It looks pretty clear to me. I think whenever kamailio “sees” that protocol specification it will switch to that. Have you tried forcing the socket? Just wondering whether that would work.
On Wed, 9 Oct 2019 at 20:33, Joel Serrano <[email protected]> wrote: > Hi everyone, > > I was giving a try to setup Kamailio with a Cloud TCP load balancer in > front, taking advantage of the newly added proxy protocol compatibility and > my initial tests went very well. > > Flow: client -> (tcp) -> load balancer -> (tcp) -> Kamailio TCP socket > > I then did another quick test and enabled TLS, also with good results: > > Flow: client -> (tls) -> load balancer -> (tls) -> Kamailio TLS socket > > So far so good, proxy protocol works as expected. > > I wanted to go one step further and see if I could somehow offload SSL > operations at the load balancer level, and leave kamailio handling plain > tcp. > > Flow: client -> (tls) -> load balancer -> (tcp) -> Kamailio TCP socket > > This partially worked, and before I start digging into what I have to do > to get it completely working, I'd like to know if anyone already has a > similar setup, or even if Kamailio is able to handle such a scenario, the > reason I'm asking is because of the headers, etc. > > In this last scenario, I receive in a TCP socket, a request with TLS > headers all over the place.. > > INVITE sip:[email protected]:60655 SIP/2.0 > Via: SIP/2.0/TLS 192.168.1.16:60717;branch=z9hG4bK.KmUpamn5P;rport > From: ... > To: ... > CSeq: 21 INVITE > Call-ID: -j1QSnam9o > Max-Forwards: 70 > Route: <sip:sbc-test2.mydomain.com:443;lr> > Supported: replaces, outbound > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, > INFO, UPDATE > Content-Type: application/sdp > Content-Length: 436 > Contact: > <sip:[email protected]:60717;transport=tls>;+sip.instance="<urn:uuid:fabcb441-a348-49a7-948d-72448d6840eb>" > > > I then forward this request via UDP to subsequent proxies for further > processing, on the replies, my payload information back to the client > should be TLS, although sent via a TCP socket.. > > Is this something that will not work by design? Is there any hack I can > take advantage of? > > The goal would be for Kamailio to handle TLS headers via TCP socket, as > the client expects TLS information, but the actual traffic should go in > plan TCP, and the load balancer will take care of re-encrypting before > replying to the client. > > Any ideas/suggestions/comments? > > I hope this email is understandable, I find it complicated to detail the > exact problem, feel free to ask any questions if you don't understand > anything. > > Thanks, > Joel. > > > > > > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > -- Regards, David Villasmil email: [email protected] phone: +34669448337
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
