<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Henning,</p>
<p>For some internal policies we must use HAproxy.</p>
<p>In our current configuration (Haproxy -> Kamalio Register)
everything work correctly.</p>
<p>In our next configuration (HAproxy -> Kamailio edge proxy
-> Kamalio Register)</p>
<p>the Record-Route and via are the same for REGISTER, SUBSCRIBE,
INVITE and MESSAGE, see below<br>
</p>
<p><i>Record-Route: <</i><i><a
href="sip:192.168.58.1:15006;transport=tcp;r2=on;lr"
class="moz-txt-link-freetext">sip:192.168.58.1:15006;transport=tcp;r2=on;lr</a></i><i>></i><i><br>
</i><i>
Record-Route: <</i><i><a
href="sip:sip-test.example.com:16005;transport=tls;r2=on;lr"
class="moz-txt-link-freetext">sip:sip-test.example.com:16005;transport=tls;r2=on;lr</a></i><i>></i><i><br>
</i><i>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKb257.83b972054df1675806975159ae1f1e43.0;i=6</i><i><br>
</i><i>
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjfan-Tte.vtL8brkWb20wm.5b8iuVEtQV;alias</i></p>
<p><br>
</p>
<p>Now the question is: why the REGISTER, SUBSCRIBE work and INVITE,
MESSAGE do not work. furthermore, since the Record- Route and VIA
are the same there is a reason why the REGISTER, SUBSCRIBE use the
TCP and INVITE, MESSAGE use the TLS.</p>
<p><br>
</p>
<p>Below the error that we can see in the kamailio log.<br>
</p>
<p><i>Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
WARNING: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET}
<core> [core/forward.c:228]: get_send_socket2():
protocol/port mismatch (forced tcp:192.168.58.15:15006, to
tls:192.168.58.1:60982)</i><i><br>
</i><i>
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm
[ut.h:315]: uri2dst2(): no corresponding socket found for
"192.168.58.1" af 2 (tls:192.168.58.1:60982)</i><i><br>
</i><i>
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm
[t_fwd.c:471]: prepare_new_uac(): can't fwd to af 2, proto 3
(no corresponding listening socket)</i><i><br>
</i><i>
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm
[t_fwd.c:1754]: t_forward_nonack(): failure to add branches</i><i><br>
</i><i>
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} sl
[sl_funcs.c:372]: sl_reply_error(): stateless error reply used:
I'm terribly sorry, server error occurred (7/SL) <br>
</i></p>
<p>Thanks</p>
<p>Regards<br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-signature"><font color="#118311">
<hr>
<p style="font-family:sans-serif;font-size:14px">
Ing. Giovanni Iamonte<br>
Developments and technologies area<br>
Quintetto Srl<br>
Via Monte Navale, 1<br>
10015 - Ivrea (TO)<br>
mobile: +39 393 9196310<br>
tel: +39 0165 1845290<br>
e-mail: <a class="moz-txt-link-abbreviated" href="mailto:giovanni.iamonte@quintetto.it">giovanni.iamonte@quintetto.it</a><br>
web: <a class="moz-txt-link-abbreviated" href="http://www.quintetto.it">www.quintetto.it</a><br>
</p>
</font></div>
<div class="moz-cite-prefix">On 06/12/22 14:57, Henning Westerholt
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DB3PR0502MB994604B6B32B36A09E8E952ABF1B9@DB3PR0502MB9946.eurprd05.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}span.E-MailFormatvorlage20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB">why do you want to build it like this in the
first place? Usually, Kamailio is used as the first network
element that processes the traffic from the devices. That
means, its not used behind haproxy.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB">If you want to use haproxy for some reasons,
there is a core parameter to enable support for the haproxy
protocol. But it will not help you for this error.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB">This is probably caused from the
