<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello,</p>
<p>setting outbound tcpid is facilitating searching first by id, but
in case of failure to find the connection, then it falls back to
target address search.</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 09.08.21 16:26, Володимир Іванець
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAOQgkjZGuKkVsApUmi2srsVZEMqmenPTLq6YuqXZoktGm8eciA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hello all!
<div><br>
</div>
<div>Does anyone know if function tcp_set_otcpid() can be used
in "event_route[tm:local-request]"? I added this to the
configuration:</div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div><i>$var(conid) = 10;</i></div>
<div><i>tcp_set_otcpid("$var(conid)");</i></div>
</blockquote>
<div>... and was expecting that Kamailio will not find a match
(there is no connection id #10 at this point), go here <a
href="https://github.com/kamailio/kamailio/blob/master/src/core/tcp_main.c#L1615"
moz-do-not-send="true">https://github.com/kamailio/kamailio/blob/master/src/core/tcp_main.c#L1615</a>
and then initiate a new connection <a
href="https://github.com/kamailio/kamailio/blob/master/src/core/tcp_main.c#L1993"
moz-do-not-send="true">https://github.com/kamailio/kamailio/blob/master/src/core/tcp_main.c#L1993</a>.
But it went to <a
href="https://github.com/kamailio/kamailio/blob/master/src/core/tcp_main.c#L1594"
moz-do-not-send="true">https://github.com/kamailio/kamailio/blob/master/src/core/tcp_main.c#L1594</a>
and could find a match:</div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div><i>Aug 9 17:08:31 kamailio-dev-2
/usr/sbin/kamailio[3858]: DEBUG: <core>
[core/tcp_main.c:1610]: _tcpconn_find(): found connection
by peer address (id: 2)</i></div>
</blockquote>
<div><br>
</div>
<div>Thanks a lot!</div>
<div><br>
</div>
<div>Regards, Volodymyr Ivanets.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">пт, 6 серп. 2021 о 15:53
Володимир Іванець <<a
href="mailto:volodyaivanets@gmail.com"
moz-do-not-send="true">volodyaivanets@gmail.com</a>>
пише:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Or maybe some special "id" to tell Kamailio to
skip the verification and just create a new connection? Then
I could use the real "id" for further outbound traffic.
<div><br>
</div>
<div>Thank you!</div>
<div><br>
</div>
<div>Regards, Volodymyr Ivanets.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">пт, 6 серп. 2021 о 15:45
Володимир Іванець <<a
href="mailto:volodyaivanets@gmail.com" target="_blank"
moz-do-not-send="true">volodyaivanets@gmail.com</a>>
пише:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hello Daniel!
<div><br>
</div>
<div>Thank you for the suggestion. Unfortunately adding
the "tcp_connection_match=1" did not made a
difference. Kamailio found other connection to the
same peer and used it instead:</div>
<blockquote style="margin:0px 0px 0px
40px;border:none;padding:0px">
<div><i><core> [core/tcp_main.c:1610]:
_tcpconn_find(): found connection by peer address
(id: 2)</i></div>
<div><i><br>
</i></div>
</blockquote>
Also, it looks like the answer is in this comment: <a
href="https://github.com/kamailio/kamailio/blob/master/src/core/tcp_main.c#L1563"
target="_blank" moz-do-not-send="true">https://github.com/kamailio/kamailio/blob/master/src/core/tcp_main.c#L1563</a>.
And below are active tls connections for the previous
trunk. Is there a way to add an additional field like a
"tag" that could be used in peer matching as well?
Otherwise, I guess the only option I have is to run
separate instances of Kamailio with a very basic
configuration for each MS Teams connection.
<div><br>
</div>
<blockquote style="margin:0px 0px 0px
40px;border:none;padding:0px"><i># kamcmd tls.list<br>
{<br>
id: 2<br>
timeout: 0<br>
src_ip: 52.114.75.24<br>
src_port: 5061<br>
dst_ip: 172.16.30.206<br>
<b>dst_port: 0</b><br>
cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD<br>
ct_wq_size: 0<br>
enc_rd_buf: 0<br>
flags: 2<br>
state: established<br>
}<br>
{<br>
id: 3<br>
timeout: 0<br>
src_ip: 52.114.75.24<br>
src_port: 6272<br>
dst_ip: 172.16.30.206<br>
dst_port: 5063<br>
cipher: AES256-GCM-SHA384 TLSv1.2
Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD<br>
ct_wq_size: 0<br>
enc_rd_buf: 0<br>
flags: 2<br>
state: established<br>
}<br>
{<br>
id: 4<br>
timeout: 581<br>
src_ip: 52.114.75.24<br>
src_port: 6273<br>
dst_ip: 172.16.30.206<br>
dst_port: 5063<br>
cipher: AES256-GCM-SHA384 TLSv1.2
Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD<br>
ct_wq_size: 0<br>
enc_rd_buf: 0<br>
flags: 2<br>
state: established</i>
<div><i>} </i></div>
<div><i><br>
</i></div>
</blockquote>
Thank you!
