I have a basic setup where kamailio receives SIP over websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
+----+-------+------------------------+-------+----------+---------------+----------------+ | id | setid | destination | flags | priority | attrs | description | +----+-------+------------------------+-------+----------+---------------+----------------+ | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | transport=tls | SIP SERVER | +----+-------+------------------------+-------+----------+---------------+----------------+
Now when REGISTER is received over websocket, kamailio is responding with error code 500 and phrase "500 I'm terribly sorry, server error occurred (7/SL)". And on the console I see the following error messages.
12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: f1ecf7bcb659b07fe81e332e100044e5 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls: 10.0.0.100:5061) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:1735]: t_forward_nonack(): failure to add branches 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 n=sl_reply_error 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, hsvmphm3ps12.invalid, 0) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
*tls.cfg contents* [client:default] method = TLSv1 verify_certificate = yes require_certificate = yes private_key = /home/test/kamailio/internal.key certificate = /home/test/kamailio/internal.crt ca_list = /home/test/kamailio/ca_list.pem
Any reason why this error is seen? Any inputs appreciated.
Thanks.
Hi,
the sips Uri schemata is not used for tls with dispatcher.
Here an example for flatfile dispatcher.list (need corrected values).
The socket line must match an listen directive in your Kamailio.cfg.
root@sbc1:~# cat /etc/kamailio/dispatcher.list # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32:
I have a basic setup where kamailio receives SIP over websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
+----+-------+------------------------+-------+----------+---------------+----------------+ | id | setid | destination | flags | priority | attrs | description |
+----+-------+------------------------+-------+----------+---------------+----------------+ | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | transport=tls | SIP SERVER |
+----+-------+------------------------+-------+----------+---------------+----------------+
Now when REGISTER is received over websocket, kamailio is responding with error code 500 and phrase "500 I'm terribly sorry, server error occurred (7/SL)". And on the console I see the following error messages.
12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: f1ecf7bcb659b07fe81e332e100044e5 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls: 10.0.0.100:5061) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:1735]: t_forward_nonack(): failure to add branches 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 n=sl_reply_error 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, hsvmphm3ps12.invalid, 0) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
*tls.cfg contents* [client:default] method = TLSv1 verify_certificate = yes require_certificate = yes private_key = /home/test/kamailio/internal.key certificate = /home/test/kamailio/internal.crt ca_list = /home/test/kamailio/ca_list.pem
Any reason why this error is seen? Any inputs appreciated.
Thanks. _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
I believe you also need to use a force send socket
On Wed, 6 Nov 2019 at 19:48, Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
the sips Uri schemata is not used for tls with dispatcher.
Here an example for flatfile dispatcher.list (need corrected values).
The socket line must match an listen directive in your Kamailio.cfg.
root@sbc1:~# cat /etc/kamailio/dispatcher.list # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32:
I have a basic setup where kamailio receives SIP over websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
+----+-------+------------------------+-------+----------+---------------+----------------+ | id | setid | destination | flags | priority | attrs | description |
+----+-------+------------------------+-------+----------+---------------+----------------+ | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | transport=tls | SIP SERVER |
+----+-------+------------------------+-------+----------+---------------+----------------+
Now when REGISTER is received over websocket, kamailio is responding with error code 500 and phrase "500 I'm terribly sorry, server error occurred (7/SL)". And on the console I see the following error messages.
12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: f1ecf7bcb659b07fe81e332e100044e5 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls: 10.0.0.100:5061) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:1735]: t_forward_nonack(): failure to add branches 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 n=sl_reply_error 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, hsvmphm3ps12.invalid, 0) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
*tls.cfg contents* [client:default] method = TLSv1 verify_certificate = yes require_certificate = yes private_key = /home/test/kamailio/internal.key certificate = /home/test/kamailio/internal.crt ca_list = /home/test/kamailio/ca_list.pem
Any reason why this error is seen? Any inputs appreciated.
Thanks. _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi David,
with the socket param in dispatcher, the module did that already.
Cheers Karsten
David Villasmil david.villasmil.work@gmail.com schrieb am Mi., 6. Nov. 2019, 23:14:
I believe you also need to use a force send socket
On Wed, 6 Nov 2019 at 19:48, Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
the sips Uri schemata is not used for tls with dispatcher.
Here an example for flatfile dispatcher.list (need corrected values).
The socket line must match an listen directive in your Kamailio.cfg.
root@sbc1:~# cat /etc/kamailio/dispatcher.list # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32:
I have a basic setup where kamailio receives SIP over websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
+----+-------+------------------------+-------+----------+---------------+----------------+ | id | setid | destination | flags | priority | attrs | description |
+----+-------+------------------------+-------+----------+---------------+----------------+ | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | transport=tls | SIP SERVER |
+----+-------+------------------------+-------+----------+---------------+----------------+
Now when REGISTER is received over websocket, kamailio is responding with error code 500 and phrase "500 I'm terribly sorry, server error occurred (7/SL)". And on the console I see the following error messages.
12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: f1ecf7bcb659b07fe81e332e100044e5 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls: 10.0.0.100:5061) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:1735]: t_forward_nonack(): failure to add branches 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 n=sl_reply_error 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, hsvmphm3ps12.invalid, 0) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
*tls.cfg contents* [client:default] method = TLSv1 verify_certificate = yes require_certificate = yes private_key = /home/test/kamailio/internal.key certificate = /home/test/kamailio/internal.crt ca_list = /home/test/kamailio/ca_list.pem
Any reason why this error is seen? Any inputs appreciated.
Thanks. _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hello,
On 06.11.19 20:46, Karsten Horsmann wrote:
Hi,
the sips Uri schemata is not used for tls with dispatcher.
jumping in to clarify a bit about sips protocol schema. It doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is mandating that the traffic goes over secure links, which can be IPSec/VPN or even just private network, so it is ok using UDP or TCP when sips is present.
In SIP, if TLS is wanted, then transport=tls has to be added to the URI.
As for dispatcher, one more clarification: trasport=tls in attrs has nothing to do with the destination address, so that has to be in the value of the destination field, as Karsten gave in his example.
And, as general note: better do not use sips at all, it can mess up some nodes in the path, if you are not sure about the need of sips -- just do uri;trasport=tls.
Cheers, Daniel
Here an example for flatfile dispatcher.list (need corrected values).
The socket line must match an listen directive in your Kamailio.cfg.
root@sbc1:~# cat /etc/kamailio/dispatcher.list # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:sip.pstnhub.microsoft.com http://sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
Cheers Karsten
sthustfo <sthustfo@gmail.com mailto:sthustfo@gmail.com> schrieb am Mi., 6. Nov. 2019, 20:32:
I have a basic setup where kamailio receives SIP over websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and transport=tls. +----+-------+------------------------+-------+----------+---------------+----------------+ | id | setid | destination | flags | priority | attrs | description | +----+-------+------------------------+-------+----------+---------------+----------------+ | 4 | 1 | sips:10.0.0.100:5061 <http://10.0.0.100:5061> | 0 | 0 | transport=tls | SIP SERVER | +----+-------+------------------------+-------+----------+---------------+----------------+ Now when REGISTER is received over websocket, kamailio is responding with error code 500 and phrase "500 I'm terribly sorry, server error occurred (7/SL)". And on the console I see the following error messages. 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: f1ecf7bcb659b07fe81e332e100044e5 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:10.0.0.100:5061 <http://10.0.0.100:5061>) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:1735]: t_forward_nonack(): failure to add branches 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 n=sl_reply_error 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, hsvmphm3ps12.invalid, 0) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] *tls.cfg contents* [client:default] method = TLSv1 verify_certificate = yes require_certificate = yes private_key = /home/test/kamailio/internal.key certificate = /home/test/kamailio/internal.crt ca_list = /home/test/kamailio/ca_list.pem Any reason why this error is seen? Any inputs appreciated. Thanks. _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi Karsten, David,
Thanks for your pointers. Earlier I was using mysql backend where the dispatch list was stored. Now following your suggestions, I have switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the following
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061 ;ping_from=sip:10.0.0.14
Even with this, when HTTP request in, the same is upgraded to WS connection. But this gets closed after couple of seconds. Does the below log indicate anything?
9(1784) exec: *** cfgtrace:request_route=[xhttp:request] c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): destroying list (nil)
Is there any way to understand what's happening? I do not see any other error lin logs.
Thanks.
On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello, On 06.11.19 20:46, Karsten Horsmann wrote:
Hi,
the sips Uri schemata is not used for tls with dispatcher.
jumping in to clarify a bit about sips protocol schema. It doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is mandating that the traffic goes over secure links, which can be IPSec/VPN or even just private network, so it is ok using UDP or TCP when sips is present.
In SIP, if TLS is wanted, then transport=tls has to be added to the URI.
As for dispatcher, one more clarification: trasport=tls in attrs has nothing to do with the destination address, so that has to be in the value of the destination field, as Karsten gave in his example.
And, as general note: better do not use sips at all, it can mess up some nodes in the path, if you are not sure about the need of sips -- just do uri;trasport=tls.
Cheers, Daniel
Here an example for flatfile dispatcher.list (need corrected values).
The socket line must match an listen directive in your Kamailio.cfg.
root@sbc1:~# cat /etc/kamailio/dispatcher.list # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32:
I have a basic setup where kamailio receives SIP over websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
+----+-------+------------------------+-------+----------+---------------+----------------+ | id | setid | destination | flags | priority | attrs | description |
+----+-------+------------------------+-------+----------+---------------+----------------+ | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | transport=tls | SIP SERVER |
+----+-------+------------------------+-------+----------+---------------+----------------+
Now when REGISTER is received over websocket, kamailio is responding with error code 500 and phrase "500 I'm terribly sorry, server error occurred (7/SL)". And on the console I see the following error messages.
12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: f1ecf7bcb659b07fe81e332e100044e5 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls: 10.0.0.100:5061) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:1735]: t_forward_nonack(): failure to add branches 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 n=sl_reply_error 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, hsvmphm3ps12.invalid, 0) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
*tls.cfg contents* [client:default] method = TLSv1 verify_certificate = yes require_certificate = yes private_key = /home/test/kamailio/internal.key certificate = /home/test/kamailio/internal.crt ca_list = /home/test/kamailio/ca_list.pem
Any reason why this error is seen? Any inputs appreciated.
Thanks. _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi,
Your config line for the dispatcher makes no sense for me.
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061; ping_from=sip:10.0.0.14
Means setid 1007 (like an group to arrange multiple targets) okay. But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri. Where your calls are placed when you call the dispatcher function with setid 1007.
In combination with socket=10.0.0.100:5061 (that indicates your Kamailio socket, the proxy ip) That you talking with yourself.
You should read the module documentations for dispatcher and tls.
Or describe your ip setup and your config a bit more.
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, 17:41:
Hi Karsten, David,
Thanks for your pointers. Earlier I was using mysql backend where the dispatch list was stored. Now following your suggestions, I have switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the following
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061 ;ping_from=sip:10.0.0.14
Even with this, when HTTP request in, the same is upgraded to WS connection. But this gets closed after couple of seconds. Does the below log indicate anything?
9(1784) exec: *** cfgtrace:request_route=[xhttp:request] c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): destroying list (nil)
Is there any way to understand what's happening? I do not see any other error lin logs.
Thanks.
On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello, On 06.11.19 20:46, Karsten Horsmann wrote:
Hi,
the sips Uri schemata is not used for tls with dispatcher.
jumping in to clarify a bit about sips protocol schema. It doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is mandating that the traffic goes over secure links, which can be IPSec/VPN or even just private network, so it is ok using UDP or TCP when sips is present.
In SIP, if TLS is wanted, then transport=tls has to be added to the URI.
As for dispatcher, one more clarification: trasport=tls in attrs has nothing to do with the destination address, so that has to be in the value of the destination field, as Karsten gave in his example.
And, as general note: better do not use sips at all, it can mess up some nodes in the path, if you are not sure about the need of sips -- just do uri;trasport=tls.
Cheers, Daniel
Here an example for flatfile dispatcher.list (need corrected values).
The socket line must match an listen directive in your Kamailio.cfg.
root@sbc1:~# cat /etc/kamailio/dispatcher.list # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32:
I have a basic setup where kamailio receives SIP over websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
+----+-------+------------------------+-------+----------+---------------+----------------+ | id | setid | destination | flags | priority | attrs | description |
+----+-------+------------------------+-------+----------+---------------+----------------+ | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | transport=tls | SIP SERVER |
+----+-------+------------------------+-------+----------+---------------+----------------+
Now when REGISTER is received over websocket, kamailio is responding with error code 500 and phrase "500 I'm terribly sorry, server error occurred (7/SL)". And on the console I see the following error messages.
12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: f1ecf7bcb659b07fe81e332e100044e5 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls: 10.0.0.100:5061) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:1735]: t_forward_nonack(): failure to add branches 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 n=sl_reply_error 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, hsvmphm3ps12.invalid, 0) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
*tls.cfg contents* [client:default] method = TLSv1 verify_certificate = yes require_certificate = yes private_key = /home/test/kamailio/internal.key certificate = /home/test/kamailio/internal.crt ca_list = /home/test/kamailio/ca_list.pem
Any reason why this error is seen? Any inputs appreciated.
Thanks. _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Thanks Karsten. The setup consists of client connecting to kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list as below
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061 ;ping_from=sip:10.0.0.14
With above, kamailio replies to REGISTER with "SIP/2.0 404 No destination". And in the logs, I see following statement.
1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no destination sets
What does this mean? Is kamailio not able to talk to SIP server for some reason?
Regards
On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
Your config line for the dispatcher makes no sense for me.
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061; ping_from=sip:10.0.0.14
Means setid 1007 (like an group to arrange multiple targets) okay. But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri. Where your calls are placed when you call the dispatcher function with setid 1007.
In combination with socket=10.0.0.100:5061 (that indicates your Kamailio socket, the proxy ip) That you talking with yourself.
You should read the module documentations for dispatcher and tls.
Or describe your ip setup and your config a bit more.
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, 17:41:
Hi Karsten, David,
Thanks for your pointers. Earlier I was using mysql backend where the dispatch list was stored. Now following your suggestions, I have switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the following
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061 ;ping_from=sip:10.0.0.14
Even with this, when HTTP request in, the same is upgraded to WS connection. But this gets closed after couple of seconds. Does the below log indicate anything?
9(1784) exec: *** cfgtrace:request_route=[xhttp:request] c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): destroying list (nil)
Is there any way to understand what's happening? I do not see any other error lin logs.
Thanks.
On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < miconda@gmail.com> wrote:
Hello, On 06.11.19 20:46, Karsten Horsmann wrote:
Hi,
the sips Uri schemata is not used for tls with dispatcher.
jumping in to clarify a bit about sips protocol schema. It doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is mandating that the traffic goes over secure links, which can be IPSec/VPN or even just private network, so it is ok using UDP or TCP when sips is present.
In SIP, if TLS is wanted, then transport=tls has to be added to the URI.
As for dispatcher, one more clarification: trasport=tls in attrs has nothing to do with the destination address, so that has to be in the value of the destination field, as Karsten gave in his example.
And, as general note: better do not use sips at all, it can mess up some nodes in the path, if you are not sure about the need of sips -- just do uri;trasport=tls.
Cheers, Daniel
Here an example for flatfile dispatcher.list (need corrected values).
