[SR-Users] Registration of UACs i n a partially encrypted scenario
Daniel Tryba
d.tryba at pocos.nl
Wed Jun 13 15:07:26 CEST 2018
On Tue, Jun 12, 2018 at 03:05:47PM +0200, mip FKF wrote:
> We have a number of UACs in a small network which are required to
> communicate without encryption because the are not able to consume
> certificates. We want to use kamailio (as a proxy?) to establish an
> encrypted connection to a backend UAS.
>
> 1. Is it possible to directly register the UACs with the UAS eventhough
> communication between kamailio and the UAS is encrypted ?
Yes, kamailio could relay SIP over TLS
> 2. How do we need to configure kamailio in order to make this scenario work?
Configure TLS on kamailio (there is an example in the default supplied
configs) and for example use dispatcher with transport=tls
BTW this would only encrypt SIP. If you want to encrypt RTP you'll need
rtpengine and its ability to transcode between SRTP and RTP. Though I
failed to set this up correctly in the past it should work according to
rtpengine documentation.
An alternative is to route traffic from kamailio to the UAS over an
encrypted tunnel (aka VPN), but that is out of the scope of this
mailinglist except that you'd need to setup a multihomed kamailio
(e.g. mhomed=1)
More information about the sr-users
mailing list