29 Aug
2014
29 Aug
'14
6:29 p.m.
On Fri, Aug 29, 2014 at 5:08 PM, Alex Villacís Lasso
<a_villacis(a)palosanto.com> wrote:
El 29/08/14 14:44, Paul Belanger escribió:
This is your issue, you are allowing ws and wss as the transport.
Because you are forwarding calls over UDP, that is the only protocol
you should be allowing.
On Fri, Aug 29, 2014 at 11:55 AM, Alex Villacís
Lasso
<a_villacis(a)palosanto.com> wrote:
Ya, your via address is over the WS. What does your peer settings look
like for avillacisIM_pbx.villacis.com ?
[1] http://svnview.digium.com/svn/asterisk?view=revision&revision=422241
mysql> select * from sip where name = 'avillacisIM_pbx.villacis.com';
+----+------------------------------+--------------------------------+-------------+-----------------+-----------------+------+--------+-----------+--------------+------------+---------+---------------------+--------+-------------+----------+-----------+-------------+----------------+------------------+----------------------+-------------+-------------------+----------------+-------------+-----------+----------+----------+------------+----------+----------+----------+------------------------------+---------+----------+------------+----------------+--------+----------+---------------+-----------------------------------------------+-----------+------+----------+-------------+----------------------------------+-----------+----------+----------------+--------------+---------------+-------------+-----------+--------------+----------------+---------------+--------+--------------+------------+-----------+--------------+----------------+-------------------+----------------+-----------------+---------------+-------------------+---------------+-------------------+---------+--------+-------------+--------------+---------------+-------------+------------+-------------+-------------+-----------+----------+------+----------+-----------+------------+--------------+------------+------------+--------------+--------------+---------+--------------+-----------------+------------------+-------------------------+----------+-----------+--------------------+---------------------+---------------------------+----------------+--------------+----------+------+------------+------------+-------------------------------------------+---------------------------------------------+-----------+-----------+------------+------------+
| id | name | context | callingpres | deny
| permit | acl | secret | md5secret | remotesecret | transport |
host | nat | type | accountcode | amaflags | callgroup
| pickupgroup | namedcallgroup | namedpickupgroup | callerid |
directmedia | directmediapermit | directmediaacl | description | defaultip |
dtmfmode | fromuser | fromdomain | insecure | language | tonezone | mailbox
| qualify | regexten | rtptimeout | rtpholdtimeout | setvar | disallow |
allow | fullcontact | ipaddr |
port | username | defaultuser | dial | trustrpid
| sendrpid | progressinband | promiscredir | useclientcode | callcounter |
busylevel | allowoverlap | allowsubscribe | allowtransfer | lastms |
useragent | regseconds | regserver | videosupport | maxcallbitrate |
rfc2833compensate | session-timers | session-expires | session-minse |
session-refresher | outboundproxy | callbackextension | timert1 | timerb |
qualifyfreq | constantssrc | contactpermit | contactdeny | contactacl |
usereqphone | textsupport | faxdetect | buggymwi | auth | fullname |
trunkname | cid_number | mohinterpret | mohsuggest | parkinglot |
hasvoicemail | subscribemwi | vmexten | rtpkeepalive | g726nonstandard |
ignoresdpversion | subscribecontext | template | keepalive |
t38pt_usertpsource | organization_domain | outofcall_message_context |
sippasswd | kamailioname | mwi_from | avpf | dtlsenable | dtlsverify |
dtlscertfile | dtlsprivatekey
| dtlssetup | force_avp | icesupport | encryption |
+----+------------------------------+--------------------------------+-------------+-----------------+-----------------+------+--------+-----------+--------------+------------+---------+---------------------+--------+-------------+----------+-----------+-------------+----------------+------------------+----------------------+-------------+-------------------+----------------+-------------+-----------+----------+----------+------------+----------+----------+----------+------------------------------+---------+----------+------------+----------------+--------+----------+---------------+-----------------------------------------------+-----------+------+----------+-------------+----------------------------------+-----------+----------+----------------+--------------+---------------+-------------+-----------+--------------+----------------+---------------+--------+--------------+------------+-----------+--------------+----------------+-------------------+----------------+-----------------+---------------+-------------------+---------------+-------------------+---------+--------+-------------+--------------+---------------+-------------+------------+-------------+-------------+-----------+----------+------+----------+-----------+------------+--------------+------------+------------+--------------+--------------+---------+--------------+-----------------+------------------+-------------------------+----------+-----------+--------------------+---------------------+---------------------------+----------------+--------------+----------+------+------------+------------+-------------------------------------------+---------------------------------------------+-----------+-----------+------------+------------+
| 12 | avillacisIM_pbx.villacis.com | pbx.villacis.com-from-internal | NULL
| 0.0.0.0/0.0.0.0 | 0.0.0.0/0.0.0.0 | NULL | NULL | NULL | NULL
| ws,wss,udp | dynamic | force_rport,comedia | friend | NULL | NULL
El 28/08/14 19:09, Paul Belanger escribió:
FWIW: I added a new setting into chan_sip, rptbindaddr[1], which
allows you to no control the interface RTP binds too. Not sure if
that helps in your setup or not.
