Topoh module configuration for SIP proxy and SIP registrar

List overview All Threads
Download

newer

older

t_relay_to_udp - 500 server error...

evapi_async_relay() failed

Christian Conus

1 Nov 2017 1 Nov '17

9:19 a.m.

Hello,

I am trying to configure the topoh module for kamailio 5.0.2. I read the documentation but some points are still not clear to me.

The topology of my network is as follow: - Two SIP proxies - Two SIP registrars - Only one SIP proxy is running (the other take over automatically in case the first fails) - Both registrars are running (proxy sends requests to both registrars using round robin algorithm)

Text mode graph of the topology (hope it helps understand):

I tried to enable topoh on SIP proxy only, on both proxy and registrars, with same mask_key everywhere and with different mask_key between proxy and registrars but everytime I could still see parts of the SIP header which was not obfuscated.

My questions are:

- Is it necessary to enable topoh module on each SIP proxy and SIP registrar ? - The mask_key should be the same on each server or it should be different between proxy and registrars? - the mask address should be the same on each server or it should be different between proxy and registrars ?

Thanks in advance for your help, Christian

-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

Show replies by date

Christian Conus

1 Nov 1 Nov

9:45 a.m.

(graph was hidden, sorry )

+-----------+ +----------------+ +--> |SIP Proxy 1+---+ +--> |SIP|Registrar 1 +---+ +----------+ | +-----------+ | | +----------------+ | +--------+ |Virtual IP+---+ +----- +->+Database| +----------+ | +-----------+ | | +----------------+ | +--------+ +--> |SIP Proxy 2+---+ +--> |SIP|Registrar 2 +---+ +-----------+ +----------------+

-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

Daniel-Constantin Mierla

10:21 a.m.

New subject: Topoh module configuration for SIP proxy and SIP registrar

This graph is messed up in the email, you should do fixed with font for it ...

Anyhow, On which side is the sip traffic coming in and going out?

Cheers, Daniel

On 01.11.17 10:45, Christian Conus wrote:

...

(graph was hidden, sorry )
                        +-----------+                      
+----------------+ +--> |SIP Proxy 1+---+ +--> |SIP|Registrar 1 +---+ +----------+ | +-----------+ | | +----------------+ | +--------+ |Virtual IP+---+ +----- +->+Database| +----------+ | +-----------+ | | +----------------+ | +--------+ +--> |SIP Proxy 2+---+ +--> |SIP|Registrar 2 +---+ +-----------+ +----------------+

-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com Kamailio World Conference - www.kamailioworld.com

Christian Conus

11:11 a.m.

Hello Daniel,

Thanks for your answers, I will try again on the lab when it is available (enable topoh only on the SIP proxy)

Sorry for the graph, I finally put it on pastbin https://pastebin.com/QwJ68x1G

The SIP traffic (encrypted unsing TLS) comes from a sip application running on a smartphone (not represented on the graph) and is sent to the SIP proxy (left part of the graph), which is a edge proxy.

Thanks, Christian

-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

Daniel-Constantin Mierla

3:24 p.m.

New subject: Topoh module configuration for SIP proxy and SIP registrar

Hello,

On 01.11.17 12:11, Christian Conus wrote:

...

Hello Daniel,

Thanks for your answers, I will try again on the lab when it is available (enable topoh only on the SIP proxy)

Sorry for the graph, I finally put it on pastbin https://pastebin.com/QwJ68x1G

The SIP traffic (encrypted unsing TLS) comes from a sip application running on a smartphone (not represented on the graph) and is sent to the SIP proxy (left part of the graph), which is a edge proxy.

the proxy is a good place for topoh. You can do it also in registrars and not do it in the proxy if you want to hide side A and side B. If you want also to hide the IP of the registrar, then do it in the proxy.

Cheers, Daniel

Christian Conus

2 Nov 2 Nov

9:54 a.m.

Hello Daniel,

We enabled topoh on the proxy only and ran a test using sipp. In the sipp log we can see that the callee SIP messages header is encrypted as expected but not the caller SIP messages header.

Both caller and callee messages go through the same proxy and our objective is to hide the registrars ip address.

Do you have an idea why caller messages header are not encrypted ?

The sipp logs are copied at the end of this email (the ip address of the registrar that we need to hide is 10.3.3.26).

Thanks, Christian

* --------------- * sipp callee log * ---------------

----------------------------------------------- 2017-11-01 17:16:35.710964 TCP control message received [30] bytes :

Call-ID: 1-3847@127.0.0.1

Problem EAGAIN on socket 12 and poll_idx is 5 Added first buffered message to socket 12 Problem EWOULDBLOCK on socket 12 and poll_idx is 5 Exit problem event on socket 12 Wrote 352 of 352 bytes in an output buffer. ----------------------------------------------- 2017-11-01 17:16:35.728921 TLS message received [456] bytes :

SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 10.3.3.18:5060;received=10.3.3.28;rport=35049;branch=z9hG4bK-3843-1-3 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch;tag=12df09214eac812627c51542f3dfc7e4-7680 Call-ID: 1-3847@127.0.0.1 CSeq: 20 REGISTER WWW-Authenticate: Digest realm="ims-nagra.test", nonce="Wfn0pln583oo/I3SMwWuaFTVoiYtuI57QoPX4IA=", qop="auth", algorithm=SHA-256 Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:35.729116 TLS message sent (635 bytes):

REGISTER sip:test.ch SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:5060;rport;branch=z9hG4bK-3843-1-5 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch Call-ID: 1-3847@127.0.0.1 CSeq: 21 REGISTER Contact: sip:testuser.1@10.3.3.18:5060;transport=TLS Authorization: Digest username="testuser.1@test.ch",realm="ims-nagra.test",cnonce="6b8b4567",nc=00000001,qop=auth,uri="sip:10.3.3.28:5062",nonce="Wfn0pln583oo/I3SMwWuaFTVoiYtuI57QoPX4IA=",response="d5077c99b25ed66d65a74f83ab39539f221af40b4b28507e436ddf85c2c110e5",algorithm=SHA-256 Content-Length: 0 Expires: 3600 User-Agent: sipp

