Hello good morning ... I am new to this list and I was starting to mess with Kamailio, mainly to set it up as SBC against Teams, in this case.
But I can't get it to work for me. If I launch a call from the Teams, in the Kamailio I see:
1.- In syslog:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
2.- With TCPDUMP:
11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [S.], seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.], ack 187, win 237, length 0 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S], seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.], seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.], ack 187, win 237, length 0 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.], seq 187, ack 1469, win 2053, length 0 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.], seq 1469, ack 188, win 237, length 0 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1470, win 2053, length 0
I can't "receive" anything.
I have generated the certificates and configured in the tls.cfg of the Kamailio:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
Within Kamailio itself I have it configured to return a 200 KeepAlive to Teams when it receives an OPTIONS:
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: <sip: SBC_DNS :5061;transport=tls>\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
And I have measured the record_route for this new one:
record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
I have created a dispatcher.list:
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: SBC_IP :5061;ping_from= sip:SBC_DNS 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS
I think that one of the problems is that I do not send the OPTIONS to the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE.
I don't know if you could help me straighten this out a bit ...
Thank you so much for everything..
a greeting
Wow, so many people want to configure kamailio with MS. First of all i think you need to get sip debug between kamailio and MS. Kamilio has module to save sip traces. This way you will get sip debug decrypted.
On Thu, 16 Apr 2020 at 10:26, sip user sipuser404@gmail.com wrote:
Hello good morning ... I am new to this list and I was starting to mess with Kamailio, mainly to set it up as SBC against Teams, in this case.
But I can't get it to work for me. If I launch a call from the Teams, in the Kamailio I see:
1.- In syslog:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
2.- With TCPDUMP:
11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [S.], seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.], ack 187, win 237, length 0 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S], seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.], seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.], ack 187, win 237, length 0 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.], seq 187, ack 1469, win 2053, length 0 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.], seq 1469, ack 188, win 237, length 0 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1470, win 2053, length 0
I can't "receive" anything.
I have generated the certificates and configured in the tls.cfg of the Kamailio:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
Within Kamailio itself I have it configured to return a 200 KeepAlive to Teams when it receives an OPTIONS:
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: <sip: SBC_DNS:5061;transport=tls>\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
And I have measured the record_route for this new one:
record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
I have created a dispatcher.list:
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: SBC_IP :5061;ping_from= sip:SBC_DNS 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS
I think that one of the problems is that I do not send the OPTIONS to the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE.
I don't know if you could help me straighten this out a bit ...
Thank you so much for everything..
a greeting _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Wow, so many people want to configure kamailio with MS. First of all i think you need to get sip debug between kamailio and MS. Kamilio has module to save sip traces. This way you will get sip debug decrypted.
________________________________ От: sr-users sr-users-bounces@lists.kamailio.org от имени sip user sipuser404@gmail.com Отправлено: 16 апреля 2020 г. 10:19 Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org Тема: [SR-Users] Kamailio like SBC with Teams
Hello good morning ... I am new to this list and I was starting to mess with Kamailio, mainly to set it up as SBC against Teams, in this case.
But I can't get it to work for me. If I launch a call from the Teams, in the Kamailio I see:
1.- In syslog:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
2.- With TCPDUMP:
11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [S.], seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.], ack 187, win 237, length 0 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S], seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.], seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.], ack 187, win 237, length 0 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.], seq 187, ack 1469, win 2053, length 0 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.], seq 1469, ack 188, win 237, length 0 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1470, win 2053, length 0
I can't "receive" anything.
I have generated the certificates and configured in the tls.cfg of the Kamailio:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
Within Kamailio itself I have it configured to return a 200 KeepAlive to Teams when it receives an OPTIONS:
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.comhttp://pstnhub.microsoft.com") { append_hf("Contact: <sip: SBC_DNS :5061;transport=tls>\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
And I have measured the record_route for this new one:
record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
I have created a dispatcher.list:
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1:1:sip:sip.pstnhub.microsoft.comhttp://sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: SBC_IP :5061;ping_from= sip:SBC_DNS 2:1:sip:sip2.pstnhub.microsoft.comhttp://sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS 3:1:sip:sip3.pstnhub.microsoft.comhttp://sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS 4:1:sip:sip-all.pstnhub.microsoft.comhttp://sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS
I think that one of the problems is that I do not send the OPTIONS to the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE.
I don't know if you could help me straighten this out a bit ...
Thank you so much for everything..
a greeting
Hi Nasida.. Thanks for answerd to me...
I've activarted the debugger module, and I see the same:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
I don't see any different.
I know that the module is loaded because I see:
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
When I restart kamailio, but when I "launch" a call from Teams to my Kamailio I only see that.
To configure it, I follow https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make it works..
Any more thing that i can test or do??
Thanks
El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru) escribió:
Wow, so many people want to configure kamailio with MS. First of all i think you need to get sip debug between kamailio and MS. Kamilio has module to save sip traces. This way you will get sip debug decrypted.
*От:* sr-users sr-users-bounces@lists.kamailio.org от имени sip user < sipuser404@gmail.com> *Отправлено:* 16 апреля 2020 г. 10:19 *Кому:* sr-users@lists.kamailio.org sr-users@lists.kamailio.org *Тема:* [SR-Users] Kamailio like SBC with Teams
Hello good morning ... I am new to this list and I was starting to mess with Kamailio, mainly to set it up as SBC against Teams, in this case.
But I can't get it to work for me. If I launch a call from the Teams, in the Kamailio I see:
1.- In syslog:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
2.- With TCPDUMP:
11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [S.], seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.], ack 187, win 237, length 0 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S], seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.], seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.], ack 187, win 237, length 0 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.], seq 187, ack 1469, win 2053, length 0 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.], seq 1469, ack 188, win 237, length 0 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1470, win 2053, length 0
I can't "receive" anything.
I have generated the certificates and configured in the tls.cfg of the Kamailio:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
Within Kamailio itself I have it configured to return a 200 KeepAlive to Teams when it receives an OPTIONS:
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: <sip: SBC_DNS:5061;transport=tls>\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
And I have measured the record_route for this new one:
record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
I have created a dispatcher.list:
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: SBC_IP :5061;ping_from= sip:SBC_DNS 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS
I think that one of the problems is that I do not send the OPTIONS to the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE.
I don't know if you could help me straighten this out a bit ...
Thank you so much for everything..
a greeting _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
The tutorial is pretty clear: You need to add the Contact header only for OPTIONS pings. You need to use the proper Record-Route headers based on the direction of the call. There's no out of the box solution because each setup is different.
If you understand how loose routing works in SIP, then you know how to adjust the config to use record_route_preset(), just as explained in the tutorial. There is also an example of an INVITE that has the right Record-Route headers in the tutorial.
You can choose to use the FQDN for the Record-Route header facing MS and the IP for the Record-Route header facing the carrier or use the FQDN for both Record-Route headers (just like in the tutorialexample). Alternatively, one can try to advertise the FQDN in the listen directive in the config and then the Record-Route headers should be populated automatically.
Regards, Ovidiu Sas
On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com wrote:
Hi Nasida.. Thanks for answerd to me...
I've activarted the debugger module, and I see the same:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
I don't see any different.
I know that the module is loaded because I see:
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
When I restart kamailio, but when I "launch" a call from Teams to my Kamailio I only see that.
To configure it, I follow https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make it works..
Any more thing that i can test or do??
Thanks
El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru) escribió:
Wow, so many people want to configure kamailio with MS. First of all i think you need to get sip debug between kamailio and MS. Kamilio has module to save sip traces. This way you will get sip debug decrypted.
От: sr-users sr-users-bounces@lists.kamailio.org от имени sip user sipuser404@gmail.com Отправлено: 16 апреля 2020 г. 10:19 Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org Тема: [SR-Users] Kamailio like SBC with Teams
Hello good morning ... I am new to this list and I was starting to mess with Kamailio, mainly to set it up as SBC against Teams, in this case.
But I can't get it to work for me. If I launch a call from the Teams, in the Kamailio I see:
1.- In syslog:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30 Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1 Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
2.- With TCPDUMP:
11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [S.], seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.], ack 187, win 237, length 0 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S], seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.], seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.], ack 187, win 237, length 0 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.], seq 187, ack 1469, win 2053, length 0 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.], seq 1469, ack 188, win 237, length 0 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1470, win 2053, length 0
I can't "receive" anything.
I have generated the certificates and configured in the tls.cfg of the Kamailio:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
Within Kamailio itself I have it configured to return a 200 KeepAlive to Teams when it receives an OPTIONS:
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: <sip: SBC_DNS :5061;transport=tls>\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n");}
And I have measured the record_route for this new one:
record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
I have created a dispatcher.list:
# setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: SBC_IP :5061;ping_from= sip:SBC_DNS 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS
I think that one of the problems is that I do not send the OPTIONS to the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE.
I don't know if you could help me straighten this out a bit ...
Thank you so much for everything..
a greeting _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi SIP User/anonymous/one-time-visitor/,
Your TLS config isn't correct. The article clearly says verify/require_certificate must be set to 'yes'
*kamcmd tls.list* Does it show any 'established' connections with MS proxy?
Good luck,
--Sergiu
On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas osas@voipembedded.com wrote:
The tutorial is pretty clear: You need to add the Contact header only for OPTIONS pings. You need to use the proper Record-Route headers based on the direction of the call. There's no out of the box solution because each setup is different.
If you understand how loose routing works in SIP, then you know how to adjust the config to use record_route_preset(), just as explained in the tutorial. There is also an example of an INVITE that has the right Record-Route headers in the tutorial.
You can choose to use the FQDN for the Record-Route header facing MS and the IP for the Record-Route header facing the carrier or use the FQDN for both Record-Route headers (just like in the tutorialexample). Alternatively, one can try to advertise the FQDN in the listen directive in the config and then the Record-Route headers should be populated automatically.
Regards, Ovidiu Sas
On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com wrote:
Hi Nasida.. Thanks for answerd to me...
I've activarted the debugger module, and I see the same:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
I don't see any different.
I know that the module is loaded because I see:
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE]
c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
When I restart kamailio, but when I "launch" a call from Teams to my
Kamailio I only see that.
To configure it, I follow https://skalatan.de/en/blog/kamailio-sbc-teams..
But I cannot make it works..
Any more thing that i can test or do??
Thanks
El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru)
escribió:
Wow, so many people want to configure kamailio with MS. First of all i
think you need to get sip debug between kamailio and MS. Kamilio has module to save sip traces. This way you will get sip debug decrypted.
От: sr-users sr-users-bounces@lists.kamailio.org от имени sip user <
sipuser404@gmail.com>
Отправлено: 16 апреля 2020 г. 10:19 Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org Тема: [SR-Users] Kamailio like SBC with Teams
Hello good morning ... I am new to this list and I was starting to mess
with Kamailio, mainly to set it up as SBC against Teams, in this case.
But I can't get it to work for me. If I launch a call from the Teams,
in the Kamailio I see:
1.- In syslog:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
2.- With TCPDUMP:
11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq
261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [S.],
seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.],
ack 1, win 2053, length 0
11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [P.],
seq 1:187, ack 1, win 2053, length 186
11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.],
ack 187, win 237, length 0
11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [P.],
seq 1:1469, ack 187, win 237, length 1468
11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.],
ack 1469, win 2053, length 0
11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S],
seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.],
seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1, win 2053, length 0
11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.],
seq 1:187, ack 1, win 2053, length 186
11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.],
ack 187, win 237, length 0
11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.],
seq 1:1469, ack 187, win 237, length 1468
11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1469, win 2053, length 0
11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.],
seq 187, ack 1469, win 2053, length 0
11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.],
seq 1469, ack 188, win 237, length 0
11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1470, win 2053, length 0
I can't "receive" anything.