The socket line must match an listen directive in your Kamailio.cfg.
root@sbc1:~# cat /etc/kamailio/dispatcher.list # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32:
I have a basic setup where kamailio receives SIP over websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
+----+-------+------------------------+-------+----------+---------------+----------------+ | id | setid | destination | flags | priority | attrs | description |
+----+-------+------------------------+-------+----------+---------------+----------------+ | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | transport=tls | SIP SERVER |
+----+-------+------------------------+-------+----------+---------------+----------------+
Now when REGISTER is received over websocket, kamailio is responding with error code 500 and phrase "500 I'm terribly sorry, server error occurred (7/SL)". And on the console I see the following error messages.
12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: f1ecf7bcb659b07fe81e332e100044e5 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:10.0.0.100:5061) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:1735]: t_forward_nonack(): failure to add branches 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 n=sl_reply_error 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, hsvmphm3ps12.invalid, 0) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
*tls.cfg contents* [client:default] method = TLSv1 verify_certificate = yes require_certificate = yes private_key = /home/test/kamailio/internal.key certificate = /home/test/kamailio/internal.crt ca_list = /home/test/kamailio/ca_list.pem
Any reason why this error is seen? Any inputs appreciated.
Thanks. _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Please post the config around the ds_select
What that’s saying is basically it could not find a destination for the set you are asking for.
Either because the setid you provide with the function doesn’t exist, or the destination is not responding to the pings.
On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. The setup consists of client connecting to kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list as below
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061 ;ping_from=sip:10.0.0.14
With above, kamailio replies to REGISTER with "SIP/2.0 404 No destination". And in the logs, I see following statement.
1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no destination sets
What does this mean? Is kamailio not able to talk to SIP server for some reason?
Regards
On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
Your config line for the dispatcher makes no sense for me.
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061; ping_from=sip:10.0.0.14
Means setid 1007 (like an group to arrange multiple targets) okay. But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri. Where your calls are placed when you call the dispatcher function with setid 1007.
In combination with socket=10.0.0.100:5061 (that indicates your Kamailio socket, the proxy ip) That you talking with yourself.
You should read the module documentations for dispatcher and tls.
Or describe your ip setup and your config a bit more.
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, 17:41:
Hi Karsten, David,
Thanks for your pointers. Earlier I was using mysql backend where the dispatch list was stored. Now following your suggestions, I have switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the following
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061 ;ping_from=sip:10.0.0.14
Even with this, when HTTP request in, the same is upgraded to WS connection. But this gets closed after couple of seconds. Does the below log indicate anything?
9(1784) exec: *** cfgtrace:request_route=[xhttp:request] c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): destroying list (nil)
Is there any way to understand what's happening? I do not see any other error lin logs.
Thanks.
On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < miconda@gmail.com> wrote:
Hello, On 06.11.19 20:46, Karsten Horsmann wrote:
Hi,
the sips Uri schemata is not used for tls with dispatcher.
jumping in to clarify a bit about sips protocol schema. It doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is mandating that the traffic goes over secure links, which can be IPSec/VPN or even just private network, so it is ok using UDP or TCP when sips is present.
In SIP, if TLS is wanted, then transport=tls has to be added to the URI.
As for dispatcher, one more clarification: trasport=tls in attrs has nothing to do with the destination address, so that has to be in the value of the destination field, as Karsten gave in his example.
And, as general note: better do not use sips at all, it can mess up some nodes in the path, if you are not sure about the need of sips -- just do uri;trasport=tls.
Cheers, Daniel
Here an example for flatfile dispatcher.list (need corrected values).
The socket line must match an listen directive in your Kamailio.cfg.
root@sbc1:~# cat /etc/kamailio/dispatcher.list # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32:
I have a basic setup where kamailio receives SIP over websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
+----+-------+------------------------+-------+----------+---------------+----------------+ | id | setid | destination | flags | priority | attrs | description |
+----+-------+------------------------+-------+----------+---------------+----------------+ | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | transport=tls | SIP SERVER |
+----+-------+------------------------+-------+----------+---------------+----------------+
Now when REGISTER is received over websocket, kamailio is responding with error code 500 and phrase "500 I'm terribly sorry, server error occurred (7/SL)". And on the console I see the following error messages.
12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: f1ecf7bcb659b07fe81e332e100044e5 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:10.0.0.100:5061) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:1735]: t_forward_nonack(): failure to add branches 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 n=sl_reply_error 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, hsvmphm3ps12.invalid, 0) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
*tls.cfg contents* [client:default] method = TLSv1 verify_certificate = yes require_certificate = yes private_key = /home/test/kamailio/internal.key certificate = /home/test/kamailio/internal.crt ca_list = /home/test/kamailio/ca_list.pem
Any reason why this error is seen? Any inputs appreciated.
Thanks. _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Thanks David. You are right, ds_select_dst() is failing and error log is shown.
9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 n=xdbg 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: --- DISPATCH: Dispatcher could not find any destination 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 n=send_reply
Here is the config around ds_select_dst()
# Dispatch requests route[DISPATCH] { # round robin dispatching on gateways group '1' if(!ds_select_dst("1007", "4")) { xdbg("--- DISPATCH: Dispatcher could not find any destination\n"); send_reply("404", "No destination"); exit; } t_on_failure("RTF_DISPATCH"); route(RELAY); exit; }
Is there any way to see the logs for communication that happens with the destination? As you said, that also could be one of points of failure.
BTW, I have set following config for pinging destination.
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") #modparam("dispatcher", "db_url", DBURL) #Use DBURL variable for database parameters modparam("dispatcher", "ds_ping_interval", 10) #How often to ping destinations to check status modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP Options ping modparam("dispatcher", "ds_probing_threshold", 10) #How many failed pings in a row do we need before we consider it down modparam("dispatcher", "ds_inactive_threshold", 10) #How many sucessful pings in a row do we need before considering it up modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables stats on latency modparam("dispatcher", "ds_probing_mode", 1) #Keeps pinging gateways when state is known (to detect change in state)
Best Regards.
On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please post the config around the ds_select
What that’s saying is basically it could not find a destination for the set you are asking for.
Either because the setid you provide with the function doesn’t exist, or the destination is not responding to the pings.
On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. The setup consists of client connecting to kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list as below
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061 ;ping_from=sip:10.0.0.14
With above, kamailio replies to REGISTER with "SIP/2.0 404 No destination". And in the logs, I see following statement.
1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no destination sets
What does this mean? Is kamailio not able to talk to SIP server for some reason?
Regards
On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
Your config line for the dispatcher makes no sense for me.
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061; ping_from=sip:10.0.0.14
Means setid 1007 (like an group to arrange multiple targets) okay. But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri. Where your calls are placed when you call the dispatcher function with setid 1007.
In combination with socket=10.0.0.100:5061 (that indicates your Kamailio socket, the proxy ip) That you talking with yourself.
You should read the module documentations for dispatcher and tls.
Or describe your ip setup and your config a bit more.
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, 17:41:
Hi Karsten, David,
Thanks for your pointers. Earlier I was using mysql backend where the dispatch list was stored. Now following your suggestions, I have switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the following
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061 ;ping_from=sip:10.0.0.14
Even with this, when HTTP request in, the same is upgraded to WS connection. But this gets closed after couple of seconds. Does the below log indicate anything?
9(1784) exec: *** cfgtrace:request_route=[xhttp:request] c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): destroying list (nil)
Is there any way to understand what's happening? I do not see any other error lin logs.
Thanks.
On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < miconda@gmail.com> wrote:
Hello, On 06.11.19 20:46, Karsten Horsmann wrote:
Hi,
the sips Uri schemata is not used for tls with dispatcher.
jumping in to clarify a bit about sips protocol schema. It doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is mandating that the traffic goes over secure links, which can be IPSec/VPN or even just private network, so it is ok using UDP or TCP when sips is present.
In SIP, if TLS is wanted, then transport=tls has to be added to the URI.
As for dispatcher, one more clarification: trasport=tls in attrs has nothing to do with the destination address, so that has to be in the value of the destination field, as Karsten gave in his example.
And, as general note: better do not use sips at all, it can mess up some nodes in the path, if you are not sure about the need of sips -- just do uri;trasport=tls.
Cheers, Daniel
Here an example for flatfile dispatcher.list (need corrected values).
The socket line must match an listen directive in your Kamailio.cfg.
root@sbc1:~# cat /etc/kamailio/dispatcher.list # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32:
I have a basic setup where kamailio receives SIP over websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
+----+-------+------------------------+-------+----------+---------------+----------------+ | id | setid | destination | flags | priority | attrs | description |
+----+-------+------------------------+-------+----------+---------------+----------------+ | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | transport=tls | SIP SERVER |
+----+-------+------------------------+-------+----------+---------------+----------------+
Now when REGISTER is received over websocket, kamailio is responding with error code 500 and phrase "500 I'm terribly sorry, server error occurred (7/SL)". And on the console I see the following error messages.
12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: f1ecf7bcb659b07fe81e332e100044e5 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:10.0.0.100:5061) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no corresponding listening socket) 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_fwd.c:1735]: t_forward_nonack(): failure to add branches 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 n=sl_reply_error 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, hsvmphm3ps12.invalid, 0) 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
*tls.cfg contents* [client:default] method = TLSv1 verify_certificate = yes require_certificate = yes private_key = /home/test/kamailio/internal.key certificate = /home/test/kamailio/internal.crt ca_list = /home/test/kamailio/ca_list.pem
Any reason why this error is seen? Any inputs appreciated.
Thanks. _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi,
I guess the dispatcher is not able to get an 200 okay from your upstream tls / sipserver. And so the dispatcher did his job. Find no active dispatcher targets, then told you that.
You find more about the dispatcher state with kamctl dispatcher dump or kamcmd dispatcher.list
And read the module docu of dispatcher, they explain you the states of the commands above.
Hints here:
Reading dispatcher docu, understand the states, read tls (maybe that's your root cause).
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 14:56:
Thanks David. You are right, ds_select_dst() is failing and error log is shown.
9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 n=xdbg 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: --- DISPATCH: Dispatcher could not find any destination 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 n=send_reply
Here is the config around ds_select_dst()
# Dispatch requests route[DISPATCH] { # round robin dispatching on gateways group '1' if(!ds_select_dst("1007", "4")) { xdbg("--- DISPATCH: Dispatcher could not find any destination\n"); send_reply("404", "No destination"); exit; } t_on_failure("RTF_DISPATCH"); route(RELAY); exit; }
Is there any way to see the logs for communication that happens with the destination? As you said, that also could be one of points of failure.
BTW, I have set following config for pinging destination.
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") #modparam("dispatcher", "db_url", DBURL) #Use DBURL variable for database parameters modparam("dispatcher", "ds_ping_interval", 10) #How often to ping destinations to check status modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP Options ping modparam("dispatcher", "ds_probing_threshold", 10) #How many failed pings in a row do we need before we consider it down modparam("dispatcher", "ds_inactive_threshold", 10) #How many sucessful pings in a row do we need before considering it up modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables stats on latency modparam("dispatcher", "ds_probing_mode", 1) #Keeps pinging gateways when state is known (to detect change in state)
Best Regards.
On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please post the config around the ds_select
What that’s saying is basically it could not find a destination for the set you are asking for.
Either because the setid you provide with the function doesn’t exist, or the destination is not responding to the pings.
On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. The setup consists of client connecting to kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list as below
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061 ;ping_from=sip:10.0.0.14
With above, kamailio replies to REGISTER with "SIP/2.0 404 No destination". And in the logs, I see following statement.
1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no destination sets
What does this mean? Is kamailio not able to talk to SIP server for some reason?
Regards
On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
Your config line for the dispatcher makes no sense for me.
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061; ping_from=sip:10.0.0.14
Means setid 1007 (like an group to arrange multiple targets) okay. But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri. Where your calls are placed when you call the dispatcher function with setid 1007.
In combination with socket=10.0.0.100:5061 (that indicates your Kamailio socket, the proxy ip) That you talking with yourself.
You should read the module documentations for dispatcher and tls.
Or describe your ip setup and your config a bit more.
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, 17:41:
Hi Karsten, David,
Thanks for your pointers. Earlier I was using mysql backend where the dispatch list was stored. Now following your suggestions, I have switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the following
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061 ;ping_from=sip:10.0.0.14
Even with this, when HTTP request in, the same is upgraded to WS connection. But this gets closed after couple of seconds. Does the below log indicate anything?
9(1784) exec: *** cfgtrace:request_route=[xhttp:request] c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): destroying list (nil)
Is there any way to understand what's happening? I do not see any other error lin logs.
Thanks.
On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < miconda@gmail.com> wrote:
Hello, On 06.11.19 20:46, Karsten Horsmann wrote:
Hi,
the sips Uri schemata is not used for tls with dispatcher.
jumping in to clarify a bit about sips protocol schema. It doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is mandating that the traffic goes over secure links, which can be IPSec/VPN or even just private network, so it is ok using UDP or TCP when sips is present.
In SIP, if TLS is wanted, then transport=tls has to be added to the URI.
As for dispatcher, one more clarification: trasport=tls in attrs has nothing to do with the destination address, so that has to be in the value of the destination field, as Karsten gave in his example.
And, as general note: better do not use sips at all, it can mess up some nodes in the path, if you are not sure about the need of sips -- just do uri;trasport=tls.
Cheers, Daniel
Here an example for flatfile dispatcher.list (need corrected values).
The socket line must match an listen directive in your Kamailio.cfg.
root@sbc1:~# cat /etc/kamailio/dispatcher.list # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32:
> I have a basic setup where kamailio receives SIP over websocket (no > WSS) and forwards to SIP server over TLS. I have enabled TLS in > kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and > transport=tls. > > > +----+-------+------------------------+-------+----------+---------------+----------------+ > | id | setid | destination | flags | priority | attrs > | description | > > +----+-------+------------------------+-------+----------+---------------+----------------+ > | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | > transport=tls | SIP SERVER | > > +----+-------+------------------------+-------+----------+---------------+----------------+ > > Now when REGISTER is received over websocket, kamailio is responding > with error code 500 and phrase "500 I'm terribly sorry, server error > occurred (7/SL)". And on the console I see the following error messages. > > 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> > [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: > f1ecf7bcb659b07fe81e332e100044e5 > 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm > [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 > (tls:10.0.0.100:5061) > 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm > [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no > corresponding listening socket) > 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm > [t_fwd.c:1735]: t_forward_nonack(): failure to add branches > 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm > [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) > 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm > [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed > 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** > cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 > n=sl_reply_error > 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> > [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, > hsvmphm3ps12.invalid, 0) > 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket > [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] > > *tls.cfg contents* > [client:default] > method = TLSv1 > verify_certificate = yes > require_certificate = yes > private_key = /home/test/kamailio/internal.key > certificate = /home/test/kamailio/internal.crt > ca_list = /home/test/kamailio/ca_list.pem > > Any reason why this error is seen? Any inputs appreciated. > > Thanks. > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >
Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Thanks Karsten. Instead of SIP server, I ran a simple socket listener program to see if dispatcher is attempting to connect to it or not. But it did not receive any client connection attempts. So after looking at the logs, I found below log statements. Any idea why this might have happened?
0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket tls:10.0.0.14:5061 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping
dispatcher.list file pasted below contains the address. Why would this be an error?
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061; ping_from=sip:10.0.0.14
On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
I guess the dispatcher is not able to get an 200 okay from your upstream tls / sipserver. And so the dispatcher did his job. Find no active dispatcher targets, then told you that.
