I have a scenario where Kamailio is receiving a retransmit of a 200 OK to a late offer INVITE after it has sent the ACK, and after it has begun to handle a reInvite from the calling party. This results in the following commands to the rtpengine: Offer (reInvite), Offer (200 retransmit), Answer (ACK to retransmitted 200). At this point, I see STUN binding errors both in Chrome, where the webRTC client (called party) is running, and in the rtpengine logs.
ERROR:port.cc(498)]: Received STUN BINDING error response: class=4 number=1 reason='Unauthorized'
[core] STUN authentication mismatch from x.x.x.x:63396
[ice] Received ICE/STUN response code 487 for candidate pair dl2efuRG06eK4nFs:2713745946:1 from x.x.x.x::64509 to x.x.x.x
[ice] ICE role change, now controlled
[ice] Recalculating all ICE pair priorities
[ice] Triggering check for dl2efuRG06eK4nFs:2713745946:1
[ice] ICE/STUN response with unknown transaction received (from x.x.x.x:64509 on interface x.x.x.x:16184)
So, briefly, the call flow up to the point of error looks like this:
INVITE w/o SDP
200 OK w/SDP, Offer to rtpengine
ACK w/SDP, Answer to rtpengine
reInvite w/SDP, Offer to rtpengine
retransmission of 200 OK, Offer to rtpengine
ACK to retransmitted 200, Answer to rtpengine
I have dialog tracking enabled in my config, and it seems like Kamailio is behaving as expected when the retransmitted 200 and ACK are forwarded on, but I'm curious if other people have run into a scenario like this and how they have dealt with it.
Hello,
I need to implement Event: presence, application/pidf+xml as described in
RFC-3856. I understand I need to use the presence_xml module and generate
PUBLISH requests to update the information and ensure that the NOTIFY get
sent. I know nothing abour XCAP or wether I need it or not. Any
information source out there that could help me?
Regards,
Michel Pelletier
I am extremely new at this, but trying to set up TLS with a carrier. TLS connection is good, Invite goes out, we get the 100 and the 200, but subsequent messages (ACK and BYE) are being sent with UDP and I cannot figure out how to get them to maintain the TLS transport. Any suggestions? I think this is the section I'm looking for.
# Manage incoming replies in transaction context
onreply_route[MANAGE_REPLY] {
xdbg("incoming reply\n");
if(status=~"[12][0-9][0-9]") {
route(NATMANAGE);
}
if (has_body("application/sdp")) {
xdbg("rtpengine_manage loop-protect MANAGE_REPLY");
#rtpengine_manage("loop-protect");
}
}
Hi everyone. Wanting to see if someone could point me in the right
direction. Still very knew to Kamailio but I am beginning to understand it
better. I'm making an outbound proxy and have everything working well
besides stir/shaken. I'm looking at the module page and have went back and
forth with chatGPT and can't seem to figure this part out. I keep getting
errors on the modparam lines.
Obviously this is a self signed cert because I'm just testing. I am able to
reach and download the cert from the Web server.
Thank you for any assistance.
# SECSIPID for Stir/Shaken
modparam("secsipid", "private_key", "/etc/kamailio/secsipid/private.key")
modparam("secsipid", "certificate", "/etc/kamailio/secsipid/cert.crt")
modparam("secsipid", "authority_cert", "/etc/kamailio/secsipid/ca.crt")
modparam("secsipid", "expire", 600) modparam("secsipid", "timeout", 2)
route[STIRSHAKEN] {
if (is_method("INVITE")) {
if (!secsipid_add_identity("$fU", "$rU", "A", "", "
http://myIPaddress.com/stir_shaken_cert.crt
<http://myipaddress.com/stir_shaken_cert.crt>",
"/etc/kamailio/secsipid/private.key")) {
xlog("L_ERR", "Failed to sign call with ID: $ci - From: $fU\n");
send_reply("500", "Internal Server Error");
exit;
} else {
xlog("L_INFO", "Successfully signed call with ID: $ci - From:
$fU\n");
}
}
# Relay the call after signing
route(RELAY);
}
Hello,
I noticed that Kamailio can route either to IP and FQDN.
This means the server certificate CN is not checked by the client.
How to enable something like the 'verify_peer' option?
Thanks
Hello everyone,
I have a question regarding the usage of core keywords, specifically the possibility of printing their values in log messages. While I understand that core keywords such as 'dst_port' and 'af' etc... can be accessed directly in if conditions, I am interested to know if there is a way to print the values of these core keywords for logging purposes.
Thank you.
El Wed, 19 Jun 2024 11:54:05 -0500
Brett Nemeroff <brett(a)voicefoxtelephony.com> escribió:
> What you should expect using this method is blocking while the exec runs
> which could run you out of child processes while they complete. I'd also
> expect to see an "unusual amount of CPU activity" which will be the result
> of the forked shells being created and destroyed.
>
> All of that being said, yes it works. It's architecturally overly simple
> and very inefficient. If your load is tiny, it might be ok. Anything
> moderate like Henning and others have said, will use an inordinate amount
> of cpu. I would not personally risk it.
>
>
Thank you Brett, Henning and Alex
Sadly the load won't be tiny and cannot risk it. For now I'll deploy a local
nginx and fpm to run the scripts, which are in php, and will use the http_async
method.
Sadly we have to "http all the things" nowadays.
Let's see if I'm able to write down all the logic tomorrow and do some testing.
cheers,
Jon
--
PekePBX, the multitenant PBX solution
https://pekepbx.com
HI Team,
I use tls and xhttp module to enable websocket interface for webrtc client
to connect.
I wanted to add "Strict-Transport-Security" header to xhttp response to add
security. But currently I don't see a way to add it anywhere.
I can see only server_header as an option, But this will get added to SIP
messages as well.
It 'd be great if anybody has a suggestion around this.
Thanks
Varunan
El Tue, 18 Jun 2024 13:54:41 -0500
Brett Nemeroff <brett(a)voicefoxtelephony.com> escribió:
> Just want to add that exec is heavy and slow. I would not recommend it.
>
> Is there a reason you want to do this over http-ifying your script and
> using async?
>
>
Not really. The scripts are provided. Maybe I'm against "http all the
things" which seems to be what everyone does nowadays.
Why would http client be lighter than executing a script? That would be a
design problem, right?
--
PekePBX, the multitenant PBX solution
https://pekepbx.com
Hi all
I've been working with async http client and async db queries in the past but
now I have to execute scripts and store the return values in avps.
Since I have no experience with that, I wonder how to achieve concurrency with
that scenario. Is there a way to exec async or suspend until the exec has
finished and resume later?
cheers,
Jon
--
PekePBX, the multitenant PBX solution
https://pekepbx.com