----------------------------------------------- 2017-11-01 17:16:35.797028 TLS message received [578] bytes :

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.18:5060;received=10.3.3.28;rport=35049;branch=z9hG4bK-3843-1-5 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch;tag=12df09214eac812627c51542f3dfc7e4-53f0 Call-ID: 1-3847@127.0.0.1 CSeq: 21 REGISTER Authentication-Info: nextnonce="Wfn0pln583oo/I3SMwWuaFTVoiYtuI57QoPX4IA=", qop=auth, rspauth="d387c74f83d20bbe7341cb8cbd452ad768c6ef4442b250c4875ab5ca62ab34c5", cnonce="6b8b4567", nc=00000001 Contact: sip:testuser.1@10.3.3.18:5060;transport=TLS;expires=3600 Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:40.302899 TLS message received [1862] bytes :

INVITE sip:testuser.1@10.3.3.18:5060;transport=TLS SIP/2.0 Record-Route: sip:10.3.3.28:5062;transport=tls;r2=on;lr=on Record-Route: sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ** Record-Route: sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDi9G3-7vMKF1DKPJMa23M Record-Route: sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ** Record-Route: sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxKcliY7mlaSOkUkHxi3RgxsRFHkl4ZkHFvFvDvIRNHCnPs2idaL3FvsNrE5HwU7EdawfN5kEGtQ** Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bK9721.7c3d00063887cd75c3278cec5812756c.0 Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwNFKFJDvcf9U7ObKcjpiwJxKsaD-ZhDKcCmi2Nm-cCNv2dh-2kF-syMi2C9vsCWK759v2QPKZhM Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmqfi2n1x9nfE9dM-9yD-9C9i7CmEsd1-FC9K7yDiw-F-w4fvs-1x9y6UsOS Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFO5ZIvFvIdMxWCOiw5Bi2H4UsJmiuEOZWBd5FNpE3NpEN58vsiFTICqxsJHsFNU-2ChaF4z From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch CSeq: 50 INVITE Call-ID: 1-3855@10.3.3.18 Max-Forwards: 67 Subject: Performance Test Content-Type: application/sdp Content-Length: 212 Contact: sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdBfxIifaSOkU7JhKcfGZ2m3-FmDvdexdkjkRWiW-WCPEdHZi3ema3-liuE9-dJFZZONxIifaSOkU7JhKcfG59m3-FmDvdecKZ3z User-Agent: sipp

v=0 o=testuser.2 53655765 2353687637 IN IP4 10.3.3.27 s=- c=IN IP4 10.3.3.27 t=0 0 m=audio 46340 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-11,16 a=nortpproxy:yes

----------------------------------------------- 2017-11-01 17:16:40.328930 TLS message sent (1261 bytes):

SIP/2.0 180 Ringing Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bK9721.7c3d00063887cd75c3278cec5812756c.0, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwNFKFJDvcf9U7ObKcjpiwJxKsaD-ZhDKcCmi2Nm-cCNv2dh-2kF-syMi2C9vsCWK759v2QPKZhM, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmqfi2n1x9nfE9dM-9yD-9C9i7CmEsd1-FC9K7yDiw-F-w4fvs-1x9y6UsOS, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFO5ZIvFvIdMxWCOiw5Bi2H4UsJmiuEOZWBd5FNpE3NpEN58vsiFTICqxsJHsFNU-2ChaF4z From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 INVITE Record-Route: sip:10.3.3.28:5062;transport=tls;r2=on;lr=on, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ**, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDi9G3-7vMKF1DKPJMa23M, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ**, sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxKcliY7mlaSOkUkHxi3RgxsRFHkl4ZkHFvFvDvIRNHCnPs2idaL3FvsNrE5HwU7EdawfN5kEGtQ** Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:41.519024 TLS message sent (1541 bytes):

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bK9721.7c3d00063887cd75c3278cec5812756c.0, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwNFKFJDvcf9U7ObKcjpiwJxKsaD-ZhDKcCmi2Nm-cCNv2dh-2kF-syMi2C9vsCWK759v2QPKZhM, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmqfi2n1x9nfE9dM-9yD-9C9i7CmEsd1-FC9K7yDiw-F-w4fvs-1x9y6UsOS, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFO5ZIvFvIdMxWCOiw5Bi2H4UsJmiuEOZWBd5FNpE3NpEN58vsiFTICqxsJHsFNU-2ChaF4z From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 INVITE Contact: sip:testuser.1@10.3.3.18:5060;transport=TLS Record-Route: sip:10.3.3.28:5062;transport=tls;r2=on;lr=on, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ**, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDi9G3-7vMKF1DKPJMa23M, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ**, sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxKcliY7mlaSOkUkHxi3RgxsRFHkl4ZkHFvFvDvIRNHCnPs2idaL3FvsNrE5HwU7EdawfN5kEGtQ** Content-Type: application/sdp Content-Length: 194

v=0 o=testuser.1 53655765 2353687637 IN IP4 10.3.3.18 s=- c=IN IP4 10.3.3.18 t=0 0 m=audio 10004 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-11,16

----------------------------------------------- 2017-11-01 17:16:41.543446 TLS message received [1097] bytes :

ACK sip:testuser.1@10.3.3.18:5060;transport=TLS SIP/2.0 Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bK9721.1f937a4b7874b01c7d6d85f7975d4406.0 Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwiFKFJDvcf9U7ObKcjpiwJxKsaD-ZhFKwHW-9yFE94hv9dOE909-94M-ck2-sjmEsJNEsa2-ShM Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmqfi2n1x9EWEcdFEWimiFvhiskfiFnfEcv1Kwd2v9aOKcvfEs0Nx9y6UsOS Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFOFdpvFvIdMxWCOiw5Bi2H4UsJmiuEOZWBd5FNpE3NpEN58vsiFTICqxsJHsFNU-2ChaFlk From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 ACK Contact: sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdBfxIifaSOkU7JhKcfGZ2m3-FmDvdexdkjkRWiW-WCPEdHZi3ema3-ltQ** Max-Forwards: 67 Subject: Performance Test Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:51.548764 TLS message received [1077] bytes :

