Goal (short description)
Routing of inter domain sessions over a TLS encrypted link between a SER and an OpenSER proxy
Applicability
Inter-domain SIP routing over TLS
Prerequisites (OS, dependencies on other software)
- Both proxies should have TLS enabled between itself and connected UAs.
- TLS is enabled for the SER proxy: see 3.16. TLS for SER (UA-Proxy)
- TLS is enabled for the OpenSER proxy: see 3.17. TLS for OpenSER (UA-Proxy)
Configuration
OpenSER proxy configuration:
- add the certificate chain of the other proxy in PEM format to the CA list file in /usr/local/etc/openser/user/user-calist.pem. You can open the file in a text editor and add the certificate string at the end of the file.
- add routing logic in the openser.cfg file:
# check for requests targeted out of our domain
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
# if you have some interdomain connections via TLS
if(uri=~"@domainA.net") {
t_relay("tls:sipserver.domainA.net:5061");
xlog("L_INFO", "Time [%Tf] Route to ces.net :%rm RURI:%ru FROM:%fu TO:%tu \n buffer %mb \n flags \n %mf \n");
exit;
} else if(uri=~"@domainB.net") { t_relay("tls:sipserver.domainB.net:5061");
xlog("L_INFO", "Time [%Tf] Route to ten.cz :%rm
RURI:%ru FROM:%fu TO:%tu \n buffer %mb \n flags \n
%mf \n"); exit;
}
route(1);
};