sr-users September 2022

sr-users@lists.kamailio.org

41 participants
51 discussions

by Mack Hendricks

Hey All, I always struggle with loose_route() and I implemented workarounds in the past. But, I want to get a better understanding. I have a SIP Endpoint -> Kamailio -> FreeSWITCH The domain and alias is set to the ip address of the Kamailio server (137.184.130.206) When I get the ACK back from the SIP Endpoint it looks like this ACK sip:18889072085@137.184.72.42:5060;transport=udp SIP/2.0 Via: SIP/2.0/UDP 10.1.10.140:1052 ;branch=z9hG4bK-524287-1---740db0025fa217ce;rport Max-Forwards: 70 *Route: <sip:137.184.130.206;lr>* Contact: <sip:1000@50.192.97.226:53790;transport=UDP> To: <sip:18889072085@dsiptest.dsiprouter.net>;tag=5gv4etZ8tUUcH From: <sip:1000@dsiptest.dsiprouter.net;transport=UDP>;tag=0af5b751 Call-ID: fWido7VIUKIEI6f6kf4vkQ.. CSeq: 1 ACK User-Agent: Z 5.5.8 v2.10.17.2 Content-Length: 0 Kamailio will then remove the ACK and change the RURI to itself, which causes an ACK loop. This is what is look like *ACK sip:137.184.130.206;lr* SIP/2.0 Via: SIP/2.0/UDP 137.184.130.206;branch=z9hG4bK3fd.0cf34b683f0627ee2455594ea6cb2517.0 Via: SIP/2.0/UDP 10.1.10.140:1052 ;received=50.192.97.226;branch=z9hG4bK-524287-1---740db0025fa217ce;rport=1052 Max-Forwards: 69 Contact: <sip:1000@50.192.97.226:1052;transport=UDP> To: <sip:18889072085@dsiptest.dsiprouter.net>;tag=5gv4etZ8tUUcH From: <sip:1000@dsiptest.dsiprouter.net;transport=UDP>;tag=0af5b751 Call-ID: fWido7VIUKIEI6f6kf4vkQ.. CSeq: 1 ACK User-Agent: Z 5.5.8 v2.10.17.2 Content-Length: 0 *Question:* What am I missing here? We have the alias set and we even set it in the domain module (with the register_myself flag). We have workarounds for this, but I would prefer to figure out how to have Kamailio handle this natively via the loose_route or tm module. Thanks in advance,

1 year, 6 months

Keepalive dialog with SIP/TLS OPTIONS

by Denys Pozniak

Hello! In order to keep the SIP/TCP connection alive for some specific clients (more precisely, specific firewalls) in long calls, I use periodic SIP OPTIONS probes through the dialog module. I noticed that when subscribers are using the SIP/TLS protocol, such keepalives are not sent (with SIP/UDP and SIP/TCP working well). I did not detect any obvious errors in the debug mode. Are there any ideas why the messages are not being sent for SIP/TLS leg? ---- loadmodule "dialog.so" modparam("dialog", "db_url", "DBURL") modparam("dialog", "db_mode", 1) modparam("dialog", "ka_timer", 5) modparam("dialog", "ka_interval", 30) modparam("dialog", "ka_failed_limit", 2) modparam("dialog", "send_bye", 1) modparam("dialog", "track_cseq_updates", 1) modparam("dialog", "default_timeout", 7205) ----- dlg_manage(); dlg_set_property("ka-src"); dlg_set_property("ka-dst"); -- BR, Denys Pozniak

1 year, 6 months

Kamailio stops responding to OPTIONS for some time

by Muhammad Danish Moosa

Hi, With Kamailio 5.5.3 (with KEMI/Lua) I noticed it apparently had stopped responding to OPTIONS in my test system. It can cause problems if a similar issue appears in production. Only thing i could observe it was apparently responding to INVITE and CANCEL etc randomly , its pretty strange as it was not dead completely. There was no core dump, I restarted and it started functioning again. Any clues please? -- Muhammad Danish Moosa " The core of mans' spirit comes from new experiences. "___ Christopher McCandless

