
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<title></title>

</head>

<body>

<div name="messageBodySection">

<div dir="auto">Hi Henning,<br />

I understand the idea behind this but still don’t understand how to use it.<br />

Any ideas?</div>

</div>

<div name="messageReplySection">On 11 Nov 2020, 15:24 +0200, Henning Westerholt <hw@skalatan.de>, wrote:<br />

<blockquote type="cite" style="border-left-color: grey; border-left-width: thin; border-left-style: solid; margin: 5px 5px;padding-left: 10px;">

<div class="WordSection1">

<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Hello,</span></p>

<p class="MsoNormal"><span style="mso-fareast-language:EN-US"> </span></p>

<p class="MsoNormal"><span lang="EN-GB" style="mso-fareast-language:EN-US" xml:lang="EN-GB">bascially this allows Kamailio to understand the HAProxy protocol to be used behind this particular proxy. Some discussion can be found at the list and also at <a href="https://github.com/kamailio/kamailio/pull/1765">https://github.com/kamailio/kamailio/pull/1765</a></span></p>

<p class="MsoNormal"><span lang="EN-GB" style="mso-fareast-language:EN-US" xml:lang="EN-GB"> </span></p>

<p class="MsoNormal"><span lang="EN-GB" style="mso-fareast-language:EN-US" xml:lang="EN-GB">Cheers,</span></p>

<p class="MsoNormal"><span lang="EN-GB" style="mso-fareast-language:EN-US" xml:lang="EN-GB"> </span></p>

<p class="MsoNormal"><span lang="EN-GB" style="mso-fareast-language:EN-US" xml:lang="EN-GB">Henning</span></p>

<p class="MsoNormal"><span lang="EN-GB" style="mso-fareast-language:EN-US" xml:lang="EN-GB"> </span></p>

<div>

<p class="MsoNormal"><span lang="EN-GB" style="mso-fareast-language:EN-US" xml:lang="EN-GB">--</span></p>

<p class="MsoNormal"><span lang="EN-GB" style="mso-fareast-language:EN-US" xml:lang="EN-GB">Henning Westerholt –</span> <span style="mso-fareast-language:EN-US"><a href="https://skalatan.de/blog/"><span lang="EN-GB" style="color:#0563C1" xml:lang="EN-GB">https://skalatan.de/blog/</span></a></span><span lang="EN-GB" style="mso-fareast-language:EN-US" xml:lang="EN-GB"></span></p>

<p class="MsoNormal"><span lang="EN-GB" style="mso-fareast-language:EN-US" xml:lang="EN-GB">Kamailio services –</span> <span style="mso-fareast-language:EN-US"><a href="https://gilawa.com/"><span lang="EN-GB" style="color:#0563C1" xml:lang="EN-GB">https://gilawa.com</span></a></span> <span style="mso-fareast-language:EN-US"><span lang="EN-GB" xml:lang="EN-GB"></span></span></p>

</div>

<p class="MsoNormal"><span lang="EN-GB" style="mso-fareast-language:EN-US" xml:lang="EN-GB"> </span></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal" style="margin-left:35.4pt"><b>From:</b> sr-users <sr-users-bounces@lists.kamailio.org> <b>On Behalf Of</b> Joey Golan<br />

<b>Sent:</b> Wednesday, November 11, 2020 1:47 PM<br />

<b>To:</b> Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org><br />

<b>Subject:</b> Re: [SR-Users] Kamailio behind HAProxy</p>

</div>

</div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

<div name="messageBodySection">

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Thanks Sergey.<br />

<br />

Can anyone please explain how and why to use tcp_accept_haproxy?</p>

</div>

</div>

<div name="messageReplySection">

<p class="MsoNormal" style="margin-left:35.4pt">On 11 Nov 2020, 10:39 +0200, Sergey Safarov <<a href="mailto:s.safarov@gmail.com">s.safarov@gmail.com</a>>, wrote:<br />

<br /></p>

<blockquote style="border:none;border-left:solid windowtext 1.0pt;padding:0cm 0cm 0cm 8.0pt;margin-left:3.75pt;margin-top:3.75pt;margin-right:3.75pt;margin-bottom:3.75pt">

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Now I not use pike.</p>

</div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

<div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">On Wed, Nov 11, 2020 at 10:21 AM Joey Golan <<a href="mailto:joeygo@gmail.com">joeygo@gmail.com</a>> wrote:</p>

</div>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">

<div>

<div name="messageBodySection">

<div>

<p class="MsoNormal" style="margin-left:35.4pt">So on your AWS deployment are you working without ANTIFLOOD(pike)?<br />

<br />

I still don’t  understand how and why to use tcp_accept_haproxy.</p>

</div>

</div>

<div name="messageReplySection">

<p class="MsoNormal" style="margin-left:35.4pt">On 9 Nov 2020, 11:49 +0200, Sergey Safarov <<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a>>, wrote:<br />

<br /></p>

<blockquote style="margin-left:3.75pt;margin-top:3.75pt;margin-right:3.75pt;margin-bottom:3.75pt">

<div>

<p class="MsoNormal" style="margin-left:35.4pt">In AWS I now use the network load balancer without enabled HAproxy protocol.</p>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">On EC2 instances used two ENI.</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">First for traffic via NLB for Inbound traffic.</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">And second ENI for outbound traffic.</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">This works but, maybe complex to implement.</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Now I looking to:</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">1) enable TCP + HAproxy protocol support in Kamailio;</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">2) add UDP + HAproxy protocol feature support;</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">3) add connection support "with" and "without" HAproxy protocol.</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">But I am not a developer and cannot say when it implemented.</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">If your usage case, is business requirements and need extended HAproxy implementation in Kamailio, then your company can hire devs from the community.</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

