[SR-Users] How to enable TLS in Kamailio ?

Moacir Ferreira moacirferreira at hotmail.com
Thu Mar 21 15:24:28 CET 2013


By default Kamailio will listen on the port that is defined by the SIP RFP (http://tools.ietf.org/html/rfc3261) that is 5061. If the client does the same (it complies by default with the RFC) then you don't need to do anything. But as Dave said below, some clients you must do it manually.
Moacir > From: jdavidthomson at hotmail.com
> To: onmyway133 at gmail.com; sr-users at lists.sip-router.org
> Date: Thu, 21 Mar 2013 03:55:17 +0000
> Subject: Re: [SR-Users] How to enable TLS in Kamailio ?
> 
> Didn't read the whole thread, but, in some clients you need to specify the transport is TLS and the port is 5061 (assuming you use the default). 
> 
> Hth.
> 
> Ttyl,
> Dave
> -----Original Message-----
> From: Khoa Pham <onmyway133 at gmail.com>
> Date: Thu, 21 Mar 2013 03:52:12 
> To: <sr-users at lists.sip-router.org>
> Subject: Re: [SR-Users] How to enable TLS in Kamailio ?
> 
> 
> @Moacir, thanks
> 
> 
> 1. You said that " then use "listen="my ip address" and all enabled services will be bound to the especified IP address." So which port does Kamailio listen for TCP and TLS? How does client know which port to connect to Kamailio ? 
> 
> 
> 
> 
> 
> 
> 
> On Thu, Mar 21, 2013 at 12:41 AM, Moacir Ferreira <moacirferreira at hotmail.com <mailto:moacirferreira at hotmail.com> > wrote:
>  
> 
> Hummm. When I start playing with Kamailio I had some problems that were related to the compilation process not really to the final product. Now, if you comment out the listen statement then all server interfaces will listen for all enabled services (SIP-UDP, SIP-TCP and SIP-TLS if you enabled it). AS a troubleshooting suggestion, just comment out the "listen" statement and all enabled services will bind to all available IP interfaces. If it works, then use "listen="my ip address" and all enabled services will be bound to the especified IP address.
>   
> Best regards,
>  
> Moacir
> 
> 
> 
> ----------------
> From: oej at edvina.net <mailto:oej at edvina.net> 
> Date: Wed, 20 Mar 2013 12:43:06 +0100
> To: sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org> 
>  Subject: Re: [SR-Users] How to enable TLS in Kamailio ?
> 
> 
> 
> 
> 
> 
> 20 mar 2013 kl. 10:33 skrev Khoa Pham <onmyway133 at gmail.com <mailto:onmyway133 at gmail.com> >: 
> 
> Hi Olle,
> 
> 
> I follow these 2 tutorials
> 1. http://nil.uniza.sk/network-security/tls/configuring-tls-support-kamailio-31-howto 
> which only describes to listen on tls
> 
> 
> listen=tls:158.193.139.51:5061 <http://158.193.139.51:5061/> 
> 2. http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates 
> which only describes to listen on udp and tcp
>  listen=udp:<ip-address-for-receiving-sip-requests>:5060 listen=tcp:<ip-address-for-receiving-sip-requests>:5060 
> 
> 
> It is not until I listen on both TCP and LTS does it work.
> 
> 
> You document http://kamailio.org/docs/modules/4.0.x/modules/tls.html seems to lack of these "listen" Right.
> But it's in the core cookbook. We should propably add the listen to the TLS docs too.
> 
> 
> Thanks!
> 
> 
> /O
> 
>  
> 
> 
> 
> 
> 
> On Wed, Mar 20, 2013 at 4:10 PM, Olle E. Johansson <oej at edvina.net <mailto:oej at edvina.net> > wrote:
>  
> 
> 
> 
> 20 mar 2013 kl. 07:55 skrev Daniel-Constantin Mierla <miconda at gmail.com <mailto:miconda at gmail.com> >: 
> 
>  
>  Hello,
>  
>  when tls module is installed, a self signed pair of certificate-private key is generated in /usr/local/etc/kamailio
>  
>  If you need one that is signed by a trusted CA (e.g., Verisign), you will have to buy it.
>  
>  Cheers,
>  Daniel
>  
>  
> On 3/19/13 8:08 AM, Khoa Pham wrote:
>  
> Hi,  
> 
>  I want to enable TLS in Kamailio, as in here http://kamailio.org/docs/modules/stable/modules/tls.html 
> 
>  
>  But how can I get the certificate and private key ?
>  
> 
> The documentation for the TLS module actually includes a quick howto.
> http://kamailio.org/docs/modules/4.0.x/modules/tls.html 
> 
> 
> What part of this needs clarification? Please help us make the documentation better if there are parts you do not undertand or isn't explained.
> 
> 
> Thanks,
> /O
>  
> _______________________________________________
>  SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>  sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org> 
>  http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>  
> 
> 
> 
> 
> -- 
> Khoa Pham
> HCMC University of Science
>  Faculty of Information Technology
>  _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org> 
>  http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> 
> 
> _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users 		 	 		 
> _______________________________________________
>  SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>  sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org> 
>  http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>  
> 
> 
> 
> 
> -- 
> Khoa Pham
> HCMC University of Science
>  Faculty of Information Technology
> 
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20130321/a0d5086a/attachment-0001.htm>


More information about the sr-users mailing list