sr-users March 2022

sr-users@lists.kamailio.org

62 participants
90 discussions

by Daniel-Constantin Mierla

Hello, I am planning to release a new version from branch 5.4, respectively 5.4.8, sometime next week, likely on Wednesday or Thursday (Mar 9/10, 2022). If anyone is aware of issues not yet reported to bug tracker or missing backports, report them in order to try to get the fixes in this release. Cheers, Daniel -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Online March 28-31, 2022 (Europe Timezone) * https://www.asipto.com/sw/kamailio-advanced-training-online/

2 years, 1 month

rtpengine - SRTP <> RTP missing a=crypto

by Rhys Hanrahan

Hi Everyone, I have Kamailio sitting between MS Teams and Asterisk, and using rtpengine to terminate SRTP on Kamailio so that all my internal traffic is unencrypted. My current config works fine for inbound calls where I initiate the INVITE and Teams responds, but if Teams sends the INVITE I am having an issue where SRTP cannot finish negotiating. Non SRTP calls work fine with RTPEngine as well, so it's just the RTP to SRTP I am struggling with. According to this I believe I must pass a=crypto in response to the INVITE which also has a=crypto: https://www.dialogic.com/-/media/1f8b54b43087407d9c2b38846c5c2cb5.ashx?h=40… You can see that in the initial invite from Teams, I get RTP/SAVP with a=crypto, but I do not send one in my OK response after 183 Session In Progress. As below - I am wondering if it's because not all audio channels seem to be getting swapped to SAVP? I'd like to do a generic SRTP <> RTP bridge config (I've tried below). However, I am not 100% sure on how to detect when to swap between AVP and SAVP, so I've also tried just doing rtpengine_manage() and relying on other code to swap between SAVP or AVP *only* when going to/from Teams to keep it simple. I also tried both with and without "replace-origin replace-session-connection ICE=remove" but I still get the same behaviour in all cases. Any advice appreciated, as this is my first time dealing with SRTP (and rtpengine). Feeling very stuck. Thanks! branch_route[MANAGE_BRANCH] { ... route(NATMANAGE); route(HANDLE_SRTP); } onreply_route[MANAGE_REPLY] { xdbg("incoming reply\n"); if(status=~"[12][0-9][0-9]") { route(NATMANAGE); } route(HANDLE_SRTP); } route[HANDLE_SRTP] { if (!has_body("application/sdp")) { return; } rtpengine_manage(); return; # As a test, just do rtpengine_manage() and set SAVP/AVP elsewhere. Same behaviour. # Handle bridging of RTP and SRTP # Inbound traffic to SBC should be converted from SRTP to RTP if (proto==TLS) { rtpengine_manage("RTP/AVP"); # Outbound traffic destined to a TLS destination should be converted from RTP to SRTP } else if ($ru =~ "transport=tls") { rtpengine_manage("RTP/SAVP"); } } # INVITE from teams rtpengine_manage("replace-origin replace-session-connection ICE=remove RTP/AVP"); # INVITE to teams rtpengine_manage("replace-origin replace-session-connection ICE=remove RTP/SAVP"); INVITE sip:+614xxxx@rh.sbc-syd-01.teams.xxxx:5061;user=phone;transport=tls SIP/2.0^M ... v=0^M o=- 57931 0 IN IP4 127.0.0.1^M s=session^M c=IN IP4 52.113.76.53^M b=CT:10000000^M t=0 0^M m=audio 51398 RTP/SAVP 104 9 103 111 18 0 8 97 101 13 118^M c=IN IP4 52.113.76.53^M a=rtcp:51399^M a=ice-ufrag:C8ss^M a=ice-pwd:2bV9D6GcXF5f8m0px/wufQD/^M a=rtcp-mux^M a=candidate:1 1 UDP 2130706431 52.113.76.53 51398 typ srflx raddr 10.0.32.179 rport 51398^M a=candidate:1 2 UDP 2130705918 52.113.76.53 51399 typ srflx raddr 10.0.32.179 rport 51399^M a=candidate:2 1 tcp-act 2121006078 52.113.76.53 49152 typ srflx raddr 10.0.32.179 rport 49152^M a=candidate:2 2 tcp-act 2121006078 52.113.76.53 49152 typ srflx raddr 10.0.32.179 rport 49152^M a=label:main-audio^M a=mid:1^M a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:geUHLB1mshmnI5hN83bnO57Hbdm2i7dD14sDAnpA|2^31^M a=sendrecv^M a=rtpmap:104 SILK/16000^M a=rtpmap:9 G722/8000^M a=rtpmap:103 SILK/8000^M a=rtpmap:111 SIREN/16000^M a=fmtp:111 bitrate=16000^M a=rtpmap:18 G729/8000^M a=fmtp:18 annexb=no^M a=rtpmap:0 PCMU/8000^M a=rtpmap:8 PCMA/8000^M a=rtpmap:97 RED/8000^M a=rtpmap:101 telephone-event/8000^M a=fmtp:101 0-16^M a=rtpmap:13 CN/8000^M a=rtpmap:118 CN/16000^M a=ptime:20^M I correctly convert to/from RTP/AVP and RTP/SAVP for the 183 Session in progress. It is RTP/SAVP before going to Teams: SIP/2.0 183 Session Progress^M ... v=0^M o=- 57931 2 IN IP4 1.2.3.4^M s=NexusOne^M c=IN IP4 1.2.3.4^M t=0 0^M m=audio 37820 RTP/SAVP 9 8 0 101^M a=maxptime:150^M a=mid:1^M a=rtpmap:9 G722/8000^M a=rtpmap:8 PCMA/8000^M a=rtpmap:0 PCMU/8000^M a=rtpmap:101 telephone-event/8000^M a=fmtp:101 0-16^M a=sendrecv^M a=rtcp:37821^M a=ptime:20^M m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M But then when I send the OK after the 183, I am setting RTP/SAVP before sending to MS Teams, but not setting a=crypto: Also note that I can see there are _some_ channels still as RTP/AVP so maybe this is part of the issue. SIP/2.0 200 OK^M ... v=0^M o=- 57931 2 IN IP4 1.2.3.4^M s=NexusOne^M c=IN IP4 1.2.3.4^M t=0 0^M m=audio 37820 RTP/SAVP 9 8 0 101^M a=maxptime:150^M a=mid:1^M a=rtpmap:9 G722/8000^M a=rtpmap:8 PCMA/8000^M a=rtpmap:0 PCMU/8000^M a=rtpmap:101 telephone-event/8000^M a=fmtp:101 0-16^M a=sendrecv^M a=rtcp:37821^M a=ptime:20^M m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M Rhys Hanrahan | Chief Information Officer e: rhys(a)nexusone.com.au<mailto:rhys@nexusone.com.au> [www.nexusone.com.au]<http://www.nexusone.com.au/> [signature_1116663581] <http://www.fusiontech.com.au/> NEXUS ONE | FUSION TECHNOLOGY SOLUTIONS p: 1800 NEXUS1 (1800 639 871) or 1800 565 845 | a: Suite 12.03 Level 12, 227 Elizabeth Street, Sydney NSW 2000 www.nexusone.com.au<http://www.nexusone.com.au/> | www.fusiontech.com.au<http://www.fusiontech.com.au/> The information in this email and any accompanying attachments may contain; a. Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; b. Legally privileged information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; and or c. Copyright material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties. If you have received this email in error, please notify the sender immediately and delete this message. Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd does not accept any responsibility for loss or damage arising from the use or distribution of this email. Please consider the environment before printing this email.