<div><br>
</div>
<div>Regards, Volodymyr Ivanets.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">ср, 4 серп. 2021 о
13:45 Daniel-Constantin Mierla <<a
href="mailto:miconda@gmail.com" target="_blank"
moz-do-not-send="true">miconda@gmail.com</a>>
пише:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello,</p>
<p>can you set <a
href="https://www.kamailio.org/wiki/cookbooks/5.5.x/core#tcp_connection_match"
target="_blank" moz-do-not-send="true">https://www.kamailio.org/wiki/cookbooks/5.5.x/core#tcp_connection_match</a>
?</p>
<p>It may work only for connections accepted by
Kamailio, but worth a try.<br>
</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div>On 03.08.21 14:48, Володимир Іванець wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello Daniel,
<div><br>
</div>
<div>Yes, I have "socket=tls:<a
href="http://172.16.30.206:5062"
target="_blank" moz-do-not-send="true">172.16.30.206:5062</a>"
and "socket=tls:<a
href="http://172.16.30.206:5063"
target="_blank" moz-do-not-send="true">172.16.30.206:5063</a>"
attributes for corresponding records in the
Dispatcher configuration table. $fs prints out
correct values in the
"event_route[tm:local-request]".</div>
<div><br>
</div>
<div>But I thought that TCP/TLS connections are
established from a random port to a
destination port on the peer side. And then
the remote peer connects from its random port
to our port 5062/5063.</div>
<div><br>
</div>
<div>If understood Kamailio log correctly when
it is about to establish a second connection
to the same peer it sees an active connection
for the previous trunk and uses it instead of
creating a new one.</div>
<div><br>
</div>
<div>Thank you!</div>
<div><br>
</div>
<div>Regards, Volodymyr Ivanets.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">пн, 2 серп.
2021 о 22:21 Daniel-Constantin Mierla <<a
href="mailto:miconda@gmail.com"
target="_blank" moz-do-not-send="true">miconda@gmail.com</a>>
пише:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello,</p>
<p>do you force local send socket?</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div>On 02.08.21 18:21, Володимир Іванець
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello Daniel!
<div><br>
</div>
<div>I updated Kamailio to the latest
released version. The problem is that
still with tls_set_connect_server_id()
I can not make a single instance of
Kamailio connect to multiple MS Teams
domains. I use a single IP address
with different ports for different
trunks. I can see it establishing a
connection to one trunk and using it
for other domains.</div>
<div><br>
</div>
<div>Is there a way to force Kamailio to
make a new TLS connection to the same
peer address that it is already
connected to?</div>
<div><br>
</div>
<div>Thank you!</div>
<div><br>
</div>
<div>Regards, Volodymyr Ivanets.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">пн, 2
серп. 2021 о 13:44 Daniel-Constantin
Mierla <<a
href="mailto:miconda@gmail.com"
target="_blank"
moz-do-not-send="true">miconda@gmail.com</a>>
пише:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello,</p>
<p>upgrading is the recommended way,
indeed, if you want to use
tls_set_connect_server_id(). For
older version you may want to try
looping back to kamailio (can be
over udp) and the use the xavps.
Adds some overhead and hops, but
if you are stuck to a version and
can't really upgrade soon, might
be an option to look at.</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div>On 29.07.21 18:48, Володимир
Іванець wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello Rob!
<div><br>
</div>
<div>Yes, I'm using Letsencrypt
while I'm testing. But I would
like to be able to use
different certificates with
different sockets.</div>
<div><br>
</div>
<div>I found this discussion <a
href="https://github.com/kamailio/kamailio/issues/2413" target="_blank"
moz-do-not-send="true">https://github.com/kamailio/kamailio/issues/2413</a>.
Looks like I need to use
"tls_set_connect_server_id()"
instead of setting
$xavp(tls=>server_name)"
and
"$xavp(tls[0]=>server_id)".