I have generated the certificates and configured in the tls.cfg of the
Kamailio:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
Within Kamailio itself I have it configured to return a 200 KeepAlive
to Teams when it receives an OPTIONS:
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: <sip: SBC_DNS:5061;transport=tls>\r\n");
} xlog("L_INFO", "Sent out tm request: $mb\n");}
And I have measured the record_route for this new one:
record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
I have created a dispatcher.list:
# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: SBC_IP
:5061;ping_from= sip:SBC_DNS
2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
I think that one of the problems is that I do not send the OPTIONS to
the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE.
I don't know if you could help me straighten this out a bit ...
Thank you so much for everything..
a greeting _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- VoIP Embedded, Inc. http://www.voipembedded.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi Sergiu..
I've made many test and many change...
In tls.cfg I have this:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
But when I make Kamcmd tls.list I have not response.. Not show me anything.
Problem with certificated??
Thanks
El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (pojogas@gmail.com) escribió:
Hi SIP User/anonymous/one-time-visitor/,
Your TLS config isn't correct. The article clearly says verify/require_certificate must be set to 'yes'
*kamcmd tls.list* Does it show any 'established' connections with MS proxy?
Good luck,
--Sergiu
On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas osas@voipembedded.com wrote:
The tutorial is pretty clear: You need to add the Contact header only for OPTIONS pings. You need to use the proper Record-Route headers based on the direction of the call. There's no out of the box solution because each setup is different.
If you understand how loose routing works in SIP, then you know how to adjust the config to use record_route_preset(), just as explained in the tutorial. There is also an example of an INVITE that has the right Record-Route headers in the tutorial.
You can choose to use the FQDN for the Record-Route header facing MS and the IP for the Record-Route header facing the carrier or use the FQDN for both Record-Route headers (just like in the tutorialexample). Alternatively, one can try to advertise the FQDN in the listen directive in the config and then the Record-Route headers should be populated automatically.
Regards, Ovidiu Sas
On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com wrote:
Hi Nasida.. Thanks for answerd to me...
I've activarted the debugger module, and I see the same:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
I don't see any different.
I know that the module is loaded because I see:
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE]
c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
When I restart kamailio, but when I "launch" a call from Teams to my
Kamailio I only see that.
To configure it, I follow
https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make it works..
Any more thing that i can test or do??
Thanks
El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru)
escribió:
Wow, so many people want to configure kamailio with MS. First of all i
think you need to get sip debug between kamailio and MS. Kamilio has module to save sip traces. This way you will get sip debug decrypted.
От: sr-users sr-users-bounces@lists.kamailio.org от имени sip user <
sipuser404@gmail.com>
Отправлено: 16 апреля 2020 г. 10:19 Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org Тема: [SR-Users] Kamailio like SBC with Teams
Hello good morning ... I am new to this list and I was starting to
mess with Kamailio, mainly to set it up as SBC against Teams, in this case.
But I can't get it to work for me. If I launch a call from the Teams,
in the Kamailio I see:
1.- In syslog:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
2.- With TCPDUMP:
11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq
261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
[S.], seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.],
ack 1, win 2053, length 0
11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [P.],
seq 1:187, ack 1, win 2053, length 186
11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.],
ack 187, win 237, length 0
11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [P.],
seq 1:1469, ack 187, win 237, length 1468
11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.],
ack 1469, win 2053, length 0
11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S],
seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.],
seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1, win 2053, length 0
11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.],
seq 1:187, ack 1, win 2053, length 186
11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.],
ack 187, win 237, length 0
11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.],
seq 1:1469, ack 187, win 237, length 1468
11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1469, win 2053, length 0
11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.],
seq 187, ack 1469, win 2053, length 0
11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.],
seq 1469, ack 188, win 237, length 0
11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1470, win 2053, length 0
I can't "receive" anything.
I have generated the certificates and configured in the tls.cfg of the
Kamailio:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
Within Kamailio itself I have it configured to return a 200 KeepAlive
to Teams when it receives an OPTIONS:
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: <sip: SBC_DNS:5061;transport=tls>\r\n");
} xlog("L_INFO", "Sent out tm request: $mb\n");}
And I have measured the record_route for this new one:
record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
I have created a dispatcher.list:
# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:
SBC_IP :5061;ping_from= sip:SBC_DNS
2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
I think that one of the problems is that I do not send the OPTIONS to
the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE.
I don't know if you could help me straighten this out a bit ...
Thank you so much for everything..
a greeting _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- VoIP Embedded, Inc. http://www.voipembedded.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Probably. You can get full pcap files using tcpdump and check TLS handshakes usign wireshark. Also it is not really need to check cert on the side of kamailio. You can set (at least for tests) verify_certificate = no require_certificate = no
On Fri, 17 Apr 2020 at 10:02, sip user sipuser404@gmail.com wrote:
Hi Sergiu..
I've made many test and many change...
In tls.cfg I have this:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
But when I make Kamcmd tls.list I have not response.. Not show me anything.
Problem with certificated??
Thanks
El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (pojogas@gmail.com) escribió:
Hi SIP User/anonymous/one-time-visitor/,
Your TLS config isn't correct. The article clearly says verify/require_certificate must be set to 'yes'
*kamcmd tls.list* Does it show any 'established' connections with MS proxy?
Good luck,
--Sergiu
On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas osas@voipembedded.com wrote:
The tutorial is pretty clear: You need to add the Contact header only for OPTIONS pings. You need to use the proper Record-Route headers based on the direction of the call. There's no out of the box solution because each setup is different.
If you understand how loose routing works in SIP, then you know how to adjust the config to use record_route_preset(), just as explained in the tutorial. There is also an example of an INVITE that has the right Record-Route headers in the tutorial.
You can choose to use the FQDN for the Record-Route header facing MS and the IP for the Record-Route header facing the carrier or use the FQDN for both Record-Route headers (just like in the tutorialexample). Alternatively, one can try to advertise the FQDN in the listen directive in the config and then the Record-Route headers should be populated automatically.
Regards, Ovidiu Sas
On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com wrote:
Hi Nasida.. Thanks for answerd to me...
I've activarted the debugger module, and I see the same:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
I don't see any different.
I know that the module is loaded because I see:
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE]
c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
When I restart kamailio, but when I "launch" a call from Teams to my
Kamailio I only see that.
To configure it, I follow
https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make it works..
Any more thing that i can test or do??
Thanks
El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru)
escribió:
Wow, so many people want to configure kamailio with MS. First of all
i think you need to get sip debug between kamailio and MS. Kamilio has module to save sip traces. This way you will get sip debug decrypted.
От: sr-users sr-users-bounces@lists.kamailio.org от имени sip user
Отправлено: 16 апреля 2020 г. 10:19 Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org Тема: [SR-Users] Kamailio like SBC with Teams
Hello good morning ... I am new to this list and I was starting to
mess with Kamailio, mainly to set it up as SBC against Teams, in this case.
But I can't get it to work for me. If I launch a call from the Teams,
in the Kamailio I see:
1.- In syslog:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
2.- With TCPDUMP:
11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq
261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
[S.], seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags
[.], ack 1, win 2053, length 0
11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags
[P.], seq 1:187, ack 1, win 2053, length 186
11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.],
ack 187, win 237, length 0
11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
[P.], seq 1:1469, ack 187, win 237, length 1468
11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.],
ack 1469, win 2053, length 0
11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S],
seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.],
seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1, win 2053, length 0
11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.],
seq 1:187, ack 1, win 2053, length 186
11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.],
ack 187, win 237, length 0
11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.],
seq 1:1469, ack 187, win 237, length 1468
11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1469, win 2053, length 0
11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.],
seq 187, ack 1469, win 2053, length 0
11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.],
seq 1469, ack 188, win 237, length 0
11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1470, win 2053, length 0
I can't "receive" anything.
I have generated the certificates and configured in the tls.cfg of
the Kamailio:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
Within Kamailio itself I have it configured to return a 200 KeepAlive
to Teams when it receives an OPTIONS:
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: <sip: SBC_DNS:5061;transport=tls>\r\n");
} xlog("L_INFO", "Sent out tm request: $mb\n");}
And I have measured the record_route for this new one:
record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
I have created a dispatcher.list:
# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:
SBC_IP :5061;ping_from= sip:SBC_DNS
2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
I think that one of the problems is that I do not send the OPTIONS to
the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE.
I don't know if you could help me straighten this out a bit ...
Thank you so much for everything..
a greeting _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- VoIP Embedded, Inc. http://www.voipembedded.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi..
Thank you all very much for answering me.
I have made many test:
First, I've installed ssl cert with letsencrypt, like https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/, this one i made it before.
I've configured tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog I received:
Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK66bb.a6291812000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-c14c#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f1449-8481@51.89.23.96#015#012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK59bb.f565cf11000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-3df0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144a-8481@51.89.23.96#015#012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK69bb.212aa3c7000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-bee0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144b-8481@51.89.23.96#015#012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
And If I make kamcmd tls.list, I have no response.
Test two:
If I coonfigure tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog:
Apr 20 17:27:52 vps793907 kernel: [270882.772276] device eth0 left promiscuous mode Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKf62f.0c39c2d0000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-24c6#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd4-8257@51.89.23.96#015#012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK072f.0e9be960000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-5a49#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd5-8257@51.89.23.96#015#012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKd62f.82d8b643000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-d959#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd6-8257@51.89.23.96#015#012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux))
And If I make kamcmd tls.list:
{ id: 1 timeout: 3595 src_ip: 52.114.75.24 src_port: 5061 dst_ip: SBC-IP dst_port: 37531 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 2 timeout: 3596 src_ip: 52.114.132.46 src_port: 5061 dst_ip: SBC-IP dst_port: 33370 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 3 timeout: 3596 src_ip: 52.114.7.24 src_port: 5061 dst_ip: SBC-IP dst_port: 48819 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established }
And with kamcmd dispatcher.list | egrep "URI|FLAGS" I see:
URI: sip:sip.pstnhub.microsoft.com;transport=tls FLAGS: AP URI: sip:sip2.pstnhub.microsoft.com;transport=tls FLAGS: AX URI: sip:sip3.pstnhub.microsoft.com;transport=tls FLAGS: AP
But in Teams Direct Routing I always see my SBC with problems, never active.
In kamailio.cfg I've configure just before request_route:
event_route[tm:local-request] { if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: sip:SBC-DNS:5061;transport=tls\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
I don't know where could be the problem..
Any more else I can test?
Thanks for all..!!
El sáb., 18 abr. 2020 a las 12:39, Yuriy Nasida (ynasida@gmail.com) escribió:
Probably. You can get full pcap files using tcpdump and check TLS handshakes usign wireshark. Also it is not really need to check cert on the side of kamailio. You can set (at least for tests) verify_certificate = no require_certificate = no
On Fri, 17 Apr 2020 at 10:02, sip user sipuser404@gmail.com wrote:
Hi Sergiu..
I've made many test and many change...
In tls.cfg I have this:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
But when I make Kamcmd tls.list I have not response.. Not show me anything.
Problem with certificated??
Thanks
El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (pojogas@gmail.com) escribió:
Hi SIP User/anonymous/one-time-visitor/,
Your TLS config isn't correct. The article clearly says verify/require_certificate must be set to 'yes'
*kamcmd tls.list* Does it show any 'established' connections with MS proxy?
Good luck,
--Sergiu
On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas osas@voipembedded.com wrote:
The tutorial is pretty clear: You need to add the Contact header only for OPTIONS pings. You need to use the proper Record-Route headers based on the direction of the call. There's no out of the box solution because each setup is different.
If you understand how loose routing works in SIP, then you know how to adjust the config to use record_route_preset(), just as explained in the tutorial. There is also an example of an INVITE that has the right Record-Route headers in the tutorial.
You can choose to use the FQDN for the Record-Route header facing MS and the IP for the Record-Route header facing the carrier or use the FQDN for both Record-Route headers (just like in the tutorialexample). Alternatively, one can try to advertise the FQDN in the listen directive in the config and then the Record-Route headers should be populated automatically.
Regards, Ovidiu Sas
On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com wrote:
Hi Nasida.. Thanks for answerd to me...
I've activarted the debugger module, and I see the same:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
I don't see any different.
