Hi Team,
I am trying to setup Kamailio with MS Teams Direct Routing and after resolving TLS issues now I am getting this at my dispatcher flags. Possible suggestions required.
kamcmd dispatcher.list | egrep "URI|FLAGS" URI: sip:sip.pstnhub.microsoft.com:5061;transport=tls FLAGS: IP URI: sip:sip2.pstnhub.microsoft.com:5061;transport=tls FLAGS: IP URI: sip:sip3.pstnhub.microsoft.com:5061;transport=tls FLAGS: IP
Dec 14 20:23:27 abcsbc.com /usr/sbin/kamailio[9479]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com:5061;transport=tls SIP/2.0 Via: SIP/2.0/TLS abcsbc.com:5061;branch=z9hG4bKd9f6.c2e7d2f4000000000000000000000000.0 To: sip:sip.pstnhub.microsoft.com:5061;transport=tls From: sip:abcsbc.com;tag=64ff6b492a7d9ab14de1f0b7c15c9c17-c7b52d5e CSeq: 10 OPTIONS Call-ID: 23b2dc436850e949-9479@0.0.0.0 Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (5.6.5 (x86_64/linux)) Dec 14 20:23:28 abcsbc.com /usr/sbin/kamailio[9479]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com:5061;transport=tls SIP/2.0 Via: SIP/2.0/TLS abcsbc.com:5061;branch=z9hG4bKccf6.53fea6f0000000000000000000000000.0 To: sip:sip2.pstnhub.microsoft.com:5061;transport=tls From: sip:abcsbc.com;tag=64ff6b492a7d9ab14de1f0b7c15c9c17-7a126c3a CSeq: 10 OPTIONS Call-ID: 23b2dc436850e94a-9479@0.0.0.0 Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (5.6.5 (x86_64/linux)) Dec 14 20:23:28 abcsbc.com /usr/sbin/kamailio[9479]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com:5061;transport=tls SIP/2.0 Via: SIP/2.0/TLS abcsbc.com:5061;branch=z9hG4bKdcf6.5a4f89e6000000000000000000000000.0 To: sip:sip3.pstnhub.microsoft.com:5061;transport=tls From: sip:abcsbc.com;tag=64ff6b492a7d9ab14de1f0b7c15c9c17-992aa610 CSeq: 10 OPTIONS Call-ID: 23b2dc436850e94b-9479@0.0.0.0 Max-Forwards: 70 Content-Length: 0 User-Agent: kamailio (5.6.5 (x86_64/linux))
FLAGS: *IP* - indicates inactive, probing. Can be many reasons.
Are you adding Kamailio's FQDN in the Contact for OPTIONS?
Regards, Sergiu --
*Teams PBX connector plus full MS Direct Routing automation**Web*: https://teamsphone.net
On Thu, Dec 14, 2023 at 5:50 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
Hi Team,
I am trying to setup Kamailio with MS Teams Direct Routing and after resolving TLS issues now I am getting this at my dispatcher flags. Possible suggestions required.
kamcmd dispatcher.list | egrep "URI|FLAGS" URI: sip:sip.pstnhub.microsoft.com :5061;transport=tls FLAGS: IP URI: sip:sip2.pstnhub.microsoft.com:5061;transport=tls FLAGS: IP URI: sip:sip3.pstnhub.microsoft.com:5061;transport=tls FLAGS: IP
Dec 14 20:23:27 abcsbc.com /usr/sbin/kamailio[9479]: INFO: <script>: Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com:5061;transport=tls SIP/2.0 Via: SIP/2.0/TLS abcsbc.com:5061 ;branch=z9hG4bKd9f6.c2e7d2f4000000000000000000000000.0 To: sip:sip.pstnhub.microsoft.com:5061;transport=tls From: sip: abcsbc.com;tag=64ff6b492a7d9ab14de1f0b7c15c9c17-c7b52d5e CSeq: 10 OPTIONS Call-ID: 23b2dc436850e949-9479@0.0.0.0 Max-Forwards: 70
Content-Length: 0 User-Agent: kamailio (5.6.5 (x86_64/linux)) Dec 14 20:23:28 abcsbc.com /usr/sbin/kamailio[9479]: INFO: <script>: Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com:5061;transport=tls SIP/2.0 Via: SIP/2.0/TLS abcsbc.com:5061 ;branch=z9hG4bKccf6.53fea6f0000000000000000000000000.0 To: sip:sip2.pstnhub.microsoft.com:5061;transport=tls From: sip: abcsbc.com;tag=64ff6b492a7d9ab14de1f0b7c15c9c17-7a126c3a CSeq: 10 OPTIONS Call-ID: 23b2dc436850e94a-9479@0.0.0.0 Max-Forwards: 70
Content-Length: 0 User-Agent: kamailio (5.6.5 (x86_64/linux)) Dec 14 20:23:28 abcsbc.com /usr/sbin/kamailio[9479]: INFO: <script>: Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com:5061;transport=tls SIP/2.0 Via: SIP/2.0/TLS abcsbc.com:5061 ;branch=z9hG4bKdcf6.5a4f89e6000000000000000000000000.0 To: sip:sip3.pstnhub.microsoft.com:5061;transport=tls From: sip: abcsbc.com;tag=64ff6b492a7d9ab14de1f0b7c15c9c17-992aa610 CSeq: 10 OPTIONS Call-ID: 23b2dc436850e94b-9479@0.0.0.0 Max-Forwards: 70
Content-Length: 0 User-Agent: kamailio (5.6.5 (x86_64/linux)) __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
I assumed you read the famous article on Teams Direct Routing for Kamailio so I didn't bother mentioning it.
https://skalatan.de/en/blog/kamailio-sbc-teams
Regards, Sergiu --
*Teams PBX connector plus full MS Direct Routing automation**Web*: https://teamsphone.net
On Fri, Dec 15, 2023 at 10:32 AM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
Where I can check that ? __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
yes I followed all the steps from this article.