1 year, 6 months

http_async_client "route_name" is what type of route?

by Brooks Bridges

Running into an issue where I can't access certain functions inside the response route or "route_name" for handling the asynchronous reply from an http_async_query() that's being run. Does anyone know what type of route that is considered to be? I know it's not a request route or a failure route based on the errors I'm getting, but I can't find anything that outlines what that route actually is. Thanks! Brooks Bridges 1200 S. Rogers Circle, Unit 6 Boca Raton, FL 33487 Office: 916-235-2097 Main: 888-444-1111 email: bbridges(a)call48.com | web: www.call48.com Confidentiality Notice: This e-mail, and any attachment to it, contains privileged and confidential information intended only for the use of the individual(s) or entity named on the e-mail. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that reading this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system.

1 year, 6 months

Interactions of dmq_usrloc and usrloc w/db_mode > 0

by Alex Balashov

Hi, Are there any known contraindications for replicating contacts using dmq/dmq_usrloc, and injecting those contacts into a database on one of the nodes using usrloc with `db_mode` 1 or 2? Predictably, this is being done to support the use-case of getting registration status from database. If you think this should be done with JSONRPC, I am in complete agreement with you, but it’s not up to me. :-) I am doing this with `db_mode` 2 now, and finding that, for a small number of AORs, one can find instances where they are consistently stored in memory but not present in the `location` table. The overall proportion of these AORs, out of thousands, seems to be quite small. It was initially somewhat higher, and it went down once I increased usrloc `timer_processes` and increased the sync interval from 30 to 60 seconds. Nevertheless, it is still non-zero, and I am getting intermittent reports. I wonder if there are some prior experiences with this and anything to watch out, or if `db_mode` 1 might be a superior choice. I personally cannot see how that would be; it seems to have all the performance downsides of mode 3. But perhaps if something about it is more “problem-free” vis-a-vis DMQ, it’s worth a shot? — Alex -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/

1 year, 6 months

New feature: #defexp -preprocessor define with expression

by Daniel-Constantin Mierla

Hello, following the recent new feature of #!ifexp based on snexpr (https://www.kamailio.org/w/2022/09/ifexp-conditional-preprocessor-blocks/), another preprocessor directive was added which allows defining IDs with a value computed from the evaluation of an expression, respectively: #!defexp ID EXP The EXP can be any expression supported by snexpr, including the previously defined IDs. For example: #!define IPADDR 1.2.3.4 #!define PORT 5060 #!defexp SIPURI "sip:" + IPADDR + ":" + PORT The result is that SIPURI is defined to sip:1.2.3.4:5060. Another variant is available as #!defexps, which encloses the result of the expression in double quotes, making it suitable to be used further as string value: #!defexps SIPURI "sip:" + IPADDR + ":" + PORT The result is that SIPURI is defined to “sip:1.2.3.4:5060”. More details at: - https://www.kamailio.org/wikidocs/cookbooks/devel/core/#defexp - https://www.kamailio.org/wikidocs/cookbooks/devel/core/#defexps Testing would be appreciated, feedback can be addressed to sr-users mailing list! Cheers, Daniel -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Online Nov 7-10, 2022 (Europe Timezone) * https://www.asipto.com/sw/kamailio-advanced-training-online/

