[SR-Users] What is the typical network setup for kamailio?

Kevin Olbrich ko at sv01.de
Thu Aug 16 11:57:03 CEST 2018


I am working successfully with Kamailio in my lab setup where Kamailio is
the SBC for Asterisk.
The network layout is looking like this:

SIP-Phone <== PUBLIC NET ==> Kamailio (SBC) <== PRIVATE NET ==> Asterisk
<== PUBLIC NET ==> Carrier

Each public network is reachable from the internet and has a local firewall
with IP whitelists.
The internal SIP transactions are UDP-only but for external phones I would
like to also listen for TCP/TLS.

For this layout to work with rtpproxy (before we move on to RTPengine), we
have to enable mhomed in Kamailio.
We also have some routing issues with packets leaving with the wrong IP via
rtpproxy (when call between carrier and external phone needs to be bridged).

Most examples show that Asterisk is deployed on the same network as the
external interface of Kamailio (-> Asterisk exposed to the public network).
In our tests, this works much better but I have great security concerns
because this Asterisk instance itself does not need to be reachable from

How do other users deploy Kamailio in front of Asterisk or similar as SBC
to secure internals?
There is lot of docs for Kamailio's config but IMHO less for the setup as
DMZ (SBC) proxy.

Thank you very much.

Kind regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20180816/0ac821d4/attachment.html>

More information about the sr-users mailing list