2 years, 1 month

Kamailio + KEMI + topos + change_reply_status

by Marrold

Hi, I'm using Kamailio 5.5.3 with a KEMI / Python based configuration on Debian 11. In my reply route I am trying to convert a 183 to a 180 with: KSR.textopsx.change_reply_status(180, "Ringing") I've noticed with TOPOS enabled, it doesn't work and I still see a 183 go out. But with it disabled, it works as expected and it's converted to a 180. I get the same behaviour with / without msg_apply_changes() Config looks like this: def ksr_onreply_manage(self, msg): KSR.info(f"ksr_onreply_manage\r\n") scode = KSR.pv.get("$rs") if KSR.permissions.allow_source_address_group()<0: if scode == 183: KSR.info(f"ksr_onreply_manage: Converting 183 to 180\r\n") KSR.textopsx.change_reply_status(180, "Ringing") KSR.textopsx.msg_apply_changes() if scode>100 and scode<299 : self.ksr_route_natmanage(msg) return 1 The debug log doesn't reveal anything too obvious, I can share if its of any use. Does anyone have any suggestions? Thanks Matthew

2 years, 1 month

kamailio.cfg : behind the NAT (listen and advertise) understanding

by Youssef Boujraf

Hi Dear I am trying to understand how "listen" and "advertise" work for sip signaling purpose ( corebooks : listen <http://www.kamailio.org/wiki/cookbooks/5.4.x/core#listen> and advertise ) Flow : kamailio behind NAT using softphones on private and public networks. - kamailio : Network : IPv4_private 192.168.1.6 / IPv4_public kamailio.cfg : listen=udp: IPv4_private: 5060 advertise IPv4_public : 5060 - uac (softphone) : zoiper, microsip, cisco spa508g USE CASE : I 'd like to force all softphone on the same local network to reach kamailio through a public ip address. ??? QUESTION : Do I need to REGISTER on IPv4_private address of Kamailio OR REGISTER on IPv4_public address of kamailio or DEFINE another "listen" with another PORT WITHOUT "advertise" for softphone on same kamailio network ? listen=udp: IPv4_private: 5060 advertise IPv4_public : 5060 listen=udp: IPv4_private: 5066 Do I need to use "kamctl ps" to verify which interface is listening on port ? Thanks in advance Best Regards, Youssef BOUJRAF Email: yboujraf(a)gmail.com