1 year, 6 months

Question about the Secsipid module

by Володимир Іванець

Hello everyone! I'm testing calls with STIR/SHAKEN with a Secsipid module on a Kamailio version 5.6.1 and ran into a problem. Outbound calls work fine when the function *secsipid_add_identity* with appropriate parameters is called. But as soon as I add function *secsipid_check_identity* to my configuration, Kamilio would not start. Here is an error message I get: *kamailio: CRITICAL: <core> [core/cfg.y:3791]: yyerror_at(): parse error in config file /etc/kamailio/include/registrar.cfg, line 47, column 39: unknown command, missing loadmodule?* *loadmodule "secsipid.so"* is present and is above the function *secsipid_check_identity* call. Both secsipid.so and secsipid_proc.so module files are the correct version and present on the system. Another question is related to the rpm package build. How do you build additional modules? I made adjustment to the pkg/kamailio/Makefile file. In the *cfg* section changed *$(MAKE) -C ../../src cfg* with *$(MAKE) FLAVOUR=kamailio include_modules="secsipid secsipid_proc" -C ../../src cfg*. Required modules appeared in the modules.lst file but their rpm packages were not built. Thank you very much!

1 year, 6 months

Failed to create a TLS connection when a 'loose' tls_method is configured

by Leonid Fainshtein

Hi, I have a problem creating a TLS connection when tls_method is configured as one of the "loose" methods: SSLv23, TLSv1+, TLSv1.1+, TLSv1.2+. The problem doesn't happen when the tls_method is defined "strictly": TLSv1, TLSv1.1, or TLSv1.2. The problem is reproducible with the modern Yealink phones and also with sipexer. I have Kamailio v.5.5.4 installed from the Kamailio repo ( http://deb.kamailio.org/kamailio55), on Ubuntu 18.04, OpenSSL ver.1.1.1-1ubuntu2.1~18.04.20 The sipexer output: -------------------------- $ ./sipexer -register -vl 3 -co -com -ex 60 -fuser 2001 -cb -au 2001 -ap "......" -sd -sw 20000 -tk ./id_rsa tls:nnnnnnnnn.com:5061 [debug] [sipexer.go:912] main.main(): parsed socket address argument ({Val:tls:nnnnnnnnn.com:5061 Proto:tls Addr:nnnnnnnnn.com Port:5061 PortNo:5061 AType:8 ProtoId:3}) [debug] [sipexer.go:1800] main.SIPExerSendTLS(): client: 192.168.0.178:41586 connected to: 142.93.233.32:5061 [debug] [sipexer.go:1803] main.SIPExerSendTLS(): [48 130 1 34 48 13 6 9 42 134 72 134 247 13 1 1 1 5 0 3 130 1 15 0 48 130 1 10 2 130 1 1 0 222 21 229 237 77 230 193 157 183 132 186 194 65 98 162 250 243 232 189 223 115 181 41 199 130 221 201 143 254 218 254 201 82 173 233 44 158 103 150 78 210 162 187 138 5 179 11 47 208 0 117 27 186 180 197 229 94 13 63 72 227 27 169 127 197 173 67 52 182 68 140 220 132 20 241 57 24 182 29 234 58 60 214 145 225 29 251 240 190 159 43 233 53 57 121 159 81 4 200 12 193 90 91 158 78 196 25 202 74 111 106 215 164 12 178 120 129 8 81 1 245 181 149 20 47 197 165 74 126 24 249 241 187 197 249 209 192 11 204 254 110 19 248 79 122 11 131 24 101 155 237 110 186 5 214 88 79 255 185 156 52 12 29 222 254 76 71 171 142 28 69 22 34 31 111 105 87 7 108 68 6 23 199 236 134 154 42 208 199 158 190 48 193 192 179 120 189 199 117 71 104 231 127 73 128 91 234 168 175 207 55 6 191 144 209 25 10 182 27 53 182 182 96 248 198 206 220 207 102 236 194 96 67 159 34 112 81 145 2 166 207 86 247 232 117 126 158 214 215 10 226 68 81 235 169 81 2 3 1 0 1] <nil> [debug] [sipexer.go:1804] main.SIPExerSendTLS(): CN=nnnnnnnnn.com [debug] [sipexer.go:1803] main.SIPExerSendTLS(): [48 130 2 34....247 31 2 3 1 0 1] <nil> [debug] [sipexer.go:1804] main.SIPExerSendTLS(): CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT [debug] [sipexer.go:1803] main.SIPExerSendTLS(): [48 130 2 34 48 ....130 15 2 3 1 0 1] <nil> [debug] [sipexer.go:1804] main.SIPExerSendTLS(): CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US [debug] [sipexer.go:1806] main.SIPExerSendTLS(): client: handshake: true [debug] [sipexer.go:1807] main.SIPExerSendTLS(): client: mutual: true [info] [sipexer.go:1432] main.SIPExerDialogLoop(): local socket address: 192.168.0.178:41586 (tls) [info] [sipexer.go:1433] main.SIPExerDialogLoop(): local via address: 192.168.0.178:41586 [info] [sipexer.go:1434] main.SIPExerDialogLoop(): sending to tls 142.xx.yy.32:5061: [[--- REGISTER sip:nnnnnnnnn.com:5061;transport=tls SIP/2.0 Via: SIP/2.0/TLS 192.168.0.178:41586 ;rport;branch=z9hG4bKSG.f7a247eb-5440-4e7a-8a5a-4f849684f30d From: <sip:2001@nnnnnnnnn.com>;tag=33e66091-193c-4535-b659-d5e562aca5a4 To: <sip:2001@nnnnnnnnn.com> Call-ID: 4556156d-e8da-4632-82f7-f3ab3c4c73a1 CSeq: 621470 REGISTER Date: Sun, 04 Sep 2022 11:21:33 IDT Contact: <sip:192.168.0.178:41586;transport=tls> Expires: 60 User-Agent: SIPExer v1.0.2 Content-Length: 0 [info] [sipexer.go:1436] main.SIPExerDialogLoop(): ---]] [error] [sipexer.go:1312] main.SIPExerDialogReadBytes(): not receiving after 32000ms (bytes 0 - EOF) [debug] [sipexer.go:1009] main.SIPExerExit(): return code: -1154 The Kamailio debug log: --------------------------------- Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 46(25550) DEBUG: <core> [core/ip_addr.c:577]: print_ip(): tcpconn_new: new tcp connection: 207.232.46.53 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 46(25550) DEBUG: <core> [core/tcp_main.c:1175]: tcpconn_new(): on port 18566, type 3, socket 72 