Hello Colin,<br><br>While I completely agree with you, this is what the client want, as he already has this working with asterisk (which was patched to support this), and he doesn't want to change the architecture... what can I say?<br><br>The tcp leg is on a private network, by the way.<br><br>David<br><div class="gmail_quote"><div dir="ltr">On Mon, May 15, 2017 at 3:26 PM Colin Morelli <<a href="mailto:colin.morelli@gmail.com">colin.morelli@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi David,<div><br></div><div>This isn't an answer to your question - I'm not sure I have one for you right now.</div><div><br></div><div>However, I've seen a few messages from you now about trying to get this sips/sip stuff working, and I'm curious to know why you're jumping through these hoops to make this work? The entire purpose of sips is that it should be encrypted end to end. Is there a point in pretending to the client as though they're using sips when they're actually using an insecure connection in the middle? Is there a particular client you're trying to cooperate with that needs this? You can still get TLS working over the public side of the connection (using ;transport=tls in the SIP URI), while allowing for insecure transports in your private network. This seems to be ultimately what you want.</div><div><br></div><div>I'm sure you can get this to work, and I'm sure there's an answer - it just seems like you're going to end up with something fairly fragile. It seems like something you'd want to avoid unless you absolutely can't.</div><div><br></div><div>Best,</div><div>Colin </div></div><div class="gmail_extra"><br><div class="gmail_quote"></div></div><div class="gmail_extra"><div class="gmail_quote">On Mon, May 15, 2017 at 9:20 AM, David Villasmil <span dir="ltr"><<a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a>></span> wrote:<br></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello guys,<div><br></div><div>I'm listening on port 443 for tls and 5111 for tcp.</div><div><br></div><div>Client registers on 443 and makes a call over tls which kamailio forwards over tcp.</div><div><br></div><div>Because freeswitch doesn't support "sips" yet, when replies come back from freeswitch (which contact set as "sip:" i manually change that tp "sips:" for the client to not die with "SIPS Required".</div><div><br></div><div>Call is established and the client responds with ACK. At this point i need to change back the contact "sips:" to "sip:".</div><div><br></div><div>This is the route that changes it:</div><div><br></div><div><div>route[FIXCONTACT] {</div><div><br></div><div> # This is freeswitch sending a message, so we change "sip:" to "sips:"</div><div> xlog("L_ERR","[FIXCONTACT]: User-Agent is: $ua\n");</div><div><br></div><div> if( $ua =~ "^FreeSWITCH" ) {<br></div><div> if( subst('/^(Contact:.*)sip:/\1sips:/') ) {</div><div> xlog("L_ERR","[FIXCONTACT]: Method $rm Status $rs Changed contact coming from freeSWITCH from sip to sips [$ct]!\n"); </div><div> }</div><div> # Else it is the client, when change it back from "sips:" to "sip:"</div><div> } else {</div><div> if( subst("/^(Contact:.*)sips:/\1sip:/") ) {</div><div> xlog("L_ERR","[FIXCONTACT]: Method $rm Status $rs Changed contact coming from CLIENT from sips to sip [$ct]!\n"); </div><div> }</div><div> }</div><div> return;<br></div><div>}</div></div><div><br></div><div>When kamailio is preparing to send out the ACK via TCP I'm seeing:</div><div><br></div><div>[forward.c:268]: get_send_socket2(): protocol/port mismatch<br></div><div><br></div><div>And I really don't know why it's doing this...</div><div><br></div><div>Help is appreciated!</div><div><br></div><div><br clear="all"><div><div class="m_-8982472859767336548m_-435885512342726252gmail_signature"><div dir="ltr"><div>Regards,</div><div><br></div>David Villasmil<div>email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: <a href="tel:+34%20669%2044%2083%2037" value="+34669448337" target="_blank">+34669448337</a></div></div></div></div>
</div></div><div hspace="streak-pt-mark" style="max-height:1px"><img alt="" style="width:0px;max-height:0px;overflow:hidden" src="https://mailfoogae.appspot.com/t?sender=aZGF2aWQudmlsbGFzbWlsLndvcmtAZ21haWwuY29t&type=zerocontent&guid=a29cf9f6-1814-4050-bccc-7080e0d0a935"><font color="#ffffff" size="1">ᐧ</font></div>
<br></blockquote></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br></div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>