You find more about the dispatcher state with kamctl dispatcher dump or kamcmd dispatcher.list
And read the module docu of dispatcher, they explain you the states of the commands above.
Hints here:
Reading dispatcher docu, understand the states, read tls (maybe that's your root cause).
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 14:56:
Thanks David. You are right, ds_select_dst() is failing and error log is shown.
9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 n=xdbg 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: --- DISPATCH: Dispatcher could not find any destination 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 n=send_reply
Here is the config around ds_select_dst()
# Dispatch requests route[DISPATCH] { # round robin dispatching on gateways group '1' if(!ds_select_dst("1007", "4")) { xdbg("--- DISPATCH: Dispatcher could not find any destination\n"); send_reply("404", "No destination"); exit; } t_on_failure("RTF_DISPATCH"); route(RELAY); exit; }
Is there any way to see the logs for communication that happens with the destination? As you said, that also could be one of points of failure.
BTW, I have set following config for pinging destination.
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") #modparam("dispatcher", "db_url", DBURL) #Use DBURL variable for database parameters modparam("dispatcher", "ds_ping_interval", 10) #How often to ping destinations to check status modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP Options ping modparam("dispatcher", "ds_probing_threshold", 10) #How many failed pings in a row do we need before we consider it down modparam("dispatcher", "ds_inactive_threshold", 10) #How many sucessful pings in a row do we need before considering it up modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables stats on latency modparam("dispatcher", "ds_probing_mode", 1) #Keeps pinging gateways when state is known (to detect change in state)
Best Regards.
On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please post the config around the ds_select
What that’s saying is basically it could not find a destination for the set you are asking for.
Either because the setid you provide with the function doesn’t exist, or the destination is not responding to the pings.
On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. The setup consists of client connecting to kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list as below
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061 ;ping_from=sip:10.0.0.14
With above, kamailio replies to REGISTER with "SIP/2.0 404 No destination". And in the logs, I see following statement.
1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no destination sets
What does this mean? Is kamailio not able to talk to SIP server for some reason?
Regards
On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
Your config line for the dispatcher makes no sense for me.
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061; ping_from=sip:10.0.0.14
Means setid 1007 (like an group to arrange multiple targets) okay. But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri. Where your calls are placed when you call the dispatcher function with setid 1007.
In combination with socket=10.0.0.100:5061 (that indicates your Kamailio socket, the proxy ip) That you talking with yourself.
You should read the module documentations for dispatcher and tls.
Or describe your ip setup and your config a bit more.
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, 17:41:
Hi Karsten, David,
Thanks for your pointers. Earlier I was using mysql backend where the dispatch list was stored. Now following your suggestions, I have switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the following
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061 ;ping_from=sip:10.0.0.14
Even with this, when HTTP request in, the same is upgraded to WS connection. But this gets closed after couple of seconds. Does the below log indicate anything?
9(1784) exec: *** cfgtrace:request_route=[xhttp:request] c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): destroying list (nil)
Is there any way to understand what's happening? I do not see any other error lin logs.
Thanks.
On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < miconda@gmail.com> wrote:
> Hello, > On 06.11.19 20:46, Karsten Horsmann wrote: > > Hi, > > the sips Uri schemata is not used for tls with dispatcher. > > jumping in to clarify a bit about sips protocol schema. It doesn't > imply TLS as one may think HTTPS does it for HTTP. The sips is mandating > that the traffic goes over secure links, which can be IPSec/VPN or even > just private network, so it is ok using UDP or TCP when sips is present. > > In SIP, if TLS is wanted, then transport=tls has to be added to the > URI. > > As for dispatcher, one more clarification: trasport=tls in attrs has > nothing to do with the destination address, so that has to be in the value > of the destination field, as Karsten gave in his example. > > And, as general note: better do not use sips at all, it can mess up > some nodes in the path, if you are not sure about the need of sips -- just > do uri;trasport=tls. > > Cheers, > Daniel > > > Here an example for flatfile dispatcher.list (need corrected > values). > > The socket line must match an listen directive in your Kamailio.cfg. > > > root@sbc1:~# cat /etc/kamailio/dispatcher.list > # setid(integer) destination(sip uri) flags (integer, optional), > priority(int,opt), attrs (str,optional) > 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 > socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain > > Cheers > Karsten > > sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32: > >> I have a basic setup where kamailio receives SIP over websocket (no >> WSS) and forwards to SIP server over TLS. I have enabled TLS in >> kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and >> transport=tls. >> >> >> +----+-------+------------------------+-------+----------+---------------+----------------+ >> | id | setid | destination | flags | priority | attrs >> | description | >> >> +----+-------+------------------------+-------+----------+---------------+----------------+ >> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | >> transport=tls | SIP SERVER | >> >> +----+-------+------------------------+-------+----------+---------------+----------------+ >> >> Now when REGISTER is received over websocket, kamailio is >> responding with error code 500 and phrase "500 I'm terribly sorry, server >> error occurred (7/SL)". And on the console I see the following error >> messages. >> >> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >> f1ecf7bcb659b07fe81e332e100044e5 >> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 >> (tls:10.0.0.100:5061) >> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >> corresponding listening socket) >> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) >> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 >> n=sl_reply_error >> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, >> hsvmphm3ps12.invalid, 0) >> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket >> [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >> >> *tls.cfg contents* >> [client:default] >> method = TLSv1 >> verify_certificate = yes >> require_certificate = yes >> private_key = /home/test/kamailio/internal.key >> certificate = /home/test/kamailio/internal.crt >> ca_list = /home/test/kamailio/ca_list.pem >> >> Any reason why this error is seen? Any inputs appreciated. >> >> Thanks. >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > > _______________________________________________ > Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > -- > Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda > Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com > > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Is kamailio listening in that socket?
On Sat, 9 Nov 2019 at 17:34, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. Instead of SIP server, I ran a simple socket listener program to see if dispatcher is attempting to connect to it or not. But it did not receive any client connection attempts. So after looking at the logs, I found below log statements. Any idea why this might have happened?
0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket tls:10.0.0.14:5061 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping
dispatcher.list file pasted below contains the address. Why would this be an error?
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061; ping_from=sip:10.0.0.14
On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
I guess the dispatcher is not able to get an 200 okay from your upstream tls / sipserver. And so the dispatcher did his job. Find no active dispatcher targets, then told you that.
You find more about the dispatcher state with kamctl dispatcher dump or kamcmd dispatcher.list
And read the module docu of dispatcher, they explain you the states of the commands above.
Hints here:
Reading dispatcher docu, understand the states, read tls (maybe that's your root cause).
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 14:56:
Thanks David. You are right, ds_select_dst() is failing and error log is shown.
9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 n=xdbg 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: --- DISPATCH: Dispatcher could not find any destination 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 n=send_reply
Here is the config around ds_select_dst()
# Dispatch requests route[DISPATCH] { # round robin dispatching on gateways group '1' if(!ds_select_dst("1007", "4")) { xdbg("--- DISPATCH: Dispatcher could not find any destination\n"); send_reply("404", "No destination"); exit; } t_on_failure("RTF_DISPATCH"); route(RELAY); exit; }
Is there any way to see the logs for communication that happens with the destination? As you said, that also could be one of points of failure.
BTW, I have set following config for pinging destination.
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") #modparam("dispatcher", "db_url", DBURL) #Use DBURL variable for database parameters modparam("dispatcher", "ds_ping_interval", 10) #How often to ping destinations to check status modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP Options ping modparam("dispatcher", "ds_probing_threshold", 10) #How many failed pings in a row do we need before we consider it down modparam("dispatcher", "ds_inactive_threshold", 10) #How many sucessful pings in a row do we need before considering it up modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables stats on latency modparam("dispatcher", "ds_probing_mode", 1) #Keeps pinging gateways when state is known (to detect change in state)
Best Regards.
On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please post the config around the ds_select
What that’s saying is basically it could not find a destination for the set you are asking for.
Either because the setid you provide with the function doesn’t exist, or the destination is not responding to the pings.
On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. The setup consists of client connecting to kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list as below
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061 ;ping_from=sip:10.0.0.14
With above, kamailio replies to REGISTER with "SIP/2.0 404 No destination". And in the logs, I see following statement.
1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no destination sets
What does this mean? Is kamailio not able to talk to SIP server for some reason?
Regards
On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
Your config line for the dispatcher makes no sense for me.
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061 ;ping_from=sip:10.0.0.14
Means setid 1007 (like an group to arrange multiple targets) okay. But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri. Where your calls are placed when you call the dispatcher function with setid 1007.
In combination with socket=10.0.0.100:5061 (that indicates your Kamailio socket, the proxy ip) That you talking with yourself.
You should read the module documentations for dispatcher and tls.
Or describe your ip setup and your config a bit more.
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, 17:41:
> Hi Karsten, David, > > Thanks for your pointers. Earlier I was using mysql backend where > the dispatch list was stored. Now following your suggestions, I have > switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and > put in the following > > # setid(integer) destination(sip uri) flags (integer, optional), > priority(int,opt), attrs (str,optional) > 1007 sip:10.0.0.100:5061;transport=tls 0 3 > socket=tls:10.0.0.100:5061;ping_from=sip:10.0.0.14 > > Even with this, when HTTP request in, the same is upgraded to WS > connection. But this gets closed after couple of seconds. Does the below > log indicate anything? > > 9(1784) exec: *** cfgtrace:request_route=[xhttp:request] > c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit > 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): > destroying list (nil) > > Is there any way to understand what's happening? I do not see any > other error lin logs. > > Thanks. > > > > On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < > miconda@gmail.com> wrote: > >> Hello, >> On 06.11.19 20:46, Karsten Horsmann wrote: >> >> Hi, >> >> the sips Uri schemata is not used for tls with dispatcher. >> >> jumping in to clarify a bit about sips protocol schema. It doesn't >> imply TLS as one may think HTTPS does it for HTTP. The sips is mandating >> that the traffic goes over secure links, which can be IPSec/VPN or even >> just private network, so it is ok using UDP or TCP when sips is present. >> >> In SIP, if TLS is wanted, then transport=tls has to be added to the >> URI. >> >> As for dispatcher, one more clarification: trasport=tls in attrs >> has nothing to do with the destination address, so that has to be in the >> value of the destination field, as Karsten gave in his example. >> >> And, as general note: better do not use sips at all, it can mess up >> some nodes in the path, if you are not sure about the need of sips -- just >> do uri;trasport=tls. >> >> Cheers, >> Daniel >> >> >> Here an example for flatfile dispatcher.list (need corrected >> values). >> >> The socket line must match an listen directive in your >> Kamailio.cfg. >> >> >> root@sbc1:~# cat /etc/kamailio/dispatcher.list >> # setid(integer) destination(sip uri) flags (integer, optional), >> priority(int,opt), attrs (str,optional) >> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain >> >> Cheers >> Karsten >> >> sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32: >> >>> I have a basic setup where kamailio receives SIP over websocket >>> (no WSS) and forwards to SIP server over TLS. I have enabled TLS in >>> kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and >>> transport=tls. >>> >>> >>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>> | id | setid | destination | flags | priority | attrs >>> | description | >>> >>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | >>> transport=tls | SIP SERVER | >>> >>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>> >>> Now when REGISTER is received over websocket, kamailio is >>> responding with error code 500 and phrase "500 I'm terribly sorry, server >>> error occurred (7/SL)". And on the console I see the following error >>> messages. >>> >>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >>> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >>> f1ecf7bcb659b07fe81e332e100044e5 >>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 >>> (tls:10.0.0.100:5061) >>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >>> corresponding listening socket) >>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) >>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 >>> n=sl_reply_error >>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >>> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, >>> hsvmphm3ps12.invalid, 0) >>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >>> >>> *tls.cfg contents* >>> [client:default] >>> method = TLSv1 >>> verify_certificate = yes >>> require_certificate = yes >>> private_key = /home/test/kamailio/internal.key >>> certificate = /home/test/kamailio/internal.crt >>> ca_list = /home/test/kamailio/ca_list.pem >>> >>> Any reason why this error is seen? Any inputs appreciated. >>> >>> Thanks. >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> >> _______________________________________________ >> Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> >> -- >> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda >> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com >> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Please paste the “listen” parameters from the config.
On Sat, 9 Nov 2019 at 18:04, David Villasmil david.villasmil.work@gmail.com wrote:
Is kamailio listening in that socket?
On Sat, 9 Nov 2019 at 17:34, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. Instead of SIP server, I ran a simple socket listener program to see if dispatcher is attempting to connect to it or not. But it did not receive any client connection attempts. So after looking at the logs, I found below log statements. Any idea why this might have happened?
0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket tls:10.0.0.14:5061 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping
dispatcher.list file pasted below contains the address. Why would this be an error?
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061; ping_from=sip:10.0.0.14
On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
I guess the dispatcher is not able to get an 200 okay from your upstream tls / sipserver. And so the dispatcher did his job. Find no active dispatcher targets, then told you that.
You find more about the dispatcher state with kamctl dispatcher dump or kamcmd dispatcher.list
And read the module docu of dispatcher, they explain you the states of the commands above.
Hints here:
Reading dispatcher docu, understand the states, read tls (maybe that's your root cause).
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 14:56:
Thanks David. You are right, ds_select_dst() is failing and error log is shown.
9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 n=xdbg 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: --- DISPATCH: Dispatcher could not find any destination 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 n=send_reply
Here is the config around ds_select_dst()
# Dispatch requests route[DISPATCH] { # round robin dispatching on gateways group '1' if(!ds_select_dst("1007", "4")) { xdbg("--- DISPATCH: Dispatcher could not find any destination\n"); send_reply("404", "No destination"); exit; } t_on_failure("RTF_DISPATCH"); route(RELAY); exit; }
Is there any way to see the logs for communication that happens with the destination? As you said, that also could be one of points of failure.
BTW, I have set following config for pinging destination.
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") #modparam("dispatcher", "db_url", DBURL) #Use DBURL variable for database parameters modparam("dispatcher", "ds_ping_interval", 10) #How often to ping destinations to check status modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP Options ping modparam("dispatcher", "ds_probing_threshold", 10) #How many failed pings in a row do we need before we consider it down modparam("dispatcher", "ds_inactive_threshold", 10) #How many sucessful pings in a row do we need before considering it up modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables stats on latency modparam("dispatcher", "ds_probing_mode", 1) #Keeps pinging gateways when state is known (to detect change in state)
Best Regards.
On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please post the config around the ds_select
What that’s saying is basically it could not find a destination for the set you are asking for.
Either because the setid you provide with the function doesn’t exist, or the destination is not responding to the pings.
On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. The setup consists of client connecting to kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list as below
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061 ;ping_from=sip:10.0.0.14
With above, kamailio replies to REGISTER with "SIP/2.0 404 No destination". And in the logs, I see following statement.
1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no destination sets
What does this mean? Is kamailio not able to talk to SIP server for some reason?