BYE sip:testuser.1@10.3.3.18:5060;transport=TLS SIP/2.0 Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bKa721.efe4273ec0740869fe9c7080f78060fe.0 Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwiFKFJDvcf9U7ObKcjpiwJxvsaD-ZfN-wn2vF-3i7Rj-sRm-wJji9aFKsmOvW5N-9a2KckOvDhM Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmlji2n1x9jj-7CWEWv2EWCjE9mOE7n3v9jjvFCjEWH9-saDE70mx9y6UsOS Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFOFdpvFRu5tUNHIUdRuZdRW5clj-PElacMl-NCgU5G2-Ij2U3o* From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 51 BYE Contact: sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdBfxIifaSOkU7JhKcfGZ2m3-FmDvdexdkjkRWiW-WCPEdHZi3ema3-ltQ** Max-Forwards: 67 Subject: Performance Test Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:51.548859 TLS message sent (815 bytes):

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bKa721.efe4273ec0740869fe9c7080f78060fe.0, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwiFKFJDvcf9U7ObKcjpiwJxvsaD-ZfN-wn2vF-3i7Rj-sRm-wJji9aFKsmOvW5N-9a2KckOvDhM, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmlji2n1x9jj-7CWEWv2EWCjE9mOE7n3v9jjvFCjEWH9-saDE70mx9y6UsOS, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFOFdpvFRu5tUNHIUdRuZdRW5clj-PElacMl-NCgU5G2-Ij2U3o* From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 51 BYE Content-Length: 0

----------------------------------------------- 2017-11-01 17:17:00.722035 TCP control message received [30] bytes :

Call-ID: 1-3847@127.0.0.1

----------------------------------------------- 2017-11-01 17:17:00.722170 TLS message sent (349 bytes):

REGISTER sip:test.ch SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:5060;rport;branch=z9hG4bK-3843-1-3 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch Call-ID: 1-3847@127.0.0.1 CSeq: 22 REGISTER Contact: sip:testuser.1@10.3.3.18:5060;transport=TLS Content-Length: 0 Expires: 0 User-Agent: sipp

----------------------------------------------- 2017-11-01 17:17:00.726046 TLS message received [456] bytes :

SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 10.3.3.18:5060;received=10.3.3.28;rport=35049;branch=z9hG4bK-3843-1-3 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch;tag=12df09214eac812627c51542f3dfc7e4-69d8 Call-ID: 1-3847@127.0.0.1 CSeq: 22 REGISTER WWW-Authenticate: Digest realm="ims-nagra.test", nonce="Wfn0v1n585OI/IGR93oaoiZiVO3esRO6QoPY4YA=", qop="auth", algorithm=SHA-256 Content-Length: 0

----------------------------------------------- 2017-11-01 17:17:00.726201 TLS message sent (632 bytes):

REGISTER sip:test.ch SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:5060;rport;branch=z9hG4bK-3843-1-5 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch Call-ID: 1-3847@127.0.0.1 CSeq: 23 REGISTER Contact: sip:testuser.1@10.3.3.18:5060;transport=TLS Authorization: Digest username="testuser.1@test.ch",realm="ims-nagra.test",cnonce="327b23c6",nc=00000001,qop=auth,uri="sip:10.3.3.28:5062",nonce="Wfn0v1n585OI/IGR93oaoiZiVO3esRO6QoPY4YA=",response="284636e649a12db321df3e2feabd65e7d4041695e00bad20755d8ef597e3b609",algorithm=SHA-256 Content-Length: 0 Expires: 0 User-Agent: sipp

----------------------------------------------- 2017-11-01 17:17:00.774895 TLS message received [509] bytes :

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.18:5060;received=10.3.3.28;rport=35049;branch=z9hG4bK-3843-1-5 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch;tag=12df09214eac812627c51542f3dfc7e4-4ca8 Call-ID: 1-3847@127.0.0.1 CSeq: 23 REGISTER Authentication-Info: nextnonce="Wfn0v1n585OI/IGR93oaoiZiVO3esRO6QoPY4YA=", qop=auth, rspauth="bfc50971857cfb46581647dd88a8a698080a9c08cbcfd9f4f674bed6ea3529ac", cnonce="327b23c6", nc=00000001 Content-Length: 0

----------------------------------------------- 2017-11-01 17:17:00.774996 TCP control message sent (30 bytes):

Call-ID: 1-3847@127.0.0.1

* --------------- * sipp caller log * ---------------

Problem EAGAIN on socket 11 and poll_idx is 3 Added first buffered message to socket 11 Problem EWOULDBLOCK on socket 11 and poll_idx is 3 Exit problem event on socket 11 Wrote 352 of 352 bytes in an output buffer. ----------------------------------------------- 2017-11-01 17:16:40.069751 TLS message received [457] bytes :

SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 10.3.3.18:44775;received=10.3.3.28;rport=44775;branch=z9hG4bK-3855-1-0 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: testuser.2 sip:testuser.2@test.ch;tag=748c3ddeba5747be1e35e93e34434dff-c87a Call-ID: 1-3855@10.3.3.18 CSeq: 20 REGISTER WWW-Authenticate: Digest realm="ims-nagra.test", nonce="Wfn0p1n583tLvPvaxWxkPiRvAtlAXEN1bqKxgIA=", qop="auth", algorithm=SHA-256 Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:40.070014 TLS message sent (635 bytes):

REGISTER sip:test.ch SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:44775;rport;branch=z9hG4bK-3855-1-2 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: testuser.2 sip:testuser.2@test.ch Call-ID: 1-3855@10.3.3.18 CSeq: 21 REGISTER Contact: sip:testuser.2@10.3.3.28:44775;transport=TLS Authorization: Digest username="testuser.2@test.ch",realm="ims-nagra.test",cnonce="6b8b4567",nc=00000001,qop=auth,uri="sip:10.3.3.28:5062",nonce="Wfn0p1n583tLvPvaxWxkPiRvAtlAXEN1bqKxgIA=",response="6bfda00015899c3e42737b8bba1c872bd842adea8d2b3e12994955ca6a729d2b",algorithm=SHA-256 Content-Length: 0 Expires: 30 User-Agent: sipp

----------------------------------------------- 2017-11-01 17:16:40.284493 TLS message received [578] bytes :

