[SR-Users] Kamailio/Asterisk combination + hashed passwords?

[Olle E. Johansson]

> 
> - Asterisk doesn't automatically use it's bind IP:port for outgoing
> connections to the proxy - so proxy ACLs are tricky to set up if the
> Asterisk host has multiple IPs
Asterisk has severe issues - and have had for a long time, with 
selecting the sender's IP address if you have multiple IPs on 
the host. 

> 
> - if Asterisk tries to connect to a TLS proxy, and the proxy has
> optional client cert verification enabled, Asterisk tries to send it's
> cert.  There seems to be no way to disable Asterisk sending a cert in
> this scenario, but the proxy doesn't like the way the client cert is
> submitted and so it seems impossible to connect to such a proxy.
THe current SIP stacks implementation of TLS stinks and was 
written and committed by people with very little knowledge of SIP
and TLS. As I had no power to block the commit, I marked it experimental
in release 1.6.0 and no one has stepped forward with resources to fix it. 

Both of these issues are quite embarrassing and a reason to use
a proxy like Kamailio in front of Asterisk.

Hopefully it will get better with the new Asterisk SIP stack - but do
remember that it will take quite some time from release until that
stack is ready for large-scale production.

/O

-----
Edvina SIP Masterclass in Malaga, Spain, July 2013
Learn more about Kamailio and SIP!
http://edvina.net/blog/2013/01/sipmaster-malaga-2013/
Register now!