This is the only complete guide available so far.
# Add the Microsoft Teams-specific code here event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: sip:abcsbc.com:5061;transport=tls\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); }
are you talking about this ?
kamctl dispatcher dump { "jsonrpc": "2.0", "result": { "NRSETS": 1, "RECORDS": [{ "SET": { "ID": 1, "TARGETS": [{ "DEST": { "URI": "sip:sip.pstnhub.microsoft.com:5061;transport=tls", "FLAGS": "IP", "PRIORITY": 3, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip:abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }, { "DEST": { "URI": "sip:sip2.pstnhub.microsoft.com:5061;transport=tls", "FLAGS": "IP", "PRIORITY": 2, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip:abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }, { "DEST": { "URI": "sip:sip3.pstnhub.microsoft.com:5061;transport=tls", "FLAGS": "IP", "PRIORITY": 1, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip:abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }] } }] }, "id": 19731 }
My dispatcher settings.
i am unable to get the trunk up with Microsoft . Can someone guide me how to fix this issue?
You didn't confirm if Contact was added to OPTIONS for local requests.
In Teams https://admin.teams.microsoft.com/direct-routing/v2 Admin Center https://admin.teams.microsoft.com/direct-routing/v2, do you have an enrolled SBC? What's the status of TLS, SIP OPTIONS and Enabled status?
What's the result of: *kamcmd dns.lookup SRV _sips._tcp.sip.pstnhub.microsoft.com http://tcp.sip.pstnhub.microsoft.com*
Can you ping sip.pstnhub.microsoft.com?
On Mon, Dec 18, 2023 at 1:05 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
kamctl dispatcher dump { "jsonrpc": "2.0", "result": { "NRSETS": 1, "RECORDS": [{ "SET": { "ID": 1, "TARGETS": [{ "DEST": { "URI": "sip:sip.pstnhub.microsoft.com:5061 ;transport=tls", "FLAGS": "IP", "PRIORITY": 3, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip: abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }, { "DEST": { "URI": "sip:sip2.pstnhub.microsoft.com:5061 ;transport=tls", "FLAGS": "IP", "PRIORITY": 2, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip: abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }, { "DEST": { "URI": "sip:sip3.pstnhub.microsoft.com:5061 ;transport=tls", "FLAGS": "IP", "PRIORITY": 1, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip: abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }] } }] }, "id": 19731 }
My dispatcher settings.
i am unable to get the trunk up with Microsoft . Can someone guide me how to fix this issue? __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Also, try removing the port from dispatcher's destinations, URI like
*sip:sip.pstnhub.microsoft.com http://sip.pstnhub.microsoft.com;transport=tls* Regards, Sergiu --
*Teams PBX connector plus full MS Direct Routing automation**Web*: https://teamsphone.net
On Mon, Dec 18, 2023 at 2:17 PM Sergiu Pojoga pojogas@gmail.com wrote:
You didn't confirm if Contact was added to OPTIONS for local requests.
In Teams https://admin.teams.microsoft.com/direct-routing/v2 Admin Center https://admin.teams.microsoft.com/direct-routing/v2, do you have an enrolled SBC? What's the status of TLS, SIP OPTIONS and Enabled status?
What's the result of: *kamcmd dns.lookup SRV _sips._tcp.sip.pstnhub.microsoft.com http://tcp.sip.pstnhub.microsoft.com*
Can you ping sip.pstnhub.microsoft.com?
On Mon, Dec 18, 2023 at 1:05 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
kamctl dispatcher dump { "jsonrpc": "2.0", "result": { "NRSETS": 1, "RECORDS": [{ "SET": { "ID": 1, "TARGETS": [{ "DEST": { "URI": "sip:sip.pstnhub.microsoft.com:5061 ;transport=tls", "FLAGS": "IP", "PRIORITY": 3, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip: abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }, { "DEST": { "URI": "sip:sip2.pstnhub.microsoft.com:5061 ;transport=tls", "FLAGS": "IP", "PRIORITY": 2, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip: abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }, { "DEST": { "URI": "sip:sip3.pstnhub.microsoft.com:5061 ;transport=tls", "FLAGS": "IP", "PRIORITY": 1, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip: abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }] } }] }, "id": 19731 }
My dispatcher settings.
i am unable to get the trunk up with Microsoft . Can someone guide me how to fix this issue? __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
new updated list according to the SRV records and after removing tls port.
1 sip:sip.pstnhub.microsoft.com;transport=tls 0 10 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip2.pstnhub.microsoft.com;transport=tls 0 20 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip3.pstnhub.microsoft.com;transport=tls 0 30 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip4.pstnhub.microsoft.com;transport=tls 0 40 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com
Here's my last and best trick, which eliminates Kamailio entirely from being the culprit:
*sipexer -options -contact-uri "sip:customers.teamsphone.net:5061;transport=tls" -fd "customers.teamsphone.net http://customers.teamsphone.net" -td "sip.pstnhub.microsoft.com http://sip.pstnhub.microsoft.com;transport=tls" -tls-insecure -tls-certificate "/usr/local/etc/kamailio/bundle.crt" -tls-key "/usr/local/etc/kamailio/privkey.pem" -xh "Max-Forwards: 70" -ua "Ribbon-SIPGateway" "sip:sip.pstnhub.microsoft.com:5061;transport=tls"*
If you don't get a reply from Microsoft.PSTNHub then something is awkwardly wrong in your setup, not related to Kamailio, likely Teams backend config or networking.