Record-Route/Via contains the tls protocol. The haproxy of
course does not speak SIP, so the message contains not the
headers Kamailio expect.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB">Cheers,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB">Henning<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB">-- <o:p>
</o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB">Henning Westerholt –
</span><span style="mso-fareast-language:EN-US"><a
href="https://skalatan.de/blog/" moz-do-not-send="true"><span
style="color:#0563C1" lang="EN-GB">https://skalatan.de/blog/</span></a></span><span
style="mso-fareast-language:EN-US" lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB">Kamailio services –
</span><span style="mso-fareast-language:EN-US"><a
href="https://gilawa.com/" moz-do-not-send="true"><span
style="color:#0563C1" lang="EN-GB">https://gilawa.com</span></a></span><span
style="mso-fareast-language:EN-US" lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-GB"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-left:35.4pt"><b>From:</b>
sr-users <a class="moz-txt-link-rfc2396E" href="mailto:sr-users-bounces@lists.kamailio.org"><sr-users-bounces@lists.kamailio.org></a>
<b>On Behalf Of </b>Giovanni Iamonte<br>
<b>Sent:</b> Tuesday, December 6, 2022 2:32 PM<br>
<b>To:</b> Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-rfc2396E" href="mailto:sr-users@lists.kamailio.org"><sr-users@lists.kamailio.org></a><br>
<b>Subject:</b> [SR-Users] outbound Edge Proxy<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="margin-left:35.4pt"><o:p> </o:p></p>
<p style="margin-left:35.4pt">Dear List<o:p></o:p></p>
<p style="margin-left:35.4pt">In the last week I try to figure
out how I can put in place a configuration that use an edge
proxy and a register by using kamailio 5.6, but i am facing
some issues.<o:p></o:p></p>
<p style="margin-left:35.4pt">Scenario:<o:p></o:p></p>
<p style="margin-left:35.4pt">We are using on ubuntu 20.04,
HAproxy and Kamailio 5.6.<o:p></o:p></p>
<p style="margin-left:35.4pt">We have configured a Kamailio
register that, in the following case, perfectly works.<o:p></o:p></p>
<p style="margin-left:35.4pt"><span
style="font-family:"Courier New",serif">
______ __ __________</span><br>
TLS | | TLS
| |<br>
<span style="font-family:"Courier New",serif">Client
------------------ > | NAT |-----------> |
Kamalio |
</span><br>
<span style="font-family:"Courier New",serif">
in |_HAProxy | out in | Register |
</span><br>
<span style="font-family:"Courier New",serif">
|_________| | |
</span><br>
<span style="font-family:"Courier New",serif">
|________ _|
</span><o:p></o:p></p>
<p style="margin-left:35.4pt">Now we want to put a kamailio edge
proxy before the kamailio Register, please take a look to the
below picture<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span
style="font-family:"Courier New",serif">
______</span><br>
<br>
<span style="font-family:"Courier New",serif">
______ __ _________
___________</span><br>
TLS | | TLS
| | TCP | |<br>
<span style="font-family:"Courier New",serif">Client
------------------ > | NAT |-----------> | Kamalio
| -------------> | Kamailio |</span><br>
<span style="font-family:"Courier New",serif">
in |_HAProxy | out in | Edge |
out in | Register |</span><br>
<span style="font-family:"Courier New",serif">
|_________| | Proxy
| | |</span><br>
<span style="font-family:"Courier New",serif">
|_________| |___________|</span><o:p></o:p></p>
<p style="margin-left:35.4pt">HAproxy -> sip-test.example.com<o:p></o:p></p>
<p style="margin-left:35.4pt">Kamailio edge proxy ->
192.168.58.1<o:p></o:p></p>
<p style="margin-left:35.4pt">Kamailio Register ->
192.168.58.15<o:p></o:p></p>
<p style="margin-left:35.4pt">The kamailio Edge has been
