Hello,
I'm setting up a Kamailio MSFT Teams SBC that is connected to our SIP trunk provider. This server is directly connected to the Internet and not behind a NAT routing.
It is successfully processing invites from both sides (MSFT Teams and SIP trunk). Unfortunately the ACKs and CANCEL messages are not relaying to Teams. In the sipdump i can't find these messages.
Does anyone see what I am doing wrong? Below you can find my config
#!KAMAILIO
####### Defined Values #########
#!define MULTIDOMAIN 0
# - flags # FLT_ - per transaction (message) flags # FLB_ - per branch flags #!define FLT_ACC 1 #!define FLT_ACCMISSED 2 #!define FLT_ACCFAILED 3 #!define FLT_NATS 5
#!define FLB_NATB 6 #!define FLB_NATSIPPING 7
#!define FROM_TEAMS 11 #!define FROM_PBX 12
######## Define Modules ########### #!define WITH_RTPENGINE #!define WITH_TLS #!define WITH_SIPDUMP #!define WITH_DISPATCH
####### Global Parameters #########
### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR debug=2 log_stderror=no
memdbg=5 memlog=5
log_facility=LOG_LOCAL0 log_prefix="{$mt $hdr(CSeq) $ci} "
/* number of SIP routing processes */ children=2
/* uncomment the next line to disable TCP (default on) */ # disable_tcp=yes
alias=SBC_FQDN
/* listen addresses */ listen=udp:PUBLIC_IP:5060 advertise SBC_FQDN:5060 #!ifdef WITH_TLS listen=tls:PUBLIC_IP:5061 advertise SBC_FQDN:5061 #!endif
server_header= "Server: ABC SBC" user_agent_header= "User-Agent: ABC SBC"
###### TLS Enable ###### #!ifdef WITH_TLS enable_tls=yes #tcp_connect_timeout=1000
tcp_accept_no_cl=yes tcp_async = yes tcp_connection_lifetime=600
/* upper limit for TLS connections */ tls_max_connections=2048 #!endif
####### Custom Parameters #########
/* These parameters can be modified runtime via RPC interface * - see the documentation of 'cfg_rpc' module. * * Format: group.id = value 'desc' description * Access: $sel(cfg_get.group.id) or @cfg_get.group.id */
####### Modules Section ########
/* set paths to location of modules */ loadmodule "jsonrpcs.so" loadmodule "kex.so" loadmodule "corex.so" loadmodule "tm.so" loadmodule "tmx.so" loadmodule "sl.so" loadmodule "rr.so" loadmodule "pv.so" loadmodule "maxfwd.so" loadmodule "textops.so" loadmodule "siputils.so" loadmodule "xlog.so" loadmodule "sanity.so" loadmodule "ctl.so" loadmodule "cfg_rpc.so" loadmodule "acc.so" loadmodule "counters.so"
#!ifdef WITH_RTPENGINE loadmodule "rtpengine.so" #!endif
#!ifdef WITH_TLS loadmodule "tls.so" #!endif
#!ifdef WITH_SIPDUMP loadmodule "sipdump.so" #!endif
#!ifdef WITH_DISPATCH loadmodule "dispatcher.so" #!endif
# ----------------- setting module-specific parameters ---------------
#!ifdef WITH_RTPENGINE # ----- rtpengine params -----+ modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:12222") #!endif
#!ifdef WITH_TLS # ----- tls params -----+ modparam("tls", "xavp_cfg", "tls") modparam("tls", "config", "/etc/kamailio/tls.cfg") modparam("tls", "connection_timeout", 10) modparam("tls", "ssl_release_buffers", 1) modparam("tls", "send_close_notify", 1) modparam("tls", "session_cache", 0)
#!endif
#!ifdef WITH_SIPDUMP modparam("sipdump", "enable", 1) #!endif
#!ifdef WITH_DISPATCH #---------- dispatch modparam("dispatcher", "ds_probing_mode", 1) modparam("dispatcher", "ds_ping_interval", 300) #!endif
# ----- jsonrpcs params ----- modparam("jsonrpcs", "pretty_format", 1) /* set the path to RPC fifo control file */ # modparam("jsonrpcs", "fifo_name", "/run/kamailio/kamailio_rpc.fifo") /* set the path to RPC unix socket control file */ # modparam("jsonrpcs", "dgram_socket", "/run/kamailio/kamailio_rpc.sock")
# ----- ctl params ----- /* set the path to RPC unix socket control file */ # modparam("ctl", "binrpc", "unix:/run/kamailio/kamailio_ctl")
# ----- tm params ----- # auto-discard branches from previous serial forking leg modparam("tm", "failure_reply_mode", 3) # default retransmission timeout: 30sec modparam("tm", "fr_timer", 30000) # default invite retransmission timeout after 1xx: 120sec modparam("tm", "fr_inv_timer", 120000)
# ----- rr