[SR-Users] dispatch REGISTER over TLS

sthustfo sthustfo at gmail.com
Fri Nov 8 17:38:55 CET 2019 

Hi Karsten, David,

Thanks for your pointers. Earlier I was using mysql backend where the
dispatch list was stored. Now following your suggestions, I have switched
to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the
following

# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061
;ping_from=sip:10.0.0.14

Even with this, when HTTP request in, the same is upgraded to WS
connection. But this gets closed after couple of seconds. Does the below
log indicate anything?

9(1784) exec: *** cfgtrace:request_route=[xhttp:request]
c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit
 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list(): destroying
list (nil)

Is there any way to understand what's happening? I do not see any other
error lin logs.

Thanks.



On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla <miconda at gmail.com>
wrote:

> Hello,
> On 06.11.19 20:46, Karsten Horsmann wrote:
>
> Hi,
>
> the sips Uri schemata is not used for tls with dispatcher.
>
> jumping in to clarify a bit about sips protocol schema. It doesn't imply
> TLS as one may think HTTPS does it for HTTP. The sips is mandating that the
> traffic goes over secure links, which can be IPSec/VPN or even just private
> network, so it is ok using UDP or TCP when sips is present.
>
> In SIP, if TLS is wanted, then transport=tls has to be added to the URI.
>
> As for dispatcher, one more clarification: trasport=tls in attrs has
> nothing to do with the destination address, so that has to be in the value
> of the destination field, as Karsten gave in his example.
>
> And, as general note: better do not use sips at all, it can mess up some
> nodes in the path, if you are not sure about the need of sips -- just do
> uri;trasport=tls.
>
> Cheers,
> Daniel
>
>
> Here an example for flatfile dispatcher.list (need corrected values).
>
> The socket line must match an listen directive in your Kamailio.cfg.
>
>
> root at sbc1:~# cat /etc/kamailio/dispatcher.list
> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3
> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
>
> Cheers
> Karsten
>
> sthustfo <sthustfo at gmail.com> schrieb am Mi., 6. Nov. 2019, 20:32:
>
>> I have a basic setup where kamailio receives SIP over websocket (no WSS)
>> and forwards to SIP server over TLS. I have enabled TLS in kamailio.cfg and
>> added dispatcher node as sips:SIP_SERVER:5061 and transport=tls.
>>
>>
>> +----+-------+------------------------+-------+----------+---------------+----------------+
>> | id | setid | destination            | flags | priority | attrs
>> | description    |
>>
>> +----+-------+------------------------+-------+----------+---------------+----------------+
>> |  4 |     1 | sips:10.0.0.100:5061 |     0 |        0 | transport=tls |
>> SIP SERVER |
>>
>> +----+-------+------------------------+-------+----------+---------------+----------------+
>>
>> Now when REGISTER is received over websocket, kamailio is responding with
>> error code 500 and phrase "500 I'm terribly sorry, server error occurred
>> (7/SL)". And on the console I see the following error messages.
>>
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core>
>> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated:
>> f1ecf7bcb659b07fe81e332e100044e5
>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm [ut.h:315]:
>> uri2dst2(): no corresponding socket found for "10.0.0.100" af 2 (tls:
>> 10.0.0.100:5061)
>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3  (no
>> corresponding listening socket)
>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7)
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed
>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} ***
>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24
>> n=sl_reply_error
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core>
>> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14,
>> hsvmphm3ps12.invalid, 0)
>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket
>> [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
>>
>> *tls.cfg contents*
>> [client:default]
>> method = TLSv1
>> verify_certificate = yes
>> require_certificate = yes
>> private_key = /home/test/kamailio/internal.key
>> certificate = /home/test/kamailio/internal.crt
>> ca_list = /home/test/kamailio/ca_list.pem
>>
>> Any reason why this error is seen? Any inputs appreciated.
>>
>> Thanks.
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing Listsr-users at lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191108/645bc78e/attachment.html>

More information about the sr-users mailing list