[SR-Users] Strongswan on same Server in EC2 as kamailio 4.4
Daniel-Constantin Mierla
miconda at gmail.com
Thu Mar 8 08:48:43 CET 2018
Hello,
are these calls getting double Record-Route headers?
Cheers,
Daniel
On 23.02.18 13:41, Jonathan Hunter wrote:
> Hi Guys,
>
> I have an issue with sending a BYE message back down a strongswan VPN
> tunnel on a server in the Amazon EC2 environment.
>
> To get the configuration working correctly I have the Public IP
> address bound to a loopback virtual interface, and I also have
> kamailio listening to it.
>
>
> Calls establish without issue, but when the called party send a BYE, I
> cant seem to force the SIP message down the correct interface.
>
> Due to client confidentiality I need to be careful what information I
> send but does anyone have a similar configuration set up, and working,
> I am just looking for reasons as to why force_socket and mhomed=1
> doesnt appear to force the BYE message via the Public Interface but
> the private IP address on the server as its a NAT'd environment.
>
> So essentially call establishes;
>
>
> CLIENT---------(VIA IPSEC)-INVITE----->(UDP)KAMAILIO PUBLIC
> IP-------->(UDP)KAMAILIO PRIVATE IP(TCP)------------------------->CLIENT B
> | | | |
> |<---------(VIA IPSEC)-100 TRYING----|<----------100
> TRYING---------------|<----------100 TRYING----------------------------|
> | | | |
> |<---------(VIA IPSEC)-180 RINGING---|<----------180
> RINGING--------------|<----------180 RINGING---------------------------|
> | |
> | |
> |<---------(VIA IPSEC)-200OK --------|<----------200OK
> -------------------|<----------200OK --------------------------------|
> || |
> |
> |----------(VIA
> IPSEC)-ACk--------->|-----------ACk--------------------->|-----------ACk---------------------------------->|
>
>
> How can I ensure the BYE is forced out via the PUBLIC IP?
>
> So I do this;
> CLIENT---------(VIA IPSEC)-INVITE----->(UDP)KAMAILIO PUBLIC
> IP-------->(UDP)KAMAILIO PRIVATE IP(TCP)------------------------->CLIENT B
>
> |<---------BYE (VIA IPSEC)----------------------|<----------BYE
> ----------------------------|<----------BYE -------------------|
>
> As it appears to be going from Private IP and not being pushed down
> the IPSEC tunnel
>
> CLIENT---------(VIA IPSEC)-INVITE----->KAMAILIO PUBLIC
> IP-------->KAMAILIO PRIVATE IP------------------------->CLIENT B
>
> |<---------BYE ----------------------<----------BYE
> ----------------------------|<----------BYE -------------------|
>
>
> on the BYE I have tried;
>
> force_send_socket(KAMAILIO PUBLIC IP);
>
> However doesnt appear to work, is this an issue for ip routing on
> the server to push the BYE correctly down the IPSEC tunnel? or is it
> configuration related?
>
> Any comments welcome if people have had this issue before.
>
>
> Many thanks
>
> Jon
>
>
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - March 5-7, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20180308/4d10c53e/attachment-0001.html>
More information about the sr-users
mailing list