[SR-Users] Offload SSL from backends with Kamailio

[Vladyslav Zakhozhai]

Hi,

I'm trying to understand the best (or reasonable) approach of offloading
SSL encryption from backend to Kamailio. Let me simplify a little bit:

UAC == SIP/TLS ==> Kamailio == SIP/UDP ==> FreeSWITCH

My main problem is in Contact header of SIP packet which passes through
Kamailio SIP proxy and remains unmodified.

For example, REGISTER request. There is FreeSWITCH backend which is
registrar server as well. UAC send REGISTER request to it through Kamailio
SIP proxy via SIP/TLS. This request dispatches to backend(s) by Kamailio
with dispatcher module. Backend does not configured to support TLS.

In this case everything works fine: I see REGISTER requests on FreeSWITCH.
But Contact header of SIP message which is passing Kamailio remains
unmodified. And as result I see on FreeSWITCH something like the following:

Call-ID:     Jpmjp4ruHI
User:       user_name at domain_name
Contact:     "" <sip:user_name at uac_ip
:27026;transport=tls;fs_path=sip%3Akamailio_ip%3A5060>
Agent:       Linphone/3.10.2 (belle-sip/1.5.0)
Status:     Registered(TLS)(unknown) EXP(2016-11-28 11:48:28) EXPSECS(110)
Ping-Status: Reachable
Ping-Time: 0.00
Host:       kamailio_host
IP:         kamailio_ip
Port:       5060
Auth-User:   unknown
Auth-Realm: domain_name
MWI-Account: user_name at domain_name

As a result FreeSWITCH tries to originate call over SIP/TLS and it fails
because FreeSWITCH does not configured to work with TLS.

I want to understand what is correct workaraound of this issue. Do I need
to modify Contact header manually on kamailio host and this is right
approach? Or kamailio in case of correct config rewrites this header itself?

If parts of my kamailio config would be useful I will post it later.

Thanks in advance.

-- 
С уважением,
Владислав Захожай
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20161128/f4d4ad60/attachment.html>