params ----- # set next param to 1 to add value to ;lr param (helps with some UAs) modparam("rr", "enable_full_lr", 0) # do not append from tag to the RR (no need for this script) modparam("rr", "append_fromtag", 0)
# ----- acc params ----- /* what special events should be accounted ? */ modparam("acc", "early_media", 0) modparam("acc", "report_ack", 0) modparam("acc", "report_cancels", 0) /* by default ww do not adjust the direct of the sequential requests. * if you enable this parameter, be sure the enable "append_fromtag" * in "rr" module */ modparam("acc", "detect_direction", 0) /* account triggers (flags) */ modparam("acc", "log_flag", FLT_ACC) modparam("acc", "log_missed_flag", FLT_ACCMISSED) modparam("acc", "log_extra", "src_user=$fU;src_domain=$fd;src_ip=$si;" "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd") modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
####### Routing Logic ########
/* Main SIP request routing logic * - processing of any incoming SIP request starts with this route * - note: this is the same as route { ... } */ request_route { # per request initial checks route(REQINIT);
#check who is the sender route(INITCHECK);
# CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) { route(RELAY); } exit; }
# handle retransmissions if (!is_method("ACK")) { if(t_precheck_trans()) { t_check_trans(); exit; } t_check_trans(); }
# handle requests within SIP dialogs route(WITHINDLG);
### only initial requests (no To tag)
# record routing for dialog forming requests (in case they are routed) # - remove preloaded route headers remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) { record_route(); }
# account only INVITEs if (is_method("INVITE")) { setflag(FLT_ACC); # do accounting }
if ($rU==$null) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; }
# update $du to set the destination address for proxying #$du = "sip:" + $rd + ":9";
route(RELAY); exit; }
route[INITCHECK] { if(from_uri =~ ".*microsoft.com") { setflag(FROM_TEAMS); $du = "sip:" + "PBX_IP"; route(HANDLE_RTP_FROM_TEAMS); } else if(from_uri =~ ".*" + "PBX_IP") { setflag(FROM_PBX); $du="sip:sip.pstnhub.microsoft.com;transport=tls"; route(HANDLE_RTP_FROM_PBX); } else { exit; } }
#Manage RTP & transcoding comming from Teams to PBX route[HANDLE_RTP_FROM_TEAMS] {
if (has_body("application/sdp")) { t_on_reply("PBX_REPLY_TO_TEAMS"); rtpengine_manage("RTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection ICE=remove"); record_route(); t_relay_to_udp("PBX_IP","5060"); }
}
#Manage RTP & transcoding comming from PBX to Teams route[HANDLE_RTP_FROM_PBX] {
if (has_body("application/sdp")) { t_on_reply("TEAMS_REPLY_TO_PBX");
rtpengine_manage("SRTP codec-mask=all ICE=force codec-transcode=PCMA replace-origin replace-session-connection"); record_route_preset("SBC_FQDN:5061;transport=tls"); add_rr_param(";r2=on");
$rd = "sip.pstnhub.microsoft.com"; $td = "SBC_FQDN"; $fd = "SBC_FQDN";
#Set TLS SNI (server name & server id) $xavp(tls=>server_name) = "SBC_FQDN"; $xavp(tls=>server_id) = "SBC_FQDN";
t_relay(); } }
# Wrapper for relaying requests route[RELAY] {
# enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) { if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH"); } if (is_method("INVITE|SUBSCRIBE|UPDATE")) { if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY"); } if (is_method("INVITE")) { if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE"); }
if (!t_relay()) { sl_reply_error(); } exit; }
# Per SIP request initial checks route[REQINIT] { if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") { # silent drop for scanners - uncomment next line if want to reply # sl_send_reply("200", "OK"); exit; }
if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }
if(is_method("OPTIONS")) { sl_send_reply("200","Keepalive"); exit; }
if(!sanity_check("1511", "7")) { xlog("Malformed SIP message from $si:$sp\n"); exit; } }
# Handle requests within SIP dialogs route[WITHINDLG] { if (!has_totag()) return;
#Teams reINVITEs if(isflagset(FROM_TEAMS)) { t_relay_to_udp("PBX_IP","5060"); exit; }
# sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { if (is_method("BYE")) { setflag(FLT_ACC); # do accounting ... setflag(FLT_ACCFAILED); # ... even if the transaction fails
#set coresponding cert on transactions if($fd == "SBC_FQDN") { $xavp(tls=>server_name) = "SBC_FQDN"; $xavp(tls=>server_id) = "SBC_FQDN"; }
} else if ( is_method("NOTIFY") ) { # Add Record-Route for in-dialog NOTIFY as per RFC 6665. record_route(); }
route(RELAY); exit; }
if ( is_method("ACK") ) { if ( t_check_trans() ) { # no loose-route, but stateful ACK; # must be an ACK after a 487 # or e.g. 404 from upstream server route(RELAY); exit; } else { # ACK without matching transaction ... ignore and discard exit; } } sl_send_reply("404","Not here"); exit; }
# Manage outgoing branches branch_route[MANAGE_BRANCH] { xdbg("new branch [$T_branch_idx] to $ru\n"); }
# Manage incoming replies onreply_route[MANAGE_REPLY] { xdbg("incoming reply\n"); }
#PBX On Reply onreply_route[PBX_REPLY_TO_TEAMS] { if (has_body("application/sdp")) { rtpengine_manage("SRTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection media-address=PUBLIC_IP"); } }
#From Teams On Reply onreply_route[TEAMS_REPLY_TO_PBX] { if (has_body("application/sdp")) { rtpengine_manage("RTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection media-address=PUBLIC_IP"); } }
# Manage failure routing cases failure_route[MANAGE_FAILURE] { if (t_is_canceled()) exit; }
event_route[tm:local-request] { if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: sip:SBC_FQDN:5061;transport=tls\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
Could be anything, but most likely you aren't receiving those in Kam because the PBX sends them somewhere else, check where the PBX sends those, check the Contact URI, that's the address where ACKs will be sent out.
The SBC for Teams article suggests a double header record_route_preset() for transport conversion, not sure why your config is different.
Also, at the very least, the config seems to invoke *record_route[_preset]()* twice per INVITE, it shouldn't be like that.
Good luck.
On Sun, Jul 19, 2020 at 3:55 AM Daniel van der Tang tangd122@gmail.com wrote:
Hello,
I'm setting up a Kamailio MSFT Teams SBC that is connected to our SIP trunk provider. This server is directly connected to the Internet and not behind a NAT routing.
It is successfully processing invites from both sides (MSFT Teams and SIP trunk). Unfortunately the ACKs and CANCEL messages are not relaying to Teams. In the sipdump i can't find these messages.
Does anyone see what I am doing wrong? Below you can find my config
#!KAMAILIO
####### Defined Values #########
#!define MULTIDOMAIN 0
# - flags # FLT_ - per transaction (message) flags # FLB_ - per branch flags #!define FLT_ACC 1 #!define FLT_ACCMISSED 2 #!define FLT_ACCFAILED 3 #!define FLT_NATS 5
#!define FLB_NATB 6 #!define FLB_NATSIPPING 7
#!define FROM_TEAMS 11 #!define FROM_PBX 12
######## Define Modules ########### #!define WITH_RTPENGINE #!define WITH_TLS #!define WITH_SIPDUMP #!define WITH_DISPATCH
####### Global Parameters #########
### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR debug=2 log_stderror=no
memdbg=5 memlog=5
log_facility=LOG_LOCAL0 log_prefix="{$mt $hdr(CSeq) $ci} "
/* number of SIP routing processes */ children=2
/* uncomment the next line to disable TCP (default on) */ # disable_tcp=yes
alias=SBC_FQDN
/* listen addresses */ listen=udp:PUBLIC_IP:5060 advertise SBC_FQDN:5060 #!ifdef WITH_TLS listen=tls:PUBLIC_IP:5061 advertise SBC_FQDN:5061 #!endif
server_header= "Server: ABC SBC" user_agent_header= "User-Agent: ABC SBC"
###### TLS Enable ###### #!ifdef WITH_TLS enable_tls=yes #tcp_connect_timeout=1000
tcp_accept_no_cl=yes tcp_async = yes tcp_connection_lifetime=600
/* upper limit for TLS connections */ tls_max_connections=2048 #!endif
####### Custom Parameters #########
/* These parameters can be modified runtime via RPC interface
- see the documentation of 'cfg_rpc' module.