Note:
(1) adjust certs path to your case
(2) install sipexer if you don't have it: https://github.com/miconda/sipexer
Regards, Sergiu --
*Teams PBX connector with full MS Direct Routing automation for service providers**Web*: https://teamsphone.net
On Mon, Dec 18, 2023 at 3:23 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
new updated list according to the SRV records and after removing tls port.
1 sip:sip.pstnhub.microsoft.com;transport=tls 0 10 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip2.pstnhub.microsoft.com;transport=tls 0 20 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip3.pstnhub.microsoft.com;transport=tls 0 30 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip4.pstnhub.microsoft.com;transport=tls 0 40 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Ooops, obviously adjust the *-contact-uri* and *-fd* to your FQDN
Regards, Sergiu --
*Teams PBX connector with full MS Direct Routing automation for service providers**Web*: https://teamsphone.net
On Mon, Dec 18, 2023 at 3:35 PM Sergiu Pojoga pojogas@gmail.com wrote:
Here's my last and best trick, which eliminates Kamailio entirely from being the culprit:
*sipexer -options -contact-uri "sip:customers.teamsphone.net:5061;transport=tls" -fd "customers.teamsphone.net http://customers.teamsphone.net" -td "sip.pstnhub.microsoft.com http://sip.pstnhub.microsoft.com;transport=tls" -tls-insecure -tls-certificate "/usr/local/etc/kamailio/bundle.crt" -tls-key "/usr/local/etc/kamailio/privkey.pem" -xh "Max-Forwards: 70" -ua "Ribbon-SIPGateway" "sip:sip.pstnhub.microsoft.com:5061;transport=tls"*
If you don't get a reply from Microsoft.PSTNHub then something is awkwardly wrong in your setup, not related to Kamailio, likely Teams backend config or networking.
Note:
(1) adjust certs path to your case
(2) install sipexer if you don't have it: https://github.com/miconda/sipexer
Regards, Sergiu --
*Teams PBX connector with full MS Direct Routing automation for service providers**Web*: https://teamsphone.net
On Mon, Dec 18, 2023 at 3:23 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
new updated list according to the SRV records and after removing tls port.
1 sip:sip.pstnhub.microsoft.com;transport=tls 0 10 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip2.pstnhub.microsoft.com;transport=tls 0 20 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip3.pstnhub.microsoft.com;transport=tls 0 30 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip4.pstnhub.microsoft.com;transport=tls 0 40 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
In response to "Ooops, obviously adjust the *-contact-uri* and *-fd* to your FQDN"
where I need to add this, any specific code or guide where to add this.
Hi there,
Just to add to the above, I had a similar issue not so long ago where I was getting replies to my OPTIONS from my dispatcher destinations, but then they started rejecting them (for some unknown reason) causing all my dd's to go into flag: IP state.
I just removed my probing to those carriers in the end. Not ideal, but it solved my immediate issue.
I would confirm that the Teams Direct Routing endpoints reliably respond to all OPTIONs packets first. Or maybe just disable the probing for now as the default value for ds_probing_threshold is just "1" so any missed packets will change the flag on a default dispatcher config.
Hope it helps.
John.
On Mon, 18 Dec 2023 at 20:57, Sergiu Pojoga via sr-users < sr-users@lists.kamailio.org> wrote:
Here's my last and best trick, which eliminates Kamailio entirely from being the culprit:
*sipexer -options -contact-uri "sip:customers.teamsphone.net:5061;transport=tls" -fd "customers.teamsphone.net http://customers.teamsphone.net" -td "sip.pstnhub.microsoft.com http://sip.pstnhub.microsoft.com;transport=tls" -tls-insecure -tls-certificate "/usr/local/etc/kamailio/bundle.crt" -tls-key "/usr/local/etc/kamailio/privkey.pem" -xh "Max-Forwards: 70" -ua "Ribbon-SIPGateway" "sip:sip.pstnhub.microsoft.com:5061;transport=tls"*
If you don't get a reply from Microsoft.PSTNHub then something is awkwardly wrong in your setup, not related to Kamailio, likely Teams backend config or networking.
Note:
(1) adjust certs path to your case
(2) install sipexer if you don't have it: https://github.com/miconda/sipexer
Regards, Sergiu --
*Teams PBX connector with full MS Direct Routing automation for service providers**Web*: https://teamsphone.net
On Mon, Dec 18, 2023 at 3:23 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
new updated list according to the SRV records and after removing tls port.
1 sip:sip.pstnhub.microsoft.com;transport=tls 0 10 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip2.pstnhub.microsoft.com;transport=tls 0 20 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip3.pstnhub.microsoft.com;transport=tls 0 30 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com 1 sip:sip4.pstnhub.microsoft.com;transport=tls 0 40 socket=tls:172.31.19.8;ping_from=sip:abcsbc.com __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
but I am checking my sngrep and there are no sip traffic coming back from Microsoft.
And if it's the issue on just Kamailio but why MS teams direct routing sbc shows any tls or network activity.
