[SR-Users] What is the typical network setup for kamailio?

Dmitri Savolainen savolainen at erinaco.ru
Thu Aug 16 12:27:31 CEST 2018 

Hi Kevin.
I use Kamailio  as FreeSwitch set balancer almost without rtpengine (rtpengine
is used only in some specific cases). All in public IPs.
I just tune FS SIP profile  to let it get requests only from Kamailio
IP:PORT and add same firewall rules also.
All RPC commands work via local interface only.
PUBLIC NET SIP-Phone ==> Kamailio(PUBLIC)  ==> FS(PUBLIC) ==> Kamailio
(PUBLIC)   ==> Carrier


On 16 August 2018 at 12:57, Kevin Olbrich <ko at sv01.de> wrote:

> Hi!
>
> I am working successfully with Kamailio in my lab setup where Kamailio is
> the SBC for Asterisk.
> The network layout is looking like this:
>
> SIP-Phone <== PUBLIC NET ==> Kamailio (SBC) <== PRIVATE NET ==> Asterisk
> <== PUBLIC NET ==> Carrier
>
> Each public network is reachable from the internet and has a local
> firewall with IP whitelists.
> The internal SIP transactions are UDP-only but for external phones I would
> like to also listen for TCP/TLS.
>
> For this layout to work with rtpproxy (before we move on to RTPengine), we
> have to enable mhomed in Kamailio.
> We also have some routing issues with packets leaving with the wrong IP
> via rtpproxy (when call between carrier and external phone needs to be
> bridged).
>
> Most examples show that Asterisk is deployed on the same network as the
> external interface of Kamailio (-> Asterisk exposed to the public network).
> In our tests, this works much better but I have great security concerns
> because this Asterisk instance itself does not need to be reachable from
> external.
>
> How do other users deploy Kamailio in front of Asterisk or similar as SBC
> to secure internals?
> There is lot of docs for Kamailio's config but IMHO less for the setup as
> DMZ (SBC) proxy.
>
> Thank you very much.
>
> Kind regards
> Kevin
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>


-- 
Savolainen Dmitri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20180816/ce66b443/attachment.html>

More information about the sr-users mailing list