[SR-Users] Kamailio as Websocket bridge to Asterisk, and Asterisk-sent OPTIONS
Paul Belanger
paul.belanger at polybeacon.com
Sat Aug 30 00:29:38 CEST 2014
On Fri, Aug 29, 2014 at 5:08 PM, Alex Villacís Lasso
<a_villacis at palosanto.com> wrote:
> El 29/08/14 14:44, Paul Belanger escribió:
>
>> On Fri, Aug 29, 2014 at 11:55 AM, Alex Villacís Lasso
>> <a_villacis at palosanto.com> wrote:
>>>
>>> El 28/08/14 19:09, Paul Belanger escribió:
>>>
>>>> On Thu, Aug 28, 2014 at 7:18 PM, Alex Villacís Lasso
>>>> <a_villacis at palosanto.com> wrote:
>>>>>
>>>>> As a continuation of my project, I am trying to set up Kamailio as a
>>>>> Websocket bridge to Asterisk. The asterisk instance is running as
>>>>> localhost,
>>>>> with its own websocket support disabled, but otherwise has accounts
>>>>> with
>>>>> all
>>>>> of the avfp and dtls settings for websockets. Additionally, I have
>>>>> removed
>>>>> the bindaddr=127.0.0.1 from sip.conf and instead put a
>>>>> deny=0.0.0.0/0.0.0.0
>>>>> and permit=127.0.0.1/255.255.255.0 in order to restrict SIP signaling
>>>>> to
>>>>> localhost. This allows asterisk to bypass rtpproxy when signaling
>>>>> through
>>>>> a
>>>>> websocket. I have already established calls originating from the
>>>>> browser.
>>>>> However, I have an issue with the registration.
>>>>>
>>>> Just in passing, why did you remove bindaddr=127.0.0.1?
>>>
>>> If I keep the bindaddr, then asterisk fails to send the DTLS-SRTP
>>> handshake
>>> packets, resulting in no audio. Apparently rtpproxy does not route this.
>>>
>> FWIW: I added a new setting into chan_sip, rptbindaddr[1], which
>> allows you to no control the interface RTP binds too. Not sure if
>> that helps in your setup or not.
>>
>>>>> In my setup, Kamailio receives the REGISTER from whatever source, and
>>>>> forwards this through UDP to Asterisk, after the multiple-domain
>>>>> transformation. Therefore, Asterisk sees the following in its SIP port
>>>>> (all
>>>>> traffic through localhost):
>>>>>
>>>>> REGISTER sip:pbx.villacis.com SIP/2.0
>>>>> Via: SIP/2.0/UDP
>>>>> 127.0.0.1;branch=z9hG4bKc1c5.cb49f656197d0ba16f2a1661dd6a44cc.0
>>>>> Via: SIP/2.0/WSS
>>>>>
>>>>>
>>>>> r01r0mla9hdp.invalid;rport=47307;received=192.168.3.2;branch=z9hG4bK9309681
>>>>> Max-Forwards: 69
>>>>> To: <sip:avillacisIM_pbx.villacis.com at 127.0.0.1:5080>
>>>>> From: "Alex Villac..s"
>>>>> <sip:avillacisIM_pbx.villacis.com at 127.0.0.1:5080>;tag=b5c0lq4kac
>>>>> Call-ID: vp2akar0aqfmgfa6m1taau
>>>>> CSeq: 82 REGISTER
>>>>> Contact:
>>>>>
>>>>>
>>>>> <sip:fnuql6ft at 192.168.3.2:47307;transport=ws>;reg-id=1;+sip.instance="<urn:uuid:6b0c58ee-bdc5-47c0-aff0-963132dc0cad>";expires=600
>>>>> Allow: ACK,CANCEL,BYE,OPTIONS,INFO,NOTIFY,INVITE,MESSAGE
>>>>> Supported: path,gruu,outbound
>>>>> User-Agent: SIP.js/0.6.2
>>>>> Content-Length: 0
>>>>>
