[SR-Users] Strongswan on same Server in EC2 as kamailio 4.4

Jonathan Hunter hunterj91 at hotmail.com
Fri Feb 23 13:41:13 CET 2018 

Hi Guys,

I have an issue with sending a BYE message back down a strongswan VPN tunnel on a server in the Amazon EC2 environment.

To get the configuration working correctly I have the Public IP address bound to a loopback virtual interface, and I also have kamailio listening to it.


Calls establish without issue, but when the called party send a BYE, I cant seem to force the SIP message down the correct interface.

Due to client confidentiality I need to be careful what information I send but does anyone have a similar configuration set up, and working, I am just looking for reasons as to why force_socket and mhomed=1 doesnt appear to force the BYE message via the Public Interface but the private IP address on the server as its a NAT'd environment.

So essentially call establishes;


CLIENT---------(VIA IPSEC)-INVITE----->(UDP)KAMAILIO PUBLIC IP-------->(UDP)KAMAILIO PRIVATE IP(TCP)------------------------->CLIENT B
   |                                    |      |          |
   |<---------(VIA IPSEC)-100 TRYING----|<----------100 TRYING---------------|<----------100 TRYING----------------------------|
   |         |              |                                           |
   |<---------(VIA IPSEC)-180 RINGING---|<----------180 RINGING--------------|<----------180 RINGING---------------------------|
   |                                    |                                    |                  |
   |<---------(VIA IPSEC)-200OK --------|<----------200OK -------------------|<----------200OK --------------------------------|
   | |                                    |                                           |
   |----------(VIA IPSEC)-ACk---------> |-----------ACk--------------------->|-----------ACk---------------------------------->|


   How can I ensure the BYE is forced out via the PUBLIC IP?

So I do this;
   CLIENT---------(VIA IPSEC)-INVITE----->(UDP)KAMAILIO PUBLIC IP-------->(UDP)KAMAILIO PRIVATE IP(TCP)------------------------->CLIENT B

   |<---------BYE (VIA IPSEC)----------------------|<----------BYE ----------------------------|<----------BYE -------------------|

   As it appears to be going from Private IP and not being pushed down the IPSEC tunnel

   CLIENT---------(VIA IPSEC)-INVITE----->KAMAILIO PUBLIC IP-------->KAMAILIO PRIVATE IP------------------------->CLIENT B

   |<---------BYE ----------------------<----------BYE ----------------------------|<----------BYE -------------------|


   on the BYE I have tried;

   force_send_socket(KAMAILIO PUBLIC IP);

   However doesnt appear to work, is this an issue for ip routing on the server to push the BYE correctly down the IPSEC tunnel? or is it configuration related?

   Any comments welcome if people have had this issue before.


   Many thanks

   Jon


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20180223/32ad6bda/attachment.html>

More information about the sr-users mailing list