[SR-Users] Kamailio like SBC with Teams

Sergiu Pojoga pojogas at gmail.com
Fri Apr 17 16:39:15 CEST 2020 

Suggest reading Fred's article about configuring Kamailio with Letsencrypt

https://www.fredposner.com/1836/kamailio-tls-and-letsencrypt/

On Fri, Apr 17, 2020 at 3:00 AM sip user <sipuser404 at gmail.com> wrote:

> Hi Sergiu..
>
> I've made many test and many change...
>
> In tls.cfg I have this:
>
> [server:default]
> method = TLSv1.2
> verify_certificate = yes
> require_certificate = yes
> private_key = /etc/letsencrypt/ssl/cert.key
> certificate = /etc/letsencrypt/ssl/cert.crt
> ca_list = /etc/letsencrypt/ssl/ca.crt
>
> [client:default]
> method = TLSv1.2
> verify_certificate = yes
> require_certificate = yes
> private_key = /etc/letsencrypt/ssl/cert.key
> certificate = /etc/letsencrypt/ssl/cert.crt
> ca_list = /etc/letsencrypt/ssl/ca.crt
>
> But when I make Kamcmd tls.list I have not response.. Not show me anything.
>
> Problem with certificated??
>
> Thanks
>
> El jue., 16 abr. 2020 a las 20:31, Sergiu Pojoga (<pojogas at gmail.com>)
> escribió:
>
>> Hi SIP User/anonymous/one-time-visitor/,
>>
>> Your TLS config isn't correct. The article clearly says
>> verify/require_certificate must be set to 'yes'
>>
>> *kamcmd tls.list*
>> Does it show any 'established' connections with MS proxy?
>>
>> Good luck,
>>
>> --Sergiu
>>
>> On Thu, Apr 16, 2020 at 11:41 AM Ovidiu Sas <osas at voipembedded.com>
>> wrote:
>>
>>> The tutorial is pretty clear:
>>> You need to add the Contact header only for OPTIONS pings.
>>> You need to use the proper Record-Route headers based on the direction
>>> of the call.
>>> There's no out of the box solution because each setup is different.
>>>
>>> If you understand how loose routing works in SIP, then you know how to
>>> adjust the config to use record_route_preset(), just as explained in
>>> the tutorial. There is also an example of an INVITE that has the right
>>> Record-Route headers in the tutorial.
>>>
>>> You can choose to use the FQDN for the Record-Route header facing MS
>>> and the IP for the Record-Route header facing the carrier or use the
>>> FQDN for both Record-Route headers (just like in the tutorialexample).
>>> Alternatively, one can try to advertise the FQDN in the listen
>>> directive in the config and then the Record-Route headers should be
>>> populated automatically.
>>>
>>> Regards,
>>> Ovidiu Sas
>>>
>>> On Thu, Apr 16, 2020 at 10:50 AM sip user <sipuser404 at gmail.com> wrote:
>>> >
>>> > Hi Nasida.. Thanks for answerd to me...
>>> >
>>> > I've activarted the debugger module, and I see the same:
>>> >
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2,
>>> 0x7f90f2438f80), fd_no=17
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0)
>>> fd_no=18 called
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for
>>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
>>> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
>>> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c=
>>> 0x7f90f2438f80 n=1468 fd=9
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003
>>> > Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2,
>>> 0x7f90f2438f80), fd_no=1
>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10)
>>> fd_no=2 called
>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state
>>> -1, fd=9, id=30
>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_read.c:1435]: release_tcpconn():  extra_data 0x7f90f2432b40
>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response=
>>> 7f90f2438f80, -1 from 1
>>> > Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
>>> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
>>> >
>>> > I don't see any different.
>>> >
>>> > I know that the module is loaded because I see:
>>> >
>>> > exec: *** cfgtrace:request_route=[DEFAULT_ROUTE]
>>> c=[/etc/kamailio/kamailio.cfg] l=486 a=5 n=route
>>> >
>>> > When I restart kamailio, but when I "launch" a call from Teams to my
>>> Kamailio I only see that.
>>> >
>>> > To configure it, I follow
>>> https://skalatan.de/en/blog/kamailio-sbc-teams.. But I cannot make it
>>> works..
>>> >
>>> > Any more thing that i can test or do??
>>> >
>>> > Thanks
>>> >
