<div dir="ltr">Hi,<div>Thank you, Carsten, the issue was due to NAT, registration is fine when deploy ims in the same network as epc.</div><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">--<br><a href="http://obelousov.tel" target="_blank">obelousov.tel</a></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Nov 14, 2022 at 4:43 PM Carsten Bock <<a href="mailto:carsten@ng-voice.com">carsten@ng-voice.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>be aware, that IPSec for VoLTE does not work for NAT.</div><div><br></div><div>Thanks,</div><div>Carsten<br clear="all"><div><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr">--</div><div dir="ltr">Carsten Bock I CTO & Founder</div><div dir="ltr"><br><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-position:initial;background-repeat:initial"><span lang="EN-US" style="color:black">ng-voice GmbH</span><span lang="EN-US" style="color:rgb(0,112,192)"><u></u><u></u></span></p><p style="margin-right:0cm;margin-bottom:12pt;margin-left:0cm;background-image:initial;background-position:initial;background-repeat:initial"><span lang="EN-US" style="color:black">Trostbrücke 1 I 20457 Hamburg I Germany<br>T +49 179 2021244 I <a href="http://www.ng-voice.com/" style="color:rgb(17,85,204)" target="_blank"><span style="color:black">www.ng-voice.com</span></a><u></u><u></u></span></p><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-position:initial;background-repeat:initial"><span lang="EN-US" style="color:black">Registry Office at Local Court Hamburg, HRB 120189<br>Managing Directors: Dr. David Bachmann, Carsten Bock</span></p></div></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Am Mo., 14. Nov. 2022 um 16:09 Uhr schrieb Oleg Belousov <<a href="mailto:obelousov@gmail.com" target="_blank">obelousov@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi, Hossein.<br>Increased privileges for proxy container, now can see records in both SPD and SAD, but still ipsec is not established. Possible because UE is behind NAY - will check that either. Thanks for your advice.<div># ip xfrm state count<br> SAD count 28<br># ip xfrm policy count<br> SPD IN 16 OUT 16 FWD 0<br clear="all"><div><div dir="ltr"><br></div>Hi, Giovanni.</div><div>Thank you. Yes, I saw that fork and am going to try it as well. Not quite clear why those
patches not included onto the main release.<br><div dir="ltr">--<br><a href="http://obelousov.tel" target="_blank">obelousov.tel</a></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Nov 14, 2022 at 11:07 AM Giovanni Maruzzelli <<a href="mailto:gmaruzz@gmail.com" target="_blank">gmaruzz@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>you may also want to check Supreeth ipsec patches :</div><div><br></div><div><a href="https://github.com/herlesupreeth/kamailio" target="_blank">https://github.com/herlesupreeth/kamailio</a><br></div><div><br></div><div>-giovanni</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Nov 11, 2022 at 1:44 PM Oleg Belousov <<a href="mailto:obelousov@gmail.com" target="_blank">obelousov@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,
<span style="font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px">Hossein.</span><div><font face="Helvetica Neue, Helvetica, Arial, sans-serif">No, there are not. The output of these two commands is just empty. Should enable it?</font></div><div><div><div dir="ltr">--<br><a href="http://obelousov.tel" target="_blank">obelousov.tel</a></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Nov 10, 2022 at 9:08 PM H Yavari <<a href="mailto:hyavari@rocketmail.com" target="_blank">hyavari@rocketmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px"><div></div>
<div dir="ltr">Hi Oleg,</div><div dir="ltr"><br></div><div dir="ltr">Can you check the ipsec SA in the OS and see that SA and policies are there or not:</div><div dir="ltr">>> ip x s l</div><div dir="ltr">>> ip x p l</div><div dir="ltr"><br></div><div dir="ltr">BR,</div><div dir="ltr">Hossein</div><div><br></div>
</div><div id="m_-8484122919965892116m_-172542465307502517m_-6097666013363132380m_-4935567264299039029m_2477186782437254995ydpd934c1ecyahoo_quoted_8323646230">
<div style="font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;color:rgb(38,40,42)">
<div>
On Thursday, November 10, 2022 at 03:12:34 AM PST, Oleg Belousov <<a href="mailto:obelousov@gmail.com" target="_blank">obelousov@gmail.com</a>> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="m_-8484122919965892116m_-172542465307502517m_-6097666013363132380m_-4935567264299039029m_2477186782437254995ydpd934c1ecyiv4093037948"><div dir="ltr">Hi.<div>Working on ims integration with the actual handset, have got a problem with ipsec establishment to complete registration. </div><div><br></div><div>Initial steps are fine, including diameter exchange and 401 (with security server details) toward UE. On the next step UE and kamailio should establish ipsec connection, and UE to submit the next register with a response. As per trace UE is trying to establish the same (can see initial TCP SYN encapsulated onto ESP), using port-s, provided in Security-Server, but get an ICMP packet from server with destination/protocol unreachable. No more info either in P-SCSF log, no in kern.log. Proxy is listening to that port, it is tcp and available over telnet, so should not be a connectivity issue.</div><div>Please let know if any ideas how to troubleshoot that further,</div><div><div><div dir="ltr">--<br><a href="http://obelousov.tel" rel="nofollow" target="_blank">obelousov.tel</a></div></div></div></div>
</div>__________________________________________________________<br>Kamailio - Users Mailing List - Non Commercial Discussions<br><a href="mailto:sr-users@lists.kamailio.org" rel="nofollow" target="_blank">sr-users@lists.kamailio.org</a><br>Important: keep the mailing list in the recipients, do not reply only to the sender!<br>Edit mailing list options or unsubscribe:<br><a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="nofollow" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br></div>
</div>
</div></div>__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr">Sincerely,<br><br>Giovanni Maruzzelli<br>OpenTelecom.IT<br>cell: +39 347 266 56 18<br><br></div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>