Hi Karsten, interesting scenario, thanks. Regarding TLS off-loading its of course less useful then.
Cheers, Henning -- Henning Westerholt β https://skalatan.de/blog/ Kamailio services β https://gilawa.com<https://gilawa.com/> From: Karsten Horsmann <[email protected]> Sent: Dienstag, 15. August 2023 20:24 To: Kamailio (SER) - Users Mailing List <[email protected]> Subject: [SR-Users] Re: Kamailio behind TLS-TCP load balancer Hi, an benefit from using the AWS loadbalancer is the included DDOS prevention. Jonas Swiatek gave that as tipp to me. He simple setup self-signed certs on the Kamailio behind the NLB loadbalancer. So it's Internet -> TLS NLB/AWS loadbalancer -> TLS self-signed Kamailio. Should solve your problems. Kind regards Karsten Horsmann Henning Westerholt <[email protected]<mailto:[email protected]>> schrieb am Sa., 12. Aug. 2023, 11:09: Hello David, the simplest way is of course to just not use the AWS load-balancer. π Do you have performance concerns using Kamailio for that purpose? As you probably know, SIP as a protocol is not really suited for this kind of cloud balancing infrastructure, which targets more HTTP and other protocols. And Kamailio in a load-balancer scenario is usually the first TLS/TCP/UDP endpoint to reach from the client point of view. Cheers, Henning -- Henning Westerholt β https://skalatan.de/blog/ Kamailio services β https://gilawa.com<https://gilawa.com/> From: David Villasmil <[email protected]<mailto:[email protected]>> Sent: Samstag, 12. August 2023 02:55 To: Kamailio (SER) - Users Mailing List <[email protected]<mailto:[email protected]>> Subject: [SR-Users] Kamailio behind TLS-TCP load balancer Hello all, Iβm having lots of problems when trying to configure Kamailio behind an AWS tls load balancer to offload tls and receive on tcp on Kamailio. Everything else inside is UDP. I found I need to manually add record-route presets every time and invite comes in. And when trying to forward an ACK to the client via tls/tcp load balancer Kamailio complaint the socket is not TLS so it fails. Is there a simpler way of doing this via some parameters I donβt know? Thanks for helping me with this! David -- Regards, David Villasmil email: [email protected]<mailto:[email protected]> phone: +34669448337 __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected]<mailto:[email protected]> Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
