[SR-Users] Integration with multiple MS Teams instances

Daniel-Constantin Mierla miconda at gmail.com
Mon Aug 2 12:44:38 CEST 2021


Hello,

upgrading is the recommended way, indeed, if you want to use
tls_set_connect_server_id(). For older version you may want to try
looping back to kamailio (can be over udp) and the use the xavps. Adds
some overhead and hops, but if you are stuck to a version and can't
really upgrade soon, might be an option to look at.

Cheers,
Daniel

On 29.07.21 18:48, Володимир Іванець wrote:
> Hello Rob!
>
> Yes, I'm using Letsencrypt while I'm testing. But I would like to be
> able to use different certificates with different sockets.
>
> I found this
> discussion https://github.com/kamailio/kamailio/issues/2413
> <https://github.com/kamailio/kamailio/issues/2413>. Looks like I need
> to use "tls_set_connect_server_id()" instead of setting
> $xavp(tls=>server_name)" and "$xavp(tls[0]=>server_id)". Unfortunately
> I'm currently using Kamailio v5.4 on my test system and this function
> is not available. I will update Kamailio and give it another try. Then
> I will update everyone in the hope it will be useful for someone :)
>
> Thank you!
>
> Regards, Volodymyr Ivanets
>
> чт, 29 лип. 2021 о 19:07 Rob van den Bulk <rob.van.den.bulk at gmail.com
> <mailto:rob.van.den.bulk at gmail.com>> пише:
>
>     Hello, are u using letsencrypt?
>
>     U can use a multi domain.
>
>     Muti domain names in one certificate 
>
>     Outlook voor Android <https://aka.ms/AAb9ysg> downloaden
>     ------------------------------------------------------------------------
>     *From:* sr-users <sr-users-bounces at lists.kamailio.org
>     <mailto:sr-users-bounces at lists.kamailio.org>> on behalf of
>     Володимир Іванець <volodyaivanets at gmail.com
>     <mailto:volodyaivanets at gmail.com>>
>     *Sent:* Thursday, July 29, 2021 4:44:16 PM
>     *To:* Kamailio (SER) - Users Mailing List
>     <sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>>
>     *Subject:* [SR-Users] Integration with multiple MS Teams instances
>      
>     Hello all!
>
>     I was able to connect Kamailio with MS Teams and now trying to add
>     one more Teams instance. It looks like I have some
>     misconfiguration or there is a bug.
>
>     My test server has 2 domain records pointing at it
>     (kamailio.domain1.com <http://kamailio.domain1.com> and
>     kamailio.domain2.com <http://kamailio.domain2.com>). My tls.cfg
>     configuration file looks like this. As you can see the Default
>     section is configured with a kamailio.domain1.com
>     <http://kamailio.domain1.com> sertificate:
>
>         /[server:default]/
>         /method = TLSv1.0+/
>         /require_certificate = no/
>         /verify_certificate = no/
>         /private_key =
>         /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
>         <http://kamailio.domain1.com/server/key.pem>/
>         /certificate =
>         /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
>         <http://kamailio.domain1.com/server/cert.pem>/
>         /ca_list =
>         /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
>         <http://kamailio.domain1.com/CA/cert.pem>/
>
>     /
>     /
>
>         /[client:default]/
>         /method = TLSv1.0+/
>         /require_certificate = no/
>         /verify_certificate = no/
>         /private_key =
>         /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
>         <http://kamailio.domain1.com/server/key.pem>/
>         /certificate =
>         /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
>         <http://kamailio.domain1.com/server/cert.pem>/
>         /ca_list =
>         /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
>         <http://kamailio.domain1.com/CA/cert.pem>/
>
>     /
>     /
>     /
>     /
>
>         /[server:172.16.30.206:5062 <http://172.16.30.206:5062>]/
>         /method = TLSv1.0+/
>         /require_certificate = no/
>         /verify_certificate = no/
>         /private_key =
>         /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
>         <http://kamailio.domain1.com/server/key.pem>/
>         /certificate =
>         /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
>         <http://kamailio.domain1.com/server/cert.pem>/
>         /ca_list =
>         /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
>         <http://kamailio.domain1.com/CA/cert.pem>/
>         /server_name = "kamailio.domain1.com
>         <http://kamailio.domain1.com>"/
>         /server_id = "//"kamailio.domain1.com
>         <http://kamailio.domain1.com>"//
>         /
>
>     /
>     /
>
>         /[client:172.16.30.206:5062 <http://172.16.30.206:5062>]/
>         /method = TLSv1.0+/
>         /require_certificate = no/
>         /verify_certificate = no/
>         /private_key =
>         /var/kamailio/certificates/kamailio.domain1.com/server/key.pem
>         <http://kamailio.domain1.com/server/key.pem>/
>         /certificate =
>         /var/kamailio/certificates/kamailio.domain1.com/server/cert.pem
>         <http://kamailio.domain1.com/server/cert.pem>/
>         /ca_list =
>         /var/kamailio/certificates/kamailio.domain1.com/CA/cert.pem
>         <http://kamailio.domain1.com/CA/cert.pem>/
>
>     /
>
>     /
>
>         /[server:172.16.30.206:5063 <http://172.16.30.206:5063>]/
>         /method = TLSv1.0+/
>         /require_certificate = no/
>         /verify_certificate = no/
>         /private_key =
>         /var/kamailio/certificates/kamailio.domain2.com/server/key.pem