Regards
On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann khorsmann@gmail.com wrote:
> Hi, > > > Your config line for the dispatcher makes no sense for me. > > 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls: > 10.0.0.100:5061;ping_from=sip:10.0.0.14 > > > Means setid 1007 (like an group to arrange multiple targets) okay. > But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri. > Where your calls are placed when you call the dispatcher function with > setid 1007. > > In combination with socket=10.0.0.100:5061 (that indicates your > Kamailio socket, the proxy ip) > That you talking with yourself. > > You should read the module documentations for dispatcher and tls. > > Or describe your ip setup and your config a bit more. > > Cheers > Karsten > > sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, 17:41: > >> Hi Karsten, David, >> >> Thanks for your pointers. Earlier I was using mysql backend where >> the dispatch list was stored. Now following your suggestions, I have >> switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and >> put in the following >> >> # setid(integer) destination(sip uri) flags (integer, optional), >> priority(int,opt), attrs (str,optional) >> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >> socket=tls:10.0.0.100:5061;ping_from=sip:10.0.0.14 >> >> Even with this, when HTTP request in, the same is upgraded to WS >> connection. But this gets closed after couple of seconds. Does the below >> log indicate anything? >> >> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request] >> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit >> 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): >> destroying list (nil) >> >> Is there any way to understand what's happening? I do not see any >> other error lin logs. >> >> Thanks. >> >> >> >> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < >> miconda@gmail.com> wrote: >> >>> Hello, >>> On 06.11.19 20:46, Karsten Horsmann wrote: >>> >>> Hi, >>> >>> the sips Uri schemata is not used for tls with dispatcher. >>> >>> jumping in to clarify a bit about sips protocol schema. It doesn't >>> imply TLS as one may think HTTPS does it for HTTP. The sips is mandating >>> that the traffic goes over secure links, which can be IPSec/VPN or even >>> just private network, so it is ok using UDP or TCP when sips is present. >>> >>> In SIP, if TLS is wanted, then transport=tls has to be added to >>> the URI. >>> >>> As for dispatcher, one more clarification: trasport=tls in attrs >>> has nothing to do with the destination address, so that has to be in the >>> value of the destination field, as Karsten gave in his example. >>> >>> And, as general note: better do not use sips at all, it can mess >>> up some nodes in the path, if you are not sure about the need of sips -- >>> just do uri;trasport=tls. >>> >>> Cheers, >>> Daniel >>> >>> >>> Here an example for flatfile dispatcher.list (need corrected >>> values). >>> >>> The socket line must match an listen directive in your >>> Kamailio.cfg. >>> >>> >>> root@sbc1:~# cat /etc/kamailio/dispatcher.list >>> # setid(integer) destination(sip uri) flags (integer, optional), >>> priority(int,opt), attrs (str,optional) >>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain >>> >>> Cheers >>> Karsten >>> >>> sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32: >>> >>>> I have a basic setup where kamailio receives SIP over websocket >>>> (no WSS) and forwards to SIP server over TLS. I have enabled TLS in >>>> kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and >>>> transport=tls. >>>> >>>> >>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>> | id | setid | destination | flags | priority | attrs >>>> | description | >>>> >>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | >>>> transport=tls | SIP SERVER | >>>> >>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>> >>>> Now when REGISTER is received over websocket, kamailio is >>>> responding with error code 500 and phrase "500 I'm terribly sorry, server >>>> error occurred (7/SL)". And on the console I see the following error >>>> messages. >>>> >>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >>>> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >>>> f1ecf7bcb659b07fe81e332e100044e5 >>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 >>>> (tls:10.0.0.100:5061) >>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >>>> corresponding listening socket) >>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) >>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 >>>> n=sl_reply_error >>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >>>> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, >>>> hsvmphm3ps12.invalid, 0) >>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >>>> >>>> *tls.cfg contents* >>>> [client:default] >>>> method = TLSv1 >>>> verify_certificate = yes >>>> require_certificate = yes >>>> private_key = /home/test/kamailio/internal.key >>>> certificate = /home/test/kamailio/internal.crt >>>> ca_list = /home/test/kamailio/ca_list.pem >>>> >>>> Any reason why this error is seen? Any inputs appreciated. >>>> >>>> Thanks. >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing List >>>> sr-users@lists.kamailio.org >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >>> -- >>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda >>> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com >>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
Kamailio listening on WS only as seen from below log snippet. As I mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards the SIP server.
0(3268) INFO: <core> [core/sctp_core.c:74]: sctp_core_check_support(): SCTP API not enabled - if you want to use it, load sctp module Listening on tcp: 10.0.0.14 [10.0.0.14]:8080 Aliases: *: test.example.com:*
And here is the relevant portion from config file. listen=tcp:10.0.0.14:8080
With the above, I modified dispatcher.list as below # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080 ;ping_from=sip:10.0.0.14
With the above change, I see following in the logs
1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061) 1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:10.0.0.100:5061) 1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found 1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to ping [sip:10.0.0.100:5061;transport=tls] 1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061)
But not attempts to connect to the SIP server.
On Sat, Nov 9, 2019 at 11:48 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please paste the “listen” parameters from the config.
On Sat, 9 Nov 2019 at 18:04, David Villasmil < david.villasmil.work@gmail.com> wrote:
Is kamailio listening in that socket?
On Sat, 9 Nov 2019 at 17:34, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. Instead of SIP server, I ran a simple socket listener program to see if dispatcher is attempting to connect to it or not. But it did not receive any client connection attempts. So after looking at the logs, I found below log statements. Any idea why this might have happened?
0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket tls:10.0.0.14:5061 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping
dispatcher.list file pasted below contains the address. Why would this be an error?
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061; ping_from=sip:10.0.0.14
On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
I guess the dispatcher is not able to get an 200 okay from your upstream tls / sipserver. And so the dispatcher did his job. Find no active dispatcher targets, then told you that.
You find more about the dispatcher state with kamctl dispatcher dump or kamcmd dispatcher.list
And read the module docu of dispatcher, they explain you the states of the commands above.
Hints here:
Reading dispatcher docu, understand the states, read tls (maybe that's your root cause).
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 14:56:
Thanks David. You are right, ds_select_dst() is failing and error log is shown.
9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 n=xdbg 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: --- DISPATCH: Dispatcher could not find any destination 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 n=send_reply
Here is the config around ds_select_dst()
# Dispatch requests route[DISPATCH] { # round robin dispatching on gateways group '1' if(!ds_select_dst("1007", "4")) { xdbg("--- DISPATCH: Dispatcher could not find any destination\n"); send_reply("404", "No destination"); exit; } t_on_failure("RTF_DISPATCH"); route(RELAY); exit; }
Is there any way to see the logs for communication that happens with the destination? As you said, that also could be one of points of failure.
BTW, I have set following config for pinging destination.
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") #modparam("dispatcher", "db_url", DBURL) #Use DBURL variable for database parameters modparam("dispatcher", "ds_ping_interval", 10) #How often to ping destinations to check status modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP Options ping modparam("dispatcher", "ds_probing_threshold", 10) #How many failed pings in a row do we need before we consider it down modparam("dispatcher", "ds_inactive_threshold", 10) #How many sucessful pings in a row do we need before considering it up modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables stats on latency modparam("dispatcher", "ds_probing_mode", 1) #Keeps pinging gateways when state is known (to detect change in state)
Best Regards.
On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please post the config around the ds_select
What that’s saying is basically it could not find a destination for the set you are asking for.
Either because the setid you provide with the function doesn’t exist, or the destination is not responding to the pings.
On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote:
> Thanks Karsten. The setup consists of client connecting to kamailio > over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server > (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list > as below > > # setid(integer) destination(sip uri) flags (integer, optional), > priority(int,opt), attrs (str,optional) > 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061 > ;ping_from=sip:10.0.0.14 > > With above, kamailio replies to REGISTER with "SIP/2.0 404 No > destination". And in the logs, I see following statement. > > 1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no > destination sets > > What does this mean? Is kamailio not able to talk to SIP server for > some reason? > > Regards > > On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann < > khorsmann@gmail.com> wrote: > >> Hi, >> >> >> Your config line for the dispatcher makes no sense for me. >> >> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls: >> 10.0.0.100:5061;ping_from=sip:10.0.0.14 >> >> >> Means setid 1007 (like an group to arrange multiple targets) okay. >> But sip:10.0.0.100:5061;transport=tls is the dispatcher target >> Uri. Where your calls are placed when you call the dispatcher function with >> setid 1007. >> >> In combination with socket=10.0.0.100:5061 (that indicates your >> Kamailio socket, the proxy ip) >> That you talking with yourself. >> >> You should read the module documentations for dispatcher and tls. >> >> Or describe your ip setup and your config a bit more. >> >> Cheers >> Karsten >> >> sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, 17:41: >> >>> Hi Karsten, David, >>> >>> Thanks for your pointers. Earlier I was using mysql backend where >>> the dispatch list was stored. Now following your suggestions, I have >>> switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and >>> put in the following >>> >>> # setid(integer) destination(sip uri) flags (integer, optional), >>> priority(int,opt), attrs (str,optional) >>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>> socket=tls:10.0.0.100:5061;ping_from=sip:10.0.0.14 >>> >>> Even with this, when HTTP request in, the same is upgraded to WS >>> connection. But this gets closed after couple of seconds. Does the below >>> log indicate anything? >>> >>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request] >>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit >>> 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): >>> destroying list (nil) >>> >>> Is there any way to understand what's happening? I do not see any >>> other error lin logs. >>> >>> Thanks. >>> >>> >>> >>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < >>> miconda@gmail.com> wrote: >>> >>>> Hello, >>>> On 06.11.19 20:46, Karsten Horsmann wrote: >>>> >>>> Hi, >>>> >>>> the sips Uri schemata is not used for tls with dispatcher. >>>> >>>> jumping in to clarify a bit about sips protocol schema. It >>>> doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is >>>> mandating that the traffic goes over secure links, which can be IPSec/VPN >>>> or even just private network, so it is ok using UDP or TCP when sips is >>>> present. >>>> >>>> In SIP, if TLS is wanted, then transport=tls has to be added to >>>> the URI. >>>> >>>> As for dispatcher, one more clarification: trasport=tls in attrs >>>> has nothing to do with the destination address, so that has to be in the >>>> value of the destination field, as Karsten gave in his example. >>>> >>>> And, as general note: better do not use sips at all, it can mess >>>> up some nodes in the path, if you are not sure about the need of sips -- >>>> just do uri;trasport=tls. >>>> >>>> Cheers, >>>> Daniel >>>> >>>> >>>> Here an example for flatfile dispatcher.list (need corrected >>>> values). >>>> >>>> The socket line must match an listen directive in your >>>> Kamailio.cfg. >>>> >>>> >>>> root@sbc1:~# cat /etc/kamailio/dispatcher.list >>>> # setid(integer) destination(sip uri) flags (integer, optional), >>>> priority(int,opt), attrs (str,optional) >>>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >>>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain >>>> >>>> Cheers >>>> Karsten >>>> >>>> sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, >>>> 20:32: >>>> >>>>> I have a basic setup where kamailio receives SIP over websocket >>>>> (no WSS) and forwards to SIP server over TLS. I have enabled TLS in >>>>> kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and >>>>> transport=tls. >>>>> >>>>> >>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>> | id | setid | destination | flags | priority | attrs >>>>> | description | >>>>> >>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | >>>>> transport=tls | SIP SERVER | >>>>> >>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>> >>>>> Now when REGISTER is received over websocket, kamailio is >>>>> responding with error code 500 and phrase "500 I'm terribly sorry, server >>>>> error occurred (7/SL)". And on the console I see the following error >>>>> messages. >>>>> >>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >>>>> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >>>>> f1ecf7bcb659b07fe81e332e100044e5 >>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 >>>>> (tls:10.0.0.100:5061) >>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >>>>> corresponding listening socket) >>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) >>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >>>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >>>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 >>>>> n=sl_reply_error >>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >>>>> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, >>>>> hsvmphm3ps12.invalid, 0) >>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >>>>> >>>>> *tls.cfg contents* >>>>> [client:default] >>>>> method = TLSv1 >>>>> verify_certificate = yes >>>>> require_certificate = yes >>>>> private_key = /home/test/kamailio/internal.key >>>>> certificate = /home/test/kamailio/internal.crt >>>>> ca_list = /home/test/kamailio/ca_list.pem >>>>> >>>>> Any reason why this error is seen? Any inputs appreciated. >>>>> >>>>> Thanks. >>>>> _______________________________________________ >>>>> Kamailio (SER) - Users Mailing List >>>>> sr-users@lists.kamailio.org >>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>> >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>>> -- >>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda >>>> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com >>>> >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing List >>>> sr-users@lists.kamailio.org >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
From what you paste, 8080 is not TLS
On Sat, 9 Nov 2019 at 23:29, sthustfo sthustfo@gmail.com wrote:
Kamailio listening on WS only as seen from below log snippet. As I mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards the SIP server.
0(3268) INFO: <core> [core/sctp_core.c:74]: sctp_core_check_support(): SCTP API not enabled - if you want to use it, load sctp module Listening on tcp: 10.0.0.14 [10.0.0.14]:8080 Aliases: *: test.example.com:*
And here is the relevant portion from config file. listen=tcp:10.0.0.14:8080
With the above, I modified dispatcher.list as below # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080 ;ping_from=sip:10.0.0.14
With the above change, I see following in the logs
1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061) 1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:10.0.0.100:5061) 1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found 1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to ping [sip:10.0.0.100:5061;transport=tls] 1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061)
But not attempts to connect to the SIP server.
On Sat, Nov 9, 2019 at 11:48 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please paste the “listen” parameters from the config.
On Sat, 9 Nov 2019 at 18:04, David Villasmil < david.villasmil.work@gmail.com> wrote:
Is kamailio listening in that socket?
On Sat, 9 Nov 2019 at 17:34, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. Instead of SIP server, I ran a simple socket listener program to see if dispatcher is attempting to connect to it or not. But it did not receive any client connection attempts. So after looking at the logs, I found below log statements. Any idea why this might have happened?
0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket tls:10.0.0.14:5061 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping
dispatcher.list file pasted below contains the address. Why would this be an error?
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061; ping_from=sip:10.0.0.14
On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
I guess the dispatcher is not able to get an 200 okay from your upstream tls / sipserver. And so the dispatcher did his job. Find no active dispatcher targets, then told you that.
You find more about the dispatcher state with kamctl dispatcher dump or kamcmd dispatcher.list
And read the module docu of dispatcher, they explain you the states of the commands above.
Hints here:
Reading dispatcher docu, understand the states, read tls (maybe that's your root cause).
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 14:56:
Thanks David. You are right, ds_select_dst() is failing and error log is shown.
9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 n=xdbg 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: --- DISPATCH: Dispatcher could not find any destination 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 n=send_reply
Here is the config around ds_select_dst()
# Dispatch requests route[DISPATCH] { # round robin dispatching on gateways group '1' if(!ds_select_dst("1007", "4")) { xdbg("--- DISPATCH: Dispatcher could not find any destination\n"); send_reply("404", "No destination"); exit; } t_on_failure("RTF_DISPATCH"); route(RELAY); exit; }
Is there any way to see the logs for communication that happens with the destination? As you said, that also could be one of points of failure.
BTW, I have set following config for pinging destination.
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") #modparam("dispatcher", "db_url", DBURL) #Use DBURL variable for database parameters modparam("dispatcher", "ds_ping_interval", 10) #How often to ping destinations to check status modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP Options ping modparam("dispatcher", "ds_probing_threshold", 10) #How many failed pings in a row do we need before we consider it down modparam("dispatcher", "ds_inactive_threshold", 10) #How many sucessful pings in a row do we need before considering it up modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables stats on latency modparam("dispatcher", "ds_probing_mode", 1) #Keeps pinging gateways when state is known (to detect change in state)
Best Regards.
