[SR-Users] Kamailio as Websocket bridge to Asterisk, and Asterisk-sent OPTIONS

Paul Belanger paul.belanger at polybeacon.com
Sat Aug 30 00:29:38 CEST 2014


On Fri, Aug 29, 2014 at 5:08 PM, Alex Villací­s Lasso
<a_villacis at palosanto.com> wrote:
> El 29/08/14 14:44, Paul Belanger escribió:
>
>> On Fri, Aug 29, 2014 at 11:55 AM, Alex Villací­s Lasso
>> <a_villacis at palosanto.com> wrote:
>>>
>>> El 28/08/14 19:09, Paul Belanger escribió:
>>>
>>>> On Thu, Aug 28, 2014 at 7:18 PM, Alex Villací­s Lasso
>>>> <a_villacis at palosanto.com> wrote:
>>>>>
>>>>> As a continuation of my project, I am trying to set up Kamailio as a
>>>>> Websocket bridge to Asterisk. The asterisk instance is running as
>>>>> localhost,
>>>>> with its own websocket support disabled, but otherwise has accounts
>>>>> with
>>>>> all
>>>>> of the avfp and dtls settings for websockets. Additionally, I have
>>>>> removed
>>>>> the bindaddr=127.0.0.1 from sip.conf and instead put a
>>>>> deny=0.0.0.0/0.0.0.0
>>>>> and permit=127.0.0.1/255.255.255.0 in order to restrict SIP signaling
>>>>> to
>>>>> localhost. This allows asterisk to bypass rtpproxy when signaling
>>>>> through
>>>>> a
>>>>> websocket. I have already established calls originating from the
>>>>> browser.
>>>>> However, I have an issue with the registration.
>>>>>
>>>> Just in passing, why did you remove bindaddr=127.0.0.1?
>>>
>>> If I keep the bindaddr, then asterisk fails to send the DTLS-SRTP
>>> handshake
>>> packets, resulting in no audio. Apparently rtpproxy does not route this.
>>>
>> FWIW: I added a new setting into chan_sip, rptbindaddr[1], which
>> allows you to no control the interface RTP binds too.  Not sure if
>> that helps in your setup or not.
>>
>>>>> In my setup, Kamailio receives the REGISTER from whatever source, and
>>>>> forwards this through UDP to Asterisk, after the multiple-domain
>>>>> transformation. Therefore, Asterisk sees the following in its SIP port
>>>>> (all
>>>>> traffic through localhost):
>>>>>
>>>>> REGISTER sip:pbx.villacis.com SIP/2.0
>>>>> Via: SIP/2.0/UDP
>>>>> 127.0.0.1;branch=z9hG4bKc1c5.cb49f656197d0ba16f2a1661dd6a44cc.0
>>>>> Via: SIP/2.0/WSS
>>>>>
>>>>>
>>>>> r01r0mla9hdp.invalid;rport=47307;received=192.168.3.2;branch=z9hG4bK9309681
>>>>> Max-Forwards: 69
>>>>> To: <sip:avillacisIM_pbx.villacis.com at 127.0.0.1:5080>
>>>>> From: "Alex Villac..s"
>>>>> <sip:avillacisIM_pbx.villacis.com at 127.0.0.1:5080>;tag=b5c0lq4kac
>>>>> Call-ID: vp2akar0aqfmgfa6m1taau
>>>>> CSeq: 82 REGISTER
>>>>> Contact:
>>>>>
>>>>>
>>>>> <sip:fnuql6ft at 192.168.3.2:47307;transport=ws>;reg-id=1;+sip.instance="<urn:uuid:6b0c58ee-bdc5-47c0-aff0-963132dc0cad>";expires=600
>>>>> Allow: ACK,CANCEL,BYE,OPTIONS,INFO,NOTIFY,INVITE,MESSAGE
>>>>> Supported: path,gruu,outbound
>>>>> User-Agent: SIP.js/0.6.2
>>>>> Content-Length: 0
>>>>>
