This module contains methods for IPSec initialisation/deinitialisation related for usage of Kamailio as a Proxy-CSCF. Kamailio process needs specific permssions in order to manage IPSec tunnels, if executed by non-root user be sure to allow needed capabilities. Example 1.1. Systemd override configuration [Service] AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
| Parámetro | Tipo | Descripción |
|---|---|---|
| ipsec_listen_addr | string | 3.2. ipsec_listen_addr6 (string) 3.3. ipsec_client_port (int) 3.4. ipsec_server_port (int) 3.5. ipsec_listen_name (string) 3.6. ipsec_listen_agname (string) 3.7. ipsec_max_connections (int) 3.8. ipsec |
| ipsec_listen_addr6 | string | 3.3. ipsec_client_port (int) 3.4. ipsec_server_port (int) 3.5. ipsec_listen_name (string) 3.6. ipsec_listen_agname (string) 3.7. ipsec_max_connections (int) 3.8. ipsec_reuse_server_port (int) 3.9. ips |
| ipsec_client_port | int | 3.4. ipsec_server_port (int) 3.5. ipsec_listen_name (string) 3.6. ipsec_listen_agname (string) 3.7. ipsec_max_connections (int) 3.8. ipsec_reuse_server_port (int) 3.9. ipsec_spi_id_start (int) 3.10. i |
| ipsec_server_port | int | 3.5. ipsec_listen_name (string) 3.6. ipsec_listen_agname (string) 3.7. ipsec_max_connections (int) 3.8. ipsec_reuse_server_port (int) 3.9. ipsec_spi_id_start (int) 3.10. ipsec_spi_id_range (int) 3.11. |
| ipsec_listen_name | string | 3.6. ipsec_listen_agname (string) 3.7. ipsec_max_connections (int) 3.8. ipsec_reuse_server_port (int) 3.9. ipsec_spi_id_start (int) 3.10. ipsec_spi_id_range (int) 3.11. ipsec_preferred_alg (string) 3. |
| ipsec_listen_agname | string | 3.7. ipsec_max_connections (int) 3.8. ipsec_reuse_server_port (int) 3.9. ipsec_spi_id_start (int) 3.10. ipsec_spi_id_range (int) 3.11. ipsec_preferred_alg (string) 3.12. ipsec_preferred_ealg (string) |
| ipsec_max_connections | int | 3.8. ipsec_reuse_server_port (int) 3.9. ipsec_spi_id_start (int) 3.10. ipsec_spi_id_range (int) 3.11. ipsec_preferred_alg (string) 3.12. ipsec_preferred_ealg (string) |
| ipsec_reuse_server_port | int | 3.9. ipsec_spi_id_start (int) 3.10. ipsec_spi_id_range (int) 3.11. ipsec_preferred_alg (string) 3.12. ipsec_preferred_ealg (string) |
| ipsec_spi_id_start | int | 3.10. ipsec_spi_id_range (int) 3.11. ipsec_preferred_alg (string) 3.12. ipsec_preferred_ealg (string) |
| ipsec_spi_id_range | int | 3.11. ipsec_preferred_alg (string) 3.12. ipsec_preferred_ealg (string) |
| ipsec_preferred_alg | string | 3.12. ipsec_preferred_ealg (string) |
| ipsec_preferred_ealg | string | 3.1. ipsec_listen_addr (string) |
| ipsec_listen_addr | string | IP address which the Proxy-CSCF will use for incoming/outgoing SIP traffic over IPSec. |
| ipsec_listen_addr6 | string | IPv6 address which the Proxy-CSCF will use for incoming/outgoing SIP traffic over IPSec. |
| ipsec_client_port | int | Port number which will be bound for incoming (server) IPSec traffic. |
| ipsec_server_port | int | Port number which will be bound for incoming (server) IPSec traffic. |
| ipsec_listen_name | string | Set a common prefix to build listen socket names. Default value: not set. |
| ipsec_listen_agname | string | Set async (action) workers group name for udp sockets for multi-threaded reading. Default value: not set. |
| ipsec_max_connections | int | Maximum simultaneous IPSec connections |
| ipsec_reuse_server_port | int | Reuse (1) or not (0) the P-CSCF IPSec information for Re-registration for one UA. When set to 0 - During Re-registration P-CSCF will create new IPSec tunnels. When set to 1 - During Re-registration P- |
| ipsec_spi_id_start | int | Each IPSec tunnel has a unique system-wide identifier. This and the following option allows to tune the SPIs used by Kamailio in order to avoid collisions with other IPSec useres. If Kamailio is the o |
| ipsec_spi_id_range | int | How many SPIs to be allocated for the process. E.g. if ipsec_spi_id_start = 100 and ipsec_spi_id_range = 1000, SPIs between 100 and 1100 will be used. |
| ipsec_preferred_alg | string | A name of an authentication algorithm which the Proxy-CSCF will prefer when creating IPSec tunnels. |
| ipsec_preferred_ealg | string | A name of an encrytion algorithm which the Proxy-CSCF will prefer when creating IPSec tunnels. |
4.2. ipsec_forward(domain, flags) 4.3. ipsec_destroy(domain [, aor]) 4.4. ipsec_destroy_by_contact(domain, aor, recv_host, recv_port)
4.3. ipsec_destroy(domain [, aor]) 4.4. ipsec_destroy_by_contact(domain, aor, recv_host, recv_port)
4.4. ipsec_destroy_by_contact(domain, aor, recv_host, recv_port)
4.1. ipsec_create(domain)
This function creates IPSec SA and Policy based on the parameters sent in Security-Client header in the REGISTER message. It's called when OK is received. The function also adds Security-Server header to the REGISTER.
The function processes redirects outgoing message via the IPSec tunnel initiated with ipsec_create().
The function destroys IPSec tunnel, created with ipsec_create.
The function destroys IPSec tunnel, created with ipsec_create.
... ipsec_destroy_by_contact("location", "...", "...", "..."); ...
Copyright © 2007 FhG FOKUS
Copyright © 2012 Smile Communications
Copyright © 2015 ng-voice GmbH
