Goal (short description)

Communication between the User Agent and the home proxy is encrypted using TLS.

Applicability

We enable end-users of domain A to communicate with end-users in domain B over their home proxy to the proxy of domain B. All connections use TLS:

      User Agent A  ->  proxy domainA 

Prerequisites (OS, dependencies on other software)

• Debian 4r1
• OpenSER version 1.2

Configuration  

OpenSER proxy configuration:

1. add the certificate chain of the other proxy in PEM format to the CA list file in /usr/local/etc/openser/user/user-calist.pem. You can open the file in a text editor and add the certificate string at the end of the file. 
2. add routing logic in the openser.cfg file:

        # check for requests targeted out of our domain
        if (!uri==myself) {
                # mark routing logic in request
                append_hf("P-hint: outbound\r\n");
                # destination DomainA
                if(uri=~"@domainA.net") {
                        t_relay("tls:sipserver.domainA.net:5061");
                        xlog("L_INFO", "Time [%Tf] Route to ces.net :%rm RURI:%ru  FROM:%fu TO:%tu \n buffer %mb \n flags \n %mf \n");
                        exit;
                }
                route(1);
        };

SER proxy configuration:

OS specific help

Reminder: this example is based on a compiled version of openSER where the config is in /usr/local/etc/openser and the certificates are in /usr/local/etc/openser/tls/user, which might differ when installed from packages.