*> but I am checking my sngrep and there are no sip traffic coming back from Microsoft.*
sngrep won't show anything, the traffic to/from MS is encrypted. You'll need to install and configure something like SIPDUMP or HEP.
I'm afraid this isn't the easiest of tasks for someone who seems to be just getting started with VoIP. Too many things to consider in this task.
Run the below to check if MS replies back. Besides that, I did what I could to help over email. Good luck!
*sipexer* -options -contact-uri "sip:abcsbc.com:5061;transport=tls" -fd " abcsbc.com" -td "sip.pstnhub.microsoft.com;transport=tls" \ -tls-certificate "/usr/local/etc/kamailio/bundle.crt" -tls-key "/usr/local/etc/kamailio/privkey.pem" \ -xh "Max-Forwards: 70" -ua "Ribbon-SIPGateway" "sip:sip.pstnhub.microsoft.com:5061;transport=tls"
Note: adjust certs path and FQDN, if needed.
Regards, Sergiu --
*Teams PBX connector plus full MS Direct Routing automation**Web*: https://teamsphone.net
On Mon, Dec 18, 2023 at 5:01 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
but I am checking my sngrep and there are no sip traffic coming back from Microsoft.
And if it's the issue on just Kamailio but why MS teams direct routing sbc shows any tls or network activity. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
here you go for the sipexer test below and it's successful but in the sngrep I see the options packet for alice without this command on udp when executing the default command for sipexer.
./sipexer -options -contact-uri "sip:abcsbc.com:5061;transport=tls" -fd "abcsbc.com" -td "sip.pstnhub.microsoft.com;transport=tls" -tls-insecure -tls-certificate "/etc/letsencrypt/live/abcsbc.com/fullchain.pem" -tls-key "/etc/letsencrypt/live/abcsbc.com/privkey.pem" -xh "Max-Forwards: 70" -ua "Kamailio" "sip:sip.pstnhub.microsoft.com:5061;transport=tls"
[info] [sipexer.go:1581] main.SIPExerDialogLoop(): local socket address: 172.31.19.8:51882 (tls) [info] [sipexer.go:1582] main.SIPExerDialogLoop(): local via address: 172.31.19.8:51882 [info] [sipexer.go:1583] main.SIPExerDialogLoop(): sending to tls 52.114.148.0:5061: [[--- OPTIONS sip:sip.pstnhub.microsoft.com:5061;transport=tls SIP/2.0 Via: SIP/2.0/TLS 172.31.19.8:51882;rport;branch=z9hG4bKSG.c031ebff-3cd4-4eb3-8c71-f82b3bc41b30 From: sip:alice@abcsbc.com;tag=5134186d-6804-419e-8abc-99cfe607e3b1 To: sip:bob@sip.pstnhub.microsoft.com;transport=tls Call-ID: 73f563c9-6647-4402-be59-361e4a1d40c0 CSeq: 44075 OPTIONS Date: Mon, 18 Dec 2023 22:07:12 UTC Contact: sip:abcsbc.com:5061;transport=tls User-Agent: Kamailio Max-Forwards: 10 Content-Length: 0 Max-Forwards: 70
[info] [sipexer.go:1585] main.SIPExerDialogLoop(): ---]]
[info] [sipexer.go:1636] main.SIPExerDialogLoop(): response-received: from=52.114.148.0:5061 bytes=441 data=[[--- SIP/2.0 200 OK FROM: sip:alice@abcsbc.com;tag=5134186d-6804-419e-8abc-99cfe607e3b1 TO: sip:bob@sip.pstnhub.microsoft.com;transport=tls CSEQ: 44075 OPTIONS CALL-ID: 73f563c9-6647-4402-be59-361e4a1d40c0 VIA: SIP/2.0/TLS 172.31.19.8:51882;branch=z9hG4bKSG.c031ebff-3cd4-4eb3-8c71-f82b3bc41b30;rport CONTENT-LENGTH: 0 ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY SERVER: Microsoft.PSTNHub.SIPProxy v.2023.12.11.2 i.USWE2.3
[info] [sipexer.go:1638] main.SIPExerDialogLoop(): ---]]
This is from the section in the link you mentioned (https://skalatan.de/en/blog/kamailio-sbc-teams)
# Add the Microsoft Teams-specific code here
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") {
append_hf("Contact: sip:abcsbc.com:5061;transport=tls\r\n");
}
xlog("L_INFO", "Sent out tm request: $mb\n");
}
I have added this in my code after the section
# Wrapper for relaying requests
route[RELAY] {
----- Continue scripts -----
Below is my Teams admin Center:
kamcmd dns.lookup SRV _sips._tcp.sip.pstnhub.microsoft.com
{
name: _sips._tcp.sip.pstnhub.microsoft.com
type: SRV
size_bytes: 360
reference_counter: 2
permanent: no
expires: 3600
last_used: 0
negative_entry: no
records: {
{
rr_idx: 0
rr_name: sip.pstnhub.microsoft.com
rr_port: 5061
rr_priority: 10
rr_weight: 0
rr_permanent: no
rr_expires: 3600
}
{
rr_idx: 1
rr_name: sip2.pstnhub.microsoft.com
rr_port: 5061
rr_priority: 20
rr_weight: 0
rr_permanent: no
rr_expires: 3600
}
{
rr_idx: 2
rr_name: sip3.pstnhub.microsoft.com
rr_port: 5061
rr_priority: 30
rr_weight: 0
rr_permanent: no
rr_expires: 3600
}
{
rr_idx: 3
rr_name: sip4.pstnhub.microsoft.com
rr_port: 5061
rr_priority: 40
rr_weight: 0
rr_permanent: no
rr_expires: 3600
}
}
}
From: Sergiu Pojoga pojogas@gmail.com Sent: Tuesday, December 19, 2023 12:18 AM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Cc: faisal.jamil.khan@gmail.com Subject: Re: [SR-Users] Re: Kamailio - Ms Teams direct Routing - dispatcher issues | FLAGS: IP
You didn't confirm if Contact was added to OPTIONS for local requests.
