[Users] TLS communication between OpenSER servers

Klaus Darilion klaus.mailinglists at pernau.at
Thu Apr 19 16:02:52 CEST 2007


It depends on how the call is forwarded from proxy1 to proxy2. If you 
manually rewrite the URI, make sure the new URI has the transport=tls 
parameter.

If the call is just relayed (e.g. client1 calls 
client2 at proxy2.domain.com) then openser forwards according to RFC3263. 
Thus, you have to make sure that there is a NAPTR record for the domain 
with TLS as the most preferred protocol.

regards
klaus

John Barry wrote:
> Hi,
> 
> I have configured two SIP domains using OpenSER v 1.1.1 with 
> authentication (digest authentication) and TLS support. Each domain has 
> clients (UAC) running minisip (3220) with TLS and certificates 
> configured. When there is a call between a user from one domain to a 
> user in the other domain, the SIP communications between minisip clients 
> and their corresponding OpenSER proxies is done via TLS (port 5061/TCP), 
> however, the SIP communication between the two OpenSER proxies is still 
> done via UDP (port 5060/UDP).
> 
> The TLS configuration in both servers is as follows:
> 
> disable_tls = 0
> listen = tls:192.168.1.10:5061
> tls_verify_server = 1
> tls_verify_client = 1
> tls_require_client_certificate = 1
> tls_method = TLSv1
> tls_certificate = "/etc/openser/tls/sipdA/sipdA-cert.pem"
> tls_private_key = "/etc/openser/tls/sipdA/sipdA-privkey.pem"
> tls_ca_list = "/etc/openser/tls/sipdA/sipdA-calist.pem"
> 
> 
> Any ideas or suggestions regarding how to enable SIPS (TLS) between 
> OpenSER SIP proxies?
> 
> Thanks.
> JB74
> 
> _________________________________________________________________
> Live Search, for accurate results! http://www.live.nl
> 
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users




More information about the Users mailing list