Hi,
Am using Kamailio 5.1.9 version
My Setup : client1 -> kamailio server 1 ( IP : 10.211.160.172) ----> kamailio server 2( IP : 10.211.160.176) -> client2
I have a scenario where kamailio server 1 has to initiate an outgoing tls connection to kamailio server 2, i have set the server_name and server_id in the client profile in tls.cfg like below on kamailio server 1
[client:default] verify_certificate = no require_certificate = no server_name = mahesh.client.com
[client:10.211.160.172:5061] method = TLSv1+ verify_certificate = yes require_certificate = yes private_key = /root/mahesh_openssl/profile2/btip_172_server_private.key certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt cipher_list = RSA verify_depth = 9 server_name = btip.176.com server_id = btip.176.com
And in sar.cfg
$xavp(tls=>server_name)="btip.176.com"; $xavp(tls=>server_id)="btip.176.com"; $du = "sip:10.211.160.176:5061;transport=tls"; .... t_relay();
What i observe is that , when client hello is sent by 10.211.160.172 to 10.211.160.176, i dont see Extension server_name being sent. Am i missing anything. Please help !
Hi , I further went thru the logs of kamailio, and i see the below happening.
tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with outbound server name not found tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with outbound server id: btip.176.com
Its strange its able to find the client profile based on server_id , but not able to find using the server_name
In tls_complete_init( )
if (c->flags & F_CONN_PASSIVE) { state=S_TLS_ACCEPTING; dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV, &c->rcv.dst_ip, c->rcv.dst_port, 0, 0); } else { state=S_TLS_CONNECTING; sname = tls_get_connect_server_name(); srvid = tls_get_connect_server_id(); dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI, &c->rcv.dst_ip, c->rcv.dst_port, sname, srvid); }
Am acting as client, so it will hit the else part
the call to sname = tls_get_connect_server_name(); //failed with below logs tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with outbound server name not found
the call to srvid = tls_get_connect_server_id(); // success with below logs tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with outbound server id: btip.176.com
And futher down in the function : as sname is NULL, it is not setting the server name extension in client hello message.
#ifndef OPENSSL_NO_TLSEXT if (sname!=NULL) { if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) { if (data->ssl) SSL_free(data->ssl); if (data->rwbio) BIO_free(data->rwbio); goto error; } LM_DBG("outbound TLS server name set to: %s\n", sname->s); } #endif
Am i missing anything here w.r.t configuration ? or is it a bug ? which has been fixed in later versions ? Please help !!
Regards, Mahesh.B
On Thu, Dec 19, 2019 at 5:53 PM mahesh b mahesh.b.2487@gmail.com wrote:
Hi,
Am using Kamailio 5.1.9 version
My Setup : client1 -> kamailio server 1 ( IP : 10.211.160.172) ----> kamailio server 2( IP : 10.211.160.176) -> client2
I have a scenario where kamailio server 1 has to initiate an outgoing tls connection to kamailio server 2, i have set the server_name and server_id in the client profile in tls.cfg like below on kamailio server 1
[client:default] verify_certificate = no require_certificate = no server_name = mahesh.client.com
[client:10.211.160.172:5061] method = TLSv1+ verify_certificate = yes require_certificate = yes private_key = /root/mahesh_openssl/profile2/btip_172_server_private.key certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt cipher_list = RSA verify_depth = 9 server_name = btip.176.com server_id = btip.176.com
And in sar.cfg
$xavp(tls=>server_name)="btip.176.com"; $xavp(tls=>server_id)="btip.176.com"; $du = "sip:10.211.160.176:5061;transport=tls"; .... t_relay();
What i observe is that , when client hello is sent by 10.211.160.172 to 10.211.160.176, i dont see Extension server_name being sent. Am i missing anything. Please help !
Hello,
you add two $xavp(tls=>...) with the operations you do, change to:
$xavp(tls=>server_name)="btip.176.com"; $xavp(tls[0]=>server_id)="btip.176.com";
so the server_id is added to the existing $xavp(tls->...) instead of creating a new one that doesn have server_name.