On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
> Please post the config around the ds_select > > What that’s saying is basically it could not find a destination for > the set you are asking for. > > Either because the setid you provide with the function doesn’t > exist, or the destination is not responding to the pings. > > > On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote: > >> Thanks Karsten. The setup consists of client connecting to kamailio >> over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server >> (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list >> as below >> >> # setid(integer) destination(sip uri) flags (integer, optional), >> priority(int,opt), attrs (str,optional) >> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >> socket=tls:10.0.0.14:5061;ping_from=sip:10.0.0.14 >> >> With above, kamailio replies to REGISTER with "SIP/2.0 404 No >> destination". And in the logs, I see following statement. >> >> 1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no >> destination sets >> >> What does this mean? Is kamailio not able to talk to SIP server for >> some reason? >> >> Regards >> >> On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann < >> khorsmann@gmail.com> wrote: >> >>> Hi, >>> >>> >>> Your config line for the dispatcher makes no sense for me. >>> >>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls: >>> 10.0.0.100:5061;ping_from=sip:10.0.0.14 >>> >>> >>> Means setid 1007 (like an group to arrange multiple targets) okay. >>> But sip:10.0.0.100:5061;transport=tls is the dispatcher target >>> Uri. Where your calls are placed when you call the dispatcher function with >>> setid 1007. >>> >>> In combination with socket=10.0.0.100:5061 (that indicates your >>> Kamailio socket, the proxy ip) >>> That you talking with yourself. >>> >>> You should read the module documentations for dispatcher and tls. >>> >>> Or describe your ip setup and your config a bit more. >>> >>> Cheers >>> Karsten >>> >>> sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, 17:41: >>> >>>> Hi Karsten, David, >>>> >>>> Thanks for your pointers. Earlier I was using mysql backend where >>>> the dispatch list was stored. Now following your suggestions, I have >>>> switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and >>>> put in the following >>>> >>>> # setid(integer) destination(sip uri) flags (integer, optional), >>>> priority(int,opt), attrs (str,optional) >>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>>> socket=tls:10.0.0.100:5061;ping_from=sip:10.0.0.14 >>>> >>>> Even with this, when HTTP request in, the same is upgraded to WS >>>> connection. But this gets closed after couple of seconds. Does the below >>>> log indicate anything? >>>> >>>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request] >>>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit >>>> 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): >>>> destroying list (nil) >>>> >>>> Is there any way to understand what's happening? I do not see any >>>> other error lin logs. >>>> >>>> Thanks. >>>> >>>> >>>> >>>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < >>>> miconda@gmail.com> wrote: >>>> >>>>> Hello, >>>>> On 06.11.19 20:46, Karsten Horsmann wrote: >>>>> >>>>> Hi, >>>>> >>>>> the sips Uri schemata is not used for tls with dispatcher. >>>>> >>>>> jumping in to clarify a bit about sips protocol schema. It >>>>> doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is >>>>> mandating that the traffic goes over secure links, which can be IPSec/VPN >>>>> or even just private network, so it is ok using UDP or TCP when sips is >>>>> present. >>>>> >>>>> In SIP, if TLS is wanted, then transport=tls has to be added to >>>>> the URI. >>>>> >>>>> As for dispatcher, one more clarification: trasport=tls in attrs >>>>> has nothing to do with the destination address, so that has to be in the >>>>> value of the destination field, as Karsten gave in his example. >>>>> >>>>> And, as general note: better do not use sips at all, it can mess >>>>> up some nodes in the path, if you are not sure about the need of sips -- >>>>> just do uri;trasport=tls. >>>>> >>>>> Cheers, >>>>> Daniel >>>>> >>>>> >>>>> Here an example for flatfile dispatcher.list (need corrected >>>>> values). >>>>> >>>>> The socket line must match an listen directive in your >>>>> Kamailio.cfg. >>>>> >>>>> >>>>> root@sbc1:~# cat /etc/kamailio/dispatcher.list >>>>> # setid(integer) destination(sip uri) flags (integer, optional), >>>>> priority(int,opt), attrs (str,optional) >>>>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >>>>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain >>>>> >>>>> Cheers >>>>> Karsten >>>>> >>>>> sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, >>>>> 20:32: >>>>> >>>>>> I have a basic setup where kamailio receives SIP over websocket >>>>>> (no WSS) and forwards to SIP server over TLS. I have enabled TLS in >>>>>> kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and >>>>>> transport=tls. >>>>>> >>>>>> >>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>> | id | setid | destination | flags | priority | >>>>>> attrs | description | >>>>>> >>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | >>>>>> transport=tls | SIP SERVER | >>>>>> >>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>> >>>>>> Now when REGISTER is received over websocket, kamailio is >>>>>> responding with error code 500 and phrase "500 I'm terribly sorry, server >>>>>> error occurred (7/SL)". And on the console I see the following error >>>>>> messages. >>>>>> >>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>> <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >>>>>> f1ecf7bcb659b07fe81e332e100044e5 >>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 >>>>>> (tls:10.0.0.100:5061) >>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >>>>>> corresponding listening socket) >>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) >>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >>>>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >>>>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 >>>>>> n=sl_reply_error >>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>> <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, >>>>>> hsvmphm3ps12.invalid, 0) >>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >>>>>> >>>>>> *tls.cfg contents* >>>>>> [client:default] >>>>>> method = TLSv1 >>>>>> verify_certificate = yes >>>>>> require_certificate = yes >>>>>> private_key = /home/test/kamailio/internal.key >>>>>> certificate = /home/test/kamailio/internal.crt >>>>>> ca_list = /home/test/kamailio/ca_list.pem >>>>>> >>>>>> Any reason why this error is seen? Any inputs appreciated. >>>>>> >>>>>> Thanks. >>>>>> _______________________________________________ >>>>>> Kamailio (SER) - Users Mailing List >>>>>> sr-users@lists.kamailio.org >>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>>> -- >>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda >>>>> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com >>>>> >>>>> _______________________________________________ >>>>> Kamailio (SER) - Users Mailing List >>>>> sr-users@lists.kamailio.org >>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing List >>>> sr-users@lists.kamailio.org >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > -- > Regards, > > David Villasmil > email: david.villasmil.work@gmail.com > phone: +34669448337 > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
You need to have a TLS listen like
https://kamailio.org/docs/tls-1.3.x.html#AEN192
On Sun, 10 Nov 2019 at 00:32, David Villasmil < david.villasmil.work@gmail.com> wrote:
From what you paste, 8080 is not TLS
On Sat, 9 Nov 2019 at 23:29, sthustfo sthustfo@gmail.com wrote:
Kamailio listening on WS only as seen from below log snippet. As I mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards the SIP server.
0(3268) INFO: <core> [core/sctp_core.c:74]: sctp_core_check_support(): SCTP API not enabled - if you want to use it, load sctp module Listening on tcp: 10.0.0.14 [10.0.0.14]:8080 Aliases: *: test.example.com:*
And here is the relevant portion from config file. listen=tcp:10.0.0.14:8080
With the above, I modified dispatcher.list as below # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080 ;ping_from=sip:10.0.0.14
With the above change, I see following in the logs
1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061 ) 1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:10.0.0.100:5061) 1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found 1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to ping [sip:10.0.0.100:5061;transport=tls] 1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061 )
But not attempts to connect to the SIP server.
On Sat, Nov 9, 2019 at 11:48 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please paste the “listen” parameters from the config.
On Sat, 9 Nov 2019 at 18:04, David Villasmil < david.villasmil.work@gmail.com> wrote:
Is kamailio listening in that socket?
On Sat, 9 Nov 2019 at 17:34, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. Instead of SIP server, I ran a simple socket listener program to see if dispatcher is attempting to connect to it or not. But it did not receive any client connection attempts. So after looking at the logs, I found below log statements. Any idea why this might have happened?
0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket tls:10.0.0.14:5061 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping
dispatcher.list file pasted below contains the address. Why would this be an error?
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061; ping_from=sip:10.0.0.14
On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
I guess the dispatcher is not able to get an 200 okay from your upstream tls / sipserver. And so the dispatcher did his job. Find no active dispatcher targets, then told you that.
You find more about the dispatcher state with kamctl dispatcher dump or kamcmd dispatcher.list
And read the module docu of dispatcher, they explain you the states of the commands above.
Hints here:
Reading dispatcher docu, understand the states, read tls (maybe that's your root cause).
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 14:56:
> Thanks David. You are right, ds_select_dst() is failing and error > log is shown. > > 9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher > [dispatch.c:2032]: ds_manage_routes(): no destination sets > 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** > cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 > n=xdbg > 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: > --- DISPATCH: Dispatcher could not find any destination > 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** > cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 > n=send_reply > > Here is the config around ds_select_dst() > > # Dispatch requests > route[DISPATCH] { > # round robin dispatching on gateways group '1' > if(!ds_select_dst("1007", "4")) { > xdbg("--- DISPATCH: Dispatcher could not find any > destination\n"); > send_reply("404", "No destination"); > exit; > } > t_on_failure("RTF_DISPATCH"); > route(RELAY); > exit; > } > > Is there any way to see the logs for communication that happens with > the destination? As you said, that also could be one of points of failure. > > BTW, I have set following config for pinging destination. > > modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") > #modparam("dispatcher", "db_url", DBURL) #Use > DBURL variable for database parameters > modparam("dispatcher", "ds_ping_interval", 10) #How often > to ping destinations to check status > modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP > Options ping > modparam("dispatcher", "ds_probing_threshold", 10) #How many > failed pings in a row do we need before we consider it down > modparam("dispatcher", "ds_inactive_threshold", 10) #How many > sucessful pings in a row do we need before considering it up > modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables > stats on latency > modparam("dispatcher", "ds_probing_mode", 1) #Keeps > pinging gateways when state is known (to detect change in state) > > Best Regards. > > On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < > david.villasmil.work@gmail.com> wrote: > >> Please post the config around the ds_select >> >> What that’s saying is basically it could not find a destination for >> the set you are asking for. >> >> Either because the setid you provide with the function doesn’t >> exist, or the destination is not responding to the pings. >> >> >> On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote: >> >>> Thanks Karsten. The setup consists of client connecting to >>> kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP >>> server (10.0.0.100) over TLS. As per your suggestion, I modified the >>> dispatch list as below >>> >>> # setid(integer) destination(sip uri) flags (integer, optional), >>> priority(int,opt), attrs (str,optional) >>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>> socket=tls:10.0.0.14:5061;ping_from=sip:10.0.0.14 >>> >>> With above, kamailio replies to REGISTER with "SIP/2.0 404 No >>> destination". And in the logs, I see following statement. >>> >>> 1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no >>> destination sets >>> >>> What does this mean? Is kamailio not able to talk to SIP server >>> for some reason? >>> >>> Regards >>> >>> On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann < >>> khorsmann@gmail.com> wrote: >>> >>>> Hi, >>>> >>>> >>>> Your config line for the dispatcher makes no sense for me. >>>> >>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls: >>>> 10.0.0.100:5061;ping_from=sip:10.0.0.14 >>>> >>>> >>>> Means setid 1007 (like an group to arrange multiple targets) >>>> okay. >>>> But sip:10.0.0.100:5061;transport=tls is the dispatcher target >>>> Uri. Where your calls are placed when you call the dispatcher function with >>>> setid 1007. >>>> >>>> In combination with socket=10.0.0.100:5061 (that indicates your >>>> Kamailio socket, the proxy ip) >>>> That you talking with yourself. >>>> >>>> You should read the module documentations for dispatcher and tls. >>>> >>>> Or describe your ip setup and your config a bit more. >>>> >>>> Cheers >>>> Karsten >>>> >>>> sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, >>>> 17:41: >>>> >>>>> Hi Karsten, David, >>>>> >>>>> Thanks for your pointers. Earlier I was using mysql backend >>>>> where the dispatch list was stored. Now following your suggestions, I have >>>>> switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and >>>>> put in the following >>>>> >>>>> # setid(integer) destination(sip uri) flags (integer, optional), >>>>> priority(int,opt), attrs (str,optional) >>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>>>> socket=tls:10.0.0.100:5061;ping_from=sip:10.0.0.14 >>>>> >>>>> Even with this, when HTTP request in, the same is upgraded to WS >>>>> connection. But this gets closed after couple of seconds. Does the below >>>>> log indicate anything? >>>>> >>>>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request] >>>>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit >>>>> 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): >>>>> destroying list (nil) >>>>> >>>>> Is there any way to understand what's happening? I do not see >>>>> any other error lin logs. >>>>> >>>>> Thanks. >>>>> >>>>> >>>>> >>>>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < >>>>> miconda@gmail.com> wrote: >>>>> >>>>>> Hello, >>>>>> On 06.11.19 20:46, Karsten Horsmann wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> the sips Uri schemata is not used for tls with dispatcher. >>>>>> >>>>>> jumping in to clarify a bit about sips protocol schema. It >>>>>> doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is >>>>>> mandating that the traffic goes over secure links, which can be IPSec/VPN >>>>>> or even just private network, so it is ok using UDP or TCP when sips is >>>>>> present. >>>>>> >>>>>> In SIP, if TLS is wanted, then transport=tls has to be added to >>>>>> the URI. >>>>>> >>>>>> As for dispatcher, one more clarification: trasport=tls in >>>>>> attrs has nothing to do with the destination address, so that has to be in >>>>>> the value of the destination field, as Karsten gave in his example. >>>>>> >>>>>> And, as general note: better do not use sips at all, it can >>>>>> mess up some nodes in the path, if you are not sure about the need of sips >>>>>> -- just do uri;trasport=tls. >>>>>> >>>>>> Cheers, >>>>>> Daniel >>>>>> >>>>>> >>>>>> Here an example for flatfile dispatcher.list (need corrected >>>>>> values). >>>>>> >>>>>> The socket line must match an listen directive in your >>>>>> Kamailio.cfg. >>>>>> >>>>>> >>>>>> root@sbc1:~# cat /etc/kamailio/dispatcher.list >>>>>> # setid(integer) destination(sip uri) flags (integer, >>>>>> optional), priority(int,opt), attrs (str,optional) >>>>>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >>>>>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain >>>>>> >>>>>> Cheers >>>>>> Karsten >>>>>> >>>>>> sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, >>>>>> 20:32: >>>>>> >>>>>>> I have a basic setup where kamailio receives SIP over >>>>>>> websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS >>>>>>> in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and >>>>>>> transport=tls. >>>>>>> >>>>>>> >>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>> | id | setid | destination | flags | priority | >>>>>>> attrs | description | >>>>>>> >>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | >>>>>>> transport=tls | SIP SERVER | >>>>>>> >>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>> >>>>>>> Now when REGISTER is received over websocket, kamailio is >>>>>>> responding with error code 500 and phrase "500 I'm terribly sorry, server >>>>>>> error occurred (7/SL)". And on the console I see the following error >>>>>>> messages. >>>>>>> >>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>> <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >>>>>>> f1ecf7bcb659b07fe81e332e100044e5 >>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 >>>>>>> (tls:10.0.0.100:5061) >>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >>>>>>> corresponding listening socket) >>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) >>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >>>>>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >>>>>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 >>>>>>> n=sl_reply_error >>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>> <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, >>>>>>> hsvmphm3ps12.invalid, 0) >>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >>>>>>> >>>>>>> *tls.cfg contents* >>>>>>> [client:default] >>>>>>> method = TLSv1 >>>>>>> verify_certificate = yes >>>>>>> require_certificate = yes >>>>>>> private_key = /home/test/kamailio/internal.key >>>>>>> certificate = /home/test/kamailio/internal.crt >>>>>>> ca_list = /home/test/kamailio/ca_list.pem >>>>>>> >>>>>>> Any reason why this error is seen? Any inputs appreciated. >>>>>>> >>>>>>> Thanks. >>>>>>> _______________________________________________ >>>>>>> Kamailio (SER) - Users Mailing List >>>>>>> sr-users@lists.kamailio.org >>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>> >>>>>> -- >>>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda >>>>>> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com >>>>>> >>>>>> _______________________________________________ >>>>>> Kamailio (SER) - Users Mailing List >>>>>> sr-users@lists.kamailio.org >>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>> >>>>> _______________________________________________ >>>>> Kamailio (SER) - Users Mailing List >>>>> sr-users@lists.kamailio.org >>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing List >>>> sr-users@lists.kamailio.org >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> -- >> Regards, >> >> David Villasmil >> email: david.villasmil.work@gmail.com >> phone: +34669448337 >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
Well, I was hoping there was a way to proxy from non secure (WS) to secure one (TLS) upstream.