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.18:44775;received=10.3.3.28;rport=44775;branch=z9hG4bK-3855-1-2 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: testuser.2 sip:testuser.2@test.ch;tag=748c3ddeba5747be1e35e93e34434dff-f74b Call-ID: 1-3855@10.3.3.18 CSeq: 21 REGISTER Authentication-Info: nextnonce="Wfn0p1n583tLvPvaxWxkPiRvAtlAXEN1bqKxgIA=", qop=auth, rspauth="9636046ce4caf63ccdc7cdc326f0dc2cd79dd865d2d6c080145ae9807be02878", cnonce="6b8b4567", nc=00000001 Contact: sip:testuser.2@10.3.3.28:44775;transport=TLS;expires=60 Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:40.284582 TLS message sent (609 bytes):

INVITE sip:testuser.1@test.ch SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:44775;rport;branch=z9hG4bK-3855-1-5 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch CSeq: 50 INVITE Call-ID: 1-3855@10.3.3.18 Max-Forwards: 70 Subject: Performance Test Content-Type: application/sdp Content-Length: 194 Contact: sip:testuser.2@10.3.3.28:44775;transport=TLS User-Agent: sipp

v=0 o=testuser.2 53655765 2353687637 IN IP4 10.3.3.18 s=- c=IN IP4 10.3.3.18 t=0 0 m=audio 20000 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-11,16

----------------------------------------------- 2017-11-01 17:16:40.285602 TLS message received [298] bytes :

SIP/2.0 100 trying -- your call is important to us Via: SIP/2.0/TLS 10.3.3.18:44775;rport=44775;branch=z9hG4bK-3855-1-5;received=10.3.3.28 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch CSeq: 50 INVITE Call-ID: 1-3855@10.3.3.18 Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:40.355019 TLS message received [530] bytes :

SIP/2.0 180 Ringing Via: SIP/2.0/TLS 10.3.3.18:44775;received=10.3.3.28;rport=44775;branch=z9hG4bK-3855-1-5 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 INVITE Record-Route: sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7GO-7vDKPHDvcf2aweDR7O3Tp-6a9neTFh6TpneTFh*, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.26:4060;lr;rps=0, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.28:5062;transport=tls;r2=on;lr=on Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:41.539969 TLS message received [973] bytes :

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.18:44775;received=10.3.3.28;rport=44775;branch=z9hG4bK-3855-1-5 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 INVITE Contact: sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdifxIifaSOkU7JhKclGZ2NmscmfYsEZakBz5p5Bs5H4Z9iuidQlE7JqUNHPsWBj-9-1xd1G-uQfxInlKcBvxsJmscmPsNQlsZGz Record-Route: sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7GO-7vDKPHDvcf2aweDR7O3Tp-6a9neTFh6TpneTFh*, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.26:4060;lr;rps=0, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.28:5062;transport=tls;r2=on;lr=on Content-Type: application/sdp Content-Length: 212

v=0 o=testuser.1 53655765 2353687637 IN IP4 10.3.3.27 s=- c=IN IP4 10.3.3.27 t=0 0 m=audio 50920 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-11,16 a=nortpproxy:yes

----------------------------------------------- 2017-11-01 17:16:41.540188 TLS message sent (779 bytes):

ACK sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdifxIifaSOkU7JhKclGZ2NmscmfYsEZakBz5p5Bs5H4Z9iuidQlE7JqUNHPsWBj-9-1xd1G-uQfxInlKcBvxsJmscmPsNQlsZGz SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:44775;rport;branch=z9hG4bK-3855-1-12 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 ACK Contact: sip:testuser.2@10.3.3.28:44775;transport=TLS Max-Forwards: 70 Route: sip:10.3.3.28:5062;transport=tls;r2=on;lr=on, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.26:4060;lr;rps=0, sip:10.3.3.28;r2=on;lr=on,sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7GO-7vDKPHDvcf2aweDR7O3Tp-6a9neTFh6TpneTFh* Subject: Performance Test Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:51.544521 TLS message sent (773 bytes):

BYE sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdifxIifaSOkU7JhKclGZ2NmscmfYsEZakBz5p5Bs5H4Z9iuidQlE7JqUNHPsWBj-9-1xd1G-uQfxInlKcBvxsJmscmPsNQlsZGz SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:44775;branch=z9hG4bK-3855-1-15 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 51 BYE Contact: sip:testuser.2@10.3.3.28:44775;transport=TLS Max-Forwards: 70 Route: sip:10.3.3.28:5062;transport=tls;r2=on;lr=on, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.26:4060;lr;rps=0, sip:10.3.3.28;r2=on;lr=on,sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7GO-7vDKPHDvcf2aweDR7O3Tp-6a9neTFh6TpneTFh* Subject: Performance Test Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:51.550399 TLS message received [268] bytes :

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.18:44775;received=10.3.3.28;branch=z9hG4bK-3855-1-15 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 51 BYE Content-Length: 0

-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

Daniel-Constantin Mierla

10:19 a.m.

New subject: Topoh module configuration for SIP proxy and SIP registrar

Hello,

in the logs from callee I see the invite has the caller specific header encrypted.

Or do you mean something else. If yes, paste the specific sip message and say which headers you expect to be different.

Cheers, Daniel

On 02.11.17 10:54, Christian Conus wrote:

...

Hello Daniel,

We enabled topoh on the proxy only and ran a test using sipp. In the sipp log we can see that the callee SIP messages header is encrypted as expected but not the caller SIP messages header.

Both caller and callee messages go through the same proxy and our objective is to hide the registrars ip address.

Do you have an idea why caller messages header are not encrypted ?

The sipp logs are copied at the end of this email (the ip address of the registrar that we need to hide is 10.3.3.26).