Unfortunately I'm currently
using Kamailio v5.4 on my test
system and this function is
not available. I will update
Kamailio and give it another
try. Then I will update
everyone in the hope it will
be useful for someone :)</div>
<div><br>
</div>
<div>Thank you!</div>
<div><br>
</div>
<div>Regards, Volodymyr Ivanets</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr"
class="gmail_attr">чт, 29 лип.
2021 о 19:07 Rob van den Bulk
<<a
href="mailto:rob.van.den.bulk@gmail.com"
target="_blank"
moz-do-not-send="true">rob.van.den.bulk@gmail.com</a>>
пише:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<div
style="color:rgb(33,33,33);background-color:rgb(255,255,255)"
dir="auto"> Hello, are u
using letsencrypt?</div>
<div
style="color:rgb(33,33,33);background-color:rgb(255,255,255)"
dir="auto"> <br>
</div>
<div
style="color:rgb(33,33,33);background-color:rgb(255,255,255)"
dir="auto"> U can use a
multi domain.</div>
<div
style="color:rgb(33,33,33);background-color:rgb(255,255,255)"
dir="auto"> <br>
</div>
<div
style="color:rgb(33,33,33);background-color:rgb(255,255,255)"
dir="auto"> Muti domain
names in one certificate </div>
<div
id="gmail-m_5678364894436833869gmail-m_-3001795702805371351gmail-m_-6632762735013147973gmail-m_1139423320388653005gmail-m_-6848938456874736057gmail-m_-6409659204268948705ms-outlook-mobile-signature">
<div><br>
</div>
<a
href="https://aka.ms/AAb9ysg"
target="_blank"
moz-do-not-send="true">Outlook
voor Android</a>
downloaden</div>
<hr
style="display:inline-block;width:98%">
<div
id="gmail-m_5678364894436833869gmail-m_-3001795702805371351gmail-m_-6632762735013147973gmail-m_1139423320388653005gmail-m_-6848938456874736057gmail-m_-6409659204268948705divRplyFwdMsg"
dir="ltr"><font
style="font-size:11pt"
face="Calibri,
sans-serif"
color="#000000"><b>From:</b>
sr-users <<a
href="mailto:sr-users-bounces@lists.kamailio.org"
target="_blank"
moz-do-not-send="true">sr-users-bounces@lists.kamailio.org</a>>
on behalf of Володимир
Іванець <<a
href="mailto:volodyaivanets@gmail.com"
target="_blank"
moz-do-not-send="true">volodyaivanets@gmail.com</a>><br>
<b>Sent:</b> Thursday,
July 29, 2021 4:44:16 PM<br>
<b>To:</b> Kamailio
(SER) - Users Mailing
List <<a
href="mailto:sr-users@lists.kamailio.org"
target="_blank"
moz-do-not-send="true">sr-users@lists.kamailio.org</a>><br>
<b>Subject:</b>
[SR-Users] Integration
with multiple MS Teams
instances</font>
<div> </div>
</div>
<div>
<div dir="ltr">Hello all!
<div><br>
</div>
<div>I was able to
connect Kamailio with
MS Teams and now
trying to add one more
Teams instance. It
looks like I have some
misconfiguration or
there is a bug.</div>
<div><br>
</div>
<div>My test server has
2 domain records
pointing at it (<a
href="http://kamailio.domain1.com"
target="_blank"
moz-do-not-send="true">kamailio.domain1.com</a>
and <a
href="http://kamailio.domain2.com"
target="_blank"
moz-do-not-send="true">kamailio.domain2.com</a>).
