Hello everyone,
I am trying to use a single Kamailio server to register to multiple MS Teams Direct Routing endpoints.
The config snippet I am using is this:
sht_iterator_start("i1", "teams-endpoints");
while(sht_iterator_next("i1")) {
$var(teams_endpoint) = $shtitkey(i1);
$xavp(tls=>server_name) = $var(teams_endpoint);
$xavp(tls[0]=>server_id) = $var(teams_endpoint);
$uac_req(method)="OPTIONS";
$uac_req(ruri)="sip:sip.pstnhub.microsoft.com:5061;transport=tls";
$uac_req(furi)="sip:" + $var(teams_endpoint);
$uac_req(turi)="sip:sip.pstnhub.microsoft.com:5061;transport=tls";
$uac_req(hdrs)="Contact: <sip:" + $var(teams_endpoint) + ":" + "5061" + ";transport=tls>\r\n";
### Create a unique Call-ID based on the Timestamp and the Message Body in MD5
$var(unhashed_cid) = $TV(Sn) + $mb + "";
$uac_req(callid)=$(var(unhashed_cid){s.md5});
uac_req_send();
}
sht_iterator_end("i1");
When the HTable has only one endpoint, everything works fine.
When I add a second endpoint, the first one continues to work but the second one failing with the error from Microsoft:
Q.850;cause=63;text="85babcde-e0b5-4a85-8f4a-12345678c9ae;SBC certificate is not issued correctly. Provided trunk FQDN 'endpoint-02.domain.com' is not included in certificate's CN or SAN list. Certificate allows following FQDNs only: endpoint-01.domain.com.
After some digging around, I realized that all endpoint after the first fail because Kamailio is re-using the same TLS connection for all subsequent OPTIONS as well, but of course the connection has been established with the certificate of the first endpoint.
I have tested the certificates by switching around the first endpoint, so that shouldn't be a problem.
Is there any way I can force it to establish a new TCP/TLS connection for each subsequent request?
Any help would be much appreciated, I have been pulling my hair out with this one!
Best regards,
Nick
