Hi, I have two instances of Kamailio acting as edge proxies. One on the customer side and one on the agent side. Like: customer -> proxy1 -> proxy2 -> agent. Both customer and agent are registered to proxy1/proxy2 via TLS.
However when proxy1 forwards to proxy2, it is using UDP. How can I force it to use TLS? Attached is the result of nslookup on the domain: translation.sms-test.cyracom.com.
Thanks Pranathi
[cid:image001.jpg@01D27631.42773770]
From: sr-users [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Ryan Wagoner Sent: Tuesday, January 24, 2017 8:26 AM To: sr-users@lists.sip-router.org Subject: [SR-Users] Asterisk Proxy Multiple Devices / BLF Issues
I'm following the latest Kamailio and Asterisk Realtime guide to offload registrations from my FreePBX / Asterisk setup and possibly load balance down the road. I'm running Kamailio 4.4.5 and Asterisk 11.6-cert15. I realize FreePBX isn't realtime and will work around that with a database view, etc.
I was excited to see Kamailio will handle multiple devices registering to the same device/extension and placing / receiving calls works. I did run into an issue when any device unregisters Kamailio always forwards the register with expires 0 to Asterisk. To workaround this I modified the route[REGFWD] and added the if($hdr(Expires)==$null) chunk of code. I wanted to use caller->count, but ran into stale contact records with expires set to deleted. I then tried enumerating the contacts, but don't understand why ulc(caller->expires) is 10 when kamctl ul show shows expires deleted. The code below works, but I was hoping for an explanation of the expires = 10 or if there was a better way to handle this scenario.
Additionally I enabled presence (WITH_PRESENCE) but Kamailio responds 489 bad event for subscribe requests from devices registered to it. I was hoping it would proxy these to Asterisk for BLF support. If somebody could point me in the right direction it would be appreciated.
# Forward REGISTER to Asterisk route[REGFWD] { if(!is_method("REGISTER")) { return; }
if($hdr(Expires)==$null) { reg_fetch_contacts("location", "$sel(contact.uri)", "caller");
$var(i) = 0; $var(j) = 0; while($var(i) < $(ulc(caller=>count))) { if($(ulc(caller=>expires)[$var(i)])!=10) { $var(j) = $var(j) + 1; }
$var(i) = $var(i) + 1; }
if($var(j)>=1) { return; } }
$var(rip) = $sel(cfg_get.asterisk.bindip); $uac_req(method)="REGISTER"; $uac_req(ruri)="sip:" + $var(rip) + ":" + $sel(cfg_get.asterisk.bindport); $uac_req(furi)="sip:" + $au + "@" + $var(rip); $uac_req(turi)="sip:" + $au + "@" + $var(rip); $uac_req(hdrs)="Contact: <sip:" + $au + "@" + $sel(cfg_get.kamailio.bindip) + ":" + $sel(cfg_get.kamailio.bindport) + ">\r\n"; if($sel(contact.expires) != $null) $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $sel(contact.expires) + "\r\n"; else $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $hdr(Expires) + "\r\n"; uac_req_send(); }
Thanks, Ryan
Hello,
first thing: do not reply to other emails from the mailing list, create a new one -- at the end of your message is a previous email from the list. It keeps the conversation clean, doesn't mess the email thread id and also makes it easier to understand what's all about (and less bandwidth) on mobile devices.
You would have to provide the sip packet (the invite) to understand what happens there. The support of TLS can be discovered via DNS lookup (NAPTR+SRV) or the transport can be enforced in the r-uri with transport=xyz parameter.
