[SR-Users] What is the typical network setup for kamailio?

Kevin Olbrich ko at sv01.de
Thu Aug 16 12:32:42 CEST 2018


Sorry, following -> flowing.


Am Do., 16. Aug. 2018 um 12:32 Uhr schrieb Kevin Olbrich <ko at sv01.de>:

> Hi Dmitri,
>
> is RTP folowing to FS directly in this case? This would allow us to use
> STUN as well as ICE, etc. from Asterisk (which is currently the case
> without Kamailio SBC in prod).
>
> Kevin
>
>
> Am Do., 16. Aug. 2018 um 12:29 Uhr schrieb Dmitri Savolainen <
> savolainen at erinaco.ru>:
>
>> Hi Kevin.
>> I use Kamailio  as FreeSwitch set balancer almost without rtpengine (rtpengine
>> is used only in some specific cases). All in public IPs.
>> I just tune FS SIP profile  to let it get requests only from Kamailio
>> IP:PORT and add same firewall rules also.
>> All RPC commands work via local interface only.
>> PUBLIC NET SIP-Phone ==> Kamailio(PUBLIC)  ==> FS(PUBLIC) ==> Kamailio
>> (PUBLIC)   ==> Carrier
>>
>>
>> On 16 August 2018 at 12:57, Kevin Olbrich <ko at sv01.de> wrote:
>>
>>> Hi!
>>>
>>> I am working successfully with Kamailio in my lab setup where Kamailio
>>> is the SBC for Asterisk.
>>> The network layout is looking like this:
>>>
>>> SIP-Phone <== PUBLIC NET ==> Kamailio (SBC) <== PRIVATE NET ==> Asterisk
>>> <== PUBLIC NET ==> Carrier
>>>
>>> Each public network is reachable from the internet and has a local
>>> firewall with IP whitelists.
>>> The internal SIP transactions are UDP-only but for external phones I
>>> would like to also listen for TCP/TLS.
>>>
>>> For this layout to work with rtpproxy (before we move on to RTPengine),
>>> we have to enable mhomed in Kamailio.
>>> We also have some routing issues with packets leaving with the wrong IP
>>> via rtpproxy (when call between carrier and external phone needs to be
>>> bridged).
>>>
>>> Most examples show that Asterisk is deployed on the same network as the
>>> external interface of Kamailio (-> Asterisk exposed to the public network).
>>> In our tests, this works much better but I have great security concerns
>>> because this Asterisk instance itself does not need to be reachable from
>>> external.
>>>
>>> How do other users deploy Kamailio in front of Asterisk or similar as
>>> SBC to secure internals?
>>> There is lot of docs for Kamailio's config but IMHO less for the setup
>>> as DMZ (SBC) proxy.
>>>
>>> Thank you very much.
>>>
>>> Kind regards
>>> Kevin
>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>
>>
>> --
>> Savolainen Dmitri
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20180816/dd157f6e/attachment.html>


More information about the sr-users mailing list