I know that the module is loaded because I see:
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE]
c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
When I restart kamailio, but when I "launch" a call from Teams to my
Kamailio I only see that.
To configure it, I follow
https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make it works..
Any more thing that i can test or do??
Thanks
El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru)
escribió:
Wow, so many people want to configure kamailio with MS. First of all
i think you need to get sip debug between kamailio and MS. Kamilio has module to save sip traces. This way you will get sip debug decrypted.
От: sr-users sr-users-bounces@lists.kamailio.org от имени sip
user sipuser404@gmail.com
Отправлено: 16 апреля 2020 г. 10:19 Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org Тема: [SR-Users] Kamailio like SBC with Teams
Hello good morning ... I am new to this list and I was starting to
mess with Kamailio, mainly to set it up as SBC against Teams, in this case.
But I can't get it to work for me. If I launch a call from the
Teams, in the Kamailio I see:
1.- In syslog:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
2.- With TCPDUMP:
11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq
261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
[S.], seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags
[.], ack 1, win 2053, length 0
11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags
[P.], seq 1:187, ack 1, win 2053, length 186
11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
[.], ack 187, win 237, length 0
11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
[P.], seq 1:1469, ack 187, win 237, length 1468
11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags
[.], ack 1469, win 2053, length 0
11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S],
seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags
[S.], seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1, win 2053, length 0
11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags
[P.], seq 1:187, ack 1, win 2053, length 186
11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.],
ack 187, win 237, length 0
11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags
[P.], seq 1:1469, ack 187, win 237, length 1468
11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1469, win 2053, length 0
11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags
[F.], seq 187, ack 1469, win 2053, length 0
11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags
[F.], seq 1469, ack 188, win 237, length 0
11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1470, win 2053, length 0
I can't "receive" anything.
I have generated the certificates and configured in the tls.cfg of
the Kamailio:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
Within Kamailio itself I have it configured to return a 200
KeepAlive to Teams when it receives an OPTIONS:
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: <sip: SBC_DNS:5061;transport=tls>\r\n");
} xlog("L_INFO", "Sent out tm request: $mb\n");}
And I have measured the record_route for this new one:
record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
I have created a dispatcher.list:
# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:
SBC_IP :5061;ping_from= sip:SBC_DNS
2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
I think that one of the problems is that I do not send the OPTIONS
to the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE.
I don't know if you could help me straighten this out a bit ...
Thank you so much for everything..
a greeting _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- VoIP Embedded, Inc. http://www.voipembedded.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
ca_list= /etc/letsencrypt/live/FQND/chain.pem
Is that pointing to your Root CA certificate? I highly doubt it. That's probably the reason why you get "tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
On Mon, Apr 20, 2020 at 11:53 AM sip user sipuser404@gmail.com wrote:
Hi..
Thank you all very much for answering me.
I have made many test:
First, I've installed ssl cert with letsencrypt, like https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/, this one i made it before.
I've configured tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog I received:
Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK66bb.a6291812000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-c14c#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f1449-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f1449-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK59bb.f565cf11000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-3df0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144a-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f144a-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK69bb.212aa3c7000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-bee0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144b-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f144b-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
And If I make kamcmd tls.list, I have no response.
Test two:
If I coonfigure tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog:
Apr 20 17:27:52 vps793907 kernel: [270882.772276] device eth0 left promiscuous mode Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKf62f.0c39c2d0000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-24c6#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd4-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd4-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK072f.0e9be960000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-5a49#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd5-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd5-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKd62f.82d8b643000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-d959#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd6-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd6-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux))
And If I make kamcmd tls.list:
{ id: 1 timeout: 3595 src_ip: 52.114.75.24 src_port: 5061 dst_ip: SBC-IP dst_port: 37531 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 2 timeout: 3596 src_ip: 52.114.132.46 src_port: 5061 dst_ip: SBC-IP dst_port: 33370 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 3 timeout: 3596 src_ip: 52.114.7.24 src_port: 5061 dst_ip: SBC-IP dst_port: 48819 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established }
And with kamcmd dispatcher.list | egrep "URI|FLAGS" I see:
URI: sip:sip.pstnhub.microsoft.com;transport=tls FLAGS: AP URI: sip:sip2.pstnhub.microsoft.com;transport=tls FLAGS: AX URI: sip:sip3.pstnhub.microsoft.com;transport=tls FLAGS: AP
But in Teams Direct Routing I always see my SBC with problems, never active.
In kamailio.cfg I've configure just before request_route:
event_route[tm:local-request] { if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: sip:SBC-DNS:5061;transport=tls\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
I don't know where could be the problem..
Any more else I can test?
Thanks for all..!!
El sáb., 18 abr. 2020 a las 12:39, Yuriy Nasida (ynasida@gmail.com) escribió:
Probably. You can get full pcap files using tcpdump and check TLS handshakes usign wireshark. Also it is not really need to check cert on the side of kamailio. You can set (at least for tests) verify_certificate = no require_certificate = no
On Fri, 17 Apr 2020 at 10:02, sip user sipuser404@gmail.com wrote:
Hi Sergiu..
I've made many test and many change...
In tls.cfg I have this:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
But when I make Kamcmd tls.list I have not response.. Not show me anything.
Problem with certificated??
Thanks
El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (pojogas@gmail.com) escribió:
Hi SIP User/anonymous/one-time-visitor/,
Your TLS config isn't correct. The article clearly says verify/require_certificate must be set to 'yes'
*kamcmd tls.list* Does it show any 'established' connections with MS proxy?
Good luck,
--Sergiu
On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas osas@voipembedded.com wrote:
The tutorial is pretty clear: You need to add the Contact header only for OPTIONS pings. You need to use the proper Record-Route headers based on the direction of the call. There's no out of the box solution because each setup is different.
If you understand how loose routing works in SIP, then you know how to adjust the config to use record_route_preset(), just as explained in the tutorial. There is also an example of an INVITE that has the right Record-Route headers in the tutorial.
You can choose to use the FQDN for the Record-Route header facing MS and the IP for the Record-Route header facing the carrier or use the FQDN for both Record-Route headers (just like in the tutorialexample). Alternatively, one can try to advertise the FQDN in the listen directive in the config and then the Record-Route headers should be populated automatically.
Regards, Ovidiu Sas
On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com wrote:
Hi Nasida.. Thanks for answerd to me...
I've activarted the debugger module, and I see the same:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
I don't see any different.
I know that the module is loaded because I see:
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE]
c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
When I restart kamailio, but when I "launch" a call from Teams to my
Kamailio I only see that.
To configure it, I follow
https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make it works..
Any more thing that i can test or do??
Thanks
El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru)
escribió:
> > Wow, so many people want to configure kamailio with MS. First of
all i think you need to get sip debug between kamailio and MS. Kamilio has module to save sip traces. This way you will get sip debug decrypted.
> > > ________________________________ > От: sr-users sr-users-bounces@lists.kamailio.org от имени sip
user sipuser404@gmail.com
> Отправлено: 16 апреля 2020 г. 10:19 > Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org > Тема: [SR-Users] Kamailio like SBC with Teams > > Hello good morning ... I am new to this list and I was starting to
mess with Kamailio, mainly to set it up as SBC against Teams, in this case.
> > But I can't get it to work for me. If I launch a call from the
Teams, in the Kamailio I see:
> > 1.- In syslog: > > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
> Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
> > 2.- With TCPDUMP: > > 11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S],
seq 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
> 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
[S.], seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
> 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags
[.], ack 1, win 2053, length 0
> 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags
[P.], seq 1:187, ack 1, win 2053, length 186
> 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
[.], ack 187, win 237, length 0
> 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
[P.], seq 1:1469, ack 187, win 237, length 1468
> 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags
[.], ack 1469, win 2053, length 0
> 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags
[S], seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
> 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags
[S.], seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
> 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags
[.], ack 1, win 2053, length 0
> 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags
[P.], seq 1:187, ack 1, win 2053, length 186
> 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags
[.], ack 187, win 237, length 0
> 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags
[P.], seq 1:1469, ack 187, win 237, length 1468
> 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags
[.], ack 1469, win 2053, length 0
> 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags
[F.], seq 187, ack 1469, win 2053, length 0
> 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags
[F.], seq 1469, ack 188, win 237, length 0
> 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags
[.], ack 1470, win 2053, length 0
> > I can't "receive" anything. > > I have generated the certificates and configured in the tls.cfg of
the Kamailio:
> > [server:default] > method = TLSv1.2 > verify_certificate = no > require_certificate = no > private_key = /etc/letsencrypt/ssl/cert.key > certificate = /etc/letsencrypt/ssl/cert.crt > ca_list = /etc/letsencrypt/ssl/ca.crt > > Within Kamailio itself I have it configured to return a 200
KeepAlive to Teams when it receives an OPTIONS:
> > event_route[tm:local-request] { > > if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com")
{
> append_hf("Contact: <sip: SBC_DNS
:5061;transport=tls>\r\n");
> } > xlog("L_INFO", "Sent out tm request: $mb\n"); > } > > And I have measured the record_route for this new one: > > record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP
:5061");
> > I have created a dispatcher.list: > > # setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
> 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:
SBC_IP :5061;ping_from= sip:SBC_DNS
> 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
> 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
> 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1
socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS
> > I think that one of the problems is that I do not send the OPTIONS
to the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE.
> > I don't know if you could help me straighten this out a bit ... > > Thank you so much for everything.. > > a greeting > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- VoIP Embedded, Inc. http://www.voipembedded.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Sorry.. Im a bit loose in this one...
So, ive use letsencrypy to generate the certificate, and the CA, how i have to generate?
Thanks
El lun., 20 abr. 2020 19:06, Sergiu Pojoga pojogas@gmail.com escribió:
ca_list= /etc/letsencrypt/live/FQND/chain.pem
Is that pointing to your Root CA certificate? I highly doubt it. That's probably the reason why you get "tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
On Mon, Apr 20, 2020 at 11:53 AM sip user sipuser404@gmail.com wrote:
Hi..
Thank you all very much for answering me.
I have made many test:
First, I've installed ssl cert with letsencrypt, like https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/, this one i made it before.
I've configured tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog I received:
Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK66bb.a6291812000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-c14c#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f1449-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f1449-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK59bb.f565cf11000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-3df0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144a-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f144a-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK69bb.212aa3c7000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-bee0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144b-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f144b-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
And If I make kamcmd tls.list, I have no response.
Test two:
If I coonfigure tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog:
Apr 20 17:27:52 vps793907 kernel: [270882.772276] device eth0 left promiscuous mode Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKf62f.0c39c2d0000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-24c6#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd4-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd4-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK072f.0e9be960000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-5a49#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd5-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd5-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKd62f.82d8b643000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-d959#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd6-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd6-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux))
And If I make kamcmd tls.list:
{ id: 1 timeout: 3595 src_ip: 52.114.75.24 src_port: 5061 dst_ip: SBC-IP dst_port: 37531 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 2 timeout: 3596 src_ip: 52.114.132.46 src_port: 5061 dst_ip: SBC-IP dst_port: 33370 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 3 timeout: 3596 src_ip: 52.114.7.24 src_port: 5061 dst_ip: SBC-IP dst_port: 48819 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established }
And with kamcmd dispatcher.list | egrep "URI|FLAGS" I see:
URI: sip:sip.pstnhub.microsoft.com;transport=tls FLAGS: AP URI: sip:sip2.pstnhub.microsoft.com;transport=tls FLAGS: AX URI: sip:sip3.pstnhub.microsoft.com;transport=tls FLAGS: AP
But in Teams Direct Routing I always see my SBC with problems, never active.
In kamailio.cfg I've configure just before request_route:
event_route[tm:local-request] { if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: sip:SBC-DNS:5061;transport=tls\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
I don't know where could be the problem..
Any more else I can test?
Thanks for all..!!