Thanks, Christian

sipp callee log

----------------------------------------------- 2017-11-01 17:16:35.710964 TCP control message received [30] bytes :

Call-ID: 1-3847@127.0.0.1

Problem EAGAIN on socket 12 and poll_idx is 5 Added first buffered message to socket 12 Problem EWOULDBLOCK on socket 12 and poll_idx is 5 Exit problem event on socket 12 Wrote 352 of 352 bytes in an output buffer. ----------------------------------------------- 2017-11-01 17:16:35.728921 TLS message received [456] bytes :

SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 10.3.3.18:5060;received=10.3.3.28;rport=35049;branch=z9hG4bK-3843-1-3 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch;tag=12df09214eac812627c51542f3dfc7e4-7680 Call-ID: 1-3847@127.0.0.1 CSeq: 20 REGISTER WWW-Authenticate: Digest realm="ims-nagra.test", nonce="Wfn0pln583oo/I3SMwWuaFTVoiYtuI57QoPX4IA=", qop="auth", algorithm=SHA-256 Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:35.729116 TLS message sent (635 bytes):

REGISTER sip:test.ch SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:5060;rport;branch=z9hG4bK-3843-1-5 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch Call-ID: 1-3847@127.0.0.1 CSeq: 21 REGISTER Contact: sip:testuser.1@10.3.3.18:5060;transport=TLS Authorization: Digest username="testuser.1@test.ch",realm="ims-nagra.test",cnonce="6b8b4567",nc=00000001,qop=auth,uri="sip:10.3.3.28:5062",nonce="Wfn0pln583oo/I3SMwWuaFTVoiYtuI57QoPX4IA=",response="d5077c99b25ed66d65a74f83ab39539f221af40b4b28507e436ddf85c2c110e5",algorithm=SHA-256 Content-Length: 0 Expires: 3600 User-Agent: sipp

----------------------------------------------- 2017-11-01 17:16:35.797028 TLS message received [578] bytes :

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.18:5060;received=10.3.3.28;rport=35049;branch=z9hG4bK-3843-1-5 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch;tag=12df09214eac812627c51542f3dfc7e4-53f0 Call-ID: 1-3847@127.0.0.1 CSeq: 21 REGISTER Authentication-Info: nextnonce="Wfn0pln583oo/I3SMwWuaFTVoiYtuI57QoPX4IA=", qop=auth, rspauth="d387c74f83d20bbe7341cb8cbd452ad768c6ef4442b250c4875ab5ca62ab34c5", cnonce="6b8b4567", nc=00000001 Contact: sip:testuser.1@10.3.3.18:5060;transport=TLS;expires=3600 Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:40.302899 TLS message received [1862] bytes :

INVITE sip:testuser.1@10.3.3.18:5060;transport=TLS SIP/2.0 Record-Route: sip:10.3.3.28:5062;transport=tls;r2=on;lr=on Record-Route: sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ** Record-Route: sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDi9G3-7vMKF1DKPJMa23M Record-Route: sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ** Record-Route: sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxKcliY7mlaSOkUkHxi3RgxsRFHkl4ZkHFvFvDvIRNHCnPs2idaL3FvsNrE5HwU7EdawfN5kEGtQ** Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bK9721.7c3d00063887cd75c3278cec5812756c.0 Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwNFKFJDvcf9U7ObKcjpiwJxKsaD-ZhDKcCmi2Nm-cCNv2dh-2kF-syMi2C9vsCWK759v2QPKZhM Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmqfi2n1x9nfE9dM-9yD-9C9i7CmEsd1-FC9K7yDiw-F-w4fvs-1x9y6UsOS Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFO5ZIvFvIdMxWCOiw5Bi2H4UsJmiuEOZWBd5FNpE3NpEN58vsiFTICqxsJHsFNU-2ChaF4z From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch CSeq: 50 INVITE Call-ID: 1-3855@10.3.3.18 Max-Forwards: 67 Subject: Performance Test Content-Type: application/sdp Content-Length: 212 Contact: sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdBfxIifaSOkU7JhKcfGZ2m3-FmDvdexdkjkRWiW-WCPEdHZi3ema3-liuE9-dJFZZONxIifaSOkU7JhKcfG59m3-FmDvdecKZ3z User-Agent: sipp

v=0 o=testuser.2 53655765 2353687637 IN IP4 10.3.3.27 s=- c=IN IP4 10.3.3.27 t=0 0 m=audio 46340 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-11,16 a=nortpproxy:yes

----------------------------------------------- 2017-11-01 17:16:40.328930 TLS message sent (1261 bytes):

SIP/2.0 180 Ringing Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bK9721.7c3d00063887cd75c3278cec5812756c.0, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwNFKFJDvcf9U7ObKcjpiwJxKsaD-ZhDKcCmi2Nm-cCNv2dh-2kF-syMi2C9vsCWK759v2QPKZhM, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmqfi2n1x9nfE9dM-9yD-9C9i7CmEsd1-FC9K7yDiw-F-w4fvs-1x9y6UsOS, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFO5ZIvFvIdMxWCOiw5Bi2H4UsJmiuEOZWBd5FNpE3NpEN58vsiFTICqxsJHsFNU-2ChaF4z From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 INVITE Record-Route: sip:10.3.3.28:5062;transport=tls;r2=on;lr=on, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ**, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDi9G3-7vMKF1DKPJMa23M, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ**, sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxKcliY7mlaSOkUkHxi3RgxsRFHkl4ZkHFvFvDvIRNHCnPs2idaL3FvsNrE5HwU7EdawfN5kEGtQ** Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:41.519024 TLS message sent (1541 bytes):

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bK9721.7c3d00063887cd75c3278cec5812756c.0, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwNFKFJDvcf9U7ObKcjpiwJxKsaD-ZhDKcCmi2Nm-cCNv2dh-2kF-syMi2C9vsCWK759v2QPKZhM, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmqfi2n1x9nfE9dM-9yD-9C9i7CmEsd1-FC9K7yDiw-F-w4fvs-1x9y6UsOS, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFO5ZIvFvIdMxWCOiw5Bi2H4UsJmiuEOZWBd5FNpE3NpEN58vsiFTICqxsJHsFNU-2ChaF4z From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 INVITE Contact: sip:testuser.1@10.3.3.18:5060;transport=TLS Record-Route: sip:10.3.3.28:5062;transport=tls;r2=on;lr=on, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ**, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDi9G3-7vMKF1DKPJMa23M, sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7lD-9O.T9lqa9O.TQ**, sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxKcliY7mlaSOkUkHxi3RgxsRFHkl4ZkHFvFvDvIRNHCnPs2idaL3FvsNrE5HwU7EdawfN5kEGtQ** Content-Type: application/sdp Content-Length: 194

v=0 o=testuser.1 53655765 2353687637 IN IP4 10.3.3.18 s=- c=IN IP4 10.3.3.18 t=0 0 m=audio 10004 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-11,16

