[SR-Users] kamailio proxy behind firewall

Daniel-Constantin Mierla miconda at gmail.com
Mon Feb 6 08:12:10 CET 2017


Hello,

is Kamailio also listening on TLS? Or is the firewall converting to UDP
or TCP?

Has Kamailio a private IP and only the firewall a public IP?

Cheers,
Daniel


On 25/01/2017 17:23, JBF wrote:
> Hello, 
> we have the following Configuration for our kamailio installation (we are
> using TLS and not udp)
>
> (1) F5 Firewall (configured as message fowarding), opening a TLS server on
> the outside
> (2) SIP proxy, with a TLS server accessed by the F5 . The SIP proxy doesnt
> see the F5 TLS server
> (3) SIP registrar
>
> REGISTER works find
>
> We have the following issue on INVITE: 
> A sends an INVITE to B.
>
> The Registrar patches the R-URI with the content of location, which contains
> the publi ip of the Device (because the device used stun)
> we force the routing from registrar to proxy by using t_relay (SIP_PROXY_IP)
> /The proxy tries to route to this R-URI, which is not visible/
>
> I am not sure how to fix that:
>
> Record Route is for a true sip proxy, but the Firewall does not have an
> server facing the SIP proxy: the sip proxy needs to find the proper client
> socket opened at register to route the INVITE
>
> We  have arranged for the Firewall to add its own Via, but if i understand
> correctly, this is used for replies, and here we are dealing with a request
> forwarding, and t_relay uses the r-ruri  to route requests. IT might be why
> REGISTER works correctly (ie the 200 OK is routed correctly from proxy to
> firewall)
>
> I could arrange for the location table to contain the private ip and port of
> the firewall connection (through the use of the received/rport info inserted
> in the  Via by the proxy )
> That would mean, however that the contact of the user will contain the
> private interface of the F5 which i found weird.
>
> How do you think i should proceed ? any advices are welcome
> Thank you
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
> View this message in context: http://sip-router.1086192.n5.nabble.com/kamailio-proxy-behind-firewall-tp155379.html
> Sent from the Users mailing list archive at Nabble.com.
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - www.asipto.com
Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com




More information about the sr-users mailing list