In Teams https://admin.teams.microsoft.com/direct-routing/v2 Admin Center https://admin.teams.microsoft.com/direct-routing/v2 , do you have an enrolled SBC? What's the status of TLS, SIP OPTIONS and Enabled status?
What's the result of: kamcmd dns.lookup SRV _sips._tcp.sip.pstnhub.microsoft.com http://tcp.sip.pstnhub.microsoft.com
Can you ping sip.pstnhub.microsoft.com http://sip.pstnhub.microsoft.com ?
On Mon, Dec 18, 2023 at 1:05 PM faisal.jamil.khan--- via sr-users <sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org > wrote:
kamctl dispatcher dump { "jsonrpc": "2.0", "result": { "NRSETS": 1, "RECORDS": [{ "SET": { "ID": 1, "TARGETS": [{ "DEST": { "URI": "sip:sip.pstnhub.microsoft.com:5061;transport=tls", "FLAGS": "IP", "PRIORITY": 3, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061 http://172.31.19.8:5061 ;ping_from=sip:abcsbc.com http://abcsbc.com ", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061 http://172.31.19.8:5061 ", "SOCKNAME": null, "OBPROXY": null } } }, { "DEST": { "URI": "sip:sip2.pstnhub.microsoft.com:5061;transport=tls", "FLAGS": "IP", "PRIORITY": 2, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061 http://172.31.19.8:5061 ;ping_from=sip:abcsbc.com http://abcsbc.com ", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061 http://172.31.19.8:5061 ", "SOCKNAME": null, "OBPROXY": null } } }, { "DEST": { "URI": "sip:sip3.pstnhub.microsoft.com:5061;transport=tls", "FLAGS": "IP", "PRIORITY": 1, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061 http://172.31.19.8:5061 ;ping_from=sip:abcsbc.com http://abcsbc.com ", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061 http://172.31.19.8:5061 ", "SOCKNAME": null, "OBPROXY": null } } }] } }] }, "id": 19731 }
My dispatcher settings.
i am unable to get the trunk up with Microsoft . Can someone guide me how to fix this issue? __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org mailto:sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Other ideas would be: - who signed your cert - running behind some NAT, AWS or alike?
At that point, some TLS traffic dump would help. You could for example enable the SIPDUMP module and see what exactly is sent out/received.
Regards, Sergiu -- Teams PBX connector plus full MS Direct Routing automation *Web*: https://teamsphone.net
On Mon, Dec 18, 2023 at 2:53 PM faisal.jamil.khan@gmail.com wrote:
This is from the section in the link you mentioned ( https://skalatan.de/en/blog/kamailio-sbc-teams)
# Add the Microsoft Teams-specific code here
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: <sip:abcsbc.com:5061;transport=tls>\r\n");
} xlog("L_INFO", "Sent out tm request: $mb\n");}
I have added this in my code after the section
# Wrapper for relaying requests
route[RELAY] {
----- Continue scripts -----
Below is my Teams admin Center:
kamcmd dns.lookup SRV _sips._tcp.sip.pstnhub.microsoft.com
{
name: _sips._tcp.sip.pstnhub.microsoft.com type: SRV size_bytes: 360 reference_counter: 2 permanent: no expires: 3600 last_used: 0 negative_entry: no records: { { rr_idx: 0 rr_name: sip.pstnhub.microsoft.com rr_port: 5061 rr_priority: 10 rr_weight: 0 rr_permanent: no rr_expires: 3600 } { rr_idx: 1 rr_name: sip2.pstnhub.microsoft.com rr_port: 5061 rr_priority: 20 rr_weight: 0 rr_permanent: no rr_expires: 3600 } { rr_idx: 2 rr_name: sip3.pstnhub.microsoft.com rr_port: 5061 rr_priority: 30 rr_weight: 0 rr_permanent: no rr_expires: 3600 } { rr_idx: 3 rr_name: sip4.pstnhub.microsoft.com rr_port: 5061 rr_priority: 40 rr_weight: 0 rr_permanent: no rr_expires: 3600 } }}
*From:* Sergiu Pojoga pojogas@gmail.com *Sent:* Tuesday, December 19, 2023 12:18 AM *To:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org *Cc:* faisal.jamil.khan@gmail.com *Subject:* Re: [SR-Users] Re: Kamailio - Ms Teams direct Routing - dispatcher issues | FLAGS: IP
You didn't confirm if Contact was added to OPTIONS for local requests.
In Teams https://admin.teams.microsoft.com/direct-routing/v2 Admin Center https://admin.teams.microsoft.com/direct-routing/v2, do you have an enrolled SBC? What's the status of TLS, SIP OPTIONS and Enabled status?
What's the result of: *kamcmd dns.lookup SRV _sips._tcp.sip.pstnhub.microsoft.com http://tcp.sip.pstnhub.microsoft.com*
Can you ping sip.pstnhub.microsoft.com?