----------------------------------------------- 2017-11-01 17:16:41.543446 TLS message received [1097] bytes :

ACK sip:testuser.1@10.3.3.18:5060;transport=TLS SIP/2.0 Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bK9721.1f937a4b7874b01c7d6d85f7975d4406.0 Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwiFKFJDvcf9U7ObKcjpiwJxKsaD-ZhFKwHW-9yFE94hv9dOE909-94M-ck2-sjmEsJNEsa2-ShM Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmqfi2n1x9EWEcdFEWimiFvhiskfiFnfEcv1Kwd2v9aOKcvfEs0Nx9y6UsOS Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFOFdpvFvIdMxWCOiw5Bi2H4UsJmiuEOZWBd5FNpE3NpEN58vsiFTICqxsJHsFNU-2ChaFlk From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 ACK Contact: sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdBfxIifaSOkU7JhKcfGZ2m3-FmDvdexdkjkRWiW-WCPEdHZi3ema3-ltQ** Max-Forwards: 67 Subject: Performance Test Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:51.548764 TLS message received [1077] bytes :

BYE sip:testuser.1@10.3.3.18:5060;transport=TLS SIP/2.0 Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bKa721.efe4273ec0740869fe9c7080f78060fe.0 Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwiFKFJDvcf9U7ObKcjpiwJxvsaD-ZfN-wn2vF-3i7Rj-sRm-wJji9aFKsmOvW5N-9a2KckOvDhM Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmlji2n1x9jj-7CWEWv2EWCjE9mOE7n3v9jjvFCjEWH9-saDE70mx9y6UsOS Via: SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFOFdpvFRu5tUNHIUdRuZdRW5clj-PElacMl-NCgU5G2-Ij2U3o* From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 51 BYE Contact: sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdBfxIifaSOkU7JhKcfGZ2m3-FmDvdexdkjkRWiW-WCPEdHZi3ema3-ltQ** Max-Forwards: 67 Subject: Performance Test Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:51.548859 TLS message sent (815 bytes):

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.28:5062;branch=z9hG4bKa721.efe4273ec0740869fe9c7080f78060fe.0, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nFK94Mi9y65kQeEwiFKFJDvcf9U7ObKcjpiwJxvsaD-ZfN-wn2vF-3i7Rj-sRm-wJji9aFKsmOvW5N-9a2KckOvDhM, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-syr-Dh2x9nhKPJMTPJ3gsdMi9y6vuJjTWiGgIGfUka3vmlji2n1x9jj-7CWEWv2EWCjE9mOE7n3v9jjvFCjEWH9-saDE70mx9y6UsOS, SIP/2.0/UDP 255.255.255.255;vth=vth-d3N4x2nr-Le5HCyQ-9dOx9nOiZhDisdr-9dOKPE3U7OFRwQlE7iKipQDTunlsw5ma3-ldZO2YInlHwQDY7N8Ukqfi7iB-WCgZO0tsuEwidJZ525lEPi8sIQfxInlHwjkZ2RqECGPsFOFdpvFRu5tUNHIUdRuZdRW5clj-PElacMl-NCgU5G2-Ij2U3o* From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 51 BYE Content-Length: 0

----------------------------------------------- 2017-11-01 17:17:00.722035 TCP control message received [30] bytes :

Call-ID: 1-3847@127.0.0.1

----------------------------------------------- 2017-11-01 17:17:00.722170 TLS message sent (349 bytes):

REGISTER sip:test.ch SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:5060;rport;branch=z9hG4bK-3843-1-3 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch Call-ID: 1-3847@127.0.0.1 CSeq: 22 REGISTER Contact: sip:testuser.1@10.3.3.18:5060;transport=TLS Content-Length: 0 Expires: 0 User-Agent: sipp

----------------------------------------------- 2017-11-01 17:17:00.726046 TLS message received [456] bytes :

SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 10.3.3.18:5060;received=10.3.3.28;rport=35049;branch=z9hG4bK-3843-1-3 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch;tag=12df09214eac812627c51542f3dfc7e4-69d8 Call-ID: 1-3847@127.0.0.1 CSeq: 22 REGISTER WWW-Authenticate: Digest realm="ims-nagra.test", nonce="Wfn0v1n585OI/IGR93oaoiZiVO3esRO6QoPY4YA=", qop="auth", algorithm=SHA-256 Content-Length: 0

----------------------------------------------- 2017-11-01 17:17:00.726201 TLS message sent (632 bytes):

REGISTER sip:test.ch SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:5060;rport;branch=z9hG4bK-3843-1-5 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch Call-ID: 1-3847@127.0.0.1 CSeq: 23 REGISTER Contact: sip:testuser.1@10.3.3.18:5060;transport=TLS Authorization: Digest username="testuser.1@test.ch",realm="ims-nagra.test",cnonce="327b23c6",nc=00000001,qop=auth,uri="sip:10.3.3.28:5062",nonce="Wfn0v1n585OI/IGR93oaoiZiVO3esRO6QoPY4YA=",response="284636e649a12db321df3e2feabd65e7d4041695e00bad20755d8ef597e3b609",algorithm=SHA-256 Content-Length: 0 Expires: 0 User-Agent: sipp

----------------------------------------------- 2017-11-01 17:17:00.774895 TLS message received [509] bytes :

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.18:5060;received=10.3.3.28;rport=35049;branch=z9hG4bK-3843-1-5 From: testuser.1 sip:testuser.1@test.ch;tag=3843SIPpTag071 To: testuser.1 sip:testuser.1@test.ch;tag=12df09214eac812627c51542f3dfc7e4-4ca8 Call-ID: 1-3847@127.0.0.1 CSeq: 23 REGISTER Authentication-Info: nextnonce="Wfn0v1n585OI/IGR93oaoiZiVO3esRO6QoPY4YA=", qop=auth, rspauth="bfc50971857cfb46581647dd88a8a698080a9c08cbcfd9f4f674bed6ea3529ac", cnonce="327b23c6", nc=00000001 Content-Length: 0