On Sun, Nov 10, 2019 at 6:12 AM David Villasmil < david.villasmil.work@gmail.com> wrote:
You need to have a TLS listen like
https://kamailio.org/docs/tls-1.3.x.html#AEN192
On Sun, 10 Nov 2019 at 00:32, David Villasmil < david.villasmil.work@gmail.com> wrote:
From what you paste, 8080 is not TLS
On Sat, 9 Nov 2019 at 23:29, sthustfo sthustfo@gmail.com wrote:
Kamailio listening on WS only as seen from below log snippet. As I mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards the SIP server.
0(3268) INFO: <core> [core/sctp_core.c:74]: sctp_core_check_support(): SCTP API not enabled - if you want to use it, load sctp module Listening on tcp: 10.0.0.14 [10.0.0.14]:8080 Aliases: *: test.example.com:*
And here is the relevant portion from config file. listen=tcp:10.0.0.14:8080
With the above, I modified dispatcher.list as below # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080 ;ping_from=sip:10.0.0.14
With the above change, I see following in the logs
1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls: 10.0.0.100:5061) 1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:10.0.0.100:5061) 1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found 1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to ping [sip:10.0.0.100:5061;transport=tls] 1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls: 10.0.0.100:5061)
But not attempts to connect to the SIP server.
On Sat, Nov 9, 2019 at 11:48 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please paste the “listen” parameters from the config.
On Sat, 9 Nov 2019 at 18:04, David Villasmil < david.villasmil.work@gmail.com> wrote:
Is kamailio listening in that socket?
On Sat, 9 Nov 2019 at 17:34, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. Instead of SIP server, I ran a simple socket listener program to see if dispatcher is attempting to connect to it or not. But it did not receive any client connection attempts. So after looking at the logs, I found below log statements. Any idea why this might have happened?
0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket tls:10.0.0.14:5061 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping
dispatcher.list file pasted below contains the address. Why would this be an error?
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061; ping_from=sip:10.0.0.14
On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann khorsmann@gmail.com wrote:
> Hi, > > I guess the dispatcher is not able to get an 200 okay from your > upstream tls / sipserver. And so the dispatcher did his job. Find no active > dispatcher targets, then told you that. > > You find more about the dispatcher state with kamctl dispatcher dump > or kamcmd dispatcher.list > > And read the module docu of dispatcher, they explain you the states > of the commands above. > > Hints here: > > Reading dispatcher docu, understand the states, read tls (maybe > that's your root cause). > > > Cheers > Karsten > > sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 14:56: > >> Thanks David. You are right, ds_select_dst() is failing and error >> log is shown. >> >> 9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher >> [dispatch.c:2032]: ds_manage_routes(): no destination sets >> 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** >> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 >> n=xdbg >> 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: >> --- DISPATCH: Dispatcher could not find any destination >> 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** >> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 >> n=send_reply >> >> Here is the config around ds_select_dst() >> >> # Dispatch requests >> route[DISPATCH] { >> # round robin dispatching on gateways group '1' >> if(!ds_select_dst("1007", "4")) { >> xdbg("--- DISPATCH: Dispatcher could not find any >> destination\n"); >> send_reply("404", "No destination"); >> exit; >> } >> t_on_failure("RTF_DISPATCH"); >> route(RELAY); >> exit; >> } >> >> Is there any way to see the logs for communication that happens >> with the destination? As you said, that also could be one of points of >> failure. >> >> BTW, I have set following config for pinging destination. >> >> modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") >> #modparam("dispatcher", "db_url", DBURL) >> #Use DBURL variable for database parameters >> modparam("dispatcher", "ds_ping_interval", 10) #How often >> to ping destinations to check status >> modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP >> Options ping >> modparam("dispatcher", "ds_probing_threshold", 10) #How many >> failed pings in a row do we need before we consider it down >> modparam("dispatcher", "ds_inactive_threshold", 10) #How many >> sucessful pings in a row do we need before considering it up >> modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables >> stats on latency >> modparam("dispatcher", "ds_probing_mode", 1) #Keeps >> pinging gateways when state is known (to detect change in state) >> >> Best Regards. >> >> On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < >> david.villasmil.work@gmail.com> wrote: >> >>> Please post the config around the ds_select >>> >>> What that’s saying is basically it could not find a destination >>> for the set you are asking for. >>> >>> Either because the setid you provide with the function doesn’t >>> exist, or the destination is not responding to the pings. >>> >>> >>> On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote: >>> >>>> Thanks Karsten. The setup consists of client connecting to >>>> kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP >>>> server (10.0.0.100) over TLS. As per your suggestion, I modified the >>>> dispatch list as below >>>> >>>> # setid(integer) destination(sip uri) flags (integer, optional), >>>> priority(int,opt), attrs (str,optional) >>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>>> socket=tls:10.0.0.14:5061;ping_from=sip:10.0.0.14 >>>> >>>> With above, kamailio replies to REGISTER with "SIP/2.0 404 No >>>> destination". And in the logs, I see following statement. >>>> >>>> 1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no >>>> destination sets >>>> >>>> What does this mean? Is kamailio not able to talk to SIP server >>>> for some reason? >>>> >>>> Regards >>>> >>>> On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann < >>>> khorsmann@gmail.com> wrote: >>>> >>>>> Hi, >>>>> >>>>> >>>>> Your config line for the dispatcher makes no sense for me. >>>>> >>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls: >>>>> 10.0.0.100:5061;ping_from=sip:10.0.0.14 >>>>> >>>>> >>>>> Means setid 1007 (like an group to arrange multiple targets) >>>>> okay. >>>>> But sip:10.0.0.100:5061;transport=tls is the dispatcher target >>>>> Uri. Where your calls are placed when you call the dispatcher function with >>>>> setid 1007. >>>>> >>>>> In combination with socket=10.0.0.100:5061 (that indicates your >>>>> Kamailio socket, the proxy ip) >>>>> That you talking with yourself. >>>>> >>>>> You should read the module documentations for dispatcher and >>>>> tls. >>>>> >>>>> Or describe your ip setup and your config a bit more. >>>>> >>>>> Cheers >>>>> Karsten >>>>> >>>>> sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, >>>>> 17:41: >>>>> >>>>>> Hi Karsten, David, >>>>>> >>>>>> Thanks for your pointers. Earlier I was using mysql backend >>>>>> where the dispatch list was stored. Now following your suggestions, I have >>>>>> switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and >>>>>> put in the following >>>>>> >>>>>> # setid(integer) destination(sip uri) flags (integer, >>>>>> optional), priority(int,opt), attrs (str,optional) >>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>>>>> socket=tls:10.0.0.100:5061;ping_from=sip:10.0.0.14 >>>>>> >>>>>> Even with this, when HTTP request in, the same is upgraded to >>>>>> WS connection. But this gets closed after couple of seconds. Does the below >>>>>> log indicate anything? >>>>>> >>>>>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request] >>>>>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit >>>>>> 9(1784) DEBUG: <core> [core/usr_avp.c:636]: >>>>>> destroy_avp_list(): destroying list (nil) >>>>>> >>>>>> Is there any way to understand what's happening? I do not see >>>>>> any other error lin logs. >>>>>> >>>>>> Thanks. >>>>>> >>>>>> >>>>>> >>>>>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < >>>>>> miconda@gmail.com> wrote: >>>>>> >>>>>>> Hello, >>>>>>> On 06.11.19 20:46, Karsten Horsmann wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> the sips Uri schemata is not used for tls with dispatcher. >>>>>>> >>>>>>> jumping in to clarify a bit about sips protocol schema. It >>>>>>> doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is >>>>>>> mandating that the traffic goes over secure links, which can be IPSec/VPN >>>>>>> or even just private network, so it is ok using UDP or TCP when sips is >>>>>>> present. >>>>>>> >>>>>>> In SIP, if TLS is wanted, then transport=tls has to be added >>>>>>> to the URI. >>>>>>> >>>>>>> As for dispatcher, one more clarification: trasport=tls in >>>>>>> attrs has nothing to do with the destination address, so that has to be in >>>>>>> the value of the destination field, as Karsten gave in his example. >>>>>>> >>>>>>> And, as general note: better do not use sips at all, it can >>>>>>> mess up some nodes in the path, if you are not sure about the need of sips >>>>>>> -- just do uri;trasport=tls. >>>>>>> >>>>>>> Cheers, >>>>>>> Daniel >>>>>>> >>>>>>> >>>>>>> Here an example for flatfile dispatcher.list (need corrected >>>>>>> values). >>>>>>> >>>>>>> The socket line must match an listen directive in your >>>>>>> Kamailio.cfg. >>>>>>> >>>>>>> >>>>>>> root@sbc1:~# cat /etc/kamailio/dispatcher.list >>>>>>> # setid(integer) destination(sip uri) flags (integer, >>>>>>> optional), priority(int,opt), attrs (str,optional) >>>>>>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >>>>>>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain >>>>>>> >>>>>>> Cheers >>>>>>> Karsten >>>>>>> >>>>>>> sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, >>>>>>> 20:32: >>>>>>> >>>>>>>> I have a basic setup where kamailio receives SIP over >>>>>>>> websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS >>>>>>>> in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and >>>>>>>> transport=tls. >>>>>>>> >>>>>>>> >>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>> | id | setid | destination | flags | priority | >>>>>>>> attrs | description | >>>>>>>> >>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | >>>>>>>> transport=tls | SIP SERVER | >>>>>>>> >>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>> >>>>>>>> Now when REGISTER is received over websocket, kamailio is >>>>>>>> responding with error code 500 and phrase "500 I'm terribly sorry, server >>>>>>>> error occurred (7/SL)". And on the console I see the following error >>>>>>>> messages. >>>>>>>> >>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>> <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >>>>>>>> f1ecf7bcb659b07fe81e332e100044e5 >>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 >>>>>>>> (tls:10.0.0.100:5061) >>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >>>>>>>> corresponding listening socket) >>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) >>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >>>>>>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >>>>>>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 >>>>>>>> n=sl_reply_error >>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>> <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, >>>>>>>> hsvmphm3ps12.invalid, 0) >>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >>>>>>>> >>>>>>>> *tls.cfg contents* >>>>>>>> [client:default] >>>>>>>> method = TLSv1 >>>>>>>> verify_certificate = yes >>>>>>>> require_certificate = yes >>>>>>>> private_key = /home/test/kamailio/internal.key >>>>>>>> certificate = /home/test/kamailio/internal.crt >>>>>>>> ca_list = /home/test/kamailio/ca_list.pem >>>>>>>> >>>>>>>> Any reason why this error is seen? Any inputs appreciated. >>>>>>>> >>>>>>>> Thanks. >>>>>>>> _______________________________________________ >>>>>>>> Kamailio (SER) - Users Mailing List >>>>>>>> sr-users@lists.kamailio.org >>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>> >>>>>>> -- >>>>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda >>>>>>> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Kamailio (SER) - Users Mailing List >>>>>>> sr-users@lists.kamailio.org >>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>> >>>>>> _______________________________________________ >>>>>> Kamailio (SER) - Users Mailing List >>>>>> sr-users@lists.kamailio.org >>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>> >>>>> _______________________________________________ >>>>> Kamailio (SER) - Users Mailing List >>>>> sr-users@lists.kamailio.org >>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing List >>>> sr-users@lists.kamailio.org >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> -- >>> Regards, >>> >>> David Villasmil >>> email: david.villasmil.work@gmail.com >>> phone: +34669448337 >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi,
AFAIK connection from unencrypted to encrypted needs encryption (here Kamailio with tls socket to talk to your upstream).
Maybe this all in one config example from havfo helps you more:
https://github.com/havfo/WEBRTC-to-SIP/blob/master/README.md
To give you some ideas what you can do and how.
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am So., 10. Nov. 2019, 03:14:
Well, I was hoping there was a way to proxy from non secure (WS) to secure one (TLS) upstream.
On Sun, Nov 10, 2019 at 6:12 AM David Villasmil < david.villasmil.work@gmail.com> wrote:
You need to have a TLS listen like
https://kamailio.org/docs/tls-1.3.x.html#AEN192
On Sun, 10 Nov 2019 at 00:32, David Villasmil < david.villasmil.work@gmail.com> wrote:
From what you paste, 8080 is not TLS
On Sat, 9 Nov 2019 at 23:29, sthustfo sthustfo@gmail.com wrote:
Kamailio listening on WS only as seen from below log snippet. As I mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards the SIP server.
0(3268) INFO: <core> [core/sctp_core.c:74]: sctp_core_check_support(): SCTP API not enabled - if you want to use it, load sctp module Listening on tcp: 10.0.0.14 [10.0.0.14]:8080 Aliases: *: test.example.com:*
And here is the relevant portion from config file. listen=tcp:10.0.0.14:8080
With the above, I modified dispatcher.list as below # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080 ;ping_from=sip:10.0.0.14
With the above change, I see following in the logs
1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls: 10.0.0.100:5061) 1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:10.0.0.100:5061) 1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found 1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to ping [sip:10.0.0.100:5061;transport=tls] 1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls: 10.0.0.100:5061)
But not attempts to connect to the SIP server.
On Sat, Nov 9, 2019 at 11:48 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please paste the “listen” parameters from the config.
On Sat, 9 Nov 2019 at 18:04, David Villasmil < david.villasmil.work@gmail.com> wrote:
Is kamailio listening in that socket?