>>>>> Asterisk answers this through UDP, and Kamailio forwards it through the
>>>>> websocket:
>>>>>
>>>>> SIP/2.0 200 OK
>>>>> Via: SIP/2.0/UDP
>>>>>
>>>>>
>>>>> 127.0.0.1;branch=z9hG4bKc1c5.cb49f656197d0ba16f2a1661dd6a44cc.0;received=127.0.0.1;rport=5060
>>>>> Via: SIP/2.0/WSS
>>>>>
>>>>>
>>>>> r01r0mla9hdp.invalid;rport=47307;received=192.168.3.2;branch=z9hG4bK9309681
>>>>> From: "Alex Villac..s"
>>>>> <sip:avillacisIM_pbx.villacis.com at 127.0.0.1:5080>;tag=b5c0lq4kac
>>>>> To: <sip:avillacisIM_pbx.villacis.com at 127.0.0.1:5080>;tag=as5ae2df76
>>>>> Call-ID: vp2akar0aqfmgfa6m1taau
>>>>> CSeq: 82 REGISTER
>>>>> Server: Asterisk PBX 11.12.0
>>>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
>>>>> INFO,
>>>>> PUBLISH, MESSAGE
>>>>> Supported: replaces, timer
>>>>> Expires: 600
>>>>> Contact: <sip:fnuql6ft at 192.168.3.2:47307;transport=ws>;expires=600
>>>>> Date: Thu, 28 Aug 2014 22:21:15 GMT
>>>>> Content-Length: 0
>>>>>
>>>>> Then Asterisk sends this through UDP, and Kamailio again forwards it
>>>>> through
>>>>> the websocket:
>>>>>
>>>>> NOTIFY sip:fnuql6ft at 192.168.3.2:47307;transport=ws SIP/2.0
>>>>> Via: SIP/2.0/UDP 127.0.0.1:5080;branch=z9hG4bK4d60f167;rport
>>>>> Max-Forwards: 70
>>>>> From: "asterisk" <sip:asterisk at 127.0.0.1:5080>;tag=as43c12840
>>>>> To: <sip:fnuql6ft at 192.168.3.2:47307;transport=ws>
>>>>> Contact: <sip:asterisk at 127.0.0.1:5080>
>>>>> Call-ID: 04deeb0068a847fa514d748c7d9993c5 at 127.0.0.1:5080
>>>>> CSeq: 102 NOTIFY
>>>>> User-Agent: Asterisk PBX 11.12.0
>>>>> Event: message-summary
>>>>> Content-Type: application/simple-message-summary
>>>>> Content-Length: 89
>>>>>
>>>>> Messages-Waiting: no
>>>>> Message-Account: sip:*97 at 127.0.0.1:5080
>>>>> Voice-Message: 0/0 (0/0)
>>>>>
>>>>> Since I have not implemented handling of voicemail indications, the
>>>>> browser
>>>>> answers this:
>>>>>
>>>>> SIP/2.0 405 Method Not Allowed
>>>>> Via: SIP/2.0/UDP 127.0.0.1:5080;branch=z9hG4bK4d60f167;rport=5080
>>>>> To: <sip:fnuql6ft at 192.168.3.2:47307;transport=ws>;tag=ggu5etber9
>>>>> From: "asterisk" <sip:asterisk at 127.0.0.1:5080>;tag=as43c12840
>>>>> Call-ID: 04deeb0068a847fa514d748c7d9993c5 at 127.0.0.1:5080
>>>>> CSeq: 102 NOTIFY
>>>>> Supported: outbound
>>>>> Content-Length: 0
>>>>>
>>>>>
>>>>> After that, Asterisk wants to send an OPTIONS packet. From the point of
>>>>> view
>>>>> of Asterisk (sip set debug on), it is already sent, but never gets a
>>>>> response. However, tcpdump shows that the packet is never sent through
>>>>> the
>>>>> localhost interface in the first place. It is also not sent through any
>>>>> other interface. My guess is that since the REGISTER has a contact with
>>>>> transport=ws , Asterisk wants to send this through a websocket (which
>>>>> is
>>>>> disabled). So I could have to generate a contact without transport=ws .
