[SR-Users] TLS - Kamailio Asterisk - Registration issue
Klaus Darilion
klaus.mailinglists at pernau.at
Mon May 23 10:01:04 CEST 2011
Hi Lucas!
Am 20.05.2011 22:39, schrieb Lucas Alvarez:
> Hi, I have confgured Kamailio with TLS in an Kamailio-Asterisk
> implementation. The phones (Bria - Eyebeam - Aastra 57i) are registering
> in Kamailio without problems, but the registration is not being
> forwarded to Asterisk.
You should describe what you want to achieve. Should the registration be
done on Kamailio, on Asterisk or both?
Anyway, it is just about forwarding a request to another destination.
> Kamailio is listening on port tls:5061 only and Asterisk on udp:5080.
> Should Kamailio has to listen on port 5060 also for UAC module
> functions?
If Kamailio needs to send via UDP, you also have to configure at least
one listen=udp:.... address. Otherwise Kamailio can not use UDP
transport. You can use port 5060 or any other port.
> If I enable the port 5060, how do I prevent common SIP - UDP
> registrations?
I would deny UDP registrations to Kamailio using 2 different approaches:
1. Firewalling: Use a firewall or local iptables rules to prevent UDP
between the clients and Kamailio's UDP listening port.
2. Additionally check transport in kamailio.cfg and reject requests if
transport is not TLS (as a "backup" if the firewalling fails), e.g:
if(proto!=TLS) {
sl_send_reply("403","Use TLS as transport!");
exit;
};
regards
klaus
> I mean, I want the registrations to be over TLS only. I
> would appreciate if someone can put me on the right path.
> Thanks in advance.
>
> Lucas Alvarez
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
More information about the sr-users
mailing list