[SR-Users] relay sip-tls vs sips-tcp

Hi everyone, I'm using Kamailio as TLS gateway/filter for an internal Asterisk server

the network schema is :

UAC (tls) --- INTERNET --- (tls) KAMAILIO (sip udp) --- LAN --- (sip udp) ASTERISK

with kamailio in multi-homed mode

WAN network interface for sip tls LAN network interface for sip udp to asterisk server

UAC address 80.0.0.1 KAMAILIO Wan address 80.0.0.2

KAMAILIO Lan address 172.16.0.2 ASTERISK Lan address 172.16.0.3

SIP-TLS call example If the UAC use tls(sip) all works good

[image: sip-ok-small.jpeg]

SIPS call example If the same UAC use his default settings tls(sips) , there are problems with ACK and BYE packet

[image: sip-ko-small.jpeg] the SIP OK SDP packet from kamailio to UAC is

2022/10/10 09:28:47.854721 80.0.0.2:5061 -> 80.0.0.1:49992 SIP/2.0 200 OK Via: SIP/2.0/TLS 192.168.0.1:49992 ;rport=49992;received=80.0.0.1;branch=z9hG4bKM01j360VrBdH5VSV Record-Route: sip:172.16.0.1:5060 ;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F Record-Route: sip:80.0.0.2:5061 ;transport=tls;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F Call-ID: 1EC2AB679C1EA1BAB60FD03B09F878020B12D3E7 From: sips:200@pbx.voip.com;tag=F798336AA08EF9FCFA89D3BDFE0C8C8F To: sips:*43@pbx.voip.com;tag=961d0e22-a4f0-453c-9870-6a41578afc96 CSeq: 2 INVITE Contact: sip:172.16.0.2:5060 P-Asserted-Identity: "xxxxxxxxx" sips:*43@pbx.voip.com Content-Type: application/sdp

and the UAC send the ACK and BYE from a different tcp port and to: sips:172.16.0.2:5060;transport=tcp

2022/10/10 09:28:48.495365 80.0.0.1:49996 -> 80.0.0.2:5061 ACK sips:172.16.0.2:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TLS 192.168.0.1:49996;branch=z9hG4bKppftdQze20lnwT41;rport Route: sip:80.0.0.2:5061 ;transport=tls;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F Route: sip:172.16.0.1:5060;lr;r2=on;ftag=F798336AA08EF9FCFA89D3BDFE0C8C8F Max-Forwards: 70 To: sips:*43@pbx.voip.com;tag=961d0e22-a4f0-453c-9870-6a41578afc96 From: sips:200@pbx.voip.com;tag=F798336AA08EF9FCFA89D3BDFE0C8C8F Call-ID: 1EC2AB679C1EA1BAB60FD03B09F878020B12D3E7 CSeq: 2 ACK

kamailio error log WARNING: <core> [core/forward.c:229]: get_send_socket2(): protocol/port mismatch (forced udp:172.16.0.2:5060, to tls:172.16.0.3:5060)

How can I solve this ?

Best Regards

Leo