Using the repro SIP proxy with Asterisk or FreeSWITCH

Introduction

repro is one of the simplest SIP proxies to install and configure, yet it has a very complete and thorough implementation of the SIP protocol and related standards, such as TLS encryption and ENUM

Therefore, it is an ideal choice as a first SIP proxy or for a low-maintenance site. It can also grow to meet the demands of a more complicated site.

Proposed architecture

The architecture described here involves the following:

  • The repro SIP proxy is the main point of connection for all SIP phones, using TLS
  • All calls to/from third party domains on the public Internet go through the SIP proxy
  • The PBX connects directly to the Internet, but only for connecting to a dedicated VoIP carrier (for inbound and outbound PSTN connection). Only necessary if the VoIP carrier does not support TLS.
  • Whenever a user dials a numeric destination, repro does NOT relay directly to the target phone: instead, the call is routed via a PBX (either Asterisk or FreeSWITCH). The PBX can therefore provide other services, like voicemail, if the call is not answered

Technical notes about this model

  • repro itself has no support for NAT traversal: for effective and 100% reliable NAT traversal, all SIP clients must support ICE/STUN/TURN and a TURN server (such as reTurnServer) must be installed too
  • As calls are routed through the PBX, the PBX can perform NAT traversal for any endpoint that does not support ICE/STUN/TURN: this is a very convenient solution. Just enable nat=yes in the peer definition on the PBX
  • Asterisk has particularly troublesome TLS and TCP support, and works best with UDP. Therefore, UDP is used between repro and Asterisk. As UDP is not encrypted, it is recommended that repro and Asterisk run on the same box. As SIP messages today are often larger than the 1500 byte default MTU of ethernet, it is recommended that a 4096 byte or larger MTU is supported
  • In fact, the different transport (UDP) is used to give the repro proxy a way to distinguish which INVITE messages must go through Asterisk. The use of both TLS and UDP is an essential part of this model.

How to do it

If you haven't used repro or even VoIP before, it is recommended that you start by deploying repro with TLS as a standalone SIP proxy, without Asterisk. Verify that phones can connect to repro and appear in the Registrations table in the web interface. See the federated VoIP quick start guide for step-by-step instructions.

repro configuration

Install repro as usual, for example, on Debian or Ubuntu, apt-get install repro

In repro.config, Set up two transports, TLS for all phones and the Internet, UDP for the PBX:


Transport1Interface = A.B.C.D:5061
Transport1Type = TLS
Transport1TlsDomain = sip-proxy.example.org
Transport1TlsClientVerification = Optional
Transport1RecordRouteUri = sip:sip-proxy.example.org;transport=TLS

Transport2Interface = A.B.C.D:5062
Transport2Type = UDP
Transport2RecordRouteUri = sip:A.B.C.D:5062;transport=UDP

In the sample above, replace A.B.C.D with the real IP address of the proxy, and replace sip-proxy.example.org with the actual domain name used in the TLS certificate

Everything else can be set up by following the instructions from the federated VoIP quick start guide.

In the web interface for repro, it is necessary to add a route forcing all numeric dialing via the PBX:

Parameter Value
URI ^sip:([0-9]*)@sip-proxy\.example\.org;.*transport=tls
Destination sip:$1@A.B.C.D:5060;transport=udp

Notice the destination is A.B.C.D:5060. Once again, replace with the actual IP address of the PBX (which may be the same as the IP address of the SIP proxy if both processes run on the same box). Notice also the port, it is assumed here that both processes are on the same box, repro is using UDP port 5062 and the PBX is using the default value, 5060

Finally, in the web interface again, go the the ACLS page and add the IP address and UDP port of the PBX.

It is recommended to restart the repro process after entering all the configuration settings.

PBX (Asterisk or FreeSWITCH) configuration

Set up the sip.conf using some of these settings:


; should match the realm used by the proxy
realm=sip-proxy.example.org
domain=sip-proxy.example.org
fromdomain=sip-proxy.example.org
port=5060
bindaddr=A.B.C.D

; follow this pattern to define a user
[8001]
username=8001
secret=whatever
host=dynamic
canreinvite=no
mailbox=8001
nat=yes

and make sure that dial commands in the extensions.conf file are like so:


exten => _8XXX,n,Dial(SIP/${EXTEN}@sip-proxy.example.org,45)

AttachmentSize
repro-with-pbx.png52.78 KB