El sáb., 18 abr. 2020 a las 12:39, Yuriy Nasida (ynasida@gmail.com) escribió:
Probably. You can get full pcap files using tcpdump and check TLS handshakes usign wireshark. Also it is not really need to check cert on the side of kamailio. You can set (at least for tests) verify_certificate = no require_certificate = no
On Fri, 17 Apr 2020 at 10:02, sip user sipuser404@gmail.com wrote:
Hi Sergiu..
I've made many test and many change...
In tls.cfg I have this:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
But when I make Kamcmd tls.list I have not response.. Not show me anything.
Problem with certificated??
Thanks
El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (pojogas@gmail.com) escribió:
Hi SIP User/anonymous/one-time-visitor/,
Your TLS config isn't correct. The article clearly says verify/require_certificate must be set to 'yes'
*kamcmd tls.list* Does it show any 'established' connections with MS proxy?
Good luck,
--Sergiu
On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas osas@voipembedded.com wrote:
The tutorial is pretty clear: You need to add the Contact header only for OPTIONS pings. You need to use the proper Record-Route headers based on the direction of the call. There's no out of the box solution because each setup is different.
If you understand how loose routing works in SIP, then you know how to adjust the config to use record_route_preset(), just as explained in the tutorial. There is also an example of an INVITE that has the right Record-Route headers in the tutorial.
You can choose to use the FQDN for the Record-Route header facing MS and the IP for the Record-Route header facing the carrier or use the FQDN for both Record-Route headers (just like in the tutorialexample). Alternatively, one can try to advertise the FQDN in the listen directive in the config and then the Record-Route headers should be populated automatically.
Regards, Ovidiu Sas
On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com wrote: > > Hi Nasida.. Thanks for answerd to me... > > I've activarted the debugger module, and I see the same: > > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17 > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80 > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9 > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= > Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1 > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30 > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1 > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 > > I don't see any different. > > I know that the module is loaded because I see: > > exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route > > When I restart kamailio, but when I "launch" a call from Teams to my Kamailio I only see that. > > To configure it, I follow https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make it works.. > > Any more thing that i can test or do?? > > Thanks > > El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru) escribió: >> >> Wow, so many people want to configure kamailio with MS. First of all i think you need to get sip debug between kamailio and MS. Kamilio has module to save sip traces. This way you will get sip debug decrypted. >> >> >> ________________________________ >> От: sr-users sr-users-bounces@lists.kamailio.org от имени sip user sipuser404@gmail.com >> Отправлено: 16 апреля 2020 г. 10:19 >> Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org >> Тема: [SR-Users] Kamailio like SBC with Teams >> >> Hello good morning ... I am new to this list and I was starting to mess with Kamailio, mainly to set it up as SBC against Teams, in this case. >> >> But I can't get it to work for me. If I launch a call from the Teams, in the Kamailio I see: >> >> 1.- In syslog: >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17 >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80 >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9 >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= >> Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1 >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30 >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1 >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 >> >> 2.- With TCPDUMP: >> >> 11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 >> 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [S.], seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 >> 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 >> 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 >> 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.], ack 187, win 237, length 0 >> 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 >> 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 >> 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S], seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0 >> 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.], seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 >> 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1, win 2053, length 0 >> 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.], seq 1:187, ack 1, win 2053, length 186 >> 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.], ack 187, win 237, length 0 >> 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.], seq 1:1469, ack 187, win 237, length 1468 >> 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1469, win 2053, length 0 >> 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.], seq 187, ack 1469, win 2053, length 0 >> 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.], seq 1469, ack 188, win 237, length 0 >> 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.], ack 1470, win 2053, length 0 >> >> I can't "receive" anything. >> >> I have generated the certificates and configured in the tls.cfg of the Kamailio: >> >> [server:default] >> method = TLSv1.2 >> verify_certificate = no >> require_certificate = no >> private_key = /etc/letsencrypt/ssl/cert.key >> certificate = /etc/letsencrypt/ssl/cert.crt >> ca_list = /etc/letsencrypt/ssl/ca.crt >> >> Within Kamailio itself I have it configured to return a 200 KeepAlive to Teams when it receives an OPTIONS: >> >> event_route[tm:local-request] { >> >> if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { >> append_hf("Contact: <sip: SBC_DNS :5061;transport=tls>\r\n"); >> } >> xlog("L_INFO", "Sent out tm request: $mb\n"); >> } >> >> And I have measured the record_route for this new one: >> >> record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061"); >> >> I have created a dispatcher.list: >> >> # setid(integer) destination(sip uri) flags (integer, optional), priority(int,opt), attrs (str,optional) >> 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: SBC_IP :5061;ping_from= sip:SBC_DNS >> 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >> 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >> 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >> >> I think that one of the problems is that I do not send the OPTIONS to the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE. >> >> I don't know if you could help me straighten this out a bit ... >> >> Thank you so much for everything.. >> >> a greeting >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- VoIP Embedded, Inc. http://www.voipembedded.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Check out below thread, it explains it all.
https://lists.kamailio.org/pipermail/sr-users/2020-March/108684.html
On Mon, Apr 20, 2020 at 3:24 PM sip user sipuser404@gmail.com wrote:
Sorry.. Im a bit loose in this one...
So, ive use letsencrypy to generate the certificate, and the CA, how i have to generate?
Thanks
El lun., 20 abr. 2020 19:06, Sergiu Pojoga pojogas@gmail.com escribió:
ca_list= /etc/letsencrypt/live/FQND/chain.pem
Is that pointing to your Root CA certificate? I highly doubt it. That's probably the reason why you get "tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
On Mon, Apr 20, 2020 at 11:53 AM sip user sipuser404@gmail.com wrote:
Hi..
Thank you all very much for answering me.
I have made many test:
First, I've installed ssl cert with letsencrypt, like https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/, this one i made it before.
I've configured tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog I received:
Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK66bb.a6291812000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-c14c#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f1449-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f1449-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK59bb.f565cf11000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-3df0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144a-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f144a-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK69bb.212aa3c7000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-bee0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144b-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f144b-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
And If I make kamcmd tls.list, I have no response.
Test two:
If I coonfigure tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog:
Apr 20 17:27:52 vps793907 kernel: [270882.772276] device eth0 left promiscuous mode Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKf62f.0c39c2d0000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-24c6#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd4-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd4-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK072f.0e9be960000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-5a49#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd5-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd5-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKd62f.82d8b643000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-d959#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd6-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd6-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux))
And If I make kamcmd tls.list:
{ id: 1 timeout: 3595 src_ip: 52.114.75.24 src_port: 5061 dst_ip: SBC-IP dst_port: 37531 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 2 timeout: 3596 src_ip: 52.114.132.46 src_port: 5061 dst_ip: SBC-IP dst_port: 33370 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 3 timeout: 3596 src_ip: 52.114.7.24 src_port: 5061 dst_ip: SBC-IP dst_port: 48819 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established }
And with kamcmd dispatcher.list | egrep "URI|FLAGS" I see:
URI: sip:sip.pstnhub.microsoft.com;transport=tls FLAGS: AP URI: sip:sip2.pstnhub.microsoft.com;transport=tls FLAGS: AX URI: sip:sip3.pstnhub.microsoft.com;transport=tls FLAGS: AP
But in Teams Direct Routing I always see my SBC with problems, never active.
In kamailio.cfg I've configure just before request_route:
event_route[tm:local-request] { if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: sip:SBC-DNS:5061;transport=tls\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
I don't know where could be the problem..
Any more else I can test?
Thanks for all..!!
El sáb., 18 abr. 2020 a las 12:39, Yuriy Nasida (ynasida@gmail.com) escribió:
Probably. You can get full pcap files using tcpdump and check TLS handshakes usign wireshark. Also it is not really need to check cert on the side of kamailio. You can set (at least for tests) verify_certificate = no require_certificate = no
On Fri, 17 Apr 2020 at 10:02, sip user sipuser404@gmail.com wrote:
Hi Sergiu..
I've made many test and many change...
In tls.cfg I have this:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
But when I make Kamcmd tls.list I have not response.. Not show me anything.
Problem with certificated??
Thanks
El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (pojogas@gmail.com) escribió:
Hi SIP User/anonymous/one-time-visitor/,
Your TLS config isn't correct. The article clearly says verify/require_certificate must be set to 'yes'
*kamcmd tls.list* Does it show any 'established' connections with MS proxy?
Good luck,
--Sergiu
On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas osas@voipembedded.com wrote:
> The tutorial is pretty clear: > You need to add the Contact header only for OPTIONS pings. > You need to use the proper Record-Route headers based on the > direction > of the call. > There's no out of the box solution because each setup is different. > > If you understand how loose routing works in SIP, then you know how > to > adjust the config to use record_route_preset(), just as explained in > the tutorial. There is also an example of an INVITE that has the > right > Record-Route headers in the tutorial. > > You can choose to use the FQDN for the Record-Route header facing MS > and the IP for the Record-Route header facing the carrier or use the > FQDN for both Record-Route headers (just like in the > tutorialexample). > Alternatively, one can try to advertise the FQDN in the listen > directive in the config and then the Record-Route headers should be > populated automatically. > > Regards, > Ovidiu Sas > > On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com > wrote: > > > > Hi Nasida.. Thanks for answerd to me... > > > > I've activarted the debugger module, and I see the same: > > > > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> > [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24 > > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> > [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 > > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> > [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30 > > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> > [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, > 0x7f90f2438f80), fd_no=17 > > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> > [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) > fd_no=18 called > > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> > [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 > > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> > [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for > activity on [tls:SBC_IP:5061], 0x7f90f2438f80 > > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> > [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 > > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls > [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> > > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls > [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started > > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> > [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... > > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> > [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= > 0x7f90f2438f80 n=1468 fd=9 > > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> > [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= > > Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 > > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> > [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, > 0x7f90f2438f80), fd_no=1 > > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> > [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 > > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> > [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF > > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> > [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) > fd_no=2 called > > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> > [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state > -1, fd=9, id=30 > > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core> > [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 > > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core> > [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= > 7f90f2438f80, -1 from 1 > > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls > [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 > > > > I don't see any different. > > > > I know that the module is loaded because I see: > > > > exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] > c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route > > > > When I restart kamailio, but when I "launch" a call from Teams to > my Kamailio I only see that. > > > > To configure it, I follow > https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make > it works.. > > > > Any more thing that i can test or do?? > > > > Thanks > > > > El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru) > escribió: > >> > >> Wow, so many people want to configure kamailio with MS. First of > all i think you need to get sip debug between kamailio and MS. Kamilio has > module to save sip traces. This way you will get sip debug decrypted. > >> > >> > >> ________________________________ > >> От: sr-users sr-users-bounces@lists.kamailio.org от имени sip > user sipuser404@gmail.com > >> Отправлено: 16 апреля 2020 г. 10:19 > >> Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org > >> Тема: [SR-Users] Kamailio like SBC with Teams > >> > >> Hello good morning ... I am new to this list and I was starting > to mess with Kamailio, mainly to set it up as SBC against Teams, in this > case. > >> > >> But I can't get it to work for me. If I launch a call from the > Teams, in the Kamailio I see: > >> > >> 1.- In syslog: > >> > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: > <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: > 52.114.7.24 > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: > <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: > <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: > 171:1857:1187, 30 > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: > <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, > 0x7f90f2438f80), fd_no=17 > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: > <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, > -1, 0x0) fd_no=18 called > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: > <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, > events 1 > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: > <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for > activity on [tls:SBC_IP:5061], 0x7f90f2438f80 > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: > <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls > [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls > [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: > <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: > <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= > 0x7f90f2438f80 n=1468 fd=9 > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: > <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= > >> Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 > >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: > <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, > 0x7f90f2438f80), fd_no=1 > >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: > <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 > >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: > <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF > >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: > <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, > 0x10) fd_no=2 called > >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: > <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, > state -1, fd=9, id=30 > >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: > <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 > >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: > <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader > response= 7f90f2438f80, -1 from 1 > >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls > [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 > >> > >> 2.- With TCPDUMP: > >> > >> 11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], > seq 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], > length 0 > >> 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags > [S.], seq 812357247, ack 261244615, win 29200, options [mss > 1460,nop,nop,sackOK,nop,wscale 7], length 0 > >> 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags > [.], ack 1, win 2053, length 0 > >> 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags > [P.], seq 1:187, ack 1, win 2053, length 186 > >> 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags > [.], ack 187, win 237, length 0 > >> 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags > [P.], seq 1:1469, ack 187, win 237, length 1468 > >> 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags > [.], ack 1469, win 2053, length 0 > >> 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags > [S], seq 309084204, win 64240, options [mss 1440,nop,wscale > 8,nop,nop,sackOK], length 0 > >> 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags > [S.], seq 3275066862, ack 309084205, win 29200, options [mss > 1460,nop,nop,sackOK,nop,wscale 7], length 0 > >> 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags > [.], ack 1, win 2053, length 0 > >> 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags > [P.], seq 1:187, ack 1, win 2053, length 186 > >> 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags > [.], ack 187, win 237, length 0 > >> 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags > [P.], seq 1:1469, ack 187, win 237, length 1468 > >> 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags > [.], ack 1469, win 2053, length 0 > >> 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags > [F.], seq 187, ack 1469, win 2053, length 0 > >> 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags > [F.], seq 1469, ack 188, win 237, length 0 > >> 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags > [.], ack 1470, win 2053, length 0 > >> > >> I can't "receive" anything. > >> > >> I have generated the certificates and configured in the tls.cfg > of the Kamailio: > >> > >> [server:default] > >> method = TLSv1.2 > >> verify_certificate = no > >> require_certificate = no > >> private_key = /etc/letsencrypt/ssl/cert.key > >> certificate = /etc/letsencrypt/ssl/cert.crt > >> ca_list = /etc/letsencrypt/ssl/ca.crt > >> > >> Within Kamailio itself I have it configured to return a 200 > KeepAlive to Teams when it receives an OPTIONS: > >> > >> event_route[tm:local-request] { > >> > >> if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") > { > >> append_hf("Contact: <sip: SBC_DNS > :5061;transport=tls>\r\n"); > >> } > >> xlog("L_INFO", "Sent out tm request: $mb\n"); > >> } > >> > >> And I have measured the record_route for this new one: > >> > >> record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP > :5061"); > >> > >> I have created a dispatcher.list: > >> > >> # setid(integer) destination(sip uri) flags (integer, optional), > priority(int,opt), attrs (str,optional) > >> 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: > SBC_IP :5061;ping_from= sip:SBC_DNS > >> 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls: > SBC_IP :5061;ping_from=sip: SBC_DNS > >> 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls: > SBC_IP :5061;ping_from=sip: SBC_DNS > >> 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 > socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS > >> > >> I think that one of the problems is that I do not send the > OPTIONS to the Teams well, since it is on their panel, it indicates that > the SBC is INACTIVE. > >> > >> I don't know if you could help me straighten this out a bit ... > >> > >> Thank you so much for everything.. > >> > >> a greeting > >> _______________________________________________ > >> Kamailio (SER) - Users Mailing List > >> sr-users@lists.kamailio.org > >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > sr-users@lists.kamailio.org > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > -- > VoIP Embedded, Inc. > http://www.voipembedded.com > > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Thanks Sergiu..