- Format: group.id = value 'desc' description
- Access: $sel(cfg_get.group.id) or @cfg_get.group.id */
####### Modules Section ########
/* set paths to location of modules */ loadmodule "jsonrpcs.so" loadmodule "kex.so" loadmodule "corex.so" loadmodule "tm.so" loadmodule "tmx.so" loadmodule "sl.so" loadmodule "rr.so" loadmodule "pv.so" loadmodule "maxfwd.so" loadmodule "textops.so" loadmodule "siputils.so" loadmodule "xlog.so" loadmodule "sanity.so" loadmodule "ctl.so" loadmodule "cfg_rpc.so" loadmodule "acc.so" loadmodule "counters.so"
#!ifdef WITH_RTPENGINE loadmodule "rtpengine.so" #!endif
#!ifdef WITH_TLS loadmodule "tls.so" #!endif
#!ifdef WITH_SIPDUMP loadmodule "sipdump.so" #!endif
#!ifdef WITH_DISPATCH loadmodule "dispatcher.so" #!endif
# ----------------- setting module-specific parameters ---------------
#!ifdef WITH_RTPENGINE # ----- rtpengine params -----+ modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:12222") #!endif
#!ifdef WITH_TLS # ----- tls params -----+ modparam("tls", "xavp_cfg", "tls") modparam("tls", "config", "/etc/kamailio/tls.cfg") modparam("tls", "connection_timeout", 10) modparam("tls", "ssl_release_buffers", 1) modparam("tls", "send_close_notify", 1) modparam("tls", "session_cache", 0)
#!endif
#!ifdef WITH_SIPDUMP modparam("sipdump", "enable", 1) #!endif
#!ifdef WITH_DISPATCH #---------- dispatch modparam("dispatcher", "ds_probing_mode", 1) modparam("dispatcher", "ds_ping_interval", 300) #!endif
# ----- jsonrpcs params ----- modparam("jsonrpcs", "pretty_format", 1) /* set the path to RPC fifo control file */ # modparam("jsonrpcs", "fifo_name", "/run/kamailio/kamailio_rpc.fifo") /* set the path to RPC unix socket control file */ # modparam("jsonrpcs", "dgram_socket", "/run/kamailio/kamailio_rpc.sock")
# ----- ctl params ----- /* set the path to RPC unix socket control file */ # modparam("ctl", "binrpc", "unix:/run/kamailio/kamailio_ctl")
# ----- tm params ----- # auto-discard branches from previous serial forking leg modparam("tm", "failure_reply_mode", 3) # default retransmission timeout: 30sec modparam("tm", "fr_timer", 30000) # default invite retransmission timeout after 1xx: 120sec modparam("tm", "fr_inv_timer", 120000)
# ----- rr params ----- # set next param to 1 to add value to ;lr param (helps with some UAs) modparam("rr", "enable_full_lr", 0) # do not append from tag to the RR (no need for this script) modparam("rr", "append_fromtag", 0)
# ----- acc params ----- /* what special events should be accounted ? */ modparam("acc", "early_media", 0) modparam("acc", "report_ack", 0) modparam("acc", "report_cancels", 0) /* by default ww do not adjust the direct of the sequential requests.
- if you enable this parameter, be sure the enable "append_fromtag"
- in "rr" module */
modparam("acc", "detect_direction", 0) /* account triggers (flags) */ modparam("acc", "log_flag", FLT_ACC) modparam("acc", "log_missed_flag", FLT_ACCMISSED) modparam("acc", "log_extra", "src_user=$fU;src_domain=$fd;src_ip=$si;" "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd") modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
####### Routing Logic ########
/* Main SIP request routing logic
- processing of any incoming SIP request starts with this route
- note: this is the same as route { ... } */
request_route { # per request initial checks route(REQINIT);
#check who is the sender route(INITCHECK);
# CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) { route(RELAY); } exit; }
# handle retransmissions if (!is_method("ACK")) { if(t_precheck_trans()) { t_check_trans(); exit; } t_check_trans(); }
# handle requests within SIP dialogs route(WITHINDLG);
### only initial requests (no To tag)
# record routing for dialog forming requests (in case they are routed) # - remove preloaded route headers remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) { record_route(); }
# account only INVITEs if (is_method("INVITE")) { setflag(FLT_ACC); # do accounting }
if ($rU==$null) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; }
# update $du to set the destination address for proxying #$du = "sip:" + $rd + ":9";
route(RELAY); exit; }
route[INITCHECK] { if(from_uri =~ ".*microsoft.com") { setflag(FROM_TEAMS); $du = "sip:" + "PBX_IP"; route(HANDLE_RTP_FROM_TEAMS); } else if(from_uri =~ ".*" + "PBX_IP") { setflag(FROM_PBX); $du="sip:sip.pstnhub.microsoft.com;transport=tls"; route(HANDLE_RTP_FROM_PBX); } else { exit; } }
#Manage RTP & transcoding comming from Teams to PBX route[HANDLE_RTP_FROM_TEAMS] {
