[SR-Users] Kamailio/RTPengine as a proxy for FreePBX/Asterisk...
Micah Quinn
micah.quinn at sipiq.com
Tue Sep 28 06:55:45 CEST 2021
OK, then some more details and some questions. My network configuration is as follows:
10.0.0.142 10.0.0.200 10.252.1.14 10.252.1.1 192.168.123.5 192.168.123.10
[softphone] <--------> [kamailio/rtpengine] <---------VPN---------> [VPN server] <------------------> [FreePBX}
There is no NAT'ing involved/enabled. I'm running RTPEngine on the same machine as Kamailio.
With my current configuration I can call the PBX directly without issue. (i.e. access my voicemail, IVRs, conference rooms, etc.). However, I can still not make an extension-to-extension call. Asterisk responds to the INVITE with a "401 Unauthorized" message.I have two extensions registered (1093 and 10931):
Endpoint: 1093/1093 Not in use 0 of inf
InAuth: 1093-auth/1093
Aor: 1093 10
Contact: 1093/sip:1093 at 10.252.1.14 a49a850887 Avail 85.409
Endpoint: 10931/10931 Not in use 0 of inf
InAuth: 10931-auth/10931
Aor: 10931 10
Contact: 10931/sip:10931 at 10.252.1.14 3690dfd96d Avail 85.225
Below are two packet captures from the Kamailio machine and the Asterisk machine. If more information is needed, I'll be happy to supply the specifics. Thanks to anyone that's willing to take the time to look this over. (Alternatively, if somebody wants to suggest a kamailio.cfg file for my specific use case, I'd be happy to test that on my setup as well.)
On the Kamailio machine:
---------------------------------------
2021/09/28 04:45:07.358826 192.168.123.10:7330 -> 10.252.1.14:5060
INVITE sip:1093 at 10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>
Contact: <sip:asterisk at 192.168.123.10:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:10931 at 192.168.123.10>
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length: 341
v=0
o=- 585379038 585379038 IN IP4 192.168.123.10
s=Asterisk
c=IN IP4 192.168.123.10
t=0 0
m=audio 18074 RTP/AVP 0 8 3 111 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv
2021/09/28 04:45:07.365188 10.252.1.14:5060 -> 192.168.123.10:7330
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP 192.168.123.10:5060;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e;received=192.168.123.10
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Server: kamailio (5.3.2 (x86_64/linux))
Content-Length: 0
2021/09/28 04:45:07.366400 10.252.1.14:5060 -> 192.168.123.10:5060
INVITE sip:1093 at 10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP 192.168.123.10:5060;received=192.168.123.10;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>
Contact: <sip:asterisk at 192.168.123.10:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:10931 at 192.168.123.10>
Max-Forwards: 69
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length: 349
v=0
o=- 585379038 585379038 IN IP4 10.252.1.14
s=Asterisk
c=IN IP4 10.252.1.14
t=0 0
m=audio 14618 RTP/AVP 0 8 3 111 9 101
a=maxptime:150
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv
a=rtcp:14619
a=ptime:20
2021/09/28 04:45:07.409622 192.168.123.10:5060 -> 10.252.1.14:5060
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.252.1.14;rport=19725;received=192.168.123.5;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP 192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
2021/09/28 04:45:07.412926 10.252.1.14:5060 -> 192.168.123.10:5060
ACK sip:1093 at 10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 69
Content-Length: 0
2021/09/28 04:45:07.413090 10.252.1.14:5060 -> 192.168.123.10:7330
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
2021/09/28 04:45:07.455640 192.168.123.10:7330 -> 10.252.1.14:5060
ACK sip:1093 at 10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
On the FreePBX machine:
---------------------------------------
2021/09/28 04:45:07.342242 192.168.123.10:5060 -> 10.252.1.14:5060
INVITE sip:1093 at 10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>
Contact: <sip:asterisk at 192.168.123.10:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:10931 at 192.168.123.10>
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length: 341
v=0
o=- 585379038 585379038 IN IP4 192.168.123.10
s=Asterisk
c=IN IP4 192.168.123.10
t=0 0
m=audio 18074 RTP/AVP 0 8 3 111 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv
2021/09/28 04:45:07.390644 10.252.1.14:5060 -> 192.168.123.10:5060
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP 192.168.123.10:5060;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e;received=192.168.123.10
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Server: kamailio (5.3.2 (x86_64/linux))
Content-Length: 0
2021/09/28 04:45:07.392235 192.168.123.5:19725 -> 192.168.123.10:5060
INVITE sip:1093 at 10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP 192.168.123.10:5060;received=192.168.123.10;rport=7330;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>
