[SR-Users] dispatch REGISTER over TLS

Sat Nov 9 14:53:38 CET 2019

Thanks David. You are right, ds_select_dst() is failing and error log is
shown.

 9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
[dispatch.c:2032]: ds_manage_routes(): no destination sets
 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25
n=xdbg
 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: ---
DISPATCH: Dispatcher could not find any destination
 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26
n=send_reply

Here is the config around ds_select_dst()

# Dispatch requests
route[DISPATCH] {
        # round robin dispatching on gateways group '1'
        if(!ds_select_dst("1007", "4")) {
                xdbg("--- DISPATCH: Dispatcher could not find any
destination\n");
                send_reply("404", "No destination");
                exit;
        }
        t_on_failure("RTF_DISPATCH");
        route(RELAY);
        exit;
}

Is there any way to see the logs for communication that happens with the
destination? As you said, that also could be one of points of failure.

BTW, I have set following config for pinging destination.

modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")
#modparam("dispatcher", "db_url", DBURL)                        #Use DBURL
variable for database parameters
modparam("dispatcher", "ds_ping_interval", 10)          #How often to ping
destinations to check status
modparam("dispatcher", "ds_ping_method", "OPTIONS")     #Send SIP Options
ping
modparam("dispatcher", "ds_probing_threshold", 10)      #How many failed
pings in a row do we need before we consider it down
modparam("dispatcher", "ds_inactive_threshold", 10)     #How many sucessful
pings in a row do we need before considering it up
modparam("dispatcher", "ds_ping_latency_stats", 1)      #Enables stats on
latency
modparam("dispatcher", "ds_probing_mode", 1)            #Keeps pinging
gateways when state is known (to detect change in state)

Best Regards.

On Sat, Nov 9, 2019 at 6:32 PM David Villasmil <
david.villasmil.work at gmail.com> wrote:

