 5-8, Berlin: http://asipto.com/u/kathttp://linkedin.com/in/miconda -- http://twitter.com/miconda
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20111202/bbe225c8/attachment-0001.htm>

More information about the sr-users mailing list