My tls.cfg
configuration file
looks like this. As
you can see the
Default section is
configured with a <a
href="http://kamailio.domain1.com" target="_blank"
moz-do-not-send="true">kamailio.domain1.com</a>
sertificate:</div>
<blockquote
style="margin:0px 0px
0px
40px;border:none;padding:0px">
<div><i>[server:default]</i></div>
<div><i>method =
TLSv1.0+</i></div>
<div><i>require_certificate
= no</i></div>
<div><i>verify_certificate
= no</i></div>
<div><i>private_key =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/server/key.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain1.com/server/key.pem</a></i></div>
<div><i>certificate =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/server/cert.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain1.com/server/cert.pem</a></i></div>
<div><i>ca_list =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/CA/cert.pem" target="_blank"
moz-do-not-send="true">kamailio.domain1.com/CA/cert.pem</a></i></div>
</blockquote>
<div><i><br>
</i></div>
<blockquote
style="margin:0px 0px
0px
40px;border:none;padding:0px">
<div><i>[client:default]</i></div>
<div><i>method =
TLSv1.0+</i></div>
<div><i>require_certificate
= no</i></div>
<div><i>verify_certificate
= no</i></div>
<div><i>private_key =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/server/key.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain1.com/server/key.pem</a></i></div>
<div><i>certificate =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/server/cert.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain1.com/server/cert.pem</a></i></div>
<div><i>ca_list =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/CA/cert.pem" target="_blank"
moz-do-not-send="true">kamailio.domain1.com/CA/cert.pem</a></i></div>
</blockquote>
<div><i><br>
</i></div>
<div><i><br>
</i></div>
<blockquote
style="margin:0px 0px
0px
40px;border:none;padding:0px">
<div><i>[server:<a
href="http://172.16.30.206:5062"
target="_blank"
moz-do-not-send="true">172.16.30.206:5062</a>]</i></div>
<div><i>method =
TLSv1.0+</i></div>
<div><i>require_certificate
= no</i></div>
<div><i>verify_certificate
= no</i></div>
<div><i>private_key =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/server/key.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain1.com/server/key.pem</a></i></div>
<div><i>certificate =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/server/cert.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain1.com/server/cert.pem</a></i></div>
<div><i>ca_list =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/CA/cert.pem" target="_blank"
moz-do-not-send="true">kamailio.domain1.com/CA/cert.pem</a></i></div>
<div><i>server_name =
"<a
href="http://kamailio.domain1.com"
target="_blank"
moz-do-not-send="true">kamailio.domain1.com</a>"</i></div>
<div><i>server_id = "</i><i>"<a
href="http://kamailio.domain1.com" target="_blank"
moz-do-not-send="true">kamailio.domain1.com</a>"</i><i><br>
</i></div>
</blockquote>
<div><i><br>
</i></div>
<blockquote
style="margin:0px 0px
0px
40px;border:none;padding:0px">
<div><i>[client:<a
href="http://172.16.30.206:5062"
target="_blank"
moz-do-not-send="true">172.16.30.206:5062</a>]</i></div>
<div><i>method =
TLSv1.0+</i></div>
<div><i>require_certificate
= no</i></div>
<div><i>verify_certificate
= no</i></div>
<div><i>private_key =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/server/key.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain1.com/server/key.pem</a></i></div>
<div><i>certificate =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/server/cert.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain1.com/server/cert.pem</a></i></div>
<div><i>ca_list =
/var/kamailio/certificates/<a
href="http://kamailio.domain1.com/CA/cert.pem" target="_blank"
moz-do-not-send="true">kamailio.domain1.com/CA/cert.pem</a></i></div>
</blockquote>
<div><i><br>
<br>
</i></div>
<blockquote
style="margin:0px 0px
0px
40px;border:none;padding:0px">
<div><i>[server:<a
href="http://172.16.30.206:5063"
target="_blank"
moz-do-not-send="true">172.16.30.206:5063</a>]</i></div>
<div><i>method =
TLSv1.0+</i></div>
<div><i>require_certificate
= no</i></div>
<div><i>verify_certificate
= no</i></div>
<div><i>private_key =
/var/kamailio/certificates/<a
href="http://kamailio.domain2.com/server/key.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain2.com/server/key.pem</a></i></div>
<div><i>certificate =
/var/kamailio/certificates/<a
href="http://kamailio.domain2.com/server/cert.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain2.com/server/cert.pem</a></i></div>
<div><i>ca_list =
/var/kamailio/certificates/<a
href="http://kamailio.domain2.com/CA/cert.pem" target="_blank"