>>>>> Asterisk answers this through UDP, and Kamailio forwards it through the
>>>>> websocket:
>>>>>
>>>>> SIP/2.0 200 OK
>>>>> Via: SIP/2.0/UDP
>>>>>
>>>>>
>>>>> 127.0.0.1;branch=z9hG4bKc1c5.cb49f656197d0ba16f2a1661dd6a44cc.0;received=127.0.0.1;rport=5060
>>>>> Via: SIP/2.0/WSS
>>>>>
>>>>>
>>>>> r01r0mla9hdp.invalid;rport=47307;received=192.168.3.2;branch=z9hG4bK9309681
>>>>> From: "Alex Villac..s"
>>>>> <sip:avillacisIM_pbx.villacis.com at 127.0.0.1:5080>;tag=b5c0lq4kac
>>>>> To: <sip:avillacisIM_pbx.villacis.com at 127.0.0.1:5080>;tag=as5ae2df76
>>>>> Call-ID: vp2akar0aqfmgfa6m1taau
>>>>> CSeq: 82 REGISTER
>>>>> Server: Asterisk PBX 11.12.0
>>>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
>>>>> INFO,
>>>>> PUBLISH, MESSAGE
>>>>> Supported: replaces, timer
>>>>> Expires: 600
>>>>> Contact: <sip:fnuql6ft at 192.168.3.2:47307;transport=ws>;expires=600
>>>>> Date: Thu, 28 Aug 2014 22:21:15 GMT
>>>>> Content-Length: 0
>>>>>
>>>>> Then Asterisk sends this through UDP, and Kamailio again forwards it
>>>>> through
>>>>> the websocket:
>>>>>
>>>>> NOTIFY sip:fnuql6ft at 192.168.3.2:47307;transport=ws SIP/2.0
>>>>> Via: SIP/2.0/UDP 127.0.0.1:5080;branch=z9hG4bK4d60f167;rport
>>>>> Max-Forwards: 70
>>>>> From: "asterisk" <sip:asterisk at 127.0.0.1:5080>;tag=as43c12840
>>>>> To: <sip:fnuql6ft at 192.168.3.2:47307;transport=ws>
>>>>> Contact: <sip:asterisk at 127.0.0.1:5080>
>>>>> Call-ID: 04deeb0068a847fa514d748c7d9993c5 at 127.0.0.1:5080
>>>>> CSeq: 102 NOTIFY
>>>>> User-Agent: Asterisk PBX 11.12.0
>>>>> Event: message-summary
>>>>> Content-Type: application/simple-message-summary
>>>>> Content-Length: 89
>>>>>
>>>>> Messages-Waiting: no
>>>>> Message-Account: sip:*97 at 127.0.0.1:5080
>>>>> Voice-Message: 0/0 (0/0)
>>>>>
>>>>> Since I have not implemented handling of voicemail indications, the
>>>>> browser
>>>>> answers this:
>>>>>
>>>>> SIP/2.0 405 Method Not Allowed
>>>>> Via: SIP/2.0/UDP 127.0.0.1:5080;branch=z9hG4bK4d60f167;rport=5080
>>>>> To: <sip:fnuql6ft at 192.168.3.2:47307;transport=ws>;tag=ggu5etber9
>>>>> From: "asterisk" <sip:asterisk at 127.0.0.1:5080>;tag=as43c12840
>>>>> Call-ID: 04deeb0068a847fa514d748c7d9993c5 at 127.0.0.1:5080
>>>>> CSeq: 102 NOTIFY
>>>>> Supported: outbound
>>>>> Content-Length: 0
>>>>>
>>>>>
>>>>> After that, Asterisk wants to send an OPTIONS packet. From the point of
>>>>> view
>>>>> of Asterisk (sip set debug on), it is already sent, but never gets a
>>>>> response. However, tcpdump shows that the packet is never sent through
>>>>> the
>>>>> localhost interface in the first place. It is also not sent through any
>>>>> other interface. My guess is that since the REGISTER has a contact with
>>>>> transport=ws , Asterisk wants to send this through a websocket (which
>>>>> is
>>>>> disabled). So I could have to generate a contact without transport=ws .
