[SR-Users] ims ipsec connectivity
Carsten Bock
carsten at ng-voice.com
Mon Nov 14 16:40:53 CET 2022
Hi,
be aware, that IPSec for VoLTE does not work for NAT.
Thanks,
Carsten
--
Carsten Bock I CTO & Founder
ng-voice GmbH
Trostbrücke 1 I 20457 Hamburg I Germany
T +49 179 2021244 I www.ng-voice.com
Registry Office at Local Court Hamburg, HRB 120189
Managing Directors: Dr. David Bachmann, Carsten Bock
Am Mo., 14. Nov. 2022 um 16:09 Uhr schrieb Oleg Belousov <
obelousov at gmail.com>:
> Hi, Hossein.
> Increased privileges for proxy container, now can see records in both SPD
> and SAD, but still ipsec is not established. Possible because UE is behind
> NAY - will check that either. Thanks for your advice.
> # ip xfrm state count
> SAD count 28
> # ip xfrm policy count
> SPD IN 16 OUT 16 FWD 0
>
> Hi, Giovanni.
> Thank you. Yes, I saw that fork and am going to try it as well. Not quite
> clear why those patches not included onto the main release.
> --
> obelousov.tel
>
>
> On Mon, Nov 14, 2022 at 11:07 AM Giovanni Maruzzelli <gmaruzz at gmail.com>
> wrote:
>
>> Hello,
>>
>> you may also want to check Supreeth ipsec patches :
>>
>> https://github.com/herlesupreeth/kamailio
>>
>> -giovanni
>>
>> On Fri, Nov 11, 2022 at 1:44 PM Oleg Belousov <obelousov at gmail.com>
>> wrote:
>>
>>> Hi, Hossein.
>>> No, there are not. The output of these two commands is just empty.
>>> Should enable it?
>>> --
>>> obelousov.tel
>>>
>>>
>>> On Thu, Nov 10, 2022 at 9:08 PM H Yavari <hyavari at rocketmail.com> wrote:
>>>
>>>> Hi Oleg,
>>>>
>>>> Can you check the ipsec SA in the OS and see that SA and policies are
>>>> there or not:
>>>> >> ip x s l
>>>> >> ip x p l
>>>>
>>>> BR,
>>>> Hossein
>>>>
>>>> On Thursday, November 10, 2022 at 03:12:34 AM PST, Oleg Belousov <
>>>> obelousov at gmail.com> wrote:
>>>>
>>>>
>>>> Hi.
>>>> Working on ims integration with the actual handset, have got a
>>>> problem with ipsec establishment to complete registration.
>>>>
>>>> Initial steps are fine, including diameter exchange and 401 (with
>>>> security server details) toward UE. On the next step UE and kamailio should
>>>> establish ipsec connection, and UE to submit the next register with a
>>>> response. As per trace UE is trying to establish the same (can see initial
>>>> TCP SYN encapsulated onto ESP), using port-s, provided in Security-Server,
>>>> but get an ICMP packet from server with destination/protocol unreachable.
>>>> No more info either in P-SCSF log, no in kern.log. Proxy is listening to
>>>> that port, it is tcp and available over telnet, so should not be a
>>>> connectivity issue.
>>>> Please let know if any ideas how to troubleshoot that further,
>>>> --
>>>> obelousov.tel
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>> sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>> sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>> sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>
>>
>> --
>> Sincerely,
>>
>> Giovanni Maruzzelli
>> OpenTelecom.IT
>> cell: +39 347 266 56 18
>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20221114/a24a701d/attachment.htm>
More information about the sr-users
mailing list