OK, then some more details and some questions. My network configuration is as follows:
10.0.0.142 10.0.0.200 10.252.1.14 10.252.1.1
192.168.123.5 192.168.123.10
[softphone] <--------> [kamailio/rtpengine] <---------VPN---------> [VPN
server] <------------------> [FreePBX}
There is no NAT'ing involved/enabled. I'm running RTPEngine on the same machine as
Kamailio.
With my current configuration I can call the PBX directly without issue. (i.e. access my
voicemail, IVRs, conference rooms, etc.). However, I can still not make an
extension-to-extension call. Asterisk responds to the INVITE with a "401
Unauthorized" message.I have two extensions registered (1093 and 10931):
Endpoint: 1093/1093 Not in use 0 of inf
InAuth: 1093-auth/1093
Aor: 1093 10
Contact: 1093/sip:1093@10.252.1.14 a49a850887 Avail 85.409
Endpoint: 10931/10931 Not in use 0 of inf
InAuth: 10931-auth/10931
Aor: 10931 10
Contact: 10931/sip:10931@10.252.1.14 3690dfd96d Avail 85.225
Below are two packet captures from the Kamailio machine and the Asterisk machine. If more
information is needed, I'll be happy to supply the specifics. Thanks to anyone
that's willing to take the time to look this over. (Alternatively, if somebody wants
to suggest a kamailio.cfg file for my specific use case, I'd be happy to test that on
my setup as well.)
On the Kamailio machine:
---------------------------------------
2021/09/28 04:45:07.358826 192.168.123.10:7330 -> 10.252.1.14:5060
INVITE sip:1093@10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP
192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>
Contact: <sip:asterisk@192.168.123.10:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE,
PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:10931@192.168.123.10>
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length: 341
v=0
o=- 585379038 585379038 IN IP4 192.168.123.10
s=Asterisk
c=IN IP4 192.168.123.10
t=0 0
m=audio 18074 RTP/AVP 0 8 3 111 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv
2021/09/28 04:45:07.365188 10.252.1.14:5060 -> 192.168.123.10:7330
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP
192.168.123.10:5060;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e;received=192.168.123.10
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Server: kamailio (5.3.2 (x86_64/linux))
Content-Length: 0
2021/09/28 04:45:07.366400 10.252.1.14:5060 -> 192.168.123.10:5060
INVITE sip:1093@10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP
192.168.123.10:5060;received=192.168.123.10;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>
Contact: <sip:asterisk@192.168.123.10:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE,
PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:10931@192.168.123.10>
Max-Forwards: 69
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length: 349
v=0
o=- 585379038 585379038 IN IP4 10.252.1.14
s=Asterisk
c=IN IP4 10.252.1.14
t=0 0
m=audio 14618 RTP/AVP 0 8 3 111 9 101
a=maxptime:150
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv
a=rtcp:14619
a=ptime:20
2021/09/28 04:45:07.409622 192.168.123.10:5060 -> 10.252.1.14:5060
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
10.252.1.14;rport=19725;received=192.168.123.5;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP
192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest
realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
2021/09/28 04:45:07.412926 10.252.1.14:5060 -> 192.168.123.10:5060
ACK sip:1093@10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 69
Content-Length: 0
2021/09/28 04:45:07.413090 10.252.1.14:5060 -> 192.168.123.10:7330
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest
realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
2021/09/28 04:45:07.455640 192.168.123.10:7330 -> 10.252.1.14:5060
ACK sip:1093@10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP
192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
On the FreePBX machine:
---------------------------------------
2021/09/28 04:45:07.342242 192.168.123.10:5060 -> 10.252.1.14:5060
INVITE sip:1093@10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP
192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>
Contact: <sip:asterisk@192.168.123.10:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE,
PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:10931@192.168.123.10>
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length: 341
v=0
o=- 585379038 585379038 IN IP4 192.168.123.10
s=Asterisk
c=IN IP4 192.168.123.10
t=0 0
m=audio 18074 RTP/AVP 0 8 3 111 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv
2021/09/28 04:45:07.390644 10.252.1.14:5060 -> 192.168.123.10:5060