configured as indicated in the outbound module example.<o:p></o:p></p>
<p style="margin-left:35.4pt"><o:p> </o:p></p>
<p style="margin-left:35.4pt">When a transaction such as
REGISTER or SUBSCRIBE reach the "Kamailio Register" the
Record-Route and Via headers are correct and it works.<o:p></o:p></p>
<p style="margin-left:35.4pt"><o:p> </o:p></p>
<p style="margin-left:35.4pt">When the transaction such as
MESSAGE or INVITE reach the "Kamailio Register" it does not
work and below you can see the message and the error.<o:p></o:p></p>
<p style="margin-left:35.4pt">Note that the Record-Route and Via
headers are the same as the previous message REGISTER and
SUBSCRIBE.<o:p></o:p></p>
<p style="margin-left:35.4pt"><o:p> </o:p></p>
<p style="margin-left:35.4pt">Dec 6 11:57:09
qcast-webserver-dev /usr/sbin/kamailio[15340]: INFO: {1 40742
MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} <script>:
SIPMessage-in-request =
<a
href="mailto:192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE"
moz-do-not-send="true" class="moz-txt-link-freetext">192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE</a>
<a href="mailto:sip:s-user.02@sip-dev.example.com"
moz-do-not-send="true" class="moz-txt-link-freetext">sip:s-user.02@sip-dev.example.com</a>
SIP/2.0<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:35.4pt">Record-Route:
<<a href="sip:192.168.58.1:15006;transport=tcp;r2=on;lr"
moz-do-not-send="true" class="moz-txt-link-freetext">sip:192.168.58.1:15006;transport=tcp;r2=on;lr</a>><br>
Record-Route: <<a
href="sip:sip-test.example.com:16005;transport=tls;r2=on;lr"
moz-do-not-send="true" class="moz-txt-link-freetext">sip:sip-test.example.com:16005;transport=tls;r2=on;lr</a>><br>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKa257.add27f134dd83c78aef13ca7798f87ca.0;i=6<br>
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjajkY.0NlW2AFuz3.BRaKH4EdvdmQTs9L;alias<br>
Max-Forwards: 69<br>
From: <a href="mailto:sip:s-user.03@sip-dev.example.com"
moz-do-not-send="true"><sip:s-user.03@sip-dev.example.com></a>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3<br>
To: <a href="mailto:sip:s-user.02@sip-dev.example.com"
moz-do-not-send="true"><sip:s-user.02@sip-dev.example.com></a><br>
Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET<br>
CSeq: 40742 MESSAGE<br>
Accept: text/plain, application/im-iscomposing+xml<br>
Content-Type: text/plain<br>
Content-Length: 59<br>
<br>
################## MESSAGE ###################<br>
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
INFO: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET}
<script>: SIPMessage-in-request =
<a
href="mailto:192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE"
moz-do-not-send="true" class="moz-txt-link-freetext">192.168.58.1:53606-sip:s-user.02@sip-dev.example.com-MESSAGE</a>
<a href="mailto:sip:s-user.02@sip-dev.example.com"
moz-do-not-send="true" class="moz-txt-link-freetext">sip:s-user.02@sip-dev.example.com</a>
SIP/2.0<br>
Record-Route: <<a
href="sip:192.168.58.1:15006;transport=tcp;r2=on;lr"
moz-do-not-send="true" class="moz-txt-link-freetext">sip:192.168.58.1:15006;transport=tcp;r2=on;lr</a>><br>
Record-Route: <<a
href="sip:sip-test.example.com:16005;transport=tls;r2=on;lr"
moz-do-not-send="true" class="moz-txt-link-freetext">sip:sip-test.example.com:16005;transport=tls;r2=on;lr</a>><br>
Via: SIP/2.0/TCP
192.168.58.1:15006;branch=z9hG4bKb257.83b972054df1675806975159ae1f1e43.0;i=6<br>
Via: SIP/2.0/TLS
192.168.58.1:39592;received=192.168.58.1;rport=39592;branch=z9hG4bKPjfan-Tte.vtL8brkWb20wm.5b8iuVEtQV;alias<br>
Max-Forwards: 69<br>
From: <a href="mailto:sip:s-user.03@sip-dev.example.com"
moz-do-not-send="true"><sip:s-user.03@sip-dev.example.com></a>;tag=VnOekkKsq4tLhFAywXzbxLXxIesWscn3<br>