moz-do-not-send="true">kamailio.domain2.com/CA/cert.pem</a></i></div>
<div><i>server_name =
"<a
href="http://kamailio.domain2.com"
target="_blank"
moz-do-not-send="true">kamailio.domain2.com</a>"</i></div>
</blockquote>
<blockquote
style="margin:0px 0px
0px
40px;border:none;padding:0px">
<div><i>server_id = "</i><i>"<a
href="http://kamailio.domain2.com" target="_blank"
moz-do-not-send="true">kamailio.domain2.com</a>"</i></div>
</blockquote>
<div><i><br>
</i></div>
<blockquote
style="margin:0px 0px
0px
40px;border:none;padding:0px">
<div><i>[client:<a
href="http://172.16.30.206:5063"
target="_blank"
moz-do-not-send="true">172.16.30.206:5063</a>]</i></div>
<div><i>method =
TLSv1.0+</i></div>
<div><i>require_certificate
= no</i></div>
<div><i>verify_certificate
= no</i></div>
<div><i>private_key =
/var/kamailio/certificates/<a
href="http://kamailio.domain2.com/server/key.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain2.com/server/key.pem</a></i></div>
<div><i>certificate =
/var/kamailio/certificates/<a
href="http://kamailio.domain2.com/server/cert.pem"
target="_blank"
moz-do-not-send="true">kamailio.domain2.com/server/cert.pem</a></i></div>
<div><i>ca_list =
/var/kamailio/certificates/<a
href="http://kamailio.domain2.com/CA/cert.pem" target="_blank"
moz-do-not-send="true">kamailio.domain2.com/CA/cert.pem</a></i></div>
</blockquote>
<div><br>
</div>
<div>The dispatcher
configuration table
looks like this:</div>
<blockquote
style="margin:0px 0px
0px
40px;border:none;padding:0px">
<div><font
face="monospace">+----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+</font></div>
<div><font
face="monospace">|
id | setid |
destination
| flags |
priority | attrs
|
description |</font></div>
<div><font
face="monospace">+----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+</font></div>
<div><font
face="monospace">|
1 | 1 | sip:<a
href="http://sip.pstnhub.microsoft.com" target="_blank"
moz-do-not-send="true">sip.pstnhub.microsoft.com</a>;transport=tls
| 0 |
3 |
socket=tls:172.16.30.206:5062;ping_from=sip:<a
href="http://kamailio.domain1.com" target="_blank"
moz-do-not-send="true">kamailio.domain1.com</a> |
MS Teams 1 |</font></div>
<div><font
face="monospace">|
2 | 2 | sip:<a
href="http://sip.pstnhub.microsoft.com" target="_blank"
moz-do-not-send="true">sip.pstnhub.microsoft.com</a>;transport=tls
| 0 |
3 |
socket=tls:172.16.30.206:5063;ping_from=sip:<a
href="http://kamailio.domain2.com" target="_blank"
moz-do-not-send="true">kamailio.domain2.com</a> |
MS Teams 2 |</font></div>
<div><font
face="monospace">+----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+</font></div>
</blockquote>
<div><br>
</div>
<div><br>
</div>
<div>When Kamailio is
started only
connection with the
first trunk is
established:</div>
<blockquote
style="margin:0px 0px
0px
40px;border:none;padding:0px">
<div><i># kamcmd
tls.list</i></div>
<div><i>{</i></div>
<div><i> id: 1</i></div>
<div><i>
timeout: 0</i></div>
<div><i>
src_ip:
52.114.75.24</i></div>
<div><i>
src_port: 5061</i></div>
<div><i>
dst_ip:
172.16.30.206</i></div>
<div><i>
dst_port: 0</i></div>
<div><i>
cipher:
ECDHE-RSA-AES256-GCM-SHA384
TLSv1.2 Kx=ECDH
Au=RSA
Enc=AESGCM(256)
Mac=AEAD</i></div>
<div><i>
ct_wq_size: 0</i></div>
<div><i>
enc_rd_buf: 0</i></div>
<div><i> flags:
2</i></div>
<div><i> state:
established</i></div>
<div><i>}</i></div>
<div><i>{</i></div>
<div><i> id: 2</i></div>
<div><i>
timeout: 0</i></div>
<div><i>
src_ip:
52.114.75.24</i></div>
<div><i>
src_port: 7810</i></div>
<div><i>
dst_ip:
172.16.30.206</i></div>
<div><i>
dst_port: 5062</i></div>
<div><i>
cipher:
AES256-GCM-SHA384
TLSv1.2
Kx=RSA Au=RSA
Enc=AESGCM(256)
Mac=AEAD</i></div>
<div><i>
ct_wq_size: 0</i></div>
<div><i>
enc_rd_buf: 0</i></div>
<div><i> flags:
2</i></div>
<div><i> state:
established</i></div>
<div><i>}</i></div>
<div><i>{</i></div>
<div><i> id: 3</i></div>
<div><i>
timeout: 596</i></div>
<div><i>
src_ip:
52.114.75.24</i></div>
<div><i>
src_port: 7811</i></div>
<div><i>
dst_ip:
172.16.30.206</i></div>
<div><i>
dst_port: 5062</i></div>
<div><i>
cipher:
AES256-GCM-SHA384
TLSv1.2
Kx=RSA Au=RSA
Enc=AESGCM(256)
Mac=AEAD</i></div>
<div><i>
ct_wq_size: 0</i></div>
<div><i>
enc_rd_buf: 0</i></div>
<div><i> flags:
2</i></div>
<div><i> state:
established</i></div>
<div><i>}</i></div>
</blockquote>
<div><br>
</div>
<div>Here is what I can
see in Kamailio log
file when it sends an
OPTIONS request to the
second trunk. Kamailio
uses Default tls
configuration and MS
Teams don't accept it:</div>
<blockquote
style="margin:0px 0px
0px
40px;border:none;padding:0px">
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: ALERT: <script>: == TRACE.