>         <http://kamailio.domain2.com/server/key.pem>/
>         /certificate =
>         /var/kamailio/certificates/kamailio.domain2.com/server/cert.pem
>         <http://kamailio.domain2.com/server/cert.pem>/
>         /ca_list =
>         /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem
>         <http://kamailio.domain2.com/CA/cert.pem>/
>         /server_name = "kamailio.domain2.com
>         <http://kamailio.domain2.com>"/
>
>         /server_id = "//"kamailio.domain2.com
>         <http://kamailio.domain2.com>"/
>
>     /
>     /
>
>         /[client:172.16.30.206:5063 <http://172.16.30.206:5063>]/
>         /method = TLSv1.0+/
>         /require_certificate = no/
>         /verify_certificate = no/
>         /private_key =
>         /var/kamailio/certificates/kamailio.domain2.com/server/key.pem
>         <http://kamailio.domain2.com/server/key.pem>/
>         /certificate =
>         /var/kamailio/certificates/kamailio.domain2.com/server/cert.pem
>         <http://kamailio.domain2.com/server/cert.pem>/
>         /ca_list =
>         /var/kamailio/certificates/kamailio.domain2.com/CA/cert.pem
>         <http://kamailio.domain2.com/CA/cert.pem>/
>
>
>     The dispatcher configuration table looks like this:
>
>         +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+
>         | id | setid | destination                                  |
>         flags | priority | attrs                                     
>                                 | description |
>         +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+
>         |  1 |     1 | sip:sip.pstnhub.microsoft.com
>         <http://sip.pstnhub.microsoft.com>;transport=tls  |     0 |  
>              3 |
>         socket=tls:172.16.30.206:5062;ping_from=sip:kamailio.domain1.com
>         <http://kamailio.domain1.com>   | MS Teams 1  |
>         |  2 |     2 | sip:sip.pstnhub.microsoft.com
>         <http://sip.pstnhub.microsoft.com>;transport=tls  |     0 |  
>              3 |
>         socket=tls:172.16.30.206:5063;ping_from=sip:kamailio.domain2.com
>         <http://kamailio.domain2.com>   | MS Teams 2  |
>         +----+-------+----------------------------------------------+-------+----------+--------------------------------------------------------------------+-------------+
>
>
>
>     When Kamailio is started only connection with the first trunk is
>     established:
>
>         /# kamcmd tls.list/
>         /{/
>         /        id: 1/
>         /        timeout: 0/
>         /        src_ip: 52.114.75.24/
>         /        src_port: 5061/
>         /        dst_ip: 172.16.30.206/
>         /        dst_port: 0/
>         /        cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH  
>           Au=RSA  Enc=AESGCM(256) Mac=AEAD/
>         /        ct_wq_size: 0/
>         /        enc_rd_buf: 0/
>         /        flags: 2/
>         /        state: established/
>         /}/
>         /{/
>         /        id: 2/
>         /        timeout: 0/
>         /        src_ip: 52.114.75.24/
>         /        src_port: 7810/
>         /        dst_ip: 172.16.30.206/
>         /        dst_port: 5062/
>         /        cipher: AES256-GCM-SHA384       TLSv1.2 Kx=RSA    
>          Au=RSA  Enc=AESGCM(256) Mac=AEAD/
>         /        ct_wq_size: 0/
>         /        enc_rd_buf: 0/
>         /        flags: 2/
>         /        state: established/
>         /}/
>         /{/
>         /        id: 3/
>         /        timeout: 596/
>         /        src_ip: 52.114.75.24/
>         /        src_port: 7811/
>         /        dst_ip: 172.16.30.206/
>         /        dst_port: 5062/
>         /        cipher: AES256-GCM-SHA384       TLSv1.2 Kx=RSA    
>          Au=RSA  Enc=AESGCM(256) Mac=AEAD/
>         /        ct_wq_size: 0/
>         /        enc_rd_buf: 0/
>         /        flags: 2/
>         /        state: established/
>         /}/
>
>
>     Here is what I can see in Kamailio log file when it sends an
>     OPTIONS request to the second trunk. Kamailio uses Default tls
>     configuration and MS Teams don't accept it:
>
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: ALERT:
>         <script>: == TRACE. tm:local-request. fs is
>         tls:172.16.30.206:5063 <http://172.16.30.206:5063>/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tm
>         [uac.c:352]: t_run_local_req(): apply new updates without Via
>         to sip msg/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/msg_translator.c:1796]: check_boundaries(): no
>         multi-part body/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:610]: parse_msg(): SIP Request:/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:612]: parse_msg():  method:
>          <OPTIONS>/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:614]: parse_msg():  uri:    
>         <sip:sip.pstnhub.microsoft.com
>         <http://sip.pstnhub.microsoft.com>;transport=tls>/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:616]: parse_msg():  version:
>         <SIP/2.0>/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/parse_via.c:1303]: parse_via_param():
>         Found param type 232, <branch> =
>         <z9hG4bK169b.6411b4c3000000000000000000000000.0>; state=16/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/parse_via.c:2639]: parse_via(): end of
>         header reached, state=5/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:498]: parse_headers(): Via
>         found, flags=2/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:500]: parse_headers(): this