>>>>>
>>>>> I have worked around this by setting qualify=no in the account for the
>>>>> websocket, but I would like a better solution, one that allows the
>>>>> OPTIONS
>>>>> packet to reach the browser, and to get the response. What is the
>>>>> proper
>>>>> way
>>>>> to deal with this?
>>>>>
>>>> What does the OPTIONS message in asterisk look like?
>>>>
>>> elx3*CLI> sip qualify peer avillacisIM_pbx.villacis.com
>>> Reliably Transmitting (NAT) to 127.0.0.1:5060:
>>> OPTIONS sip:68on862t at 192.168.3.2:58927;transport=ws SIP/2.0
>>> Via: SIP/2.0/WS 127.0.0.1:5080;branch=z9hG4bK2b267794;rport
>>> Max-Forwards: 70
>>> From: "asterisk" <sip:asterisk at 127.0.0.1:5080>;tag=as1a2c3be2
>>> To: <sip:68on862t at 192.168.3.2:58927;transport=ws>
>>> Contact: <sip:asterisk at 127.0.0.1:5080;transport=WS>
>>> Call-ID: 7cbd63985b293b0150740e5a19143451 at 127.0.0.1:5080
>>> CSeq: 102 OPTIONS
>>> User-Agent: Asterisk PBX 11.12.0
>>> Date: Fri, 29 Aug 2014 15:54:10 GMT
>>>
>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
>>> PUBLISH, MESSAGE
>>> Supported: replaces, timer
>>> Content-Length: 0
>>>
>> Ya, your via address is over the WS. What does your peer settings look
>> like for avillacisIM_pbx.villacis.com ?
>>
>> [1] http://svnview.digium.com/svn/asterisk?view=revision&revision=422241
>>
> mysql> select * from sip where name = 'avillacisIM_pbx.villacis.com';
> +----+------------------------------+--------------------------------+-------------+-----------------+-----------------+------+--------+-----------+--------------+------------+---------+---------------------+--------+-------------+----------+-----------+-------------+----------------+------------------+----------------------+-------------+-------------------+----------------+-------------+-----------+----------+----------+------------+----------+----------+----------+------------------------------+---------+----------+------------+----------------+--------+----------+---------------+-----------------------------------------------+-----------+------+----------+-------------+----------------------------------+-----------+----------+----------------+--------------+---------------+-------------+-----------+--------------+----------------+---------------+--------+--------------+------------+-----------+--------------+----------------+-------------------+----------------+-----------------+---------------+-------------------+---------------+-------------------+---------+--------+-------------+--------------+---------------+-------------+------------+-------------+-------------+-----------+----------+------+----------+-----------+------------+--------------+------------+------------+--------------+--------------+---------+--------------+-----------------+------------------+-------------------------+----------+-----------+--------------------+---------------------+---------------------------+----------------+--------------+----------+------+------------+------------+-------------------------------------------+---------------------------------------------+-----------+-----------+------------+------------+
> | id | name | context | callingpres | deny
> | permit | acl | secret | md5secret | remotesecret | transport |
> host | nat | type | accountcode | amaflags | callgroup
> | pickupgroup | namedcallgroup | namedpickupgroup | callerid |
> directmedia | directmediapermit | directmediaacl | description | defaultip |
> dtmfmode | fromuser | fromdomain | insecure | language | tonezone | mailbox
> | qualify | regexten | rtptimeout | rtpholdtimeout | setvar | disallow |
> allow | fullcontact | ipaddr |
> port | username | defaultuser | dial | trustrpid
> | sendrpid | progressinband | promiscredir | useclientcode | callcounter |
> busylevel | allowoverlap | allowsubscribe | allowtransfer | lastms |
> useragent | regseconds | regserver | videosupport | maxcallbitrate |
> rfc2833compensate | session-timers | session-expires | session-minse |