On Mon, Dec 18, 2023 at 1:05 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
kamctl dispatcher dump { "jsonrpc": "2.0", "result": { "NRSETS": 1, "RECORDS": [{ "SET": { "ID": 1, "TARGETS": [{ "DEST": { "URI": "sip:sip.pstnhub.microsoft.com:5061;transport=tls ", "FLAGS": "IP", "PRIORITY": 3, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip: abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }, { "DEST": { "URI": "sip:sip2.pstnhub.microsoft.com:5061;transport=tls ", "FLAGS": "IP", "PRIORITY": 2, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip: abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }, { "DEST": { "URI": "sip:sip3.pstnhub.microsoft.com:5061;transport=tls ", "FLAGS": "IP", "PRIORITY": 1, "ATTRS": { "BODY": "socket=tls:172.31.19.8:5061;ping_from=sip: abcsbc.com", "DUID": null, "MAXLOAD": 0, "WEIGHT": 0, "RWEIGHT": 0, "SOCKET": "tls:172.31.19.8:5061", "SOCKNAME": null, "OBPROXY": null } } }] } }] }, "id": 19731 }
My dispatcher settings.
i am unable to get the trunk up with Microsoft . Can someone guide me how to fix this issue? __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio is installed on AWS obviously behind NAT.
Cert signed: Let's ecncrypt
However, I have a questions here:
I have a registered account at faisal@7v840c.onmicrosoft.com but the domain for which we created SBC is abcsbc.com and we have an active user faisal.ahmad@abcsbc.com under the domain.
We have created the SBC under voice routing on this account faisal@7v840c.onmicrosoft.com.
SBC Network effectiveness TLS connectivity status SIP OPtions status abcsbc.com 0% Inactive Warning
Is this the correct way to setup SBC under the main account or should I have to create the sbc by logging in to the account of faisal.ahmad@abcsbc.com.
Voila, that's likely your problem.
*.onmicrosoft.com http://onmicrosoft.com* domains are not eligible for Direct Routing.
When activating the SBC, the UPN's domain part must be the same as the FQDN of the SBC you're adding.
Essentially, you have to do it all within the *abcsbc.com http://abcsbc.com* AAD tenant, logged in as a superuser part of the same *abcsbc.com http://abcsbc.com* domain, matching the SBC's FQDN.
Regards, Sergiu --
*Teams PBX connector with full MS Direct Routing automation for service providers**Web*: https://teamsphone.net
On Mon, Dec 18, 2023 at 3:47 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
Kamailio is installed on AWS obviously behind NAT.
Cert signed: Let's ecncrypt
However, I have a questions here:
I have a registered account at faisal@7v840c.onmicrosoft.com but the domain for which we created SBC is abcsbc.com and we have an active user faisal.ahmad@abcsbc.com under the domain.
We have created the SBC under voice routing on this account faisal@7v840c.onmicrosoft.com.
SBC Network effectiveness TLS connectivity status SIP OPtions status abcsbc.com 0% Inactive Warning
Is this the correct way to setup SBC under the main account or should I have to create the sbc by logging in to the account of faisal.ahmad@abcsbc.com. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
so you mean I have to login from the user faisal.ahmad@abcsbc.com and then create the sbc there.
but I have verified the domain in my faisal@7v840c.onmicrosoft.com. and then created the SBC.
Let me explain you in more detail here.
I have created a user under the main account faisal@7v840c.onmicrosoft.com in the portal admin.microsoft.com
The user created with the domain used for SBC is abcsbc.com and the new user is faisal.ahmad@abcsbc.com
This domain abcsbc.com was verified from the main account faisal@7v840c.onmicrosoft.com and I have added all the routes to my AWS domain registrar from Microsoft.
So what do you think now?
when i tried to login via the user faisal.ahmad@abcsbc.com on admin.teams.microsoft.com, it gives me the error that you don't have access to the Teams admin center.
What's the role of faisal.ahmad@abcsbc.com, is it Global Administrator?
On Mon, Dec 18, 2023 at 4:38 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
when i tried to login via the user faisal.ahmad@abcsbc.com on admin.teams.microsoft.com, it gives me the error that you don't have access to the Teams admin center. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
the Global administrator is faisal@7v840c.onmicrosoft.com and this faisal.ahmad@abcsbc.com is the user created for the domain abcsbc.com.
The global account is the development test account with the Teams license without calling. But with this license you will be able to test the Teams trunking.
here you go for the sipexer test below and it's successful but in the sngrep I see the options packet for alice without this command on udp when executing the default command for sipexer.
