Kamailio is a high-performance, open-source SIP server capable of handling thousands of call setups per second. It functions as a SIP proxy, registrar, location server, and application server. Kamailio is commonly deployed in front of media servers like Asterisk to handle SIP routing, load balancing, and authentication at scale. This guide covers installing Kamailio 6.1 on Rocky Linux 10/9 or AlmaLinux 10/9 with MariaDB backend, firewall configuration, and SIP user management.

Prerequisites

  • Rocky Linux 10/9 or AlmaLinux 10/9 server
  • Root or sudo access
  • Minimum 1 GB RAM (2 GB recommended for production)
  • Ports: 5060/UDP+TCP (SIP), 5061/TCP (SIP TLS)
  • Static IP address or FQDN for SIP routing

Step 1: Update System and Set SELinux

Update all packages:

sudo dnf -y update

Set SELinux to permissive mode. Kamailio needs this to bind to SIP ports and access the database socket:

sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

Verify:

$ getenforce
Permissive

Step 2: Add Kamailio YUM Repository

Kamailio provides official RPM repositories for Rocky Linux, AlmaLinux, and RHEL. Download the repo configuration file:

# Rocky Linux
sudo curl -o /etc/yum.repos.d/kamailio.repo https://rpm.kamailio.org/rocky/kamailio.repo

# AlmaLinux
sudo curl -o /etc/yum.repos.d/kamailio.repo https://rpm.kamailio.org/alma/kamailio.repo

# RHEL
sudo curl -o /etc/yum.repos.d/kamailio.repo https://rpm.kamailio.org/rhel/kamailio.repo

Verify the repository is available:

$ sudo dnf repolist | grep kamailio
kamailio              Kamailio - latest - Packages for the Kamailio latest release

Step 3: Install MariaDB Database Server

Kamailio uses a database backend to store user registrations, routing rules, and accounting data. Install and configure MariaDB:

sudo dnf -y install mariadb-server
sudo systemctl enable --now mariadb

Secure the installation:

sudo mysql_secure_installation

Answer y to all prompts and set a strong root password. Verify access:

$ sudo mysql -u root -p -e "SELECT VERSION();"
+------------------+
| VERSION()        |
+------------------+
| 10.5.22-MariaDB  |
+------------------+

Step 4: Install Kamailio SIP Server

Install the core Kamailio packages along with the MySQL module, TLS support, and other commonly needed modules:

sudo dnf -y install kamailio kamailio-mysql kamailio-tls kamailio-websocket kamailio-presence kamailio-utils kamailio-json kamailio-outbound

Verify the installed version:

$ kamailio -version
version: kamailio 6.1.1 (x86_64/Linux)

Step 5: Connect Kamailio to the Database

Edit the Kamailio control tool configuration:

sudo vi /etc/kamailio/kamctlrc

Uncomment and set these values:

SIP_DOMAIN=192.168.1.10
DBENGINE=MYSQL
DBHOST=localhost

Replace 192.168.1.10 with your server’s IP address or SIP domain. This is the domain part of SIP URIs (e.g., sip:[email protected]).

Create all databases and tables required by Kamailio:

$ sudo kamdbctl create
MySQL password for root: <Enter MariaDB root password>
INFO: creating database kamailio ...
INFO: granting privileges to database kamailio ...
INFO: Core Kamailio tables successfully created.
Create the presence related tables? (y/n): y
INFO: Presence tables successfully created.
Create the tables for imc cpl siptrace domainpolicy carrierroute
    drouting userblocklist htable purple uac pipelimit mtree sca mohqueue
    rtpproxy rtpengine secfilter ims_icscf? (y/n): y
INFO: Extra tables successfully created.
Create the tables for uid_auth_db uid_avp_db uid_domain uid_gflags
    uid_uri_db? (y/n): y
INFO: UID tables successfully created.

