[Spce-user] Enabling TLS transport

Andrew Pogrebennyk apogrebennyk at sipwise.com
Mon Nov 21 04:47:46 EST 2011 

Jonathan,
TLS support is included into sip:provider CE 2.4 that will be released
within a few weeks.
If you wish to enable it in version 2.2 you may try the following steps:

apt-get install kamailio-tls-modules
cp /etc/ngcp-config/templates/etc/kamailio/lb/kamailio.cfg.tt2
/etc/ngcp-config/templates/etc/kamailio/lb/kamailio.cfg.customtt.tt2
vim /etc/ngcp-config/templates/etc/kamailio/lb/kamailio.cfg.customtt.tt2

Add the following lines:

listen=tls:[% networking.eaddress %]:5061
disable_tls=no
loadmodule "tls.so"

modparam("tls", "certificate", "/etc/kamailio/kamailio-selfsigned.pem")
modparam("tls", "private_key", "/etc/kamailio/kamailio-selfsigned.key")
modparam("tls", "tls_method", "SSLv23")

Also you need to find the part where outbound requests are sent:

route[ROUTE_RELAY]
{
 	if(isflagset(FLAG_OUTBOUND))
 	{
        force_send_socket([% networking.eaddress %]:[% kamailio.lb.port %]);
...

and replace force_send_socket call with condition:

		if (uri_param("transport","tls") || uri_param("transport","TLS"))
 		{
 			force_send_socket([% networking.eaddress %]:5061;
 		}
		else
		{
			force_send_socket([% networking.eaddress %]:[% kamailio.lb.port %]);
		}

save; ngcpcfg apply
That should be enough if you are running on public IP, but is not 100%
correct.
When machine is running behind NAT like in Amazon EC2 you need to take
care also of the Record-Route transport parameter.

Regards,
Andrew

On 11/20/2011 06:00 AM, Jonathan Martin wrote:
> Hi,
>  
> I checked the mailing list archive and found a thread started in July
> asking about TLS support in Spce.  An answer was not posted regarding
> how to enable TLS support in Spce.  I followed the instructions in the
> v2.2 handbook for installing on a clean Debian squeeze machine.  I have
> been able to initiate calls between two SIP clients, but cannot figure
> out how to enable TLS in Spce.  I’ve looked in the kamailio.cfg file
> generated by the install and did not find any TLS entries (e.g. the
> WITH_TLS define and enable_tls=yes).  This leads me to assume that TLS
> is not enabled.  Can anyone provide some insight on how to enable TLS in
> v2.2?
>  
> Regards,
> --Jonathan Martin

More information about the Spce-user mailing list