It works for me.
Now, when I make a call from Teams, in syslog I see:
Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request: Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <ACK> Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: sip:+34XXXXXXXXX@SBC-DNS :5061;user=phone;transport=tls Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version: <SIP/2.0>
But now How can I do to "transfer" the call to a kamailio user or to my Asterisk?
Thanks for all
El mar., 21 abr. 2020 a las 6:18, Sergiu Pojoga (pojogas@gmail.com) escribió:
Check out below thread, it explains it all.
https://lists.kamailio.org/pipermail/sr-users/2020-March/108684.html
On Mon, Apr 20, 2020 at 3:24 PM sip user sipuser404@gmail.com wrote:
Sorry.. Im a bit loose in this one...
So, ive use letsencrypy to generate the certificate, and the CA, how i have to generate?
Thanks
El lun., 20 abr. 2020 19:06, Sergiu Pojoga pojogas@gmail.com escribió:
ca_list= /etc/letsencrypt/live/FQND/chain.pem
Is that pointing to your Root CA certificate? I highly doubt it. That's probably the reason why you get "tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
On Mon, Apr 20, 2020 at 11:53 AM sip user sipuser404@gmail.com wrote:
Hi..
Thank you all very much for answering me.
I have made many test:
First, I've installed ssl cert with letsencrypt, like https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/, this one i made it before.
I've configured tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog I received:
Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK66bb.a6291812000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-c14c#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f1449-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f1449-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK59bb.f565cf11000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-3df0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144a-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f144a-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK69bb.212aa3c7000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-bee0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144b-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f144b-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
And If I make kamcmd tls.list, I have no response.
Test two:
If I coonfigure tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog:
Apr 20 17:27:52 vps793907 kernel: [270882.772276] device eth0 left promiscuous mode Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKf62f.0c39c2d0000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-24c6#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd4-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd4-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK072f.0e9be960000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-5a49#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd5-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd5-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKd62f.82d8b643000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-d959#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd6-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd6-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux))
And If I make kamcmd tls.list:
{ id: 1 timeout: 3595 src_ip: 52.114.75.24 src_port: 5061 dst_ip: SBC-IP dst_port: 37531 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 2 timeout: 3596 src_ip: 52.114.132.46 src_port: 5061 dst_ip: SBC-IP dst_port: 33370 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 3 timeout: 3596 src_ip: 52.114.7.24 src_port: 5061 dst_ip: SBC-IP dst_port: 48819 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established }
And with kamcmd dispatcher.list | egrep "URI|FLAGS" I see:
URI: sip:sip.pstnhub.microsoft.com;transport=tls FLAGS: AP URI: sip:sip2.pstnhub.microsoft.com;transport=tls FLAGS: AX URI: sip:sip3.pstnhub.microsoft.com;transport=tls FLAGS: AP
But in Teams Direct Routing I always see my SBC with problems, never active.
In kamailio.cfg I've configure just before request_route:
event_route[tm:local-request] { if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: sip:SBC-DNS:5061;transport=tls\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
I don't know where could be the problem..
Any more else I can test?
Thanks for all..!!
El sáb., 18 abr. 2020 a las 12:39, Yuriy Nasida (ynasida@gmail.com) escribió:
Probably. You can get full pcap files using tcpdump and check TLS handshakes usign wireshark. Also it is not really need to check cert on the side of kamailio. You can set (at least for tests) verify_certificate = no require_certificate = no
On Fri, 17 Apr 2020 at 10:02, sip user sipuser404@gmail.com wrote:
Hi Sergiu..
I've made many test and many change...
In tls.cfg I have this:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
But when I make Kamcmd tls.list I have not response.. Not show me anything.
Problem with certificated??
Thanks
El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (pojogas@gmail.com) escribió:
> Hi SIP User/anonymous/one-time-visitor/, > > Your TLS config isn't correct. The article clearly says > verify/require_certificate must be set to 'yes' > > *kamcmd tls.list* > Does it show any 'established' connections with MS proxy? > > Good luck, > > --Sergiu > > On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas osas@voipembedded.com > wrote: > >> The tutorial is pretty clear: >> You need to add the Contact header only for OPTIONS pings. >> You need to use the proper Record-Route headers based on the >> direction >> of the call. >> There's no out of the box solution because each setup is different. >> >> If you understand how loose routing works in SIP, then you know how >> to >> adjust the config to use record_route_preset(), just as explained in >> the tutorial. There is also an example of an INVITE that has the >> right >> Record-Route headers in the tutorial. >> >> You can choose to use the FQDN for the Record-Route header facing MS >> and the IP for the Record-Route header facing the carrier or use the >> FQDN for both Record-Route headers (just like in the >> tutorialexample). >> Alternatively, one can try to advertise the FQDN in the listen >> directive in the config and then the Record-Route headers should be >> populated automatically. >> >> Regards, >> Ovidiu Sas >> >> On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com >> wrote: >> > >> > Hi Nasida.. Thanks for answerd to me... >> > >> > I've activarted the debugger module, and I see the same: >> > >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: >> 52.114.7.24 >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: >> 171:1857:1187, 30 >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, >> 0x7f90f2438f80), fd_no=17 >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, >> -1, 0x0) fd_no=18 called >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, >> events 1 >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for >> activity on [tls:SBC_IP:5061], 0x7f90f2438f80 >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= >> 0x7f90f2438f80 n=1468 fd=9 >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= >> > Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 >> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, >> 0x7f90f2438f80), fd_no=1 >> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 >> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF >> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, >> 0x10) fd_no=2 called >> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, >> state -1, fd=9, id=30 >> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 >> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader >> response= 7f90f2438f80, -1 from 1 >> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls >> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 >> > >> > I don't see any different. >> > >> > I know that the module is loaded because I see: >> > >> > exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] >> c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route >> > >> > When I restart kamailio, but when I "launch" a call from Teams to >> my Kamailio I only see that. >> > >> > To configure it, I follow >> https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make >> it works.. >> > >> > Any more thing that i can test or do?? >> > >> > Thanks >> > >> > El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru) >> escribió: >> >> >> >> Wow, so many people want to configure kamailio with MS. First of >> all i think you need to get sip debug between kamailio and MS. Kamilio has >> module to save sip traces. This way you will get sip debug decrypted. >> >> >> >> >> >> ________________________________ >> >> От: sr-users sr-users-bounces@lists.kamailio.org от имени sip >> user sipuser404@gmail.com >> >> Отправлено: 16 апреля 2020 г. 10:19 >> >> Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org >> >> Тема: [SR-Users] Kamailio like SBC with Teams >> >> >> >> Hello good morning ... I am new to this list and I was starting >> to mess with Kamailio, mainly to set it up as SBC against Teams, in this >> case. >> >> >> >> But I can't get it to work for me. If I launch a call from the >> Teams, in the Kamailio I see: >> >> >> >> 1.- In syslog: >> >> >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: >> 52.114.7.24 >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: >> 171:1857:1187, 30 >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, >> 0x7f90f2438f80), fd_no=17 >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, >> -1, 0x0) fd_no=18 called >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, >> events 1 >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for >> activity on [tls:SBC_IP:5061], 0x7f90f2438f80 >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= >> 0x7f90f2438f80 n=1468 fd=9 >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 >> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, >> 0x7f90f2438f80), fd_no=1 >> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 >> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF >> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, >> 0x10) fd_no=2 called >> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, >> state -1, fd=9, id=30 >> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >> <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 >> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: >> <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader >> response= 7f90f2438f80, -1 from 1 >> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls >> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 >> >> >> >> 2.- With TCPDUMP: >> >> >> >> 11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], >> seq 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], >> length 0 >> >> 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: >> Flags [S.], seq 812357247, ack 261244615, win 29200, options [mss >> 1460,nop,nop,sackOK,nop,wscale 7], length 0 >> >> 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: >> Flags [.], ack 1, win 2053, length 0 >> >> 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags >> [P.], seq 1:187, ack 1, win 2053, length 186 >> >> 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags >> [.], ack 187, win 237, length 0 >> >> 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags >> [P.], seq 1:1469, ack 187, win 237, length 1468 >> >> 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags >> [.], ack 1469, win 2053, length 0 >> >> 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >> [S], seq 309084204, win 64240, options [mss 1440,nop,wscale >> 8,nop,nop,sackOK], length 0 >> >> 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >> [S.], seq 3275066862, ack 309084205, win 29200, options [mss >> 1460,nop,nop,sackOK,nop,wscale 7], length 0 >> >> 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >> [.], ack 1, win 2053, length 0 >> >> 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >> [P.], seq 1:187, ack 1, win 2053, length 186 >> >> 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >> [.], ack 187, win 237, length 0 >> >> 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >> [P.], seq 1:1469, ack 187, win 237, length 1468 >> >> 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >> [.], ack 1469, win 2053, length 0 >> >> 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >> [F.], seq 187, ack 1469, win 2053, length 0 >> >> 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >> [F.], seq 1469, ack 188, win 237, length 0 >> >> 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >> [.], ack 1470, win 2053, length 0 >> >> >> >> I can't "receive" anything. >> >> >> >> I have generated the certificates and configured in the tls.cfg >> of the Kamailio: >> >> >> >> [server:default] >> >> method = TLSv1.2 >> >> verify_certificate = no >> >> require_certificate = no >> >> private_key = /etc/letsencrypt/ssl/cert.key >> >> certificate = /etc/letsencrypt/ssl/cert.crt >> >> ca_list = /etc/letsencrypt/ssl/ca.crt >> >> >> >> Within Kamailio itself I have it configured to return a 200 >> KeepAlive to Teams when it receives an OPTIONS: >> >> >> >> event_route[tm:local-request] { >> >> >> >> if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") >> { >> >> append_hf("Contact: <sip: SBC_DNS >> :5061;transport=tls>\r\n"); >> >> } >> >> xlog("L_INFO", "Sent out tm request: $mb\n"); >> >> } >> >> >> >> And I have measured the record_route for this new one: >> >> >> >> record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP >> :5061"); >> >> >> >> I have created a dispatcher.list: >> >> >> >> # setid(integer) destination(sip uri) flags (integer, optional), >> priority(int,opt), attrs (str,optional) >> >> 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls: >> SBC_IP :5061;ping_from= sip:SBC_DNS >> >> 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 >> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >> >> 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 >> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >> >> 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 >> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >> >> >> >> I think that one of the problems is that I do not send the >> OPTIONS to the Teams well, since it is on their panel, it indicates that >> the SBC is INACTIVE. >> >> >> >> I don't know if you could help me straighten this out a bit ... >> >> >> >> Thank you so much for everything.. >> >> >> >> a greeting >> >> _______________________________________________ >> >> Kamailio (SER) - Users Mailing List >> >> sr-users@lists.kamailio.org >> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > >> > _______________________________________________ >> > Kamailio (SER) - Users Mailing List >> > sr-users@lists.kamailio.org >> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> >> >> >> -- >> VoIP Embedded, Inc. >> http://www.voipembedded.com >> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Sorry..