On Thu, Aug 28, 2014 at 7:18 PM, Alex Villacís
Lasso
<a_villacis(a)palosanto.com> wrote:
>
> As a continuation of my project, I am trying to set up Kamailio as a
> Websocket bridge to Asterisk. The asterisk instance is running as
> localhost,
> with its own websocket support disabled, but otherwise has accounts
> with
> all
> of the avfp and dtls settings for websockets. Additionally, I have
> removed
> the bindaddr=127.0.0.1 from sip.conf and instead put a
> deny=0.0.0.0/0.0.0.0
> and permit=127.0.0.1/255.255.255.0 in order to restrict SIP signaling
> to
> localhost. This allows asterisk to bypass rtpproxy when signaling
> through
> a
> websocket. I have already established calls originating from the
> browser.
> However, I have an issue with the registration.
>
Just in passing, why did you remove bindaddr=127.0.0.1?
If I keep the bindaddr, then asterisk fails to send the DTLS-SRTP
handshake
packets, resulting in no audio. Apparently rtpproxy does not route this.
> In my
setup, Kamailio receives the REGISTER from whatever source, and
> forwards this through UDP to Asterisk, after the multiple-domain
> transformation. Therefore, Asterisk sees the following in its SIP port
> (all
> traffic through localhost):
>
> REGISTER sip:pbx.villacis.com SIP/2.0
> Via: SIP/2.0/UDP
> 127.0.0.1;branch=z9hG4bKc1c5.cb49f656197d0ba16f2a1661dd6a44cc.0
> Via: SIP/2.0/WSS
>
>
> r01r0mla9hdp.invalid;rport=47307;received=192.168.3.2;branch=z9hG4bK9309681
> Max-Forwards: 69
> To: <sip:avillacisIM_pbx.villacis.com@127.0.0.1:5080>
> From: "Alex Villac..s"
> <sip:avillacisIM_pbx.villacis.com@127.0.0.1:5080>;tag=b5c0lq4kac
> Call-ID: vp2akar0aqfmgfa6m1taau
> CSeq: 82 REGISTER
> Contact:
>
>
>
<sip:fnuql6ft@192.168.3.2:47307;transport=ws>;reg-id=1;+sip.instance="<urn:uuid:6b0c58ee-bdc5-47c0-aff0-963132dc0cad>";expires=600
> Allow: ACK,CANCEL,BYE,OPTIONS,INFO,NOTIFY,INVITE,MESSAGE
> Supported: path,gruu,outbound
> User-Agent: SIP.js/0.6.2
> Content-Length: 0
>
> Asterisk answers this through UDP, and Kamailio forwards it through the
> websocket:
>
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP
>
>
>
127.0.0.1;branch=z9hG4bKc1c5.cb49f656197d0ba16f2a1661dd6a44cc.0;received=127.0.0.1;rport=5060
> Via: SIP/2.0/WSS
>
>
> r01r0mla9hdp.invalid;rport=47307;received=192.168.3.2;branch=z9hG4bK9309681
> From: "Alex Villac..s"
> <sip:avillacisIM_pbx.villacis.com@127.0.0.1:5080>;tag=b5c0lq4kac
> To: <sip:avillacisIM_pbx.villacis.com@127.0.0.1:5080>;tag=as5ae2df76
> Call-ID: vp2akar0aqfmgfa6m1taau
> CSeq: 82 REGISTER
> Server: Asterisk PBX 11.12.0
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
> INFO,
> PUBLISH, MESSAGE
> Supported: replaces, timer
> Expires: 600
> Contact: <sip:fnuql6ft@192.168.3.2:47307;transport=ws>;expires=600
> Date: Thu, 28 Aug 2014 22:21:15 GMT
> Content-Length: 0
>
> Then Asterisk sends this through UDP, and Kamailio again forwards it
> through
> the websocket:
>
> NOTIFY sip:fnuql6ft@192.168.3.2:47307;transport=ws SIP/2.0
> Via: SIP/2.0/UDP 127.0.0.1:5080;branch=z9hG4bK4d60f167;rport
> Max-Forwards: 70
> From: "asterisk" <sip:asterisk@127.0.0.1:5080>;tag=as43c12840
> To: <sip:fnuql6ft@192.168.3.2:47307;transport=ws>
> Contact: <sip:asterisk@127.0.0.1:5080>
> Call-ID: 04deeb0068a847fa514d748c7d9993c5@127.0.0.1:5080
> CSeq: 102 NOTIFY
> User-Agent: Asterisk PBX 11.12.0
> Event: message-summary
> Content-Type: application/simple-message-summary
