[SR-Users] dispatch REGISTER over TLS

sthustfo sthustfo at gmail.com
Sat Nov 9 18:31:09 CET 2019 

Thanks Karsten. Instead of SIP server, I ran a simple socket listener
program to see if dispatcher is attempting to connect to it or not. But it
did not receive any client connection attempts. So after looking at the
logs, I found below log statements. Any idea why this might have happened?

 0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local socket
<tls:10.0.0.14:5061>
 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable to
add destination sip:10.0.0.100:5061;transport=tls to set 1007 -- skipping

dispatcher.list file pasted below contains the address. Why would this be
an error?

# setid(integer) destination(sip uri) flags (integer, optional),
priority(int,opt), attrs (str,optional)
1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061;
ping_from=sip:10.0.0.14


On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann <khorsmann at gmail.com> wrote:

> Hi,
>
> I guess the dispatcher is not able to get an 200 okay from your upstream
> tls / sipserver. And so the dispatcher did his job. Find no active
> dispatcher targets, then told you that.
>
> You find more about the dispatcher state with kamctl dispatcher dump or
> kamcmd dispatcher.list
>
> And read the module docu of dispatcher, they explain you the states of the
> commands above.
>
> Hints here:
>
> Reading dispatcher docu, understand the states, read tls (maybe that's
> your root cause).
>
>
> Cheers
> Karsten
>
> sthustfo <sthustfo at gmail.com> schrieb am Sa., 9. Nov. 2019, 14:56:
>
>> Thanks David. You are right, ds_select_dst() is failing and error log is
>> shown.
>>
>>  9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
>> [dispatch.c:2032]: ds_manage_routes(): no destination sets
>>  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25
>> n=xdbg
>>  9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>: ---
>> DISPATCH: Dispatcher could not find any destination
>>  9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26
>> n=send_reply
>>
>> Here is the config around ds_select_dst()
>>
>> # Dispatch requests
>> route[DISPATCH] {
>>         # round robin dispatching on gateways group '1'
>>         if(!ds_select_dst("1007", "4")) {
>>                 xdbg("--- DISPATCH: Dispatcher could not find any
>> destination\n");
>>                 send_reply("404", "No destination");
>>                 exit;
>>         }
>>         t_on_failure("RTF_DISPATCH");
>>         route(RELAY);
>>         exit;
>> }
>>
>> Is there any way to see the logs for communication that happens with the
>> destination? As you said, that also could be one of points of failure.
>>
>> BTW, I have set following config for pinging destination.
>>
>> modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")
>> #modparam("dispatcher", "db_url", DBURL)                        #Use
>> DBURL variable for database parameters
>> modparam("dispatcher", "ds_ping_interval", 10)          #How often to
>> ping destinations to check status
>> modparam("dispatcher", "ds_ping_method", "OPTIONS")     #Send SIP Options
>> ping
>> modparam("dispatcher", "ds_probing_threshold", 10)      #How many failed
>> pings in a row do we need before we consider it down
>> modparam("dispatcher", "ds_inactive_threshold", 10)     #How many
>> sucessful pings in a row do we need before considering it up
>> modparam("dispatcher", "ds_ping_latency_stats", 1)      #Enables stats on
>> latency
>> modparam("dispatcher", "ds_probing_mode", 1)            #Keeps pinging
>> gateways when state is known (to detect change in state)
>>
>> Best Regards.
>>
>> On Sat, Nov 9, 2019 at 6:32 PM David Villasmil <
>> david.villasmil.work at gmail.com> wrote:
>>
>>> Please post the config around the ds_select
>>>
>>> What that’s saying is basically it could not find a destination for the
>>> set you are asking for.
>>>
>>> Either because the setid you provide with the function doesn’t exist, or
>>> the destination is not responding to the pings.
>>>
>>>
>>> On Sat, 9 Nov 2019 at 10:33, sthustfo <sthustfo at gmail.com> wrote:
>>>
>>>> Thanks Karsten. The setup consists of client connecting to kamailio
>>>> over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server
>>>> (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list
>>>> as below
>>>>
>>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>>> priority(int,opt), attrs (str,optional)
>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061
>>>> ;ping_from=sip:10.0.0.14
>>>>
>>>> With above, kamailio replies to REGISTER with "SIP/2.0 404 No
>>>> destination". And in the logs, I see following statement.
>>>>
>>>> 1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no
>>>> destination sets
>>>>
>>>> What does this mean? Is kamailio not able to talk to SIP server for
>>>> some reason?
>>>>
>>>> Regards
>>>>
>>>> On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann <khorsmann at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>> Your config line for the dispatcher makes no sense for me.
>>>>>
>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061;
>>>>> ping_from=sip:10.0.0.14
>>>>>
>>>>>
>>>>> Means setid 1007 (like an group to arrange multiple targets) okay.
>>>>> But sip:10.0.0.100:5061;transport=tls is the dispatcher target Uri.
>>>>> Where your calls are placed when you call the dispatcher function with
>>>>> setid 1007.
>>>>>
>>>>> In combination with socket=10.0.0.100:5061 (that indicates your
>>>>> Kamailio socket, the proxy ip)
>>>>> That you talking with yourself.
>>>>>
>>>>> You should read the module documentations for dispatcher and tls.
>>>>>
>>>>> Or describe your ip setup and your config a bit more.
>>>>>
>>>>> Cheers
>>>>> Karsten
>>>>>
>>>>> sthustfo <sthustfo at gmail.com> schrieb am Fr., 8. Nov. 2019, 17:41:
>>>>>
>>>>>> Hi Karsten, David,
>>>>>>
>>>>>> Thanks for your pointers. Earlier I was using mysql backend where the
>>>>>> dispatch list was stored. Now following your suggestions, I have switched
>>>>>> to dispatcher list in a file (/etc/kamailio/dispatcher.list) and put in the
>>>>>> following