----------------------------------------------- 2017-11-01 17:17:00.774996 TCP control message sent (30 bytes):

Call-ID: 1-3847@127.0.0.1

sipp caller log

Problem EAGAIN on socket 11 and poll_idx is 3 Added first buffered message to socket 11 Problem EWOULDBLOCK on socket 11 and poll_idx is 3 Exit problem event on socket 11 Wrote 352 of 352 bytes in an output buffer. ----------------------------------------------- 2017-11-01 17:16:40.069751 TLS message received [457] bytes :

SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 10.3.3.18:44775;received=10.3.3.28;rport=44775;branch=z9hG4bK-3855-1-0 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: testuser.2 sip:testuser.2@test.ch;tag=748c3ddeba5747be1e35e93e34434dff-c87a Call-ID: 1-3855@10.3.3.18 CSeq: 20 REGISTER WWW-Authenticate: Digest realm="ims-nagra.test", nonce="Wfn0p1n583tLvPvaxWxkPiRvAtlAXEN1bqKxgIA=", qop="auth", algorithm=SHA-256 Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:40.070014 TLS message sent (635 bytes):

REGISTER sip:test.ch SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:44775;rport;branch=z9hG4bK-3855-1-2 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: testuser.2 sip:testuser.2@test.ch Call-ID: 1-3855@10.3.3.18 CSeq: 21 REGISTER Contact: sip:testuser.2@10.3.3.28:44775;transport=TLS Authorization: Digest username="testuser.2@test.ch",realm="ims-nagra.test",cnonce="6b8b4567",nc=00000001,qop=auth,uri="sip:10.3.3.28:5062",nonce="Wfn0p1n583tLvPvaxWxkPiRvAtlAXEN1bqKxgIA=",response="6bfda00015899c3e42737b8bba1c872bd842adea8d2b3e12994955ca6a729d2b",algorithm=SHA-256 Content-Length: 0 Expires: 30 User-Agent: sipp

----------------------------------------------- 2017-11-01 17:16:40.284493 TLS message received [578] bytes :

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.18:44775;received=10.3.3.28;rport=44775;branch=z9hG4bK-3855-1-2 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: testuser.2 sip:testuser.2@test.ch;tag=748c3ddeba5747be1e35e93e34434dff-f74b Call-ID: 1-3855@10.3.3.18 CSeq: 21 REGISTER Authentication-Info: nextnonce="Wfn0p1n583tLvPvaxWxkPiRvAtlAXEN1bqKxgIA=", qop=auth, rspauth="9636046ce4caf63ccdc7cdc326f0dc2cd79dd865d2d6c080145ae9807be02878", cnonce="6b8b4567", nc=00000001 Contact: sip:testuser.2@10.3.3.28:44775;transport=TLS;expires=60 Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:40.284582 TLS message sent (609 bytes):

INVITE sip:testuser.1@test.ch SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:44775;rport;branch=z9hG4bK-3855-1-5 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch CSeq: 50 INVITE Call-ID: 1-3855@10.3.3.18 Max-Forwards: 70 Subject: Performance Test Content-Type: application/sdp Content-Length: 194 Contact: sip:testuser.2@10.3.3.28:44775;transport=TLS User-Agent: sipp

v=0 o=testuser.2 53655765 2353687637 IN IP4 10.3.3.18 s=- c=IN IP4 10.3.3.18 t=0 0 m=audio 20000 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-11,16

----------------------------------------------- 2017-11-01 17:16:40.285602 TLS message received [298] bytes :

SIP/2.0 100 trying -- your call is important to us Via: SIP/2.0/TLS 10.3.3.18:44775;rport=44775;branch=z9hG4bK-3855-1-5;received=10.3.3.28 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch CSeq: 50 INVITE Call-ID: 1-3855@10.3.3.18 Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:40.355019 TLS message received [530] bytes :

SIP/2.0 180 Ringing Via: SIP/2.0/TLS 10.3.3.18:44775;received=10.3.3.28;rport=44775;branch=z9hG4bK-3855-1-5 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 INVITE Record-Route: sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7GO-7vDKPHDvcf2aweDR7O3Tp-6a9neTFh6TpneTFh*, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.26:4060;lr;rps=0, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.28:5062;transport=tls;r2=on;lr=on Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:41.539969 TLS message received [973] bytes :

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.18:44775;received=10.3.3.28;rport=44775;branch=z9hG4bK-3855-1-5 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 INVITE Contact: sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdifxIifaSOkU7JhKclGZ2NmscmfYsEZakBz5p5Bs5H4Z9iuidQlE7JqUNHPsWBj-9-1xd1G-uQfxInlKcBvxsJmscmPsNQlsZGz Record-Route: sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7GO-7vDKPHDvcf2aweDR7O3Tp-6a9neTFh6TpneTFh*, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.26:4060;lr;rps=0, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.28:5062;transport=tls;r2=on;lr=on Content-Type: application/sdp Content-Length: 212

v=0 o=testuser.1 53655765 2353687637 IN IP4 10.3.3.27 s=- c=IN IP4 10.3.3.27 t=0 0 m=audio 50920 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-11,16 a=nortpproxy:yes

----------------------------------------------- 2017-11-01 17:16:41.540188 TLS message sent (779 bytes):

ACK sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdifxIifaSOkU7JhKclGZ2NmscmfYsEZakBz5p5Bs5H4Z9iuidQlE7JqUNHPsWBj-9-1xd1G-uQfxInlKcBvxsJmscmPsNQlsZGz SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:44775;rport;branch=z9hG4bK-3855-1-12 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 ACK Contact: sip:testuser.2@10.3.3.28:44775;transport=TLS Max-Forwards: 70 Route: sip:10.3.3.28:5062;transport=tls;r2=on;lr=on, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.26:4060;lr;rps=0, sip:10.3.3.28;r2=on;lr=on,sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7GO-7vDKPHDvcf2aweDR7O3Tp-6a9neTFh6TpneTFh* Subject: Performance Test Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:51.544521 TLS message sent (773 bytes):