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 46(25550) DEBUG: <core> [core/tcp_main.c:1507]: tcpconn_add(): hashes: 1963:2250:2856, 16 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 46(25550) DEBUG: <core> [core/io_wait.h:375]: io_watch_add(): processing io_watch_add(0x5648d2a55e40, 72, 2, 0x7f9dcaf01958) - fd_no=63 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 46(25550) DEBUG: <core> [core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x5648d2a55e40, 72, -1, 0x0) fd_no=64 called Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 46(25550) DEBUG: <core> [core/tcp_main.c:4471]: handle_tcpconn_ev(): sending to child, events 1 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 46(25550) DEBUG: <core> [core/tcp_main.c:4141]: send2child(): selected tcp worker idx:7 proc:45 pid:25549 for activity on [tls:142.xx.yy.32:5061], 0x7f9dcaf01958 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: <core> [core/tcp_read.c:1737]: handle_io(): received n=8 con=0x7f9dcaf01958, fd=10 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_server.c:244]: tls_complete_init(): completing tls connection initialization Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_server.c:274]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7f9dc4c17078 ctx 0x7f9dc4c65da0 sn []) Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:1208]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7f9dc4c65da0: (nil) Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:778]: sr_ssl_ctx_info_callback(): SSL handshake started Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:979]: tls_server_name_cb(): received server_name (TLS extension): 'tmx.cpbxmt-demo187.xorcom.com' Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:998]: tls_server_name_cb(): TLS cfg domain selected for received server name [tmx.cpbxmt-demo187.xorcom.com]: socket [:0] server name='' - switching SSL CTX to 0x7f9dc4c65da0 dom 0x7f9dc4c17078 (default) Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: <core> [core/tcp_main.c:2720]: tcpconn_do_send(): sending... Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: <core> [core/tcp_main.c:2753]: tcpconn_do_send(): after real write: c= 0x7f9dcaf01958 n=5435 fd=10 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: <core> [core/tcp_main.c:2754]: tcpconn_do_send(): buf= Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: #026#003#003 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: <core> [core/io_wait.h:375]: io_watch_add(): processing io_watch_add(0x5648d29e8c80, 10, 2, 0x7f9dcaf01958) - fd_no=1 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:1208]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x7f9dc4c65da0: (nil) Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:790]: sr_ssl_ctx_info_callback(): SSL handshake done Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:778]: sr_ssl_ctx_info_callback(): SSL handshake started Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:782]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:790]: sr_ssl_ctx_info_callback(): SSL handshake done Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:778]: sr_ssl_ctx_info_callback(): SSL handshake started Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:782]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_domain.c:790]: sr_ssl_ctx_info_callback(): SSL handshake done Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_server.c:470]: tls_accept(): TLS accept successful Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_server.c:477]: tls_accept(): tls_accept: new connection from 207.232.46.53:18566 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_server.c:480]: tls_accept(): tls_accept: local socket: 142.xx.yy.32:5061 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_server.c:491]: tls_accept(): tls_accept: client did not present a certificate Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: tls [tls_server.c:1245]: tls_h_read_f(): Reading on a renegotiation of connection (n:-1) (2) Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: <core> [core/tcp_read.c:1503]: tcp_read_req(): EOF Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: <core> [core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x5648d29e8c80, 10, -1, 0x10) fd_no=2 called Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: <core> [core/tcp_read.c:1872]: handle_io(): removing from list 0x7f9dcaf01958 id 16 fd 10, state 2, flags 4018, main fd 72, refcnt 2 ([207.232.46.53]:18566 -> [207.232.46.53]:5061) Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: <core> [core/tcp_read.c:1656]: release_tcpconn(): releasing con 0x7f9dcaf01958, state -1, fd=10, id=16 ([207.232.46.53]:18566 -> [207.232.46.53]:5061) Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 45(25549) DEBUG: <core> [core/tcp_read.c:1660]: release_tcpconn(): extra_data 0x7f9dcaefe628 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 46(25550) DEBUG: <core> [core/tcp_main.c:3573]: handle_tcp_child(): reader response= 7f9dcaf01958, -1 from 7 Sep 4 08:21:33 cpbxmt-demo187 kamailio[23878]: 46(25550) DEBUG: tls [tls_server.c:729]: tls_h_tcpconn_close_f(): Closing SSL connection 0x7f9dcaefe628 As far as I understood the log, the certificate was accepted but something wrong happened later. Any suggestion? Best regards, Leonid Fainshtein

