[SR-Users] dispatch REGISTER over TLS
David Villasmil
david.villasmil.work at gmail.com
Sun Nov 10 01:32:18 CET 2019
>From what you paste, 8080 is not TLS
On Sat, 9 Nov 2019 at 23:29, sthustfo <sthustfo at gmail.com> wrote:
> Kamailio listening on WS only as seen from below log snippet. As I
> mentioned earlier, talks pure WS (no WSS) with the clients, and TLS towards
> the SIP server.
>
> 0(3268) INFO: <core> [core/sctp_core.c:74]: sctp_core_check_support():
> SCTP API not enabled - if you want to use it, load sctp module
> Listening on
> tcp: 10.0.0.14 [10.0.0.14]:8080
> Aliases:
> *: test.example.com:*
>
> And here is the relevant portion from config file.
> listen=tcp:10.0.0.14:8080
>
> With the above, I modified dispatcher.list as below
> # setid(integer) destination(sip uri) flags (integer, optional),
> priority(int,opt), attrs (str,optional)
> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tcp:10.0.0.14:8080
> ;ping_from=sip:10.0.0.14
>
> With the above change, I see following in the logs
>
> 1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2():
> protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061)
> 1(3271) ERROR: tm [ut.h:315]: uri2dst2(): no corresponding socket found
> for "10.0.0.100" af 2 (tls:10.0.0.100:5061)
> 1(3271) ERROR: tm [uac.c:449]: t_uac_prepare(): no socket found
> 1(3271) ERROR: dispatcher [dispatch.c:3107]: ds_ping_set(): unable to
> ping [sip:10.0.0.100:5061;transport=tls]
> 1(3271) WARNING: <core> [core/forward.c:228]: get_send_socket2():
> protocol/port mismatch (forced tcp:10.0.0.14:8080, to tls:10.0.0.100:5061)
>
> But not attempts to connect to the SIP server.
>
> On Sat, Nov 9, 2019 at 11:48 PM David Villasmil <
> david.villasmil.work at gmail.com> wrote:
>
>> Please paste the “listen” parameters from the config.
>>
>> On Sat, 9 Nov 2019 at 18:04, David Villasmil <
>> david.villasmil.work at gmail.com> wrote:
>>
>>> Is kamailio listening in that socket?
>>>
>>> On Sat, 9 Nov 2019 at 17:34, sthustfo <sthustfo at gmail.com> wrote:
>>>
>>>> Thanks Karsten. Instead of SIP server, I ran a simple socket listener
>>>> program to see if dispatcher is attempting to connect to it or not. But it
>>>> did not receive any client connection attempts. So after looking at the
>>>> logs, I found below log statements. Any idea why this might have happened?
>>>>
>>>> 0(3004) ERROR: dispatcher [dispatch.c:411]: pack_dest(): non-local
>>>> socket <tls:10.0.0.14:5061>
>>>> 0(3004) WARNING: dispatcher [dispatch.c:816]: ds_load_list(): unable
>>>> to add destination sip:10.0.0.100:5061;transport=tls to set 1007 --
>>>> skipping
>>>>
>>>> dispatcher.list file pasted below contains the address. Why would this
>>>> be an error?
>>>>
>>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>>> priority(int,opt), attrs (str,optional)
>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:10.0.0.14:5061;
>>>> ping_from=sip:10.0.0.14
>>>>
>>>>
>>>> On Sat, Nov 9, 2019 at 9:35 PM Karsten Horsmann <khorsmann at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I guess the dispatcher is not able to get an 200 okay from your
>>>>> upstream tls / sipserver. And so the dispatcher did his job. Find no active
>>>>> dispatcher targets, then told you that.
>>>>>
>>>>> You find more about the dispatcher state with kamctl dispatcher dump
>>>>> or kamcmd dispatcher.list
>>>>>
>>>>> And read the module docu of dispatcher, they explain you the states of
>>>>> the commands above.
>>>>>
>>>>> Hints here:
>>>>>
>>>>> Reading dispatcher docu, understand the states, read tls (maybe that's
>>>>> your root cause).
>>>>>
>>>>>
>>>>> Cheers
>>>>> Karsten
>>>>>
>>>>> sthustfo <sthustfo at gmail.com> schrieb am Sa., 9. Nov. 2019, 14:56:
>>>>>
>>>>>> Thanks David. You are right, ds_select_dst() is failing and error log
>>>>>> is shown.