I received the invite with the dial number.. But i do not received de ACK..
Can I check any way if I received the ACK?
Thanks
El martes, 21 de abril de 2020, sip user sipuser404@gmail.com escribió:
Thanks Sergiu..
It works for me.
Now, when I make a call from Teams, in syslog I see:
Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request: Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <ACK> Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: sip:+34XXXXXXXXX@SBC-DNS :5061;user=phone;transport=tls Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version: <SIP/2.0>
But now How can I do to "transfer" the call to a kamailio user or to my Asterisk?
Thanks for all
El mar., 21 abr. 2020 a las 6:18, Sergiu Pojoga (pojogas@gmail.com) escribió:
Check out below thread, it explains it all.
https://lists.kamailio.org/pipermail/sr-users/2020-March/108684.html
On Mon, Apr 20, 2020 at 3:24 PM sip user sipuser404@gmail.com wrote:
Sorry.. Im a bit loose in this one...
So, ive use letsencrypy to generate the certificate, and the CA, how i have to generate?
Thanks
El lun., 20 abr. 2020 19:06, Sergiu Pojoga pojogas@gmail.com escribió:
ca_list= /etc/letsencrypt/live/FQND/chain.pem
Is that pointing to your Root CA certificate? I highly doubt it. That's probably the reason why you get "tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
On Mon, Apr 20, 2020 at 11:53 AM sip user sipuser404@gmail.com wrote:
Hi..
Thank you all very much for answering me.
I have made many test:
First, I've installed ssl cert with letsencrypt, like https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/, this one i made it before.
I've configured tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog I received:
Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK66bb. a6291812000000000000000000000000.0#015#012To: sip: sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-c14c#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f1449-8481@51.89. 23.96#015#012Max-Forwards http://0d202fa1261f1449-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK59bb. f565cf11000000000000000000000000.0#015#012To: sip: sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-3df0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144a-8481@51.89. 23.96#015#012Max-Forwards http://0d202fa1261f144a-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK69bb. 212aa3c7000000000000000000000000.0#015#012To: sip: sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-bee0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144b-8481@51.89. 23.96#015#012Max-Forwards http://0d202fa1261f144b-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
And If I make kamcmd tls.list, I have no response.
Test two:
If I coonfigure tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog:
Apr 20 17:27:52 vps793907 kernel: [270882.772276] device eth0 left promiscuous mode Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKf62f. 0c39c2d0000000000000000000000000.0#015#012To: sip: sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-24c6#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd4-8257@51.89. 23.96#015#012Max-Forwards http://02376c756e11dbd4-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK072f. 0e9be960000000000000000000000000.0#015#012To: sip: sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-5a49#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd5-8257@51.89. 23.96#015#012Max-Forwards http://02376c756e11dbd5-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKd62f. 82d8b643000000000000000000000000.0#015#012To: sip: sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-d959#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd6-8257@51.89. 23.96#015#012Max-Forwards http://02376c756e11dbd6-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux))
And If I make kamcmd tls.list:
{ id: 1 timeout: 3595 src_ip: 52.114.75.24 src_port: 5061 dst_ip: SBC-IP dst_port: 37531 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 2 timeout: 3596 src_ip: 52.114.132.46 src_port: 5061 dst_ip: SBC-IP dst_port: 33370 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 3 timeout: 3596 src_ip: 52.114.7.24 src_port: 5061 dst_ip: SBC-IP dst_port: 48819 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established }
And with kamcmd dispatcher.list | egrep "URI|FLAGS" I see:
URI: sip:sip.pstnhub.microsoft.com;transport=tls FLAGS: AP URI: sip:sip2.pstnhub.microsoft.com;transport=tls FLAGS: AX URI: sip:sip3.pstnhub.microsoft.com;transport=tls FLAGS: AP
But in Teams Direct Routing I always see my SBC with problems, never active.
In kamailio.cfg I've configure just before request_route:
event_route[tm:local-request] { if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: sip:SBC-DNS:5061;transport= tls\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
I don't know where could be the problem..
Any more else I can test?
Thanks for all..!!
El sáb., 18 abr. 2020 a las 12:39, Yuriy Nasida (ynasida@gmail.com) escribió:
Probably. You can get full pcap files using tcpdump and check TLS handshakes usign wireshark. Also it is not really need to check cert on the side of kamailio. You can set (at least for tests) verify_certificate = no require_certificate = no
On Fri, 17 Apr 2020 at 10:02, sip user sipuser404@gmail.com wrote:
> Hi Sergiu.. > > I've made many test and many change... > > In tls.cfg I have this: > > [server:default] > method = TLSv1.2 > verify_certificate = yes > require_certificate = yes > private_key = /etc/letsencrypt/ssl/cert.key > certificate = /etc/letsencrypt/ssl/cert.crt > ca_list = /etc/letsencrypt/ssl/ca.crt > > [client:default] > method = TLSv1.2 > verify_certificate = yes > require_certificate = yes > private_key = /etc/letsencrypt/ssl/cert.key > certificate = /etc/letsencrypt/ssl/cert.crt > ca_list = /etc/letsencrypt/ssl/ca.crt > > But when I make Kamcmd tls.list I have not response.. Not show me > anything. > > Problem with certificated?? > > Thanks > > El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (pojogas@gmail.com) > escribió: > >> Hi SIP User/anonymous/one-time-visitor/, >> >> Your TLS config isn't correct. The article clearly says >> verify/require_certificate must be set to 'yes' >> >> *kamcmd tls.list* >> Does it show any 'established' connections with MS proxy? >> >> Good luck, >> >> --Sergiu >> >> On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas osas@voipembedded.com >> wrote: >> >>> The tutorial is pretty clear: >>> You need to add the Contact header only for OPTIONS pings. >>> You need to use the proper Record-Route headers based on the >>> direction >>> of the call. >>> There's no out of the box solution because each setup is different. >>> >>> If you understand how loose routing works in SIP, then you know >>> how to >>> adjust the config to use record_route_preset(), just as explained >>> in >>> the tutorial. There is also an example of an INVITE that has the >>> right >>> Record-Route headers in the tutorial. >>> >>> You can choose to use the FQDN for the Record-Route header facing >>> MS >>> and the IP for the Record-Route header facing the carrier or use >>> the >>> FQDN for both Record-Route headers (just like in the >>> tutorialexample). >>> Alternatively, one can try to advertise the FQDN in the listen >>> directive in the config and then the Record-Route headers should be >>> populated automatically. >>> >>> Regards, >>> Ovidiu Sas >>> >>> On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com >>> wrote: >>> > >>> > Hi Nasida.. Thanks for answerd to me... >>> > >>> > I've activarted the debugger module, and I see the same: >>> > >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: >>> 52.114.7.24 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: >>> 171:1857:1187, 30 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, >>> 0x7f90f2438f80), fd_no=17 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, >>> -1, 0x0) fd_no=18 called >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, >>> events 1 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for >>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= >>> 0x7f90f2438f80 n=1468 fd=9 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 >>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, >>> 0x7f90f2438f80), fd_no=1 >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, >>> 0x10) fd_no=2 called >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, >>> state -1, fd=9, id=30 >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader >>> response= 7f90f2438f80, -1 from 1 >>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls >>> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 >>> > >>> > I don't see any different. >>> > >>> > I know that the module is loaded because I see: >>> > >>> > exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] >>> c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route >>> > >>> > When I restart kamailio, but when I "launch" a call from Teams >>> to my Kamailio I only see that. >>> > >>> > To configure it, I follow https://skalatan.de/en/blog/ >>> kamailio-sbc-teams.. But I cannot make it works.. >>> > >>> > Any more thing that i can test or do?? >>> > >>> > Thanks >>> > >>> > El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru) >>> escribió: >>> >> >>> >> Wow, so many people want to configure kamailio with MS. First >>> of all i think you need to get sip debug between kamailio and MS. Kamilio >>> has module to save sip traces. This way you will get sip debug decrypted. >>> >> >>> >> >>> >> ________________________________ >>> >> От: sr-users sr-users-bounces@lists.kamailio.org от имени >>> sip user sipuser404@gmail.com >>> >> Отправлено: 16 апреля 2020 г. 10:19 >>> >> Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org >>> >> Тема: [SR-Users] Kamailio like SBC with Teams >>> >> >>> >> Hello good morning ... I am new to this list and I was starting >>> to mess with Kamailio, mainly to set it up as SBC against Teams, in this >>> case. >>> >> >>> >> But I can't get it to work for me. If I launch a call from the >>> Teams, in the Kamailio I see: >>> >> >>> >> 1.- In syslog: >>> >> >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: >>> 52.114.7.24 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: >>> 171:1857:1187, 30 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, >>> 0x7f90f2438f80), fd_no=17 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, >>> -1, 0x0) fd_no=18 called >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, >>> events 1 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for >>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= >>> 0x7f90f2438f80 n=1468 fd=9 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 >>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, >>> 0x7f90f2438f80), fd_no=1 >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, >>> 0x10) fd_no=2 called >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, >>> state -1, fd=9, id=30 >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>> <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: >>> <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader >>> response= 7f90f2438f80, -1 from 1 >>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls >>> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 >>> >> >>> >> 2.- With TCPDUMP: >>> >> >>> >> 11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags >>> [S], seq 261244614, win 64240, options [mss 1440,nop,wscale >>> 8,nop,nop,sackOK], length 0 >>> >> 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: >>> Flags [S.], seq 812357247, ack 261244615, win 29200, options [mss >>> 1460,nop,nop,sackOK,nop,wscale 7], length 0 >>> >> 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: >>> Flags [.], ack 1, win 2053, length 0 >>> >> 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: >>> Flags [P.], seq 1:187, ack 1, win 2053, length 186 >>> >> 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: >>> Flags [.], ack 187, win 237, length 0 >>> >> 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: >>> Flags [P.], seq 1:1469, ack 187, win 237, length 1468 >>> >> 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: >>> Flags [.], ack 1469, win 2053, length 0 >>> >> 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>> [S], seq 309084204, win 64240, options [mss 1440,nop,wscale >>> 8,nop,nop,sackOK], length 0 >>> >> 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >>> [S.], seq 3275066862, ack 309084205, win 29200, options [mss >>> 1460,nop,nop,sackOK,nop,wscale 7], length 0 >>> >> 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>> [.], ack 1, win 2053, length 0 >>> >> 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>> [P.], seq 1:187, ack 1, win 2053, length 186 >>> >> 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >>> [.], ack 187, win 237, length 0 >>> >> 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >>> [P.], seq 1:1469, ack 187, win 237, length 1468 >>> >> 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>> [.], ack 1469, win 2053, length 0 >>> >> 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>> [F.], seq 187, ack 1469, win 2053, length 0 >>> >> 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags >>> [F.], seq 1469, ack 188, win 237, length 0 >>> >> 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags >>> [.], ack 1470, win 2053, length 0 >>> >> >>> >> I can't "receive" anything. >>> >> >>> >> I have generated the certificates and configured in the tls.cfg >>> of the Kamailio: >>> >> >>> >> [server:default] >>> >> method = TLSv1.2 >>> >> verify_certificate = no >>> >> require_certificate = no >>> >> private_key = /etc/letsencrypt/ssl/cert.key >>> >> certificate = /etc/letsencrypt/ssl/cert.crt >>> >> ca_list = /etc/letsencrypt/ssl/ca.crt >>> >> >>> >> Within Kamailio itself I have it configured to return a 200 >>> KeepAlive to Teams when it receives an OPTIONS: >>> >> >>> >> event_route[tm:local-request] { >>> >> >>> >> if(is_method("OPTIONS") && $ru =~ " >>> pstnhub.microsoft.com") { >>> >> append_hf("Contact: <sip: SBC_DNS >>> :5061;transport=tls>\r\n"); >>> >> } >>> >> xlog("L_INFO", "Sent out tm request: $mb\n"); >>> >> } >>> >> >>> >> And I have measured the record_route for this new one: >>> >> >>> >> record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP >>> :5061"); >>> >> >>> >> I have created a dispatcher.list: >>> >> >>> >> # setid(integer) destination(sip uri) flags (integer, >>> optional), priority(int,opt), attrs (str,optional) >>> >> 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >>> socket=tls: SBC_IP :5061;ping_from= sip:SBC_DNS >>> >> 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 >>> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >>> >> 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 >>> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >>> >> 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 >>> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >>> >> >>> >> I think that one of the problems is that I do not send the >>> OPTIONS to the Teams well, since it is on their panel, it indicates that >>> the SBC is INACTIVE. >>> >> >>> >> I don't know if you could help me straighten this out a bit ... >>> >> >>> >> Thank you so much for everything.. >>> >> >>> >> a greeting >>> >> _______________________________________________ >>> >> Kamailio (SER) - Users Mailing List >>> >> sr-users@lists.kamailio.org >>> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> > >>> > _______________________________________________ >>> > Kamailio (SER) - Users Mailing List >>> > sr-users@lists.kamailio.org >>> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >>> >>> >>> -- >>> VoIP Embedded, Inc. >>> http://www.voipembedded.com >>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi, I have it works now..
