[SR-Users] Routing Problems

Andreas Rehbein rehbein at e-technik.org
Mon Feb 8 09:56:31 CET 2010


Hi Klaus!

Your hint to use add_contact_alias and handle_ruri_alias to fix the contact
solved the problem!

Thank you very much! again!

regards 
Andreas

-----Ursprüngliche Nachricht-----
Von: Klaus Darilion [mailto:klaus.mailinglists at pernau.at] 
Gesendet: Donnerstag, 4. Februar 2010 16:19
An: Andreas Rehbein
Cc: sr-users at lists.sip-router.org
Betreff: Re: [SR-Users] Routing Problems

Hi Andreas!

Not sure, but I think the RURI might be incorrect. Some theory:

The proxy can only forward if there is an established TLS connection to 
the client, and the address information in the RURI is correct.

Consider a scenario where the UA (which is supposed to receive the BYE) 
is behind a NAT router having the local ip:port 1.1.1.1:11111. When this 
client opens a TCP/TLS connection to the SecurityGateway, the proxy will 
see the request coming from the public ip and another port, e.g. 
2.2.2.2:22222.

Thus, for the proxy to be able to send the BYE to this UA, the RURI of 
the BYE request must contain the hostpart 2.2.2.2:22222 (as this is the 
address the proxy has an open TCP connection to).

Usually, even if the UA is not behind NAT, the Contact provided by the 
UA is not correct and must be fixed by the proxy. Thus, for SIP messages 
coming from the UA you should call the function  add_contact_alias(), 
and for messages sent to the UA you should call the function 
handle_ruri_alias() to fix the contact.

See examples in the README. 
http://www.kamailio.org/docs/modules/3.0.x/modules_k/nathelper.html#id251306
2

regards
klaus

PS: If possible, ngrep traces are preferred (but unfortunately not part 
of RHEL):
   ngrep -t -q -P "" -W byline port 5060 or 5061



Am 04.02.2010 15:18, schrieb Andreas Rehbein:
> Hello,
>
> we use Kamailio 3.0 on a Red Hat EL5.4 system with openssl 0.9.8e (the
> current Red Hat OpenSSL version). We want to use Kamailio 3.0 in front
> of our Call Server (OpenSER 1.3.2) as a security gateway. So the Call
> Server should only deal tcp, while the Security Gateway terminates the
> TLS Data which he receives from the User Agents but forwards the
> SIP-Messages via TCP to the Call Server.
>
> UA ---SIP_over_TLS---> Security Gateway (Kam3.0) ---SIP_over_TCP--->
> Call Server (OpenSER1.3.2)
>
> UA<---SIP_over_TLS--- Security Gateway (Kam3.0) <---SIP_over_TCP--- Call
> Server (OpenSER1.3.2)
>
> Nearly everything works fine in this scenario: User Agents are able to
> register and when they are sending INVITES the callee receives it.
>
> The problem we have right now is: if Kamailio 3.0 receives BYE we get
> „477 Unfortunatly error on sending to next hop occured“. It seems that
> the messages are ok...
>
> I attached a text file with the BYE message and the errors.
>
> Explanation for the text file:
>
> * UA1: 192.168.0.126
>
> * UA2: 192.168.0.176
>
> *Security Gateway (Kam3.0): 192.168.0.89
>
> *Call Server (OpenSER1.3.2): 192.168.0.106
>
> Do you have any suggestions?
>
> Thank you very much in advance!
>
> Regards
>
> Andreas
>
>
>
>
> _______________________________________________
> sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users





More information about the sr-users mailing list