Cheers, Daniel
On 24/01/2017 20:01, Pranathi Venkatayogi wrote:
I am attaching all the information needed:
Here is invite sent by the customer - 10.11.200.21:58822 -(SIP over TLS)-> 10.0.16.52:5061 INVITE sip:spanish@translation.sms-test.cyracom.com SIP/2.0 Via: SIP/2.0/TLS 10.11.200.21:58822;rport;branch=z9hG4bKPj40846ca84d834aeb9d6ae838e7d01166;alias Max-Forwards: 70 From: "cust1" sip:cust1@devtranslation.sms-test.cyracom.com;tag=46715a1fbe9c4d06a04ecf7e48997955 To: sip:spanish@translation.sms-test.cyracom.com Contact: sip:64715890@10.11.200.21:58825;transport=tls Call-ID: a6a27f5f13a147ff82f48fde3789838e CSeq: 6098 INVITE Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: replaces, norefersub, gruu User-Agent: Blink 3.0.0 (Windows) Proxy-Authorization: Digest username="cust1", realm="devtranslation.sms-test.cyracom.com", nonce="WIfTSliH0h4rWzCg73Myws7fCOgYpwHyAg5IxIA=", uri="sip:spanish@translation.sms-test.cyracom.com", response="391c1e155da5949698501a379b9037a3" Content-Type: application/sdp Content-Length: 359 v=0 o=- 3694256158 3694256158 IN IP4 10.11.200.21 s=Blink 3.0.0 (Windows) t=0 0 m=message 2855 TCP/TLS/MSRP * c=IN IP4 10.11.200.21 a=path:msrps://192.168.1.110:2855/3dc0380f6ef30157c39c;tcp a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml a=setup:active
Here is the invite received by the agent. As we see transport=tls is set correctly. Question is why and who is inserting Via header to be UDP port 5060. 10.0.16.52 is proxy1’s IP address. Strange thing is proxy1 has TLS connection with proxy2 and still it is sending via UDP. 172.31.211.31:5061 -(SIP over TLS)-> 10.0.27.108:60894 INVITE sip:20745891@10.0.27.108:60896;transport=tls SIP/2.0 Via: SIP/2.0/TLS 63.149.103.72:5061;branch=z9hG4bKe337.4192b97c6a818407e5631f415c224e45.0 Via: SIP/2.0/UDP 10.0.16.52;rport=5060;branch=z9hG4bKe337.2c67958aee41eaa6f6d03652c89552c8.0;i=1 Via: SIP/2.0/TLS 10.11.200.21:59039;received=10.11.200.21;rport=59039;branch=z9hG4bKPj62fa0d97094946169f04a60aeb9aa215;alias Max-Forwards: 68 From: "cust1" sip:cust1@devtranslation.sms-test.cyracom.com;tag=7bbc8a1c90e94d96b3360223ce815d50 To: sip:spanish@translation.sms-test.cyracom.com Contact: sip:64715890@10.11.200.21:59045;transport=tls Record-Route: sip:63.149.103.72:5060;transport=tls;lr;nat=yes Record-Route: sip:10.0.16.52:5061;transport=tls;lr;nat=yes Call-ID: f1f4cb291ee44c11b3eda6c6801c1d22 CSeq: 28943 INVITE Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: replaces, norefersub, gruu User-Agent: Blink 3.0.0 (Windows) Content-Type: application/sdp Content-Length: 359 v=0 o=- 3694259050 3694259050 IN IP4 10.11.200.21 s=Blink 3.0.0 (Windows) t=0 0 m=message 2855 TCP/TLS/MSRP * c=IN IP4 10.11.200.21 a=path:msrps://192.168.1.110:2855/3fe6e776d38e70ffc529;tcp a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml a=setup:active
Attached is the nslookup output of the proxy2 domain. [cid:image001.jpg@01D276E4.807FB5C0]
From: sr-users [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Daniel-Constantin Mierla Sent: Wednesday, January 25, 2017 12:17 AM To: Kamailio (SER) - Users Mailing List sr-users@lists.sip-router.org Subject: Re: [SR-Users] How does Kamailio decide which protocol to use when fwding to another proxy?
Hello,
first thing: do not reply to other emails from the mailing list, create a new one -- at the end of your message is a previous email from the list. It keeps the conversation clean, doesn't mess the email thread id and also makes it easier to understand what's all about (and less bandwidth) on mobile devices.
You would have to provide the sip packet (the invite) to understand what happens there. The support of TLS can be discovered via DNS lookup (NAPTR+SRV) or the transport can be enforced in the r-uri with transport=xyz parameter.
Cheers, Daniel
On 24/01/2017 20:01, Pranathi Venkatayogi wrote: Hi, I have two instances of Kamailio acting as edge proxies. One on the customer side and one on the agent side. Like: customer -> proxy1 -> proxy2 -> agent. Both customer and agent are registered to proxy1/proxy2 via TLS.
However when proxy1 forwards to proxy2, it is using UDP. How can I force it to use TLS? Attached is the result of nslookup on the domain: translation.sms-test.cyracom.com.
--
Daniel-Constantin Mierla
www.twitter.com/micondahttp://www.twitter.com/miconda -- www.linkedin.com/in/micondahttp://www.linkedin.com/in/miconda
Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - www.asipto.comhttp://www.asipto.com
Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.comhttp://www.kamailioworld.com
By setting $du, I was able to force proxy1 to use TLS instead of UDP.
$du = "sip:ip:port;transport=tls"sip:ip:port;transport=tls; t_relay();
Thanks Daniel for your input.
From: Pranathi Venkatayogi Sent: Wednesday, January 25, 2017 8:25 AM To: 'miconda@gmail.com' miconda@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org Subject: RE: [SR-Users] How does Kamailio decide which protocol to use when fwding to another proxy?
I am attaching all the information needed:
Here is invite sent by the customer - 10.11.200.21:58822 -(SIP over TLS)-> 10.0.16.52:5061 INVITE sip:spanish@translation.sms-test.cyracom.com SIP/2.0 Via: SIP/2.0/TLS 10.11.200.21:58822;rport;branch=z9hG4bKPj40846ca84d834aeb9d6ae838e7d01166;alias Max-Forwards: 70 From: "cust1" sip:cust1@devtranslation.sms-test.cyracom.com;tag=46715a1fbe9c4d06a04ecf7e48997955 To: sip:spanish@translation.sms-test.cyracom.com Contact: sip:64715890@10.11.200.21:58825;transport=tls Call-ID: a6a27f5f13a147ff82f48fde3789838e CSeq: 6098 INVITE Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: replaces, norefersub, gruu User-Agent: Blink 3.0.0 (Windows) Proxy-Authorization: Digest username="cust1", realm="devtranslation.sms-test.cyracom.com", nonce="WIfTSliH0h4rWzCg73Myws7fCOgYpwHyAg5IxIA=", uri="sip:spanish@translation.sms-test.cyracom.com", response="391c1e155da5949698501a379b9037a3" Content-Type: application/sdp Content-Length: 359 v=0 o=- 3694256158 3694256158 IN IP4 10.11.200.21 s=Blink 3.0.0 (Windows) t=0 0 m=message 2855 TCP/TLS/MSRP * c=IN IP4 10.11.200.21 a=path:msrps://192.168.1.110:2855/3dc0380f6ef30157c39c;tcp a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml a=setup:active
Here is the invite received by the agent. As we see transport=tls is set correctly. Question is why and who is inserting Via header to be UDP port 5060. 10.0.16.52 is proxy1’s IP address. Strange thing is proxy1 has TLS connection with proxy2 and still it is sending via UDP. 172.31.211.31:5061 -(SIP over TLS)-> 10.0.27.108:60894 INVITE sip:20745891@10.0.27.108:60896;transport=tls SIP/2.0 Via: SIP/2.0/TLS 63.149.103.72:5061;branch=z9hG4bKe337.4192b97c6a818407e5631f415c224e45.0 Via: SIP/2.0/UDP 10.0.16.52;rport=5060;branch=z9hG4bKe337.2c67958aee41eaa6f6d03652c89552c8.0;i=1 Via: SIP/2.0/TLS 10.11.200.21:59039;received=10.11.200.21;rport=59039;branch=z9hG4bKPj62fa0d97094946169f04a60aeb9aa215;alias Max-Forwards: 68 From: "cust1" sip:cust1@devtranslation.sms-test.cyracom.com;tag=7bbc8a1c90e94d96b3360223ce815d50 To: sip:spanish@translation.sms-test.cyracom.com Contact: sip:64715890@10.11.200.21:59045;transport=tls Record-Route: sip:63.149.103.72:5060;transport=tls;lr;nat=yes Record-Route: sip:10.0.16.52:5061;transport=tls;lr;nat=yes Call-ID: f1f4cb291ee44c11b3eda6c6801c1d22 CSeq: 28943 INVITE Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: replaces, norefersub, gruu User-Agent: Blink 3.0.0 (Windows) Content-Type: application/sdp Content-Length: 359 v=0 o=- 3694259050 3694259050 IN IP4 10.11.200.21 s=Blink 3.0.0 (Windows) t=0 0 m=message 2855 TCP/TLS/MSRP * c=IN IP4 10.11.200.21 a=path:msrps://192.168.1.110:2855/3fe6e776d38e70ffc529;tcp a=accept-types:message/cpim text/* image/* application/im-iscomposing+xml a=accept-wrapped-types:text/* image/* application/im-iscomposing+xml a=setup:active
Attached is the nslookup output of the proxy2 domain. [cid:image002.jpg@01D27714.A43CB960]
From: sr-users [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Daniel-Constantin Mierla Sent: Wednesday, January 25, 2017 12:17 AM To: Kamailio (SER) - Users Mailing List <sr-users@lists.sip-router.orgmailto:sr-users@lists.sip-router.org> Subject: Re: [SR-Users] How does Kamailio decide which protocol to use when fwding to another proxy?
Hello,
first thing: do not reply to other emails from the mailing list, create a new one -- at the end of your message is a previous email from the list. It keeps the conversation clean, doesn't mess the email thread id and also makes it easier to understand what's all about (and less bandwidth) on mobile devices.
You would have to provide the sip packet (the invite) to understand what happens there. The support of TLS can be discovered via DNS lookup (NAPTR+SRV) or the transport can be enforced in the r-uri with transport=xyz parameter.
Cheers, Daniel
On 24/01/2017 20:01, Pranathi Venkatayogi wrote: Hi, I have two instances of Kamailio acting as edge proxies. One on the customer side and one on the agent side. Like: customer -> proxy1 -> proxy2 -> agent. Both customer and agent are registered to proxy1/proxy2 via TLS.
However when proxy1 forwards to proxy2, it is using UDP. How can I force it to use TLS? Attached is the result of nslookup on the domain: translation.sms-test.cyracom.com.
--
Daniel-Constantin Mierla
www.twitter.com/micondahttp://www.twitter.com/miconda -- www.linkedin.com/in/micondahttp://www.linkedin.com/in/miconda
Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - www.asipto.comhttp://www.asipto.com
Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.comhttp://www.kamailioworld.com
-
Daniel-Constantin Mierla -
Pranathi Venkatayogi