diff --git a/src/modules/ims_ipsec_pcscf/README b/src/modules/ims_ipsec_pcscf/README new file mode 100644 index 00000000000..06125e23b77 --- /dev/null +++ b/src/modules/ims_ipsec_pcscf/README @@ -0,0 +1,248 @@ +The IMS IPSec-Registrar Module + +Dragos Vingarzan + + FhG Fokus + + +Jason Penton + + Smile Communications + + +Richard Good + + Smile Communications + + +Carsten Bock + + ng-voice GmbH + + +Tsvetomir Dimitrov + + + + Copyright © 2007 FhG FOKUS + + Copyright © 2012 Smile Communications + + Copyright © 2015 ng-voice GmbH + __________________________________________________________________ + + Table of Contents + + 1. Admin Guide + + 1. Overview + 2. Dependencies + + 2.1. Kamailio Modules + 2.2. External Libraries or Applications + + 3. Parameters + + 3.1. ipsec_listen_addr (string) + 3.2. ipsec_listen_addr6 (string) + 3.3. ipsec_client_port (int) + 3.4. ipsec_server_port (int) + 3.5. ipsec_spi_id_start (int) + 3.6. ipsec_spi_id_range (int) + + 4. Functions + + 4.1. ipsec_create(domain) + 4.2. ipsec_forward(domain) + 4.3. ipsec_destroy(domain) + + List of Examples + + 1.1. ipsec_listen_addr parameter usage + 1.2. ipsec_listen_addr6 parameter usage + 1.3. ipsec_client_port parameter usage + 1.4. ipsec_server_port parameter usage + 1.5. ipsec_spi_id_start parameter usage + 1.6. ipsec_spi_id_range parameter usage + 1.7. ipsec_create + 1.8. ipsec_forward + 1.9. ipsec_forward + +Chapter 1. Admin Guide + + Table of Contents + + 1. Overview + 2. Dependencies + + 2.1. Kamailio Modules + 2.2. External Libraries or Applications + + 3. Parameters + + 3.1. ipsec_listen_addr (string) + 3.2. ipsec_listen_addr6 (string) + 3.3. ipsec_client_port (int) + 3.4. ipsec_server_port (int) + 3.5. ipsec_spi_id_start (int) + 3.6. ipsec_spi_id_range (int) + + 4. Functions + + 4.1. ipsec_create(domain) + 4.2. ipsec_forward(domain) + 4.3. ipsec_destroy(domain) + +1. Overview + + This module contains methods for IPSec initialisation/deinitialisation + related for usage of Kamailio as a Proxy-CSCF. + +2. Dependencies + + 2.1. Kamailio Modules + 2.2. External Libraries or Applications + +2.1. Kamailio Modules + + The Following modules must be loaded before this module: + * Usrloc PCSCF + * TM + +2.2. External Libraries or Applications + + This modules requires the internal IMS library and libmnl for operating + with netlink sockets. + +3. Parameters + + 3.1. ipsec_listen_addr (string) + 3.2. ipsec_listen_addr6 (string) + 3.3. ipsec_client_port (int) + 3.4. ipsec_server_port (int) + 3.5. ipsec_spi_id_start (int) + 3.6. ipsec_spi_id_range (int) + +3.1. ipsec_listen_addr (string) + + IP address which the Proxy-CSCF will use for incoming/outgoing SIP + traffic over IPSec. + + Default value is empty string (null) - IPv4 listen interface will not + be added + + Example 1.1. ipsec_listen_addr parameter usage +... +modparam("ims_ipsec_pcscf", "ipsec_listen_addr", "") +... + +3.2. ipsec_listen_addr6 (string) + + IPv6 address which the Proxy-CSCF will use for incoming/outgoing SIP + traffic over IPSec. + + Default value is empty string (null) - IPv6 listen interface will not + be added + + Example 1.2. ipsec_listen_addr6 parameter usage +... +modparam("ims_ipsec_pcscf", "ipsec_listen_addr6", "") +... + +3.3. ipsec_client_port (int) + + Port number which will be bound for incoming (server) IPSec traffic. + + Default value is 5963. + + Example 1.3. ipsec_client_port parameter usage +... +modparam("ims_ipsec_pcscf", "ipsec_client_port", 5062) +... + +3.4. ipsec_server_port (int) + + Port number which will be bound for incoming (server) IPSec traffic. + + Default value is 5063. + + Example 1.4. ipsec_server_port parameter usage +... +modparam("ims_ipsec_pcscf", "ipsec_server_port", 5063) +... + +3.5. ipsec_spi_id_start (int) + + Each IPSec tunnel has a unique system-wide identifier. This and the + following option allows to tune the SPIs used by Kamailio in order to + avoid collisions with other IPSec useres. If Kamailio is the only + process on the system which uses IPSec, don't bother with this option. + + Default value is 100. + + Example 1.5. ipsec_spi_id_start parameter usage +... +modparam("ims_ipsec_pcscf", "ipsec_spi_id_start", 100) +... + +3.6. ipsec_spi_id_range (int) + + How many SPIs to be allocated for the process. E.g. if + ipsec_spi_id_start = 100 and ipsec_spi_id_range = 1000, SPIs between + 100 and 1100 will be used. + + Default value is 1000. + + Example 1.6. ipsec_spi_id_range parameter usage +... +modparam("ims_ipsec_pcscf", "ipsec_spi_id_range", 1000) +... + +4. Functions + + 4.1. ipsec_create(domain) + 4.2. ipsec_forward(domain) + 4.3. ipsec_destroy(domain) + +4.1. ipsec_create(domain) + + This function creates IPSec SA and Policy based on the parameters sent + in Security-Client header in the REGISTER message. It's called when OK + is received. The function also adds Security-Server header to the + REGISTER. + + Meaning of the parameters is as follows: + * domain - Logical domain within the registrar. If a database is used + then this must be name of the table which stores the contacts. + + Example 1.7. ipsec_create +... +ipsec_create("location"); +... + +4.2. ipsec_forward(domain) + + The function processes redirects outgoing message via the IPSec tunnel + initiated with ipsec_create(). + + Meaning of the parameters is as follows: + * domain - Logical domain within the registrar. If a database is used + then this must be name of the table which stores the contacts. + + Example 1.8. ipsec_forward +... +ipsec_forward("location"); +... + +4.3. ipsec_destroy(domain) + + The function destroys IPSec tunnel, created with ipsec_create. + + Meaning of the parameters is as follows: + * domain - Logical domain within the registrar. If a database is used + then this must be name of the table which stores the contacts. + + Example 1.9. ipsec_forward +... +ipsec_destroy("location"); +...