[SR-Users] What is the typical network setup for kamailio?
savolainen at erinaco.ru
Thu Aug 16 12:27:31 CEST 2018
I use Kamailio as FreeSwitch set balancer almost without rtpengine (rtpengine
is used only in some specific cases). All in public IPs.
I just tune FS SIP profile to let it get requests only from Kamailio
IP:PORT and add same firewall rules also.
All RPC commands work via local interface only.
PUBLIC NET SIP-Phone ==> Kamailio(PUBLIC) ==> FS(PUBLIC) ==> Kamailio
(PUBLIC) ==> Carrier
On 16 August 2018 at 12:57, Kevin Olbrich <ko at sv01.de> wrote:
> I am working successfully with Kamailio in my lab setup where Kamailio is
> the SBC for Asterisk.
> The network layout is looking like this:
> SIP-Phone <== PUBLIC NET ==> Kamailio (SBC) <== PRIVATE NET ==> Asterisk
> <== PUBLIC NET ==> Carrier
> Each public network is reachable from the internet and has a local
> firewall with IP whitelists.
> The internal SIP transactions are UDP-only but for external phones I would
> like to also listen for TCP/TLS.
> For this layout to work with rtpproxy (before we move on to RTPengine), we
> have to enable mhomed in Kamailio.
> We also have some routing issues with packets leaving with the wrong IP
> via rtpproxy (when call between carrier and external phone needs to be
> Most examples show that Asterisk is deployed on the same network as the
> external interface of Kamailio (-> Asterisk exposed to the public network).
> In our tests, this works much better but I have great security concerns
> because this Asterisk instance itself does not need to be reachable from
> How do other users deploy Kamailio in front of Asterisk or similar as SBC
> to secure internals?
> There is lot of docs for Kamailio's config but IMHO less for the setup as
> DMZ (SBC) proxy.
> Thank you very much.
> Kind regards
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the sr-users