>>>>>>
>>>>>> 9(2528) ERROR: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} dispatcher
>>>>>> [dispatch.c:2032]: ds_manage_routes(): no destination sets
>>>>>> 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
>>>>>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=970 a=25
>>>>>> n=xdbg
>>>>>> 9(2528) DEBUG: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} <script>:
>>>>>> --- DISPATCH: Dispatcher could not find any destination
>>>>>> 9(2528) exec: {1 9733 REGISTER e4rvba563tlnj0i3a906qa} ***
>>>>>> cfgtrace:request_route=[DISPATCH] c=[/etc/kamailio/kamailio.cfg] l=971 a=26
>>>>>> n=send_reply
>>>>>>
>>>>>> Here is the config around ds_select_dst()
>>>>>>
>>>>>> # Dispatch requests
>>>>>> route[DISPATCH] {
>>>>>> # round robin dispatching on gateways group '1'
>>>>>> if(!ds_select_dst("1007", "4")) {
>>>>>> xdbg("--- DISPATCH: Dispatcher could not find any
>>>>>> destination\n");
>>>>>> send_reply("404", "No destination");
>>>>>> exit;
>>>>>> }
>>>>>> t_on_failure("RTF_DISPATCH");
>>>>>> route(RELAY);
>>>>>> exit;
>>>>>> }
>>>>>>
>>>>>> Is there any way to see the logs for communication that happens with
>>>>>> the destination? As you said, that also could be one of points of failure.
>>>>>>
>>>>>> BTW, I have set following config for pinging destination.
>>>>>>
>>>>>> modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")
>>>>>> #modparam("dispatcher", "db_url", DBURL) #Use
>>>>>> DBURL variable for database parameters
>>>>>> modparam("dispatcher", "ds_ping_interval", 10) #How often to
>>>>>> ping destinations to check status
>>>>>> modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP
>>>>>> Options ping
>>>>>> modparam("dispatcher", "ds_probing_threshold", 10) #How many
>>>>>> failed pings in a row do we need before we consider it down
>>>>>> modparam("dispatcher", "ds_inactive_threshold", 10) #How many
>>>>>> sucessful pings in a row do we need before considering it up
>>>>>> modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables
>>>>>> stats on latency
>>>>>> modparam("dispatcher", "ds_probing_mode", 1) #Keeps
>>>>>> pinging gateways when state is known (to detect change in state)
>>>>>>
>>>>>> Best Regards.
>>>>>>
>>>>>> On Sat, Nov 9, 2019 at 6:32 PM David Villasmil <
>>>>>> david.villasmil.work at gmail.com> wrote:
>>>>>>
>>>>>>> Please post the config around the ds_select
>>>>>>>
>>>>>>> What that’s saying is basically it could not find a destination for
>>>>>>> the set you are asking for.
>>>>>>>
>>>>>>> Either because the setid you provide with the function doesn’t
>>>>>>> exist, or the destination is not responding to the pings.
>>>>>>>
>>>>>>>
>>>>>>> On Sat, 9 Nov 2019 at 10:33, sthustfo <sthustfo at gmail.com> wrote:
>>>>>>>
>>>>>>>> Thanks Karsten. The setup consists of client connecting to kamailio
>>>>>>>> over WS (10.0.0.14). Kamailio needs to proxy the requests to SIP server
>>>>>>>> (10.0.0.100) over TLS. As per your suggestion, I modified the dispatch list
>>>>>>>> as below
>>>>>>>>
>>>>>>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>>>>>>> priority(int,opt), attrs (str,optional)
>>>>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3
>>>>>>>> socket=tls:10.0.0.14:5061;ping_from=sip:10.0.0.14
>>>>>>>>
>>>>>>>> With above, kamailio replies to REGISTER with "SIP/2.0 404 No
>>>>>>>> destination". And in the logs, I see following statement.
>>>>>>>>
>>>>>>>> 1(2281) DEBUG: dispatcher [dispatch.c:3125]: ds_check_timer(): no
>>>>>>>> destination sets
>>>>>>>>
>>>>>>>> What does this mean? Is kamailio not able to talk to SIP server for
>>>>>>>> some reason?
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>> On Fri, Nov 8, 2019 at 11:55 PM Karsten Horsmann <
>>>>>>>> khorsmann at gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Your config line for the dispatcher makes no sense for me.
>>>>>>>>>
>>>>>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3 socket=tls:
>>>>>>>>> 10.0.0.100:5061;ping_from=sip:10.0.0.14
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Means setid 1007 (like an group to arrange multiple targets) okay.
>>>>>>>>> But sip:10.0.0.100:5061;transport=tls is the dispatcher target
>>>>>>>>> Uri. Where your calls are placed when you call the dispatcher function with
>>>>>>>>> setid 1007.
>>>>>>>>>
>>>>>>>>> In combination with socket=10.0.0.100:5061 (that indicates your
>>>>>>>>> Kamailio socket, the proxy ip)
>>>>>>>>> That you talking with yourself.
>>>>>>>>>
>>>>>>>>> You should read the module documentations for dispatcher and tls.
>>>>>>>>>
>>>>>>>>> Or describe your ip setup and your config a bit more.