> Please post the config around the ds_select
>
> What that’s saying is basically it could not find a destination for the
> set you are asking for.
>
> Either because the setid you provide with the function doesn’t exist, or
> the destination is not responding to the pings.
>
>
> On Sat, 9 Nov 2019 at 10:33, sthustfo <sthustfo at gmail.com> wrote:
>
>> Thanks Karsten. The setup consists of client connecting to kamailio over
>> WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server
>> (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list
>> as below
>>
>> # setid(integer) destination(sip uri) flags (integer, optional),
>> priority(int,opt), attrs (str,optional)
>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061
>> ;ping_from=sip:10.0.0.14
>>
>> With above, kamailio replies to REGISTER with "SIP/2.0 404 No
>> destination". And in the logs, I see following statement.
>>
>> 1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no
>> destination sets
>>
>> What does this mean? Is kamailio not able to talk to SIP server for
>> some reason?
>>
>> Regards
>>
>> On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann <khorsmann at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>>
>>> Your config line for the dispatcher makes no sense for me.
>>>
>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061;
>>> ping_from=sip:10.0.0.14
>>>
>>>
>>> Means setid 1007 (like an group to arrange multiple targets) okay.
>>> But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri.
>>> Where your calls are placed when you call the dispatcher function with
>>> setid 1007.
>>>
>>> In combination with socket=10.0.0.100:5061 (that indicates your
>>> Kamailio socket, the proxy ip)
>>> That you talking with yourself.
>>>
>>> You should read the module documentations for dispatcher and tls.
>>>
>>> Or describe your ip setup and your config a bit more.
>>>
>>> Cheers
>>> Karsten
>>>
>>> sthustfo <sthustfo at gmail.com> schrieb am Fr., 8. Nov. 2019, 17:41:
>>>
>>>> Hi Karsten, David,
>>>>
>>>> Thanks for your pointers. Earlier I was using mysql backend where the
>>>> dispatch list was stored. Now following your suggestions, I have switched
>>>> to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the
>>>> following
>>>>
>>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>>> priority(int,opt), attrs (str,optional)
>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061
>>>> ;ping_from=sip:10.0.0.14
>>>>
>>>> Even with this, when HTTP request in, the same is upgraded to WS
>>>> connection. But this gets closed after couple of seconds. Does the below
>>>> log indicate anything?
>>>>
>>>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request]
>>>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit
>>>>  9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list():
>>>> destroying list (nil)
>>>>
>>>> Is there any way to understand what's happening? I do not see any other
>>>> error lin logs.
>>>>
>>>> Thanks.
>>>>
>>>>
>>>>
>>>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla <
>>>> miconda at gmail.com> wrote:
>>>>
>>>>> Hello,
>>>>> On 06.11.19 20:46, Karsten Horsmann wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> the sips Uri schemata is not used for tls with dispatcher.
>>>>>
>>>>> jumping in to clarify a bit about sips protocol schema. It doesn't
>>>>> imply TLS as one may think HTTPS does it for HTTP. The sips is mandating
>>>>> that the traffic goes over secure links, which can be IPSec/VPN or even
>>>>> just private network, so it is ok using UDP or TCP when sips is present.
>>>>>
>>>>> In SIP, if TLS is wanted, then transport=tls has to be added to the
>>>>> URI.
>>>>>
>>>>> As for dispatcher, one more clarification: trasport=tls in attrs has
>>>>> nothing to do with the destination address, so that has to be in the value
>>>>> of the destination field, as Karsten gave in his example.
>>>>>
>>>>> And, as general note: better do not use sips at all, it can mess up
>>>>> some nodes in the path, if you are not sure about the need of sips -- just
>>>>> do uri;trasport=tls.
>>>>>
>>>>> Cheers,
>>>>> Daniel
>>>>>
>>>>>
>>>>> Here an example for flatfile dispatcher.list (need corrected values).
>>>>>
>>>>> The socket line must match an listen directive in your Kamailio.cfg.
>>>>>
>>>>>
>>>>> root at sbc1:~# cat /etc/kamailio/dispatcher.list
>>>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>>>> priority(int,opt), attrs (str,optional)
>>>>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3
>>>>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
>>>>>
>>>>> Cheers
>>>>> Karsten
>>>>>
>>>>> sthustfo <sthustfo at gmail.com> schrieb am Mi., 6. Nov. 2019, 20:32:
>>>>>
>>>>>> I have a basic setup where kamailio receives SIP over websocket (no
>>>>>> WSS) and forwards to SIP server over TLS. I have enabled TLS in
>>>>>> kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and
>>>>>> transport=tls.
>>>>>>
>>>>>>
>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+
>>>>>> | id | setid | destination            | flags | priority | attrs
>>>>>>     | description    |
>>>>>>
>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+
>>>>>> |  4 |     1 | sips:10.0.0.100:5061 |     0 |        0 |
>>>>>> transport=tls | SIP SERVER |
>>>>>>
>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+
>>>>>>
>>>>>> Now when REGISTER is received over websocket, kamailio is responding
>>>>>> with error code 500 and phrase "500 I'm terribly sorry, server error
>>>>>> occurred (7/SL)". And on the console I see the following error messages.
>>>>>>
>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core>
>>>>>> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated:
>>>>>> f1ecf7bcb659b07fe81e332e100044e5
>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2
>>>>>> (tls:10.0.0.100:5061)
>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3  (no
>>>>>> corresponding listening socket)
>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches
>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7)
>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed
>>>>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} ***
>>>>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24
>>>>>> n=sl_reply_error
>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core>
>>>>>> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14,
>>>>>> hsvmphm3ps12.invalid, 0)
>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket
>>>>>> [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
>>>>>>
>>>>>> *tls.cfg contents*
>>>>>> [client:default]
>>>>>> method = TLSv1
>>>>>> verify_certificate = yes
>>>>>> require_certificate = yes
>>>>>> private_key = /home/test/kamailio/internal.key
>>>>>> certificate = /home/test/kamailio/internal.crt
>>>>>> ca_list = /home/test/kamailio/ca_list.pem
>>>>>>
>>>>>> Any reason why this error is seen? Any inputs appreciated.
>>>>>>
>>>>>> Thanks.
>>>>>> _______________________________________________
>>>>>> Kamailio (SER) - Users Mailing List
>>>>>> sr-users at lists.kamailio.org
>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing Listsr-users at lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>> --
>>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>>>>> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
>>>>>
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing List
>>>>> sr-users at lists.kamailio.org
>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users at lists.kamailio.org
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191109/45a5328c/attachment.html>