Contact: <sip:asterisk at 192.168.123.10:5060>
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "10931" <sip:10931 at 192.168.123.10>
Max-Forwards: 69
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Type: application/sdp
Content-Length: 349
v=0
o=- 585379038 585379038 IN IP4 10.252.1.14
s=Asterisk
c=IN IP4 10.252.1.14
t=0 0
m=audio 14618 RTP/AVP 0 8 3 111 9 101
a=maxptime:150
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv
a=rtcp:14619
a=ptime:20
2021/09/28 04:45:07.393454 192.168.123.10:5060 -> 192.168.123.5:19725
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.252.1.14;rport=19725;received=192.168.123.5;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Via: SIP/2.0/UDP 192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
2021/09/28 04:45:07.438326 192.168.123.5:19725 -> 192.168.123.10:5060
ACK sip:1093 at 10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 10.252.1.14;branch=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 69
Content-Length: 0
2021/09/28 04:45:07.438558 10.252.1.14:5060 -> 192.168.123.10:5060
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.123.10:5060;rport=7330;received=192.168.123.10;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
CSeq: 13326 INVITE
WWW-Authenticate: Digest realm="asterisk",nonce="1632804307/c98b5b90e7cdc94fd7ab1974b7d3c44b",opaque="6e3e077334bf1910",algorithm=md5,qop="auth"
Server: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
2021/09/28 04:45:07.439339 192.168.123.10:5060 -> 10.252.1.14:5060
ACK sip:1093 at 10.252.1.14 SIP/2.0
Via: SIP/2.0/UDP 192.168.123.10:5060;rport;branch=z9hG4bKPj68d21815-beeb-4631-b8ba-e2b979331e0e
From: "10931" <sip:10931 at 192.168.123.10>;tag=a3c6bf40-aa29-4b58-963d-36952a617a54
To: <sip:1093 at 10.252.1.14>;tag=z9hG4bKe019.4be37ea094ac7d8f4c0a037c7887e071.0
Call-ID: 4ec009f0-34c5-4356-bef9-a52b862c7a93
CSeq: 13326 ACK
Max-Forwards: 70
User-Agent: FPBX-16.0.10.27(17.9.4)
Content-Length: 0
________________________________
From: Henning Westerholt <hw at skalatan.de>
Sent: Saturday, September 11, 2021 3:16 PM
To: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
Cc: Micah Quinn <micah.quinn at sipiq.com>
Subject: RE: Kamailio/RTPengine as a proxy for FreePBX/Asterisk...
Hello Micah,
using Kamailio as front-end/balancer for one or more asterisk instance(s) is a classic use case for Kamailio.
Have a look to the Asterisk log why you get some authentication request, probably you need to “tell” Asterisk to trust the Kamailio (IPs).
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>
From: sr-users <sr-users-bounces at lists.kamailio.org> On Behalf Of Micah Quinn
Sent: Friday, September 10, 2021 1:05 AM
To: sr-users at lists.kamailio.org
Subject: [SR-Users] Kamailio/RTPengine as a proxy for FreePBX/Asterisk...
Hello all,
I'm new to Kamailio, so bear with me as I stumble through this. First, I'll describe what I'm trying to achieve at a high level and then perhaps somebody can advise me on whether Kamailio is a good fit for this solution or not. I'd like to be able to deploy a small appliance type server to our customer's sites that just runs Kamailio and a VPN connection back to our datacenter. At our datacenter, we run virtualized instances of Asterisk for each of our customers. The idea is that Kamailio would act as a transparent proxy through to the Asterisk instance under nominal conditions and as a basic SIP router in the case that the Asterisk instance is unavailable. This degraded functionality would then at least allow extension to extension calling even if the Internet or Asterisk instance is down.
I'm currently using dispatcher with a single entry in preparation for a time when we might want to failover to another Asterisk instance. I'm forwarding all REGISTER and INVITE messages to the server chosen from ds_select_dst. Initially this all seems to work as I can register with a softphone and pjsip show endpoints shows my softphone connected. However, when I attempt to call any extension (my own or another) Asterisk responds to the INVITE message with a "401 Unauthorized" message and the typical "The person at extension XXXX is unavailable...".
I know that more details might be necessary to troubleshoot this, but I didn't want to include everything in one post and risk cluttering it up with unnecessary information. If anyone can confirm that this is a reasonable way to approach the problem, I can then provide whatever relevant data is necessary to get deeper into it. (I've used sngrep, logging, asterisk cli, etc.)
Thanks in advance for any help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210928/6f1d3e18/attachment.htm>
More information about the sr-users
mailing list