Hi Klaus!
Your hint to use add_contact_alias and handle_ruri_alias to fix the contact solved the problem!
Thank you very much! again!
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Donnerstag, 4. Februar 2010 16:19 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: [SR-Users] Routing Problems
Hi Andreas!
Not sure, but I think the RURI might be incorrect. Some theory:
The proxy can only forward if there is an established TLS connection to the client, and the address information in the RURI is correct.
Consider a scenario where the UA (which is supposed to receive the BYE) is behind a NAT router having the local ip:port 1.1.1.1:11111. When this client opens a TCP/TLS connection to the SecurityGateway, the proxy will see the request coming from the public ip and another port, e.g. 2.2.2.2:22222.
Thus, for the proxy to be able to send the BYE to this UA, the RURI of the BYE request must contain the hostpart 2.2.2.2:22222 (as this is the address the proxy has an open TCP connection to).
Usually, even if the UA is not behind NAT, the Contact provided by the UA is not correct and must be fixed by the proxy. Thus, for SIP messages coming from the UA you should call the function add_contact_alias(), and for messages sent to the UA you should call the function handle_ruri_alias() to fix the contact.
See examples in the README. http://www.kamailio.org/docs/modules/3.0.x/modules_k/nathelper.html#id251306 2
regards klaus
PS: If possible, ngrep traces are preferred (but unfortunately not part of RHEL): ngrep -t -q -P "" -W byline port 5060 or 5061
Am 04.02.2010 15:18, schrieb Andreas Rehbein:
Hello,
we use Kamailio 3.0 on a Red Hat EL5.4 system with openssl 0.9.8e (the current Red Hat OpenSSL version). We want to use Kamailio 3.0 in front of our Call Server (OpenSER 1.3.2) as a security gateway. So the Call Server should only deal tcp, while the Security Gateway terminates the TLS Data which he receives from the User Agents but forwards the SIP-Messages via TCP to the Call Server.
UA ---SIP_over_TLS---> Security Gateway (Kam3.0) ---SIP_over_TCP---> Call Server (OpenSER1.3.2)
UA<---SIP_over_TLS--- Security Gateway (Kam3.0) <---SIP_over_TCP--- Call Server (OpenSER1.3.2)
Nearly everything works fine in this scenario: User Agents are able to register and when they are sending INVITES the callee receives it.
The problem we have right now is: if Kamailio 3.0 receives BYE we get 477 Unfortunatly error on sending to next hop occured. It seems that the messages are ok...
I attached a text file with the BYE message and the errors.
Explanation for the text file:
UA1: 192.168.0.126
UA2: 192.168.0.176
*Security Gateway (Kam3.0): 192.168.0.89
*Call Server (OpenSER1.3.2): 192.168.0.106
Do you have any suggestions?
Thank you very much in advance!
Regards
Andreas
sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users