>>>>>
>>>>> I have worked around this by setting qualify=no in the account for the
>>>>> websocket, but I would like a better solution, one that allows the
>>>>> OPTIONS
>>>>> packet to reach the browser, and to get the response. What is the
>>>>> proper
>>>>> way
>>>>> to deal with this?
>>>>>
>>>> What does the OPTIONS message in asterisk look like?
>>>>
>>> elx3*CLI> sip qualify peer avillacisIM_pbx.villacis.com
>>> Reliably Transmitting (NAT) to 127.0.0.1:5060:
>>> OPTIONS sip:68on862t at 192.168.3.2:58927;transport=ws SIP/2.0
>>> Via: SIP/2.0/WS 127.0.0.1:5080;branch=z9hG4bK2b267794;rport
>>> Max-Forwards: 70
>>> From: "asterisk" <sip:asterisk at 127.0.0.1:5080>;tag=as1a2c3be2
>>> To: <sip:68on862t at 192.168.3.2:58927;transport=ws>
>>> Contact: <sip:asterisk at 127.0.0.1:5080;transport=WS>
>>> Call-ID: 7cbd63985b293b0150740e5a19143451 at 127.0.0.1:5080
>>> CSeq: 102 OPTIONS
>>> User-Agent: Asterisk PBX 11.12.0
>>> Date: Fri, 29 Aug 2014 15:54:10 GMT
>>>
>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
>>> PUBLISH, MESSAGE
>>> Supported: replaces, timer
>>> Content-Length: 0
>>>
>> Ya, your via address is over the WS. What does your peer settings look
>> like for avillacisIM_pbx.villacis.com ?
>>
>> [1] http://svnview.digium.com/svn/asterisk?view=revision&revision=422241
>>
> mysql> select * from sip where name = 'avillacisIM_pbx.villacis.com';
> +----+------------------------------+--------------------------------+-------------+-----------------+-----------------+------+--------+-----------+--------------+------------+---------+---------------------+--------+-------------+----------+-----------+-------------+----------------+------------------+----------------------+-------------+-------------------+----------------+-------------+-----------+----------+----------+------------+----------+----------+----------+------------------------------+---------+----------+------------+----------------+--------+----------+---------------+-----------------------------------------------+-----------+------+----------+-------------+----------------------------------+-----------+----------+----------------+--------------+---------------+-------------+-----------+--------------+----------------+---------------+--------+--------------+------------+-----------+--------------+----------------+-------------------+----------------+-----------------+---------------+-------------------+---------------+-------------------+---------+--------+-------------+--------------+---------------+-------------+------------+-------------+-------------+-----------+----------+------+----------+-----------+------------+--------------+------------+------------+--------------+--------------+---------+--------------+-----------------+------------------+-------------------------+----------+-----------+--------------------+---------------------+---------------------------+----------------+--------------+----------+------+------------+------------+-------------------------------------------+---------------------------------------------+-----------+-----------+------------+------------+
> | id | name                         | context | callingpres | deny
> | permit          | acl  | secret | md5secret | remotesecret | transport  |
> host    | nat                 | type   | accountcode | amaflags | callgroup
> | pickupgroup | namedcallgroup | namedpickupgroup | callerid             |
> directmedia | directmediapermit | directmediaacl | description | defaultip |
> dtmfmode | fromuser | fromdomain | insecure | language | tonezone | mailbox
> | qualify | regexten | rtptimeout | rtpholdtimeout | setvar | disallow |
> allow         | fullcontact                                   | ipaddr    |
> port | username | defaultuser | dial                             | trustrpid
> | sendrpid | progressinband | promiscredir | useclientcode | callcounter |
> busylevel | allowoverlap | allowsubscribe | allowtransfer | lastms |
> useragent    | regseconds | regserver | videosupport | maxcallbitrate |
> rfc2833compensate | session-timers | session-expires | session-minse |
> session-refresher | outboundproxy | callbackextension | timert1 | timerb |
> qualifyfreq | constantssrc | contactpermit | contactdeny | contactacl |