tm:local-request.
fs is tls:<a
href="http://172.16.30.206:5063"
target="_blank"
moz-do-not-send="true">172.16.30.206:5063</a></i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: tm [uac.c:352]: t_run_local_req():
apply new updates
without Via to sip
msg</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/msg_translator.c:1796]:
check_boundaries(): no multi-part body</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:610]:
parse_msg(): SIP
Request:</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:612]:
parse_msg():
method:
<OPTIONS></i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:614]:
parse_msg(): uri:
<sip:<a
href="http://sip.pstnhub.microsoft.com"
target="_blank"
moz-do-not-send="true">sip.pstnhub.microsoft.com</a>;transport=tls></i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:616]:
parse_msg():
version:
<SIP/2.0></i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/parse_via.c:1303]:
parse_via_param():
Found param type
232,
<branch> =
<z9hG4bK169b.6411b4c3000000000000000000000000.0>;
state=16</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/parse_via.c:2639]:
parse_via(): end
of header reached,
state=5</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:498]:
parse_headers():
Via found, flags=2</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:500]:
parse_headers():
this is the first
via</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/parse_addr_spec.c:864]:
parse_addr_spec():
end of header
reached, state=10</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:171]:
get_hdr_field():
<To> [47];
uri=[sip:<a
href="http://sip.pstnhub.microsoft.com"
target="_blank"
moz-do-not-send="true">sip.pstnhub.microsoft.com</a>;transport=tls]</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:174]:
get_hdr_field():
to body
(47)[<sip:<a
href="http://sip.pstnhub.microsoft.com"
target="_blank"
moz-do-not-send="true">sip.pstnhub.microsoft.com</a>;transport=tls>^M</i></div>
<div><i>], to tag
(0)[]</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:152]:
get_hdr_field():
cseq <CSeq>:
<10>
<OPTIONS></i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:185]:
get_hdr_field():
content_length=0</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:89]:
get_hdr_field():
found end of
header</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:610]:
parse_msg(): SIP
Request:</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:612]:
parse_msg():
method:
<OPTIONS></i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:614]:
parse_msg(): uri:
<sip:<a
href="http://sip.pstnhub.microsoft.com"
target="_blank"
moz-do-not-send="true">sip.pstnhub.microsoft.com</a>;transport=tls></i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:616]:
parse_msg():
version:
<SIP/2.0></i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/parse_via.c:1303]:
parse_via_param():
Found param type
232,
<branch> =
<z9hG4bK169b.6411b4c3000000000000000000000000.0>;
state=16</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/parse_via.c:2639]:
parse_via(): end
of header reached,
state=5</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:498]:
parse_headers():
Via found, flags=2</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:500]:
parse_headers():
this is the first
via</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/parse_addr_spec.c:864]:
parse_addr_spec():
end of header
reached, state=10</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:171]:
get_hdr_field():
<To> [47];
uri=[sip:<a
href="http://sip.pstnhub.microsoft.com"
target="_blank"
moz-do-not-send="true">sip.pstnhub.microsoft.com</a>;transport=tls]</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:174]:
get_hdr_field():
to body
(47)[<sip:<a
href="http://sip.pstnhub.microsoft.com"
target="_blank"
moz-do-not-send="true">sip.pstnhub.microsoft.com</a>;transport=tls>^M</i></div>
<div><i>], to tag
(0)[]</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core>
[core/parser/msg_parser.c:152]:
get_hdr_field():
cseq <CSeq>:
<10>
<OPTIONS></i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: tm [uac.c:189]:
uac_refresh_hdr_shortcuts():
cseq: [CSeq: 10]</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core> [core/tcp_main.c:1993]:
tcp_send(): no
open tcp