1 year, 6 months

No CDR is written on failover

by Björn Klasen

Hi Community, I'm experimenting with dmq to do dialog sync between two instances of Kamailio. This works great so far. When I did my first experiments I even could create a CDR when there was a failover. Since some Versions (we are now on Version 5.6.1) I just get a acc-request in log but no acc-cdr. In former versions this worked. Both server have the same configuration and both server writes cdrs when theres no failover. In case of a failover everything is fine, the dialogs are clean and thanks to dmq all needed variables are replicated between the server. There's just no cdr. I found nothing on the issue-page on github but maybe somebody knows something about it. BR Björn -- Björn Klasen, Senior Specialist (VoIP) TNG Stadtnetz GmbH, TNG-Technik Projensdorfer Str. 324 24106 Kiel・Deutschland T +49 431 7097-10 F +49 431 7097-555 bklasen(a)tng.de www.tng.de <http://www.tng.de> Executive board (Geschäftsführer): Dr. Sven Willert (CEO/Vorsitz), Helmut Gertz, Moritz Meis, Gunnar Peter, Sven Schade, Carsten Tolkmit Amtsgericht Kiel HRB 6002 KI USt-ID: DE225201428 Die Information über die Verarbeitung Ihrer Daten gemäß Artikel 12 DSGVO können Siehier <https://tng.de/privatkunden/datenschutz/>abrufen.