Cheers, Daniel
On 20.12.19 07:39, mahesh b wrote:
Hi , I further went thru the logs of kamailio, and i see the below happening.
tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with outbound server name not found tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with outbound server id: btip.176.com http://btip.176.com
Its strange its able to find the client profile based on server_id , but not able to find using the server_name
In tls_complete_init( )
if (c->flags & F_CONN_PASSIVE) { state=S_TLS_ACCEPTING; dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV, &c->rcv.dst_ip, c->rcv.dst_port, 0, 0); } else { state=S_TLS_CONNECTING; sname = tls_get_connect_server_name(); srvid = tls_get_connect_server_id(); dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI, &c->rcv.dst_ip, c->rcv.dst_port, sname, srvid); }
Am acting as client, so it will hit the else part
the call to sname = tls_get_connect_server_name(); //failed with below logs tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with outbound server name not found
the call to srvid = tls_get_connect_server_id(); // success with below logs tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with outbound server id: btip.176.com http://btip.176.com
And futher down in the function : as sname is NULL, it is not setting the server name extension in client hello message.
#ifndef OPENSSL_NO_TLSEXT if (sname!=NULL) { if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) { if (data->ssl) SSL_free(data->ssl); if (data->rwbio) BIO_free(data->rwbio); goto error; } LM_DBG("outbound TLS server name set to: %s\n", sname->s); } #endif
Am i missing anything here w.r.t configuration ? or is it a bug ? which has been fixed in later versions ? Please help !!
Regards, Mahesh.B
On Thu, Dec 19, 2019 at 5:53 PM mahesh b <mahesh.b.2487@gmail.com mailto:mahesh.b.2487@gmail.com> wrote:
Hi, Am using Kamailio 5.1.9 version My Setup : client1 -> kamailio server 1 ( IP : 10.211.160.172) ----> kamailio server 2( IP : 10.211.160.176) -> client2 I have a scenario where kamailio server 1 has to initiate an outgoing tls connection to kamailio server 2, i have set the server_name and server_id in the client profile in tls.cfg like below on kamailio server 1 [client:default] verify_certificate = no require_certificate = no server_name = mahesh.client.com <http://mahesh.client.com> [client:10.211.160.172:5061 <http://10.211.160.172:5061>] method = TLSv1+ verify_certificate = yes require_certificate = yes private_key = /root/mahesh_openssl/profile2/btip_172_server_private.key certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt cipher_list = RSA verify_depth = 9 server_name = btip.176.com <http://btip.176.com> server_id = btip.176.com <http://btip.176.com> And in sar.cfg $xavp(tls=>server_name)="btip.176.com <http://btip.176.com>"; $xavp(tls=>server_id)="btip.176.com <http://btip.176.com>"; $du = "sip:10.211.160.176:5061;transport=tls"; .... t_relay(); What i observe is that , when client hello is sent by 10.211.160.172 to 10.211.160.176, i dont see Extension server_name being sent. Am i missing anything. Please help !
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi,
I'm testing the integration of CGRates v0.9.1~rc8 with a copy of Kamailio v5.2.5 already working in production. I'm experiencing several problems when Kamailio and CGRates communicates over evapi and exchanges events via JSON RPCs.
Has someone integrated CGRates with Kamailio to build a robust Prepaid System and could then share some information like:
- what version of Kamailio\CGRates integrates fine? - relevant part of kamailio.cfg/cgrates.json configuration files?
Any other helps is really appreciated.
I take this opportunity to wish everyone a Merry Christmas and all the best for 2020.
Emanuele Federico
Hi Emanuele,
Yes it's doable, not easy to put it all together at first. We have it running in production, can't really share entire snippets of script/config due to our company's policy.
# cgr-console --version CGRateS 0.9.1~rc8 git+4030357 (2019-10-10T10:56:04+02:00)
# kamailio -v version: kamailio 5.1.9
What challenges are you facing? May be post your troubles here and people will try to help.
You must have read it already, there's a Kamailio integration tutorial at https://cgrates.readthedocs.io/en/latest/tut_kamailio.html
Cheers.
On Fri, Dec 20, 2019 at 12:11 PM Emanuele Federico kam.list@nhm.it wrote:
Hi,
I'm testing the integration of CGRates v0.9.1~rc8 with a copy of Kamailio v5.2.5 already working in production. I'm experiencing several problems when Kamailio and CGRates communicates over evapi and exchanges events via JSON RPCs.
Has someone integrated CGRates with Kamailio to build a robust Prepaid System and could then share some information like:
- what version of Kamailio\CGRates integrates fine?