On Sat, 9 Nov 2019 at 17:34, sthustfo sthustfo@gmail.com wrote:
> Thanks Karsten. Instead of SIP server, I ran a simple socket > listener program to see if dispatcher is attempting to connect to it or > not. But it did not receive any client connection attempts. So after > looking at the logs, I found below log statements. Any idea why this might > have happened? > > 0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local > socket tls:10.0.0.14:5061 > 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): > unable to add destination sip:10.0.0.100:5061;transport=tls to set > 1007 -- skipping > > dispatcher.list file pasted below contains the address. Why would > this be an error? > > # setid(integer) destination(sip uri) flags (integer, optional), > priority(int,opt), attrs (str,optional) > 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061 > ;ping_from=sip:10.0.0.14 > > > On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann khorsmann@gmail.com > wrote: > >> Hi, >> >> I guess the dispatcher is not able to get an 200 okay from your >> upstream tls / sipserver. And so the dispatcher did his job. Find no active >> dispatcher targets, then told you that. >> >> You find more about the dispatcher state with kamctl dispatcher >> dump or kamcmd dispatcher.list >> >> And read the module docu of dispatcher, they explain you the states >> of the commands above. >> >> Hints here: >> >> Reading dispatcher docu, understand the states, read tls (maybe >> that's your root cause). >> >> >> Cheers >> Karsten >> >> sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 14:56: >> >>> Thanks David. You are right, ds_select_dst() is failing and error >>> log is shown. >>> >>> 9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} >>> dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets >>> 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** >>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 >>> n=xdbg >>> 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: >>> --- DISPATCH: Dispatcher could not find any destination >>> 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** >>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 >>> n=send_reply >>> >>> Here is the config around ds_select_dst() >>> >>> # Dispatch requests >>> route[DISPATCH] { >>> # round robin dispatching on gateways group '1' >>> if(!ds_select_dst("1007", "4")) { >>> xdbg("--- DISPATCH: Dispatcher could not find any >>> destination\n"); >>> send_reply("404", "No destination"); >>> exit; >>> } >>> t_on_failure("RTF_DISPATCH"); >>> route(RELAY); >>> exit; >>> } >>> >>> Is there any way to see the logs for communication that happens >>> with the destination? As you said, that also could be one of points of >>> failure. >>> >>> BTW, I have set following config for pinging destination. >>> >>> modparam("dispatcher", "list_file", >>> "/etc/kamailio/dispatcher.list") >>> #modparam("dispatcher", "db_url", DBURL) >>> #Use DBURL variable for database parameters >>> modparam("dispatcher", "ds_ping_interval", 10) #How often >>> to ping destinations to check status >>> modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP >>> Options ping >>> modparam("dispatcher", "ds_probing_threshold", 10) #How many >>> failed pings in a row do we need before we consider it down >>> modparam("dispatcher", "ds_inactive_threshold", 10) #How many >>> sucessful pings in a row do we need before considering it up >>> modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables >>> stats on latency >>> modparam("dispatcher", "ds_probing_mode", 1) #Keeps >>> pinging gateways when state is known (to detect change in state) >>> >>> Best Regards. >>> >>> On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < >>> david.villasmil.work@gmail.com> wrote: >>> >>>> Please post the config around the ds_select >>>> >>>> What that’s saying is basically it could not find a destination >>>> for the set you are asking for. >>>> >>>> Either because the setid you provide with the function doesn’t >>>> exist, or the destination is not responding to the pings. >>>> >>>> >>>> On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote: >>>> >>>>> Thanks Karsten. The setup consists of client connecting to >>>>> kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP >>>>> server (10.0.0.100) over TLS. As per your suggestion, I modified the >>>>> dispatch list as below >>>>> >>>>> # setid(integer) destination(sip uri) flags (integer, optional), >>>>> priority(int,opt), attrs (str,optional) >>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>>>> socket=tls:10.0.0.14:5061;ping_from=sip:10.0.0.14 >>>>> >>>>> With above, kamailio replies to REGISTER with "SIP/2.0 404 No >>>>> destination". And in the logs, I see following statement. >>>>> >>>>> 1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): >>>>> no destination sets >>>>> >>>>> What does this mean? Is kamailio not able to talk to SIP server >>>>> for some reason? >>>>> >>>>> Regards >>>>> >>>>> On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann < >>>>> khorsmann@gmail.com> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>> Your config line for the dispatcher makes no sense for me. >>>>>> >>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls: >>>>>> 10.0.0.100:5061;ping_from=sip:10.0.0.14 >>>>>> >>>>>> >>>>>> Means setid 1007 (like an group to arrange multiple targets) >>>>>> okay. >>>>>> But sip:10.0.0.100:5061;transport=tls is the dispatcher target >>>>>> Uri. Where your calls are placed when you call the dispatcher function with >>>>>> setid 1007. >>>>>> >>>>>> In combination with socket=10.0.0.100:5061 (that indicates >>>>>> your Kamailio socket, the proxy ip) >>>>>> That you talking with yourself. >>>>>> >>>>>> You should read the module documentations for dispatcher and >>>>>> tls. >>>>>> >>>>>> Or describe your ip setup and your config a bit more. >>>>>> >>>>>> Cheers >>>>>> Karsten >>>>>> >>>>>> sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, >>>>>> 17:41: >>>>>> >>>>>>> Hi Karsten, David, >>>>>>> >>>>>>> Thanks for your pointers. Earlier I was using mysql backend >>>>>>> where the dispatch list was stored. Now following your suggestions, I have >>>>>>> switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and >>>>>>> put in the following >>>>>>> >>>>>>> # setid(integer) destination(sip uri) flags (integer, >>>>>>> optional), priority(int,opt), attrs (str,optional) >>>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>>>>>> socket=tls:10.0.0.100:5061;ping_from=sip:10.0.0.14 >>>>>>> >>>>>>> Even with this, when HTTP request in, the same is upgraded to >>>>>>> WS connection. But this gets closed after couple of seconds. Does the below >>>>>>> log indicate anything? >>>>>>> >>>>>>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request] >>>>>>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit >>>>>>> 9(1784) DEBUG: <core> [core/usr_avp.c:636]: >>>>>>> destroy_avp_list(): destroying list (nil) >>>>>>> >>>>>>> Is there any way to understand what's happening? I do not see >>>>>>> any other error lin logs. >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < >>>>>>> miconda@gmail.com> wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> On 06.11.19 20:46, Karsten Horsmann wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> the sips Uri schemata is not used for tls with dispatcher. >>>>>>>> >>>>>>>> jumping in to clarify a bit about sips protocol schema. It >>>>>>>> doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is >>>>>>>> mandating that the traffic goes over secure links, which can be IPSec/VPN >>>>>>>> or even just private network, so it is ok using UDP or TCP when sips is >>>>>>>> present. >>>>>>>> >>>>>>>> In SIP, if TLS is wanted, then transport=tls has to be added >>>>>>>> to the URI. >>>>>>>> >>>>>>>> As for dispatcher, one more clarification: trasport=tls in >>>>>>>> attrs has nothing to do with the destination address, so that has to be in >>>>>>>> the value of the destination field, as Karsten gave in his example. >>>>>>>> >>>>>>>> And, as general note: better do not use sips at all, it can >>>>>>>> mess up some nodes in the path, if you are not sure about the need of sips >>>>>>>> -- just do uri;trasport=tls. >>>>>>>> >>>>>>>> Cheers, >>>>>>>> Daniel >>>>>>>> >>>>>>>> >>>>>>>> Here an example for flatfile dispatcher.list (need corrected >>>>>>>> values). >>>>>>>> >>>>>>>> The socket line must match an listen directive in your >>>>>>>> Kamailio.cfg. >>>>>>>> >>>>>>>> >>>>>>>> root@sbc1:~# cat /etc/kamailio/dispatcher.list >>>>>>>> # setid(integer) destination(sip uri) flags (integer, >>>>>>>> optional), priority(int,opt), attrs (str,optional) >>>>>>>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >>>>>>>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain >>>>>>>> >>>>>>>> Cheers >>>>>>>> Karsten >>>>>>>> >>>>>>>> sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, >>>>>>>> 20:32: >>>>>>>> >>>>>>>>> I have a basic setup where kamailio receives SIP over >>>>>>>>> websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS >>>>>>>>> in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and >>>>>>>>> transport=tls. >>>>>>>>> >>>>>>>>> >>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>>> | id | setid | destination | flags | priority | >>>>>>>>> attrs | description | >>>>>>>>> >>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>>> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | >>>>>>>>> transport=tls | SIP SERVER | >>>>>>>>> >>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>>> >>>>>>>>> Now when REGISTER is received over websocket, kamailio is >>>>>>>>> responding with error code 500 and phrase "500 I'm terribly sorry, server >>>>>>>>> error occurred (7/SL)". And on the console I see the following error >>>>>>>>> messages. >>>>>>>>> >>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>>> <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >>>>>>>>> f1ecf7bcb659b07fe81e332e100044e5 >>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 >>>>>>>>> (tls:10.0.0.100:5061) >>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >>>>>>>>> corresponding listening socket) >>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) >>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >>>>>>>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >>>>>>>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 >>>>>>>>> n=sl_reply_error >>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>>> <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, >>>>>>>>> hsvmphm3ps12.invalid, 0) >>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>>> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >>>>>>>>> >>>>>>>>> *tls.cfg contents* >>>>>>>>> [client:default] >>>>>>>>> method = TLSv1 >>>>>>>>> verify_certificate = yes >>>>>>>>> require_certificate = yes >>>>>>>>> private_key = /home/test/kamailio/internal.key >>>>>>>>> certificate = /home/test/kamailio/internal.crt >>>>>>>>> ca_list = /home/test/kamailio/ca_list.pem >>>>>>>>> >>>>>>>>> Any reason why this error is seen? Any inputs appreciated. >>>>>>>>> >>>>>>>>> Thanks. >>>>>>>>> _______________________________________________ >>>>>>>>> Kamailio (SER) - Users Mailing List >>>>>>>>> sr-users@lists.kamailio.org >>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>> >>>>>>>> -- >>>>>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda >>>>>>>> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Kamailio (SER) - Users Mailing List >>>>>>>> sr-users@lists.kamailio.org >>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Kamailio (SER) - Users Mailing List >>>>>>> sr-users@lists.kamailio.org >>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>> >>>>>> _______________________________________________ >>>>>> Kamailio (SER) - Users Mailing List >>>>>> sr-users@lists.kamailio.org >>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>> >>>>> _______________________________________________ >>>>> Kamailio (SER) - Users Mailing List >>>>> sr-users@lists.kamailio.org >>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>> -- >>>> Regards, >>>> >>>> David Villasmil >>>> email: david.villasmil.work@gmail.com >>>> phone: +34669448337 >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing List >>>> sr-users@lists.kamailio.org >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Yes you can, it’s totally doable. But you must have one socket for unencrypted and one for encrypted. So you need 2 “listen” one TLS and one TCP.
On Sun, 10 Nov 2019 at 02:16, sthustfo sthustfo@gmail.com wrote:
Well, I was hoping there was a way to proxy from non secure (WS) to secure one (TLS) upstream.
On Sun, Nov 10, 2019 at 6:12 AM David Villasmil < david.villasmil.work@gmail.com> wrote:
You need to have a TLS listen like
https://kamailio.org/docs/tls-1.3.x.html#AEN192
On Sun, 10 Nov 2019 at 00:32, David Villasmil < david.villasmil.work@gmail.com> wrote:
From what you paste, 8080 is not TLS
On Sat, 9 Nov 2019 at 23:29, sthustfo sthustfo@gmail.com wrote:
Kamailio listening on WS only as seen from below log snippet. As I mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards the SIP server.
0(3268) INFO: <core> [core/sctp_core.c:74]: sctp_core_check_support(): SCTP API not enabled - if you want to use it, load sctp module Listening on tcp: 10.0.0.14 [10.0.0.14]:8080 Aliases: *: test.example.com:*
And here is the relevant portion from config file. listen=tcp:10.0.0.14:8080
With the above, I modified dispatcher.list as below # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080 ;ping_from=sip:10.0.0.14
With the above change, I see following in the logs
1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls: 10.0.0.100:5061) 1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:10.0.0.100:5061) 1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found 1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to ping [sip:10.0.0.100:5061;transport=tls] 1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2(): protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls: 10.0.0.100:5061)
But not attempts to connect to the SIP server.
On Sat, Nov 9, 2019 at 11:48 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please paste the “listen” parameters from the config.
On Sat, 9 Nov 2019 at 18:04, David Villasmil < david.villasmil.work@gmail.com> wrote:
Is kamailio listening in that socket?