>>>>>>>>>
>>>>>>>>> Cheers
>>>>>>>>> Karsten
>>>>>>>>>
>>>>>>>>> sthustfo <sthustfo at gmail.com> schrieb am Fr., 8. Nov. 2019, 17:41:
>>>>>>>>>
>>>>>>>>>> Hi Karsten, David,
>>>>>>>>>>
>>>>>>>>>> Thanks for your pointers. Earlier I was using mysql backend where
>>>>>>>>>> the dispatch list was stored. Now following your suggestions, I have
>>>>>>>>>> switched to dispatcher list in a file (/etc/kamailio/dispatcher.list) and
>>>>>>>>>> put in the following
>>>>>>>>>>
>>>>>>>>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>>>>>>>>> priority(int,opt), attrs (str,optional)
>>>>>>>>>> 1007 sip:10.0.0.100:5061;transport=tls 0 3
>>>>>>>>>> socket=tls:10.0.0.100:5061;ping_from=sip:10.0.0.14
>>>>>>>>>>
>>>>>>>>>> Even with this, when HTTP request in, the same is upgraded to WS
>>>>>>>>>> connection. But this gets closed after couple of seconds. Does the below
>>>>>>>>>> log indicate anything?
>>>>>>>>>>
>>>>>>>>>> 9(1784) exec: *** cfgtrace:request_route=[xhttp:request]
>>>>>>>>>> c=[/etc/kamailio/kamailio.cfg] l=1112 a=2 n=exit
>>>>>>>>>> 9(1784) DEBUG: <core> [core/usr_avp.c:636]: destroy_avp_list():
>>>>>>>>>> destroying list (nil)
>>>>>>>>>>
>>>>>>>>>> Is there any way to understand what's happening? I do not see any
>>>>>>>>>> other error lin logs.
>>>>>>>>>>
>>>>>>>>>> Thanks.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Nov 7, 2019 at 2:34 PM Daniel-Constantin Mierla <
>>>>>>>>>> miconda at gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello,
>>>>>>>>>>> On 06.11.19 20:46, Karsten Horsmann wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> the sips Uri schemata is not used for tls with dispatcher.
>>>>>>>>>>>
>>>>>>>>>>> jumping in to clarify a bit about sips protocol schema. It
>>>>>>>>>>> doesn't imply TLS as one may think HTTPS does it for HTTP. The sips is
>>>>>>>>>>> mandating that the traffic goes over secure links, which can be IPSec/VPN
>>>>>>>>>>> or even just private network, so it is ok using UDP or TCP when sips is
>>>>>>>>>>> present.
>>>>>>>>>>>
>>>>>>>>>>> In SIP, if TLS is wanted, then transport=tls has to be added to
>>>>>>>>>>> the URI.
>>>>>>>>>>>
>>>>>>>>>>> As for dispatcher, one more clarification: trasport=tls in attrs
>>>>>>>>>>> has nothing to do with the destination address, so that has to be in the
>>>>>>>>>>> value of the destination field, as Karsten gave in his example.
>>>>>>>>>>>
>>>>>>>>>>> And, as general note: better do not use sips at all, it can mess
>>>>>>>>>>> up some nodes in the path, if you are not sure about the need of sips --
>>>>>>>>>>> just do uri;trasport=tls.
>>>>>>>>>>>
>>>>>>>>>>> Cheers,
>>>>>>>>>>> Daniel
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Here an example for flatfile dispatcher.list (need corrected
>>>>>>>>>>> values).
>>>>>>>>>>>
>>>>>>>>>>> The socket line must match an listen directive in your
>>>>>>>>>>> Kamailio.cfg.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> root at sbc1:~# cat /etc/kamailio/dispatcher.list
>>>>>>>>>>> # setid(integer) destination(sip uri) flags (integer, optional),
>>>>>>>>>>> priority(int,opt), attrs (str,optional)
>>>>>>>>>>> 1007 sip:sip.pstnhub.microsoft.com;transport=tls 0 3
>>>>>>>>>>> socket=tls:212.xx.xx.xx:5061;ping_from=sip:sbc-d01.yourdomain
>>>>>>>>>>>
>>>>>>>>>>> Cheers
>>>>>>>>>>> Karsten
>>>>>>>>>>>
>>>>>>>>>>> sthustfo <sthustfo at gmail.com> schrieb am Mi., 6. Nov. 2019,
>>>>>>>>>>> 20:32:
>>>>>>>>>>>
>>>>>>>>>>>> I have a basic setup where kamailio receives SIP over websocket
>>>>>>>>>>>> (no WSS) and forwards to SIP server over TLS. I have enabled TLS in
>>>>>>>>>>>> kamailio.cfg and added dispatcher node as sips:SIP_SERVER:5061 and
>>>>>>>>>>>> transport=tls.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+
>>>>>>>>>>>> | id | setid | destination | flags | priority |
>>>>>>>>>>>> attrs | description |
>>>>>>>>>>>>
>>>>>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+
>>>>>>>>>>>> | 4 | 1 | sips:10.0.0.100:5061 | 0 | 0 |
>>>>>>>>>>>> transport=tls | SIP SERVER |
>>>>>>>>>>>>
>>>>>>>>>>>> +----+-------+------------------------+-------+----------+---------------+----------------+
>>>>>>>>>>>>
>>>>>>>>>>>> Now when REGISTER is received over websocket, kamailio is
>>>>>>>>>>>> responding with error code 500 and phrase "500 I'm terribly sorry, server
>>>>>>>>>>>> error occurred (7/SL)". And on the console I see the following error
>>>>>>>>>>>> messages.