To: <a href="mailto:sip:s-user.02@sip-dev.example.com"
moz-do-not-send="true"><sip:s-user.02@sip-dev.example.com></a><br>
Call-ID: YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET<br>
CSeq: 40743 MESSAGE<br>
Accept: text/plain, application/im-iscomposing+xml<br>
Proxy-Authorization: Digest username="s-user.03",
realm="sip-dev.example.com",
nonce="Y48hMWOPIAW7JeSQ7/a+cuJ1gKwT8hrC", uri=<a
href="mailto:sip:s-user.02@sip-dev.example.com"
moz-do-not-send="true">"sip:s-user.02@sip-dev.example.com"</a>,
response="3b7c34476443e5f1125fa460a4981180",
cnonce="3AT-ZMwyfpgaMwlulh5cq5vJHi75-wnz", qop=auth,
nc=00000001<br>
Content-Type: text/plain<br>
Content-Length: 59<br>
<br>
<br>
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
WARNING: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET}
<core> [core/forward.c:228]: get_send_socket2():
protocol/port mismatch (forced tcp:192.168.58.15:15006, to
tls:192.168.58.1:60982)<br>
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm
[ut.h:315]: uri2dst2(): no corresponding socket found for
"192.168.58.1" af 2 (tls:192.168.58.1:60982)<br>
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm
[t_fwd.c:471]: prepare_new_uac(): can't fwd to af 2, proto 3
(no corresponding listening socket)<br>
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} tm
[t_fwd.c:1754]: t_forward_nonack(): failure to add branches<br>
Dec 6 11:57:09 qcast-webserver-dev /usr/sbin/kamailio[15340]:
ERROR: {1 40743 MESSAGE YsfZ7Rq-WGw33NUn9AFMWEuurzryvzET} sl
[sl_funcs.c:372]: sl_reply_error(): stateless error reply
used: I'm terribly sorry, server error occurred (7/SL)
<o:p></o:p></p>
<p style="margin-left:35.4pt"><o:p> </o:p></p>
<p style="margin-left:35.4pt">based on what we have understood
in the message headers "Via" and Record-Route" there are the
right information to reach back the proxy Edge, but looking to
the error message it seems that the kamailio register try to
reach back the proxy edge through the TLS instead of using the
TCP.<o:p></o:p></p>
<p style="margin-left:35.4pt"><o:p> </o:p></p>
<p style="margin-left:35.4pt">Could someone put me in the right
direction.<o:p></o:p></p>
<p style="margin-left:35.4pt">Thanks<o:p></o:p></p>
<p style="margin-left:35.4pt">Regards<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span
style="font-family:"Courier New",serif">--
</span><o:p></o:p></p>
<div>
<div class="MsoNormal"
style="margin-left:35.4pt;text-align:center" align="center">
<span style="color:#118311">
<hr width="100%" size="2" align="center">
</span></div>
<p style="margin-left:35.4pt"><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#118311">Ing.
Giovanni Iamonte<br>
Developments and technologies area<br>
Quintetto Srl<br>
Via Monte Navale, 1<br>
10015 - Ivrea (TO)<br>
</span><span
style="font-size:10.5pt;font-family:Symbol;color:#118311">(</span><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#118311">
mobile: +39 393 9196310<br>
</span><span
style="font-size:10.5pt;font-family:Symbol;color:#118311">(</span><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#118311">
tel: +39 0165 1845290<br>
</span><span
style="font-size:10.5pt;font-family:Symbol;color:#118311">+</span><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#118311">
e-mail:
<a href="mailto:giovanni.iamonte@quintetto.it"
moz-do-not-send="true" class="moz-txt-link-freetext">giovanni.iamonte@quintetto.it</a><br>
</span><span
style="font-size:10.5pt;font-family:Symbol;color:#118311">[</span><span
style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#118311">
web:
<a href="http://www.quintetto.it" moz-do-not-send="true">www.quintetto.it</a><o:p></o:p></span></p>
</div>
</div>
</blockquote>
</body>
</html>