<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p style="margin-top:0;margin-bottom:0"></p>
<div>
<div><span style="font-size: 12pt;">Hi Guys,</span><br>
</div>
<div><br>
</div>
<div>I have an issue with sending a BYE message back down a strongswan VPN tunnel on a server in the Amazon EC2 environment.</div>
<div><br>
</div>
<div>To get the configuration working correctly I have the Public IP address bound to a loopback virtual interface, and I also have kamailio listening to it.</div>
<div><br>
</div>
<div><br>
</div>
<div>Calls establish without issue, but when the called party send a BYE, I cant seem to force the SIP message down the correct interface.</div>
<div><br>
</div>
<div>Due to client confidentiality I need to be careful what information I send but does anyone have a similar configuration set up, and working, I am just looking for reasons as to why force_socket and mhomed=1 doesnt appear to force the BYE message via the
Public Interface but the private IP address on the server as its a NAT'd environment.</div>
<div><br>
</div>
<div>So essentially call establishes;</div>
<div><br>
</div>
<div><br>
</div>
<div>CLIENT---------(VIA IPSEC)-INVITE----->(UDP)KAMAILIO PUBLIC IP-------->(UDP)KAMAILIO PRIVATE IP(TCP)------------------------->CLIENT B</div>
<div> | |<span style="white-space:pre"> </span>
|<span style="white-space:pre"> </span> <span style="white-space:pre"></span> |</div>
<div> |<---------(VIA IPSEC)-100 TRYING----|<----------100 TRYING---------------|<----------100 TRYING----------------------------|</div>
<div> |<span style="white-space:pre"> </span> |<span style="white-space:pre">
</span> | <span style="white-space:pre">
</span> |</div>
<div> |<---------(VIA IPSEC)-180 RINGING---|<----------180 RINGING--------------|<----------180 RINGING---------------------------|</div>
<div> | | |<span style="white-space:pre">
</span> <span style="white-space:pre"></span> |</div>
<div> |<---------(VIA IPSEC)-200OK --------|<----------200OK -------------------|<----------200OK --------------------------------|</div>
<div> |<span style="white-space:pre"> </span>| |
<span style="white-space:pre"></span> |</div>
<div> |----------(VIA IPSEC)-ACk---------><span style="white-space:pre"> </span>
|-----------ACk--------------------->|-----------ACk---------------------------------->|</div>
<div><br>
</div>
<div><br>
</div>
<div> How can I ensure the BYE is forced out via the PUBLIC IP?</div>
<div><br>
</div>
<div>So I do this;</div>
<div> CLIENT---------(VIA IPSEC)-INVITE----->(UDP)KAMAILIO PUBLIC IP-------->(UDP)KAMAILIO PRIVATE IP(TCP)------------------------->CLIENT B</div>
<div><br>
</div>
<div> |<---------BYE (VIA IPSEC)----------------------|<----------BYE ----------------------------|<----------BYE -------------------|</div>
<div><br>
</div>
<div> As it appears to be going from Private IP and not being pushed down the IPSEC tunnel</div>
<div><br>
</div>
<div> CLIENT---------(VIA IPSEC)-INVITE----->KAMAILIO PUBLIC IP-------->KAMAILIO PRIVATE IP------------------------->CLIENT B</div>
<div><br>
</div>
<div> |<---------BYE ----------------------<----------BYE ----------------------------|<----------BYE -------------------|</div>
<div><br>
</div>
<div><br>
</div>
<div> on the BYE I have tried;</div>
<div><br>
</div>
<div> force_send_socket(KAMAILIO PUBLIC IP);</div>
<div><br>
</div>
<div> However doesnt appear to work, is this an issue for ip routing on the server to push the BYE correctly down the IPSEC tunnel? or is it configuration related?</div>
<div><br>
</div>
<div> Any comments welcome if people have had this issue before.</div>
<div><br>
</div>
<div><br>
</div>
<div> Many thanks</div>
<div><br>
</div>
<div> Jon</div>
<br>
</div>
<div></div>
<br>
<p></p>
</div>
</body>
</html>