...
Goal
...
(short
...
description)
...
Routing
...
of
...
inter
...
domain
...
sessions
...
over
...
a
...
TLS
...
encrypted
...
link
...
between
...
a
...
SER
...
and
...
an
...
OpenSER proxy
Applicability
Inter-domain
...
SIP
...
routing
...
over
...
TLS
...
Prerequisites
...
(OS,
...
dependencies
...
on
...
other
...
software)
...
- Both
...
- proxies
...
- should have TLS enabled between itself and connected UAs.
- TLS is enabled for the SER proxy: see 3.16. TLS for SER (UA-Proxy)
- TLS is enabled for the OpenSER proxy: see 3.17. TLS for OpenSER (UA-Proxy)
Configuration
OpenSER proxy configuration:
- add the certificate chain of the other proxy in PEM format to the CA list file in /usr/local/etc/openser/user/user-calist.pem. You can open the file in a text editor and add the certificate string at the end of the file.
- add routing logic in the openser.cfg file:
| No Format |
|---|
have TLS enabled between itself and connected UAs. SER proxy: see OpenSER proxy: see h1. OS specific help bq. # check for requests targeted out of our domain bq. if (!uri==myself) { bq. # mark routing logic in request bq. append_hf("P-hint: outbound\r\n"); bq. # if you have some interdomain connections via TLS bq. if(uri=~"@sipx1.ces@domainA.net") { bq. t_relay("tls:sipx1sipserver.cesdomainA.net:5061"); bq. xlog("L_INFO", "Time [%Tf] Route to ces.net :%rm RURI:%ru %ru FROM:%fu TO:%tu \n buffer %mb \n flags \n %mf \n"); bq. exit; bq. } else if(uri=~"@sipx@domainB.ten.cznet") { t_relay("tls:sipxsipserver.tendomainB.cznet:5061"); bq. xlog("L_INFO", "Time [%Tf] Route to ten.cz :%rm bq. RURI:%ru FROM:%fu TO:%tu \n buffer %mb \n flags \n %mf \n"); exit; bq. } bq. } route(1); bq. }; \\ |