if (has_body("application/sdp")) { t_on_reply("PBX_REPLY_TO_TEAMS"); rtpengine_manage("RTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection ICE=remove"); record_route(); t_relay_to_udp("PBX_IP","5060"); }
}
#Manage RTP & transcoding comming from PBX to Teams route[HANDLE_RTP_FROM_PBX] {
if (has_body("application/sdp")) { t_on_reply("TEAMS_REPLY_TO_PBX"); rtpengine_manage("SRTP codec-mask=all ICE=force codec-transcode=PCMAreplace-origin replace-session-connection"); record_route_preset("SBC_FQDN:5061;transport=tls"); add_rr_param(";r2=on");
$rd = "sip.pstnhub.microsoft.com"; $td = "SBC_FQDN"; $fd = "SBC_FQDN"; #Set TLS SNI (server name & server id) $xavp(tls=>server_name) = "SBC_FQDN"; $xavp(tls=>server_id) = "SBC_FQDN"; t_relay(); }}
# Wrapper for relaying requests route[RELAY] {
# enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) { if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH"); } if (is_method("INVITE|SUBSCRIBE|UPDATE")) { if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY"); } if (is_method("INVITE")) { if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE"); }
if (!t_relay()) { sl_reply_error(); } exit; }
# Per SIP request initial checks route[REQINIT] { if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") { # silent drop for scanners - uncomment next line if want to reply # sl_send_reply("200", "OK"); exit; }
if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }
if(is_method("OPTIONS")) { sl_send_reply("200","Keepalive"); exit; }
if(!sanity_check("1511", "7")) { xlog("Malformed SIP message from $si:$sp\n"); exit; } }
# Handle requests within SIP dialogs route[WITHINDLG] { if (!has_totag()) return;
#Teams reINVITEs if(isflagset(FROM_TEAMS)) { t_relay_to_udp("PBX_IP","5060"); exit; }
# sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { if (is_method("BYE")) { setflag(FLT_ACC); # do accounting ... setflag(FLT_ACCFAILED); # ... even if the transaction fails
#set coresponding cert on transactions if($fd == "SBC_FQDN") { $xavp(tls=>server_name) = "SBC_FQDN"; $xavp(tls=>server_id) = "SBC_FQDN"; } } else if ( is_method("NOTIFY") ) { # Add Record-Route for in-dialog NOTIFY as per RFC 6665. record_route(); } route(RELAY); exit;}
if ( is_method("ACK") ) { if ( t_check_trans() ) { # no loose-route, but stateful ACK; # must be an ACK after a 487 # or e.g. 404 from upstream server route(RELAY); exit; } else { # ACK without matching transaction ... ignore and discard exit; } } sl_send_reply("404","Not here"); exit; }
# Manage outgoing branches branch_route[MANAGE_BRANCH] { xdbg("new branch [$T_branch_idx] to $ru\n"); }
# Manage incoming replies onreply_route[MANAGE_REPLY] { xdbg("incoming reply\n"); }
#PBX On Reply onreply_route[PBX_REPLY_TO_TEAMS] { if (has_body("application/sdp")) { rtpengine_manage("SRTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection media-address=PUBLIC_IP"); } }
#From Teams On Reply onreply_route[TEAMS_REPLY_TO_PBX] { if (has_body("application/sdp")) { rtpengine_manage("RTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection media-address=PUBLIC_IP"); } }
# Manage failure routing cases failure_route[MANAGE_FAILURE] { if (t_is_canceled()) exit; }
event_route[tm:local-request] { if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: sip:SBC_FQDN:5061;transport=tls\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); } _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Likely there is some misrouting configuration with contact addresses, like Sergiu suggested, but as an extra hint, when kamailio doesn't report any log message in syslog about processing sip messages or nothing printed by sipdump, run ngrep/sngrep on port 5060 to see if something is received over udp. If something shows up there, check your firewall or kernel/OS policies. s/ngrep get the traffic at the network layer and it can be discarded before getting to application layer. In some rare conditions I faced kernel module conntrack discarding (randomly) some packets, including the ACK after 200ok.
Cheers, Daniel
On 20.07.20 15:44, Sergiu Pojoga wrote:
Could be anything, but most likely you aren't receiving those in Kam because the PBX sends them somewhere else, check where the PBX sends those, check the Contact URI, that's the address where ACKs will be sent out.
The SBC for Teams article suggests a double header record_route_preset() for transport conversion, not sure why your config is different.
Also, at the very least, the config seems to invoke /record_route[_preset]()/ twice per INVITE, it shouldn't be like that.
Good luck.