> Content-Length: 89
>
> Messages-Waiting: no
> Message-Account: sip:*97@127.0.0.1:5080
> Voice-Message: 0/0 (0/0)
>
> Since I have not implemented handling of voicemail indications, the
> browser
> answers this:
>
> SIP/2.0 405 Method Not Allowed
> Via: SIP/2.0/UDP 127.0.0.1:5080;branch=z9hG4bK4d60f167;rport=5080
> To: <sip:fnuql6ft@192.168.3.2:47307;transport=ws>;tag=ggu5etber9
> From: "asterisk" <sip:asterisk@127.0.0.1:5080>;tag=as43c12840
> Call-ID: 04deeb0068a847fa514d748c7d9993c5@127.0.0.1:5080
> CSeq: 102 NOTIFY
> Supported: outbound
> Content-Length: 0
>
>
> After that, Asterisk wants to send an OPTIONS packet. From the point of
> view
> of Asterisk (sip set debug on), it is already sent, but never gets a
> response. However, tcpdump shows that the packet is never sent through
> the
> localhost interface in the first place. It is also not sent through any
> other interface. My guess is that since the REGISTER has a contact with
> transport=ws , Asterisk wants to send this through a websocket (which
> is
> disabled). So I could have to generate a contact without transport=ws .
>
> I have worked around this by setting qualify=no in the account for the
> websocket, but I would like a better solution, one that allows the
> OPTIONS
> packet to reach the browser, and to get the response. What is the
> proper
> way
> to deal with this?
>
What does the OPTIONS message in asterisk look like?
elx3*CLI> sip qualify peer avillacisIM_pbx.villacis.com
Reliably Transmitting (NAT) to 127.0.0.1:5060:
OPTIONS sip:68on862t@192.168.3.2:58927;transport=ws SIP/2.0
Via: SIP/2.0/WS 127.0.0.1:5080;branch=z9hG4bK2b267794;rport
Max-Forwards: 70
From: "asterisk" <sip:asterisk@127.0.0.1:5080>;tag=as1a2c3be2
To: <sip:68on862t@192.168.3.2:58927;transport=ws>
Contact: <sip:asterisk@127.0.0.1:5080;transport=WS>
Call-ID: 7cbd63985b293b0150740e5a19143451@127.0.0.1:5080
CSeq: 102 OPTIONS
User-Agent: Asterisk PBX 11.12.0
Date: Fri, 29 Aug 2014 15:54:10 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0
| NULL | NULL | NULL | NULL
| device
<avillacisIM> | no | NULL | NULL | NULL
| NULL | auto | NULL | NULL | NULL | es | NULL
| 101(a)pbx.villacis.com-default | no | NULL | 60 |
300 | NULL | all | ulaw,alaw,gsm |
sip:uqcma3g6@192.168.3.2:59675^3Btransport=ws | 127.0.0.1 | 5060 |
| avillacisIM | SIP/avillacisIM_pbx.villacis.com | yes | no |
NULL | NULL | NULL | yes | NULL | no
| NULL | yes | 0 | SIP.js/0.6.2 | 1409346610 |
| yes | 384 | NULL | NULL | NULL
| NULL | NULL | NULL | NULL |
NULL | NULL | 60 | NULL | NULL | NULL |
NULL | NULL | NULL | yes | NULL | NULL | 101
| NULL | NULL | NULL | NULL | NULL | NULL
| NULL | *97 | NULL | NULL | NULL
| pbx.villacis.com-im-sip | NULL | NULL | NULL |
pbx.villacis.com | pbx.villacis.com-im-sip | Avillacis12345 |
avillacisIM | NULL | yes | yes | no |
/etc/pki/tls/certs/localhost_asterisk.crt |
/etc/pki/tls/private/localhost_asterisk.key | actpass | yes | yes |
yes |