> session-refresher | outboundproxy | callbackextension | timert1 | timerb |
> qualifyfreq | constantssrc | contactpermit | contactdeny | contactacl |
> usereqphone | textsupport | faxdetect | buggymwi | auth | fullname |
> trunkname | cid_number | mohinterpret | mohsuggest | parkinglot |
> hasvoicemail | subscribemwi | vmexten | rtpkeepalive | g726nonstandard |
> ignoresdpversion | subscribecontext | template | keepalive |
> t38pt_usertpsource | organization_domain | outofcall_message_context |
> sippasswd | kamailioname | mwi_from | avpf | dtlsenable | dtlsverify |
> dtlscertfile | dtlsprivatekey
> | dtlssetup | force_avp | icesupport | encryption |
> +----+------------------------------+--------------------------------+-------------+-----------------+-----------------+------+--------+-----------+--------------+------------+---------+---------------------+--------+-------------+----------+-----------+-------------+----------------+------------------+----------------------+-------------+-------------------+----------------+-------------+-----------+----------+----------+------------+----------+----------+----------+------------------------------+---------+----------+------------+----------------+--------+----------+---------------+-----------------------------------------------+-----------+------+----------+-------------+----------------------------------+-----------+----------+----------------+--------------+---------------+-------------+-----------+--------------+----------------+---------------+--------+--------------+------------+-----------+--------------+----------------+-------------------+----------------+-----------------+---------------+-------------------+---------------+-------------------+---------+--------+-------------+--------------+---------------+-------------+------------+-------------+-------------+-----------+----------+------+----------+-----------+------------+--------------+------------+------------+--------------+--------------+---------+--------------+-----------------+------------------+-------------------------+----------+-----------+--------------------+---------------------+---------------------------+----------------+--------------+----------+------+------------+------------+-------------------------------------------+---------------------------------------------+-----------+-----------+------------+------------+
> | 12 | avillacisIM_pbx.villacis.com | pbx.villacis.com-from-internal | NULL
> | 0.0.0.0/0.0.0.0 | 0.0.0.0/0.0.0.0 | NULL | NULL | NULL | NULL
> | ws,wss,udp | dynamic | force_rport,comedia | friend | NULL | NULL
This is your issue, you are allowing ws and wss as the transport.
Because you are forwarding calls over UDP, that is the only protocol
you should be allowing.
> | NULL | NULL | NULL | NULL | device
> <avillacisIM> | no | NULL | NULL | NULL
> | NULL | auto | NULL | NULL | NULL | es | NULL
> | 101 at pbx.villacis.com-default | no | NULL | 60 |
> 300 | NULL | all | ulaw,alaw,gsm |
> sip:uqcma3g6 at 192.168.3.2:59675^3Btransport=ws | 127.0.0.1 | 5060 |
> | avillacisIM | SIP/avillacisIM_pbx.villacis.com | yes | no |
> NULL | NULL | NULL | yes | NULL | no
> | NULL | yes | 0 | SIP.js/0.6.2 | 1409346610 |
> | yes | 384 | NULL | NULL | NULL
> | NULL | NULL | NULL | NULL |
> NULL | NULL | 60 | NULL | NULL | NULL |
> NULL | NULL | NULL | yes | NULL | NULL | 101
> | NULL | NULL | NULL | NULL | NULL | NULL
> | NULL | *97 | NULL | NULL | NULL
> | pbx.villacis.com-im-sip | NULL | NULL | NULL |
> pbx.villacis.com | pbx.villacis.com-im-sip | Avillacis12345 |
> avillacisIM | NULL | yes | yes | no |
> /etc/pki/tls/certs/localhost_asterisk.crt |
> /etc/pki/tls/private/localhost_asterisk.key | actpass | yes | yes |
> yes |