On Sun, Jul 19, 2020 at 3:55 AM Daniel van der Tang <tangd122@gmail.com mailto:tangd122@gmail.com> wrote:
Hello, I'm setting up a Kamailio MSFT Teams SBC that is connected to our SIP trunk provider. This server is directly connected to the Internet and not behind a NAT routing. It is successfully processing invites from both sides (MSFT Teams and SIP trunk). Unfortunately the ACKs and CANCEL messages are not relaying to Teams. In the sipdump i can't find these messages. Does anyone see what I am doing wrong? Below you can find my config #!KAMAILIO ####### Defined Values ######### #!define MULTIDOMAIN 0 # - flags # FLT_ - per transaction (message) flags # FLB_ - per branch flags #!define FLT_ACC 1 #!define FLT_ACCMISSED 2 #!define FLT_ACCFAILED 3 #!define FLT_NATS 5 #!define FLB_NATB 6 #!define FLB_NATSIPPING 7 #!define FROM_TEAMS 11 #!define FROM_PBX 12 ######## Define Modules ########### #!define WITH_RTPENGINE #!define WITH_TLS #!define WITH_SIPDUMP #!define WITH_DISPATCH ####### Global Parameters ######### ### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR debug=2 log_stderror=no memdbg=5 memlog=5 log_facility=LOG_LOCAL0 log_prefix="{$mt $hdr(CSeq) $ci} " /* number of SIP routing processes */ children=2 /* uncomment the next line to disable TCP (default on) */ # disable_tcp=yes alias=SBC_FQDN /* listen addresses */ listen=udp:PUBLIC_IP:5060 advertise SBC_FQDN:5060 #!ifdef WITH_TLS listen=tls:PUBLIC_IP:5061 advertise SBC_FQDN:5061 #!endif server_header= "Server: ABC SBC" user_agent_header= "User-Agent: ABC SBC" ###### TLS Enable ###### #!ifdef WITH_TLS enable_tls=yes #tcp_connect_timeout=1000 tcp_accept_no_cl=yes tcp_async = yes tcp_connection_lifetime=600 /* upper limit for TLS connections */ tls_max_connections=2048 #!endif ####### Custom Parameters ######### /* These parameters can be modified runtime via RPC interface * - see the documentation of 'cfg_rpc' module. * * Format: group.id <http://group.id/> = value 'desc' description * Access: $sel(cfg_get.group.id <http://cfg_get.group.id/>) or @cfg_get.group.id <http://cfg_get.group.id/> */ ####### Modules Section ######## /* set paths to location of modules */ loadmodule "jsonrpcs.so" loadmodule "kex.so" loadmodule "corex.so" loadmodule "tm.so" loadmodule "tmx.so" loadmodule "sl.so" loadmodule "rr.so" loadmodule "pv.so" loadmodule "maxfwd.so" loadmodule "textops.so" loadmodule "siputils.so" loadmodule "xlog.so" loadmodule "sanity.so" loadmodule "ctl.so" loadmodule "cfg_rpc.so" loadmodule "acc.so" loadmodule "counters.so" #!ifdef WITH_RTPENGINE loadmodule "rtpengine.so" #!endif #!ifdef WITH_TLS loadmodule "tls.so" #!endif #!ifdef WITH_SIPDUMP loadmodule "sipdump.so" #!endif #!ifdef WITH_DISPATCH loadmodule "dispatcher.so" #!endif # ----------------- setting module-specific parameters --------------- #!ifdef WITH_RTPENGINE # ----- rtpengine params -----+ modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:12222 <http://127.0.0.1:12222/>") #!endif #!ifdef WITH_TLS # ----- tls params -----+ modparam("tls", "xavp_cfg", "tls") modparam("tls", "config", "/etc/kamailio/tls.cfg") modparam("tls", "connection_timeout", 10) modparam("tls", "ssl_release_buffers", 1) modparam("tls", "send_close_notify", 1) modparam("tls", "session_cache", 0) #!endif #!ifdef WITH_SIPDUMP modparam("sipdump", "enable", 1) #!endif #!ifdef WITH_DISPATCH #---------- dispatch modparam("dispatcher", "ds_probing_mode", 1) modparam("dispatcher", "ds_ping_interval", 300) #!endif # ----- jsonrpcs params ----- modparam("jsonrpcs", "pretty_format", 1) /* set the path to RPC fifo control file */ # modparam("jsonrpcs", "fifo_name", "/run/kamailio/kamailio_rpc.fifo") /* set the path to RPC unix socket control file */ # modparam("jsonrpcs", "dgram_socket", "/run/kamailio/kamailio_rpc.sock") # ----- ctl params ----- /* set the path to RPC unix socket control file */ # modparam("ctl", "binrpc", "unix:/run/kamailio/kamailio_ctl") # ----- tm params ----- # auto-discard branches from previous serial forking leg modparam("tm", "failure_reply_mode", 3) # default retransmission timeout: 30sec modparam("tm", "fr_timer", 30000) # default invite retransmission timeout after 1xx: 120sec modparam("tm", "fr_inv_timer", 120000) # ----- rr params ----- # set next param to 1 to add value to ;lr param (helps with some UAs) modparam("rr", "enable_full_lr", 0) # do not append from tag to the RR (no need for this