- relevant part of kamailio.cfg/cgrates.json configuration files?
Any other helps is really appreciated.
I take this opportunity to wish everyone a Merry Christmas and all the best for 2020.
Emanuele Federico
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi Sergiu,
thanks for your reply. With Kamailio v5.1.9 and CGRateS 0.9.1~rc8 git+fc97b08 (2020-01-02T16:01:14+01:00) all works fine!
I'm going to investigate in depth why Kamailio v5.2.5 does not able to correctly parse messages coming from CGRates even if configuration are the same over the two different version.
Could you please share the libev and libevent packages installed on your environment?
Many thanks in advance.
Emanuele
Il 2019-12-20 19:54 Sergiu Pojoga ha scritto:
Hi Emanuele,
Yes it's doable, not easy to put it all together at first. We have it running in production, can't really share entire snippets of script/config due to our company's policy.
# cgr-console --version CGRateS 0.9.1~rc8 git+4030357 (2019-10-10T10:56:04+02:00)
# kamailio -v version: kamailio 5.1.9
What challenges are you facing? May be post your troubles here and people will try to help.
You must have read it already, there's a Kamailio integration tutorial at https://cgrates.readthedocs.io/en/latest/tut_kamailio.html
Cheers.
On Fri, Dec 20, 2019 at 12:11 PM Emanuele Federico kam.list@nhm.it wrote:
Hi,
I'm testing the integration of CGRates v0.9.1~rc8 with a copy of Kamailio v5.2.5 already working in production. I'm experiencing several problems when Kamailio and CGRates communicates over evapi and exchanges events via JSON RPCs.
Has someone integrated CGRates with Kamailio to build a robust Prepaid System and could then share some information like:
- what version of Kamailio\CGRates integrates fine?
- relevant part of kamailio.cfg/cgrates.json configuration files?
Any other helps is really appreciated.
I take this opportunity to wish everyone a Merry Christmas and all the best for 2020.
Emanuele Federico
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Voila!
ii libev-dev 1:4.15-3 amd64 static library, header files, and docs for libev ii libevent-dev 2.0.21-stable-2+deb8u1 amd64 Asynchronous event notification library (development files)
Also, your problem could be related to the max size of $jsonrpl(body) discussed in the 2 threads below.
https://lists.kamailio.org/pipermail/sr-users/2019-October/107194.html https://lists.kamailio.org/pipermail/sr-users/2019-October/107092.html
Cheers.
On Tue, Jan 7, 2020 at 5:08 AM Emanuele Federico kam.list@nhm.it wrote:
Hi Sergiu,
thanks for your reply. With Kamailio v5.1.9 and CGRateS 0.9.1~rc8 git+fc97b08 (2020-01-02T16:01:14+01:00) all works fine!
I'm going to investigate in depth why Kamailio v5.2.5 does not able to correctly parse messages coming from CGRates even if configuration are the same over the two different version.
Could you please share the libev and libevent packages installed on your environment?
Many thanks in advance.
Emanuele
Il 2019-12-20 19:54 Sergiu Pojoga ha scritto:
Hi Emanuele,
Yes it's doable, not easy to put it all together at first. We have it running in production, can't really share entire snippets of script/config due to our company's policy.
# cgr-console --version CGRateS 0.9.1~rc8 git+4030357 (2019-10-10T10:56:04+02:00)
# kamailio -v version: kamailio 5.1.9
What challenges are you facing? May be post your troubles here and people will try to help.
You must have read it already, there's a Kamailio integration tutorial at https://cgrates.readthedocs.io/en/latest/tut_kamailio.html
Cheers.
On Fri, Dec 20, 2019 at 12:11 PM Emanuele Federico kam.list@nhm.it wrote:
Hi,
I'm testing the integration of CGRates v0.9.1~rc8 with a copy of Kamailio v5.2.5 already working in production. I'm experiencing several problems when Kamailio and CGRates communicates over evapi and exchanges events via JSON RPCs.
Has someone integrated CGRates with Kamailio to build a robust Prepaid System and could then share some information like:
- what version of Kamailio\CGRates integrates fine?
- relevant part of kamailio.cfg/cgrates.json configuration files?
Any other helps is really appreciated.
I take this opportunity to wish everyone a Merry Christmas and all the best for 2020.
