[SR-Users] kamailio proxy behind firewall

[JBF]

Hello, 
we have the following Configuration for our kamailio installation (we are
using TLS and not udp)

(1) F5 Firewall (configured as message fowarding), opening a TLS server on
the outside
(2) SIP proxy, with a TLS server accessed by the F5 . The SIP proxy doesnt
see the F5 TLS server
(3) SIP registrar

REGISTER works find

We have the following issue on INVITE: 
A sends an INVITE to B.

The Registrar patches the R-URI with the content of location, which contains
the publi ip of the Device (because the device used stun)
we force the routing from registrar to proxy by using t_relay (SIP_PROXY_IP)
/The proxy tries to route to this R-URI, which is not visible/

I am not sure how to fix that:

Record Route is for a true sip proxy, but the Firewall does not have an
server facing the SIP proxy: the sip proxy needs to find the proper client
socket opened at register to route the INVITE

We  have arranged for the Firewall to add its own Via, but if i understand
correctly, this is used for replies, and here we are dealing with a request
forwarding, and t_relay uses the r-ruri  to route requests. IT might be why
REGISTER works correctly (ie the 200 OK is routed correctly from proxy to
firewall)

I could arrange for the location table to contain the private ip and port of
the firewall connection (through the use of the received/rport info inserted
in the  Via by the proxy )
That would mean, however that the contact of the user will contain the
private interface of the F5 which i found weird.

How do you think i should proceed ? any advices are welcome
Thank you















--
View this message in context: http://sip-router.1086192.n5.nabble.com/kamailio-proxy-behind-firewall-tp155379.html
Sent from the Users mailing list archive at Nabble.com.