script) modparam("rr", "append_fromtag", 0) # ----- acc params ----- /* what special events should be accounted ? */ modparam("acc", "early_media", 0) modparam("acc", "report_ack", 0) modparam("acc", "report_cancels", 0) /* by default ww do not adjust the direct of the sequential requests. * if you enable this parameter, be sure the enable "append_fromtag" * in "rr" module */ modparam("acc", "detect_direction", 0) /* account triggers (flags) */ modparam("acc", "log_flag", FLT_ACC) modparam("acc", "log_missed_flag", FLT_ACCMISSED) modparam("acc", "log_extra", "src_user=$fU;src_domain=$fd;src_ip=$si;" "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd") modparam("acc", "failed_transaction_flag", FLT_ACCFAILED) ####### Routing Logic ######## /* Main SIP request routing logic * - processing of any incoming SIP request starts with this route * - note: this is the same as route { ... } */ request_route { # per request initial checks route(REQINIT); #check who is the sender route(INITCHECK); # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) { route(RELAY); } exit; } # handle retransmissions if (!is_method("ACK")) { if(t_precheck_trans()) { t_check_trans(); exit; } t_check_trans(); } # handle requests within SIP dialogs route(WITHINDLG); ### only initial requests (no To tag) # record routing for dialog forming requests (in case they are routed) # - remove preloaded route headers remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) { record_route(); } # account only INVITEs if (is_method("INVITE")) { setflag(FLT_ACC); # do accounting } if ($rU==$null) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } # update $du to set the destination address for proxying #$du = "sip:" + $rd + ":9"; route(RELAY); exit; } route[INITCHECK] { if(from_uri =~ ".*microsoft.com <http://microsoft.com/>") { setflag(FROM_TEAMS); $du = "sip:" + "PBX_IP"; route(HANDLE_RTP_FROM_TEAMS); } else if(from_uri =~ ".*" + "PBX_IP") { setflag(FROM_PBX); $du="sip:sip.pstnhub.microsoft.com <http://sip.pstnhub.microsoft.com/>;transport=tls"; route(HANDLE_RTP_FROM_PBX); } else { exit; } } #Manage RTP & transcoding comming from Teams to PBX route[HANDLE_RTP_FROM_TEAMS] { if (has_body("application/sdp")) { t_on_reply("PBX_REPLY_TO_TEAMS"); rtpengine_manage("RTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection ICE=remove"); record_route(); t_relay_to_udp("PBX_IP","5060"); } } #Manage RTP & transcoding comming from PBX to Teams route[HANDLE_RTP_FROM_PBX] { if (has_body("application/sdp")) { t_on_reply("TEAMS_REPLY_TO_PBX"); rtpengine_manage("SRTP codec-mask=all ICE=force codec-transcode=PCMA replace-origin replace-session-connection"); record_route_preset("SBC_FQDN:5061;transport=tls"); add_rr_param(";r2=on"); $rd = "sip.pstnhub.microsoft.com <http://sip.pstnhub.microsoft.com/>"; $td = "SBC_FQDN"; $fd = "SBC_FQDN"; #Set TLS SNI (server name & server id) $xavp(tls=>server_name) = "SBC_FQDN"; $xavp(tls=>server_id) = "SBC_FQDN"; t_relay(); } } # Wrapper for relaying requests route[RELAY] { # enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) { if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH"); } if (is_method("INVITE|SUBSCRIBE|UPDATE")) { if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY"); } if (is_method("INVITE")) { if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE"); } if (!t_relay()) { sl_reply_error(); } exit; } # Per SIP request initial checks route[REQINIT] { if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") { # silent drop for scanners - uncomment next line if want to reply # sl_send_reply("200", "OK"); exit; } if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if(is_method("OPTIONS")) { sl_send_reply("200","Keepalive"); exit; } if(!sanity_check("1511", "7")) { xlog("Malformed SIP message from $si:$sp\n"); exit; } } # Handle requests within SIP dialogs route[WITHINDLG] { if (!has_totag()) return; #Teams reINVITEs if(isflagset(FROM_TEAMS)) { t_relay_to_udp("PBX_IP","5060"); exit; } # sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { if (is_method("BYE")) { setflag(FLT_ACC); # do accounting ... setflag(FLT_ACCFAILED); # ... even if the transaction fails #set coresponding cert on transactions if($fd == "SBC_FQDN") { $xavp(tls=>server_name) = "SBC_FQDN"; $xavp(tls=>server_id) = "SBC_FQDN"; } } else if ( is_method("NOTIFY") ) { # Add Record-Route for in-dialog NOTIFY as per RFC 