In this scenario:
Teams -> Kamailio -> Asterisk
When I call from Teams to any number I redirect all to Asterisk extension registrated over Kamailio. I received the call in Asterisk and I can work... but when I received the call, not received the number dialled, always received to s extension in Asterisk.
Can i rewrite the number dialled and send it to my Asterisk extension, and in my Asterisk see the number dialed?
Thanks for all
El mar., 21 abr. 2020 a las 19:05, sip user (sipuser404@gmail.com) escribió:
Sorry..
I received the invite with the dial number.. But i do not received de ACK..
Can I check any way if I received the ACK?
Thanks
El martes, 21 de abril de 2020, sip user sipuser404@gmail.com escribió:
Thanks Sergiu..
It works for me.
Now, when I make a call from Teams, in syslog I see:
Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request: Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <ACK> Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: sip:+34XXXXXXXXX@SBC-DNS :5061;user=phone;transport=tls Apr 21 10:39:39 vps793907 /usr/sbin/kamailio[20651]: DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version: <SIP/2.0>
But now How can I do to "transfer" the call to a kamailio user or to my Asterisk?
Thanks for all
El mar., 21 abr. 2020 a las 6:18, Sergiu Pojoga (pojogas@gmail.com) escribió:
Check out below thread, it explains it all.
https://lists.kamailio.org/pipermail/sr-users/2020-March/108684.html
On Mon, Apr 20, 2020 at 3:24 PM sip user sipuser404@gmail.com wrote:
Sorry.. Im a bit loose in this one...
So, ive use letsencrypy to generate the certificate, and the CA, how i have to generate?
Thanks
El lun., 20 abr. 2020 19:06, Sergiu Pojoga pojogas@gmail.com escribió:
ca_list= /etc/letsencrypt/live/FQND/chain.pem
Is that pointing to your Root CA certificate? I highly doubt it. That's probably the reason why you get "tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
On Mon, Apr 20, 2020 at 11:53 AM sip user sipuser404@gmail.com wrote:
Hi..
Thank you all very much for answering me.
I have made many test:
First, I've installed ssl cert with letsencrypt, like https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/, this one i made it before.
I've configured tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog I received:
Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK66bb.a6291812000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-c14c#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f1449-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f1449-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK59bb.f565cf11000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-3df0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144a-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f144a-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8485]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8481]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK69bb.212aa3c7000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-bee0#015#012CSeq: 10 OPTIONS#015#012Call-ID: 0d202fa1261f144b-8481@51.89.23.96#015#012Max-Forwards http://0d202fa1261f144b-8481@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8486]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 20 17:31:25 vps793907 /usr/sbin/kamailio[8487]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
And If I make kamcmd tls.list, I have no response.
Test two:
If I coonfigure tls.cfg like:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
[client:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/live/FQND/privkey.pem certificate = /etc/letsencrypt/live/FQDN/fullchain.pem ca_list= /etc/letsencrypt/live/FQND/chain.pem
In syslog:
Apr 20 17:27:52 vps793907 kernel: [270882.772276] device eth0 left promiscuous mode Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKf62f.0c39c2d0000000000000000000000000.0#015#012To: sip:sip.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-24c6#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd4-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd4-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bK072f.0e9be960000000000000000000000000.0#015#012To: sip:sip2.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-5a49#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd5-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd5-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux)) Apr 20 17:27:53 vps793907 /usr/sbin/kamailio[8257]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls SIP/2.0#015#012Via: SIP/2.0/TLS SBC-IP:5061;branch=z9hG4bKd62f.82d8b643000000000000000000000000.0#015#012To: sip:sip3.pstnhub.microsoft.com;transport=tls#015#012From: sip:dispatcher@localhost;tag=d012046760e0e80ea51cb82629f4d4bc-d959#015#012CSeq: 10 OPTIONS#015#012Call-ID: 02376c756e11dbd6-8257@51.89.23.96#015#012Max-Forwards http://02376c756e11dbd6-8257@51.89.23.96#015%23012Max-Forwards: 70#015#012Content-Length: 0#015#012User-Agent: kamailio (4.2.0 (x86_64/linux))
And If I make kamcmd tls.list:
{ id: 1 timeout: 3595 src_ip: 52.114.75.24 src_port: 5061 dst_ip: SBC-IP dst_port: 37531 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 2 timeout: 3596 src_ip: 52.114.132.46 src_port: 5061 dst_ip: SBC-IP dst_port: 33370 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established } { id: 3 timeout: 3596 src_ip: 52.114.7.24 src_port: 5061 dst_ip: SBC-IP dst_port: 48819 cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established }
And with kamcmd dispatcher.list | egrep "URI|FLAGS" I see:
URI: sip:sip.pstnhub.microsoft.com;transport=tls FLAGS: AP URI: sip:sip2.pstnhub.microsoft.com;transport=tls FLAGS: AX URI: sip:sip3.pstnhub.microsoft.com;transport=tls FLAGS: AP
But in Teams Direct Routing I always see my SBC with problems, never active.
In kamailio.cfg I've configure just before request_route:
event_route[tm:local-request] { if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: sip:SBC-DNS:5061;transport=tls\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
I don't know where could be the problem..
Any more else I can test?
Thanks for all..!!