>>>>>>>>>>>>
>>>>>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv}
>>>>>>>>>>>> <core> [core/md5utils.c:67]: MD5StringArray(): MD5 calculated:
>>>>>>>>>>>> f1ecf7bcb659b07fe81e332e100044e5
>>>>>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>>>>>>>> [ut.h:315]: uri2dst2(): no corresponding socket found for "10.0.0.100" af 2
>>>>>>>>>>>> (tls:10.0.0.100:5061)
>>>>>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>>>>>>>> [t_fwd.c:467]: prepare_new_uac(): can't fwd to af 2, proto 3 (no
>>>>>>>>>>>> corresponding listening socket)
>>>>>>>>>>>> 12(33858) ERROR: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>>>>>>>> [t_fwd.c:1735]: t_forward_nonack(): failure to add branches
>>>>>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>>>>>>>> [t_funcs.c:334]: t_relay_to(): t_forward_nonack returned error -7 (-7)
>>>>>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} tm
>>>>>>>>>>>> [t_funcs.c:352]: t_relay_to(): -7 error reply generation delayed
>>>>>>>>>>>> 12(33858) exec: {1 2521 REGISTER o9q7ujqgin33qgp00abijv} ***
>>>>>>>>>>>> cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=587 a=24
>>>>>>>>>>>> n=sl_reply_error
>>>>>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv}
>>>>>>>>>>>> <core> [core/msg_translator.c:162]: check_via_address(): (10.0.0.14,
>>>>>>>>>>>> hsvmphm3ps12.invalid, 0)
>>>>>>>>>>>> 12(33858) DEBUG: {1 2521 REGISTER o9q7ujqgin33qgp00abijv}
>>>>>>>>>>>> websocket [ws_conn.c:452]: wsconn_get(): wsconn_get for id [3]
>>>>>>>>>>>>
>>>>>>>>>>>> *tls.cfg contents*
>>>>>>>>>>>> [client:default]
>>>>>>>>>>>> method = TLSv1
>>>>>>>>>>>> verify_certificate = yes
>>>>>>>>>>>> require_certificate = yes
>>>>>>>>>>>> private_key = /home/test/kamailio/internal.key
>>>>>>>>>>>> certificate = /home/test/kamailio/internal.crt
>>>>>>>>>>>> ca_list = /home/test/kamailio/ca_list.pem
>>>>>>>>>>>>
>>>>>>>>>>>> Any reason why this error is seen? Any inputs appreciated.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks.
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Kamailio (SER) - Users Mailing List
>>>>>>>>>>>> sr-users at lists.kamailio.org
>>>>>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Kamailio (SER) - Users Mailing Listsr-users at lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>>>>>>>>>>> Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Kamailio (SER) - Users Mailing List
>>>>>>>>>>> sr-users at lists.kamailio.org
>>>>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Kamailio (SER) - Users Mailing List
>>>>>>>>>> sr-users at lists.kamailio.org
>>>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Kamailio (SER) - Users Mailing List
>>>>>>>>> sr-users at lists.kamailio.org
>>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Kamailio (SER) - Users Mailing List
>>>>>>>> sr-users at lists.kamailio.org
>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>>
>>>>>>> David Villasmil
>>>>>>> email: david.villasmil.work at gmail.com
>>>>>>> phone: +34669448337
>>>>>>> _______________________________________________
>>>>>>> Kamailio (SER) - Users Mailing List
>>>>>>> sr-users at lists.kamailio.org
>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>
>>>>>> _______________________________________________
>>>>>> Kamailio (SER) - Users Mailing List
>>>>>> sr-users at lists.kamailio.org
>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing List
>>>>> sr-users at lists.kamailio.org
>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users at lists.kamailio.org
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> --
>>> Regards,
>>>
>>> David Villasmil
>>> email: david.villasmil.work at gmail.com
>>> phone: +34669448337
>>>
>> --
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.work at gmail.com
>> phone: +34669448337
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
--
Regards,
David Villasmil
email: david.villasmil.work at gmail.com
phone: +34669448337
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191110/49769ac7/attachment.html>
More information about the sr-users
mailing list