[SR-Users] tls nat

hiro 23hiro at gmail.com
Sun Sep 8 23:00:57 CEST 2013 

Ok, I compiled the latest rtpproxy.so, the problem persists: the
interesting facts are: the callee only answers with sdp port once, in
the session progress message. the 200 ok does not have sdp body, but
kamailio inserts sdp into it.

With the new rtpproxy.so kamailio responds to the session progress by
sending a prack to the callee itself followed by a 200 ok to the
caller that includes sdp but has CSeq: 893961 PRACK which never got
requested by the caller though.

On 9/4/13, hiro <23hiro at gmail.com> wrote:
> For this installation I used the .deb from http://deb.kamailio.org/kamailio
> Sorry I forgot to include this critical information.
> Is 4.0.3 new enough? Else I can also compile tip, or head or whatever
> it's called ;)
>
>  kamailio -V
> version: kamailio 4.0.3 (x86_64/linux)
> flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, TLS_HOOKS,
> USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM,
> SHM_MMAP, PKG_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT,
> USE_DNS_CACHE, USE_DNS_FAILOVER,
>  USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
>
>
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
> MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 4MB
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
> id: unknown
> compiled on 17:01:35 Aug 19 2013 with gcc 4.7.2
>
>
> On 9/4/13, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
>> Hello,
>>
>> On 8/29/13 10:22 PM, hiro wrote:
>>> After many failures because of broken libraries I managed to decrypt
>>> my problematic TLS sessions providing the private key of kamailio to
>>> wireshark.
>>>
>>> With TLS+SRTP enabled my nokia phones send session progress and pracks
>>> with rtp port. This breaks NAT/rtpproxy in kamailio, which replaces
>>> the rtpproxy port in session progress, but then forgets about it for
>>> the 200 OK.
>>>
>>> Attached is a tree overview and the conversations of each phone with
>>> kamailio.
>> can you try with latest branch 4.0? The issue was probably due to
>> rtpproxy_manage() function not taking in consideration PRACKs with sdp.
>> Alternative is to use rtpproxy_offer()/rtpproxy_answer() to control
>> rtpproxy application.
>>
>> Cheers,
>> Daniel
>>
>> --
>> Daniel-Constantin Mierla - http://www.asipto.com
>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Kamailio Advanced Trainings - Berlin, Oct 21-24; Miami, Nov 11-13, 2013
>>    - more details about Kamailio trainings at http://www.asipto.com -
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>

More information about the sr-users mailing list