2 years, 1 month

simple GUI for Kamailio as a SBC - could be paid

by Krzysztof Drewicz

Hello, We searched for a simple GUI that could drive a kamailio - a bunch of trunks, some custom logic, tried to use open source Sipwise C5 - a way too big and heavy. Any hints ? links ? Mabe a paid subscription? Our goal is - to have a GUI that could - put a version number to configuration, and have a simple way to audit changes - only to log - what was done, when and from which management account. vi + svn/git - it's working but this is no GUI, ACLs in sqlite, also work, but - need to have a ssh console, keep files in some repository - well this is simply inconvenient when you have more than 5 trunks with registration etc... BR, -- *Krzysztof Drewicz* Senior Infrastructure Administrator CLUDO | ul. Grochowska 306/308, 03-840 Warszawa t+48221223977 kdrewicz(a)cludo.pl | www.cludo.pl <http://www.cludo.pl/>

2 years, 1 month

OS-assigned TLS source Port#?

by Matthias Urlichs

Hi, My Kamailio installation originates TLS connections using source port 5061. Is there a way to teach it not to do that? Seting tcp_reuse_port=no doesn't have any effect. -- -- Matthias Urlichs

2 years, 1 month

ndb_redis - redis-cluster error

by Maharaja Azhagiah

Hi All, I am new to Kamailio and testing location server using kamailio and redis-cluster. My setup is simple: All SIP REGISTER messages will be forwarded to this location-server. The server checks for AUTH and then needs to save the usrloc in redis-cluster. I have hiredis and hiredis-cluster libraries installed I am using ndb_redis to support redis-cluster with below configuration: modparam("ndb_redis", "server", "name=172.17.0.3:7000 ;addr=172.17.0.3;port=7000") modparam("ndb_redis", "server", "name=172.17.0.4:7001 ;addr=172.17.0.4;port=7001") modparam("ndb_redis", "server", "name=172.17.0.5:7002 ;addr=172.17.0.5;port=7002") modparam("ndb_redis", "server", "name=172.17.0.6:7003 ;addr=172.17.0.6;port=7003") modparam("ndb_redis", "server", "name=172.17.0.7:7004 ;addr=172.17.0.7;port=7004") modparam("ndb_redis", "server", "name=172.17.0.8:7005 ;addr=172.17.0.8;port=7005") modparam("ndb_redis", "cluster", 1) If SIP method is REGISTER, Kamailio sends redis_cmd to store as below: redis_cmd("172.17.0.3:7000", "sadd %s %s", "location:usrdom::437780082: mazhagiah.sip.zang.io", "location:entry::$xavp(ulrcd=>ruid)", "r"); However, redis-cluster replies with MOVED message, but kamailio / ndb_redis throughs error as below: 0(3915) DEBUG: ndb_redis [redis_client.c:391]: redisc_get_server(): Hash 2590462363 (172.17.0.3:7000) 0(3915) DEBUG: ndb_redis [redis_client.c:395]: redisc_get_server(): Entry 2591109923 (172.17.0.8:7005) 0(3915) DEBUG: ndb_redis [redis_client.c:395]: redisc_get_server(): Entry 2590232843 (172.17.0.7:7004) 0(3915) DEBUG: ndb_redis [redis_client.c:395]: redisc_get_server(): Entry 2590175467 (172.17.0.6:7003) 0(3915) DEBUG: ndb_redis [redis_client.c:395]: redisc_get_server(): Entry 2590347603 (172.17.0.5:7002) 0(3915) DEBUG: ndb_redis [redis_client.c:395]: redisc_get_server(): Entry 2590290227 (172.17.0.4:7001) 0(3915) DEBUG: ndb_redis [redis_client.c:395]: redisc_get_server(): Entry 2590462363 (172.17.0.3:7000) 0(3915) DEBUG: ndb_redis [redis_client.c:896]: redisc_exec(): rsrv->ctxRedis = 0x558e4d739210 0(3915) DEBUG: ndb_redis [redis_client.c:903]: redisc_exec(): rsrv->ctxRedis = 0x558e4d739210 0(3915) DEBUG: ndb_redis [redis_client.c:957]: redisc_exec(): rpl->rplRedis->type:6 0(3915) ERROR: ndb_redis [redis_client.c:959]: redisc_exec(): Redis error:MOVED 10082 172.17.0.4:7001 0(3915) DEBUG: <core> [sruid.c:182]: sruid_next(): new sruid is [uloc-621e8438-f4b-b] (11 / 19) 0(3915) DEBUG: registrar [save.c:410]: pack_ci(): generated ruid is: uloc-621e8438-f4b-b 0(3915) DEBUG: <core> [sruid.c:182]: sruid_next(): new sruid is [uloc-621e8438-f4b-c] (12 / 19) Please help if I am missing anything with my configuration or library. Thanks Raja