>>> > El jue., 16 abr. 2020 a las 14:20, Nasida Yuriy (<nasida at live.ru>)
>>> escribió:
>>> >>
>>> >> Wow, so many people want to configure kamailio with MS. First of all
>>> i think you need to get sip debug  between kamailio and MS. Kamilio has
>>> module to save sip traces. This way you will get sip debug decrypted.
>>> >>
>>> >>
>>> >> ________________________________
>>> >> От: sr-users <sr-users-bounces at lists.kamailio.org> от имени sip user
>>> <sipuser404 at gmail.com>
>>> >> Отправлено: 16 апреля 2020 г. 10:19
>>> >> Кому: sr-users at lists.kamailio.org <sr-users at lists.kamailio.org>
>>> >> Тема: [SR-Users] Kamailio like SBC with Teams
>>> >>
>>> >> Hello good morning ... I am new to this list and I was starting to
>>> mess with Kamailio, mainly to set it up as SBC against Teams, in this case.
>>> >>
>>> >> But I can't get it to work for me. If I launch a call from the Teams,
>>> in the Kamailio I see:
>>> >>
>>> >> 1.- In syslog:
>>> >>
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 52.114.7.24
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [tcp_main.c:1073]: tcpconn_new(): tcpconn_new: on port 4160, type 3
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [tcp_main.c:1382]: tcpconn_add(): tcpconn_add: hashes: 171:1857:1187, 30
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0xa1f240, 23, 2,
>>> 0x7f90f2438f80), fd_no=17
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0xa1f240, 23, -1, 0x0)
>>> fd_no=18 called
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [tcp_main.c:4219]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [tcp_main.c:3902]: send2child(): selected tcp worker 1 10(23159) for
>>> activity on [tls:SBC_IP:5061], 0x7f90f2438f80
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_read.c:1507]: handle_io(): received n=8 con=0x7f90f2438f80, fd=9
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
>>> [tls_server.c:184]: tls_complete_init(): Using TLS domain TLSs<default>
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: tls
>>> [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_main.c:2516]: tcpconn_do_send(): tcp_send: sending...
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_main.c:2550]: tcpconn_do_send(): tcp_send: after real write: c=
>>> 0x7f90f2438f80 n=1468 fd=9
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_main.c:2551]: tcpconn_do_send(): tcp_send: buf=
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: #026#003#003
>>> >> Apr 15 11:11:41 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [io_wait.h:388]: io_watch_add(): DBG: io_watch_add(0x9c1700, 9, 2,
>>> 0x7f90f2438f80), fd_no=1
>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f90f2438f80, FD 9
>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_read.c:1291]: tcp_read_req(): tcp_read_req: EOF
>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [io_wait.h:610]: io_watch_del(): DBG: io_watch_del (0x9c1700, 9, -1, 0x10)
>>> fd_no=2 called
>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_read.c:1434]: release_tcpconn(): releasing con 0x7f90f2438f80, state
>>> -1, fd=9, id=30
>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 10(23159) DEBUG: <core>
>>> [tcp_read.c:1435]: release_tcpconn():  extra_data 0x7f90f2432b40
>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: <core>
>>> [tcp_main.c:3331]: handle_tcp_child(): handle_tcp_child: reader response=
>>> 7f90f2438f80, -1 from 1
>>> >> Apr 15 11:11:42 vps793907 kamailio[23122]: 13(23167) DEBUG: tls
>>> [tls_server.c:604]: tls_h_close(): Closing SSL connection 0x7f90f2432b40
>>> >>
>>> >> 2.- With TCPDUMP:
>>> >>
>>> >> 11:13:09.311797 IP SBC_IP .1024 > SBC_IP .eu.sip-tls: Flags [S], seq
>>> 261244614, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK],
>>> length 0
>>> >> 11:13:09.311898 IP  SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
>>> [S.], seq 812357247, ack 261244615, win 29200, options [mss
>>> 1460,nop,nop,sackOK,nop,wscale 7], length 0
>>> >> 11:13:09.340358 IP 52.114.76.76.1024 >  SBC_IP .eu.sip-tls: Flags
>>> [.], ack 1, win 2053, length 0
>>> >> 11:13:09.340560 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags
>>> [P.], seq 1:187, ack 1, win 2053, length 186