./sipexer -options -contact-uri "sip:abcsbc.com:5061;transport=tls" -fd "abcsbc.com" -td "sip.pstnhub.microsoft.com;transport=tls" -tls-insecure -tls-certificate "/etc/letsencrypt/live/abcsbc.com/fullchain.pem" -tls-key "/etc/letsencrypt/live/abcsbc.com/privkey.pem" -xh "Max-Forwards: 70" -ua "Kamailio" "sip:sip.pstnhub.microsoft.com:5061;transport=tls"
[info] [sipexer.go:1581] main.SIPExerDialogLoop(): local socket address: 172.31.19.8:51882 (tls) [info] [sipexer.go:1582] main.SIPExerDialogLoop(): local via address: 172.31.19.8:51882 [info] [sipexer.go:1583] main.SIPExerDialogLoop(): sending to tls 52.114.148.0:5061: [[--- OPTIONS sip:sip.pstnhub.microsoft.com:5061;transport=tls SIP/2.0 Via: SIP/2.0/TLS 172.31.19.8:51882;rport;branch=z9hG4bKSG.c031ebff-3cd4-4eb3-8c71-f82b3bc41b30 From: sip:alice@abcsbc.com;tag=5134186d-6804-419e-8abc-99cfe607e3b1 To: sip:bob@sip.pstnhub.microsoft.com;transport=tls Call-ID: 73f563c9-6647-4402-be59-361e4a1d40c0 CSeq: 44075 OPTIONS Date: Mon, 18 Dec 2023 22:07:12 UTC Contact: sip:abcsbc.com:5061;transport=tls User-Agent: Kamailio Max-Forwards: 10 Content-Length: 0 Max-Forwards: 70
[info] [sipexer.go:1585] main.SIPExerDialogLoop(): ---]]
[info] [sipexer.go:1636] main.SIPExerDialogLoop(): response-received: from=52.114.148.0:5061 bytes=441 data=[[--- SIP/2.0 200 OK FROM: sip:alice@abcsbc.com;tag=5134186d-6804-419e-8abc-99cfe607e3b1 TO: sip:bob@sip.pstnhub.microsoft.com;transport=tls CSEQ: 44075 OPTIONS CALL-ID: 73f563c9-6647-4402-be59-361e4a1d40c0 VIA: SIP/2.0/TLS 172.31.19.8:51882;branch=z9hG4bKSG.c031ebff-3cd4-4eb3-8c71-f82b3bc41b30;rport CONTENT-LENGTH: 0 ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY SERVER: Microsoft.PSTNHub.SIPProxy v.2023.12.11.2 i.USWE2.3
[info] [sipexer.go:1638] main.SIPExerDialogLoop(): ---]]
There you go, sipexer test passed, which means all good on the MS side. Alice/Bob uri username doesn't change anything here, ignore it.
Another idea: do you have *force_rport* anywhere in the Kamailio script? Would be helpful to see the full script as well.
Regards, Sergiu --
*Teams PBX connector plus full MS Direct Routing automation**Web*: https://teamsphone.net
On Mon, Dec 18, 2023 at 5:33 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
the Global administrator is faisal@7v840c.onmicrosoft.com and this faisal.ahmad@abcsbc.com is the user created for the domain abcsbc.com.
The global account is the development test account with the Teams license without calling. But with this license you will be able to test the Teams trunking.
here you go for the sipexer test below and it's successful but in the sngrep I see the options packet for alice without this command on udp when executing the default command for sipexer.
./sipexer -options -contact-uri "sip:abcsbc.com:5061;transport=tls" -fd " abcsbc.com" -td "sip.pstnhub.microsoft.com;transport=tls" -tls-insecure -tls-certificate "/etc/letsencrypt/live/abcsbc.com/fullchain.pem" -tls-key "/etc/letsencrypt/live/abcsbc.com/privkey.pem" -xh "Max-Forwards: 70" -ua "Kamailio" "sip:sip.pstnhub.microsoft.com:5061 ;transport=tls"
[info] [sipexer.go:1581] main.SIPExerDialogLoop(): local socket address: 172.31.19.8:51882 (tls) [info] [sipexer.go:1582] main.SIPExerDialogLoop(): local via address: 172.31.19.8:51882 [info] [sipexer.go:1583] main.SIPExerDialogLoop(): sending to tls 52.114.148.0:5061: [[--- OPTIONS sip:sip.pstnhub.microsoft.com:5061;transport=tls SIP/2.0 Via: SIP/2.0/TLS 172.31.19.8:51882 ;rport;branch=z9hG4bKSG.c031ebff-3cd4-4eb3-8c71-f82b3bc41b30 From: sip:alice@abcsbc.com;tag=5134186d-6804-419e-8abc-99cfe607e3b1 To: sip:bob@sip.pstnhub.microsoft.com;transport=tls Call-ID: 73f563c9-6647-4402-be59-361e4a1d40c0 CSeq: 44075 OPTIONS Date: Mon, 18 Dec 2023 22:07:12 UTC Contact: sip:abcsbc.com:5061;transport=tls User-Agent: Kamailio Max-Forwards: 10 Content-Length: 0 Max-Forwards: 70
[info] [sipexer.go:1585] main.SIPExerDialogLoop(): ---]]
[info] [sipexer.go:1636] main.SIPExerDialogLoop(): response-received: from= 52.114.148.0:5061 bytes=441 data=[[--- SIP/2.0 200 OK FROM: sip:alice@abcsbc.com;tag=5134186d-6804-419e-8abc-99cfe607e3b1 TO: sip:bob@sip.pstnhub.microsoft.com;transport=tls CSEQ: 44075 OPTIONS CALL-ID: 73f563c9-6647-4402-be59-361e4a1d40c0 VIA: SIP/2.0/TLS 172.31.19.8:51882 ;branch=z9hG4bKSG.c031ebff-3cd4-4eb3-8c71-f82b3bc41b30;rport CONTENT-LENGTH: 0 ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY SERVER: Microsoft.PSTNHub.SIPProxy v.2023.12.11.2 i.USWE2.3
[info] [sipexer.go:1638] main.SIPExerDialogLoop(): ---]] __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
No problem I am sharing the full code of Kamailio.cfg and dispatcher active list. Here below is my kamailio.cfg
this below is dispatcher.list https://pastebin.com/qx77Bvi8
if anyother code required you can ask me. And really thankful to helping me in this.