Emanuele Federico
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Thank you Daniel, That Resolved my problem.
It would be helpful if in this link http://www.kamailio.org/docs/modules/5.1.x/modules/tls.html
In section 9.32. xavp_cfg (string)
the example can be updated from : ... modparam("tls", "xavp_cfg", "tls") ... $xavp(tls=>server_name) = "kamailio.org"; $xavp(tls=>server_id) = "kamailio.org"; $du = "sip:kamailio.org:5061;transport=tls"; route(RELAY); ...
to : ... modparam("tls", "xavp_cfg", "tls") ... $xavp(tls=>server_name) = "kamailio.org"; $xavp(tls[0]=>server_id) = "kamailio.org"; $du = "sip:kamailio.org:5061;transport=tls"; route(RELAY); ...
Regards, Mahesh.B
On Fri, Dec 20, 2019 at 7:51 PM Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
you add two $xavp(tls=>...) with the operations you do, change to:
$xavp(tls=>server_name)="btip.176.com"; $xavp(tls[0]=>server_id)="btip.176.com";
so the server_id is added to the existing $xavp(tls->...) instead of creating a new one that doesn have server_name.
Cheers, Daniel On 20.12.19 07:39, mahesh b wrote:
Hi , I further went thru the logs of kamailio, and i see the below happening.
tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with outbound server name not found tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with outbound server id: btip.176.com
Its strange its able to find the client profile based on server_id , but not able to find using the server_name
In tls_complete_init( )
if (c->flags & F_CONN_PASSIVE) { state=S_TLS_ACCEPTING; dom = tls_lookup_cfg(cfg, TLS_DOMAIN_SRV, &c->rcv.dst_ip, c->rcv.dst_port, 0, 0); } else { state=S_TLS_CONNECTING; sname = tls_get_connect_server_name(); srvid = tls_get_connect_server_id(); dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI, &c->rcv.dst_ip, c->rcv.dst_port, sname, srvid); }
Am acting as client, so it will hit the else part
the call to sname = tls_get_connect_server_name(); //failed with below logs tls [tls_server.c:169]: tls_get_connect_server_name[]: xavp with outbound server name not found
the call to srvid = tls_get_connect_server_id(); // success with below logs tls [tls_server.c:152]: tls_get_connect_server_id[]: found xavp with outbound server id: btip.176.com
And futher down in the function : as sname is NULL, it is not setting the server name extension in client hello message.
#ifndef OPENSSL_NO_TLSEXT if (sname!=NULL) { if(!SSL_set_tlsext_host_name(data->ssl, sname->s)) { if (data->ssl) SSL_free(data->ssl); if (data->rwbio) BIO_free(data->rwbio); goto error; } LM_DBG("outbound TLS server name set to: %s\n", sname->s); } #endif
Am i missing anything here w.r.t configuration ? or is it a bug ? which has been fixed in later versions ? Please help !!
Regards, Mahesh.B
On Thu, Dec 19, 2019 at 5:53 PM mahesh b mahesh.b.2487@gmail.com wrote:
Hi,
Am using Kamailio 5.1.9 version
My Setup : client1 -> kamailio server 1 ( IP : 10.211.160.172) ----> kamailio server 2( IP : 10.211.160.176) -> client2
I have a scenario where kamailio server 1 has to initiate an outgoing tls connection to kamailio server 2, i have set the server_name and server_id in the client profile in tls.cfg like below on kamailio server 1
[client:default] verify_certificate = no require_certificate = no server_name = mahesh.client.com
[client:10.211.160.172:5061] method = TLSv1+ verify_certificate = yes require_certificate = yes private_key = /root/mahesh_openssl/profile2/btip_172_server_private.key certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt cipher_list = RSA verify_depth = 9 server_name = btip.176.com server_id = btip.176.com
And in sar.cfg
$xavp(tls=>server_name)="btip.176.com"; $xavp(tls=>server_id)="btip.176.com"; $du = "sip:10.211.160.176:5061;transport=tls"; .... t_relay();
What i observe is that , when client hello is sent by 10.211.160.172 to 10.211.160.176, i dont see Extension server_name being sent. Am i missing anything. Please help !
Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
-
Daniel-Constantin Mierla -
Emanuele Federico -
mahesh b -
Sergiu Pojoga