On 3/10/2010 10:48 AM, Erik Schwartz wrote:
-----Original Message-----
From: Ovidiu Sas [mailto:[email protected]]
Sent: Tuesday, March 09, 2010 11:55
To: Erik Schwartz
Cc: [email protected]
Subject: Re: [on-asterisk] OpenSIPS/OpenSER
If you want to use a TLS connection via opensips, then calls from
asterisk to the registered device will need to go via opensips and
in this case you want the asterisk registration to point to the
opensips server ... unless I am missing something here.
First, I apologize for continuing the thread here, but it's the only place
I'm getting any tidbits that let me progress through my problem. Bogdan
started a thread with me, but has since let it die...
Now, the end-goal is to protect the dialtone. Since Asterisk doesn't support
TLS until 1.6 (and from what I understand it's still buggy), I'm trying to
work through OpenSIPS. PBXware is using * 1.4... so we don't have an option.
What I thought made sense (please correct me if I'm wrong), is that when a
UAD is trying to register to our system, they point their registrar to the
OpenSIPS machine with TLS enabled (it's not enabled yet, I'm trying to
register correctly first before I work on TLS), if the UAD authenticates,
the registration should be relayed to Asterisk. What I'd like it to do, is
register in Asterisk with the public IP of the UAD. The logic is that if a
call is coming through our Asterisk, the device has already authenticated
through OpenSIPS and I can assume that they are cool to us. This way, I can
manage all the extension properties (ie: CallerID, etc) through our
Asterisk.
For extension to extension calling, Ext A would dial out through OpenSIPS,
because that's where it's proxy is pointed to, OpenSIPS would relay to
Asterisk, Asterisk would send the call to Ext B directly, because (ideally)
the public IP of Ext B would be known.
I would expect Ext B to reject the call because it is expecting the
incoming INVITE to come over TLS (the registration was done over TLS).
And if you have a NATed client and the INVITE is sent over UDP by
asterisk directly to the Ext B, the INVITE will be dropped by Ext Bs
firewall.
In a standard scenario, asterisk would send the call to opensips and
opensips would relay the call to Ext B, but in this case, the right
thing to do is to let all extensions to register to opensips and in
asterisk you defined all extensions as statically registered at the IP
of opensips.
In the end, it all depends on how do you want to design the topology of
your VoIP network and the specificity of your traffic (you want TLS, you
may or may not have NATed clients and so on ...).
Regards,
Ovidiu Sas
I'm pretty new to OpenSIPS and my end goal is to protect the dialtone, so if
you've got a better way, I'm all ears.
Erik.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