+----+------------------------------+--------------------------------+-------------+-----------------+-----------------+------+--------+-----------+--------------+------------+---------+---------------------+--------+-------------+----------+-----------+-------------+----------------+------------------+----------------------+-------------+-------------------+----------------+-------------+-----------+----------+----------+------------+----------+----------+----------+------------------------------+---------+----------+------------+----------------+--------+----------+---------------+-----------------------------------------------+-----------+------+----------+-------------+----------------------------------+-----------+----------+----------------+--------------+---------------+-------------+-----------+--------------+----------------+---------------+--------+--------------+------------+-----------+--------------+----------------+-------------------+----------------+-----------------+---------------+-------------------+---------------+-------------------+---------+--------+-------------+--------------+---------------+-------------+------------+-------------+-------------+-----------+----------+------+----------+-----------+------------+--------------+------------+------------+--------------+--------------+---------+--------------+-----------------+------------------+-------------------------+----------+-----------+--------------------+---------------------+---------------------------+----------------+--------------+----------+------+------------+------------+-------------------------------------------+---------------------------------------------+-----------+-----------+------------+------------+
1 row in set (0.00 sec)
[root@elx3 kamailio]# asterisk -rnx 'sip show peer
avillacisIM_pbx.villacis.com'
* Name : avillacisIM_pbx.villacis.com
Description :
Realtime peer: Yes, cached
Secret : <Not set>
MD5Secret : <Not set>
Remote Secret: <Not set>
Context : pbx.villacis.com-from-internal
Record On feature : automon
Record Off feature : automon
Subscr.Cont. : pbx.villacis.com-im-sip
Language : es
Tonezone : <Not set>
AMA flags : Unknown
Transfer mode: open
CallingPres : Presentation Allowed, Not Screened
Callgroup :
Pickupgroup :
Named Callgr :
Nam. Pickupgr:
MOH Suggest :
Mailbox : 101(a)pbx.villacis.com-default
VM Extension : *97
LastMsgsSent : 0/0
Call limit : 2147483647
Max forwards : 0
Dynamic : Yes
Callerid : "101" <avillacisIM>
MaxCallBR : 384 kbps
Expire : 153
Insecure : no
Force rport : Yes
Symmetric RTP: Yes
ACL : Yes
DirectMedACL : No
T.38 support : Yes
T.38 EC mode : FEC
T.38 MaxDtgrm: 4294967295
DirectMedia : No
PromiscRedir : No
User=Phone : No
Video Support: Yes
Text Support : No
Ign SDP ver : No
Trust RPID : Yes
Send RPID : No
TrustIDOutbnd: Legacy
Subscriptions: Yes
Overlap dial : No
DTMFmode : auto
Timer T1 : 500
Timer B : 32000
ToHost :
Addr->IP : 127.0.0.1:5060
Defaddr->IP : (null)
Prim.Transp. : WS
Allowed.Trsp : UDP,WS,WSS
Again, see above, this should only be udp.
Def. Username: avillacisIM
SIP Options : (none)
Codecs : (gsm|ulaw|alaw)
Codec Order : (ulaw:20,alaw:20,gsm:20)
Auto-Framing : No
Status : Unmonitored
Useragent : SIP.js/0.6.2
Reg. Contact : sip:uqcma3g6@192.168.3.2:59675;transport=ws
Qualify Freq : 60000 ms
Keepalive : 0 ms
Sess-Timers : Accept
Sess-Refresh : uas
Sess-Expires : 1800 secs
Min-Sess : 90 secs
RTP Engine : asterisk
Parkinglot :
Use Reason : No
Encryption : Yes
Ign.Lifetime : No
I think the situation is because of the change of transport. How should this
be handled so that Asterisk stops trying to use websocket transport for the
signaling that came from the UDP port?
See my responses above.
--
Paul Belanger | PolyBeacon, Inc.
Jabber: paul.belanger(a)polybeacon.com | IRC: pabelanger (Freenode)
Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger