[SR-Users] Routing Problems
Andreas Rehbein
rehbein at e-technik.org
Mon Feb 8 09:56:31 CET 2010
Hi Klaus!
Your hint to use add_contact_alias and handle_ruri_alias to fix the contact
solved the problem!
Thank you very much! again!
regards
Andreas
-----Ursprüngliche Nachricht-----
Von: Klaus Darilion [mailto:klaus.mailinglists at pernau.at]
Gesendet: Donnerstag, 4. Februar 2010 16:19
An: Andreas Rehbein
Cc: sr-users at lists.sip-router.org
Betreff: Re: [SR-Users] Routing Problems
Hi Andreas!
Not sure, but I think the RURI might be incorrect. Some theory:
The proxy can only forward if there is an established TLS connection to
the client, and the address information in the RURI is correct.
Consider a scenario where the UA (which is supposed to receive the BYE)
is behind a NAT router having the local ip:port 1.1.1.1:11111. When this
client opens a TCP/TLS connection to the SecurityGateway, the proxy will
see the request coming from the public ip and another port, e.g.
2.2.2.2:22222.
Thus, for the proxy to be able to send the BYE to this UA, the RURI of
the BYE request must contain the hostpart 2.2.2.2:22222 (as this is the
address the proxy has an open TCP connection to).
Usually, even if the UA is not behind NAT, the Contact provided by the
UA is not correct and must be fixed by the proxy. Thus, for SIP messages
coming from the UA you should call the function add_contact_alias(),
and for messages sent to the UA you should call the function
handle_ruri_alias() to fix the contact.
See examples in the README.
http://www.kamailio.org/docs/modules/3.0.x/modules_k/nathelper.html#id251306
2
regards
klaus
PS: If possible, ngrep traces are preferred (but unfortunately not part
of RHEL):
ngrep -t -q -P "" -W byline port 5060 or 5061
Am 04.02.2010 15:18, schrieb Andreas Rehbein:
> Hello,
>
> we use Kamailio 3.0 on a Red Hat EL5.4 system with openssl 0.9.8e (the
> current Red Hat OpenSSL version). We want to use Kamailio 3.0 in front
> of our Call Server (OpenSER 1.3.2) as a security gateway. So the Call
> Server should only deal tcp, while the Security Gateway terminates the
> TLS Data which he receives from the User Agents but forwards the
> SIP-Messages via TCP to the Call Server.
>
> UA ---SIP_over_TLS---> Security Gateway (Kam3.0) ---SIP_over_TCP--->
> Call Server (OpenSER1.3.2)
>
> UA<---SIP_over_TLS--- Security Gateway (Kam3.0) <---SIP_over_TCP--- Call
> Server (OpenSER1.3.2)
>
> Nearly everything works fine in this scenario: User Agents are able to
> register and when they are sending INVITES the callee receives it.
>
> The problem we have right now is: if Kamailio 3.0 receives BYE we get
> 477 Unfortunatly error on sending to next hop occured. It seems that
> the messages are ok...
>
> I attached a text file with the BYE message and the errors.
>
> Explanation for the text file:
>
> * UA1: 192.168.0.126
>
> * UA2: 192.168.0.176
>
> *Security Gateway (Kam3.0): 192.168.0.89
>
> *Call Server (OpenSER1.3.2): 192.168.0.106
>
> Do you have any suggestions?
>
> Thank you very much in advance!
>
> Regards
>
> Andreas
>
>
>
>
> _______________________________________________
> sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
More information about the sr-users
mailing list