> +----+------------------------------+--------------------------------+-------------+-----------------+-----------------+------+--------+-----------+--------------+------------+---------+---------------------+--------+-------------+----------+-----------+-------------+----------------+------------------+----------------------+-------------+-------------------+----------------+-------------+-----------+----------+----------+------------+----------+----------+----------+------------------------------+---------+----------+------------+----------------+--------+----------+---------------+-----------------------------------------------+-----------+------+----------+-------------+----------------------------------+-----------+----------+----------------+--------------+---------------+-------------+-----------+--------------+----------------+---------------+--------+--------------+------------+-----------+--------------+----------------+-------------------+----------------+-----------------+---------------+-------------------+---------------+-------------------+---------+--------+-------------+--------------+---------------+-------------+------------+-------------+-------------+-----------+----------+------+----------+-----------+------------+--------------+------------+------------+--------------+--------------+---------+--------------+-----------------+------------------+-------------------------+----------+-----------+--------------------+---------------------+---------------------------+----------------+--------------+----------+------+------------+------------+-------------------------------------------+---------------------------------------------+-----------+-----------+------------+------------+
> 1 row in set (0.00 sec)
>
>
> [root at elx3 kamailio]# asterisk -rnx 'sip show peer
> avillacisIM_pbx.villacis.com'
>
>
> * Name : avillacisIM_pbx.villacis.com
> Description :
> Realtime peer: Yes, cached
> Secret : <Not set>
> MD5Secret : <Not set>
> Remote Secret: <Not set>
> Context : pbx.villacis.com-from-internal
> Record On feature : automon
> Record Off feature : automon
> Subscr.Cont. : pbx.villacis.com-im-sip
> Language : es
> Tonezone : <Not set>
> AMA flags : Unknown
> Transfer mode: open
> CallingPres : Presentation Allowed, Not Screened
> Callgroup :
> Pickupgroup :
> Named Callgr :
> Nam. Pickupgr:
> MOH Suggest :
> Mailbox : 101 at pbx.villacis.com-default
> VM Extension : *97
> LastMsgsSent : 0/0
> Call limit : 2147483647
> Max forwards : 0
> Dynamic : Yes
> Callerid : "101" <avillacisIM>
> MaxCallBR : 384 kbps
> Expire : 153
> Insecure : no
> Force rport : Yes
> Symmetric RTP: Yes
> ACL : Yes
> DirectMedACL : No
> T.38 support : Yes
> T.38 EC mode : FEC
> T.38 MaxDtgrm: 4294967295
> DirectMedia : No
> PromiscRedir : No
> User=Phone : No
> Video Support: Yes
> Text Support : No
> Ign SDP ver : No
> Trust RPID : Yes
> Send RPID : No
> TrustIDOutbnd: Legacy
> Subscriptions: Yes
> Overlap dial : No
> DTMFmode : auto
> Timer T1 : 500
> Timer B : 32000
> ToHost :
> Addr->IP : 127.0.0.1:5060
> Defaddr->IP : (null)
> Prim.Transp. : WS
> Allowed.Trsp : UDP,WS,WSS
Again, see above, this should only be udp.
> Def. Username: avillacisIM
> SIP Options : (none)
> Codecs : (gsm|ulaw|alaw)
> Codec Order : (ulaw:20,alaw:20,gsm:20)
> Auto-Framing : No
> Status : Unmonitored
> Useragent : SIP.js/0.6.2
> Reg. Contact : sip:uqcma3g6 at 192.168.3.2:59675;transport=ws
> Qualify Freq : 60000 ms
> Keepalive : 0 ms
> Sess-Timers : Accept
> Sess-Refresh : uas
> Sess-Expires : 1800 secs
> Min-Sess : 90 secs
> RTP Engine : asterisk
> Parkinglot :
> Use Reason : No
> Encryption : Yes
> Ign.Lifetime : No
>
> I think the situation is because of the change of transport. How should this
> be handled so that Asterisk stops trying to use websocket transport for the
> signaling that came from the UDP port?
>
See my responses above.
--
Paul Belanger | PolyBeacon, Inc.
Jabber: paul.belanger at polybeacon.com | IRC: pabelanger (Freenode)
Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger
More information about the sr-users
mailing list