[Kamailio-Users] Problem with secure TLS call

Hemanshu Patel hemanshu.patel at saicare.com
Tue Mar 23 06:08:58 CET 2010


lolzzzz

till now i just tried Registration with TLS, today after this mail i
started testing INVITE and i also came across the same problem

let me explain my case. I have got two grandstream gvx3140 connected to
kamailio via TLS. via UDP i have successfully tested calls between each
other.
Now when i try to call 1000 from 1001, it gives me 404 error message.
Kamailio fails to send Invite message to user 1000. Is it possible that
kamailio is trying to forward INVITE packet to Contact Address rather then
the TCP connected which is already established between kamailio and
grandstream device.


I am attaching the log file.

few things are like:

Mar 23 10:33:43 [2335] DBG:core:tcp_send: after write: c= 0x7f35bdfad988
n=-1 fd=9
Mar 23 10:33:43 [2341] DBG:core:io_watch_del: io_watch_del (0x74efe0, 19,
-1, 0x10) fd_no=2 called
Mar 23 10:33:43 [2335] DBG:core:tcp_send: buf=
INVITE sip:1000 at 172.16.17.81:15099;transport=tls;user=phone SIP/2.0
Record-Route: <sip:172.16.16.218:5091;transport=tls;r2=on;lr=on>
Record-Route: <sip:172.16.16.218:5090;r2=on;lr=on>
Via: SIP/2.0/TLS 172.16.16.218:5091;branch=z9hG4bK00843d58
Via: SIP/2.0/UDP
172.16.16.218:5070;received=172.16.16.218;branch=z9hG4bK00843d58;rport=5070
From: "1001" <sip:1001 at 172.16.16.218:5070>;tag=as60af855f
To: <sip:1000 at 172.16.16.218:5090>
Contact: <sip:1001 at 172.16.16.218:5070>
Call-ID: 15b634d06c6e5d2d63b71fe123c3c640 at 172.16.16.218
CSeq: 102 INVITE
User-Agent: PANTHER-SC
Max-Forwards: 69
Date: Tue, 23 Mar 2010 05:03:43 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Content-Type: application/sdp
Content-Length: 580

v=0
o=root 2126 2126 IN IP4 172.16.16.218
s=session
c=IN IP4 172.16.16.218
t=0 0
m=audio 11262 RTP/SAVP 0 18 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
a=ptime:20
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:2FXsAoBFaNzqIwXcyo8EwI81slJDnNpoA6+PkJFY
a=sendrecv
m=video 17638 RTP/SAVP 99
a=rtpmap:99 H264/90000
a=fmtp:99 profile-level-id=42800d
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:WNjW7f5hxaItleUZMNPv/Ni1ZNQ7A9i4AUhHBBxI
a=sendrecv

Mar 23 10:33:43 [2341] DBG:core:release_tcpconn:  releasing con
0x7f35bdfad988, state -2, fd=19, id=41
Mar 23 10:33:43 [2335] ERROR:core:tcp_send: failed to send
Mar 23 10:33:43 [2341] DBG:core:release_tcpconn:  extra_data 0x7f35bdf5d490
Mar 23 10:33:43 [2335] ERROR:core:msg_send: tcp_send failed
Mar 23 10:33:43 [2344] DBG:core:handle_ser_child: read response=
7f35bdfad988, -2, fd -1 from 2 (2335)
Mar 23 10:33:43 [2344] DBG:core:tcpconn_destroy: delaying (0x7f35bdfad988,
flags 0002) ...
Mar 23 10:33:43 [2335] DBG:sl:sl_reply_error: error text is Send failed
(477/SL)
Mar 23 10:33:43 [2344] DBG:core:handle_tcp_child: reader response=
7f35bdfad988, -2 from 1
Mar 23 10:33:43 [2344] DBG:core:tcpconn_destroy: destroying connection
0x7f35bdfad988, flags 0002
Mar 23 10:33:43 [2344] DBG:core:tls_close: closing SSL connection
Mar 23 10:33:43 [2335] DBG:core:parse_headers: flags=ffffffffffffffff
Mar 23 10:33:43 [2335] DBG:core:get_hdr_field: found end of header
Mar 23 10:33:43 [2344] DBG:core:tls_update_fd: New fd is 24
Mar 23 10:33:43 [2344] DBG:core:tls_shutdown: shutdown successful
Mar 23 10:33:43 [2335] DBG:core:check_via_address: params 172.



check where it says tcp_send failed.

i have configure tls section in my kamailio like below:

disable_tls = no
listen = tls:172.16.16.218:5091
tls_verify_server = 1
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate =
"/data/hemanshu/install/kama/etc/kamailio/tls/user/user-cert.pem"
tls_private_key =
"/data/hemanshu/install/kama/etc/kamailio/tls/user/user-privkey.pem"
tls_ca_list     =
"/data/hemanshu/install/kama/etc/kamailio/tls/user/user-calist.pem"


Please let me know if i am making any mistake in configuration or anything
else?

-- 
Regards,

Hemanshu Patel

M: 09601295238

> Hi,
>
> I am using
>
> kamailio 3.0.1 (x86_64/linux) 0822a9
> flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, TLS_HOOKS, DISABLE_NAGLE,
> USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC,
> USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER,
> USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
> MAX_URI_SIZE 1024, BUF_SIZE 65535
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>
> and I am using the client "PhonerLite" (http://www.phonerlite.de).
>
> The phone is registered on my server with TLS.
>
> If I call someone or myself I get an error message. What is wrong with my
> server? (TLS calls with PhonerLite with the provider antisip.com are
> possible without problems!)
>
> With UDP calling myself I get "486:Busy Here" on the phone, this is OK and
> normal.
> With TLS I get "477:Unfortunately error on sending to next hop
> occurred(477/SL)" on the phone and some ERROR messages like the following
> on the kamailio.log (you can see the rest of the log in the attached zip):
>
> Mar 21 20:24:00 vs208140 /usr/local/sbin/kamailio[20013]: DEBUG: <core>
> [msg_translator.c:200]: check_via_address(95.90.205.74, 95.90.205.74, 0)
> Mar 21 20:24:00 vs208140 /usr/local/sbin/kamailio[20013]: DEBUG: <core>
> [tcp_main.c:1786]: tcp_send: no open tcp connection found, opening new one
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: <core>
> [tcp_main.c:618]: connect 95.90.205.74:5061 failed (timeout)
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: <core>
> [tcp_main.c:621]: ERROR: tcp_blocking_connect 95.90.205.74:5061: timeout
> 10 s elapsed from 10 s
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: <core>
> [tcp_main.c:1168]: ERROR: tcp_do_connect: tcp_blocking_connect
> 95.90.205.74:5061 failed
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: <core>
> [tcp_main.c:1237]: ERROR: tcp_do_connect 95.90.205.74:5061: failed (115)
> Operation now in progress
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: <core>
> [tcp_main.c:1955]: ERROR: tcp_send 95.90.205.74:5061: connect failed
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: tm
> [../../forward.h:191]: msg_send: ERROR: tcp_send failed
>
> The kamailio.cfg file is also in the zip attached.
> The PC is connected with the router (I opened the TCP ports 5060-5062)
> that is connected to the Internet. The problem also happens if I disable
> the firewall of the server and of the PC.
>
> Can someone give me help?
>
> Thanks in advance!
>
> Regards
>
> Detlef Pilzecker_______________________________________________
> Kamailio (OpenSER) - Users mailing list
> Users at lists.kamailio.org
> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: kamailio-tls-error-log.txt
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20100323/14593f0c/attachment.txt>


More information about the sr-users mailing list