Hello, is Kamailio also listening on TLS? Or is the firewall converting to UDP or TCP?
Has Kamailio a private IP and only the firewall a public IP? Cheers, Daniel On 25/01/2017 17:23, JBF wrote: > Hello, > we have the following Configuration for our kamailio installation (we are > using TLS and not udp) > > (1) F5 Firewall (configured as message fowarding), opening a TLS server on > the outside > (2) SIP proxy, with a TLS server accessed by the F5 . The SIP proxy doesnt > see the F5 TLS server > (3) SIP registrar > > REGISTER works find > > We have the following issue on INVITE: > A sends an INVITE to B. > > The Registrar patches the R-URI with the content of location, which contains > the publi ip of the Device (because the device used stun) > we force the routing from registrar to proxy by using t_relay (SIP_PROXY_IP) > /The proxy tries to route to this R-URI, which is not visible/ > > I am not sure how to fix that: > > Record Route is for a true sip proxy, but the Firewall does not have an > server facing the SIP proxy: the sip proxy needs to find the proper client > socket opened at register to route the INVITE > > We have arranged for the Firewall to add its own Via, but if i understand > correctly, this is used for replies, and here we are dealing with a request > forwarding, and t_relay uses the r-ruri to route requests. IT might be why > REGISTER works correctly (ie the 200 OK is routed correctly from proxy to > firewall) > > I could arrange for the location table to contain the private ip and port of > the firewall connection (through the use of the received/rport info inserted > in the Via by the proxy ) > That would mean, however that the contact of the user will contain the > private interface of the F5 which i found weird. > > How do you think i should proceed ? any advices are welcome > Thank you > > > > > > > > > > > > > > > > -- > View this message in context: > http://sip-router.1086192.n5.nabble.com/kamailio-proxy-behind-firewall-tp155379.html > Sent from the Users mailing list archive at Nabble.com. > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - www.asipto.com Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