>         is the first via/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/parse_addr_spec.c:864]: parse_addr_spec():
>         end of header reached, state=10/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:171]: get_hdr_field(): <To>
>         [47]; uri=[sip:sip.pstnhub.microsoft.com
>         <http://sip.pstnhub.microsoft.com>;transport=tls]/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:174]: get_hdr_field(): to
>         body (47)[<sip:sip.pstnhub.microsoft.com
>         <http://sip.pstnhub.microsoft.com>;transport=tls>^M/
>         /], to tag (0)[]/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:152]: get_hdr_field(): cseq
>         <CSeq>: <10> <OPTIONS>/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:185]: get_hdr_field():
>         content_length=0/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:89]: get_hdr_field(): found
>         end of header/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:610]: parse_msg(): SIP Request:/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:612]: parse_msg():  method:
>          <OPTIONS>/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:614]: parse_msg():  uri:    
>         <sip:sip.pstnhub.microsoft.com
>         <http://sip.pstnhub.microsoft.com>;transport=tls>/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:616]: parse_msg():  version:
>         <SIP/2.0>/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/parse_via.c:1303]: parse_via_param():
>         Found param type 232, <branch> =
>         <z9hG4bK169b.6411b4c3000000000000000000000000.0>; state=16/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/parse_via.c:2639]: parse_via(): end of
>         header reached, state=5/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:498]: parse_headers(): Via
>         found, flags=2/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:500]: parse_headers(): this
>         is the first via/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/parse_addr_spec.c:864]: parse_addr_spec():
>         end of header reached, state=10/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:171]: get_hdr_field(): <To>
>         [47]; uri=[sip:sip.pstnhub.microsoft.com
>         <http://sip.pstnhub.microsoft.com>;transport=tls]/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:174]: get_hdr_field(): to
>         body (47)[<sip:sip.pstnhub.microsoft.com
>         <http://sip.pstnhub.microsoft.com>;transport=tls>^M/
>         /], to tag (0)[]/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/parser/msg_parser.c:152]: get_hdr_field(): cseq
>         <CSeq>: <10> <OPTIONS>/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG: tm
>         [uac.c:189]: uac_refresh_hdr_shortcuts(): cseq: [CSeq: 10]/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/tcp_main.c:1993]: tcp_send(): no open tcp
>         connection found, opening new one/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp
>         connection: 52.114.75.24/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/tcp_main.c:1175]: tcpconn_new(): on port 5061,
>         type 3, socket -1/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         <core> [core/tcp_main.c:1498]: tcpconn_add(): hashes:
>         2831:67:0, 1/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         tls [tls_server.c:199]: tls_complete_init(): completing tls
>         connection initialization/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         tls [tls_server.c:162]: tls_get_connect_server_name(): *xavp
>         with outbound server name not found*/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         tls [tls_server.c:142]: tls_get_connect_server_id(): *xavp
>         with outbound server id not found*/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         tls [tls_server.c:228]: tls_complete_init(): *Using initial
>         TLS domain TLSc<default>* (dom 0x7f35509da688 ctx
>         0x7f3550b7a568 sn [])/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         tls [tls_domain.c:1177]: tls_lookup_private_key(): Private key
>         lookup for SSL_CTX-0x7f3550b7a568: (nil)/
>         /Jul 29 16:46:14 kamailio /usr/sbin/kamailio[11809]: DEBUG:
>         tls [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL
>         handshake started/
>         /.../
>
>
>     If I change the Default configuration to use kamailio.domain2.com
>     <http://kamailio.domain2.com> certificate, the second trunk will
>     connect but the first one will fail.
>     I tried to set "$xavp(tls=>server_name)" and
>     "$xavp(tls[0]=>server_id)" variables to
>     the event_route[tm:local-request] section but log still stated
>     that server Name and ID were not found.
>
>     Can someone please point me in the right direction, how can I make
>     Kamailio use the correct certificates when establishing multiple
>     TLS connections?
>
>     Thanks a lot!
>
>     Regards, Volodymyr Ivanets
>     __________________________________________________________
>     Kamailio - Users Mailing List - Non Commercial Discussions
>       * sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>     Important: keep the mailing list in the recipients, do not reply
>     only to the sender!
>     Edit mailing list options or unsubscribe:
>       * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>     <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210802/545153ae/attachment.htm>


More information about the sr-users mailing list