connection found,
opening new one</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core> [core/ip_addr.c:229]:
print_ip():
tcpconn_new: new
tcp connection:
52.114.75.24</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core> [core/tcp_main.c:1175]:
tcpconn_new(): on
port 5061, type 3,
socket -1</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: <core> [core/tcp_main.c:1498]:
tcpconn_add():
hashes: 2831:67:0,
1</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: tls [tls_server.c:199]:
tls_complete_init():
completing tls
connection
initialization</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: tls [tls_server.c:162]:
tls_get_connect_server_name():
<b>xavp with
outbound server
name not found</b></i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: tls [tls_server.c:142]:
tls_get_connect_server_id():
<b>xavp with
outbound server
id not found</b></i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: tls [tls_server.c:228]:
tls_complete_init():
<b>Using initial
TLS domain
TLSc<default></b>
(dom
0x7f35509da688 ctx
0x7f3550b7a568 sn
[])</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: tls [tls_domain.c:1177]:
tls_lookup_private_key():
Private key lookup
for
SSL_CTX-0x7f3550b7a568:
(nil)</i></div>
<div><i>Jul 29
16:46:14 kamailio
/usr/sbin/kamailio[11809]: DEBUG: tls [tls_domain.c:747]:
sr_ssl_ctx_info_callback():
SSL handshake
started</i></div>
<div><i>...</i></div>
</blockquote>
<div><br>
</div>
<div>If I change the
Default configuration
to use <a
href="http://kamailio.domain2.com"
target="_blank"
moz-do-not-send="true">
kamailio.domain2.com</a>
certificate,
the second trunk will
connect but the first
one will fail.</div>
<div>I tried to set
"$xavp(tls=>server_name)"
and
"$xavp(tls[0]=>server_id)"
variables to
the event_route[tm:local-request]
section but log still
stated that server
Name and ID were not
found.</div>
<div><br>
</div>
<div>Can someone please
point me in the right
direction, how can I
make Kamailio use the
correct certificates
when establishing
multiple TLS
connections?</div>
<div><br>
</div>
<div>Thanks a lot!</div>
<div><br>
</div>
<div>Regards, Volodymyr
Ivanets</div>
</div>
</div>
</div>
__________________________________________________________<br>
Kamailio - Users Mailing List
- Non Commercial Discussions<br>
* <a
href="mailto:sr-users@lists.kamailio.org"
target="_blank"
moz-do-not-send="true">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing
list in the recipients, do not
reply only to the sender!<br>
Edit mailing list options or
unsubscribe:<br>
* <a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer"
target="_blank"
moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre>__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* <a href="mailto:sr-users@lists.kamailio.org" target="_blank" moz-do-not-send="true">sr-users@lists.kamailio.org</a>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank" moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<pre cols="72">--
Daniel-Constantin Mierla -- <a href="http://www.asipto.com" target="_blank" moz-do-not-send="true">www.asipto.com</a>
<a href="http://www.twitter.com/miconda" target="_blank" moz-do-not-send="true">www.twitter.com/miconda</a> -- <a href="http://www.linkedin.com/in/miconda" target="_blank" moz-do-not-send="true">www.linkedin.com/in/miconda</a></pre>
</div>
</blockquote>
</div>
</blockquote>
<pre cols="72">--
Daniel-Constantin Mierla -- <a href="http://www.asipto.com" target="_blank" moz-do-not-send="true">www.asipto.com</a>
<a href="http://www.twitter.com/miconda" target="_blank" moz-do-not-send="true">www.twitter.com/miconda</a> -- <a href="http://www.linkedin.com/in/miconda" target="_blank" moz-do-not-send="true">www.linkedin.com/in/miconda</a></pre>
</div>
</blockquote>
</div>
</blockquote>
<pre cols="72">--
Daniel-Constantin Mierla -- <a href="http://www.asipto.com" target="_blank" moz-do-not-send="true">www.asipto.com</a>
<a href="http://www.twitter.com/miconda" target="_blank" moz-do-not-send="true">www.twitter.com/miconda</a> -- <a href="http://www.linkedin.com/in/miconda" target="_blank" moz-do-not-send="true">www.linkedin.com/in/miconda</a></pre>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a></pre>
</body>
</html>