[SR-Users] ims ipsec connectivity
Oleg Belousov
obelousov at gmail.com
Mon Nov 14 16:08:21 CET 2022
Hi, Hossein.
Increased privileges for proxy container, now can see records in both SPD
and SAD, but still ipsec is not established. Possible because UE is behind
NAY - will check that either. Thanks for your advice.
# ip xfrm state count
SAD count 28
# ip xfrm policy count
SPD IN 16 OUT 16 FWD 0
Hi, Giovanni.
Thank you. Yes, I saw that fork and am going to try it as well. Not quite
clear why those patches not included onto the main release.
--
obelousov.tel
On Mon, Nov 14, 2022 at 11:07 AM Giovanni Maruzzelli <gmaruzz at gmail.com>
wrote:
> Hello,
>
> you may also want to check Supreeth ipsec patches :
>
> https://github.com/herlesupreeth/kamailio
>
> -giovanni
>
> On Fri, Nov 11, 2022 at 1:44 PM Oleg Belousov <obelousov at gmail.com> wrote:
>
>> Hi, Hossein.
>> No, there are not. The output of these two commands is just empty. Should
>> enable it?
>> --
>> obelousov.tel
>>
>>
>> On Thu, Nov 10, 2022 at 9:08 PM H Yavari <hyavari at rocketmail.com> wrote:
>>
>>> Hi Oleg,
>>>
>>> Can you check the ipsec SA in the OS and see that SA and policies are
>>> there or not:
>>> >> ip x s l
>>> >> ip x p l
>>>
>>> BR,
>>> Hossein
>>>
>>> On Thursday, November 10, 2022 at 03:12:34 AM PST, Oleg Belousov <
>>> obelousov at gmail.com> wrote:
>>>
>>>
>>> Hi.
>>> Working on ims integration with the actual handset, have got a
>>> problem with ipsec establishment to complete registration.
>>>
>>> Initial steps are fine, including diameter exchange and 401 (with
>>> security server details) toward UE. On the next step UE and kamailio should
>>> establish ipsec connection, and UE to submit the next register with a
>>> response. As per trace UE is trying to establish the same (can see initial
>>> TCP SYN encapsulated onto ESP), using port-s, provided in Security-Server,
>>> but get an ICMP packet from server with destination/protocol unreachable.
>>> No more info either in P-SCSF log, no in kern.log. Proxy is listening to
>>> that port, it is tcp and available over telnet, so should not be a
>>> connectivity issue.
>>> Please let know if any ideas how to troubleshoot that further,
>>> --
>>> obelousov.tel
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>> sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>> sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
>
> --
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20221114/eb01f8f3/attachment.htm>
More information about the sr-users
mailing list