this is my tls config
this is the kamctl file https://pastebin.com/Cy4aCtbm
Two things:
1. You're not paying attention. Previously, I asked if there's *force_rport()* in your kam config. Looks like you do. Remove it from the REQINIT route. 2. Are you sure Kamailio can read the cert and key files from */etc/letsencrypt/live/**abcsbc.com/ http://abcsbc.com/*? By default, those files may not be readable by kamailio, depending if you run it under root or kamailio user. Change the folder permissions or better yet copy the cert and key to some /tmp/ folder and adjust config for testing purpose sake. 3. You don't need *[server:172.31.19.8:5061 http://172.31.19.8:5061] & [client:172.31.19.8:5061 http://172.31.19.8:5061]* definitions in tls.cfg, default will suffice. 4. To avoid all this back and forth, enable debugging https://kamailio.org/docs/modules/devel/modules/debugger.html in Kamailio and see if there's any errors like Kam not being able to load certs and priv keys e.t.c
Regards, Sergiu --
*Teams PBX connector plus full MS Direct Routing automation**Web*: https://teamsphone.net
On Mon, Dec 18, 2023 at 8:21 PM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
this is my tls config
this is the kamctl file https://pastebin.com/Cy4aCtbm __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
1. You're not paying attention. Previously, I asked if there's *force_rport()* in your kam config. Looks like you do. Remove it from the REQINIT route.
-- Removed and restarted Kamailio to test with this setting, no impact
2. Are you sure Kamailio can read the cert and key files from */etc/letsencrypt/live/**abcsbc.com/ http://abcsbc.com/*? By default, those files may not be readable by kamailio, depending if you run it under root or kamailio user. Change the folder permissions or better yet copy the cert and key to some /tmp/ folder and adjust config for testing purpose sake.
-- Yes, it's reading the certificates because otherwise it gives the permissions error at Kamailio start and won't listen on tls port. tls: 172.31.19.8:5061 advertise abcsbc.com:5061
3. You don't need *[server:172.31.19.8:5061 http://172.31.19.8:5061] & [client:172.31.19.8:5061 http://172.31.19.8:5061]* definitions in tls.cfg, default will suffice.
-- I already tested this with default but because it's on AWS so it looks for tls and sni back at the local ip at the socket. and when we don't define it, it will give the following error which I already opened the case and fixed it with these settings and now tls hanshake is successful.
Error: Dec 12 19:32:55 abcsbc.com /usr/sbin/kamailio[23865]: ERROR: tls [tls_util.h:49]: tls_err_ret(): TLS write:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (sni: unknown)
4. To avoid all this back and forth, enable debugging https://kamailio.org/docs/modules/devel/modules/debugger.html in Kamailio and see if there's any errors like Kam not being able to load certs and priv keys e.t.c
-- I have enabled the debugging logs with the following configs and after the restart kamailio.log is in the pastebin link. ####### Global Parameters #########
/* LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR, ... */ #debug=DBGLEVEL debug=3
/* set to 'yes' to print log messages to terminal or use '-E' cli option */ log_stderror=no
memdbg=5 memlog=5
log_facility=LOG_LOCAL0 log_prefix="{$mt $hdr(CSeq) $ci} "
Here 's the problem
From the logs of dispatcher, I have pasted below only one log of dispatcher failure. it seems to be timeout from microsoft.
Dec 19 06:16:46 curemsteamssbc /usr/sbin/kamailio[30957]: DEBUG: dispatcher [dispatch.c:3680]: ds_options_callback(): OPTIONS-Request was finished with code 408 (to sip:sip3.pstnhub.microsoft.com;transport=tls, group 1)
This dispatcher log clearly showing that Option request was finished with 408 from Microsoft. so it means Kamailio is not receiving back anything from Microsoft for it's Option request.
what you suggest now ?
*> what you suggest now ?*
Start praying? LOL
Do an SSL test, any issues? https://decoder.link/sslchecker/abcsbc.com/5061
Regards,
On Tue, Dec 19, 2023 at 1:46 AM faisal.jamil.khan--- via sr-users < sr-users@lists.kamailio.org> wrote:
Here 's the problem
From the logs of dispatcher, I have pasted below only one log of dispatcher failure. it seems to be timeout from microsoft.
Dec 19 06:16:46 curemsteamssbc /usr/sbin/kamailio[30957]: DEBUG: dispatcher [dispatch.c:3680]: ds_options_callback(): OPTIONS-Request was finished with code 408 (to sip:sip3.pstnhub.microsoft.com;transport=tls, group 1)
This dispatcher log clearly showing that Option request was finished with 408 from Microsoft. so it means Kamailio is not receiving back anything from Microsoft for it's Option request.
what you suggest now ? __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Hahah LOL seriously I am just sucked up.
It's all good. We have not detected any issues.
Hostname: Matches Common Name or/and SAN Expired: No (78 days till expiration) Public Key: We were unable to find any issues in the public key of end-entity certificate Trusted: Yes, we were able to verify the certificate Self-Signed: No, the end-entity certificate is not self-signed Chain Issues: No, we were unable to detect any issues in the certificate chain sent by the server Weak signatures: No, certificates sent by the server were not signed utilizing a weak hash function OCSP Status: OCSP Responder returned "good" status for the end-entity certificate
I have flowroute Carrier, Can we setup trunk with Flowroute to test if it works fine or not. in this way at least we can test our kamailio if it works fine.
should I create the Flowroute trunk in the same way as it also has techprefix, username and password.
-
faisal.jamil.khan@gmail.com -
Sergiu Pojoga -
Who AmI