</div>

</div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

<div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">On Mon, Nov 9, 2020 at 11:22 AM Joey Golan <<a href="mailto:joeygo@gmail.com" target="_blank">joeygo@gmail.com</a>> wrote:</p>

</div>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">

<div>

<div name="messageBodySection">

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Maybe I miss understood you.<br />

For local installations you mean HAProxy with transparent mode?<br />

<br />

I have a functioning setup without proxy protocol enabled but without anitflood enabled because all traffic comes from same HAProxy address.<br />

<br />

I’m not sure I understand the purpose of tcp_accept_haproxy. When and how this parameter should be used?<br />

<br />

Thanks,<br />

Joey.</p>

</div>

</div>

<div name="messageReplySection">

<p class="MsoNormal" style="margin-left:35.4pt">On 9 Nov 2020, 0:27 +0200, Sergey Safarov <<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a>>, wrote:<br />

<br /></p>

<blockquote style="margin-left:3.75pt;margin-top:3.75pt;margin-right:3.75pt;margin-bottom:3.75pt">

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Why you cannot use this in the local installation?</p>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">On AWS I have multiple kamailio servers behind ELB.</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Why you do not use a network load-balancer? NLB also offers HAproxy protocol support (TCP and UDP).</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">In AWS installation you can use dedicated Kamailio groups for inbound connections and SIP clients with registration.</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">And use other Kamailio group for outbound connections like carriers.</p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><br />

Sergey</p>

</div>

</div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

<div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">On Sun, Nov 8, 2020 at 9:07 PM Joey Golan <<a href="mailto:joeygo@gmail.com" target="_blank">joeygo@gmail.com</a>> wrote:</p>

</div>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">

<div>

<div name="messageBodySection">

<div>

<p class="MsoNormal" style="margin-left:35.4pt">It doesn’t make much sense to me. <br />

On local installations (on-premise) I have 1 HAProxy and multiple kamailio servers.<br />

On AWS I have multiple kamailio servers behind ELB.</p>

</div>

</div>

<div name="messageReplySection">

<p class="MsoNormal" style="margin-left:35.4pt">On 8 Nov 2020, 19:45 +0200, Sergey Safarov <<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a>>, wrote:<br />

<br /></p>

<blockquote style="margin-left:3.75pt;margin-top:3.75pt;margin-right:3.75pt;margin-bottom:3.75pt">

<div>

<p class="MsoNormal" style="margin-left:35.4pt">you can try place haproxy + NAT on your own Linux router.</p>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">In this case inbound connections with be delivered via HAproxy.<br />

Outbound connections will be NAT-ed on the same host, to the same IP.</p>

</div>

</div>

<p class="MsoNormal" style="margin-left:35.4pt"> </p>

<div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">On Sun, Nov 8, 2020 at 6:31 PM Joey Golan <<a href="mailto:joeygo@gmail.com" target="_blank">joeygo@gmail.com</a>> wrote:</p>

</div>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">

<div>

<div name="messageBodySection">

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Hello,<br />

I have a kamailio server running behind HAProxy with proxy protocol v2 enabled.<br />

In Kamailio I have set the parameter tcp_accept_haproxy=yes and loaded tcpops module.<br />

UEs are registered using TLS and kamailio sees that the message has received from their real ip address + port and not HAProxy ip + port.<br />

When UE A calls UE B, kamailio is trying to reach UE B using his real ip address and port instead of HAProxy IP address + port.<br />

<br />

I know I can get the tcp ip and port of HAProxy using $tcp(c_si) and $tcp(c_sp) but I can’t make it work.<br />

What is the right way to do this? How should I use these variables properly in order to establish the call successfully?<br />

<br />

Thanks,<br />

Joey.</p>

</div>

</div>

</div>

<p class="MsoNormal" style="margin-left:35.4pt">_______________________________________________<br />

Kamailio (SER) - Users Mailing List<br />

<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br />

<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></p>

</blockquote>

</div>

<p class="MsoNormal" style="margin-left:35.4pt">_______________________________________________<br />

Kamailio (SER) - Users Mailing List<br />

<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br />

<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></p>

</blockquote>

</div>

</div>

<p class="MsoNormal" style="margin-left:35.4pt">_______________________________________________<br />

Kamailio (SER) - Users Mailing List<br />

<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br />

<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></p>

</blockquote>

</div>

<p class="MsoNormal" style="margin-left:35.4pt">_______________________________________________<br />

Kamailio (SER) - Users Mailing List<br />

<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br />

<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></p>

</blockquote>

</div>

</div>

<p class="MsoNormal" style="margin-left:35.4pt">_______________________________________________<br />

Kamailio (SER) - Users Mailing List<br />

<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br />

<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></p>

</blockquote>

</div>

<p class="MsoNormal" style="margin-left:35.4pt">_______________________________________________<br />

Kamailio (SER) - Users Mailing List<br />

<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br />

<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></p>

</blockquote>

</div>

</div>

<p class="MsoNormal" style="margin-left:35.4pt">_______________________________________________<br />

Kamailio (SER) - Users Mailing List<br />

<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br />

<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></p>

</blockquote>

</div>

<p class="MsoNormal" style="margin-left:35.4pt">_______________________________________________<br />

Kamailio (SER) - Users Mailing List<br />

<a href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a><br />

<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></p>

</blockquote>

</div>

</div>

</blockquote>

</div>

</body>

</html>