6665. record_route(); } route(RELAY); exit; } if ( is_method("ACK") ) { if ( t_check_trans() ) { # no loose-route, but stateful ACK; # must be an ACK after a 487 # or e.g. 404 from upstream server route(RELAY); exit; } else { # ACK without matching transaction ... ignore and discard exit; } } sl_send_reply("404","Not here"); exit; } # Manage outgoing branches branch_route[MANAGE_BRANCH] { xdbg("new branch [$T_branch_idx] to $ru\n"); } # Manage incoming replies onreply_route[MANAGE_REPLY] { xdbg("incoming reply\n"); } #PBX On Reply onreply_route[PBX_REPLY_TO_TEAMS] { if (has_body("application/sdp")) { rtpengine_manage("SRTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection media-address=PUBLIC_IP"); } } #From Teams On Reply onreply_route[TEAMS_REPLY_TO_PBX] { if (has_body("application/sdp")) { rtpengine_manage("RTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection media-address=PUBLIC_IP"); } } # Manage failure routing cases failure_route[MANAGE_FAILURE] { if (t_is_canceled()) exit; } event_route[tm:local-request] { if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com <http://pstnhub.microsoft.com/>") { append_hf("Contact: <sip:SBC_FQDN:5061;transport=tls>\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); } _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Thank you for your replies! Outbound calling is now completely working.
For incoming calls from SIP trunk to Teams there's still no ACK and CANCEL messages. Which causes disconnect in 20 seconds and no audio.
I think there's something wrong with the routing or via headers in the 200 OK but don't know what.
The complete sip dump: https://paste.projectdev.org/imiluwecaf
Unfortunately i can't see the sip messages from the SIP provider side.
-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
Hi,
use siptrace to see what Kamailio sees on the tls side or use the message buffer pv $mb
Like this (please check Syntax at your own, copy pasted that with my smartphone so no guarantees)
It shows the raw message (unencrypted) before tls module it handles or after its decrypted AFAIK.
event_route[network:msg] { if (is_incoming()) { xlog("L_INFO", "Received message '$mb' \n"); } else {
xlog("L_INFO", "Sending message '$mb' \n"); } }
Kind regards Karsten Horsmann
tangd122 tangd122@gmail.com schrieb am Sa., 1. Aug. 2020, 19:40:
Thank you for your replies! Outbound calling is now completely working.
For incoming calls from SIP trunk to Teams there's still no ACK and CANCEL messages. Which causes disconnect in 20 seconds and no audio.
I think there's something wrong with the routing or via headers in the 200 OK but don't know what.
The complete sip dump: https://paste.projectdev.org/imiluwecaf
Unfortunately i can't see the sip messages from the SIP provider side.
-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
On latest versions I’m trying the sipdump module, the one benefit I’m liking over its alternatives is that you can enable/disable dumping to file via RPC..
So in normal operation you are not dumping all tls traffic, and then you can enable it only when you need to troubleshoot something..
Just throwing this out there in case it’s useful :)
Cheers, Joel.
On Sun, Aug 2, 2020 at 05:15 Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
use siptrace to see what Kamailio sees on the tls side or use the message buffer pv $mb
Like this (please check Syntax at your own, copy pasted that with my smartphone so no guarantees)
It shows the raw message (unencrypted) before tls module it handles or after its decrypted AFAIK.
event_route[network:msg] { if (is_incoming()) { xlog("L_INFO", "Received message '$mb' \n"); } else {
xlog("L_INFO", "Sending message '$mb' \n"); } }
Kind regards Karsten Horsmann
tangd122 tangd122@gmail.com schrieb am Sa., 1. Aug. 2020, 19:40:
Thank you for your replies! Outbound calling is now completely working.
For incoming calls from SIP trunk to Teams there's still no ACK and CANCEL messages. Which causes disconnect in 20 seconds and no audio.
I think there's something wrong with the routing or via headers in the 200 OK but don't know what.
The complete sip dump: https://paste.projectdev.org/imiluwecaf
Unfortunately i can't see the sip messages from the SIP provider side.
-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel van der Tang -
Daniel-Constantin Mierla -
Joel Serrano -
Karsten Horsmann -
Sergiu Pojoga -
tangd122