1 year, 6 months

Kamailio + RTPEngine SIP Proxy...

by David Walsh

Hi Jerry, I just joined so am unsure if you are good to go now but thought I would post my config as I also have a Freeswitch environment which I have placed Kamailio in front of to act as a load-balancing proxy. I also managed to get RTPEngine proxying through it too. Here is the config, which I have created from Daniel’s default kamailio config. I have omitted the top portions of loading the modules and their settings. My dispatcher list is just a text file. I have two groups. One for registrations and outbound calls, and one for calls inbound coming from the FreeSwitch server. In the NATMANAGE route, I currently have RTP proxying disabled as my free switch servers have external IPs and I let them handle the rtp stream. On Freeswitch, I made the following changes to accomodate user/pass and IPAuth reg: Changes to the Freeswitch servers listed in the dispatcher file Edit /usr/local/freeswitch/conf/autoload_configs/acl.conf <list name="proxy" default="deny"> <node type="allow" cidr=“IP address of Kamailio/32"/> </list> Edit /usr/local/freeswitch/conf/sip-profiles/internal-private.xml (or the sip-profile you need to edit in your instance) <param name="apply-proxy-acl" value="proxy"/> #Add this line above the one below. This tells Freeswitch to look at the X-Auth-IP header which was inserted by Kamailio. <param name="apply-inbound-acl" value="domains"/> Then, restart freeswitch (with no active calls), service freeswitch restart # or rescan the profile / reloadxml I am not proxying RTP, however, I can un-comment out the stanza in the NATMANAGE route to get it to work. The biggest gotcha for me was I was trying to use fix_nated_register when handling NAT for registrations instead of: Fix_nated_contact() or the better set_contact_alias(). Using add_path_received(); in the Dispatcher just before sending to Freeswitch ensured all traffic returned to Kamailio too. I am unsure of the SUBSCRIBE/PRESENCE stuff for you but the route should go out via the Kamailio proxy with this. ---------------------------- # main request routing logic request_route { xlog("L_WARN", "--- Going to <$ru>. src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si\n"); # per request initial checks route(REQINIT); # NAT detection route(NATDETECT); if(ds_is_from_list("33")) { setflag(FLT_FS); #xlog("L_WARN", "This source $si is from the dispatcher list.\n"); } # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) { route(RELAY); } exit; } # handle retransmissions if (!is_method("ACK")) { if(t_precheck_trans()) { t_check_trans(); exit; } t_check_trans(); } # handle requests within SIP dialogs route(WITHINDLG); # record routing for dialog forming requests (in case they are routed) # - remove preloaded route headers remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) { xlog("L_WARN", "--- Going to <$ru>. src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si\n"); xlog("L_ALERT", "Marker 1\n"); record_route(); } # account only INVITEs if (is_method("INVITE")) { setflag(FLT_ACC); # do accounting } if (isflagset(FLT_FS)) { ##t_on_reply("EXTERNAL_REPLY"); route(FROM_FS); exit; } # handle presence related requests route(PRESENCE); # handle registrations route(REGISTRAR); if ($rU==$null) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } # dispatch destinations route(DISPATCH); return; } route[FROM_FS] { #record_route(); #loose_route_preloaded(); route(DLGURI); route(RELAY); exit; } route[RELAY] { # enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) { if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH"); } if (is_method("INVITE|SUBSCRIBE|UPDATE")) { if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY"); } if (is_method("INVITE")) { if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE"); } if (!t_relay()) { sl_reply_error(); } exit; } #reply_route { # if(status == 403) { # xlog("L_WARN", "Forbidden from $si:$sp blah...\n"); # xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n"); # } #} onreply_route[LOGRPL] { if(status == 403) { xlog("L_ALERT", "$rs response. Consider banning AVP \"ipbancandidate\" is $avp(ipbancandidate) "); } } # Per SIP request initial checks route[REQINIT] { # no connect for sending replies # Enable tracing for SNGREP ##sip_trace(); ##setflag(24); # set_reply_no_connect(); # enforce symmetric signaling # - send back replies to the source address of request force_rport(); #!ifdef WITH_ANTIFLOOD # flood detection from same IP and traffic ban for a while # be sure you exclude checking trusted peers, such as pstn gateways # - local host excluded (e.g., loop to self) if(src_ip!=myself) { if($sht(ipban=>$si)!=$null) { # ip is already blocked xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n"); exit; } if (!pike_check_req()) { xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n"); $sht(ipban=>$si) = 1; exit; } } #!endif if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent|pplsip|Hello\ SIP\ Automated") { # silent drop for scanners - uncomment next line if want to reply # sl_send_reply("200", "OK"); xlog("User agent is: $ua\n"); exit; } if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if(is_method("OPTIONS") && uri==myself && $rU==$null) { sl_send_reply("200","Keepalive"); exit; } if(!sanity_check("17895", "7")) { xlog("Malformed SIP message from $si:$sp\n"); exit; } } # Handle requests within SIP dialogs route[WITHINDLG] { if (!has_totag()) return; # sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { xlog("L_INFO", "Routing before DLGURI\n"); route(DLGURI); if (is_method("BYE")) { setflag(FLT_ACC); # do accounting ... setflag(FLT_ACCFAILED); # ... even if the transaction fails } else if ( is_method("ACK") ) { # ACK is forwarded statelessly route(NATMANAGE); } else if ( is_method("NOTIFY") ) { # Add Record-Route for in-dialog NOTIFY as per RFC 6665. record_route(); } route(RELAY); exit; } if (is_method("SUBSCRIBE") && uri == myself) { # in-dialog subscribe requests route(PRESENCE); exit; } if ( is_method("ACK") ) { if ( t_check_trans() ) { # no loose-route, but stateful ACK; # must be an ACK after a 487 # or e.g. 404 from upstream server route(RELAY); exit; } else { # ACK without matching transaction ... ignore and discard exit; } } sl_send_reply("404","Not here"); exit; } # Handle SIP registrations route[REGISTRAR] { if(!is_method("REGISTER")) return; xlog("L_WARN", "--- Going to <$ru>. src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si\n"); add_path_received(); $avp(ipbancandidate) = $si; if(isflagset(FLT_NATS)) { setbflag(FLB_NATB); #!ifdef WITH_NATSIPPING # do SIP NAT pinging setbflag(FLB_NATSIPPING); #!endif } route(DISPATCH); if (!save("location")) { sl_reply_error(); } exit; } # Presence server route route[PRESENCE] { if(!is_method("PUBLISH|SUBSCRIBE")) return; sl_send_reply("404", "Not here"); exit; } # Caller NAT detection route[NATDETECT] { #!ifdef WITH_NAT if (nat_uac_test("19")) { if (is_method("REGISTER")) { #fix_nated_register(); Disabled as we proxy registrations #fix_nated_contact(); set_contact_alias(); ##add_contact_alias(); #fix_nated_sdp("3"); xlog("L_ALERT", "Nat Registration nat fixed.