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP
192.168.123.10:5060;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e;received=192.168.123.10
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Server: kamailio (5.3.2 (x86_64/linux))
Content-Length: 0
2021/09/28 04:45:07.392235 192.168.123.5:19725 -> 192.168.123.10:5060
INVITE sip:1093@10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP
192.168.123.10:5060;received=192.168.123.10;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>
Contact: <sip:asterisk@192.168.123.10:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE,
PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:10931@192.168.123.10>
Max-Forwards: 69
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length: 349
v=0
o=- 585379038 585379038 IN IP4 10.252.1.14
s=Asterisk
c=IN IP4 10.252.1.14
t=0 0
m=audio 14618 RTP/AVP 0 8 3 111 9 101
a=maxptime:150
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv
a=rtcp:14619
a=ptime:20
2021/09/28 04:45:07.393454 192.168.123.10:5060 -> 192.168.123.5:19725
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
10.252.1.14;rport=19725;received=192.168.123.5;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP
192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest
realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
2021/09/28 04:45:07.438326 192.168.123.5:19725 -> 192.168.123.10:5060
ACK sip:1093@10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 69
Content-Length: 0
2021/09/28 04:45:07.438558 10.252.1.14:5060 -> 192.168.123.10:5060
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest
realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
2021/09/28 04:45:07.439339 192.168.123.10:5060 -> 10.252.1.14:5060
ACK sip:1093@10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP
192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931"
<sip:10931@192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093@10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
________________________________
From: Henning Westerholt <hw(a)skalatan.de>
Sent: Saturday, September 11, 2021 3:16 PM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Cc: Micah Quinn <micah.quinn(a)sipiq.com>
Subject: RE: Kamailio/RTPengine as a proxy for FreePBX/Asterisk...
Hello Micah,
using Kamailio as front-end/balancer for one or more asterisk instance(s) is a classic use
case for Kamailio.
Have a look to the Asterisk log why you get some authentication request, probably you need
to “tell” Asterisk to trust the Kamailio (IPs).
Cheers,
Henning
--
Henning Westerholt –
https://skalatan.de/blog/
Kamailio services –
https://gilawa.com<https://gilawa.com/>
From: sr-users <sr-users-bounces(a)lists.kamailio.org> On Behalf Of Micah Quinn
Sent: Friday, September 10, 2021 1:05 AM
To: sr-users(a)lists.kamailio.org
Subject: [SR-Users] Kamailio/RTPengine as a proxy for FreePBX/Asterisk...
Hello all,
I'm new to Kamailio, so bear with me as I stumble through this. First, I'll
describe what I'm trying to achieve at a high level and then perhaps somebody can
advise me on whether Kamailio is a good fit for this solution or not. I'd like to be
able to deploy a small appliance type server to our customer's sites that just runs
Kamailio and a VPN connection back to our datacenter. At our datacenter, we run
virtualized instances of Asterisk for each of our customers. The idea is that Kamailio
would act as a transparent proxy through to the Asterisk instance under nominal conditions
and as a basic SIP router in the case that the Asterisk instance is unavailable. This
degraded functionality would then at least allow extension to extension calling even if
the Internet or Asterisk instance is down.
I'm currently using dispatcher with a single entry in preparation for a time when we
might want to failover to another Asterisk instance. I'm forwarding all REGISTER and
INVITE messages to the server chosen from ds_select_dst. Initially this all seems to work
as I can register with a softphone and pjsip show endpoints shows my softphone connected.
However, when I attempt to call any extension (my own or another) Asterisk responds to the
INVITE message with a "401 Unauthorized" message and the typical "The
person at extension XXXX is unavailable...".
I know that more details might be necessary to troubleshoot this, but I didn't want to
include everything in one post and risk cluttering it up with unnecessary information. If
anyone can confirm that this is a reasonable way to approach the problem, I can then
provide whatever relevant data is necessary to get deeper into it. (I've used sngrep,
logging, asterisk cli, etc.)
Thanks in advance for any help.