BYE sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdifxIifaSOkU7JhKclGZ2NmscmfYsEZakBz5p5Bs5H4Z9iuidQlE7JqUNHPsWBj-9-1xd1G-uQfxInlKcBvxsJmscmPsNQlsZGz SIP/2.0 Via: SIP/2.0/TLS 10.3.3.18:44775;branch=z9hG4bK-3855-1-15 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 51 BYE Contact: sip:testuser.2@10.3.3.28:44775;transport=TLS Max-Forwards: 70 Route: sip:10.3.3.28:5062;transport=tls;r2=on;lr=on, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.26:4060;lr;rps=0, sip:10.3.3.28;r2=on;lr=on,sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7GO-7vDKPHDvcf2aweDR7O3Tp-6a9neTFh6TpneTFh* Subject: Performance Test Content-Length: 0

----------------------------------------------- 2017-11-01 17:16:51.550399 TLS message received [268] bytes :

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.18:44775;received=10.3.3.28;branch=z9hG4bK-3855-1-15 From: testuser.2 sip:testuser.2@test.ch;tag=3855SIPpTag071 To: sip:testuser.1@test.ch;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 51 BYE Content-Length: 0

-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Christian Conus

1:02 p.m.

Hello Daniel,

The headers in the callee logs contains encrypted data which is exactly what I expect but when I look at the caller logs I can see that the headers are partially encrypted and they contain the ip address of the registrar that I want to hide in clear.

In the following message from the caller log, the Record-Route contains the ip 10.3.3.26 which is the registrar. I would expect at least this ip address to be encrypted.

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.3.3.18:44775;received=10.3.3.28;rport=44775;branch=z9hG4bK-3855-1-5 From: testuser.2 <sip:[hidden email]>;tag=3855SIPpTag071 To: <sip:[hidden email]>;tag=3843SIPpTag08b2 Call-ID: 1-3855@10.3.3.18 CSeq: 50 INVITE Contact: sip:255.255.255.255;uph=uth-aFNMK9nOiZhDisdr-9dOx9nOislOawQeRIHGxcCwsmOxRdjKv50nsFCwidHhKdifxIifaSOkU7JhKclGZ2NmscmfYsEZakBz5p5Bs5H4Z9iuidQlE7JqUNHPsWBj-9-1xd1G-uQfxInlKcBvxsJmscmPsNQlsZGz Record-Route: sip:255.255.255.255;uph=uth-aFNMK9kMx9-r-DhDK7GO-7vDKPHDvcf2aweDR7O3Tp-6a9neTFh6TpneTFh*, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.26:4060;lr;rps=0, sip:10.3.3.28;r2=on;lr=on, sip:10.3.3.28:5062;transport=tls;r2=on;lr=on Content-Type: application/sdp Content-Length: 212

The behavior that I expected from the topoh module (enabled on the proxy) was to encrypt headers for all SIP messages for both caller and callee so that the ip address of the registrar never appear in clear in any SIP message going from the SIP proxy to a SIP client.

Thanks, Christian

-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

Christian Conus

7 Nov 7 Nov

9:50 a.m.

Hello Daniel,

Do you have an idea why the SIP messages header are only partially encrypted for the caller ?

Since both SIP clients connects to the same SIP proxy it means that SIP messages go two times through the same proxy (client -> proxy -> registrar -> proxy -> client), is it possible to configure topoh to encrypt headers only for outgoing messages on a particular network interface ?

It is not clear if partially encrypted messages means that the proxy has decryted the already encrypted header parts and encrypted the parts in clear ?

Thanks Christian

-- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

Daniel-Constantin Mierla

8 Nov 8 Nov

8:19 a.m.

New subject: Topoh module configuration for SIP proxy and SIP registrar

Hello,

On 07.11.17 10:50, Christian Conus wrote:

...

Hello Daniel,

Do you have an idea why the SIP messages header are only partially encrypted for the caller ?

Since both SIP clients connects to the same SIP proxy it means that SIP messages go two times through the same proxy (client -> proxy -> registrar -> proxy -> client), is it possible to configure topoh to encrypt headers only for outgoing messages on a particular network interface ?

this is possible only in current development version, you need to add an event_route and based on the target ip or local socket ip you can decide to apply topoh or not:

https://kamailio.org/docs/modules/devel/modules/topos.html#idp44483268

Current development branch will be released as v5.1 in few weeks.

...

It is not clear if partially encrypted messages means that the proxy has decryted the already encrypted header parts and encrypted the parts in clear ?

I will have to look at the code, not remembering by heart what can happen in case of a spiral... The overall goal was to hide the details of caller and callee from each other...

Cheers, Daniel

Daniel-Constantin Mierla

1 Nov 1 Nov

10:14 a.m.

New subject: Topoh module configuration for SIP proxy and SIP registrar

Hello,

On 01.11.17 10:19, Christian Conus wrote:

...

Hello,

I am trying to configure the topoh module for kamailio 5.0.2. I read the documentation but some points are still not clear to me.

The topology of my network is as follow:

Two SIP proxies

Two SIP registrars

Only one SIP proxy is running (the other take over automatically in case

the first fails)

Both registrars are running (proxy sends requests to both registrars using

round robin algorithm)

Text mode graph of the topology (hope it helps understand):

I tried to enable topoh on SIP proxy only, on both proxy and registrars, with same mask_key everywhere and with different mask_key between proxy and registrars but everytime I could still see parts of the SIP header which was not obfuscated.

My questions are:

Is it necessary to enable topoh module on each SIP proxy and SIP registrar

?

You should enable it only on your edge proxy (where you face the traffic from outside world), inside your network makes no sense.

...

The mask_key should be the same on each server or it should be different

between proxy and registrars?

Should be he same only on the servers that are supposed to route the same message at a stage. So should be the same in the proxies. For registrars you likely don't need at all topos, but there should be different.

...

the mask address should be the same on each server or it should be

different between proxy and registrars ?

You can set the address to be the IP address used by that server for SIP traffic.

Cheers, Daniel

2667

Age (days ago)

2674

Last active (days ago)

sr-users@lists.kamailio.org

10 comments

2 participants

tags (0)

participants (2)

Christian Conus
Daniel-Constantin Mierla