This creates two database users automatically:

  • kamailio (password: kamailiorw) – read/write access
  • kamailioro (password: kamailioro) – read-only access

Change these default passwords for production deployments:

sudo mysql -u root -p -e "ALTER USER 'kamailio'@'localhost' IDENTIFIED BY 'YourStrongPassword'; ALTER USER 'kamailioro'@'localhost' IDENTIFIED BY 'YourReadOnlyPassword'; FLUSH PRIVILEGES;"

If you change the kamailio password, update it in /etc/kamailio/kamailio.cfg at the DBURL parameter and in /etc/kamailio/kamctlrc at DBRWPW.

Step 6: Configure Kamailio

Edit the main Kamailio configuration file:

sudo vi /etc/kamailio/kamailio.cfg

Add the following defines just below the #!KAMAILIO line at the top of the file to enable MySQL authentication, user location database, NAT traversal, and presence:

#!define WITH_MYSQL
#!define WITH_AUTH
#!define WITH_USRLOCDB
#!define WITH_NAT
#!define WITH_PRESENCE
Kamailio configuration file with MySQL and authentication defines

To listen on all interfaces (required for remote SIP clients), find the listen directive and set it to your server IP or 0.0.0.0:

# In /etc/kamailio/kamailio.cfg
listen=udp:0.0.0.0:5060
listen=tcp:0.0.0.0:5060

Step 7: Start and Enable Kamailio

sudo systemctl enable --now kamailio

Verify the service is running:

$ sudo systemctl status kamailio
 kamailio.service - Kamailio - the Open Source SIP Server
     Loaded: loaded (/usr/lib/systemd/system/kamailio.service; enabled; preset: disabled)
     Active: active (running)
   Main PID: 15024 (kamailio)
      Tasks: 26

Confirm Kamailio is listening on SIP ports:

$ ss -tulnp | grep kamailio
udp   UNCONN 0  0  0.0.0.0:5060  0.0.0.0:*  users:(("kamailio"...))
tcp   LISTEN 0  1024  0.0.0.0:5060  0.0.0.0:*  users:(("kamailio"...))

Step 8: Configure Firewall

Open the SIP signaling ports in the firewall:

sudo firewall-cmd --permanent --add-port=5060/udp
sudo firewall-cmd --permanent --add-port=5060/tcp
sudo firewall-cmd --permanent --add-port=5061/tcp
sudo firewall-cmd --reload

If you are using RTPProxy for media relay, also open the RTP port range:

sudo firewall-cmd --permanent --add-port=10000-20000/udp
sudo firewall-cmd --reload

Verify the open ports:

$ sudo firewall-cmd --list-ports
5060/udp 5060/tcp 5061/tcp

Step 9: Create SIP Users

Use the kamctl tool to add SIP subscriber accounts:

sudo kamctl add user1 SecurePassword123
sudo kamctl add user2 AnotherPass456

List registered users:

sudo kamctl db show subscriber

These SIP accounts can now be used with any SIP client (Ooma, Twinkle, Linphone, Zoiper, MicroSIP). Connect to your server IP on port 5060 with the username and password created above.

Step 10: Test with a SIP Client

Configure a SIP softphone with these settings:

  • SIP Server: Your server IP (e.g., 192.168.1.10)
  • Port: 5060
  • Username: user1
  • Password: SecurePassword123
  • Transport: UDP or TCP

After registration, call between user1 and user2 to verify audio works. Check active registrations:

sudo kamctl ul show

Troubleshooting

Check Kamailio logs for errors:

sudo journalctl -u kamailio -f

Validate the configuration file syntax before restarting:

sudo kamailio -c

If the database connection fails, verify the credentials in /etc/kamailio/kamailio.cfg match what MariaDB has for the kamailio user. Common issues:

  • Config syntax error: Run kamailio -c to find the exact line
  • Port already in use: Check with ss -tulnp | grep 5060
  • DB connection refused: Verify MariaDB is running and credentials are correct
  • SIP registration fails: Check that SIP_DOMAIN in kamctlrc matches what the client uses

Conclusion

Kamailio 6.1 is now running on your Rocky Linux / AlmaLinux server with MariaDB backend, SIP user authentication, and firewall rules in place. For production environments, enable TLS on port 5061 for encrypted SIP signaling, integrate with RTPProxy or RTPEngine for media relay, and set up monitoring with SNMP statistics.

Related guides:

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here