2 years, 1 month

Problem with auth_ephemeral and parse_uri(): bad port in uri

by Vlasis Chatzistavrou

Hello, I have a problem with Kamailio 5.4.6 and auth_ephemeral. I have the following in the Kamailio configuration loadmodule "auth_ephemeral" modparam( "auth_ephemeral", "sha_algorithm", 3 ) modparam( "auth_ephemeral", "username_format", 0 ) modparam( "auth_ephemeral", "secret", 1234 ) as per https://kamailio.org/docs/modules/4.1.x/modules/auth_ephemeral.html#auth_ep… and registrations fail. In the logs we see: Jan 2 18:21:10 enswitch43 /sbin/kamailio[37501]: DEBUG: {1 545 REGISTER rhaqgafd7boteg24jp5db0} sanity [sanity.c:777]: check_parse_uris(): looking up From header Jan 2 18:21:10 enswitch43 /sbin/kamailio[37501]: DEBUG: {1 545 REGISTER rhaqgafd7boteg24jp5db0} sanity [sanity.c:817]: check_parse_uris(): parsing From URI Jan 2 18:21:10 enswitch43 /sbin/kamailio[37501]: DEBUG: {1 545 REGISTER rhaqgafd7boteg24jp5db0} <core> [core/parser/parse_uri.c:1296]: parse_uri(): bad port in uri (error at char 5 in state 2) parsed: <sip:3518929:16411>(17) /<sip:3518929:1641150726@192.168.2.99> (35) Jan 2 18:21:10 enswitch43 /sbin/kamailio[37501]: WARNING: {1 545 REGISTER rhaqgafd7boteg24jp5db0} sanity [sanity.c:820]: check_parse_uris(): failed to parse From uri Apparently Kamailio is confused by the timestamp following the username separated by the : character. The REGISTER message is below: REGISTER sip:192.168.2.99 SIP/2.0 Via: SIP/2.0/WSS 192.0.2.202;branch=z9hG4bK5452321 Max-Forwards: 70 To: "3518929" <sip:3518929:1641148397@192.168.2.99> From: "3518929" <sip:3518929:1641148397@192.168.2.99>;tag=ht76o8b2b6 Call-ID: phkj9mi2n3s3ju7uu3qq2f CSeq: 274 REGISTER Contact: <sip:edh7mmti@192.0.2.202;transport=wss>;reg-id=1;+sip.instance="<urn:uuid:ca5e9372-dfa1-459a-b6ba-4398d23bd896>";expires=300 Allow: ACK,CANCEL,INVITE,MESSAGE,BYE,OPTIONS,INFO,NOTIFY,REFER Supported: path, gruu, outbound User-Agent: Raspberry Phone (SipJS - 0.11.6) Content-Length: 0 and Kamailio parses it as sip:<username>:<port> instead of sip:<username>:<timestamp>. Is this a bug that should be reported or is there any setting that I am missing?

2 years, 1 month

t_on_failure => what variables being reset to which values?

by Benoît Panizzon

Hi List We t_on_failure re-route calls to another destination in case one fails for example announcement servers... Before sending to the announcement server I do add some extra header to define which announcement in which language should be played: append_hf("IMP-annc: $avp(announcecode)\r\n"); append_hf("IMP-mandate: $avp(mandate)\r\n"); append_hf("IMP-language: $avp(callerlang)\r\n"); Also $rU is being set prior to sending the call to the announcement server. Now one of our announcement servers became unavailable and t_on_failure was triggered. The 2nd announcement servers was receiving the calls without any of the additional header and with the 'inbound' $ru without the altered $rU https://www.kamailio.org/docs/modules/devel/modules/tm.html#tm.f.t_on_failu… I'm a bit confused by that, as this states the URI is reset to the value it had on 'relaying'. Is this on 'inbound replaying' or on 'outbound relaying' when route(RELAY) was called to send the call TO the first annoucement server? Is there a bit more specific information on that behaviour? -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

2 years, 1 month

KEMI jsdt CommonJS-based module

by Ian Carlson

Greetings, I'm new to Kamailio and working to add Kamailio to an existing Asterisk solution. I'm attracted to the idea of routing via KEMI jsdt since our Asterisk ARI is using nodejs. Playing with KEMI jsdt I was trying to use require() to break up the monolithic routing script. It seems that Kamailio uses Ducktape 2 without module-node or module-ducktape, requiring all routing in a single file? I'd appreciate any suggested practices for managing Kamailio configurations. Cheers, Ian

2 years, 1 month

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users March 2022