To use TLS you have 2 choices:
1. Let Kamailio decide: That means you only specify a domain and
Kamailio will do NAPTR lookups and uses the most protocol with highest
priority (thus TLS NAPTR should have highest priority)
2. Force TLS: Kamailio differs between request URI (RURI, $ru) and
destination URI (DURI, $du). RURI is the SIP URI in the first line of
the SIP request. DURI is just a Kamailio internal SIP URI which is used
for routing. If DURI is not set, then Kamailio uses the RURI for
routing. If DURI is set, Kamailio usues the DURI for routing, regardless
of the value in the RURI.
Thus in your case I would not change the RURI, but instead set a DURI
with transport=tls parameter. So, if DURI is empty, you can just use:
$du= "sip:ip.address.ofnext.hop:5061;transport=tls"
regards
Klaus
Am 08.07.2010 18:56, schrieb Matteo Campana:
Hi klaus,
Suppose I can't access to NAPTR settings.
I need to manage SIP URI, so , If I right understand, the only way to
use TLS protocol in kamailio 1.5 is to append ";transport=tls" in R-URI
before relay.
In other words I need to rewrite R-URI:
$ru = $ru + ";transport=tls" ;
# and the t_relay
t_relay() ;
something like that?
Regards,
Daniel
Il 08/07/2010 18.45, Matteo Campana ha scritto:
-------- Messaggio originale --------
Oggetto: Re: [SR-Users] Kamailio and NAPTR lookup with TLS
Data: Thu, 08 Jul 2010 18:44:27 +0200
Mittente: Klaus Darilion <klaus.mailingli...@pernau.at>
A: Daniel-Constantin Mierla <mico...@gmail.com>
CC: matteo.camp...@klarya.it, sr-users@lists.sip-router.org
Am 08.07.2010 18:10, schrieb Daniel-Constantin Mierla:
> Hello,
>
> On 7/8/10 5:59 PM, Matteo Campana wrote:
>>
>> Hi all,
>> I'm using kamailio 1.5 with TLS module.
>> I need to make ENUM query and get NAPTR record.
>> > From NAPTR lookup, I'd like to relay my SIP Invite with tls protocol.
>>
>> How can I tell Kamailio to use TLS protocol ( instead of udp) after
>> NAPTR lookup ?
>>
>> I've try to set :
>>
>> dns_tls_pref=1
>> dns_udp_pref=2
>> dns_tcp_pref=3
>>
>> in the general section of kamailio.cfg, but I get a parse error.
>>
> these parameters were introduced in kamailio with version 3.0.
>
> If you need TLS then it is recommended to use 3.0 anyhow, it is a far
> better implementation. That will make the life easier to migrate to
> upcoming 3.1 that will bring asynchronous TLS.
>
> No matter what you have in R-URI, you can force TLS via setting outbound
> proxy address to be a TLS uri:
>
> $du ="sip:__ip_or_host__;transport=tls";
> t_relay();
IIRC we do have NAPTR support in Kamailio 1.5 - don't we?
Then I think it should work when putting a domain into $du and makeing
sure that there is no transport parameter, no port, and NAPTR TLS record
has highest priority.
regards
klaus
>
> The IP or host you can take from R-URI without any problem via PV $rd.
> Other option is to use function from tm - t_relay_to_tls():
>
> http://kamailio.org/docs/modules/stable/modules/tm.html#t_relay_to_udp
>
> Cheers,
> Daniel
>
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