On Sat, 9 Nov 2019 at 17:34, sthustfo sthustfo@gmail.com wrote:
> Thanks Karsten. Instead of SIP server, I ran a simple socket > listener program to see if dispatcher is attempting to connect to it or > not. But it did not receive any client connection attempts. So after > looking at the logs, I found below log statements. Any idea why this might > have happened? > > 0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local > socket tls:10.0.0.14:5061 > 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): > unable to add destination sip:10.0.0.100:5061;transport=tls to set > 1007 -- skipping > > dispatcher.list file pasted below contains the address. Why would > this be an error? > > # setid(integer) destination(sip uri) flags (integer, optional), > priority(int,opt), attrs (str,optional) > 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061 > ;ping_from=sip:10.0.0.14 > > > On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann khorsmann@gmail.com > wrote: > >> Hi, >> >> I guess the dispatcher is not able to get an 200 okay from your >> upstream tls / sipserver. And so the dispatcher did his job. Find no active >> dispatcher targets, then told you that. >> >> You find more about the dispatcher state with kamctl dispatcher >> dump or kamcmd dispatcher.list >> >> And read the module docu of dispatcher, they explain you the states >> of the commands above. >> >> Hints here: >> >> Reading dispatcher docu, understand the states, read tls (maybe >> that's your root cause). >> >> >> Cheers >> Karsten >> >> sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 14:56: >> >>> Thanks David. You are right, ds_select_dst() is failing and error >>> log is shown. >>> >>> 9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} >>> dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets >>> 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** >>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 >>> n=xdbg >>> 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: >>> --- DISPATCH: Dispatcher could not find any destination >>> 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** >>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 >>> n=send_reply >>> >>> Here is the config around ds_select_dst() >>> >>> # Dispatch requests >>> route[DISPATCH] { >>> # round robin dispatching on gateways group '1' >>> if(!ds_select_dst("1007", "4")) { >>> xdbg("--- DISPATCH: Dispatcher could not find any >>> destination\n"); >>> send_reply("404", "No destination"); >>> exit; >>> } >>> t_on_failure("RTF_DISPATCH"); >>> route(RELAY); >>> exit; >>> } >>> >>> Is there any way to see the logs for communication that happens >>> with the destination? As you said, that also could be one of points of >>> failure. >>> >>> BTW, I have set following config for pinging destination. >>> >>> modparam("dispatcher", "list_file", >>> "/etc/kamailio/dispatcher.list") >>> #modparam("dispatcher", "db_url", DBURL) >>> #Use DBURL variable for database parameters >>> modparam("dispatcher", "ds_ping_interval", 10) #How often >>> to ping destinations to check status >>> modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP >>> Options ping >>> modparam("dispatcher", "ds_probing_threshold", 10) #How many >>> failed pings in a row do we need before we consider it down >>> modparam("dispatcher", "ds_inactive_threshold", 10) #How many >>> sucessful pings in a row do we need before considering it up >>> modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables >>> stats on latency >>> modparam("dispatcher", "ds_probing_mode", 1) #Keeps >>> pinging gateways when state is known (to detect change in state) >>> >>> Best Regards. >>> >>> On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < >>> david.villasmil.work@gmail.com> wrote: >>> >>>> Please post the config around the ds_select >>>> >>>> What that’s saying is basically it could not find a destination >>>> for the set you are asking for. >>>> >>>> Either because the setid you provide with the function doesn’t >>>> exist, or the destination is not responding to the pings. >>>> >>>> >>>> On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote: >>>> >>>>> Thanks Karsten. The setup consists of client connecting to >>>>> kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP >>>>> server (10.0.0.100) over TLS. As per your suggestion, I modified the >>>>> dispatch list as below >>>>> >>>>> # setid(integer) destination(sip uri) flags (integer, optional), >>>>> priority(int,opt), attrs (str,optional) >>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>>>> socket=tls:10.0.0.14:5061;ping_from=sip:10.0.0.14 >>>>> >>>>> With above, kamailio replies to REGISTER with "SIP/2.0 404 No >>>>> destination". And in the logs, I see following statement. >>>>> >>>>> 1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): >>>>> no destination sets >>>>> >>>>> What does this mean? Is kamailio not able to talk to SIP server >>>>> for some reason? >>>>> >>>>> Regards >>>>> >>>>> On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann < >>>>> khorsmann@gmail.com> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>> Your config line for the dispatcher makes no sense for me. >>>>>> >>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls: >>>>>> 10.0.0.100:5061;ping_from=sip:10.0.0.14 >>>>>> >>>>>> >>>>>> Means setid 1007 (like an group to arrange multiple targets) >>>>>> okay. >>>>>> But sip:10.0.0.100:5061;transport=tls is the dispatcher target >>>>>> Uri. Where your calls are placed when you call the dispatcher function with >>>>>> setid 1007. >>>>>> >>>>>> In combination with socket=10.0.0.100:5061 (that indicates >>>>>> your Kamailio socket, the proxy ip) >>>>>> That you talking with yourself. >>>>>> >>>>>> You should read the module documentations for dispatcher and >>>>>> tls. >>>>>> >>>>>> Or describe your ip setup and your config a bit more. >>>>>> >>>>>> Cheers >>>>>> Karsten >>>>>> >>>>>> sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, >>>>>> 17:41: >>>>>> >>>>>>> Hi Karsten, David, >>>>>>> >>>>>>> Thanks for your pointers. Earlier I was using mysql backend >>>>>>> where the dispatch list was stored. Now following your suggestions, I have >>>>>>> switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and >>>>>>> put in the following >>>>>>> >>>>>>> # setid(integer) destination(sip uri) flags (integer, >>>>>>> optional), priority(int,opt), attrs (str,optional) >>>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 >>>>>>> socket=tls:10.0.0.100:5061;ping_from=sip:10.0.0.14 >>>>>>> >>>>>>> Even with this, when HTTP request in, the same is upgraded to >>>>>>> WS connection. But this gets closed after couple of seconds. Does the below >>>>>>> log indicate anything? >>>>>>> >>>>>>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request] >>>>>>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit >>>>>>> 9(1784) DEBUG: <core> [core/usr_avp.c:636]: >>>>>>> destroy_avp_list(): destroying list (nil) >>>>>>> >>>>>>> Is there any way to understand what's happening? I do not see >>>>>>> any other error lin logs. >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < >>>>>>> miconda@gmail.com> wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> On 06.11.19 20:46, Karsten Horsmann wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> the sips Uri schemata is not used for tls with dispatcher. >>>>>>>> >>>>>>>> jumping in to clarify a bit about sips protocol schema. It >>>>>>>> doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is >>>>>>>> mandating that the traffic goes over secure links, which can be IPSec/VPN >>>>>>>> or even just private network, so it is ok using UDP or TCP when sips is >>>>>>>> present. >>>>>>>> >>>>>>>> In SIP, if TLS is wanted, then transport=tls has to be added >>>>>>>> to the URI. >>>>>>>> >>>>>>>> As for dispatcher, one more clarification: trasport=tls in >>>>>>>> attrs has nothing to do with the destination address, so that has to be in >>>>>>>> the value of the destination field, as Karsten gave in his example. >>>>>>>> >>>>>>>> And, as general note: better do not use sips at all, it can >>>>>>>> mess up some nodes in the path, if you are not sure about the need of sips >>>>>>>> -- just do uri;trasport=tls. >>>>>>>> >>>>>>>> Cheers, >>>>>>>> Daniel >>>>>>>> >>>>>>>> >>>>>>>> Here an example for flatfile dispatcher.list (need corrected >>>>>>>> values). >>>>>>>> >>>>>>>> The socket line must match an listen directive in your >>>>>>>> Kamailio.cfg. >>>>>>>> >>>>>>>> >>>>>>>> root@sbc1:~# cat /etc/kamailio/dispatcher.list >>>>>>>> # setid(integer) destination(sip uri) flags (integer, >>>>>>>> optional), priority(int,opt), attrs (str,optional) >>>>>>>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >>>>>>>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain >>>>>>>> >>>>>>>> Cheers >>>>>>>> Karsten >>>>>>>> >>>>>>>> sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, >>>>>>>> 20:32: >>>>>>>> >>>>>>>>> I have a basic setup where kamailio receives SIP over >>>>>>>>> websocket (no WSS) and forwards to SIP server over TLS. I have enabled TLS >>>>>>>>> in kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and >>>>>>>>> transport=tls. >>>>>>>>> >>>>>>>>> >>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>>> | id | setid | destination | flags | priority | >>>>>>>>> attrs | description | >>>>>>>>> >>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>>> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | >>>>>>>>> transport=tls | SIP SERVER | >>>>>>>>> >>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>>>>>>>> >>>>>>>>> Now when REGISTER is received over websocket, kamailio is >>>>>>>>> responding with error code 500 and phrase "500 I'm terribly sorry, server >>>>>>>>> error occurred (7/SL)". And on the console I see the following error >>>>>>>>> messages. >>>>>>>>> >>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>>> <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >>>>>>>>> f1ecf7bcb659b07fe81e332e100044e5 >>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 >>>>>>>>> (tls:10.0.0.100:5061) >>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >>>>>>>>> corresponding listening socket) >>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) >>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>>>>>>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >>>>>>>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >>>>>>>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 >>>>>>>>> n=sl_reply_error >>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>>> <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, >>>>>>>>> hsvmphm3ps12.invalid, 0) >>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>>>>>>>> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >>>>>>>>> >>>>>>>>> *tls.cfg contents* >>>>>>>>> [client:default] >>>>>>>>> method = TLSv1 >>>>>>>>> verify_certificate = yes >>>>>>>>> require_certificate = yes >>>>>>>>> private_key = /home/test/kamailio/internal.key >>>>>>>>> certificate = /home/test/kamailio/internal.crt >>>>>>>>> ca_list = /home/test/kamailio/ca_list.pem >>>>>>>>> >>>>>>>>> Any reason why this error is seen? Any inputs appreciated. >>>>>>>>> >>>>>>>>> Thanks. >>>>>>>>> _______________________________________________ >>>>>>>>> Kamailio (SER) - Users Mailing List >>>>>>>>> sr-users@lists.kamailio.org >>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>> >>>>>>>> -- >>>>>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda >>>>>>>> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Kamailio (SER) - Users Mailing List >>>>>>>> sr-users@lists.kamailio.org >>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Kamailio (SER) - Users Mailing List >>>>>>> sr-users@lists.kamailio.org >>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>>> >>>>>> _______________________________________________ >>>>>> Kamailio (SER) - Users Mailing List >>>>>> sr-users@lists.kamailio.org >>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>>> >>>>> _______________________________________________ >>>>> Kamailio (SER) - Users Mailing List >>>>> sr-users@lists.kamailio.org >>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>> -- >>>> Regards, >>>> >>>> David Villasmil >>>> email: david.villasmil.work@gmail.com >>>> phone: +34669448337 >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing List >>>> sr-users@lists.kamailio.org >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi,
For example you can use the controllflag -c and -f path/to/kamailio.cfg to see on what ports and technologies your Kamailio is listing.
Here you see an test instance only with udp and tcp (no tls).
So if I would try your dispatcher config it wouldn't work (and of course the ips don't match).
BTW for debugging purpose maybe starting with tcp is easier and if that works you can attach tls to your config.
k1:~# kamailio -c -f /etc/kamailio/kamailio.cfg 0(15313) INFO: <core> [core/sctp_core.c:74]: sctp_core_check_support(): SCTP API not enabled - if you want to use it, load sctp module Listening on udp: 10.10.10.1 [10.10.10.1]:5060 udp: 10.10.10.1 [10.10.10.1]:5062 udp: 192.168.122.100 [192.168.122.100]:5060 tcp: 10.10.10.1 [10.10.10.1]:5060 tcp: 192.168.122.100 [192.168.122.100]:5060
sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 18:34:
Thanks Karsten. Instead of SIP server, I ran a simple socket listener program to see if dispatcher is attempting to connect to it or not. But it did not receive any client connection attempts. So after looking at the logs, I found below log statements. Any idea why this might have happened?
0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket tls:10.0.0.14:5061 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping
dispatcher.list file pasted below contains the address. Why would this be an error?
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061; ping_from=sip:10.0.0.14
On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
I guess the dispatcher is not able to get an 200 okay from your upstream tls / sipserver. And so the dispatcher did his job. Find no active dispatcher targets, then told you that.
You find more about the dispatcher state with kamctl dispatcher dump or kamcmd dispatcher.list
And read the module docu of dispatcher, they explain you the states of the commands above.
Hints here:
Reading dispatcher docu, understand the states, read tls (maybe that's your root cause).
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Sa., 9. Nov. 2019, 14:56:
Thanks David. You are right, ds_select_dst() is failing and error log is shown.
9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher [dispatch.c:2032]: ds_manage_routes(): no destination sets 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25 n=xdbg 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: --- DISPATCH: Dispatcher could not find any destination 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} *** cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26 n=send_reply
Here is the config around ds_select_dst()
# Dispatch requests route[DISPATCH] { # round robin dispatching on gateways group '1' if(!ds_select_dst("1007", "4")) { xdbg("--- DISPATCH: Dispatcher could not find any destination\n"); send_reply("404", "No destination"); exit; } t_on_failure("RTF_DISPATCH"); route(RELAY); exit; }
Is there any way to see the logs for communication that happens with the destination? As you said, that also could be one of points of failure.
BTW, I have set following config for pinging destination.
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") #modparam("dispatcher", "db_url", DBURL) #Use DBURL variable for database parameters modparam("dispatcher", "ds_ping_interval", 10) #How often to ping destinations to check status modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP Options ping modparam("dispatcher", "ds_probing_threshold", 10) #How many failed pings in a row do we need before we consider it down modparam("dispatcher", "ds_inactive_threshold", 10) #How many sucessful pings in a row do we need before considering it up modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables stats on latency modparam("dispatcher", "ds_probing_mode", 1) #Keeps pinging gateways when state is known (to detect change in state)
Best Regards.
On Sat, Nov 9, 2019 at 6:32 PM David Villasmil < david.villasmil.work@gmail.com> wrote:
Please post the config around the ds_select
What that’s saying is basically it could not find a destination for the set you are asking for.
Either because the setid you provide with the function doesn’t exist, or the destination is not responding to the pings.
On Sat, 9 Nov 2019 at 10:33, sthustfo sthustfo@gmail.com wrote:
Thanks Karsten. The setup consists of client connecting to kamailio over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list as below
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061 ;ping_from=sip:10.0.0.14
With above, kamailio replies to REGISTER with "SIP/2.0 404 No destination". And in the logs, I see following statement.
1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no destination sets
What does this mean? Is kamailio not able to talk to SIP server for some reason?
Regards
On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann khorsmann@gmail.com wrote:
Hi,
Your config line for the dispatcher makes no sense for me.
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061 ;ping_from=sip:10.0.0.14
Means setid 1007 (like an group to arrange multiple targets) okay. But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri. Where your calls are placed when you call the dispatcher function with setid 1007.
In combination with socket=10.0.0.100:5061 (that indicates your Kamailio socket, the proxy ip) That you talking with yourself.
You should read the module documentations for dispatcher and tls.
Or describe your ip setup and your config a bit more.
Cheers Karsten
sthustfo sthustfo@gmail.com schrieb am Fr., 8. Nov. 2019, 17:41:
> Hi Karsten, David, > > Thanks for your pointers. Earlier I was using mysql backend where > the dispatch list was stored. Now following your suggestions, I have > switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and > put in the following > > # setid(integer) destination(sip uri) flags (integer, optional), > priority(int,opt), attrs (str,optional) > 1007 sip:10.0.0.100:5061;transport=tls 0 3 > socket=tls:10.0.0.100:5061;ping_from=sip:10.0.0.14 > > Even with this, when HTTP request in, the same is upgraded to WS > connection. But this gets closed after couple of seconds. Does the below > log indicate anything? > > 9(1784) exec: *** cfgtrace:request_route=[xhttp:request] > c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit > 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): > destroying list (nil) > > Is there any way to understand what's happening? I do not see any > other error lin logs. > > Thanks. > > > > On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla < > miconda@gmail.com> wrote: > >> Hello, >> On 06.11.19 20:46, Karsten Horsmann wrote: >> >> Hi, >> >> the sips Uri schemata is not used for tls with dispatcher. >> >> jumping in to clarify a bit about sips protocol schema. It doesn't >> imply TLS as one may think HTTPS does it for HTTP. The sips is mandating >> that the traffic goes over secure links, which can be IPSec/VPN or even >> just private network, so it is ok using UDP or TCP when sips is present. >> >> In SIP, if TLS is wanted, then transport=tls has to be added to the >> URI. >> >> As for dispatcher, one more clarification: trasport=tls in attrs >> has nothing to do with the destination address, so that has to be in the >> value of the destination field, as Karsten gave in his example. >> >> And, as general note: better do not use sips at all, it can mess up >> some nodes in the path, if you are not sure about the need of sips -- just >> do uri;trasport=tls. >> >> Cheers, >> Daniel >> >> >> Here an example for flatfile dispatcher.list (need corrected >> values). >> >> The socket line must match an listen directive in your >> Kamailio.cfg. >> >> >> root@sbc1:~# cat /etc/kamailio/dispatcher.list >> # setid(integer) destination(sip uri) flags (integer, optional), >> priority(int,opt), attrs (str,optional) >> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain >> >> Cheers >> Karsten >> >> sthustfo sthustfo@gmail.com schrieb am Mi., 6. Nov. 2019, 20:32: >> >>> I have a basic setup where kamailio receives SIP over websocket >>> (no WSS) and forwards to SIP server over TLS. I have enabled TLS in >>> kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and >>> transport=tls. >>> >>> >>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>> | id | setid | destination | flags | priority | attrs >>> | description | >>> >>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 | >>> transport=tls | SIP SERVER | >>> >>> +----+-------+------------------------+-------+----------+---------------+----------------+ >>> >>> Now when REGISTER is received over websocket, kamailio is >>> responding with error code 500 and phrase "500 I'm terribly sorry, server >>> error occurred (7/SL)". And on the console I see the following error >>> messages. >>> >>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >>> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated: >>> f1ecf7bcb659b07fe81e332e100044e5 >>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 >>> (tls:10.0.0.100:5061) >>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no >>> corresponding listening socket) >>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches >>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7) >>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm >>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed >>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} *** >>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24 >>> n=sl_reply_error >>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core> >>> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14, >>> hsvmphm3ps12.invalid, 0) >>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} >>> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3] >>> >>> *tls.cfg contents* >>> [client:default] >>> method = TLSv1 >>> verify_certificate = yes >>> require_certificate = yes >>> private_key = /home/test/kamailio/internal.key >>> certificate = /home/test/kamailio/internal.crt >>> ca_list = /home/test/kamailio/ca_list.pem >>> >>> Any reason why this error is seen? Any inputs appreciated. >>> >>> Thanks. >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> >> _______________________________________________ >> Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> >> -- >> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda >> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com >> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users