> usereqphone | textsupport | faxdetect | buggymwi | auth | fullname |
> trunkname | cid_number | mohinterpret | mohsuggest | parkinglot |
> hasvoicemail | subscribemwi | vmexten | rtpkeepalive | g726nonstandard |
> ignoresdpversion | subscribecontext        | template | keepalive |
> t38pt_usertpsource | organization_domain | outofcall_message_context |
> sippasswd      | kamailioname | mwi_from | avpf | dtlsenable | dtlsverify |
> dtlscertfile                              | dtlsprivatekey
> | dtlssetup | force_avp | icesupport | encryption |
> +----+------------------------------+--------------------------------+-------------+-----------------+-----------------+------+--------+-----------+--------------+------------+---------+---------------------+--------+-------------+----------+-----------+-------------+----------------+------------------+----------------------+-------------+-------------------+----------------+-------------+-----------+----------+----------+------------+----------+----------+----------+------------------------------+---------+----------+------------+----------------+--------+----------+---------------+-----------------------------------------------+-----------+------+----------+-------------+----------------------------------+-----------+----------+----------------+--------------+---------------+-------------+-----------+--------------+----------------+---------------+--------+--------------+------------+-----------+--------------+----------------+-------------------+----------------+-----------------+---------------+-------------------+---------------+-------------------+---------+--------+-------------+--------------+---------------+-------------+------------+-------------+-------------+-----------+----------+------+----------+-----------+------------+--------------+------------+------------+--------------+--------------+---------+--------------+-----------------+------------------+-------------------------+----------+-----------+--------------------+---------------------+---------------------------+----------------+--------------+----------+------+------------+------------+-------------------------------------------+---------------------------------------------+-----------+-----------+------------+------------+
> | 12 | avillacisIM_pbx.villacis.com | pbx.villacis.com-from-internal | NULL
> | 0.0.0.0/0.0.0.0 | 0.0.0.0/0.0.0.0 | NULL | NULL   | NULL      | NULL
> | ws,wss,udp | dynamic | force_rport,comedia | friend | NULL        | NULL

This is your issue, you are allowing ws and wss as the transport.
Because you are forwarding calls over UDP, that is the only protocol
you should be allowing.

> | NULL      | NULL        | NULL           | NULL             | device
> <avillacisIM> | no          | NULL              | NULL           | NULL
> | NULL      | auto     | NULL     | NULL       | NULL     | es       | NULL
> | 101 at pbx.villacis.com-default | no      | NULL     |         60 |
> 300 | NULL   | all      | ulaw,alaw,gsm |
> sip:uqcma3g6 at 192.168.3.2:59675^3Btransport=ws | 127.0.0.1 | 5060 |
> | avillacisIM | SIP/avillacisIM_pbx.villacis.com | yes       | no       |
> NULL           | NULL         | NULL | yes         |      NULL | no
> | NULL           | yes           |      0 | SIP.js/0.6.2 | 1409346610 |
> | yes          |            384 | NULL              | NULL |            NULL
> |          NULL | NULL              | NULL          | NULL              |
> NULL |   NULL |          60 | NULL         | NULL          | NULL        |
> NULL       | NULL        | NULL        | yes       | NULL     | NULL | 101
> | NULL      | NULL       | NULL         | NULL       | NULL       | NULL
> | NULL         | *97     |         NULL | NULL            | NULL
> | pbx.villacis.com-im-sip | NULL     | NULL      | NULL               |
> pbx.villacis.com    | pbx.villacis.com-im-sip   | Avillacis12345 |
> avillacisIM  | NULL | yes  | yes        | no         |
> /etc/pki/tls/certs/localhost_asterisk.crt |
> /etc/pki/tls/private/localhost_asterisk.key | actpass   | yes | yes        |
> yes        |