>>>>>>
>>>>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>>>>> priority(int,opt), attrs (str,optional)
>>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.100:5061
>>>>>> ;ping_from=sip:10.0.0.14
>>>>>>
>>>>>> Even with this, when HTTP request in, the same is upgraded to WS
>>>>>> connection. But this gets closed after couple of seconds. Does the below
>>>>>> log indicate anything?
>>>>>>
>>>>>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request]
>>>>>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit
>>>>>>  9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list():
>>>>>> destroying list (nil)
>>>>>>
>>>>>> Is there any way to understand what's happening? I do not see any
>>>>>> other error lin logs.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla <
>>>>>> miconda at gmail.com> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>> On 06.11.19 20:46, Karsten Horsmann wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> the sips Uri schemata is not used for tls with dispatcher.
>>>>>>>
>>>>>>> jumping in to clarify a bit about sips protocol schema. It doesn't
>>>>>>> imply TLS as one may think HTTPS does it for HTTP. The sips is mandating
>>>>>>> that the traffic goes over secure links, which can be IPSec/VPN or even
>>>>>>> just private network, so it is ok using UDP or TCP when sips is present.
>>>>>>>
>>>>>>> In SIP, if TLS is wanted, then transport=tls has to be added to the
>>>>>>> URI.
>>>>>>>
>>>>>>> As for dispatcher, one more clarification: trasport=tls in attrs has
>>>>>>> nothing to do with the destination address, so that has to be in the value
>>>>>>> of the destination field, as Karsten gave in his example.
>>>>>>>
>>>>>>> And, as general note: better do not use sips at all, it can mess up
>>>>>>> some nodes in the path, if you are not sure about the need of sips -- just
>>>>>>> do uri;trasport=tls.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Daniel
>>>>>>>
>>>>>>>
>>>>>>> Here an example for flatfile dispatcher.list (need corrected
>>>>>>> values).
>>>>>>>
>>>>>>> The socket line must match an listen directive in your Kamailio.cfg.
>>>>>>>
>>>>>>>
>>>>>>> root at sbc1:~# cat /etc/kamailio/dispatcher.list
>>>>>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>>>>>> priority(int,opt), attrs (str,optional)
>>>>>>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3
>>>>>>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
>>>>>>>
>>>>>>> Cheers
>>>>>>> Karsten
>>>>>>>
>>>>>>> sthustfo <sthustfo at gmail.com> schrieb am Mi., 6. Nov. 2019, 20:32:
>>>>>>>
>>>>>>>> I have a basic setup where kamailio receives SIP over websocket (no
>>>>>>>> WSS) and forwards to SIP server over TLS. I have enabled TLS in
>>>>>>>> kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and
>>>>>>>> transport=tls.
>>>>>>>>
>>>>>>>>
>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+
>>>>>>>> | id | setid | destination            | flags | priority | attrs
>>>>>>>>       | description    |
>>>>>>>>
>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+
>>>>>>>> |  4 |     1 | sips:10.0.0.100:5061 |     0 |        0 |
>>>>>>>> transport=tls | SIP SERVER |
>>>>>>>>
>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+
>>>>>>>>
>>>>>>>> Now when REGISTER is received over websocket, kamailio is
>>>>>>>> responding with error code 500 and phrase "500 I'm terribly sorry, server
>>>>>>>> error occurred (7/SL)". And on the console I see the following error
>>>>>>>> messages.
>>>>>>>>
>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core>
>>>>>>>> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated:
>>>>>>>> f1ecf7bcb659b07fe81e332e100044e5
>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>>>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2
>>>>>>>> (tls:10.0.0.100:5061)
>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3  (no
>>>>>>>> corresponding listening socket)
>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches
>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7)
>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed
>>>>>>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} ***
>>>>>>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24
>>>>>>>> n=sl_reply_error
>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} <core>
>>>>>>>> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14,
>>>>>>>> hsvmphm3ps12.invalid, 0)
>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} websocket
>>>>>>>> [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
>>>>>>>>
>>>>>>>> *tls.cfg contents*
>>>>>>>> [client:default]
>>>>>>>> method = TLSv1
>>>>>>>> verify_certificate = yes
>>>>>>>> require_certificate = yes
>>>>>>>> private_key = /home/test/kamailio/internal.key
>>>>>>>> certificate = /home/test/kamailio/internal.crt
>>>>>>>> ca_list = /home/test/kamailio/ca_list.pem
>>>>>>>>
>>>>>>>> Any reason why this error is seen? Any inputs appreciated.
>>>>>>>>
>>>>>>>> Thanks.
>>>>>>>> _______________________________________________
>>>>>>>> Kamailio (SER) - Users Mailing List
>>>>>>>> sr-users at lists.kamailio.org
>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Kamailio (SER) - Users Mailing Listsr-users at lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>
>>>>>>> --
>>>>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>>>>>>> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Kamailio (SER) - Users Mailing List
>>>>>>> sr-users at lists.kamailio.org
>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>
>>>>>> _______________________________________________
>>>>>> Kamailio (SER) - Users Mailing List
>>>>>> sr-users at lists.kamailio.org
>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing List
>>>>> sr-users at lists.kamailio.org
>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users at lists.kamailio.org
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> --
>>> Regards,
>>>
>>> David Villasmil
>>> email: david.villasmil.work at gmail.com
>>> phone: +34669448337
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191109/cc30c8af/attachment.html>

More information about the sr-users mailing list