[SR-Users] Offload SSL from backends with Kamailio
Daniel Tryba
d.tryba at pocos.nl
Mon Nov 28 13:15:03 CET 2016
On Mon, Nov 28, 2016 at 01:00:37PM +0200, Vladyslav Zakhozhai wrote:
> UAC == SIP/TLS ==> Kamailio == SIP/UDP ==> FreeSWITCH
>
> My main problem is in Contact header of SIP packet which passes through
> Kamailio SIP proxy and remains unmodified.
>
> For example, REGISTER request. There is FreeSWITCH backend which is
> registrar server as well. UAC send REGISTER request to it through Kamailio
> SIP proxy via SIP/TLS. This request dispatches to backend(s) by Kamailio
> with dispatcher module. Backend does not configured to support TLS.
...
> As a result FreeSWITCH tries to originate call over SIP/TLS and it fails
> because FreeSWITCH does not configured to work with TLS.
>
> I want to understand what is correct workaraound of this issue. Do I need
> to modify Contact header manually on kamailio host and this is right
> approach? Or kamailio in case of correct config rewrites this header itself?
I'm doing something similar but with kamailio instead of freeswitch. My
solution is to use Path on the frontend/loadbalancer. Contact headers
for the REGISTERs are passed unaltered, location uses Path (with
received parameter which contains the transport) to contact the correct
loadbalancer/frontend over UDP and lets the fb/lb contact the UA with
the correct transport and the correct ip:port combo. If freeswitch has
support for this, look into that.
More information about the sr-users
mailing list