\n"); } else { if(is_first_hop()) { set_contact_alias(); xlog("L_ALERT", "Contact NAT fixed\n"); } } setflag(FLT_NATS); xlog("L_ALERT", "FLT_NATS flag set\n"); } #!endif return; } # RTPProxy control and signaling updates for NAT traversal route[NATMANAGE] { #!ifdef WITH_NAT if (is_request()) { if(has_totag()) { if(check_route_param("nat=yes")) { setbflag(FLB_NATB); } } } if (nat_uac_test("3")) { #fix_nated_contact(); set_contact_alias(); ##add_contact_alias(); force_rport(); } if (has_body("application/sdp") && nat_uac_test("8")) { fix_nated_sdp("11"); } if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return; ###!ifdef WITH_RTPENGINE ## xlog("RTPEngine enabled\n"); ## if(nat_uac_test("8")) { ## xlog("RTP 1\n"); ## rtpengine_manage("SIP-source-address replace-origin replace-session-connection"); ## } else { ## rtpengine_manage("replace-origin replace-session-connection"); ## } ###!else ## if(nat_uac_test("8")) { ## rtpproxy_manage("co"); ## } else { ## rtpproxy_manage("cor"); ## } ###!endif if (is_request()) { if (!has_totag()) { if(t_is_branch_route()) { add_rr_param(";nat=yes"); xlog("Nat notation added!\n"); } } } if (is_reply()) { if(isbflagset(FLB_NATB)) { if(is_first_hop()) #fix_nated_contact(); set_contact_alias(); #add_contact_alias(); } } if(isbflagset(FLB_NATB)) { # no connect message in a dialog involving NAT traversal if (is_request()) { if(has_totag()) { set_forward_no_connect(); } } } #!endif return; } # URI update for dialog requests route[DLGURI] { #!ifdef WITH_NAT if(!isdsturiset()) { handle_ruri_alias(); xlog("L_INFO", "Routing in-dialog $rm from $fu to $du\n"); } #!endif return; } # Dispatch requests route[DISPATCH] { # round robin dispatching on gateways group '1' remove_hf_re("Subject|P-.*|X-.*"); append_hf("X-Auth-IP: $si\r\n"); #add_rr_param(";nat=yes"); t_on_reply("LOGRPL"); if(!ds_select_dst("1", "0")) { send_reply("404", "No destination"); exit; } #xdbg("--- SCRIPT: going to <$ru> via <$du> (attrs: $xavp(_dsdst_=>attrs))\n"); xlog("L_WARN", "--- Going to <$ru>. src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si; $RAi; $Ri;\n"); t_on_failure("RTF_DISPATCH"); route(RELAY); } # Try next destionations in failure route failure_route[RTF_DISPATCH] { if (t_is_canceled()) { exit; } # next DST - only for 500 or local timeout if (t_check_status("500") or (t_branch_timeout() and !t_branch_replied())) { if(ds_next_dst()) { xdbg("--- SCRIPT: retrying to <$ru> via <$du> (attrs: $xavp(_dsdst_=>attrs))\n"); t_on_failure("RTF_DISPATCH"); route(RELAY); exit; } } } # Manage outgoing branches branch_route[MANAGE_BRANCH] { xdbg("new branch [$T_branch_idx] to $ru\n"); xlog("L_ALERT", "Marker 20\n"); route(NATMANAGE); return; } # Manage incoming replies reply_route { if(!sanity_check("17604", "6")) { xlog("Malformed SIP response from $si:$sp\n"); drop; } return; } # Manage incoming replies in transaction context onreply_route[MANAGE_REPLY] { xdbg("incoming reply\n"); xlog("L_ALERT", "Marker 21\n"); if(status=~"[12][0-9][0-9]") { route(NATMANAGE); } # if (has_body("application/sdp")) { # rtpengine_manage(); # } return; } # Manage failure routing cases failure_route[MANAGE_FAILURE] { xlog("L_ALERT", "Marker 23\n"); route(NATMANAGE); if (t_is_canceled()) exit; #!ifdef WITH_BLOCK3XX # block call redirect based on 3xx replies. if (t_check_status("3[0-9][0-9]")) { t_reply("404","Not found"); exit; } #!endif #!ifdef WITH_BLOCK401407 # block call redirect based on 401, 407 replies. if (t_check_status("401|407")) { t_reply("404","Not found"); exit; } #!endif #!ifdef WITH_VOICEMAIL # serial forking # - route to voicemail on busy or no answer (timeout) if (t_check_status("486|408")) { $du = $null; route(TOVOICEMAIL); exit; } #!endif return; }

1 year, 6 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users September 2022