Simple TLS Gateway
Well, 2020 is certainly a strange year… Some of us have been working from home for a very long time while others are now just understanding the benefits. Of course, when a drastic change in work environment becomes a forced change, the implementation can be quite daunting.
Let’s look at telephony for example.
Many small, medium, and even enterprise PBX deployments have been designed to only allow endpoints (aka phones) to connect from within the local network.
So, how can you allow remote connectivity to your pbx without changing your PBX?
Enter Kamailio - The Open Source SIP Server
Kamailio (successor of former OpenSER and SER) is an Open Source SIP Server released under GPL, able to handle thousands of call setups per second. Kamailio can be used to build large platforms for VoIP and realtime communications – presence, WebRTC, Instant messaging and other applications. Moreover, it can be easily used for scaling up SIP-to-PSTN gateways, PBX systems or media servers like Asterisk™, FreeSWITCH™ or SEMS.
One feature that truly shines for our work from home scenario focuses on some of Kamailio bridging capabilities. Kamailio can bridge TLS (secure) connections from the outside work (aka work from home) to UDP “connections” on the local network (aka to the PBX).
By combining Kamailio with RTPengine, you can also bridge secure audio (SRTP) on the outside to normal audio (RTP) on the inside.
The concept allows you to replace the PBXIP with your PBX’s IP address, and public/private/domain as well. You can easily use Let’s Encrypt to get an SSL certificate for your domain.
Endpoints appear to the PBX as on the local network. In most cases, no configuration changes would be needed to your PBX whatsoever.
I’ve posted an example TLS/SRTP bridge config on my github repo
Hope this helps you… if you have any questions, comments, please don’t hesitate to reach out.