Am Donnerstag, 16. August 2018, 11:57:03 CEST schrieb Kevin Olbrich: > I am working successfully with Kamailio in my lab setup where Kamailio is > the SBC for Asterisk. > The network layout is looking like this: > > SIP-Phone <== PUBLIC NET ==> Kamailio (SBC) <== PRIVATE NET ==> Asterisk > <== PUBLIC NET ==> Carrier > > Each public network is reachable from the internet and has a local firewall > with IP whitelists. > The internal SIP transactions are UDP-only but for external phones I would > like to also listen for TCP/TLS. > > For this layout to work with rtpproxy (before we move on to RTPengine), we > have to enable mhomed in Kamailio. > We also have some routing issues with packets leaving with the wrong IP via > rtpproxy (when call between carrier and external phone needs to be bridged). > > Most examples show that Asterisk is deployed on the same network as the > external interface of Kamailio (-> Asterisk exposed to the public network). > In our tests, this works much better but I have great security concerns > because this Asterisk instance itself does not need to be reachable from > external. > > How do other users deploy Kamailio in front of Asterisk or similar as SBC > to secure internals? > There is lot of docs for Kamailio's config but IMHO less for the setup as > DMZ (SBC) proxy.
Hello Kevin, this is indeed a common setup to protect asterisk and to have also much greater flexibility with regards to balancing and/or SIP message adaptions. To get some ideas, have a look to the last years conferences available here: https://www.kamailio.org/events/ There should be some talks about using Kamailio to in front of asterisk, the talk name is usually in the file name. I think even on this year cluecon Fred Posner did a talk about Kamailio as Edge Proxy, and also on astricon there were some talks about this scenario if I remember correctly. You should also find in the Kamailio World or FOSDEM talks a lot of information about this scenario. You find all the talks available from Kamailio World in our youtube channel: https://www.youtube.com/kamailioworld Best regards, Henning -- Henning Westerholt https://skalatan.de/blog/ _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