> +----+------------------------------+--------------------------------+-------------+-----------------+-----------------+------+--------+-----------+--------------+------------+---------+---------------------+--------+-------------+----------+-----------+-------------+----------------+------------------+----------------------+-------------+-------------------+----------------+-------------+-----------+----------+----------+------------+----------+----------+----------+------------------------------+---------+----------+------------+----------------+--------+----------+---------------+-----------------------------------------------+-----------+------+----------+-------------+----------------------------------+-----------+----------+----------------+--------------+---------------+-------------+-----------+--------------+----------------+---------------+--------+--------------+------------+-----------+--------------+----------------+-------------------+----------------+-----------------+---------------+-------------------+---------------+-------------------+---------+--------+-------------+--------------+---------------+-------------+------------+-------------+-------------+-----------+----------+------+----------+-----------+------------+--------------+------------+------------+--------------+--------------+---------+--------------+-----------------+------------------+-------------------------+----------+-----------+--------------------+---------------------+---------------------------+----------------+--------------+----------+------+------------+------------+-------------------------------------------+---------------------------------------------+-----------+-----------+------------+------------+
> 1 row in set (0.00 sec)
>
>
> [root at elx3 kamailio]# asterisk -rnx 'sip show peer
> avillacisIM_pbx.villacis.com'
>
>
>   * Name       : avillacisIM_pbx.villacis.com
>   Description  :
>   Realtime peer: Yes, cached
>   Secret       : <Not set>
>   MD5Secret    : <Not set>
>   Remote Secret: <Not set>
>   Context      : pbx.villacis.com-from-internal
>   Record On feature : automon
>   Record Off feature : automon
>   Subscr.Cont. : pbx.villacis.com-im-sip
>   Language     : es
>   Tonezone     : <Not set>
>   AMA flags    : Unknown
>   Transfer mode: open
>   CallingPres  : Presentation Allowed, Not Screened
>   Callgroup    :
>   Pickupgroup  :
>   Named Callgr :
>   Nam. Pickupgr:
>   MOH Suggest  :
>   Mailbox      : 101 at pbx.villacis.com-default
>   VM Extension : *97
>   LastMsgsSent : 0/0
>   Call limit   : 2147483647
>   Max forwards : 0
>   Dynamic      : Yes
>   Callerid     : "101" <avillacisIM>
>   MaxCallBR    : 384 kbps
>   Expire       : 153
>   Insecure     : no
>   Force rport  : Yes
>   Symmetric RTP: Yes
>   ACL          : Yes
>   DirectMedACL : No
>   T.38 support : Yes
>   T.38 EC mode : FEC
>   T.38 MaxDtgrm: 4294967295
>   DirectMedia  : No
>   PromiscRedir : No
>   User=Phone   : No
>   Video Support: Yes
>   Text Support : No
>   Ign SDP ver  : No
>   Trust RPID   : Yes
>   Send RPID    : No
>   TrustIDOutbnd: Legacy
>   Subscriptions: Yes
>   Overlap dial : No
>   DTMFmode     : auto
>   Timer T1     : 500
>   Timer B      : 32000
>   ToHost       :
>   Addr->IP     : 127.0.0.1:5060
>   Defaddr->IP  : (null)
>   Prim.Transp. : WS
>   Allowed.Trsp : UDP,WS,WSS
Again, see above, this should only be udp.

>   Def. Username: avillacisIM
>   SIP Options  : (none)
>   Codecs       : (gsm|ulaw|alaw)
>   Codec Order  : (ulaw:20,alaw:20,gsm:20)
>   Auto-Framing : No
>   Status       : Unmonitored
>   Useragent    : SIP.js/0.6.2
>   Reg. Contact : sip:uqcma3g6 at 192.168.3.2:59675;transport=ws
>   Qualify Freq : 60000 ms
>   Keepalive    : 0 ms
>   Sess-Timers  : Accept
>   Sess-Refresh : uas
>   Sess-Expires : 1800 secs
>   Min-Sess     : 90 secs
>   RTP Engine   : asterisk
>   Parkinglot   :
>   Use Reason   : No
>   Encryption   : Yes
>   Ign.Lifetime : No
>
> I think the situation is because of the change of transport. How should this
> be handled so that Asterisk stops trying to use websocket transport for the
> signaling that came from the UDP port?
>
See my responses above.

-- 
Paul Belanger | PolyBeacon, Inc.
Jabber: paul.belanger at polybeacon.com | IRC: pabelanger (Freenode)
Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger



More information about the sr-users mailing list