[SR-Users] Kamailio SIP TLS Troubleshooting

Henning Westerholt hw at skalatan.de
Wed Dec 18 18:55:58 CET 2019


Hello,


Sorry for the short previous reply, my fault.

Kamailio can act as TLS Server and Client with the TLS Module. So it can of course process and handle encryption and decryption for TLS Transport

Cheers,

Henning



--
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://skalatan.de/services
________________________________
From: Sudhakar Parasher <sudhakarparasher at gmail.com>
Sent: Wednesday, December 18, 2019 6:16:35 PM
To: Henning Westerholt <hw at skalatan.de>
Cc: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] Kamailio SIP TLS Troubleshooting

Ok, thanks. But do you mean to say Kamailio doesn't provide any module to decrypt the Encrypted SIP  packets?

On Wed, Dec 18, 2019 at 10:22 PM Henning Westerholt <hw at skalatan.de<mailto:hw at skalatan.de>> wrote:

Hello,



if the requirement is to send this from android – then maybe ask at the android client project or vendor. I can’t help you here, sorry.



If the requirement is to send this from Kamailio, there were already some suggestions done in this e-mail thread.



Cheers,



Henning



--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com<https://gilawa.com/>



From: Sudhakar Parasher <sudhakarparasher at gmail.com<mailto:sudhakarparasher at gmail.com>>
Sent: Wednesday, December 18, 2019 5:49 PM
To: Henning Westerholt <hw at skalatan.de<mailto:hw at skalatan.de>>
Cc: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>>
Subject: Re: [SR-Users] Kamailio SIP TLS Troubleshooting



Hi Henning



My SIP message which are received by my kamailio is already TLS Encrypted from my android Client ( Handset) but I have requirement to forward

these SIP messages from android client to a port mirrored destination ( say a Probe).



Cheers

Sudhakar Parasher



On Wed, Dec 18, 2019 at 9:39 PM Henning Westerholt <hw at skalatan.de<mailto:hw at skalatan.de>> wrote:

Hello,



Not sure if I understood you correctly. The SIP message data is not encrypted inside Kamailio, otherwise it would not work to parse the packet etc.. So you can access it and also forward it unencrypted to another destination.



Cheers,



Henning



--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com<https://gilawa.com/>



From: Sudhakar Parasher <sudhakarparasher at gmail.com<mailto:sudhakarparasher at gmail.com>>
Sent: Wednesday, December 18, 2019 5:06 PM
To: Henning Westerholt <hw at skalatan.de<mailto:hw at skalatan.de>>
Cc: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>>
Subject: Re: [SR-Users] Kamailio SIP TLS Troubleshooting



Thanks Henning

But i need to send unencrypted TLS packets to mirrored destination

Any ideas??



On Wed, 18 Dec 2019, 19:15 Henning Westerholt, <hw at skalatan.de<mailto:hw at skalatan.de>> wrote:

Hello,



you could mirror the SIP traffic also with t_replicate function from the TM module in the cfg.



Cheers,



Henning



--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com<https://gilawa.com/>



From: sr-users <sr-users-bounces at lists.kamailio.org<mailto:sr-users-bounces at lists.kamailio.org>> On Behalf Of Sudhakar Parasher
Sent: Tuesday, December 17, 2019 9:01 AM
To: sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
Subject: [SR-Users] Kamailio SIP TLS Troubleshooting



Hi Experts.



Need your opinion on below part related to kamailio



I am using SIP Kamailio module Version for the SIP Registrations from the  Client mobile phones using Android and IOS which is Over TLSv1.2 , So in nutshell the SIP Signaling is TLS version 1.2 encrypted and Customer is requesting for the forward of the  unencrypted SIP signaling messages especially the SIP Registration messages  to their probe solutions without storing the SIP messages locally in the Kamailio Database



Question  :Would it not be possible for Kamailio   imply “mirror” all the SIP messages related to all SIP REGISTER dialogs (after removing TLS for inbound messages and prior to adding TLS for outbound message) to a designated IP Address and Port?  No need for local database storage.  No need for encapsulation.  No mirroring of other messages/dialogs.



Cheers

Sudhakar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191218/ef011ebf/attachment.html>


More information about the sr-users mailing list