>>> >> 11:13:09.340578 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags [.],
>>> ack 187, win 237, length 0
>>> >> 11:13:09.341361 IP SBC_IP .eu.sip-tls > 52.114.76.76.1024: Flags
>>> [P.], seq 1:1469, ack 187, win 237, length 1468
>>> >> 11:13:09.369606 IP 52.114.76.76.1024 > SBC_IP .eu.sip-tls: Flags [.],
>>> ack 1469, win 2053, length 0
>>> >> 11:13:12.451498 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [S],
>>> seq 309084204, win 64240, options [mss 1440,nop,wscale 8,nop,nop,sackOK],
>>> length 0
>>> >> 11:13:12.451587 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [S.],
>>> seq 3275066862, ack 309084205, win 29200, options [mss
>>> 1460,nop,nop,sackOK,nop,wscale 7], length 0
>>> >> 11:13:12.707119 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
>>> ack 1, win 2053, length 0
>>> >> 11:13:12.707311 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [P.],
>>> seq 1:187, ack 1, win 2053, length 186
>>> >> 11:13:12.707345 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [.],
>>> ack 187, win 237, length 0
>>> >> 11:13:12.708273 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [P.],
>>> seq 1:1469, ack 187, win 237, length 1468
>>> >> 11:13:12.965101 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
>>> ack 1469, win 2053, length 0
>>> >> 11:13:12.965156 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [F.],
>>> seq 187, ack 1469, win 2053, length 0
>>> >> 11:13:12.965688 IP SBC_IP .eu.sip-tls > 52.114.7.24.1216: Flags [F.],
>>> seq 1469, ack 188, win 237, length 0
>>> >> 11:13:13.220871 IP 52.114.7.24.1216 > SBC_IP .eu.sip-tls: Flags [.],
>>> ack 1470, win 2053, length 0
>>> >>
>>> >> I can't "receive" anything.
>>> >>
>>> >> I have generated the certificates and configured in the tls.cfg of
>>> the Kamailio:
>>> >>
>>> >> [server:default]
>>> >> method = TLSv1.2
>>> >> verify_certificate = no
>>> >> require_certificate = no
>>> >> private_key = /etc/letsencrypt/ssl/cert.key
>>> >> certificate = /etc/letsencrypt/ssl/cert.crt
>>> >> ca_list = /etc/letsencrypt/ssl/ca.crt
>>> >>
>>> >> Within Kamailio itself I have it configured to return a 200 KeepAlive
>>> to Teams when it receives an OPTIONS:
>>> >>
>>> >> event_route[tm:local-request] {
>>> >>
>>> >>         if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") {
>>> >>                append_hf("Contact: <sip: SBC_DNS
>>> :5061;transport=tls>\r\n");
>>> >>         }
>>> >>         xlog("L_INFO", "Sent out tm request: $mb\n");
>>> >> }
>>> >>
>>> >> And I have measured the record_route for this new one:
>>> >>
>>> >> record_route_preset(" SBC_DNS :5061;transport=tls", " SBC_IP :5061");
>>> >>
>>> >> I have created a dispatcher.list:
>>> >>
>>> >> # setid(integer) destination(sip uri) flags (integer, optional),
>>> priority(int,opt), attrs (str,optional)
>>> >> 1:1:sip:sip.pstnhub.microsoft.com;transport=tls 0 3 socket=tls:
>>> SBC_IP :5061;ping_from= sip:SBC_DNS
>>> >> 2:1:sip:sip2.pstnhub.microsoft.com;transport=tls 0 2 socket=tls:
>>> SBC_IP :5061;ping_from=sip: SBC_DNS
>>> >> 3:1:sip:sip3.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
>>> SBC_IP :5061;ping_from=sip: SBC_DNS
>>> >> 4:1:sip:sip-all.pstnhub.microsoft.com;transport=tls 0 1 socket=tls:
>>> SBC_IP :5061;ping_from=sip: SBC_DNS
>>> >>
>>> >> I think that one of the problems is that I do not send the OPTIONS to
>>> the Teams well, since it is on their panel, it indicates that the SBC is
>>> INACTIVE.
>>> >>
>>> >> I don't know if you could help me straighten this out a bit ...
>>> >>
>>> >> Thank you so much for everything..
>>> >>
>>> >> a greeting
>>> >> _______________________________________________
>>> >> Kamailio (SER) - Users Mailing List
>>> >> sr-users at lists.kamailio.org
>>> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>> >
>>> > _______________________________________________
>>> > Kamailio (SER) - Users Mailing List
>>> > sr-users at lists.kamailio.org
>>> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>>
>>> --
>>> VoIP Embedded, Inc.
>>> http://www.voipembedded.com
>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200417/473b2844/attachment.html>

More information about the sr-users mailing list