All,
I have just setup kamailio as SPI outbound proxy, in front of Asterisk.
I'm novice with Kamailio, it's the first time I use it.
The setup is working but I need your advises:
1) When I type the "sip show peers" command in ASterisk, I see the ip address of the sip proxy. The qualify (monitoring/keepalive) seems to be sent to the sip proxy and not to the phone. Is there an alternative to directly monitor the phone ?
localhost*CLI> sip show peers phone2a/phone2a * <IP_SIP_PROXY> * D N 53 OK (299 ms)
2) If I use the command "localhost*CLI> sip show peer phone2a" The ip of the phone is visible in the field "Reg. Contact" only. In the field " Addr->IP", it's the IP of the SIP Proxy.
* Name : phone2a Secret : <Set> MD5Secret : <Not set> Remote Secret: <Not set> Context : client2 Subscr.Cont. : <Not set> Language : AMA flags : Unknown Transfer mode: open CallingPres : Presentation Allowed, Not Screened Callgroup : Pickupgroup : MOH Suggest : Mailbox : VM Extension : *97 LastMsgsSent : 32767/65535 Call limit : 0 Max forwards : 0 Dynamic : Yes Callerid : "" <> MaxCallBR : 384 kbps Expire : 554 Insecure : no Force rport : Yes ACL : No DirectMedACL : No T.38 support : No T.38 EC mode : Unknown T.38 MaxDtgrm: -1 DirectMedia : No PromiscRedir : No User=Phone : No Video Support: No Text Support : No Ign SDP ver : No Trust RPID : No Send RPID : No Subscriptions: Yes Overlap dial : Yes DTMFmode : rfc2833 Timer T1 : 500 Timer B : 32000 ToHost : Addr->IP : *<SIP PROXY IP>* Defaddr->IP : (null) Prim.Transp. : UDP Allowed.Trsp : UDP Def. Username: phone2a SIP Options : (none) Codecs : 0xa (gsm|alaw) Codec Order : (gsm:20,alaw:20) Auto-Framing : No Status : OK (299 ms) Useragent : LinphoneAndroid/2.1.2 (eXosip2/3.6.0) Reg. Contact : sip:phone2a@*<IP PHONE>* line=8b1b24fbaaf794a Qualify Freq : 60000 ms Sess-Timers : Accept Sess-Refresh : uas Sess-Expires : 1800 secs Min-Sess : 90 secs RTP Engine : asterisk Parkinglot : Use Reason : No Encryption : No
3) I'm running a fail2ban protection to protect against scanners and my fail2ban is blocking the SIP Proxy when the threshold is reached, which means that all the clients behind the sip outbound proxy are blocked. I think the points 1, 2, 3 are related and if the SIP Proxy could be "transparent"
Here is a debug of a register request, taken on the kamailio server REGISTER sip:pbx-qa.mydomain.com SIP/2.0 Via: SIP/2.0/UDP <IP SIP PROXY>;branch=z9hG4bKfea4.34a8fd83.0 Via: SIP/2.0/UDP 100.96.196.103:4294;received=<IP PHONE>;rport=6738;branch=z9hG4bK1329841729 From: sip:phone2a@mydomain.com;tag=1870152222 To: sip:phone2a@pbx-qa.domain.com Call-ID: 1455540209 CSeq: 2 REGISTER Contact: sip:phone2a@100.96.196.103:4294;line=c6f956d7cdb0eb5 Authorization: Digest username="phone2a", realm="asterisk", nonce="176e8fa1", uri="sip:pbx-qa.domain.com", response="4c68e98p1ea7cb0ee81674a8384ca6e4", algorithm=MD5 Max-Forwards: 69 User-Agent: LinphoneAndroid/2.1.2 (eXosip2/3.6.0) Expires: 600 Content-Length: 0 P-hint: outbound
Any ideas to solve my problem, to get a "more" transparent proxy ?
Regards, Renaud Dubois
-
Renaud Dubois