El sáb., 18 abr. 2020 a las 12:39, Yuriy Nasida (ynasida@gmail.com) escribió:
> Probably. You can get full pcap files using tcpdump and check TLS > handshakes usign wireshark. > Also it is not really need to check cert on the side of kamailio. > You can set (at least for tests) > verify_certificate = no > require_certificate = no > > On Fri, 17 Apr 2020 at 10:02, sip user sipuser404@gmail.com wrote: > >> Hi Sergiu.. >> >> I've made many test and many change... >> >> In tls.cfg I have this: >> >> [server:default] >> method = TLSv1.2 >> verify_certificate = yes >> require_certificate = yes >> private_key = /etc/letsencrypt/ssl/cert.key >> certificate = /etc/letsencrypt/ssl/cert.crt >> ca_list = /etc/letsencrypt/ssl/ca.crt >> >> [client:default] >> method = TLSv1.2 >> verify_certificate = yes >> require_certificate = yes >> private_key = /etc/letsencrypt/ssl/cert.key >> certificate = /etc/letsencrypt/ssl/cert.crt >> ca_list = /etc/letsencrypt/ssl/ca.crt >> >> But when I make Kamcmd tls.list I have not response.. Not show me >> anything. >> >> Problem with certificated?? >> >> Thanks >> >> El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (< >> pojogas@gmail.com>) escribió: >> >>> Hi SIP User/anonymous/one-time-visitor/, >>> >>> Your TLS config isn't correct. The article clearly says >>> verify/require_certificate must be set to 'yes' >>> >>> *kamcmd tls.list* >>> Does it show any 'established' connections with MS proxy? >>> >>> Good luck, >>> >>> --Sergiu >>> >>> On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas osas@voipembedded.com >>> wrote: >>> >>>> The tutorial is pretty clear: >>>> You need to add the Contact header only for OPTIONS pings. >>>> You need to use the proper Record-Route headers based on the >>>> direction >>>> of the call. >>>> There's no out of the box solution because each setup is >>>> different. >>>> >>>> If you understand how loose routing works in SIP, then you know >>>> how to >>>> adjust the config to use record_route_preset(), just as explained >>>> in >>>> the tutorial. There is also an example of an INVITE that has the >>>> right >>>> Record-Route headers in the tutorial. >>>> >>>> You can choose to use the FQDN for the Record-Route header facing >>>> MS >>>> and the IP for the Record-Route header facing the carrier or use >>>> the >>>> FQDN for both Record-Route headers (just like in the >>>> tutorialexample). >>>> Alternatively, one can try to advertise the FQDN in the listen >>>> directive in the config and then the Record-Route headers should >>>> be >>>> populated automatically. >>>> >>>> Regards, >>>> Ovidiu Sas >>>> >>>> On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com >>>> wrote: >>>> > >>>> > Hi Nasida.. Thanks for answerd to me... >>>> > >>>> > I've activarted the debugger module, and I see the same: >>>> > >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: >>>> 52.114.7.24 >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: >>>> 171:1857:1187, 30 >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, >>>> 0x7f90f2438f80), fd_no=17 >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, >>>> -1, 0x0) fd_no=18 called >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, >>>> events 1 >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for >>>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80 >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>>> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls >>>> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= >>>> 0x7f90f2438f80 n=1468 fd=9 >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 >>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, >>>> 0x7f90f2438f80), fd_no=1 >>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 >>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF >>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, >>>> 0x10) fd_no=2 called >>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, >>>> state -1, fd=9, id=30 >>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 >>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader >>>> response= 7f90f2438f80, -1 from 1 >>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls >>>> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 >>>> > >>>> > I don't see any different. >>>> > >>>> > I know that the module is loaded because I see: >>>> > >>>> > exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] >>>> c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route >>>> > >>>> > When I restart kamailio, but when I "launch" a call from Teams >>>> to my Kamailio I only see that. >>>> > >>>> > To configure it, I follow >>>> https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot >>>> make it works.. >>>> > >>>> > Any more thing that i can test or do?? >>>> > >>>> > Thanks >>>> > >>>> > El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (< >>>> nasida@live.ru>) escribió: >>>> >> >>>> >> Wow, so many people want to configure kamailio with MS. First >>>> of all i think you need to get sip debug between kamailio and MS. Kamilio >>>> has module to save sip traces. This way you will get sip debug decrypted. >>>> >> >>>> >> >>>> >> ________________________________ >>>> >> От: sr-users sr-users-bounces@lists.kamailio.org от имени >>>> sip user sipuser404@gmail.com >>>> >> Отправлено: 16 апреля 2020 г. 10:19 >>>> >> Кому: sr-users@lists.kamailio.org <sr-users@lists.kamailio.org >>>> > >>>> >> Тема: [SR-Users] Kamailio like SBC with Teams >>>> >> >>>> >> Hello good morning ... I am new to this list and I was >>>> starting to mess with Kamailio, mainly to set it up as SBC against Teams, >>>> in this case. >>>> >> >>>> >> But I can't get it to work for me. If I launch a call from the >>>> Teams, in the Kamailio I see: >>>> >> >>>> >> 1.- In syslog: >>>> >> >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: >>>> 52.114.7.24 >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3 >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: >>>> 171:1857:1187, 30 >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, >>>> 0x7f90f2438f80), fd_no=17 >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, >>>> -1, 0x0) fd_no=18 called >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, >>>> events 1 >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for >>>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80 >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9 >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> tls [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default> >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending... >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= >>>> 0x7f90f2438f80 n=1468 fd=9 >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf= >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 >>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, >>>> 0x7f90f2438f80), fd_no=1 >>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9 >>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF >>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, >>>> 0x10) fd_no=2 called >>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, >>>> state -1, fd=9, id=30 >>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: >>>> <core> [tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40 >>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> <core> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader >>>> response= 7f90f2438f80, -1 from 1 >>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: >>>> tls [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40 >>>> >> >>>> >> 2.- With TCPDUMP: >>>> >> >>>> >> 11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags >>>> [S], seq 261244614, win 64240, options [mss 1440,nop,wscale >>>> 8,nop,nop,sackOK], length 0 >>>> >> 11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: >>>> Flags [S.], seq 812357247, ack 261244615, win 29200, options [mss >>>> 1460,nop,nop,sackOK,nop,wscale 7], length 0 >>>> >> 11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: >>>> Flags [.], ack 1, win 2053, length 0 >>>> >> 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: >>>> Flags [P.], seq 1:187, ack 1, win 2053, length 186 >>>> >> 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: >>>> Flags [.], ack 187, win 237, length 0 >>>> >> 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: >>>> Flags [P.], seq 1:1469, ack 187, win 237, length 1468 >>>> >> 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: >>>> Flags [.], ack 1469, win 2053, length 0 >>>> >> 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: >>>> Flags [S], seq 309084204, win 64240, options [mss 1440,nop,wscale >>>> 8,nop,nop,sackOK], length 0 >>>> >> 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: >>>> Flags [S.], seq 3275066862, ack 309084205, win 29200, options [mss >>>> 1460,nop,nop,sackOK,nop,wscale 7], length 0 >>>> >> 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: >>>> Flags [.], ack 1, win 2053, length 0 >>>> >> 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: >>>> Flags [P.], seq 1:187, ack 1, win 2053, length 186 >>>> >> 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: >>>> Flags [.], ack 187, win 237, length 0 >>>> >> 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: >>>> Flags [P.], seq 1:1469, ack 187, win 237, length 1468 >>>> >> 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: >>>> Flags [.], ack 1469, win 2053, length 0 >>>> >> 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: >>>> Flags [F.], seq 187, ack 1469, win 2053, length 0 >>>> >> 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: >>>> Flags [F.], seq 1469, ack 188, win 237, length 0 >>>> >> 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: >>>> Flags [.], ack 1470, win 2053, length 0 >>>> >> >>>> >> I can't "receive" anything. >>>> >> >>>> >> I have generated the certificates and configured in the >>>> tls.cfg of the Kamailio: >>>> >> >>>> >> [server:default] >>>> >> method = TLSv1.2 >>>> >> verify_certificate = no >>>> >> require_certificate = no >>>> >> private_key = /etc/letsencrypt/ssl/cert.key >>>> >> certificate = /etc/letsencrypt/ssl/cert.crt >>>> >> ca_list = /etc/letsencrypt/ssl/ca.crt >>>> >> >>>> >> Within Kamailio itself I have it configured to return a 200 >>>> KeepAlive to Teams when it receives an OPTIONS: >>>> >> >>>> >> event_route[tm:local-request] { >>>> >> >>>> >> if(is_method("OPTIONS") && $ru =~ " >>>> pstnhub.microsoft.com") { >>>> >> append_hf("Contact: <sip: SBC_DNS >>>> :5061;transport=tls>\r\n"); >>>> >> } >>>> >> xlog("L_INFO", "Sent out tm request: $mb\n"); >>>> >> } >>>> >> >>>> >> And I have measured the record_route for this new one: >>>> >> >>>> >> record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP >>>> :5061"); >>>> >> >>>> >> I have created a dispatcher.list: >>>> >> >>>> >> # setid(integer) destination(sip uri) flags (integer, >>>> optional), priority(int,opt), attrs (str,optional) >>>> >> 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 >>>> socket=tls: SBC_IP :5061;ping_from= sip:SBC_DNS >>>> >> 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 >>>> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >>>> >> 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 >>>> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >>>> >> 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 >>>> socket=tls: SBC_IP :5061;ping_from=sip: SBC_DNS >>>> >> >>>> >> I think that one of the problems is that I do not send the >>>> OPTIONS to the Teams well, since it is on their panel, it indicates that >>>> the SBC is INACTIVE. >>>> >> >>>> >> I don't know if you could help me straighten this out a bit ... >>>> >> >>>> >> Thank you so much for everything.. >>>> >> >>>> >> a greeting >>>> >> _______________________________________________ >>>> >> Kamailio (SER) - Users Mailing List >>>> >> sr-users@lists.kamailio.org >>>> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> > >>>> > _______________________________________________ >>>> > Kamailio (SER) - Users Mailing List >>>> > sr-users@lists.kamailio.org >>>> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>>> >>>> >>>> -- >>>> VoIP Embedded, Inc. >>>> http://www.voipembedded.com >>>> >>>> _______________________________________________ >>>> Kamailio (SER) - Users Mailing List >>>> sr-users@lists.kamailio.org >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Suggest reading Fred's article about configuring Kamailio with Letsencrypt
https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/
On Fri, Apr 17, 2020 at 3:00 AM sip user sipuser404@gmail.com wrote:
Hi Sergiu..
I've made many test and many change...
In tls.cfg I have this:
[server:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
[client:default] method = TLSv1.2 verify_certificate = yes require_certificate = yes private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
But when I make Kamcmd tls.list I have not response.. Not show me anything.
Problem with certificated??
Thanks
El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (pojogas@gmail.com) escribió:
Hi SIP User/anonymous/one-time-visitor/,
Your TLS config isn't correct. The article clearly says verify/require_certificate must be set to 'yes'
*kamcmd tls.list* Does it show any 'established' connections with MS proxy?
Good luck,
--Sergiu
On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas osas@voipembedded.com wrote:
The tutorial is pretty clear: You need to add the Contact header only for OPTIONS pings. You need to use the proper Record-Route headers based on the direction of the call. There's no out of the box solution because each setup is different.
If you understand how loose routing works in SIP, then you know how to adjust the config to use record_route_preset(), just as explained in the tutorial. There is also an example of an INVITE that has the right Record-Route headers in the tutorial.
You can choose to use the FQDN for the Record-Route header facing MS and the IP for the Record-Route header facing the carrier or use the FQDN for both Record-Route headers (just like in the tutorialexample). Alternatively, one can try to advertise the FQDN in the listen directive in the config and then the Record-Route headers should be populated automatically.
Regards, Ovidiu Sas
On Thu, Apr 16, 2020 at 10:50 AM sip user sipuser404@gmail.com wrote:
Hi Nasida.. Thanks for answerd to me...
I've activarted the debugger module, and I see the same:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
I don't see any different.
I know that the module is loaded because I see:
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE]
c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
When I restart kamailio, but when I "launch" a call from Teams to my
Kamailio I only see that.
To configure it, I follow
https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make it works..
Any more thing that i can test or do??
Thanks
El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (nasida@live.ru)
escribió:
Wow, so many people want to configure kamailio with MS. First of all
i think you need to get sip debug between kamailio and MS. Kamilio has module to save sip traces. This way you will get sip debug decrypted.
От: sr-users sr-users-bounces@lists.kamailio.org от имени sip user
Отправлено: 16 апреля 2020 г. 10:19 Кому: sr-users@lists.kamailio.org sr-users@lists.kamailio.org Тема: [SR-Users] Kamailio like SBC with Teams
Hello good morning ... I am new to this list and I was starting to
mess with Kamailio, mainly to set it up as SBC against Teams, in this case.
But I can't get it to work for me. If I launch a call from the Teams,
in the Kamailio I see:
1.- In syslog:
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2, 0x7f90f2438f80), fd_no=17
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0) fd_no=18 called
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for activity on [tls:SBC_IP:5061], 0x7f90f2438f80
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f90f2438f80 n=1468 fd=9
Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003 Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2, 0x7f90f2438f80), fd_no=1
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10) fd_no=2 called
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state -1, fd=9, id=30
Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
[tcp_read.c:1435]: release_tcpconn(): extra_data 0x7f90f2432b40
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
[tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response= 7f90f2438f80, -1 from 1
Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
[tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
2.- With TCPDUMP:
11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq
261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
11:13:09.311898 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
[S.], seq 812357247, ack 261244615, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:13:09.340358 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags
[.], ack 1, win 2053, length 0
11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags
[P.], seq 1:187, ack 1, win 2053, length 186
11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.],
ack 187, win 237, length 0
11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
[P.], seq 1:1469, ack 187, win 237, length 1468
11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.],
ack 1469, win 2053, length 0
11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S],
seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.],
seq 3275066862, ack 309084205, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1, win 2053, length 0
11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.],
seq 1:187, ack 1, win 2053, length 186
11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.],
ack 187, win 237, length 0
11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.],
seq 1:1469, ack 187, win 237, length 1468
11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1469, win 2053, length 0
11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.],
seq 187, ack 1469, win 2053, length 0
11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.],
seq 1469, ack 188, win 237, length 0
11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
ack 1470, win 2053, length 0
I can't "receive" anything.
I have generated the certificates and configured in the tls.cfg of
the Kamailio:
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/letsencrypt/ssl/cert.key certificate = /etc/letsencrypt/ssl/cert.crt ca_list = /etc/letsencrypt/ssl/ca.crt
Within Kamailio itself I have it configured to return a 200 KeepAlive
to Teams when it receives an OPTIONS:
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: <sip: SBC_DNS:5061;transport=tls>\r\n");
} xlog("L_INFO", "Sent out tm request: $mb\n");}
And I have measured the record_route for this new one:
record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
I have created a dispatcher.list:
# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:
SBC_IP :5061;ping_from= sip:SBC_DNS
2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
SBC_IP :5061;ping_from=sip: SBC_DNS
I think that one of the problems is that I do not send the OPTIONS to
the Teams well, since it is on their panel, it indicates that the SBC is INACTIVE.
I don't know if you could help me straighten this out a bit ...
Thank you so much for everything..
a greeting _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- VoIP Embedded, Inc. http://www.voipembedded.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-
Nasida Yuriy -
Ovidiu Sas -
Sergiu Pojoga -
sip user -
Yuriy Nasida